From 184e8c1f203f2ae0fb6ccf0bd761cda0d0023635 Mon Sep 17 00:00:00 2001 From: Kai Engert Date: Thu, 9 Dec 2010 12:04:11 +0100 Subject: [PATCH] Bug 599324, land NSPR_4_8_7_BETA1 and NSS_3_12_9_BETA2, a=blocking-2.0-beta8+ --- nsprpub/TAG-INFO | 2 +- nsprpub/config/prdepend.h | 1 - nsprpub/pr/include/pratom.h | 16 +- nsprpub/pr/src/io/prlog.c | 3 +- nsprpub/pr/src/md/windows/ntgc.c | 2 +- nsprpub/pr/src/pthreads/ptthread.c | 20 + security/coreconf/coreconf.dep | 2 + security/nss/TAG-INFO | 2 +- security/nss/cmd/bltest/blapitest.c | 228 +- security/nss/cmd/certutil/certutil.c | 73 +- security/nss/cmd/lib/SECerrs.h | 6 + security/nss/cmd/rsapoptst/Makefile | 86 + security/nss/cmd/rsapoptst/manifest.mn | 54 + security/nss/cmd/rsapoptst/rsapoptst.c | 550 +++++ security/nss/cmd/vfychain/vfychain.c | 3 +- security/nss/lib/certdb/cert.h | 12 +- security/nss/lib/certdb/stanpcertdb.c | 63 +- security/nss/lib/certhigh/ocsp.h | 10 +- security/nss/lib/ckfw/builtins/certdata.c | 2048 +++++++++-------- security/nss/lib/ckfw/builtins/certdata.txt | 1546 +++++++------ security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/freebl/Makefile | 8 +- security/nss/lib/freebl/blapi.h | 115 +- security/nss/lib/freebl/dsa.c | 191 +- security/nss/lib/freebl/intel-aes.s | 119 +- security/nss/lib/freebl/jpake.c | 525 +++++ security/nss/lib/freebl/ldvector.c | 15 +- security/nss/lib/freebl/loader.c | 60 +- security/nss/lib/freebl/loader.h | 35 +- security/nss/lib/freebl/manifest.mn | 1 + security/nss/lib/freebl/rijndael.c | 11 +- security/nss/lib/freebl/rsa.c | 542 ++++- security/nss/lib/freebl/sha512.c | 13 +- security/nss/lib/freebl/stubs.c | 9 + security/nss/lib/freebl/stubs.h | 2 + .../lib/libpkix/include/pkix_errorstrings.h | 7 +- .../pkix_pl_nss/module/pkix_pl_aiamgr.c | 3 +- .../module/pkix_pl_pk11certstore.c | 4 +- security/nss/lib/nss/nss.def | 10 + security/nss/lib/nss/nss.h | 8 +- security/nss/lib/pk11wrap/pk11cert.c | 76 + security/nss/lib/pk11wrap/pk11pub.h | 20 + security/nss/lib/pk11wrap/pk11skey.c | 195 +- security/nss/lib/pk11wrap/pk11util.c | 79 + security/nss/lib/pk11wrap/secmod.h | 12 + security/nss/lib/softoken/jpakesftk.c | 396 ++++ security/nss/lib/softoken/legacydb/lgfind.c | 10 +- security/nss/lib/softoken/manifest.mn | 1 + security/nss/lib/softoken/pkcs11.c | 188 +- security/nss/lib/softoken/pkcs11c.c | 219 +- security/nss/lib/softoken/pkcs11i.h | 17 +- security/nss/lib/softoken/softkver.h | 6 +- security/nss/lib/util/nssutil.h | 6 +- security/nss/lib/util/pkcs11n.h | 116 +- security/nss/lib/util/secerr.h | 5 + 55 files changed, 5764 insertions(+), 1991 deletions(-) create mode 100644 security/nss/cmd/rsapoptst/Makefile create mode 100644 security/nss/cmd/rsapoptst/manifest.mn create mode 100644 security/nss/cmd/rsapoptst/rsapoptst.c create mode 100644 security/nss/lib/freebl/jpake.c create mode 100644 security/nss/lib/softoken/jpakesftk.c diff --git a/nsprpub/TAG-INFO b/nsprpub/TAG-INFO index d2d19fdfcc5..17725266890 100644 --- a/nsprpub/TAG-INFO +++ b/nsprpub/TAG-INFO @@ -1 +1 @@ -NSPR_HEAD_20101015 +NSPR_4_8_7_BETA1 diff --git a/nsprpub/config/prdepend.h b/nsprpub/config/prdepend.h index 55444c40b3a..df72c56882d 100644 --- a/nsprpub/config/prdepend.h +++ b/nsprpub/config/prdepend.h @@ -42,4 +42,3 @@ */ #error "Do not include this header file." - diff --git a/nsprpub/pr/include/pratom.h b/nsprpub/pr/include/pratom.h index 24c03e1b742..4e94d75884f 100644 --- a/nsprpub/pr/include/pratom.h +++ b/nsprpub/pr/include/pratom.h @@ -111,19 +111,19 @@ NSPR_API(PRInt32) PR_AtomicAdd(PRInt32 *ptr, PRInt32 val); ** interchangeably. */ #if defined(_WIN32) && !defined(_WIN32_WCE) && \ - defined(_MSC_VER) && (_MSC_VER >= 1310) + (!defined(_MSC_VER) || (_MSC_VER >= 1310)) + +#ifdef _MSC_VER +#pragma intrinsic(_InterlockedIncrement) +#pragma intrinsic(_InterlockedDecrement) +#pragma intrinsic(_InterlockedExchange) +#pragma intrinsic(_InterlockedExchangeAdd) +#endif long __cdecl _InterlockedIncrement(long volatile *Addend); -#pragma intrinsic(_InterlockedIncrement) - long __cdecl _InterlockedDecrement(long volatile *Addend); -#pragma intrinsic(_InterlockedDecrement) - long __cdecl _InterlockedExchange(long volatile *Target, long Value); -#pragma intrinsic(_InterlockedExchange) - long __cdecl _InterlockedExchangeAdd(long volatile *Addend, long Value); -#pragma intrinsic(_InterlockedExchangeAdd) #define PR_ATOMIC_INCREMENT(val) _InterlockedIncrement((long volatile *)(val)) #define PR_ATOMIC_DECREMENT(val) _InterlockedDecrement((long volatile *)(val)) diff --git a/nsprpub/pr/src/io/prlog.c b/nsprpub/pr/src/io/prlog.c index 58bb2471795..58426d3445e 100644 --- a/nsprpub/pr/src/io/prlog.c +++ b/nsprpub/pr/src/io/prlog.c @@ -566,9 +566,8 @@ PR_IMPLEMENT(void) PR_Abort(void) PR_IMPLEMENT(void) PR_Assert(const char *s, const char *file, PRIntn ln) { PR_LogPrint("Assertion failure: %s, at %s:%d\n", s, file, ln); -#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) fprintf(stderr, "Assertion failure: %s, at %s:%d\n", s, file, ln); -#endif + fflush(stderr); #ifdef WIN32 DebugBreak(); #endif diff --git a/nsprpub/pr/src/md/windows/ntgc.c b/nsprpub/pr/src/md/windows/ntgc.c index e12b30d6c90..ec31e3eeda7 100644 --- a/nsprpub/pr/src/md/windows/ntgc.c +++ b/nsprpub/pr/src/md/windows/ntgc.c @@ -87,7 +87,7 @@ PRWord *_MD_HomeGCRegisters(PRThread *t, int isCurrent, int *np) t->md.gcContext[0] = 0; /* context.Eax */ t->md.gcContext[1] = fiberData[0x2e]; /* context.Ebx */ t->md.gcContext[2] = 0; /* context.Ecx */ - t->md.gcContext[2] = 0; /* context.Edx */ + t->md.gcContext[3] = 0; /* context.Edx */ t->md.gcContext[4] = fiberData[0x2d]; /* context.Esi */ t->md.gcContext[5] = fiberData[0x2c]; /* context.Edi */ t->md.gcContext[6] = fiberData[0x36]; /* context.Esp */ diff --git a/nsprpub/pr/src/pthreads/ptthread.c b/nsprpub/pr/src/pthreads/ptthread.c index 625e0bc8ccc..de065fd33e9 100644 --- a/nsprpub/pr/src/pthreads/ptthread.c +++ b/nsprpub/pr/src/pthreads/ptthread.c @@ -780,8 +780,28 @@ PR_IMPLEMENT(PRStatus) PR_Sleep(PRIntervalTime ticks) static void _pt_thread_death(void *arg) { + void *thred; + int rv; + + _PT_PTHREAD_GETSPECIFIC(pt_book.key, thred); + if (NULL == thred) + { + /* + * Have PR_GetCurrentThread return the expected value to the + * destructors. + */ + rv = pthread_setspecific(pt_book.key, arg); + PR_ASSERT(0 == rv); + } + /* PR_TRUE for: call destructors */ _pt_thread_death_internal(arg, PR_TRUE); + + if (NULL == thred) + { + rv = pthread_setspecific(pt_book.key, NULL); + PR_ASSERT(0 == rv); + } } static void _pt_thread_death_internal(void *arg, PRBool callDestructors) diff --git a/security/coreconf/coreconf.dep b/security/coreconf/coreconf.dep index b75161110bb..4c796e94d27 100644 --- a/security/coreconf/coreconf.dep +++ b/security/coreconf/coreconf.dep @@ -42,3 +42,5 @@ */ #error "Do not include this header file." + + diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index d11151e5b59..dc2248a302f 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_12_8_RC0 +NSS_3_12_9_BETA2 diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 3f97a7c9122..a7a48867c24 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -121,7 +121,7 @@ static void Usage() #define PRINTUSAGE(subject, option, predicate) \ fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate); fprintf(stderr, "\n"); - PRINTUSAGE(progName, "[-DEHSV]", "List available cipher modes"); /* XXX */ + PRINTUSAGE(progName, "[-DEHSVR]", "List available cipher modes"); /* XXX */ fprintf(stderr, "\n"); PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); @@ -218,6 +218,13 @@ static void Usage() PRINTUSAGE("", "-g", "key size (in bytes)"); PRINTUSAGE("", "-u", "number of repetitions of context creation"); fprintf(stderr, "\n"); + PRINTUSAGE(progName, "-R [-g keysize] [-e exp]", + "Test the RSA populate key function"); + PRINTUSAGE("", "", "[-r repetitions]"); + PRINTUSAGE("", "-g", "key size (in bytes)"); + PRINTUSAGE("", "-e", "rsa public exponent"); + PRINTUSAGE("", "-r", "repetitions of the test"); + fprintf(stderr, "\n"); PRINTUSAGE(progName, "-F", "Run the FIPS self-test"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-T [-m mode1,mode2...]", "Run the BLAPI self-test"); @@ -3137,6 +3144,192 @@ void ThreadExecTest(void *data) cipherFinish(cipherInfo); } +static void rsaPrivKeyReset(RSAPrivateKey *tstKey) +{ + PLArenaPool *arena; + + tstKey->version.data = NULL; + tstKey->version.len = 0; + tstKey->modulus.data = NULL; + tstKey->modulus.len = 0; + tstKey->publicExponent.data = NULL; + tstKey->publicExponent.len = 0; + tstKey->privateExponent.data = NULL; + tstKey->privateExponent.len = 0; + tstKey->prime1.data = NULL; + tstKey->prime1.len = 0; + tstKey->prime2.data = NULL; + tstKey->prime2.len = 0; + tstKey->exponent1.data = NULL; + tstKey->exponent1.len = 0; + tstKey->exponent2.data = NULL; + tstKey->exponent2.len = 0; + tstKey->coefficient.data = NULL; + tstKey->coefficient.len = 0; + + arena = tstKey->arena; + tstKey->arena = NULL; + if (arena) { + PORT_FreeArena(arena, PR_TRUE); + } +} + + +#define RSA_TEST_EQUAL(comp) \ + if (!SECITEM_ItemsAreEqual(&(src->comp),&(dest->comp))) { \ + fprintf(stderr, "key->" #comp " not equal"); \ + if (src->comp.len != dest->comp.len) { \ + fprintf(stderr, "src_len = %d, dest_len = %d", \ + src->comp.len, dest->comp.len); \ + } \ + fprintf(stderr, "\n"); \ + areEqual = PR_FALSE; \ + } + + +static PRBool rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest) +{ + PRBool areEqual = PR_TRUE; + RSA_TEST_EQUAL(modulus) + RSA_TEST_EQUAL(publicExponent) + RSA_TEST_EQUAL(privateExponent) + RSA_TEST_EQUAL(prime1) + RSA_TEST_EQUAL(prime2) + RSA_TEST_EQUAL(exponent1) + RSA_TEST_EQUAL(exponent2) + RSA_TEST_EQUAL(coefficient) + if (!areEqual) { + fprintf(stderr, "original key:\n"); + dump_rsakey(src); + fprintf(stderr, "recreated key:\n"); + dump_rsakey(dest); + } + return areEqual; +} + +/* + * Test the RSA populate command to see that it can really build + * keys from it's components. + */ +static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent) +{ + RSAPrivateKey *srcKey; + RSAPrivateKey tstKey = { 0 }; + SECItem expitem = { 0, 0, 0 }; + SECStatus rv; + unsigned char pubExp[4]; + int expLen = 0; + int failed = 0; + int i; + + for (i=0; i < sizeof(unsigned long); i++) { + int shift = (sizeof(unsigned long) - i -1 ) * 8; + if (expLen || (exponent && ((unsigned long)0xffL << shift))) { + pubExp[expLen] = (unsigned char) ((exponent >> shift) & 0xff); + expLen++; + } + } + + expitem.data = pubExp; + expitem.len = expLen; + + srcKey = RSA_NewKey(keySize, &expitem); + if (srcKey == NULL) { + fprintf(stderr, "RSA Key Gen failed"); + return -1; + } + + /* test the basic case - most common, public exponent, modulus, prime */ + tstKey.arena = NULL; + rsaPrivKeyReset(&tstKey); + + tstKey.publicExponent = srcKey->publicExponent; + tstKey.modulus = srcKey->modulus; + tstKey.prime1 = srcKey->prime1; + + rv = RSA_PopulatePrivateKey(&tstKey); + if (rv != SECSuccess) { + fprintf(stderr, "RSA Populate failed: pubExp mod p\n"); + failed = 1; + } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n"); + failed = 1; + } + + /* test the basic2 case, public exponent, modulus, prime2 */ + rsaPrivKeyReset(&tstKey); + + tstKey.publicExponent = srcKey->publicExponent; + tstKey.modulus = srcKey->modulus; + tstKey.prime1 = srcKey->prime2; /* test with q in the prime1 position */ + + rv = RSA_PopulatePrivateKey(&tstKey); + if (rv != SECSuccess) { + fprintf(stderr, "RSA Populate failed: pubExp mod q\n"); + failed = 1; + } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n"); + failed = 1; + } + + /* test the medium case, private exponent, prime1, prime2 */ + rsaPrivKeyReset(&tstKey); + + tstKey.privateExponent = srcKey->privateExponent; + tstKey.prime1 = srcKey->prime2; /* purposefully swap them to make */ + tstKey.prime2 = srcKey->prime1; /* sure populated swaps them back */ + + rv = RSA_PopulatePrivateKey(&tstKey); + if (rv != SECSuccess) { + fprintf(stderr, "RSA Populate failed: privExp p q\n"); + failed = 1; + } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { + fprintf(stderr, "RSA Populate key mismatch: privExp p q\n"); + failed = 1; + } + + /* test the advanced case, public exponent, private exponent, prime2 */ + rsaPrivKeyReset(&tstKey); + + tstKey.privateExponent = srcKey->privateExponent; + tstKey.publicExponent = srcKey->publicExponent; + tstKey.prime2 = srcKey->prime2; /* use q in the prime2 position */ + + rv = RSA_PopulatePrivateKey(&tstKey); + if (rv != SECSuccess) { + fprintf(stderr, "RSA Populate failed: pubExp privExp q\n"); + fprintf(stderr, " - not fatal\n"); + /* it's possible that we can't uniquely determine the original key + * from just the exponents and prime. Populate returns an error rather + * than return the wrong key. */ + } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { + /* if we returned a key, it *must* be correct */ + fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n"); + rv = RSA_PrivateKeyCheck(&tstKey); + failed = 1; + } + + /* test the advanced case2, public exponent, private exponent, modulus */ + rsaPrivKeyReset(&tstKey); + + tstKey.privateExponent = srcKey->privateExponent; + tstKey.publicExponent = srcKey->publicExponent; + tstKey.modulus = srcKey->modulus; + + rv = RSA_PopulatePrivateKey(&tstKey); + if (rv != SECSuccess) { + fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n"); + failed = 1; + } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n"); + failed = 1; + } + + return failed ? -1 : 0; +} + + + /* bltest commands */ enum { cmd_Decrypt = 0, @@ -3145,6 +3338,7 @@ enum { cmd_Hash, cmd_Nonce, cmd_Dump, + cmd_RSAPopulate, cmd_Sign, cmd_SelfTest, cmd_Verify @@ -3196,6 +3390,7 @@ static secuCommandFlag bltest_commands[] = { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE }, { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE }, { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE }, + { /* cmd_RSAPopulate*/ 'R', PR_FALSE, 0, PR_FALSE }, { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE }, { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE }, { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE } @@ -3309,6 +3504,7 @@ int main(int argc, char **argv) goto print_usage; } + if (bltest.commands[cmd_Sign].activated) bltest.commands[cmd_Encrypt].activated = PR_TRUE; if (bltest.commands[cmd_Verify].activated) @@ -3329,6 +3525,36 @@ int main(int argc, char **argv) * Handle three simple cases first */ + /* test the RSA_PopulatePrivateKey function */ + if (bltest.commands[cmd_RSAPopulate].activated) { + unsigned int keySize = 1024; + unsigned long exponent = 65537; + int rounds = 1; + int ret; + + if (bltest.options[opt_KeySize].activated) { + keySize = PORT_Atoi(bltest.options[opt_KeySize].arg); + } + if (bltest.options[opt_Rounds].activated) { + rounds = PORT_Atoi(bltest.options[opt_Rounds].arg); + } + if (bltest.options[opt_Exponent].activated) { + exponent = PORT_Atoi(bltest.options[opt_Exponent].arg); + } + + for (i=0; i < rounds; i++) { + printf("Running RSA Populate test round %d\n",i); + ret = doRSAPopulateTest(keySize,exponent); + if (ret != 0) { + break; + } + } + if (ret != 0) { + fprintf(stderr,"RSA Populate test round %d: FAILED\n",i); + } + return ret; + } + /* Do BLAPI self-test */ if (bltest.commands[cmd_SelfTest].activated) { PRBool encrypt = PR_TRUE, decrypt = PR_TRUE; diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 69cf32c8632..45935788862 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -462,7 +462,7 @@ DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii) } static SECStatus -listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, +listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg) { SECItem data; @@ -530,8 +530,45 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, break; } } + } else if (email) { + CERTCertificate *the_cert; + certs = PK11_FindCertsFromEmailAddress(email, NULL); + if (!certs) { + SECU_PrintError(progName, + "Could not find certificates for email address: %s\n", + email); + return SECFailure; + } + for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); + node = CERT_LIST_NEXT(node)) { + the_cert = node->cert; + /* now get the subjectList that matches this cert */ + data.data = the_cert->derCert.data; + data.len = the_cert->derCert.len; + if (ascii) { + PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, + BTOA_DataToAscii(data.data, data.len), + NS_CERT_TRAILER); + rv = SECSuccess; + } else if (raw) { + numBytes = PR_Write(outfile, data.data, data.len); + rv = SECSuccess; + if (numBytes != (PRInt32) data.len) { + SECU_PrintSystemError(progName, "error writing raw cert"); + rv = SECFailure; + } + } else { + rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", + the_cert->trust); + if (rv != SECSuccess) { + SECU_PrintError(progName, "problem printing certificate"); + } + } + if (rv != SECSuccess) { + break; + } + } } else { - certs = PK11_ListCertsInSlot(slot); if (certs) { for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); @@ -553,12 +590,13 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, } static SECStatus -ListCerts(CERTCertDBHandle *handle, char *nickname, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, secuPWData *pwdata) +ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, + PK11SlotInfo *slot, PRBool raw, PRBool ascii, PRFileDesc *outfile, + secuPWData *pwdata) { SECStatus rv; - if (!ascii && !raw && !nickname) { + if (!ascii && !raw && !nickname && !email) { PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n", "Certificate Nickname", "Trust Attributes", "", "SSL,S/MIME,JAR/XPI"); @@ -569,15 +607,13 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, PK11SlotInfo *slot, list = PK11_ListCerts(PK11CertListAll, pwdata); for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list); - node = CERT_LIST_NEXT(node)) - { + node = CERT_LIST_NEXT(node)) { SECU_PrintCertNickname(node, stdout); } CERT_DestroyCertList(list); return SECSuccess; - } else { - rv = listCerts(handle,nickname,slot,raw,ascii,outfile,pwdata); - } + } + rv = listCerts(handle, nickname, email, slot, raw, ascii, outfile, pwdata); return rv; } @@ -598,10 +634,8 @@ DeleteCert(CERTCertDBHandle *handle, char *name) CERT_DestroyCertificate(cert); if (rv) { SECU_PrintError(progName, "unable to delete certificate"); - return SECFailure; } - - return SECSuccess; + return rv; } static SECStatus @@ -995,7 +1029,9 @@ Usage(char *progName) progName); FPS "\t\t [-P targetDBPrefix] [--source-prefix sourceDBPrefix]\n"); FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); - FPS "\t%s -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName); + FPS "\t%s -L [-n cert-name] [--email email-address] [-X] [-r] [-a]\n", + progName); + FPS "\t\t [-d certdir] [-P dbprefix]\n"); FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName); @@ -1208,6 +1244,9 @@ static void LongUsage(char *progName) "-L"); FPS "%-20s Pretty print named cert (list all if unspecified)\n", " -n cert-name"); + FPS "%-20s \n" + "%-20s Pretty print cert with email address (list all if unspecified)\n", + " --email email-address", ""); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", @@ -1827,6 +1866,7 @@ enum certutilOpts { opt_KeySize, opt_TokenName, opt_InputFile, + opt_Emailaddress, opt_KeyIndex, opt_KeyType, opt_DetailedInfo, @@ -1914,6 +1954,7 @@ secuCommandFlag options_init[] = { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE }, + { /* opt_Emailaddress */ 0, PR_TRUE, 0, PR_FALSE, "email" }, { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE }, { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE }, { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE }, @@ -1991,6 +2032,7 @@ certutil_main(int argc, char **argv, PRBool initialize) char * upgradeTokenName = ""; KeyType keytype = rsaKey; char * name = NULL; + char * email = NULL; char * keysource = NULL; SECOidTag hashAlgTag = SEC_OID_UNKNOWN; int keysize = DEFAULT_KEY_BITS; @@ -2389,6 +2431,7 @@ certutil_main(int argc, char **argv, PRBool initialize) } name = SECU_GetOptionArg(&certutil, opt_Nickname); + email = SECU_GetOptionArg(&certutil, opt_Emailaddress); PK11_SetPasswordFunc(SECU_GetModulePassword); @@ -2579,7 +2622,7 @@ merge_fail: /* List certs (-L) */ if (certutil.commands[cmd_ListCerts].activated) { - rv = ListCerts(certHandle, name, slot, + rv = ListCerts(certHandle, name, email, slot, certutil.options[opt_BinaryDER].activated, certutil.options[opt_ASCIIForIO].activated, (outFile) ? outFile : PR_STDOUT, &pwdata); diff --git a/security/nss/cmd/lib/SECerrs.h b/security/nss/cmd/lib/SECerrs.h index f3d713e294f..b8da9fe67e6 100644 --- a/security/nss/cmd/lib/SECerrs.h +++ b/security/nss/cmd/lib/SECerrs.h @@ -567,3 +567,9 @@ ER3(SEC_ERROR_EXPIRED_PASSWORD, (SEC_ERROR_BASE + 172), ER3(SEC_ERROR_LOCKED_PASSWORD, (SEC_ERROR_BASE + 173), "The password is locked.") + +ER3(SEC_ERROR_UNKNOWN_PKCS11_ERROR, (SEC_ERROR_BASE + 174), +"Unknown PKCS #11 error.") + +ER3(SEC_ERROR_BAD_CRL_DP_URL, (SEC_ERROR_BASE + 175), +"Invalid or unsupported URL in CRL distribution point name.") diff --git a/security/nss/cmd/rsapoptst/Makefile b/security/nss/cmd/rsapoptst/Makefile new file mode 100644 index 00000000000..115886cd751 --- /dev/null +++ b/security/nss/cmd/rsapoptst/Makefile @@ -0,0 +1,86 @@ +#! gmake +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn +#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \ +# -always-use-cache-dir $(CC) + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../platlibs.mk + +#EXTRA_SHARED_LIBS += \ +# -L/usr/lib \ +# -lposix4 \ +# $(NULL) + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include ../platrules.mk diff --git a/security/nss/cmd/rsapoptst/manifest.mn b/security/nss/cmd/rsapoptst/manifest.mn new file mode 100644 index 00000000000..4098569ac3f --- /dev/null +++ b/security/nss/cmd/rsapoptst/manifest.mn @@ -0,0 +1,54 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +CORE_DEPTH = ../../.. + +MODULE = nss + +REQUIRES = seccmd dbm softoken + +PROGRAM = rsapoptst + +EXPORTS = \ + $(NULL) + +PRIVATE_EXPORTS = \ + $(NULL) + +CSRCS = \ + rsapoptst.c \ + $(NULL) + diff --git a/security/nss/cmd/rsapoptst/rsapoptst.c b/security/nss/cmd/rsapoptst/rsapoptst.c new file mode 100644 index 00000000000..8f58e7527c3 --- /dev/null +++ b/security/nss/cmd/rsapoptst/rsapoptst.c @@ -0,0 +1,550 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by the Red Hat, Inc. are Copyright (C) 2010 + * the Red Hat, Inc.. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include +#include +#include "plgetopt.h" +#include "nss.h" +#include "secutil.h" +#include "pk11table.h" +#include "secmodt.h" +#include "pk11pub.h" + + +struct test_args { + char *arg; + int mask_value; + char *description; +}; + +static const struct test_args test_array[] = { + {"all", 0x1f, "run all the tests" }, + {"e_n_p", 0x01, "public exponent, modulus, prime1"}, + {"d_n_q", 0x02, "private exponent, modulus, prime2"}, + {"d_p_q", 0x04, "private exponent, prime1, prime2"}, + {"e_d_q", 0x08, "public exponent, private exponent, prime2"}, + {"e_d_n", 0x10, "public exponent, private exponent, moduls"} +}; +static const int test_array_size = + (sizeof(test_array)/sizeof(struct test_args)); + +static void Usage(char *progName) +{ + int i; +#define PRINTUSAGE(subject, option, predicate) \ + fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate); + fprintf(stderr, "%s [-k keysize] [-e exp] [-r rounds] [-t tests]\n " + "Test creating RSA private keys from Partial components\n", + progName); + PRINTUSAGE("", "-k", "key size (in bit)"); + PRINTUSAGE("", "-e", "rsa public exponent"); + PRINTUSAGE("", "-r", "number times to repeat the test"); + PRINTUSAGE("", "-t", "run the specified tests"); + for (i=0; i < test_array_size; i++) { + PRINTUSAGE("", test_array[i].arg, test_array[i].description); + } + fprintf(stderr,"\n"); +} + +/* + * Test the RSA populate command to see that it can really build + * keys from it's components. + */ + +const static CK_ATTRIBUTE rsaTemplate[] = { + {CKA_CLASS, NULL, 0 }, + {CKA_KEY_TYPE, NULL, 0 }, + {CKA_TOKEN, NULL, 0 }, + {CKA_SENSITIVE, NULL, 0 }, + {CKA_PRIVATE, NULL, 0 }, + {CKA_MODULUS, NULL, 0 }, + {CKA_PUBLIC_EXPONENT, NULL, 0 }, + {CKA_PRIVATE_EXPONENT, NULL, 0 }, + {CKA_PRIME_1, NULL, 0 }, + {CKA_PRIME_2, NULL, 0 }, + {CKA_EXPONENT_1, NULL, 0 }, + {CKA_EXPONENT_2, NULL, 0 }, + {CKA_COEFFICIENT, NULL, 0 }, +}; + +#define RSA_SIZE (sizeof(rsaTemplate)) +#define RSA_ATTRIBUTES (sizeof(rsaTemplate)/sizeof(CK_ATTRIBUTE)) + +static void +resetTemplate(CK_ATTRIBUTE *attribute, int start, int end) +{ + int i; + for (i=start; i < end; i++) { + if (attribute[i].pValue) { + PORT_Free(attribute[i].pValue); + } + attribute[i].pValue = NULL; + attribute[i].ulValueLen = 0; + } +} + +static SECStatus +copyAttribute(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template, + int offset, CK_ATTRIBUTE_TYPE attrType) +{ + SECItem attributeItem = {0, 0, 0}; + SECStatus rv; + + rv = PK11_ReadRawAttribute(objType, object, attrType, &attributeItem); + if (rv != SECSuccess) { + return rv; + } + template[offset].type = attrType; + template[offset].pValue = attributeItem.data; + template[offset].ulValueLen = attributeItem.len; + return SECSuccess; +} + +static SECStatus +readKey(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template, + int start, int end) +{ + int i; + SECStatus rv; + + for (i=start; i < end; i++) { + rv = copyAttribute(objType, object, template, i, template[i].type); + if (rv != SECSuccess) { + goto fail; + } + } + return SECSuccess; + +fail: + resetTemplate(template, start, i); + return rv; +} + +#define ATTR_STRING(x) getNameFromAttribute(x) + +void +dumpTemplate(CK_ATTRIBUTE *template, int start, int end) +{ + int i,j; + for (i=0; i < end; i++) { + unsigned char cval; + CK_ULONG ulval; + unsigned char *cpval; + + fprintf(stderr, "%s:", ATTR_STRING(template[i].type)); + switch (template[i].ulValueLen) { + case 1: + cval =*(unsigned char *)template[i].pValue; + switch(cval) { + case 0: fprintf(stderr, " false"); break; + case 1: fprintf(stderr, " true"); break; + default: + fprintf(stderr, " %d (=0x%02x,'%c')",cval,cval,cval); + break; + } + break; + case sizeof(CK_ULONG): + ulval = *(CK_ULONG *)template[i].pValue; + fprintf(stderr," %ld (=0x%04lx)", ulval, ulval); + break; + default: + cpval = (unsigned char *)template[i].pValue; + for (j=0; j < template[i].ulValueLen; j++) { + if ((j % 16) == 0) fprintf(stderr, "\n "); + fprintf(stderr," %02x",cpval[j]); + } + break; + } + fprintf(stderr,"\n"); + } +} + +PRBool +rsaKeysAreEqual(PK11ObjectType srcType, void *src, + PK11ObjectType destType, void *dest) +{ + + CK_ATTRIBUTE srcTemplate[RSA_ATTRIBUTES]; + CK_ATTRIBUTE destTemplate[RSA_ATTRIBUTES]; + PRBool areEqual = PR_TRUE; + SECStatus rv; + int i; + + memcpy(srcTemplate, rsaTemplate, RSA_SIZE); + memcpy(destTemplate, rsaTemplate, RSA_SIZE); + + rv = readKey(srcType, src, srcTemplate, 0, RSA_ATTRIBUTES); + if (rv != SECSuccess) { + printf("Could read source key\n"); + return PR_FALSE; + } + readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES); + if (rv != SECSuccess) { + printf("Could read dest key\n"); + return PR_FALSE; + } + + for (i=0; i < RSA_ATTRIBUTES; i++) { + if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) { + printf("key->%s not equal src_len = %ld, dest_len=%ld\n", + ATTR_STRING(srcTemplate[i].type), + srcTemplate[i].ulValueLen, destTemplate[i].ulValueLen); + areEqual = 0; + } else if (memcmp(srcTemplate[i].pValue, destTemplate[i].pValue, + destTemplate[i].ulValueLen) != 0) { + printf("key->%s not equal.\n", ATTR_STRING(srcTemplate[i].type)); + areEqual = 0; + } + } + if (!areEqual) { + fprintf(stderr, "original key:\n"); + dumpTemplate(srcTemplate,0, RSA_ATTRIBUTES); + fprintf(stderr, "created key:\n"); + dumpTemplate(destTemplate,0, RSA_ATTRIBUTES); + } + return areEqual; +} + +static int exp_exp_prime_fail_count = 0; + +static int +doRSAPopulateTest(unsigned int keySize, unsigned long exponent, + int mask, void *pwarg) +{ + SECKEYPrivateKey *rsaPrivKey; + SECKEYPublicKey *rsaPubKey; + PK11GenericObject *tstPrivKey; + CK_ATTRIBUTE tstTemplate[RSA_ATTRIBUTES]; + int tstHeaderCount; + PK11SlotInfo *slot = NULL; + PK11RSAGenParams rsaParams; + CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY; + CK_KEY_TYPE key_type = CKK_RSA; + CK_BBOOL ck_false = CK_FALSE; + int failed = 0; + + rsaParams.pe = exponent; + rsaParams.keySizeInBits = keySize; + + slot = PK11_GetInternalSlot(); + if (slot == NULL) { + fprintf(stderr, "Couldn't get the internal slot for the test \n"); + return -1; + } + + rsaPrivKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, + &rsaParams, &rsaPubKey, PR_FALSE, + PR_FALSE, pwarg); + if (rsaPrivKey == NULL) { + fprintf(stderr, "RSA Key Gen failed"); + PK11_FreeSlot(slot); + return -1; + } + + memcpy(tstTemplate, rsaTemplate, RSA_SIZE); + + tstTemplate[0].pValue = &obj_class; + tstTemplate[0].ulValueLen = sizeof(obj_class); + tstTemplate[1].pValue = &key_type; + tstTemplate[1].ulValueLen = sizeof(key_type); + tstTemplate[2].pValue = &ck_false; + tstTemplate[2].ulValueLen = sizeof(ck_false); + tstTemplate[3].pValue = &ck_false; + tstTemplate[3].ulValueLen = sizeof(ck_false); + tstTemplate[4].pValue = &ck_false; + tstTemplate[4].ulValueLen = sizeof(ck_false); + tstHeaderCount = 5; + + if (mask & 1) { + printf("%s\n",test_array[1].description); + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+1, CKA_MODULUS); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+2, CKA_PRIME_1); + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount+3, PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp mod p\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n"); + failed = 1; + } + if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 2) { + printf("%s\n",test_array[2].description); + /* test the basic2 case, public exponent, modulus, prime2 */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+1, CKA_MODULUS); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+2, CKA_PRIME_2); + /* test with q in the prime1 position */ + tstTemplate[tstHeaderCount+2].type = CKA_PRIME_1; + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount+3, PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp mod q\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n"); + failed = 1; + } + if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 4) { + printf("%s\n",test_array[3].description); + /* test the medium case, private exponent, prime1, prime2 */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PRIVATE_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+1, CKA_PRIME_1); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+2, CKA_PRIME_2); + /* test with p & q swapped. Underlying code should swap these back */ + tstTemplate[tstHeaderCount+2].type = CKA_PRIME_1; + tstTemplate[tstHeaderCount+1].type = CKA_PRIME_2; + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount+3, PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: privExp p q\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: privExp p q\n"); + failed = 1; + } + if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 8) { + printf("%s\n",test_array[4].description); + /* test the advanced case, public exponent, private exponent, prime2 */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PRIVATE_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+1, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+2, CKA_PRIME_2); + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount+3, PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp privExp q\n"); + fprintf(stderr, " this is expected periodically. It means we\n"); + fprintf(stderr, " had more than one key that meets the " + "specification\n"); + exp_exp_prime_fail_count++; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n"); + failed = 1; + } + if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 16) { + printf("%s\n",test_array[5].description); + /* test the advanced case2, public exponent, private exponent, modulus + */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PRIVATE_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+1, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount+2, CKA_MODULUS); + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount+3, PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n"); + failed = 1; + } + if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey); + } + + + PK11_FreeSlot(slot); + return failed ? -1 : 0; +} + +/* populate options */ +enum { + opt_Exponent = 0, + opt_KeySize, + opt_Repeat, + opt_Tests +}; + +static secuCommandFlag populate_options[] = +{ + { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE }, + { /* opt_KeySize */ 'k', PR_TRUE, 0, PR_FALSE }, + { /* opt_Repeat */ 'r', PR_TRUE, 0, PR_FALSE }, + { /* opt_Tests */ 't', PR_TRUE, 0, PR_FALSE }, +}; + +int +is_delimiter(char c) +{ + if ((c=='+') || (c==',') || (c=='|')) { + return 1; + } + return 0; +} + +int +parse_tests(char *test_string) +{ + int mask = 0; + int i; + + while (*test_string) { + if (is_delimiter(*test_string)) { + test_string++; + } + for (i=0; i < test_array_size; i++) { + char *arg = test_array[i].arg; + int len = strlen(arg); + if (strncmp(test_string,arg,len) == 0) { + test_string += len; + mask |= test_array[i].mask_value; + break; + } + } + if (i == test_array_size) { + break; + } + } + return mask; +} + +int main(int argc, char **argv) +{ + unsigned int keySize = 1024; + unsigned long exponent = 65537; + int i, repeat = 1, ret = 0; + SECStatus rv = SECFailure; + secuCommand populateArgs; + char *progName; + int mask = 0xff; + + populateArgs.numCommands = 0; + populateArgs.numOptions = sizeof(populate_options) / + sizeof(secuCommandFlag); + populateArgs.commands = NULL; + populateArgs.options = populate_options; + + progName = strrchr(argv[0], '/'); + if (!progName) + progName = strrchr(argv[0], '\\'); + progName = progName ? progName+1 : argv[0]; + + rv = NSS_NoDB_Init(NULL); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } + + rv = SECU_ParseCommandLine(argc, argv, progName, &populateArgs); + if (rv == SECFailure) { + fprintf(stderr, "%s: command line parsing error!\n", progName); + Usage(progName); + return -1; + } + rv = SECFailure; + + + if (populateArgs.options[opt_KeySize].activated) { + keySize = PORT_Atoi(populateArgs.options[opt_KeySize].arg); + } + if (populateArgs.options[opt_Repeat].activated) { + repeat = PORT_Atoi(populateArgs.options[opt_Repeat].arg); + } + if (populateArgs.options[opt_Exponent].activated) { + exponent = PORT_Atoi(populateArgs.options[opt_Exponent].arg); + } + if (populateArgs.options[opt_Tests].activated) { + char * test_string = populateArgs.options[opt_Tests].arg; + mask = PORT_Atoi(test_string); + if (mask == 0) { + mask = parse_tests(test_string); + } + if (mask == 0) { + Usage(progName); + return -1; + } + } + + exp_exp_prime_fail_count = 0; + for (i=0; i < repeat; i++) { + printf("Running RSA Populate test run %d\n",i); + ret = doRSAPopulateTest(keySize, exponent, mask, NULL); + if (ret != 0) { + i++; + break; + } + } + if (ret != 0) { + fprintf(stderr,"RSA Populate test round %d: FAILED\n",i); + } + if (repeat > 1) { + printf(" pub priv prime test: %d failures out of %d runs (%f %%)\n", + exp_exp_prime_fail_count, i, + (((double)exp_exp_prime_fail_count) * 100.0)/(double) i); + } + return ret; +} diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c index fb60bad0f42..32612e3efe4 100644 --- a/security/nss/cmd/vfychain/vfychain.c +++ b/security/nss/cmd/vfychain/vfychain.c @@ -729,8 +729,7 @@ breakout: /* Display validation results */ if (secStatus != SECSuccess || log.count > 0) { CERTVerifyLogNode *node = NULL; - PRIntn err = PR_GetError(); - fprintf(stderr, "Chain is bad, %d = %s\n", err, SECU_Strerror(err)); + fprintf(stderr, "Chain is bad!\n"); SECU_displayVerifyLog(stderr, &log, verbose); /* Have cert refs in the log only in case of failure. diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 9dcbd172451..2b74f972f45 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -37,7 +37,7 @@ /* * cert.h - public data structures and prototypes for the certificate library * - * $Id: cert.h,v 1.80 2010/04/30 07:47:47 nelson%bolyard.com Exp $ + * $Id: cert.h,v 1.80.2.1 2010/09/24 13:31:57 kaie%kuix.de Exp $ */ #ifndef _CERT_H_ @@ -606,6 +606,16 @@ CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr); CERTCertificate * CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name); +/* +** Find a certificate in the database by a email address or nickname +** and require it to have the given usage. +** "name" is the email address or nickname to look up +*/ +CERTCertificate * +CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, + const char *name, + SECCertUsage lookingForUsage); + /* ** Find a certificate in the database by a digest of a subject public key ** "spkDigest" is the digest to look up diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index da0d7bc0371..119a8da9fd4 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -614,19 +614,30 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert) return STAN_GetCERTCertificateOrRelease(c); } -CERTCertificate * -CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name) +static CERTCertificate * +common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, + char *name, + PRBool anyUsage, + SECCertUsage lookingForUsage) { NSSCryptoContext *cc; NSSCertificate *c, *ct; CERTCertificate *cert; NSSUsage usage; + CERTCertList *certlist; if (NULL == name) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } - usage.anyUsage = PR_TRUE; + + usage.anyUsage = anyUsage; + + if (!anyUsage) { + usage.nss3lookingForCA = PR_FALSE; + usage.nss3usage = lookingForUsage; + } + cc = STAN_GetDefaultCryptoContext(); ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, NULL, &usage, NULL); @@ -638,7 +649,34 @@ CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name) PORT_Free(lowercaseName); } } - cert = PK11_FindCertFromNickname(name, NULL); + + if (anyUsage) { + cert = PK11_FindCertFromNickname(name, NULL); + } + else { + if (ct) { + /* Does ct really have the required usage? */ + nssDecodedCert *dc; + dc = nssCertificate_GetDecoding(ct); + if (!dc->matchUsage(dc, &usage)) { + CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); + ct = NULL; + } + } + + certlist = PK11_FindCertsFromNickname(name, NULL); + if (certlist) { + SECStatus rv = CERT_FilterCertListByUsage(certlist, + lookingForUsage, + PR_FALSE); + if (SECSuccess == rv && + !CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) { + cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert); + } + CERT_DestroyCertList(certlist); + } + } + if (cert) { c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert)); CERT_DestroyCertificate(cert); @@ -651,6 +689,23 @@ CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name) return c ? STAN_GetCERTCertificateOrRelease(c) : NULL; } +CERTCertificate * +CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name) +{ + return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, + PR_TRUE, 0); +} + +CERTCertificate * +CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, + const char *name, + SECCertUsage lookingForUsage) +{ + return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, + PR_FALSE, + lookingForUsage); +} + static void add_to_subject_list(CERTCertList *certList, CERTCertificate *cert, PRBool validOnly, int64 sorttime) diff --git a/security/nss/lib/certhigh/ocsp.h b/security/nss/lib/certhigh/ocsp.h index b4afa0ba271..b47243fad2e 100644 --- a/security/nss/lib/certhigh/ocsp.h +++ b/security/nss/lib/certhigh/ocsp.h @@ -37,7 +37,7 @@ /* * Interface to the OCSP implementation. * - * $Id: ocsp.h,v 1.17 2010/02/01 20:09:32 wtc%google.com Exp $ + * $Id: ocsp.h,v 1.17.2.1 2010/09/27 21:22:20 wtc%google.com Exp $ */ #ifndef _OCSP_H_ @@ -476,9 +476,10 @@ CERT_RegisterAlternateOCSPAIAInfoCallBack( /* * FUNCTION: CERT_ParseURL - * Parse the URI of a OCSP responder into hostname, port, and path. + * Parse a URI into hostname, port, and path. The scheme in the URI must + * be "http". * INPUTS: - * const char *location + * const char *url * The URI to be parsed * OUTPUTS: * char *pHostname @@ -490,9 +491,8 @@ CERT_RegisterAlternateOCSPAIAInfoCallBack( * Pointer to store the path obtained from the URI. * This result should be freed (via PORT_Free) when no longer in use. * RETURN: - * Returns SECSuccess when parsing was successful. Anything else means + * Returns SECSuccess when parsing was successful. Returns SECFailure when * problems were encountered. - * */ extern SECStatus CERT_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath); diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c index bf83a9aa307..924f36bb8f5 100644 --- a/security/nss/lib/ckfw/builtins/certdata.c +++ b/security/nss/lib/ckfw/builtins/certdata.c @@ -35,7 +35,7 @@ * * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.1 $ $Date: 2010/08/27 15:46:44 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.1 $ $Date: 2010/08/27 15:46:44 $"; +static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.6 $ $Date: 2010/12/02 23:26:35 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.6 $ $Date: 2010/12/02 23:26:35 $"; #endif /* DEBUG */ #ifndef BUILTINS_H @@ -998,7 +998,7 @@ static const NSSItem nss_builtins_items_0 [] = { { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, { (void *)"CVS ID", (PRUint32)7 }, { (void *)"NSS", (PRUint32)4 }, - { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.1 $ $Date: 2010/08/27 15:46:44 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.1 $ $Date: 2010/08/27 15:46:44 $", (PRUint32)160 } + { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.6 $ $Date: 2010/12/02 23:26:35 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.6 $ $Date: 2010/12/02 23:26:35 $", (PRUint32)164 } }; #endif /* DEBUG */ static const NSSItem nss_builtins_items_1 [] = { @@ -1009,86 +1009,6 @@ static const NSSItem nss_builtins_items_1 [] = { { (void *)"Mozilla Builtin Roots", (PRUint32)22 } }; static const NSSItem nss_builtins_items_2 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"GTE CyberTrust Root CA", (PRUint32)23 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" -"\162\160\157\162\141\164\151\157\156\061\034\060\032\006\003\125" -"\004\003\023\023\107\124\105\040\103\171\142\145\162\124\162\165" -"\163\164\040\122\157\157\164" -, (PRUint32)71 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" -"\162\160\157\162\141\164\151\157\156\061\034\060\032\006\003\125" -"\004\003\023\023\107\124\105\040\103\171\142\145\162\124\162\165" -"\163\164\040\122\157\157\164" -, (PRUint32)71 }, - { (void *)"\002\002\001\243" -, (PRUint32)4 }, - { (void *)"\060\202\001\372\060\202\001\143\002\002\001\243\060\015\006\011" -"\052\206\110\206\367\015\001\001\004\005\000\060\105\061\013\060" -"\011\006\003\125\004\006\023\002\125\123\061\030\060\026\006\003" -"\125\004\012\023\017\107\124\105\040\103\157\162\160\157\162\141" -"\164\151\157\156\061\034\060\032\006\003\125\004\003\023\023\107" -"\124\105\040\103\171\142\145\162\124\162\165\163\164\040\122\157" -"\157\164\060\036\027\015\071\066\060\062\062\063\062\063\060\061" -"\060\060\132\027\015\060\066\060\062\062\063\062\063\065\071\060" -"\060\132\060\105\061\013\060\011\006\003\125\004\006\023\002\125" -"\123\061\030\060\026\006\003\125\004\012\023\017\107\124\105\040" -"\103\157\162\160\157\162\141\164\151\157\156\061\034\060\032\006" -"\003\125\004\003\023\023\107\124\105\040\103\171\142\145\162\124" -"\162\165\163\164\040\122\157\157\164\060\201\237\060\015\006\011" -"\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060" -"\201\211\002\201\201\000\270\346\117\272\333\230\174\161\174\257" -"\104\267\323\017\106\331\144\345\223\301\102\216\307\272\111\215" -"\065\055\172\347\213\275\345\005\061\131\306\261\057\012\014\373" -"\237\247\077\242\011\146\204\126\036\067\051\033\207\351\176\014" -"\312\232\237\245\177\365\025\224\243\325\242\106\202\330\150\114" -"\321\067\025\006\150\257\275\370\260\263\360\051\365\225\132\011" -"\026\141\167\012\042\045\324\117\105\252\307\275\345\226\337\371" -"\324\250\216\102\314\044\300\036\221\047\112\265\155\006\200\143" -"\071\304\242\136\070\003\002\003\001\000\001\060\015\006\011\052" -"\206\110\206\367\015\001\001\004\005\000\003\201\201\000\022\263" -"\165\306\137\035\341\141\125\200\000\324\201\113\173\061\017\043" -"\143\347\075\363\003\371\364\066\250\273\331\343\245\227\115\352" -"\053\051\340\326\152\163\201\346\300\211\243\323\361\340\245\245" -"\042\067\232\143\302\110\040\264\333\162\343\310\366\331\174\276" -"\261\257\123\332\024\264\041\270\326\325\226\343\376\116\014\131" -"\142\266\232\112\371\102\335\214\157\201\251\161\377\364\012\162" -"\155\155\104\016\235\363\164\164\250\325\064\111\351\136\236\351" -"\264\172\341\345\132\037\204\060\234\323\237\245\045\330" -, (PRUint32)510 } -}; -static const NSSItem nss_builtins_items_3 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"GTE CyberTrust Root CA", (PRUint32)23 }, - { (void *)"\220\336\336\236\114\116\237\157\330\206\027\127\235\323\221\274" -"\145\246\211\144" -, (PRUint32)20 }, - { (void *)"\304\327\360\262\243\305\175\141\147\360\004\315\103\323\272\130" -, (PRUint32)16 }, - { (void *)"\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" -"\162\160\157\162\141\164\151\157\156\061\034\060\032\006\003\125" -"\004\003\023\023\107\124\105\040\103\171\142\145\162\124\162\165" -"\163\164\040\122\157\157\164" -, (PRUint32)71 }, - { (void *)"\002\002\001\243" -, (PRUint32)4 }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_4 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1156,7 +1076,7 @@ static const NSSItem nss_builtins_items_4 [] = { "\037\042\265\315\225\255\272\247\314\371\253\013\172\177" , (PRUint32)606 } }; -static const NSSItem nss_builtins_items_5 [] = { +static const NSSItem nss_builtins_items_3 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1183,7 +1103,7 @@ static const NSSItem nss_builtins_items_5 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_6 [] = { +static const NSSItem nss_builtins_items_4 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1277,7 +1197,7 @@ static const NSSItem nss_builtins_items_6 [] = { "\201" , (PRUint32)817 } }; -static const NSSItem nss_builtins_items_7 [] = { +static const NSSItem nss_builtins_items_5 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1310,7 +1230,7 @@ static const NSSItem nss_builtins_items_7 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_8 [] = { +static const NSSItem nss_builtins_items_6 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1400,7 +1320,7 @@ static const NSSItem nss_builtins_items_8 [] = { "\243\377\212\043\056\160\107" , (PRUint32)791 } }; -static const NSSItem nss_builtins_items_9 [] = { +static const NSSItem nss_builtins_items_7 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1432,7 +1352,7 @@ static const NSSItem nss_builtins_items_9 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_10 [] = { +static const NSSItem nss_builtins_items_8 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1525,7 +1445,7 @@ static const NSSItem nss_builtins_items_10 [] = { "\246\015\246\043\371\273\313\246\007\024\102" , (PRUint32)811 } }; -static const NSSItem nss_builtins_items_11 [] = { +static const NSSItem nss_builtins_items_9 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1558,7 +1478,7 @@ static const NSSItem nss_builtins_items_11 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_12 [] = { +static const NSSItem nss_builtins_items_10 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1633,7 +1553,7 @@ static const NSSItem nss_builtins_items_12 [] = { "\254\007\167\070" , (PRUint32)804 } }; -static const NSSItem nss_builtins_items_13 [] = { +static const NSSItem nss_builtins_items_11 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1657,7 +1577,7 @@ static const NSSItem nss_builtins_items_13 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_14 [] = { +static const NSSItem nss_builtins_items_12 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1732,7 +1652,7 @@ static const NSSItem nss_builtins_items_14 [] = { "\241\223\004\273\206\237\072\133\103\172\303\212\145" , (PRUint32)813 } }; -static const NSSItem nss_builtins_items_15 [] = { +static const NSSItem nss_builtins_items_13 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1756,7 +1676,7 @@ static const NSSItem nss_builtins_items_15 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_16 [] = { +static const NSSItem nss_builtins_items_14 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1831,7 +1751,7 @@ static const NSSItem nss_builtins_items_16 [] = { "\307\177\033\033\326\006\040\002\130\241\303\242\003" , (PRUint32)813 } }; -static const NSSItem nss_builtins_items_17 [] = { +static const NSSItem nss_builtins_items_15 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1855,7 +1775,7 @@ static const NSSItem nss_builtins_items_17 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_18 [] = { +static const NSSItem nss_builtins_items_16 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1921,7 +1841,7 @@ static const NSSItem nss_builtins_items_18 [] = { "\224" , (PRUint32)577 } }; -static const NSSItem nss_builtins_items_19 [] = { +static const NSSItem nss_builtins_items_17 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -1948,7 +1868,7 @@ static const NSSItem nss_builtins_items_19 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_20 [] = { +static const NSSItem nss_builtins_items_18 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2013,7 +1933,7 @@ static const NSSItem nss_builtins_items_20 [] = { "\360\210\321\345\170\215\245\052\117\366\227\015\027\167\312\330" , (PRUint32)576 } }; -static const NSSItem nss_builtins_items_21 [] = { +static const NSSItem nss_builtins_items_19 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2040,7 +1960,7 @@ static const NSSItem nss_builtins_items_21 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_22 [] = { +static const NSSItem nss_builtins_items_20 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2105,7 +2025,7 @@ static const NSSItem nss_builtins_items_22 [] = { "\300\175\267\162\234\311\066\072\153\237\116\250\377\144\015\144" , (PRUint32)576 } }; -static const NSSItem nss_builtins_items_23 [] = { +static const NSSItem nss_builtins_items_21 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2132,7 +2052,7 @@ static const NSSItem nss_builtins_items_23 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_24 [] = { +static const NSSItem nss_builtins_items_22 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2222,7 +2142,7 @@ static const NSSItem nss_builtins_items_24 [] = { "\017\061\134\350\362\331" , (PRUint32)774 } }; -static const NSSItem nss_builtins_items_25 [] = { +static const NSSItem nss_builtins_items_23 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2255,7 +2175,7 @@ static const NSSItem nss_builtins_items_25 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_26 [] = { +static const NSSItem nss_builtins_items_24 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2345,7 +2265,7 @@ static const NSSItem nss_builtins_items_26 [] = { "\214\022\173\305\104\264\256" , (PRUint32)775 } }; -static const NSSItem nss_builtins_items_27 [] = { +static const NSSItem nss_builtins_items_25 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2378,7 +2298,7 @@ static const NSSItem nss_builtins_items_27 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_28 [] = { +static const NSSItem nss_builtins_items_26 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2468,7 +2388,7 @@ static const NSSItem nss_builtins_items_28 [] = { "\240\235\235\151\221\375" , (PRUint32)774 } }; -static const NSSItem nss_builtins_items_29 [] = { +static const NSSItem nss_builtins_items_27 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2501,7 +2421,7 @@ static const NSSItem nss_builtins_items_29 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_30 [] = { +static const NSSItem nss_builtins_items_28 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2591,7 +2511,7 @@ static const NSSItem nss_builtins_items_30 [] = { "\117\312\200\221\266\051" , (PRUint32)774 } }; -static const NSSItem nss_builtins_items_31 [] = { +static const NSSItem nss_builtins_items_29 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2624,7 +2544,7 @@ static const NSSItem nss_builtins_items_31 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_32 [] = { +static const NSSItem nss_builtins_items_30 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2706,7 +2626,7 @@ static const NSSItem nss_builtins_items_32 [] = { "\125\342\374\110\311\051\046\151\340" , (PRUint32)889 } }; -static const NSSItem nss_builtins_items_33 [] = { +static const NSSItem nss_builtins_items_31 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2731,7 +2651,7 @@ static const NSSItem nss_builtins_items_33 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_34 [] = { +static const NSSItem nss_builtins_items_32 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2815,7 +2735,7 @@ static const NSSItem nss_builtins_items_34 [] = { "\152\374\176\102\070\100\144\022\367\236\201\341\223\056" , (PRUint32)958 } }; -static const NSSItem nss_builtins_items_35 [] = { +static const NSSItem nss_builtins_items_33 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2839,7 +2759,7 @@ static const NSSItem nss_builtins_items_35 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_36 [] = { +static const NSSItem nss_builtins_items_34 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2924,7 +2844,7 @@ static const NSSItem nss_builtins_items_36 [] = { "\161\202\053\231\317\072\267\365\055\162\310" , (PRUint32)747 } }; -static const NSSItem nss_builtins_items_37 [] = { +static const NSSItem nss_builtins_items_35 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2955,7 +2875,7 @@ static const NSSItem nss_builtins_items_37 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_38 [] = { +static const NSSItem nss_builtins_items_36 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3040,7 +2960,7 @@ static const NSSItem nss_builtins_items_38 [] = { "\276\355\164\114\274\133\325\142\037\103\335" , (PRUint32)747 } }; -static const NSSItem nss_builtins_items_39 [] = { +static const NSSItem nss_builtins_items_37 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3071,7 +2991,7 @@ static const NSSItem nss_builtins_items_39 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_40 [] = { +static const NSSItem nss_builtins_items_38 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3156,7 +3076,7 @@ static const NSSItem nss_builtins_items_40 [] = { "\040\017\105\176\153\242\177\243\214\025\356" , (PRUint32)747 } }; -static const NSSItem nss_builtins_items_41 [] = { +static const NSSItem nss_builtins_items_39 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3187,7 +3107,7 @@ static const NSSItem nss_builtins_items_41 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_42 [] = { +static const NSSItem nss_builtins_items_40 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3294,7 +3214,7 @@ static const NSSItem nss_builtins_items_42 [] = { "\113\336\006\226\161\054\362\333\266\037\244\357\077\356" , (PRUint32)1054 } }; -static const NSSItem nss_builtins_items_43 [] = { +static const NSSItem nss_builtins_items_41 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3327,7 +3247,7 @@ static const NSSItem nss_builtins_items_43 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_44 [] = { +static const NSSItem nss_builtins_items_42 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3434,7 +3354,7 @@ static const NSSItem nss_builtins_items_44 [] = { "\311\130\020\371\252\357\132\266\317\113\113\337\052" , (PRUint32)1053 } }; -static const NSSItem nss_builtins_items_45 [] = { +static const NSSItem nss_builtins_items_43 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3467,7 +3387,7 @@ static const NSSItem nss_builtins_items_45 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_46 [] = { +static const NSSItem nss_builtins_items_44 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3574,7 +3494,7 @@ static const NSSItem nss_builtins_items_46 [] = { "\153\271\012\172\116\117\113\204\356\113\361\175\335\021" , (PRUint32)1054 } }; -static const NSSItem nss_builtins_items_47 [] = { +static const NSSItem nss_builtins_items_45 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3607,7 +3527,7 @@ static const NSSItem nss_builtins_items_47 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_48 [] = { +static const NSSItem nss_builtins_items_46 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3714,7 +3634,7 @@ static const NSSItem nss_builtins_items_48 [] = { "\367\146\103\363\236\203\076\040\252\303\065\140\221\316" , (PRUint32)1054 } }; -static const NSSItem nss_builtins_items_49 [] = { +static const NSSItem nss_builtins_items_47 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3747,7 +3667,7 @@ static const NSSItem nss_builtins_items_49 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_50 [] = { +static const NSSItem nss_builtins_items_48 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3865,7 +3785,7 @@ static const NSSItem nss_builtins_items_50 [] = { "\155\055\105\013\367\012\223\352\355\006\371\262" , (PRUint32)1244 } }; -static const NSSItem nss_builtins_items_51 [] = { +static const NSSItem nss_builtins_items_49 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3897,7 +3817,7 @@ static const NSSItem nss_builtins_items_51 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_52 [] = { +static const NSSItem nss_builtins_items_50 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4017,7 +3937,7 @@ static const NSSItem nss_builtins_items_52 [] = { "\354" , (PRUint32)1265 } }; -static const NSSItem nss_builtins_items_53 [] = { +static const NSSItem nss_builtins_items_51 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4049,7 +3969,7 @@ static const NSSItem nss_builtins_items_53 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_54 [] = { +static const NSSItem nss_builtins_items_52 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4157,7 +4077,7 @@ static const NSSItem nss_builtins_items_54 [] = { "\275\114\105\236\141\272\277\204\201\222\003\321\322\151\174\305" , (PRUint32)1120 } }; -static const NSSItem nss_builtins_items_55 [] = { +static const NSSItem nss_builtins_items_53 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4188,7 +4108,7 @@ static const NSSItem nss_builtins_items_55 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_56 [] = { +static const NSSItem nss_builtins_items_54 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4270,7 +4190,7 @@ static const NSSItem nss_builtins_items_56 [] = { "\347\201\035\031\303\044\102\352\143\071\251" , (PRUint32)891 } }; -static const NSSItem nss_builtins_items_57 [] = { +static const NSSItem nss_builtins_items_55 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4295,7 +4215,7 @@ static const NSSItem nss_builtins_items_57 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_58 [] = { +static const NSSItem nss_builtins_items_56 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4363,7 +4283,7 @@ static const NSSItem nss_builtins_items_58 [] = { "\126\224\251\125" , (PRUint32)660 } }; -static const NSSItem nss_builtins_items_59 [] = { +static const NSSItem nss_builtins_items_57 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4388,7 +4308,7 @@ static const NSSItem nss_builtins_items_59 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_60 [] = { +static const NSSItem nss_builtins_items_58 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4455,7 +4375,7 @@ static const NSSItem nss_builtins_items_60 [] = { "\132\052\202\262\067\171" , (PRUint32)646 } }; -static const NSSItem nss_builtins_items_61 [] = { +static const NSSItem nss_builtins_items_59 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4480,7 +4400,7 @@ static const NSSItem nss_builtins_items_61 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_62 [] = { +static const NSSItem nss_builtins_items_60 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4555,7 +4475,7 @@ static const NSSItem nss_builtins_items_62 [] = { "\221\060\352\315" , (PRUint32)804 } }; -static const NSSItem nss_builtins_items_63 [] = { +static const NSSItem nss_builtins_items_61 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4579,141 +4499,7 @@ static const NSSItem nss_builtins_items_63 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_64 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA", (PRUint32)18 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061" -"\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123" -"\124\145\144\061\033\060\031\006\003\125\004\003\023\022\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\163" -"\061\032\060\030\006\003\125\004\003\023\021\142\145\124\122\125" -"\123\124\145\144\040\122\157\157\164\040\103\101" -, (PRUint32)92 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061" -"\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123" -"\124\145\144\061\033\060\031\006\003\125\004\003\023\022\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\163" -"\061\032\060\030\006\003\125\004\003\023\021\142\145\124\122\125" -"\123\124\145\144\040\122\157\157\164\040\103\101" -, (PRUint32)92 }, - { (void *)"\002\004\071\117\175\207" -, (PRUint32)6 }, - { (void *)"\060\202\005\054\060\202\004\024\240\003\002\001\002\002\004\071" -"\117\175\207\060\015\006\011\052\206\110\206\367\015\001\001\005" -"\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\127" -"\127\061\022\060\020\006\003\125\004\012\023\011\142\145\124\122" -"\125\123\124\145\144\061\033\060\031\006\003\125\004\003\023\022" -"\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103" -"\101\163\061\032\060\030\006\003\125\004\003\023\021\142\145\124" -"\122\125\123\124\145\144\040\122\157\157\164\040\103\101\060\036" -"\027\015\060\060\060\066\062\060\061\064\062\061\060\064\132\027" -"\015\061\060\060\066\062\060\061\063\062\061\060\064\132\060\132" -"\061\013\060\011\006\003\125\004\006\023\002\127\127\061\022\060" -"\020\006\003\125\004\012\023\011\142\145\124\122\125\123\124\145" -"\144\061\033\060\031\006\003\125\004\003\023\022\142\145\124\122" -"\125\123\124\145\144\040\122\157\157\164\040\103\101\163\061\032" -"\060\030\006\003\125\004\003\023\021\142\145\124\122\125\123\124" -"\145\144\040\122\157\157\164\040\103\101\060\202\001\042\060\015" -"\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001" -"\017\000\060\202\001\012\002\202\001\001\000\324\264\163\172\023" -"\012\070\125\001\276\211\126\341\224\236\324\276\132\353\112\064" -"\165\033\141\051\304\341\255\010\140\041\170\110\377\264\320\372" -"\136\101\215\141\104\207\350\355\311\130\372\374\223\232\337\117" -"\352\076\065\175\370\063\172\346\361\327\315\157\111\113\075\117" -"\055\156\016\203\072\030\170\167\243\317\347\364\115\163\330\232" -"\073\032\035\276\225\123\317\040\227\302\317\076\044\122\154\014" -"\216\145\131\305\161\377\142\011\217\252\305\217\314\140\240\163" -"\112\327\070\077\025\162\277\242\227\267\160\350\257\342\176\026" -"\006\114\365\252\144\046\162\007\045\255\065\374\030\261\046\327" -"\330\377\031\016\203\033\214\334\170\105\147\064\075\364\257\034" -"\215\344\155\153\355\040\263\147\232\264\141\313\027\157\211\065" -"\377\347\116\300\062\022\347\356\354\337\377\227\060\164\355\215" -"\107\216\353\264\303\104\346\247\114\177\126\103\350\270\274\266" -"\276\372\203\227\346\273\373\304\266\223\276\031\030\076\214\201" -"\271\163\210\026\364\226\103\234\147\163\027\220\330\011\156\143" -"\254\112\266\043\304\001\241\255\244\344\305\002\003\001\000\001" -"\243\202\001\370\060\202\001\364\060\017\006\003\125\035\023\001" -"\001\377\004\005\060\003\001\001\377\060\202\001\131\006\003\125" -"\035\040\004\202\001\120\060\202\001\114\060\202\001\110\006\012" -"\053\006\001\004\001\261\076\001\000\000\060\202\001\070\060\202" -"\001\001\006\010\053\006\001\005\005\007\002\002\060\201\364\032" -"\201\361\122\145\154\151\141\156\143\145\040\157\156\040\164\150" -"\151\163\040\143\145\162\164\151\146\151\143\141\164\145\040\142" -"\171\040\141\156\171\040\160\141\162\164\171\040\141\163\163\165" -"\155\145\163\040\141\143\143\145\160\164\141\156\143\145\040\157" -"\146\040\164\150\145\040\164\150\145\156\040\141\160\160\154\151" -"\143\141\142\154\145\040\163\164\141\156\144\141\162\144\040\164" -"\145\162\155\163\040\141\156\144\040\143\157\156\144\151\164\151" -"\157\156\163\040\157\146\040\165\163\145\054\040\141\156\144\040" -"\143\145\162\164\151\146\151\143\141\164\151\157\156\040\160\162" -"\141\143\164\151\143\145\040\163\164\141\164\145\155\145\156\164" -"\054\040\167\150\151\143\150\040\143\141\156\040\142\145\040\146" -"\157\165\156\144\040\141\164\040\142\145\124\122\125\123\124\145" -"\144\047\163\040\167\145\142\040\163\151\164\145\054\040\150\164" -"\164\160\163\072\057\057\167\167\167\056\142\145\124\122\125\123" -"\124\145\144\056\143\157\155\057\166\141\165\154\164\057\164\145" -"\162\155\163\060\061\006\010\053\006\001\005\005\007\002\001\026" -"\045\150\164\164\160\163\072\057\057\167\167\167\056\142\145\124" -"\122\125\123\124\145\144\056\143\157\155\057\166\141\165\154\164" -"\057\164\145\162\155\163\060\064\006\003\125\035\037\004\055\060" -"\053\060\051\240\047\240\045\244\043\060\041\061\022\060\020\006" -"\003\125\004\012\023\011\142\145\124\122\125\123\124\145\144\061" -"\013\060\011\006\003\125\004\006\023\002\127\127\060\035\006\003" -"\125\035\016\004\026\004\024\052\271\233\151\056\073\233\330\315" -"\336\052\061\004\064\153\312\007\030\253\147\060\037\006\003\125" -"\035\043\004\030\060\026\200\024\052\271\233\151\056\073\233\330" -"\315\336\052\061\004\064\153\312\007\030\253\147\060\016\006\003" -"\125\035\017\001\001\377\004\004\003\002\001\376\060\015\006\011" -"\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000" -"\171\141\333\243\136\156\026\261\352\166\121\371\313\025\233\313" -"\151\276\346\201\153\237\050\037\145\076\335\021\205\222\324\350" -"\101\277\176\063\275\043\347\361\040\277\244\264\246\031\001\306" -"\214\215\065\174\145\244\117\011\244\326\330\043\025\005\023\247" -"\103\171\257\333\243\016\233\173\170\032\363\004\206\132\306\366" -"\214\040\107\070\111\120\006\235\162\147\072\360\230\003\255\226" -"\147\104\374\077\020\015\206\115\344\000\073\051\173\316\073\073" -"\231\206\141\045\100\204\334\023\142\267\372\312\131\326\003\036" -"\326\123\001\315\155\114\150\125\100\341\356\153\307\052\000\000" -"\110\202\263\012\001\303\140\052\014\367\202\065\356\110\206\226" -"\344\164\324\075\352\001\161\272\004\165\100\247\251\177\071\071" -"\232\125\227\051\145\256\031\125\045\005\162\107\323\350\030\334" -"\270\351\257\103\163\001\022\164\243\341\134\137\025\135\044\363" -"\371\344\364\266\147\147\022\347\144\042\212\366\245\101\246\034" -"\266\140\143\105\212\020\264\272\106\020\256\101\127\145\154\077" -"\043\020\077\041\020\131\267\344\100\335\046\014\043\366\252\256" -, (PRUint32)1328 } -}; -static const NSSItem nss_builtins_items_65 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA", (PRUint32)18 }, - { (void *)"\133\315\315\314\146\366\334\344\104\037\343\175\134\303\023\114" -"\106\364\160\070" -, (PRUint32)20 }, - { (void *)"\205\312\166\132\033\321\150\042\334\242\043\022\312\306\200\064" -, (PRUint32)16 }, - { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061" -"\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123" -"\124\145\144\061\033\060\031\006\003\125\004\003\023\022\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\163" -"\061\032\060\030\006\003\125\004\003\023\021\142\145\124\122\125" -"\123\124\145\144\040\122\157\157\164\040\103\101" -, (PRUint32)92 }, - { (void *)"\002\004\071\117\175\207" -, (PRUint32)6 }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_66 [] = { +static const NSSItem nss_builtins_items_62 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4807,7 +4593,7 @@ static const NSSItem nss_builtins_items_66 [] = { "\065\341\035\026\034\320\274\053\216\326\161\331" , (PRUint32)1052 } }; -static const NSSItem nss_builtins_items_67 [] = { +static const NSSItem nss_builtins_items_63 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4833,7 +4619,7 @@ static const NSSItem nss_builtins_items_67 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_68 [] = { +static const NSSItem nss_builtins_items_64 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4931,7 +4717,7 @@ static const NSSItem nss_builtins_items_68 [] = { "\027\132\173\320\274\307\217\116\206\004" , (PRUint32)1082 } }; -static const NSSItem nss_builtins_items_69 [] = { +static const NSSItem nss_builtins_items_65 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4958,7 +4744,7 @@ static const NSSItem nss_builtins_items_69 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_70 [] = { +static const NSSItem nss_builtins_items_66 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5052,7 +4838,7 @@ static const NSSItem nss_builtins_items_70 [] = { "\116\072\063\014\053\263\055\220\006" , (PRUint32)1049 } }; -static const NSSItem nss_builtins_items_71 [] = { +static const NSSItem nss_builtins_items_67 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5078,7 +4864,7 @@ static const NSSItem nss_builtins_items_71 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_72 [] = { +static const NSSItem nss_builtins_items_68 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5102,8 +4888,8 @@ static const NSSItem nss_builtins_items_72 [] = { "\144\144\124\162\165\163\164\040\121\165\141\154\151\146\151\145" "\144\040\103\101\040\122\157\157\164" , (PRUint32)105 }, - { (void *)"\001" -, (PRUint32)1 }, + { (void *)"\002\001\001" +, (PRUint32)3 }, { (void *)"\060\202\004\036\060\202\003\006\240\003\002\001\002\002\001\001" "\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060" "\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024" @@ -5173,7 +4959,7 @@ static const NSSItem nss_builtins_items_72 [] = { "\306\241" , (PRUint32)1058 } }; -static const NSSItem nss_builtins_items_73 [] = { +static const NSSItem nss_builtins_items_69 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5199,7 +4985,7 @@ static const NSSItem nss_builtins_items_73 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_74 [] = { +static const NSSItem nss_builtins_items_70 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5274,7 +5060,7 @@ static const NSSItem nss_builtins_items_74 [] = { "\011\254\211\111\323" , (PRUint32)677 } }; -static const NSSItem nss_builtins_items_75 [] = { +static const NSSItem nss_builtins_items_71 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5302,7 +5088,7 @@ static const NSSItem nss_builtins_items_75 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_76 [] = { +static const NSSItem nss_builtins_items_72 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5414,7 +5200,7 @@ static const NSSItem nss_builtins_items_76 [] = { "\005\377\154\211\063\360\354\025\017" , (PRUint32)1177 } }; -static const NSSItem nss_builtins_items_77 [] = { +static const NSSItem nss_builtins_items_73 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5445,7 +5231,7 @@ static const NSSItem nss_builtins_items_77 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_78 [] = { +static const NSSItem nss_builtins_items_74 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5556,7 +5342,7 @@ static const NSSItem nss_builtins_items_78 [] = { "\316\145\146\227\256\046\136" , (PRUint32)1159 } }; -static const NSSItem nss_builtins_items_79 [] = { +static const NSSItem nss_builtins_items_75 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5587,7 +5373,7 @@ static const NSSItem nss_builtins_items_79 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_80 [] = { +static const NSSItem nss_builtins_items_76 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5699,7 +5485,7 @@ static const NSSItem nss_builtins_items_80 [] = { "\036\177\132\264\074" , (PRUint32)1173 } }; -static const NSSItem nss_builtins_items_81 [] = { +static const NSSItem nss_builtins_items_77 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5730,7 +5516,7 @@ static const NSSItem nss_builtins_items_81 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_82 [] = { +static const NSSItem nss_builtins_items_78 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5825,7 +5611,7 @@ static const NSSItem nss_builtins_items_82 [] = { "\071\050\150\016\163\335\045\232\336\022" , (PRUint32)1002 } }; -static const NSSItem nss_builtins_items_83 [] = { +static const NSSItem nss_builtins_items_79 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5853,7 +5639,7 @@ static const NSSItem nss_builtins_items_83 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_84 [] = { +static const NSSItem nss_builtins_items_80 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5980,7 +5766,7 @@ static const NSSItem nss_builtins_items_84 [] = { "\204\327\372\334\162\133\367\301\072\150" , (PRUint32)1514 } }; -static const NSSItem nss_builtins_items_85 [] = { +static const NSSItem nss_builtins_items_81 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6008,447 +5794,7 @@ static const NSSItem nss_builtins_items_85 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_86 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA-Baltimore Implementation", (PRUint32)43 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055" -"\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155" -"\145\156\164\141\164\151\157\156" -, (PRUint32)104 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055" -"\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155" -"\145\156\164\141\164\151\157\156" -, (PRUint32)104 }, - { (void *)"\002\004\074\265\075\106" -, (PRUint32)6 }, - { (void *)"\060\202\005\152\060\202\004\122\240\003\002\001\002\002\004\074" -"\265\075\106\060\015\006\011\052\206\110\206\367\015\001\001\005" -"\005\000\060\146\061\022\060\020\006\003\125\004\012\023\011\142" -"\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125\004" -"\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157\157" -"\164\040\103\101\163\061\063\060\061\006\003\125\004\003\023\052" -"\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103" -"\101\055\102\141\154\164\151\155\157\162\145\040\111\155\160\154" -"\145\155\145\156\164\141\164\151\157\156\060\036\027\015\060\062" -"\060\064\061\061\060\067\063\070\065\061\132\027\015\062\062\060" -"\064\061\061\060\067\063\070\065\061\132\060\146\061\022\060\020" -"\006\003\125\004\012\023\011\142\145\124\122\125\123\124\145\144" -"\061\033\060\031\006\003\125\004\013\023\022\142\145\124\122\125" -"\123\124\145\144\040\122\157\157\164\040\103\101\163\061\063\060" -"\061\006\003\125\004\003\023\052\142\145\124\122\125\123\124\145" -"\144\040\122\157\157\164\040\103\101\055\102\141\154\164\151\155" -"\157\162\145\040\111\155\160\154\145\155\145\156\164\141\164\151" -"\157\156\060\202\001\042\060\015\006\011\052\206\110\206\367\015" -"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202" -"\001\001\000\274\176\304\071\234\214\343\326\034\206\377\312\142" -"\255\340\177\060\105\172\216\032\263\270\307\371\321\066\377\042" -"\363\116\152\137\204\020\373\146\201\303\224\171\061\322\221\341" -"\167\216\030\052\303\024\336\121\365\117\243\053\274\030\026\342" -"\265\335\171\336\042\370\202\176\313\201\037\375\047\054\217\372" -"\227\144\042\216\370\377\141\243\234\033\036\222\217\300\250\011" -"\337\011\021\354\267\175\061\232\032\352\203\041\006\074\237\272" -"\134\377\224\352\152\270\303\153\125\064\117\075\062\037\335\201" -"\024\340\304\074\315\235\060\370\060\251\227\323\356\314\243\320" -"\037\137\034\023\201\324\030\253\224\321\143\303\236\177\065\222" -"\236\137\104\352\354\364\042\134\267\350\075\175\244\371\211\251" -"\221\262\052\331\353\063\207\356\245\375\343\332\314\210\346\211" -"\046\156\307\053\202\320\136\235\131\333\024\354\221\203\005\303" -"\136\016\306\052\320\004\335\161\075\040\116\130\047\374\123\373" -"\170\170\031\024\262\374\220\122\211\070\142\140\007\264\240\354" -"\254\153\120\326\375\271\050\153\357\122\055\072\262\377\361\001" -"\100\254\067\002\003\001\000\001\243\202\002\036\060\202\002\032" -"\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001" -"\377\060\202\001\265\006\003\125\035\040\004\202\001\254\060\202" -"\001\250\060\202\001\244\006\017\053\006\001\004\001\261\076\000" -"\000\001\011\050\203\221\061\060\202\001\217\060\202\001\110\006" -"\010\053\006\001\005\005\007\002\002\060\202\001\072\032\202\001" -"\066\122\145\154\151\141\156\143\145\040\157\156\040\157\162\040" -"\165\163\145\040\157\146\040\164\150\151\163\040\103\145\162\164" -"\151\146\151\143\141\164\145\040\143\162\145\141\164\145\163\040" -"\141\156\040\141\143\153\156\157\167\154\145\144\147\155\145\156" -"\164\040\141\156\144\040\141\143\143\145\160\164\141\156\143\145" -"\040\157\146\040\164\150\145\040\164\150\145\156\040\141\160\160" -"\154\151\143\141\142\154\145\040\163\164\141\156\144\141\162\144" -"\040\164\145\162\155\163\040\141\156\144\040\143\157\156\144\151" -"\164\151\157\156\163\040\157\146\040\165\163\145\054\040\164\150" -"\145\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040" -"\120\162\141\143\164\151\143\145\040\123\164\141\164\145\155\145" -"\156\164\040\141\156\144\040\164\150\145\040\122\145\154\171\151" -"\156\147\040\120\141\162\164\171\040\101\147\162\145\145\155\145" -"\156\164\054\040\167\150\151\143\150\040\143\141\156\040\142\145" -"\040\146\157\165\156\144\040\141\164\040\164\150\145\040\142\145" -"\124\122\125\123\124\145\144\040\167\145\142\040\163\151\164\145" -"\054\040\150\164\164\160\072\057\057\167\167\167\056\142\145\164" -"\162\165\163\164\145\144\056\143\157\155\057\160\162\157\144\165" -"\143\164\163\137\163\145\162\166\151\143\145\163\057\151\156\144" -"\145\170\056\150\164\155\154\060\101\006\010\053\006\001\005\005" -"\007\002\001\026\065\150\164\164\160\072\057\057\167\167\167\056" -"\142\145\164\162\165\163\164\145\144\056\143\157\155\057\160\162" -"\157\144\165\143\164\163\137\163\145\162\166\151\143\145\163\057" -"\151\156\144\145\170\056\150\164\155\154\060\035\006\003\125\035" -"\016\004\026\004\024\105\075\303\251\321\334\077\044\126\230\034" -"\163\030\210\152\377\203\107\355\266\060\037\006\003\125\035\043" -"\004\030\060\026\200\024\105\075\303\251\321\334\077\044\126\230" -"\034\163\030\210\152\377\203\107\355\266\060\016\006\003\125\035" -"\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206" -"\110\206\367\015\001\001\005\005\000\003\202\001\001\000\111\222" -"\274\243\356\254\275\372\015\311\213\171\206\034\043\166\260\200" -"\131\167\374\332\177\264\113\337\303\144\113\152\116\016\255\362" -"\175\131\167\005\255\012\211\163\260\372\274\313\334\215\000\210" -"\217\246\240\262\352\254\122\047\277\241\110\174\227\020\173\272" -"\355\023\035\232\007\156\313\061\142\022\350\143\003\252\175\155" -"\343\370\033\166\041\170\033\237\113\103\214\323\111\206\366\033" -"\134\366\056\140\025\323\351\343\173\165\077\320\002\203\320\030" -"\202\101\315\145\067\352\216\062\176\275\153\231\135\060\021\310" -"\333\110\124\034\073\341\247\023\323\152\110\223\367\075\214\177" -"\005\350\316\363\210\052\143\004\270\352\176\130\174\001\173\133" -"\341\305\175\357\041\340\215\016\135\121\175\261\147\375\243\275" -"\070\066\306\362\070\206\207\032\226\150\140\106\373\050\024\107" -"\125\341\247\200\014\153\342\352\337\115\174\220\110\240\066\275" -"\011\027\211\177\303\362\323\234\234\343\335\304\033\335\365\267" -"\161\263\123\005\211\006\320\313\112\200\301\310\123\220\265\074" -"\061\210\027\120\237\311\304\016\213\330\250\002\143\015" -, (PRUint32)1390 } -}; -static const NSSItem nss_builtins_items_87 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA-Baltimore Implementation", (PRUint32)43 }, - { (void *)"\334\273\236\267\031\113\304\162\005\301\021\165\051\206\203\133" -"\123\312\344\370" -, (PRUint32)20 }, - { (void *)"\201\065\271\373\373\022\312\030\151\066\353\256\151\170\241\361" -, (PRUint32)16 }, - { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055" -"\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155" -"\145\156\164\141\164\151\157\156" -, (PRUint32)104 }, - { (void *)"\002\004\074\265\075\106" -, (PRUint32)6 }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_88 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA - Entrust Implementation", (PRUint32)43 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" -"\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155" -"\145\156\164\141\164\151\157\156" -, (PRUint32)104 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" -"\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155" -"\145\156\164\141\164\151\157\156" -, (PRUint32)104 }, - { (void *)"\002\004\074\265\117\100" -, (PRUint32)6 }, - { (void *)"\060\202\006\121\060\202\005\071\240\003\002\001\002\002\004\074" -"\265\117\100\060\015\006\011\052\206\110\206\367\015\001\001\005" -"\005\000\060\146\061\022\060\020\006\003\125\004\012\023\011\142" -"\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125\004" -"\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157\157" -"\164\040\103\101\163\061\063\060\061\006\003\125\004\003\023\052" -"\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103" -"\101\040\055\040\105\156\164\162\165\163\164\040\111\155\160\154" -"\145\155\145\156\164\141\164\151\157\156\060\036\027\015\060\062" -"\060\064\061\061\060\070\062\064\062\067\132\027\015\062\062\060" -"\064\061\061\060\070\065\064\062\067\132\060\146\061\022\060\020" -"\006\003\125\004\012\023\011\142\145\124\122\125\123\124\145\144" -"\061\033\060\031\006\003\125\004\013\023\022\142\145\124\122\125" -"\123\124\145\144\040\122\157\157\164\040\103\101\163\061\063\060" -"\061\006\003\125\004\003\023\052\142\145\124\122\125\123\124\145" -"\144\040\122\157\157\164\040\103\101\040\055\040\105\156\164\162" -"\165\163\164\040\111\155\160\154\145\155\145\156\164\141\164\151" -"\157\156\060\202\001\042\060\015\006\011\052\206\110\206\367\015" -"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202" -"\001\001\000\272\364\104\003\252\022\152\265\103\354\125\222\266" -"\060\175\065\127\014\333\363\015\047\156\114\367\120\250\233\116" -"\053\157\333\365\255\034\113\135\263\251\301\376\173\104\353\133" -"\243\005\015\037\305\064\053\060\000\051\361\170\100\262\244\377" -"\072\364\001\210\027\176\346\324\046\323\272\114\352\062\373\103" -"\167\227\207\043\305\333\103\243\365\052\243\121\136\341\073\322" -"\145\151\176\125\025\233\172\347\151\367\104\340\127\265\025\350" -"\146\140\017\015\003\373\202\216\243\350\021\173\154\276\307\143" -"\016\027\223\337\317\113\256\156\163\165\340\363\252\271\244\300" -"\011\033\205\352\161\051\210\101\062\371\360\052\016\154\011\362" -"\164\153\146\154\122\023\037\030\274\324\076\367\330\156\040\236" -"\312\376\374\041\224\356\023\050\113\327\134\136\014\146\356\351" -"\273\017\301\064\261\177\010\166\363\075\046\160\311\213\045\035" -"\142\044\014\352\034\165\116\300\022\344\272\023\035\060\051\055" -"\126\063\005\273\227\131\176\306\111\117\211\327\057\044\250\266" -"\210\100\265\144\222\123\126\044\344\242\240\205\263\136\220\264" -"\022\063\315\002\003\001\000\001\243\202\003\005\060\202\003\001" -"\060\202\001\267\006\003\125\035\040\004\202\001\256\060\202\001" -"\252\060\202\001\246\006\017\053\006\001\004\001\261\076\000\000" -"\002\011\050\203\221\061\060\202\001\221\060\202\001\111\006\010" -"\053\006\001\005\005\007\002\002\060\202\001\073\032\202\001\067" -"\122\145\154\151\141\156\143\145\040\157\156\040\157\162\040\165" -"\163\145\040\157\146\040\164\150\151\163\040\103\145\162\164\151" -"\146\151\143\141\164\145\040\143\162\145\141\164\145\163\040\141" -"\156\040\141\143\153\156\157\167\154\145\144\147\155\145\156\164" -"\040\141\156\144\040\141\143\143\145\160\164\141\156\143\145\040" -"\157\146\040\164\150\145\040\164\150\145\156\040\141\160\160\154" -"\151\143\141\142\154\145\040\163\164\141\156\144\141\162\144\040" -"\164\145\162\155\163\040\141\156\144\040\143\157\156\144\151\164" -"\151\157\156\163\040\157\146\040\165\163\145\054\040\164\150\145" -"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\120" -"\162\141\143\164\151\143\145\040\123\164\141\164\145\155\145\156" -"\164\040\141\156\144\040\164\150\145\040\122\145\154\171\151\156" -"\147\040\120\141\162\164\171\040\101\147\162\145\145\155\145\156" -"\164\054\040\167\150\151\143\150\040\143\141\156\040\142\145\040" -"\146\157\165\156\144\040\141\164\040\164\150\145\040\142\145\124" -"\122\125\123\124\145\144\040\167\145\142\040\163\151\164\145\054" -"\040\150\164\164\160\163\072\057\057\167\167\167\056\142\145\164" -"\162\165\163\164\145\144\056\143\157\155\057\160\162\157\144\165" -"\143\164\163\137\163\145\162\166\151\143\145\163\057\151\156\144" -"\145\170\056\150\164\155\154\060\102\006\010\053\006\001\005\005" -"\007\002\001\026\066\150\164\164\160\163\072\057\057\167\167\167" -"\056\142\145\164\162\165\163\164\145\144\056\143\157\155\057\160" -"\162\157\144\165\143\164\163\137\163\145\162\166\151\143\145\163" -"\057\151\156\144\145\170\056\150\164\155\154\060\021\006\011\140" -"\206\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201" -"\211\006\003\125\035\037\004\201\201\060\177\060\175\240\173\240" -"\171\244\167\060\165\061\022\060\020\006\003\125\004\012\023\011" -"\142\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125" -"\004\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157" -"\157\164\040\103\101\163\061\063\060\061\006\003\125\004\003\023" -"\052\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\040\055\040\105\156\164\162\165\163\164\040\111\155\160" -"\154\145\155\145\156\164\141\164\151\157\156\061\015\060\013\006" -"\003\125\004\003\023\004\103\122\114\061\060\053\006\003\125\035" -"\020\004\044\060\042\200\017\062\060\060\062\060\064\061\061\060" -"\070\062\064\062\067\132\201\017\062\060\062\062\060\064\061\061" -"\060\070\065\064\062\067\132\060\013\006\003\125\035\017\004\004" -"\003\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200" -"\024\175\160\345\256\070\213\006\077\252\034\032\217\371\317\044" -"\060\252\204\204\026\060\035\006\003\125\035\016\004\026\004\024" -"\175\160\345\256\070\213\006\077\252\034\032\217\371\317\044\060" -"\252\204\204\026\060\014\006\003\125\035\023\004\005\060\003\001" -"\001\377\060\035\006\011\052\206\110\206\366\175\007\101\000\004" -"\020\060\016\033\010\126\066\056\060\072\064\056\060\003\002\004" -"\220\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000" -"\003\202\001\001\000\052\270\027\316\037\020\224\353\270\232\267" -"\271\137\354\332\367\222\044\254\334\222\073\307\040\215\362\231" -"\345\135\070\241\302\064\355\305\023\131\134\005\265\053\117\141" -"\233\221\373\101\374\374\325\074\115\230\166\006\365\201\175\353" -"\335\220\346\321\126\124\332\343\055\014\237\021\062\224\042\001" -"\172\366\154\054\164\147\004\314\245\217\216\054\263\103\265\224" -"\242\320\175\351\142\177\006\276\047\001\203\236\072\375\212\356" -"\230\103\112\153\327\265\227\073\072\277\117\155\264\143\372\063" -"\000\064\056\055\155\226\311\173\312\231\143\272\276\364\366\060" -"\240\055\230\226\351\126\104\005\251\104\243\141\020\353\202\241" -"\147\135\274\135\047\165\252\212\050\066\052\070\222\331\335\244" -"\136\000\245\314\314\174\051\052\336\050\220\253\267\341\266\377" -"\175\045\013\100\330\252\064\243\055\336\007\353\137\316\012\335" -"\312\176\072\175\046\301\142\150\072\346\057\067\363\201\206\041" -"\304\251\144\252\357\105\066\321\032\146\174\370\351\067\326\326" -"\141\276\242\255\110\347\337\346\164\376\323\155\175\322\045\334" -"\254\142\127\251\367" -, (PRUint32)1621 } -}; -static const NSSItem nss_builtins_items_89 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA - Entrust Implementation", (PRUint32)43 }, - { (void *)"\162\231\171\023\354\233\015\256\145\321\266\327\262\112\166\243" -"\256\302\356\026" -, (PRUint32)20 }, - { (void *)"\175\206\220\217\133\361\362\100\300\367\075\142\265\244\251\073" -, (PRUint32)16 }, - { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" -"\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155" -"\145\156\164\141\164\151\157\156" -, (PRUint32)104 }, - { (void *)"\002\004\074\265\117\100" -, (PRUint32)6 }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_90 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA - RSA Implementation", (PRUint32)39 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" -"\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141" -"\164\151\157\156" -, (PRUint32)100 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" -"\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141" -"\164\151\157\156" -, (PRUint32)100 }, - { (void *)"\002\020\073\131\307\173\315\133\127\236\275\067\122\254\166\264" -"\252\032" -, (PRUint32)18 }, - { (void *)"\060\202\005\150\060\202\004\120\240\003\002\001\002\002\020\073" -"\131\307\173\315\133\127\236\275\067\122\254\166\264\252\032\060" -"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\142" -"\061\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125" -"\123\124\145\144\061\033\060\031\006\003\125\004\013\023\022\142" -"\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101" -"\163\061\057\060\055\006\003\125\004\003\023\046\142\145\124\122" -"\125\123\124\145\144\040\122\157\157\164\040\103\101\040\055\040" -"\122\123\101\040\111\155\160\154\145\155\145\156\164\141\164\151" -"\157\156\060\036\027\015\060\062\060\064\061\061\061\061\061\070" -"\061\063\132\027\015\062\062\060\064\061\062\061\061\060\067\062" -"\065\132\060\142\061\022\060\020\006\003\125\004\012\023\011\142" -"\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125\004" -"\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157\157" -"\164\040\103\101\163\061\057\060\055\006\003\125\004\003\023\046" -"\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103" -"\101\040\055\040\122\123\101\040\111\155\160\154\145\155\145\156" -"\164\141\164\151\157\156\060\202\001\042\060\015\006\011\052\206" -"\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202" -"\001\012\002\202\001\001\000\344\272\064\060\011\216\127\320\271" -"\006\054\157\156\044\200\042\277\135\103\246\372\117\254\202\347" -"\034\150\160\205\033\243\156\265\252\170\331\156\007\113\077\351" -"\337\365\352\350\124\241\141\212\016\057\151\165\030\267\014\345" -"\024\215\161\156\230\270\125\374\014\225\320\233\156\341\055\210" -"\324\072\100\153\222\361\231\226\144\336\333\377\170\364\356\226" -"\035\107\211\174\324\276\271\210\167\043\072\011\346\004\236\155" -"\252\136\322\310\275\232\116\031\337\211\352\133\016\176\303\344" -"\264\360\340\151\073\210\017\101\220\370\324\161\103\044\301\217" -"\046\113\073\126\351\377\214\154\067\351\105\255\205\214\123\303" -"\140\206\220\112\226\311\263\124\260\273\027\360\034\105\331\324" -"\033\031\144\126\012\031\367\314\341\377\206\257\176\130\136\254" -"\172\220\037\311\050\071\105\173\242\266\307\234\037\332\205\324" -"\041\206\131\060\223\276\123\063\067\366\357\101\317\063\307\253" -"\162\153\045\365\363\123\033\014\114\056\361\165\113\357\240\207" -"\367\376\212\025\320\154\325\313\371\150\123\271\160\025\023\302" -"\365\056\373\103\065\165\055\002\003\001\000\001\243\202\002\030" -"\060\202\002\024\060\014\006\003\125\035\023\004\005\060\003\001" -"\001\377\060\202\001\265\006\003\125\035\040\004\202\001\254\060" -"\202\001\250\060\202\001\244\006\017\053\006\001\004\001\261\076" -"\000\000\003\011\050\203\221\061\060\202\001\217\060\101\006\010" -"\053\006\001\005\005\007\002\001\026\065\150\164\164\160\072\057" -"\057\167\167\167\056\142\145\164\162\165\163\164\145\144\056\143" -"\157\155\057\160\162\157\144\165\143\164\163\137\163\145\162\166" -"\151\143\145\163\057\151\156\144\145\170\056\150\164\155\154\060" -"\202\001\110\006\010\053\006\001\005\005\007\002\002\060\202\001" -"\072\032\202\001\066\122\145\154\151\141\156\143\145\040\157\156" -"\040\157\162\040\165\163\145\040\157\146\040\164\150\151\163\040" -"\103\145\162\164\151\146\151\143\141\164\145\040\143\162\145\141" -"\164\145\163\040\141\156\040\141\143\153\156\157\167\154\145\144" -"\147\155\145\156\164\040\141\156\144\040\141\143\143\145\160\164" -"\141\156\143\145\040\157\146\040\164\150\145\040\164\150\145\156" -"\040\141\160\160\154\151\143\141\142\154\145\040\163\164\141\156" -"\144\141\162\144\040\164\145\162\155\163\040\141\156\144\040\143" -"\157\156\144\151\164\151\157\156\163\040\157\146\040\165\163\145" -"\054\040\164\150\145\040\103\145\162\164\151\146\151\143\141\164" -"\151\157\156\040\120\162\141\143\164\151\143\145\040\123\164\141" -"\164\145\155\145\156\164\040\141\156\144\040\164\150\145\040\122" -"\145\154\171\151\156\147\040\120\141\162\164\171\040\101\147\162" -"\145\145\155\145\156\164\054\040\167\150\151\143\150\040\143\141" -"\156\040\142\145\040\146\157\165\156\144\040\141\164\040\164\150" -"\145\040\142\145\124\122\125\123\124\145\144\040\167\145\142\040" -"\163\151\164\145\054\040\150\164\164\160\072\057\057\167\167\167" -"\056\142\145\164\162\165\163\164\145\144\056\143\157\155\057\160" -"\162\157\144\165\143\164\163\137\163\145\162\166\151\143\145\163" -"\057\151\156\144\145\170\056\150\164\155\154\060\013\006\003\125" -"\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004" -"\030\060\026\200\024\251\354\024\176\371\331\103\314\123\053\024" -"\255\317\367\360\131\211\101\315\031\060\035\006\003\125\035\016" -"\004\026\004\024\251\354\024\176\371\331\103\314\123\053\024\255" -"\317\367\360\131\211\101\315\031\060\015\006\011\052\206\110\206" -"\367\015\001\001\005\005\000\003\202\001\001\000\333\227\260\165" -"\352\014\304\301\230\312\126\005\300\250\255\046\110\257\055\040" -"\350\201\307\266\337\103\301\054\035\165\113\324\102\215\347\172" -"\250\164\334\146\102\131\207\263\365\151\155\331\251\236\263\175" -"\034\061\301\365\124\342\131\044\111\345\356\275\071\246\153\212" -"\230\104\373\233\327\052\203\227\064\055\307\175\065\114\055\064" -"\270\076\015\304\354\210\047\257\236\222\375\120\141\202\250\140" -"\007\024\123\314\145\023\301\366\107\104\151\322\061\310\246\335" -"\056\263\013\336\112\215\133\075\253\015\302\065\122\242\126\067" -"\314\062\213\050\205\102\234\221\100\172\160\053\070\066\325\341" -"\163\032\037\345\372\176\137\334\326\234\073\060\352\333\300\133" -"\047\134\323\163\007\301\302\363\114\233\157\237\033\312\036\252" -"\250\070\063\011\130\262\256\374\007\350\066\334\125\272\057\117" -"\100\376\172\275\006\246\201\301\223\042\174\206\021\012\006\167" -"\110\256\065\267\057\062\232\141\136\213\276\051\237\051\044\210" -"\126\071\054\250\322\253\226\003\132\324\110\237\271\100\204\013" -"\230\150\373\001\103\326\033\342\011\261\227\034" -, (PRUint32)1388 } -}; -static const NSSItem nss_builtins_items_91 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"beTRUSTed Root CA - RSA Implementation", (PRUint32)39 }, - { (void *)"\035\202\131\312\041\047\303\313\301\154\331\062\366\054\145\051" -"\214\250\207\022" -, (PRUint32)20 }, - { (void *)"\206\102\005\011\274\247\235\354\035\363\056\016\272\330\035\320" -, (PRUint32)16 }, - { (void *)"\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124" -"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" -"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" -"\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145" -"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" -"\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141" -"\164\151\157\156" -, (PRUint32)100 }, - { (void *)"\002\020\073\131\307\173\315\133\127\236\275\067\122\254\166\264" -"\252\032" -, (PRUint32)18 }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_92 [] = { +static const NSSItem nss_builtins_items_82 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6526,7 +5872,7 @@ static const NSSItem nss_builtins_items_92 [] = { "\354\040\005\141\336" , (PRUint32)869 } }; -static const NSSItem nss_builtins_items_93 [] = { +static const NSSItem nss_builtins_items_83 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6550,7 +5896,7 @@ static const NSSItem nss_builtins_items_93 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_94 [] = { +static const NSSItem nss_builtins_items_84 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6628,7 +5974,7 @@ static const NSSItem nss_builtins_items_94 [] = { "\302\005\146\200\241\313\346\063" , (PRUint32)856 } }; -static const NSSItem nss_builtins_items_95 [] = { +static const NSSItem nss_builtins_items_85 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6652,7 +5998,7 @@ static const NSSItem nss_builtins_items_95 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_96 [] = { +static const NSSItem nss_builtins_items_86 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6731,7 +6077,7 @@ static const NSSItem nss_builtins_items_96 [] = { "\342\042\051\256\175\203\100\250\272\154" , (PRUint32)874 } }; -static const NSSItem nss_builtins_items_97 [] = { +static const NSSItem nss_builtins_items_87 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6755,7 +6101,7 @@ static const NSSItem nss_builtins_items_97 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_98 [] = { +static const NSSItem nss_builtins_items_88 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6866,7 +6212,7 @@ static const NSSItem nss_builtins_items_98 [] = { "\244\346\216\330\371\051\110\212\316\163\376\054" , (PRUint32)1388 } }; -static const NSSItem nss_builtins_items_99 [] = { +static const NSSItem nss_builtins_items_89 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6890,7 +6236,7 @@ static const NSSItem nss_builtins_items_99 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_100 [] = { +static const NSSItem nss_builtins_items_90 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7001,7 +6347,7 @@ static const NSSItem nss_builtins_items_100 [] = { "\362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222" , (PRUint32)1392 } }; -static const NSSItem nss_builtins_items_101 [] = { +static const NSSItem nss_builtins_items_91 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7025,7 +6371,7 @@ static const NSSItem nss_builtins_items_101 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_102 [] = { +static const NSSItem nss_builtins_items_92 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7133,7 +6479,7 @@ static const NSSItem nss_builtins_items_102 [] = { "\152\372\246\070\254\037\304\204" , (PRUint32)1128 } }; -static const NSSItem nss_builtins_items_103 [] = { +static const NSSItem nss_builtins_items_93 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7164,7 +6510,7 @@ static const NSSItem nss_builtins_items_103 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_104 [] = { +static const NSSItem nss_builtins_items_94 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7251,7 +6597,7 @@ static const NSSItem nss_builtins_items_104 [] = { "\200\072\231\355\165\314\106\173" , (PRUint32)936 } }; -static const NSSItem nss_builtins_items_105 [] = { +static const NSSItem nss_builtins_items_95 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7277,7 +6623,7 @@ static const NSSItem nss_builtins_items_105 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_106 [] = { +static const NSSItem nss_builtins_items_96 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7396,7 +6742,7 @@ static const NSSItem nss_builtins_items_106 [] = { "\105\217\046\221\242\216\376\251" , (PRUint32)1448 } }; -static const NSSItem nss_builtins_items_107 [] = { +static const NSSItem nss_builtins_items_97 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7422,7 +6768,7 @@ static const NSSItem nss_builtins_items_107 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_108 [] = { +static const NSSItem nss_builtins_items_98 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7510,7 +6856,7 @@ static const NSSItem nss_builtins_items_108 [] = { "\222\340\134\366\007\017" , (PRUint32)934 } }; -static const NSSItem nss_builtins_items_109 [] = { +static const NSSItem nss_builtins_items_99 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7537,7 +6883,7 @@ static const NSSItem nss_builtins_items_109 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_110 [] = { +static const NSSItem nss_builtins_items_100 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7629,7 +6975,7 @@ static const NSSItem nss_builtins_items_110 [] = { "\367\115\146\177\247\360\034\001\046\170\262\146\107\160\121\144" , (PRUint32)864 } }; -static const NSSItem nss_builtins_items_111 [] = { +static const NSSItem nss_builtins_items_101 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7660,7 +7006,7 @@ static const NSSItem nss_builtins_items_111 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_112 [] = { +static const NSSItem nss_builtins_items_102 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7752,7 +7098,7 @@ static const NSSItem nss_builtins_items_112 [] = { "\030\122\051\213\107\064\022\011\324\273\222\065\357\017\333\064" , (PRUint32)864 } }; -static const NSSItem nss_builtins_items_113 [] = { +static const NSSItem nss_builtins_items_103 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7783,7 +7129,7 @@ static const NSSItem nss_builtins_items_113 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_114 [] = { +static const NSSItem nss_builtins_items_104 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7854,7 +7200,7 @@ static const NSSItem nss_builtins_items_114 [] = { "\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163" , (PRUint32)784 } }; -static const NSSItem nss_builtins_items_115 [] = { +static const NSSItem nss_builtins_items_105 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7877,7 +7223,7 @@ static const NSSItem nss_builtins_items_115 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_116 [] = { +static const NSSItem nss_builtins_items_106 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7975,7 +7321,7 @@ static const NSSItem nss_builtins_items_116 [] = { "\225\351\066\226\230\156" , (PRUint32)1078 } }; -static const NSSItem nss_builtins_items_117 [] = { +static const NSSItem nss_builtins_items_107 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8002,7 +7348,7 @@ static const NSSItem nss_builtins_items_117 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_118 [] = { +static const NSSItem nss_builtins_items_108 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8101,7 +7447,7 @@ static const NSSItem nss_builtins_items_118 [] = { "\354\375\051" , (PRUint32)1091 } }; -static const NSSItem nss_builtins_items_119 [] = { +static const NSSItem nss_builtins_items_109 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8128,7 +7474,7 @@ static const NSSItem nss_builtins_items_119 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_120 [] = { +static const NSSItem nss_builtins_items_110 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8229,7 +7575,7 @@ static const NSSItem nss_builtins_items_120 [] = { "\160\136\310\304\170\260\142" , (PRUint32)1095 } }; -static const NSSItem nss_builtins_items_121 [] = { +static const NSSItem nss_builtins_items_111 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8257,7 +7603,7 @@ static const NSSItem nss_builtins_items_121 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_122 [] = { +static const NSSItem nss_builtins_items_112 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8435,7 +7781,7 @@ static const NSSItem nss_builtins_items_122 [] = { "\001\177\046\304\143\365\045\102\136\142\275" , (PRUint32)2043 } }; -static const NSSItem nss_builtins_items_123 [] = { +static const NSSItem nss_builtins_items_113 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8472,7 +7818,7 @@ static const NSSItem nss_builtins_items_123 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_124 [] = { +static const NSSItem nss_builtins_items_114 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8649,7 +7995,7 @@ static const NSSItem nss_builtins_items_124 [] = { "\206\063\076\346\057\110\156\257\124\220\116\255\261\045" , (PRUint32)2030 } }; -static const NSSItem nss_builtins_items_125 [] = { +static const NSSItem nss_builtins_items_115 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8686,7 +8032,7 @@ static const NSSItem nss_builtins_items_125 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_126 [] = { +static const NSSItem nss_builtins_items_116 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8863,7 +8209,7 @@ static const NSSItem nss_builtins_items_126 [] = { "\257\175\310\352\351\324\126\331\016\023\262\305\105\120" , (PRUint32)2030 } }; -static const NSSItem nss_builtins_items_127 [] = { +static const NSSItem nss_builtins_items_117 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8900,7 +8246,7 @@ static const NSSItem nss_builtins_items_127 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_128 [] = { +static const NSSItem nss_builtins_items_118 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9078,7 +8424,7 @@ static const NSSItem nss_builtins_items_128 [] = { "\336\007\043\162\346\275\040\024\113\264\206" , (PRUint32)2043 } }; -static const NSSItem nss_builtins_items_129 [] = { +static const NSSItem nss_builtins_items_119 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9115,7 +8461,7 @@ static const NSSItem nss_builtins_items_129 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_130 [] = { +static const NSSItem nss_builtins_items_120 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9293,7 +8639,7 @@ static const NSSItem nss_builtins_items_130 [] = { "\311\024\025\014\343\007\203\233\046\165\357" , (PRUint32)2043 } }; -static const NSSItem nss_builtins_items_131 [] = { +static const NSSItem nss_builtins_items_121 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9330,7 +8676,7 @@ static const NSSItem nss_builtins_items_131 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_132 [] = { +static const NSSItem nss_builtins_items_122 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9514,7 +8860,7 @@ static const NSSItem nss_builtins_items_132 [] = { "\207\112\137\334\357\351\126\360\012\014\350\165" , (PRUint32)2108 } }; -static const NSSItem nss_builtins_items_133 [] = { +static const NSSItem nss_builtins_items_123 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9552,7 +8898,7 @@ static const NSSItem nss_builtins_items_133 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_134 [] = { +static const NSSItem nss_builtins_items_124 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9678,7 +9024,7 @@ static const NSSItem nss_builtins_items_134 [] = { "\112\164\066\371" , (PRUint32)1492 } }; -static const NSSItem nss_builtins_items_135 [] = { +static const NSSItem nss_builtins_items_125 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9706,7 +9052,7 @@ static const NSSItem nss_builtins_items_135 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_136 [] = { +static const NSSItem nss_builtins_items_126 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9822,7 +9168,7 @@ static const NSSItem nss_builtins_items_136 [] = { "\020\005\145\325\202\020\352\302\061\315\056" , (PRUint32)1467 } }; -static const NSSItem nss_builtins_items_137 [] = { +static const NSSItem nss_builtins_items_127 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9846,7 +9192,7 @@ static const NSSItem nss_builtins_items_137 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_138 [] = { +static const NSSItem nss_builtins_items_128 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9977,7 +9323,7 @@ static const NSSItem nss_builtins_items_138 [] = { "\332" , (PRUint32)1697 } }; -static const NSSItem nss_builtins_items_139 [] = { +static const NSSItem nss_builtins_items_129 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10001,7 +9347,7 @@ static const NSSItem nss_builtins_items_139 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_140 [] = { +static const NSSItem nss_builtins_items_130 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10081,7 +9427,7 @@ static const NSSItem nss_builtins_items_140 [] = { "\057\317\246\356\311\160\042\024\275\375\276\154\013\003" , (PRUint32)862 } }; -static const NSSItem nss_builtins_items_141 [] = { +static const NSSItem nss_builtins_items_131 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10106,7 +9452,7 @@ static const NSSItem nss_builtins_items_141 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_142 [] = { +static const NSSItem nss_builtins_items_132 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10179,7 +9525,7 @@ static const NSSItem nss_builtins_items_142 [] = { "\127\275\125\232" , (PRUint32)804 } }; -static const NSSItem nss_builtins_items_143 [] = { +static const NSSItem nss_builtins_items_133 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10202,7 +9548,7 @@ static const NSSItem nss_builtins_items_143 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_144 [] = { +static const NSSItem nss_builtins_items_134 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10275,7 +9621,7 @@ static const NSSItem nss_builtins_items_144 [] = { "\160\254\337\114" , (PRUint32)804 } }; -static const NSSItem nss_builtins_items_145 [] = { +static const NSSItem nss_builtins_items_135 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10298,7 +9644,7 @@ static const NSSItem nss_builtins_items_145 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_146 [] = { +static const NSSItem nss_builtins_items_136 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10384,7 +9730,7 @@ static const NSSItem nss_builtins_items_146 [] = { "\025\301\044\174\062\174\003\035\073\241\130\105\062\223" , (PRUint32)958 } }; -static const NSSItem nss_builtins_items_147 [] = { +static const NSSItem nss_builtins_items_137 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10409,7 +9755,7 @@ static const NSSItem nss_builtins_items_147 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_148 [] = { +static const NSSItem nss_builtins_items_138 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10500,7 +9846,7 @@ static const NSSItem nss_builtins_items_148 [] = { "\151\003\142\270\231\005\005\075\153\170\022\275\260\157\145" , (PRUint32)1071 } }; -static const NSSItem nss_builtins_items_149 [] = { +static const NSSItem nss_builtins_items_139 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10524,7 +9870,7 @@ static const NSSItem nss_builtins_items_149 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_150 [] = { +static const NSSItem nss_builtins_items_140 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10628,7 +9974,7 @@ static const NSSItem nss_builtins_items_150 [] = { "\004\243\103\055\332\374\013\142\352\057\137\142\123" , (PRUint32)1309 } }; -static const NSSItem nss_builtins_items_151 [] = { +static const NSSItem nss_builtins_items_141 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10651,7 +9997,7 @@ static const NSSItem nss_builtins_items_151 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_152 [] = { +static const NSSItem nss_builtins_items_142 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10757,7 +10103,7 @@ static const NSSItem nss_builtins_items_152 [] = { "\364\010" , (PRUint32)1122 } }; -static const NSSItem nss_builtins_items_153 [] = { +static const NSSItem nss_builtins_items_143 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10787,7 +10133,7 @@ static const NSSItem nss_builtins_items_153 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_154 [] = { +static const NSSItem nss_builtins_items_144 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10901,7 +10247,7 @@ static const NSSItem nss_builtins_items_154 [] = { "\005\323\312\003\112\124" , (PRUint32)1190 } }; -static const NSSItem nss_builtins_items_155 [] = { +static const NSSItem nss_builtins_items_145 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10933,7 +10279,7 @@ static const NSSItem nss_builtins_items_155 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_156 [] = { +static const NSSItem nss_builtins_items_146 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11040,7 +10386,7 @@ static const NSSItem nss_builtins_items_156 [] = { "\062\234\036\273\235\370\146\250" , (PRUint32)1144 } }; -static const NSSItem nss_builtins_items_157 [] = { +static const NSSItem nss_builtins_items_147 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11070,7 +10416,7 @@ static const NSSItem nss_builtins_items_157 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_158 [] = { +static const NSSItem nss_builtins_items_148 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11176,7 +10522,7 @@ static const NSSItem nss_builtins_items_158 [] = { "\275\023\122\035\250\076\315\000\037\310" , (PRUint32)1130 } }; -static const NSSItem nss_builtins_items_159 [] = { +static const NSSItem nss_builtins_items_149 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11206,7 +10552,7 @@ static const NSSItem nss_builtins_items_159 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_160 [] = { +static const NSSItem nss_builtins_items_150 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11315,7 +10661,7 @@ static const NSSItem nss_builtins_items_160 [] = { "\334" , (PRUint32)1217 } }; -static const NSSItem nss_builtins_items_161 [] = { +static const NSSItem nss_builtins_items_151 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11343,7 +10689,7 @@ static const NSSItem nss_builtins_items_161 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_162 [] = { +static const NSSItem nss_builtins_items_152 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11450,7 +10796,7 @@ static const NSSItem nss_builtins_items_162 [] = { "\166\135\165\220\032\365\046\217\360" , (PRUint32)1225 } }; -static const NSSItem nss_builtins_items_163 [] = { +static const NSSItem nss_builtins_items_153 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11477,7 +10823,7 @@ static const NSSItem nss_builtins_items_163 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_164 [] = { +static const NSSItem nss_builtins_items_154 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11627,7 +10973,7 @@ static const NSSItem nss_builtins_items_164 [] = { "\306\224\107\351\050" , (PRUint32)1749 } }; -static const NSSItem nss_builtins_items_165 [] = { +static const NSSItem nss_builtins_items_155 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11659,7 +11005,7 @@ static const NSSItem nss_builtins_items_165 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_166 [] = { +static const NSSItem nss_builtins_items_156 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11802,7 +11148,7 @@ static const NSSItem nss_builtins_items_166 [] = { "\210" , (PRUint32)1665 } }; -static const NSSItem nss_builtins_items_167 [] = { +static const NSSItem nss_builtins_items_157 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11833,7 +11179,7 @@ static const NSSItem nss_builtins_items_167 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_168 [] = { +static const NSSItem nss_builtins_items_158 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11952,7 +11298,7 @@ static const NSSItem nss_builtins_items_168 [] = { "\066\053\143\254\130\001\153\063\051\120\206\203\361\001\110" , (PRUint32)1359 } }; -static const NSSItem nss_builtins_items_169 [] = { +static const NSSItem nss_builtins_items_159 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11981,7 +11327,7 @@ static const NSSItem nss_builtins_items_169 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_170 [] = { +static const NSSItem nss_builtins_items_160 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12101,7 +11447,7 @@ static const NSSItem nss_builtins_items_170 [] = { "\063\004\324" , (PRUint32)1363 } }; -static const NSSItem nss_builtins_items_171 [] = { +static const NSSItem nss_builtins_items_161 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12130,7 +11476,7 @@ static const NSSItem nss_builtins_items_171 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_172 [] = { +static const NSSItem nss_builtins_items_162 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12231,7 +11577,7 @@ static const NSSItem nss_builtins_items_172 [] = { "\264\003\045\274" , (PRUint32)1076 } }; -static const NSSItem nss_builtins_items_173 [] = { +static const NSSItem nss_builtins_items_163 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12260,7 +11606,7 @@ static const NSSItem nss_builtins_items_173 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_174 [] = { +static const NSSItem nss_builtins_items_164 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12353,7 +11699,7 @@ static const NSSItem nss_builtins_items_174 [] = { "\177\333\275\237" , (PRUint32)1028 } }; -static const NSSItem nss_builtins_items_175 [] = { +static const NSSItem nss_builtins_items_165 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12379,7 +11725,7 @@ static const NSSItem nss_builtins_items_175 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_176 [] = { +static const NSSItem nss_builtins_items_166 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12473,7 +11819,7 @@ static const NSSItem nss_builtins_items_176 [] = { "\037\027\224" , (PRUint32)1043 } }; -static const NSSItem nss_builtins_items_177 [] = { +static const NSSItem nss_builtins_items_167 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12499,7 +11845,7 @@ static const NSSItem nss_builtins_items_177 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_178 [] = { +static const NSSItem nss_builtins_items_168 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12654,7 +12000,7 @@ static const NSSItem nss_builtins_items_178 [] = { "\152\263\364\210\034\200\015\374\162\212\350\203\136" , (PRUint32)1997 } }; -static const NSSItem nss_builtins_items_179 [] = { +static const NSSItem nss_builtins_items_169 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12681,7 +12027,7 @@ static const NSSItem nss_builtins_items_179 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_180 [] = { +static const NSSItem nss_builtins_items_170 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12794,7 +12140,7 @@ static const NSSItem nss_builtins_items_180 [] = { "\245\206\054\174\364\022" , (PRUint32)1398 } }; -static const NSSItem nss_builtins_items_181 [] = { +static const NSSItem nss_builtins_items_171 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12819,7 +12165,7 @@ static const NSSItem nss_builtins_items_181 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_182 [] = { +static const NSSItem nss_builtins_items_172 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12923,7 +12269,7 @@ static const NSSItem nss_builtins_items_182 [] = { "\252\341\247\063\366\375\112\037\366\331\140" , (PRUint32)1115 } }; -static const NSSItem nss_builtins_items_183 [] = { +static const NSSItem nss_builtins_items_173 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12952,7 +12298,7 @@ static const NSSItem nss_builtins_items_183 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_184 [] = { +static const NSSItem nss_builtins_items_174 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13047,7 +12393,7 @@ static const NSSItem nss_builtins_items_184 [] = { "\117\041\145\073\112\177\107\243\373" , (PRUint32)1001 } }; -static const NSSItem nss_builtins_items_185 [] = { +static const NSSItem nss_builtins_items_175 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13075,7 +12421,7 @@ static const NSSItem nss_builtins_items_185 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_186 [] = { +static const NSSItem nss_builtins_items_176 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13198,7 +12544,7 @@ static const NSSItem nss_builtins_items_186 [] = { "\060\032\365\232\154\364\016\123\371\072\133\321\034" , (PRUint32)1501 } }; -static const NSSItem nss_builtins_items_187 [] = { +static const NSSItem nss_builtins_items_177 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13225,7 +12571,7 @@ static const NSSItem nss_builtins_items_187 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_188 [] = { +static const NSSItem nss_builtins_items_178 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13314,7 +12660,7 @@ static const NSSItem nss_builtins_items_188 [] = { "\346\120\262\247\372\012\105\057\242\360\362" , (PRUint32)955 } }; -static const NSSItem nss_builtins_items_189 [] = { +static const NSSItem nss_builtins_items_179 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13338,10 +12684,10 @@ static const NSSItem nss_builtins_items_189 [] = { , (PRUint32)18 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_190 [] = { +static const NSSItem nss_builtins_items_180 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13430,7 +12776,7 @@ static const NSSItem nss_builtins_items_190 [] = { "\225\155\336" , (PRUint32)947 } }; -static const NSSItem nss_builtins_items_191 [] = { +static const NSSItem nss_builtins_items_181 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13454,10 +12800,10 @@ static const NSSItem nss_builtins_items_191 [] = { , (PRUint32)18 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_192 [] = { +static const NSSItem nss_builtins_items_182 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13547,7 +12893,7 @@ static const NSSItem nss_builtins_items_192 [] = { "\370\351\056\023\243\167\350\037\112" , (PRUint32)969 } }; -static const NSSItem nss_builtins_items_193 [] = { +static const NSSItem nss_builtins_items_183 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13571,10 +12917,10 @@ static const NSSItem nss_builtins_items_193 [] = { , (PRUint32)18 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_194 [] = { +static const NSSItem nss_builtins_items_184 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13655,7 +13001,7 @@ static const NSSItem nss_builtins_items_194 [] = { "\227\277\242\216\264\124" , (PRUint32)918 } }; -static const NSSItem nss_builtins_items_195 [] = { +static const NSSItem nss_builtins_items_185 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13679,7 +13025,7 @@ static const NSSItem nss_builtins_items_195 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_196 [] = { +static const NSSItem nss_builtins_items_186 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13757,7 +13103,7 @@ static const NSSItem nss_builtins_items_196 [] = { "\013\004\216\007\333\051\266\012\356\235\202\065\065\020" , (PRUint32)846 } }; -static const NSSItem nss_builtins_items_197 [] = { +static const NSSItem nss_builtins_items_187 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13782,7 +13128,7 @@ static const NSSItem nss_builtins_items_197 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_198 [] = { +static const NSSItem nss_builtins_items_188 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13874,7 +13220,7 @@ static const NSSItem nss_builtins_items_198 [] = { "\363\267\240\247\315\345\172\063\066\152\372\232\053" , (PRUint32)1037 } }; -static const NSSItem nss_builtins_items_199 [] = { +static const NSSItem nss_builtins_items_189 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13900,7 +13246,7 @@ static const NSSItem nss_builtins_items_199 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_200 [] = { +static const NSSItem nss_builtins_items_190 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14002,7 +13348,7 @@ static const NSSItem nss_builtins_items_200 [] = { "\104\144\003\045\352\336\133\156\237\311\362\116\254\335\307" , (PRUint32)1023 } }; -static const NSSItem nss_builtins_items_201 [] = { +static const NSSItem nss_builtins_items_191 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14033,7 +13379,7 @@ static const NSSItem nss_builtins_items_201 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_202 [] = { +static const NSSItem nss_builtins_items_192 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14141,7 +13487,7 @@ static const NSSItem nss_builtins_items_202 [] = { "\167\161\307\372\221\372\057\121\236\351\071\122\266\347\004\102" , (PRUint32)1088 } }; -static const NSSItem nss_builtins_items_203 [] = { +static const NSSItem nss_builtins_items_193 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14173,7 +13519,7 @@ static const NSSItem nss_builtins_items_203 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_204 [] = { +static const NSSItem nss_builtins_items_194 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14290,7 +13636,7 @@ static const NSSItem nss_builtins_items_204 [] = { "\205\206\171\145\322" , (PRUint32)1477 } }; -static const NSSItem nss_builtins_items_205 [] = { +static const NSSItem nss_builtins_items_195 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14314,7 +13660,7 @@ static const NSSItem nss_builtins_items_205 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_206 [] = { +static const NSSItem nss_builtins_items_196 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14430,7 +13776,7 @@ static const NSSItem nss_builtins_items_206 [] = { "\111\044\133\311\260\320\127\301\372\076\172\341\227\311" , (PRUint32)1470 } }; -static const NSSItem nss_builtins_items_207 [] = { +static const NSSItem nss_builtins_items_197 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14454,7 +13800,7 @@ static const NSSItem nss_builtins_items_207 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_208 [] = { +static const NSSItem nss_builtins_items_198 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14571,7 +13917,7 @@ static const NSSItem nss_builtins_items_208 [] = { "\156" , (PRUint32)1473 } }; -static const NSSItem nss_builtins_items_209 [] = { +static const NSSItem nss_builtins_items_199 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14595,7 +13941,7 @@ static const NSSItem nss_builtins_items_209 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_210 [] = { +static const NSSItem nss_builtins_items_200 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14678,7 +14024,7 @@ static const NSSItem nss_builtins_items_210 [] = { "\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131" , (PRUint32)896 } }; -static const NSSItem nss_builtins_items_211 [] = { +static const NSSItem nss_builtins_items_201 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14704,7 +14050,7 @@ static const NSSItem nss_builtins_items_211 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_212 [] = { +static const NSSItem nss_builtins_items_202 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14808,7 +14154,7 @@ static const NSSItem nss_builtins_items_212 [] = { "\215\126\214\150" , (PRUint32)1060 } }; -static const NSSItem nss_builtins_items_213 [] = { +static const NSSItem nss_builtins_items_203 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14839,7 +14185,7 @@ static const NSSItem nss_builtins_items_213 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_214 [] = { +static const NSSItem nss_builtins_items_204 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14958,7 +14304,7 @@ static const NSSItem nss_builtins_items_214 [] = { "\254\021\326\250\355\143\152" , (PRUint32)1239 } }; -static const NSSItem nss_builtins_items_215 [] = { +static const NSSItem nss_builtins_items_205 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14991,7 +14337,7 @@ static const NSSItem nss_builtins_items_215 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_216 [] = { +static const NSSItem nss_builtins_items_206 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15076,7 +14422,7 @@ static const NSSItem nss_builtins_items_216 [] = { "\113\035\236\054\302\270\150\274\355\002\356\061" , (PRUint32)956 } }; -static const NSSItem nss_builtins_items_217 [] = { +static const NSSItem nss_builtins_items_207 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15101,7 +14447,7 @@ static const NSSItem nss_builtins_items_217 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_218 [] = { +static const NSSItem nss_builtins_items_208 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15186,7 +14532,7 @@ static const NSSItem nss_builtins_items_218 [] = { "\117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026" , (PRUint32)960 } }; -static const NSSItem nss_builtins_items_219 [] = { +static const NSSItem nss_builtins_items_209 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15211,7 +14557,7 @@ static const NSSItem nss_builtins_items_219 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_220 [] = { +static const NSSItem nss_builtins_items_210 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15311,7 +14657,7 @@ static const NSSItem nss_builtins_items_220 [] = { "\145" , (PRUint32)1057 } }; -static const NSSItem nss_builtins_items_221 [] = { +static const NSSItem nss_builtins_items_211 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15340,7 +14686,7 @@ static const NSSItem nss_builtins_items_221 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_222 [] = { +static const NSSItem nss_builtins_items_212 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15458,7 +14804,7 @@ static const NSSItem nss_builtins_items_222 [] = { "\262\345\214\360\206\231\270\345\305\337\204\301\267\353" , (PRUint32)1422 } }; -static const NSSItem nss_builtins_items_223 [] = { +static const NSSItem nss_builtins_items_213 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15485,7 +14831,7 @@ static const NSSItem nss_builtins_items_223 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_224 [] = { +static const NSSItem nss_builtins_items_214 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15577,7 +14923,7 @@ static const NSSItem nss_builtins_items_224 [] = { "\244\140\114\260\125\240\240\173\127\262" , (PRUint32)1002 } }; -static const NSSItem nss_builtins_items_225 [] = { +static const NSSItem nss_builtins_items_215 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15604,7 +14950,7 @@ static const NSSItem nss_builtins_items_225 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_226 [] = { +static const NSSItem nss_builtins_items_216 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15713,7 +15059,7 @@ static const NSSItem nss_builtins_items_226 [] = { "\333" , (PRUint32)1217 } }; -static const NSSItem nss_builtins_items_227 [] = { +static const NSSItem nss_builtins_items_217 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15741,7 +15087,7 @@ static const NSSItem nss_builtins_items_227 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_228 [] = { +static const NSSItem nss_builtins_items_218 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15815,7 +15161,7 @@ static const NSSItem nss_builtins_items_228 [] = { "\334\335\363\377\035\054\072\026\127\331\222\071\326" , (PRUint32)653 } }; -static const NSSItem nss_builtins_items_229 [] = { +static const NSSItem nss_builtins_items_219 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15844,7 +15190,7 @@ static const NSSItem nss_builtins_items_229 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_230 [] = { +static const NSSItem nss_builtins_items_220 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15936,7 +15282,7 @@ static const NSSItem nss_builtins_items_230 [] = { "\321\236\164\310\166\147" , (PRUint32)1078 } }; -static const NSSItem nss_builtins_items_231 [] = { +static const NSSItem nss_builtins_items_221 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15961,7 +15307,7 @@ static const NSSItem nss_builtins_items_231 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_232 [] = { +static const NSSItem nss_builtins_items_222 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16058,7 +15404,7 @@ static const NSSItem nss_builtins_items_232 [] = { "\253\205\322\140\126\132" , (PRUint32)1030 } }; -static const NSSItem nss_builtins_items_233 [] = { +static const NSSItem nss_builtins_items_223 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16086,7 +15432,7 @@ static const NSSItem nss_builtins_items_233 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_234 [] = { +static const NSSItem nss_builtins_items_224 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16171,7 +15517,7 @@ static const NSSItem nss_builtins_items_234 [] = { "\164" , (PRUint32)897 } }; -static const NSSItem nss_builtins_items_235 [] = { +static const NSSItem nss_builtins_items_225 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16197,7 +15543,7 @@ static const NSSItem nss_builtins_items_235 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_236 [] = { +static const NSSItem nss_builtins_items_226 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16294,7 +15640,7 @@ static const NSSItem nss_builtins_items_236 [] = { "\374\276\337\012\015" , (PRUint32)1013 } }; -static const NSSItem nss_builtins_items_237 [] = { +static const NSSItem nss_builtins_items_227 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16323,7 +15669,7 @@ static const NSSItem nss_builtins_items_237 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_238 [] = { +static const NSSItem nss_builtins_items_228 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16434,7 +15780,7 @@ static const NSSItem nss_builtins_items_238 [] = { "\241\361\017\033\037\075\236\004\203\335\226\331\035\072\224" , (PRUint32)1151 } }; -static const NSSItem nss_builtins_items_239 [] = { +static const NSSItem nss_builtins_items_229 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16466,7 +15812,7 @@ static const NSSItem nss_builtins_items_239 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_240 [] = { +static const NSSItem nss_builtins_items_230 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16620,7 +15966,7 @@ static const NSSItem nss_builtins_items_240 [] = { "\103\307\003\340\067\116\135\012\334\131\040\045" , (PRUint32)1964 } }; -static const NSSItem nss_builtins_items_241 [] = { +static const NSSItem nss_builtins_items_231 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16648,7 +15994,7 @@ static const NSSItem nss_builtins_items_241 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_242 [] = { +static const NSSItem nss_builtins_items_232 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16729,7 +16075,7 @@ static const NSSItem nss_builtins_items_242 [] = { "\300\226\130\057\352\273\106\327\273\344\331\056" , (PRUint32)940 } }; -static const NSSItem nss_builtins_items_243 [] = { +static const NSSItem nss_builtins_items_233 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16752,7 +16098,7 @@ static const NSSItem nss_builtins_items_243 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_244 [] = { +static const NSSItem nss_builtins_items_234 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16886,7 +16232,7 @@ static const NSSItem nss_builtins_items_244 [] = { "\005\211\374\170\326\134\054\046\103\251" , (PRUint32)1642 } }; -static const NSSItem nss_builtins_items_245 [] = { +static const NSSItem nss_builtins_items_235 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16914,7 +16260,7 @@ static const NSSItem nss_builtins_items_245 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_246 [] = { +static const NSSItem nss_builtins_items_236 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17019,7 +16365,7 @@ static const NSSItem nss_builtins_items_246 [] = { "\334\144\047\027\214\132\267\332\164\050\315\227\344\275" , (PRUint32)1198 } }; -static const NSSItem nss_builtins_items_247 [] = { +static const NSSItem nss_builtins_items_237 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17046,7 +16392,7 @@ static const NSSItem nss_builtins_items_247 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_248 [] = { +static const NSSItem nss_builtins_items_238 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17151,7 +16497,7 @@ static const NSSItem nss_builtins_items_248 [] = { "\016\121\075\157\373\226\126\200\342\066\027\321\334\344" , (PRUint32)1198 } }; -static const NSSItem nss_builtins_items_249 [] = { +static const NSSItem nss_builtins_items_239 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17178,7 +16524,7 @@ static const NSSItem nss_builtins_items_249 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_250 [] = { +static const NSSItem nss_builtins_items_240 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17271,7 +16617,7 @@ static const NSSItem nss_builtins_items_250 [] = { "\230" , (PRUint32)993 } }; -static const NSSItem nss_builtins_items_251 [] = { +static const NSSItem nss_builtins_items_241 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17298,7 +16644,7 @@ static const NSSItem nss_builtins_items_251 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_252 [] = { +static const NSSItem nss_builtins_items_242 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17387,7 +16733,7 @@ static const NSSItem nss_builtins_items_252 [] = { "\126\144\127" , (PRUint32)931 } }; -static const NSSItem nss_builtins_items_253 [] = { +static const NSSItem nss_builtins_items_243 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17414,7 +16760,7 @@ static const NSSItem nss_builtins_items_253 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_254 [] = { +static const NSSItem nss_builtins_items_244 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17495,7 +16841,7 @@ static const NSSItem nss_builtins_items_254 [] = { "\000\147\240\161\000\202\110" , (PRUint32)919 } }; -static const NSSItem nss_builtins_items_255 [] = { +static const NSSItem nss_builtins_items_245 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17519,7 +16865,7 @@ static const NSSItem nss_builtins_items_255 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_256 [] = { +static const NSSItem nss_builtins_items_246 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17601,7 +16947,7 @@ static const NSSItem nss_builtins_items_256 [] = { "\316\145\006\056\135\322\052\123\164\136\323\156\047\236\217" , (PRUint32)943 } }; -static const NSSItem nss_builtins_items_257 [] = { +static const NSSItem nss_builtins_items_247 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17625,7 +16971,7 @@ static const NSSItem nss_builtins_items_257 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_258 [] = { +static const NSSItem nss_builtins_items_248 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17706,7 +17052,7 @@ static const NSSItem nss_builtins_items_258 [] = { "\246\210\070\316\125" , (PRUint32)933 } }; -static const NSSItem nss_builtins_items_259 [] = { +static const NSSItem nss_builtins_items_249 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17729,7 +17075,7 @@ static const NSSItem nss_builtins_items_259 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_260 [] = { +static const NSSItem nss_builtins_items_250 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17848,7 +17194,7 @@ static const NSSItem nss_builtins_items_260 [] = { "\201\370\021\234" , (PRUint32)1460 } }; -static const NSSItem nss_builtins_items_261 [] = { +static const NSSItem nss_builtins_items_251 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17874,7 +17220,7 @@ static const NSSItem nss_builtins_items_261 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_262 [] = { +static const NSSItem nss_builtins_items_252 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18008,7 +17354,7 @@ static const NSSItem nss_builtins_items_262 [] = { "\311\234\220\332\354\251\102\074\255\266\002" , (PRUint32)1307 } }; -static const NSSItem nss_builtins_items_263 [] = { +static const NSSItem nss_builtins_items_253 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18046,7 +17392,7 @@ static const NSSItem nss_builtins_items_263 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_264 [] = { +static const NSSItem nss_builtins_items_254 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18124,7 +17470,7 @@ static const NSSItem nss_builtins_items_264 [] = { "\366\324\357\277\114\210\150" , (PRUint32)855 } }; -static const NSSItem nss_builtins_items_265 [] = { +static const NSSItem nss_builtins_items_255 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18148,7 +17494,7 @@ static const NSSItem nss_builtins_items_265 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_266 [] = { +static const NSSItem nss_builtins_items_256 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18226,7 +17572,7 @@ static const NSSItem nss_builtins_items_266 [] = { "\246\347\313\100\003\335\171" , (PRUint32)855 } }; -static const NSSItem nss_builtins_items_267 [] = { +static const NSSItem nss_builtins_items_257 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18250,7 +17596,7 @@ static const NSSItem nss_builtins_items_267 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_268 [] = { +static const NSSItem nss_builtins_items_258 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18377,7 +17723,7 @@ static const NSSItem nss_builtins_items_268 [] = { "\320\352\111\242\034\215\122\024\246\012\223" , (PRUint32)1515 } }; -static const NSSItem nss_builtins_items_269 [] = { +static const NSSItem nss_builtins_items_259 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18405,7 +17751,7 @@ static const NSSItem nss_builtins_items_269 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_270 [] = { +static const NSSItem nss_builtins_items_260 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18479,7 +17825,7 @@ static const NSSItem nss_builtins_items_270 [] = { "\366\356\260\132\116\111\104\124\130\137\102\203" , (PRUint32)828 } }; -static const NSSItem nss_builtins_items_271 [] = { +static const NSSItem nss_builtins_items_261 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18502,7 +17848,7 @@ static const NSSItem nss_builtins_items_271 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_272 [] = { +static const NSSItem nss_builtins_items_262 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18578,7 +17924,7 @@ static const NSSItem nss_builtins_items_272 [] = { "\011\333\212\101\202\236\146\233\021" , (PRUint32)857 } }; -static const NSSItem nss_builtins_items_273 [] = { +static const NSSItem nss_builtins_items_263 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18601,7 +17947,7 @@ static const NSSItem nss_builtins_items_273 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_274 [] = { +static const NSSItem nss_builtins_items_264 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18684,7 +18030,7 @@ static const NSSItem nss_builtins_items_274 [] = { "\262\033\211\124" , (PRUint32)932 } }; -static const NSSItem nss_builtins_items_275 [] = { +static const NSSItem nss_builtins_items_265 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18708,7 +18054,7 @@ static const NSSItem nss_builtins_items_275 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_276 [] = { +static const NSSItem nss_builtins_items_266 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18808,7 +18154,7 @@ static const NSSItem nss_builtins_items_276 [] = { "\021\055" , (PRUint32)1026 } }; -static const NSSItem nss_builtins_items_277 [] = { +static const NSSItem nss_builtins_items_267 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18838,7 +18184,7 @@ static const NSSItem nss_builtins_items_277 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_278 [] = { +static const NSSItem nss_builtins_items_268 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18912,7 +18258,7 @@ static const NSSItem nss_builtins_items_278 [] = { "\367\130\077\056\162\002\127\243\217\241\024\056" , (PRUint32)652 } }; -static const NSSItem nss_builtins_items_279 [] = { +static const NSSItem nss_builtins_items_269 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18941,7 +18287,7 @@ static const NSSItem nss_builtins_items_279 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_280 [] = { +static const NSSItem nss_builtins_items_270 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19047,7 +18393,7 @@ static const NSSItem nss_builtins_items_280 [] = { "\061\324\100\032\142\064\066\077\065\001\256\254\143\240" , (PRUint32)1070 } }; -static const NSSItem nss_builtins_items_281 [] = { +static const NSSItem nss_builtins_items_271 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19079,7 +18425,7 @@ static const NSSItem nss_builtins_items_281 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_282 [] = { +static const NSSItem nss_builtins_items_272 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19158,7 +18504,7 @@ static const NSSItem nss_builtins_items_282 [] = { "\017\212" , (PRUint32)690 } }; -static const NSSItem nss_builtins_items_283 [] = { +static const NSSItem nss_builtins_items_273 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19188,7 +18534,7 @@ static const NSSItem nss_builtins_items_283 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_284 [] = { +static const NSSItem nss_builtins_items_274 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19303,7 +18649,7 @@ static const NSSItem nss_builtins_items_284 [] = { "\354\315\202\141\361\070\346\117\227\230\052\132\215" , (PRUint32)1213 } }; -static const NSSItem nss_builtins_items_285 [] = { +static const NSSItem nss_builtins_items_275 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19335,7 +18681,7 @@ static const NSSItem nss_builtins_items_285 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_286 [] = { +static const NSSItem nss_builtins_items_276 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19433,7 +18779,7 @@ static const NSSItem nss_builtins_items_286 [] = { "\055\247\330\206\052\335\056\020" , (PRUint32)904 } }; -static const NSSItem nss_builtins_items_287 [] = { +static const NSSItem nss_builtins_items_277 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19466,7 +18812,7 @@ static const NSSItem nss_builtins_items_287 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_288 [] = { +static const NSSItem nss_builtins_items_278 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19568,7 +18914,7 @@ static const NSSItem nss_builtins_items_288 [] = { "\330\316\304\143\165\077\131\107\261" , (PRUint32)1049 } }; -static const NSSItem nss_builtins_items_289 [] = { +static const NSSItem nss_builtins_items_279 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19598,7 +18944,7 @@ static const NSSItem nss_builtins_items_289 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_290 [] = { +static const NSSItem nss_builtins_items_280 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19717,7 +19063,7 @@ static const NSSItem nss_builtins_items_290 [] = { "\370\161\012\334\271\374\175\062\140\346\353\257\212\001" , (PRUint32)1486 } }; -static const NSSItem nss_builtins_items_291 [] = { +static const NSSItem nss_builtins_items_281 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19742,7 +19088,7 @@ static const NSSItem nss_builtins_items_291 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_292 [] = { +static const NSSItem nss_builtins_items_282 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19832,7 +19178,7 @@ static const NSSItem nss_builtins_items_292 [] = { "\315\345\250" , (PRUint32)1043 } }; -static const NSSItem nss_builtins_items_293 [] = { +static const NSSItem nss_builtins_items_283 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19856,7 +19202,7 @@ static const NSSItem nss_builtins_items_293 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_294 [] = { +static const NSSItem nss_builtins_items_284 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19961,7 +19307,7 @@ static const NSSItem nss_builtins_items_294 [] = { "\115\273\306\104\333\066\313\052\234\216" , (PRUint32)1258 } }; -static const NSSItem nss_builtins_items_295 [] = { +static const NSSItem nss_builtins_items_285 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19986,7 +19332,7 @@ static const NSSItem nss_builtins_items_295 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_296 [] = { +static const NSSItem nss_builtins_items_286 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20062,7 +19408,7 @@ static const NSSItem nss_builtins_items_296 [] = { "\002\153\331\132" , (PRUint32)820 } }; -static const NSSItem nss_builtins_items_297 [] = { +static const NSSItem nss_builtins_items_287 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20086,7 +19432,7 @@ static const NSSItem nss_builtins_items_297 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_298 [] = { +static const NSSItem nss_builtins_items_288 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20168,7 +19514,7 @@ static const NSSItem nss_builtins_items_298 [] = { "\362" , (PRUint32)881 } }; -static const NSSItem nss_builtins_items_299 [] = { +static const NSSItem nss_builtins_items_289 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20193,7 +19539,7 @@ static const NSSItem nss_builtins_items_299 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_300 [] = { +static const NSSItem nss_builtins_items_290 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20309,7 +19655,7 @@ static const NSSItem nss_builtins_items_300 [] = { "\113\076\053\070\007\125\230\136\244" , (PRUint32)1465 } }; -static const NSSItem nss_builtins_items_301 [] = { +static const NSSItem nss_builtins_items_291 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20333,7 +19679,7 @@ static const NSSItem nss_builtins_items_301 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_302 [] = { +static const NSSItem nss_builtins_items_292 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20398,7 +19744,7 @@ static const NSSItem nss_builtins_items_302 [] = { "\375\166\004\333\142\273\220\152\003\331\106\065\331\370\174\133" , (PRUint32)576 } }; -static const NSSItem nss_builtins_items_303 [] = { +static const NSSItem nss_builtins_items_293 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20425,7 +19771,7 @@ static const NSSItem nss_builtins_items_303 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_304 [] = { +static const NSSItem nss_builtins_items_294 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20490,7 +19836,7 @@ static const NSSItem nss_builtins_items_304 [] = { "\054\163\031\110\151\116\153\174\145\277\017\374\160\316\210\220" , (PRUint32)576 } }; -static const NSSItem nss_builtins_items_305 [] = { +static const NSSItem nss_builtins_items_295 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20517,7 +19863,7 @@ static const NSSItem nss_builtins_items_305 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_306 [] = { +static const NSSItem nss_builtins_items_296 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20614,7 +19960,7 @@ static const NSSItem nss_builtins_items_306 [] = { "\202\042\055\172\124\253\160\303\175\042\145\202\160\226" , (PRUint32)1038 } }; -static const NSSItem nss_builtins_items_307 [] = { +static const NSSItem nss_builtins_items_297 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20642,7 +19988,7 @@ static const NSSItem nss_builtins_items_307 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_308 [] = { +static const NSSItem nss_builtins_items_298 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20733,7 +20079,7 @@ static const NSSItem nss_builtins_items_308 [] = { "\336\102\343\055\202\361\017\345\372\227" , (PRUint32)954 } }; -static const NSSItem nss_builtins_items_309 [] = { +static const NSSItem nss_builtins_items_299 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20761,7 +20107,7 @@ static const NSSItem nss_builtins_items_309 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_310 [] = { +static const NSSItem nss_builtins_items_300 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20840,7 +20186,7 @@ static const NSSItem nss_builtins_items_310 [] = { "\130\077\137" , (PRUint32)867 } }; -static const NSSItem nss_builtins_items_311 [] = { +static const NSSItem nss_builtins_items_301 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20864,6 +20210,788 @@ static const NSSItem nss_builtins_items_311 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; +static const NSSItem nss_builtins_items_302 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"TC TrustCenter Universal CA III", (PRUint32)32 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\173\061\013\060\011\006\003\125\004\006\023\002\104\105\061" +"\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165" +"\163\164\103\145\156\164\145\162\040\107\155\142\110\061\044\060" +"\042\006\003\125\004\013\023\033\124\103\040\124\162\165\163\164" +"\103\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154" +"\040\103\101\061\050\060\046\006\003\125\004\003\023\037\124\103" +"\040\124\162\165\163\164\103\145\156\164\145\162\040\125\156\151" +"\166\145\162\163\141\154\040\103\101\040\111\111\111" +, (PRUint32)125 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\173\061\013\060\011\006\003\125\004\006\023\002\104\105\061" +"\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165" +"\163\164\103\145\156\164\145\162\040\107\155\142\110\061\044\060" +"\042\006\003\125\004\013\023\033\124\103\040\124\162\165\163\164" +"\103\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154" +"\040\103\101\061\050\060\046\006\003\125\004\003\023\037\124\103" +"\040\124\162\165\163\164\103\145\156\164\145\162\040\125\156\151" +"\166\145\162\163\141\154\040\103\101\040\111\111\111" +, (PRUint32)125 }, + { (void *)"\002\016\143\045\000\001\000\002\024\215\063\025\002\344\154\364" +, (PRUint32)16 }, + { (void *)"\060\202\003\341\060\202\002\311\240\003\002\001\002\002\016\143" +"\045\000\001\000\002\024\215\063\025\002\344\154\364\060\015\006" +"\011\052\206\110\206\367\015\001\001\005\005\000\060\173\061\013" +"\060\011\006\003\125\004\006\023\002\104\105\061\034\060\032\006" +"\003\125\004\012\023\023\124\103\040\124\162\165\163\164\103\145" +"\156\164\145\162\040\107\155\142\110\061\044\060\042\006\003\125" +"\004\013\023\033\124\103\040\124\162\165\163\164\103\145\156\164" +"\145\162\040\125\156\151\166\145\162\163\141\154\040\103\101\061" +"\050\060\046\006\003\125\004\003\023\037\124\103\040\124\162\165" +"\163\164\103\145\156\164\145\162\040\125\156\151\166\145\162\163" +"\141\154\040\103\101\040\111\111\111\060\036\027\015\060\071\060" +"\071\060\071\060\070\061\065\062\067\132\027\015\062\071\061\062" +"\063\061\062\063\065\071\065\071\132\060\173\061\013\060\011\006" +"\003\125\004\006\023\002\104\105\061\034\060\032\006\003\125\004" +"\012\023\023\124\103\040\124\162\165\163\164\103\145\156\164\145" +"\162\040\107\155\142\110\061\044\060\042\006\003\125\004\013\023" +"\033\124\103\040\124\162\165\163\164\103\145\156\164\145\162\040" +"\125\156\151\166\145\162\163\141\154\040\103\101\061\050\060\046" +"\006\003\125\004\003\023\037\124\103\040\124\162\165\163\164\103" +"\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154\040" +"\103\101\040\111\111\111\060\202\001\042\060\015\006\011\052\206" +"\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202" +"\001\012\002\202\001\001\000\302\332\234\142\260\271\161\022\260" +"\013\310\032\127\262\256\203\024\231\263\064\113\233\220\242\305" +"\347\347\057\002\240\115\055\244\372\205\332\233\045\205\055\100" +"\050\040\155\352\340\275\261\110\203\042\051\104\237\116\203\356" +"\065\121\023\163\164\325\274\362\060\146\224\123\300\100\066\057" +"\014\204\145\316\017\156\302\130\223\350\054\013\072\351\301\216" +"\373\362\153\312\074\342\234\116\216\344\371\175\323\047\237\033" +"\325\147\170\207\055\177\013\107\263\307\350\311\110\174\257\057" +"\314\012\331\101\357\237\376\232\341\262\256\371\123\265\345\351" +"\106\237\140\343\337\215\323\177\373\226\176\263\265\162\370\113" +"\255\010\171\315\151\211\100\047\365\052\301\255\103\354\244\123" +"\310\141\266\367\322\171\052\147\030\166\110\155\133\045\001\321" +"\046\305\267\127\151\043\025\133\141\212\255\360\033\055\331\257" +"\134\361\046\220\151\251\325\014\100\365\063\200\103\217\234\243" +"\166\052\105\264\257\277\177\076\207\077\166\305\315\052\336\040" +"\305\026\130\313\371\033\365\017\313\015\021\122\144\270\322\166" +"\142\167\203\361\130\237\377\002\003\001\000\001\243\143\060\141" +"\060\037\006\003\125\035\043\004\030\060\026\200\024\126\347\341" +"\133\045\103\200\340\366\214\341\161\274\216\345\200\057\304\110" +"\342\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001" +"\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002" +"\001\006\060\035\006\003\125\035\016\004\026\004\024\126\347\341" +"\133\045\103\200\340\366\214\341\161\274\216\345\200\057\304\110" +"\342\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000" +"\003\202\001\001\000\203\307\257\352\177\115\012\074\071\261\150" +"\276\173\155\211\056\351\263\011\347\030\127\215\205\232\027\363" +"\166\102\120\023\017\307\220\157\063\255\305\111\140\053\154\111" +"\130\031\324\342\276\267\277\253\111\274\224\310\253\276\050\154" +"\026\150\340\310\227\106\040\240\150\147\140\210\071\040\121\330" +"\150\001\021\316\247\366\021\007\366\354\354\254\032\037\262\146" +"\156\126\147\140\172\164\136\300\155\227\066\256\265\015\135\146" +"\163\300\045\062\105\330\112\006\007\217\304\267\007\261\115\006" +"\015\341\245\353\364\165\312\272\234\320\275\263\323\062\044\114" +"\356\176\342\166\004\113\111\123\330\362\351\124\063\374\345\161" +"\037\075\024\134\226\113\361\072\362\000\273\154\264\372\226\125" +"\010\210\011\301\314\221\031\051\260\040\055\377\313\070\244\100" +"\341\027\276\171\141\200\377\007\003\206\114\116\173\006\237\021" +"\206\215\211\356\047\304\333\342\274\031\216\013\303\303\023\307" +"\055\003\143\073\323\350\344\242\052\302\202\010\224\026\124\360" +"\357\037\047\220\045\270\015\016\050\033\107\167\107\275\034\250" +"\045\361\224\264\146" +, (PRUint32)997 } +}; +static const NSSItem nss_builtins_items_303 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"TC TrustCenter Universal CA III", (PRUint32)32 }, + { (void *)"\226\126\315\173\127\226\230\225\320\341\101\106\150\006\373\270" +"\306\021\006\207" +, (PRUint32)20 }, + { (void *)"\237\335\333\253\377\216\377\105\041\137\360\154\235\217\376\053" +, (PRUint32)16 }, + { (void *)"\060\173\061\013\060\011\006\003\125\004\006\023\002\104\105\061" +"\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165" +"\163\164\103\145\156\164\145\162\040\107\155\142\110\061\044\060" +"\042\006\003\125\004\013\023\033\124\103\040\124\162\165\163\164" +"\103\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154" +"\040\103\101\061\050\060\046\006\003\125\004\003\023\037\124\103" +"\040\124\162\165\163\164\103\145\156\164\145\162\040\125\156\151" +"\166\145\162\163\141\154\040\103\101\040\111\111\111" +, (PRUint32)125 }, + { (void *)"\002\016\143\045\000\001\000\002\024\215\063\025\002\344\154\364" +, (PRUint32)16 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; +static const NSSItem nss_builtins_items_304 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Autoridad de Certificacion Firmaprofesional CIF A62634068", (PRUint32)58 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061" +"\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151" +"\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141" +"\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163" +"\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064" +"\060\066\070" +, (PRUint32)83 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061" +"\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151" +"\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141" +"\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163" +"\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064" +"\060\066\070" +, (PRUint32)83 }, + { (void *)"\002\010\123\354\073\356\373\262\110\137" +, (PRUint32)10 }, + { (void *)"\060\202\006\024\060\202\003\374\240\003\002\001\002\002\010\123" +"\354\073\356\373\262\110\137\060\015\006\011\052\206\110\206\367" +"\015\001\001\005\005\000\060\121\061\013\060\011\006\003\125\004" +"\006\023\002\105\123\061\102\060\100\006\003\125\004\003\014\071" +"\101\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162" +"\164\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141" +"\160\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040" +"\101\066\062\066\063\064\060\066\070\060\036\027\015\060\071\060" +"\065\062\060\060\070\063\070\061\065\132\027\015\063\060\061\062" +"\063\061\060\070\063\070\061\065\132\060\121\061\013\060\011\006" +"\003\125\004\006\023\002\105\123\061\102\060\100\006\003\125\004" +"\003\014\071\101\165\164\157\162\151\144\141\144\040\144\145\040" +"\103\145\162\164\151\146\151\143\141\143\151\157\156\040\106\151" +"\162\155\141\160\162\157\146\145\163\151\157\156\141\154\040\103" +"\111\106\040\101\066\062\066\063\064\060\066\070\060\202\002\042" +"\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003" +"\202\002\017\000\060\202\002\012\002\202\002\001\000\312\226\153" +"\216\352\370\373\361\242\065\340\177\114\332\340\303\122\327\175" +"\266\020\310\002\136\263\103\052\304\117\152\262\312\034\135\050" +"\232\170\021\032\151\131\127\257\265\040\102\344\213\017\346\337" +"\133\246\003\222\057\365\021\344\142\327\062\161\070\331\004\014" +"\161\253\075\121\176\017\007\337\143\005\134\351\277\224\157\301" +"\051\202\300\264\332\121\260\301\074\273\255\067\112\134\312\361" +"\113\066\016\044\253\277\303\204\167\375\250\120\364\261\347\306" +"\057\322\055\131\215\172\012\116\226\151\122\002\252\066\230\354" +"\374\372\024\203\014\067\037\311\222\067\177\327\201\055\345\304" +"\271\340\076\064\376\147\364\076\146\321\323\364\100\317\136\142" +"\064\017\160\006\076\040\030\132\316\367\162\033\045\154\223\164" +"\024\223\243\163\261\016\252\207\020\043\131\137\040\005\031\107" +"\355\150\216\222\022\312\135\374\326\053\262\222\074\040\317\341" +"\137\257\040\276\240\166\177\166\345\354\032\206\141\063\076\347" +"\173\264\077\240\017\216\242\271\152\157\271\207\046\157\101\154" +"\210\246\120\375\152\143\013\365\223\026\033\031\217\262\355\233" +"\233\311\220\365\001\014\337\031\075\017\076\070\043\311\057\217" +"\014\321\002\376\033\125\326\116\320\215\074\257\117\244\363\376" +"\257\052\323\005\235\171\010\241\313\127\061\264\234\310\220\262" +"\147\364\030\026\223\072\374\107\330\321\170\226\061\037\272\053" +"\014\137\135\231\255\143\211\132\044\040\166\330\337\375\253\116" +"\246\042\252\235\136\346\047\212\175\150\051\243\347\212\270\332" +"\021\273\027\055\231\235\023\044\106\367\305\342\330\237\216\177" +"\307\217\164\155\132\262\350\162\365\254\356\044\020\255\057\024" +"\332\377\055\232\106\161\107\276\102\337\273\001\333\364\177\323" +"\050\217\061\131\133\323\311\002\246\264\122\312\156\227\373\103" +"\305\010\046\157\212\364\273\375\237\050\252\015\325\105\363\023" +"\072\035\330\300\170\217\101\147\074\036\224\144\256\173\013\305" +"\350\331\001\210\071\032\227\206\144\101\325\073\207\014\156\372" +"\017\306\275\110\024\277\071\115\324\236\101\266\217\226\035\143" +"\226\223\331\225\006\170\061\150\236\067\006\073\200\211\105\141" +"\071\043\307\033\104\243\025\345\034\370\222\060\273\002\003\001" +"\000\001\243\201\357\060\201\354\060\022\006\003\125\035\023\001" +"\001\377\004\010\060\006\001\001\377\002\001\001\060\016\006\003" +"\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003" +"\125\035\016\004\026\004\024\145\315\353\253\065\036\000\076\176" +"\325\164\300\034\264\163\107\016\032\144\057\060\201\246\006\003" +"\125\035\040\004\201\236\060\201\233\060\201\230\006\004\125\035" +"\040\000\060\201\217\060\057\006\010\053\006\001\005\005\007\002" +"\001\026\043\150\164\164\160\072\057\057\167\167\167\056\146\151" +"\162\155\141\160\162\157\146\145\163\151\157\156\141\154\056\143" +"\157\155\057\143\160\163\060\134\006\010\053\006\001\005\005\007" +"\002\002\060\120\036\116\000\120\000\141\000\163\000\145\000\157" +"\000\040\000\144\000\145\000\040\000\154\000\141\000\040\000\102" +"\000\157\000\156\000\141\000\156\000\157\000\166\000\141\000\040" +"\000\064\000\067\000\040\000\102\000\141\000\162\000\143\000\145" +"\000\154\000\157\000\156\000\141\000\040\000\060\000\070\000\060" +"\000\061\000\067\060\015\006\011\052\206\110\206\367\015\001\001" +"\005\005\000\003\202\002\001\000\027\175\240\371\264\335\305\305" +"\353\255\113\044\265\241\002\253\335\245\210\112\262\017\125\113" +"\053\127\214\073\345\061\335\376\304\062\361\347\133\144\226\066" +"\062\030\354\245\062\167\327\343\104\266\300\021\052\200\271\075" +"\152\156\174\233\323\255\374\303\326\243\346\144\051\174\321\341" +"\070\036\202\053\377\047\145\257\373\026\025\304\056\161\204\345" +"\265\377\372\244\107\275\144\062\273\366\045\204\242\047\102\365" +"\040\260\302\023\020\021\315\020\025\272\102\220\052\322\104\341" +"\226\046\353\061\110\022\375\052\332\311\006\317\164\036\251\113" +"\325\207\050\371\171\064\222\076\056\104\350\366\217\117\217\065" +"\077\045\263\071\334\143\052\220\153\040\137\304\122\022\116\227" +"\054\052\254\235\227\336\110\362\243\146\333\302\322\203\225\246" +"\146\247\236\045\017\351\013\063\221\145\012\132\303\331\124\022" +"\335\257\303\116\016\037\046\136\015\334\263\215\354\325\201\160" +"\336\322\117\044\005\363\154\116\365\114\111\146\215\321\377\322" +"\013\045\101\110\376\121\204\306\102\257\200\004\317\320\176\144" +"\111\344\362\337\242\354\261\114\300\052\035\347\264\261\145\242" +"\304\274\361\230\364\252\160\007\143\264\270\332\073\114\372\100" +"\042\060\133\021\246\360\005\016\306\002\003\110\253\206\233\205" +"\335\333\335\352\242\166\200\163\175\365\234\004\304\105\215\347" +"\271\034\213\236\352\327\165\321\162\261\336\165\104\347\102\175" +"\342\127\153\175\334\231\274\075\203\050\352\200\223\215\305\114" +"\145\301\160\201\270\070\374\103\061\262\366\003\064\107\262\254" +"\373\042\006\313\036\335\027\107\034\137\146\271\323\032\242\332" +"\021\261\244\274\043\311\344\276\207\377\271\224\266\370\135\040" +"\112\324\137\347\275\150\173\145\362\025\036\322\072\251\055\351" +"\330\153\044\254\227\130\104\107\255\131\030\361\041\145\160\336" +"\316\064\140\250\100\361\363\074\244\303\050\043\214\376\047\063" +"\103\100\240\027\074\353\352\073\260\162\246\243\271\112\113\136" +"\026\110\364\262\274\310\214\222\305\235\237\254\162\066\274\064" +"\200\064\153\251\213\222\300\270\027\355\354\166\123\365\044\001" +"\214\263\042\350\113\174\125\306\235\372\243\024\273\145\205\156" +"\156\117\022\176\012\074\235\225" +, (PRUint32)1560 } +}; +static const NSSItem nss_builtins_items_305 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Autoridad de Certificacion Firmaprofesional CIF A62634068", (PRUint32)58 }, + { (void *)"\256\305\373\077\310\341\277\304\345\117\003\007\132\232\350\000" +"\267\367\266\372" +, (PRUint32)20 }, + { (void *)"\163\072\164\172\354\273\243\226\246\302\344\342\310\233\300\303" +, (PRUint32)16 }, + { (void *)"\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061" +"\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151" +"\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141" +"\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163" +"\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064" +"\060\066\070" +, (PRUint32)83 }, + { (void *)"\002\010\123\354\073\356\373\262\110\137" +, (PRUint32)10 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; +static const NSSItem nss_builtins_items_306 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Izenpe.com", (PRUint32)11 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061" +"\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105" +"\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012" +"\111\172\145\156\160\145\056\143\157\155" +, (PRUint32)58 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061" +"\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105" +"\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012" +"\111\172\145\156\160\145\056\143\157\155" +, (PRUint32)58 }, + { (void *)"\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031" +"\346\175" +, (PRUint32)18 }, + { (void *)"\060\202\005\361\060\202\003\331\240\003\002\001\002\002\020\000" +"\260\267\132\026\110\137\277\341\313\365\213\327\031\346\175\060" +"\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\070" +"\061\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060" +"\022\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123" +"\056\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172" +"\145\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062" +"\061\063\061\063\060\070\062\070\132\027\015\063\067\061\062\061" +"\063\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003" +"\125\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012" +"\014\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060" +"\021\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143" +"\157\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015" +"\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202" +"\002\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152" +"\261\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171" +"\001\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244" +"\054\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216" +"\305\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231" +"\025\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014" +"\262\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207" +"\056\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267" +"\335\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301" +"\106\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127" +"\271\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074" +"\040\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174" +"\205\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003" +"\310\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341" +"\304\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340" +"\011\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376" +"\046\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204" +"\203\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046" +"\312\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020" +"\254\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265" +"\361\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251" +"\157\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215" +"\006\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242" +"\372\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353" +"\336\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013" +"\206\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360" +"\366\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044" +"\114\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001" +"\100\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114" +"\212\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215" +"\277\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176" +"\034\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354" +"\107\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201" +"\260\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156" +"\146\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221" +"\060\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132" +"\105\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040" +"\101\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056" +"\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040" +"\124\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101" +"\006\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040" +"\115\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157" +"\162\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061" +"\060\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151" +"\172\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001" +"\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002" +"\001\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145" +"\016\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154" +"\005\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000" +"\003\202\002\001\000\170\246\014\026\112\237\114\210\072\300\313" +"\016\245\026\175\237\271\110\137\030\217\015\142\066\366\315\031" +"\153\254\253\325\366\221\175\256\161\363\077\263\016\170\205\233" +"\225\244\047\041\107\102\112\174\110\072\365\105\174\263\014\216" +"\121\170\254\225\023\336\306\375\175\270\032\220\114\253\222\003" +"\307\355\102\001\316\017\330\261\372\242\222\341\140\155\256\172" +"\153\011\252\306\051\356\150\111\147\060\200\044\172\061\026\071" +"\133\176\361\034\056\335\154\011\255\362\061\301\202\116\271\273" +"\371\276\277\052\205\077\300\100\243\072\131\374\131\113\074\050" +"\044\333\264\025\165\256\015\210\272\056\163\300\275\130\207\345" +"\102\362\353\136\356\036\060\042\231\313\067\321\304\041\154\201" +"\354\276\155\046\346\034\344\102\040\236\107\260\254\203\131\160" +"\054\065\326\257\066\064\264\315\073\370\062\250\357\343\170\211" +"\373\215\105\054\332\234\270\176\100\034\141\347\076\242\222\054" +"\113\362\315\372\230\266\051\377\363\362\173\251\037\056\240\223" +"\127\053\336\205\003\371\151\067\313\236\170\152\005\264\305\061" +"\170\211\354\172\247\205\341\271\173\074\336\276\036\171\204\316" +"\237\160\016\131\302\065\056\220\052\061\331\344\105\172\101\244" +"\056\023\233\064\016\146\173\111\253\144\227\320\106\303\171\235" +"\162\120\143\246\230\133\006\275\110\155\330\071\203\160\350\065" +"\360\005\321\252\274\343\333\310\002\352\174\375\202\332\302\133" +"\122\065\256\230\072\255\272\065\223\043\247\037\110\335\065\106" +"\230\262\020\150\344\245\061\302\012\130\056\031\201\020\311\120" +"\165\374\352\132\026\316\021\327\356\357\120\210\055\141\377\077" +"\102\163\005\224\103\325\216\074\116\001\072\031\245\037\106\116" +"\167\320\135\345\201\042\041\207\376\224\175\204\330\223\255\326" +"\150\103\110\262\333\353\163\044\347\221\177\124\244\266\200\076" +"\235\243\074\114\162\302\127\304\240\324\314\070\047\316\325\006" +"\236\242\110\331\351\237\316\202\160\066\223\232\073\337\226\041" +"\343\131\267\014\332\221\067\360\375\131\132\263\231\310\151\154" +"\103\046\001\065\143\140\125\211\003\072\165\330\272\112\331\124" +"\377\356\336\200\330\055\321\070\325\136\055\013\230\175\076\154" +"\333\374\046\210\307" +, (PRUint32)1525 } +}; +static const NSSItem nss_builtins_items_307 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Izenpe.com", (PRUint32)11 }, + { (void *)"\057\170\075\045\122\030\247\112\145\071\161\265\054\242\234\105" +"\025\157\351\031" +, (PRUint32)20 }, + { (void *)"\246\260\315\205\200\332\134\120\064\243\071\220\057\125\147\163" +, (PRUint32)16 }, + { (void *)"\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061" +"\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105" +"\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012" +"\111\172\145\156\160\145\056\143\157\155" +, (PRUint32)58 }, + { (void *)"\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031" +"\346\175" +, (PRUint32)18 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; +static const NSSItem nss_builtins_items_308 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Chambers of Commerce Root - 2008", (PRUint32)33 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125" +"\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151" +"\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141" +"\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141" +"\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144" +"\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011" +"\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125" +"\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155" +"\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023" +"\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155" +"\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060" +"\070" +, (PRUint32)177 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125" +"\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151" +"\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141" +"\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141" +"\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144" +"\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011" +"\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125" +"\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155" +"\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023" +"\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155" +"\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060" +"\070" +, (PRUint32)177 }, + { (void *)"\002\011\000\243\332\102\176\244\261\256\332" +, (PRUint32)11 }, + { (void *)"\060\202\007\117\060\202\005\067\240\003\002\001\002\002\011\000" +"\243\332\102\176\244\261\256\332\060\015\006\011\052\206\110\206" +"\367\015\001\001\005\005\000\060\201\256\061\013\060\011\006\003" +"\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007" +"\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165" +"\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164" +"\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056" +"\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020" +"\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067" +"\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141" +"\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051\060" +"\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162\163" +"\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157" +"\164\040\055\040\062\060\060\070\060\036\027\015\060\070\060\070" +"\060\061\061\062\062\071\065\060\132\027\015\063\070\060\067\063" +"\061\061\062\062\071\065\060\132\060\201\256\061\013\060\011\006" +"\003\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004" +"\007\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143" +"\165\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141" +"\164\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141" +"\056\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060" +"\020\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070" +"\067\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103" +"\141\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051" +"\060\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162" +"\163\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157" +"\157\164\040\055\040\062\060\060\070\060\202\002\042\060\015\006" +"\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017" +"\000\060\202\002\012\002\202\002\001\000\257\000\313\160\067\053" +"\200\132\112\072\154\170\224\175\243\177\032\037\366\065\325\275" +"\333\313\015\104\162\076\046\262\220\122\272\143\073\050\130\157" +"\245\263\155\224\246\363\335\144\014\125\366\366\347\362\042\042" +"\200\136\341\142\306\266\051\341\201\154\362\277\345\175\062\152" +"\124\240\062\031\131\376\037\213\327\075\140\206\205\044\157\343" +"\021\263\167\076\040\226\065\041\153\263\010\331\160\056\144\367" +"\204\222\123\326\016\260\220\212\212\343\207\215\006\323\275\220" +"\016\342\231\241\033\206\016\332\232\012\273\013\141\120\006\122" +"\361\236\177\166\354\313\017\320\036\015\317\231\060\075\034\304" +"\105\020\130\254\326\323\350\327\345\352\305\001\007\167\326\121" +"\346\003\177\212\110\245\115\150\165\271\351\274\236\116\031\161" +"\365\062\113\234\155\140\031\013\373\314\235\165\334\277\046\315" +"\217\223\170\071\171\163\136\045\016\312\134\353\167\022\007\313" +"\144\101\107\162\223\253\120\303\353\011\166\144\064\322\071\267" +"\166\021\011\015\166\105\304\251\256\075\152\257\265\175\145\057" +"\224\130\020\354\134\174\257\176\342\266\030\331\320\233\116\132" +"\111\337\251\146\013\314\074\306\170\174\247\234\035\343\316\216" +"\123\276\005\336\140\017\153\345\032\333\077\343\341\041\311\051" +"\301\361\353\007\234\122\033\001\104\121\074\173\045\327\304\345" +"\122\124\135\045\007\312\026\040\270\255\344\101\356\172\010\376" +"\231\157\203\246\221\002\260\154\066\125\152\347\175\365\226\346" +"\312\201\326\227\361\224\203\351\355\260\261\153\022\151\036\254" +"\373\135\251\305\230\351\264\133\130\172\276\075\242\104\072\143" +"\131\324\013\045\336\033\117\275\345\001\236\315\322\051\325\237" +"\027\031\012\157\277\014\220\323\011\137\331\343\212\065\314\171" +"\132\115\031\067\222\267\304\301\255\257\364\171\044\232\262\001" +"\013\261\257\134\226\363\200\062\373\134\075\230\361\240\077\112" +"\336\276\257\224\056\331\125\232\027\156\140\235\143\154\270\143" +"\311\256\201\134\030\065\340\220\273\276\074\117\067\042\271\176" +"\353\317\236\167\041\246\075\070\201\373\110\332\061\075\053\343" +"\211\365\320\265\275\176\340\120\304\022\211\263\043\232\020\061" +"\205\333\256\157\357\070\063\030\166\021\002\003\001\000\001\243" +"\202\001\154\060\202\001\150\060\022\006\003\125\035\023\001\001" +"\377\004\010\060\006\001\001\377\002\001\014\060\035\006\003\125" +"\035\016\004\026\004\024\371\044\254\017\262\265\370\171\300\372" +"\140\210\033\304\331\115\002\236\027\031\060\201\343\006\003\125" +"\035\043\004\201\333\060\201\330\200\024\371\044\254\017\262\265" +"\370\171\300\372\140\210\033\304\331\115\002\236\027\031\241\201" +"\264\244\201\261\060\201\256\061\013\060\011\006\003\125\004\006" +"\023\002\105\125\061\103\060\101\006\003\125\004\007\023\072\115" +"\141\144\162\151\144\040\050\163\145\145\040\143\165\162\162\145" +"\156\164\040\141\144\144\162\145\163\163\040\141\164\040\167\167" +"\167\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155" +"\057\141\144\144\162\145\163\163\051\061\022\060\020\006\003\125" +"\004\005\023\011\101\070\062\067\064\063\062\070\067\061\033\060" +"\031\006\003\125\004\012\023\022\101\103\040\103\141\155\145\162" +"\146\151\162\155\141\040\123\056\101\056\061\051\060\047\006\003" +"\125\004\003\023\040\103\150\141\155\142\145\162\163\040\157\146" +"\040\103\157\155\155\145\162\143\145\040\122\157\157\164\040\055" +"\040\062\060\060\070\202\011\000\243\332\102\176\244\261\256\332" +"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006" +"\060\075\006\003\125\035\040\004\066\060\064\060\062\006\004\125" +"\035\040\000\060\052\060\050\006\010\053\006\001\005\005\007\002" +"\001\026\034\150\164\164\160\072\057\057\160\157\154\151\143\171" +"\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155\060" +"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202" +"\002\001\000\220\022\257\042\065\302\243\071\360\056\336\351\265" +"\351\170\174\110\276\077\175\105\222\136\351\332\261\031\374\026" +"\074\237\264\133\146\236\152\347\303\271\135\210\350\017\255\317" +"\043\017\336\045\072\136\314\117\245\301\265\055\254\044\322\130" +"\007\336\242\317\151\204\140\063\350\020\015\023\251\043\320\205" +"\345\216\173\246\236\075\162\023\162\063\365\252\175\306\143\037" +"\010\364\376\001\177\044\317\053\054\124\011\336\342\053\155\222" +"\306\071\117\026\352\074\176\172\106\324\105\152\106\250\353\165" +"\202\126\247\253\240\174\150\023\063\366\235\060\360\157\047\071" +"\044\043\052\220\375\220\051\065\362\223\337\064\245\306\367\370" +"\357\214\017\142\112\174\256\323\365\124\370\215\266\232\126\207" +"\026\202\072\063\253\132\042\010\367\202\272\352\056\340\107\232" +"\264\265\105\243\005\073\331\334\056\105\100\073\352\334\177\350" +"\073\353\321\354\046\330\065\244\060\305\072\254\127\236\263\166" +"\245\040\173\371\036\112\005\142\001\246\050\165\140\227\222\015" +"\156\076\115\067\103\015\222\025\234\030\042\315\121\231\240\051" +"\032\074\137\212\062\063\133\060\307\211\057\107\230\017\243\003" +"\306\366\361\254\337\062\360\331\201\032\344\234\275\366\200\024" +"\360\321\054\271\205\365\330\243\261\310\245\041\345\034\023\227" +"\356\016\275\337\051\251\357\064\123\133\323\344\152\023\204\006" +"\266\062\002\304\122\256\042\322\334\262\041\102\032\332\100\360" +"\051\311\354\012\014\134\342\320\272\314\110\323\067\012\314\022" +"\012\212\171\260\075\003\177\151\113\364\064\040\175\263\064\352" +"\216\113\144\365\076\375\263\043\147\025\015\004\270\360\055\301" +"\011\121\074\262\154\025\360\245\043\327\203\164\344\345\056\311" +"\376\230\047\102\306\253\306\236\260\320\133\070\245\233\120\336" +"\176\030\230\265\105\073\366\171\264\350\367\032\173\006\203\373" +"\320\213\332\273\307\275\030\253\010\157\074\200\153\100\077\031" +"\031\272\145\212\346\276\325\134\323\066\327\357\100\122\044\140" +"\070\147\004\061\354\217\363\202\306\336\271\125\363\073\061\221" +"\132\334\265\010\025\255\166\045\012\015\173\056\207\342\014\246" +"\006\274\046\020\155\067\235\354\335\170\214\174\200\305\360\331" +"\167\110\320" +, (PRUint32)1875 } +}; +static const NSSItem nss_builtins_items_309 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Chambers of Commerce Root - 2008", (PRUint32)33 }, + { (void *)"\170\152\164\254\166\253\024\177\234\152\060\120\272\236\250\176" +"\376\232\316\074" +, (PRUint32)20 }, + { (void *)"\136\200\236\204\132\016\145\013\027\002\363\125\030\052\076\327" +, (PRUint32)16 }, + { (void *)"\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125" +"\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151" +"\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141" +"\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141" +"\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144" +"\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011" +"\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125" +"\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155" +"\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023" +"\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155" +"\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060" +"\070" +, (PRUint32)177 }, + { (void *)"\002\011\000\243\332\102\176\244\261\256\332" +, (PRUint32)11 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; +static const NSSItem nss_builtins_items_310 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Global Chambersign Root - 2008", (PRUint32)31 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125" +"\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151" +"\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141" +"\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141" +"\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144" +"\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011" +"\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125" +"\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155" +"\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023" +"\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163" +"\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070" +, (PRUint32)175 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125" +"\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151" +"\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141" +"\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141" +"\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144" +"\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011" +"\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125" +"\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155" +"\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023" +"\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163" +"\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070" +, (PRUint32)175 }, + { (void *)"\002\011\000\311\315\323\351\325\175\043\316" +, (PRUint32)11 }, + { (void *)"\060\202\007\111\060\202\005\061\240\003\002\001\002\002\011\000" +"\311\315\323\351\325\175\043\316\060\015\006\011\052\206\110\206" +"\367\015\001\001\005\005\000\060\201\254\061\013\060\011\006\003" +"\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007" +"\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165" +"\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164" +"\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056" +"\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020" +"\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067" +"\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141" +"\155\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060" +"\045\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103" +"\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040" +"\055\040\062\060\060\070\060\036\027\015\060\070\060\070\060\061" +"\061\062\063\061\064\060\132\027\015\063\070\060\067\063\061\061" +"\062\063\061\064\060\132\060\201\254\061\013\060\011\006\003\125" +"\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007\023" +"\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165\162" +"\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164\040" +"\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056\143" +"\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020\006" +"\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067\061" +"\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141\155" +"\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060\045" +"\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103\150" +"\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040\055" +"\040\062\060\060\070\060\202\002\042\060\015\006\011\052\206\110" +"\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002" +"\012\002\202\002\001\000\300\337\126\323\344\072\233\166\105\264" +"\023\333\377\301\266\031\213\067\101\030\225\122\107\353\027\235" +"\051\210\216\065\154\006\062\056\107\142\363\111\004\277\175\104" +"\066\261\161\314\275\132\011\163\325\331\205\104\377\221\127\045" +"\337\136\066\216\160\321\134\161\103\035\331\332\357\134\322\373" +"\033\275\072\265\313\255\243\314\104\247\015\256\041\025\077\271" +"\172\133\222\165\330\244\022\070\211\031\212\267\200\322\342\062" +"\157\126\234\221\326\210\020\013\263\164\144\222\164\140\363\366" +"\317\030\117\140\262\043\320\307\073\316\141\113\231\217\302\014" +"\320\100\262\230\334\015\250\116\243\271\012\256\140\240\255\105" +"\122\143\272\146\275\150\340\371\276\032\250\201\273\036\101\170" +"\165\323\301\376\000\125\260\207\124\350\047\220\065\035\114\063" +"\255\227\374\227\056\230\204\277\054\311\243\277\321\230\021\024" +"\355\143\370\312\230\210\130\027\231\355\105\003\227\176\074\206" +"\036\210\214\276\362\221\204\217\145\064\330\000\114\175\267\061" +"\027\132\051\172\012\030\044\060\243\067\265\172\251\001\175\046" +"\326\371\016\216\131\361\375\033\063\265\051\073\027\073\101\266" +"\041\335\324\300\075\245\237\237\037\103\120\311\273\274\154\172" +"\227\230\356\315\214\037\373\234\121\256\213\160\275\047\237\161" +"\300\153\254\175\220\146\350\327\135\072\015\260\325\302\215\325" +"\310\235\235\301\155\320\320\277\121\344\343\370\303\070\066\256" +"\326\247\165\346\257\204\103\135\223\222\014\152\007\336\073\035" +"\230\042\326\254\301\065\333\243\240\045\377\162\265\166\035\336" +"\155\351\054\146\054\122\204\320\105\222\316\034\345\345\063\035" +"\334\007\123\124\243\252\202\073\232\067\057\334\335\240\144\351" +"\346\335\275\256\374\144\205\035\074\247\311\006\336\204\377\153" +"\350\153\032\074\305\242\263\102\373\213\011\076\137\010\122\307" +"\142\304\324\005\161\277\304\144\344\370\241\203\350\076\022\233" +"\250\036\324\066\115\057\161\366\215\050\366\203\251\023\322\141" +"\301\221\273\110\300\064\217\101\214\113\114\333\151\022\377\120" +"\224\234\040\203\131\163\355\174\241\362\361\375\335\367\111\323" +"\103\130\240\126\143\312\075\075\345\065\126\131\351\016\312\040" +"\314\053\113\223\051\017\002\003\001\000\001\243\202\001\152\060" +"\202\001\146\060\022\006\003\125\035\023\001\001\377\004\010\060" +"\006\001\001\377\002\001\014\060\035\006\003\125\035\016\004\026" +"\004\024\271\011\312\234\036\333\323\154\072\153\256\355\124\361" +"\133\223\006\065\056\136\060\201\341\006\003\125\035\043\004\201" +"\331\060\201\326\200\024\271\011\312\234\036\333\323\154\072\153" +"\256\355\124\361\133\223\006\065\056\136\241\201\262\244\201\257" +"\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125" +"\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151" +"\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141" +"\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141" +"\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144" +"\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011" +"\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125" +"\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155" +"\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023" +"\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163" +"\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070\202" +"\011\000\311\315\323\351\325\175\043\316\060\016\006\003\125\035" +"\017\001\001\377\004\004\003\002\001\006\060\075\006\003\125\035" +"\040\004\066\060\064\060\062\006\004\125\035\040\000\060\052\060" +"\050\006\010\053\006\001\005\005\007\002\001\026\034\150\164\164" +"\160\072\057\057\160\157\154\151\143\171\056\143\141\155\145\162" +"\146\151\162\155\141\056\143\157\155\060\015\006\011\052\206\110" +"\206\367\015\001\001\005\005\000\003\202\002\001\000\200\210\177" +"\160\336\222\050\331\005\224\106\377\220\127\251\361\057\337\032" +"\015\153\372\174\016\034\111\044\171\047\330\106\252\157\051\131" +"\122\210\160\022\352\335\075\365\233\123\124\157\341\140\242\250" +"\011\271\354\353\131\174\306\065\361\334\030\351\361\147\345\257" +"\272\105\340\011\336\312\104\017\302\027\016\167\221\105\172\063" +"\137\137\226\054\150\213\301\107\217\230\233\075\300\354\313\365" +"\325\202\222\204\065\321\276\066\070\126\162\061\133\107\055\252" +"\027\244\143\121\353\012\001\255\177\354\165\236\313\241\037\361" +"\177\022\261\271\344\144\177\147\326\043\052\364\270\071\135\230" +"\350\041\247\341\275\075\102\032\164\232\160\257\150\154\120\135" +"\111\317\377\373\016\135\346\054\107\327\201\072\131\000\265\163" +"\153\143\040\366\061\105\010\071\016\364\160\176\100\160\132\077" +"\320\153\102\251\164\075\050\057\002\155\165\162\225\011\215\110" +"\143\306\306\043\127\222\223\136\065\301\215\371\012\367\054\235" +"\142\034\366\255\174\335\246\061\036\266\261\307\176\205\046\372" +"\244\152\265\332\143\060\321\357\223\067\262\146\057\175\005\367" +"\347\267\113\230\224\065\300\331\072\051\301\235\262\120\063\035" +"\112\251\132\246\311\003\357\355\364\347\250\156\212\264\127\204" +"\353\244\077\320\356\252\252\207\133\143\350\223\342\153\250\324" +"\270\162\170\153\033\355\071\344\135\313\233\252\207\325\117\116" +"\000\376\331\152\237\074\061\017\050\002\001\175\230\350\247\260" +"\242\144\236\171\370\110\362\025\251\314\346\310\104\353\077\170" +"\231\362\173\161\076\074\361\230\247\305\030\022\077\346\273\050" +"\063\102\351\105\012\174\155\362\206\171\057\305\202\031\175\011" +"\211\174\262\124\166\210\256\336\301\363\314\341\156\333\061\326" +"\223\256\231\240\357\045\152\163\230\211\133\072\056\023\210\036" +"\277\300\222\224\064\033\343\047\267\213\036\157\102\377\347\351" +"\067\233\120\035\055\242\371\002\356\313\130\130\072\161\274\150" +"\343\252\301\257\034\050\037\242\334\043\145\077\201\352\256\231" +"\323\330\060\317\023\015\117\025\311\204\274\247\110\055\370\060" +"\043\167\330\106\113\171\155\366\214\355\072\177\140\021\170\364" +"\351\233\256\325\124\300\164\200\321\013\102\237\301" +, (PRUint32)1869 } +}; +static const NSSItem nss_builtins_items_311 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Global Chambersign Root - 2008", (PRUint32)31 }, + { (void *)"\112\275\356\354\225\015\065\234\211\256\307\122\241\054\133\051" +"\366\326\252\014" +, (PRUint32)20 }, + { (void *)"\236\200\377\170\001\014\056\301\066\275\376\226\220\156\010\363" +, (PRUint32)16 }, + { (void *)"\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125" +"\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151" +"\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141" +"\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141" +"\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144" +"\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011" +"\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125" +"\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155" +"\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023" +"\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163" +"\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070" +, (PRUint32)175 }, + { (void *)"\002\011\000\311\315\323\351\325\175\043\316" +, (PRUint32)11 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; builtinsInternalObject nss_builtins_data[] = { diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index f7596312e77..4694e7740ad 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -34,7 +34,7 @@ # the terms of any one of the MPL, the GPL or the LGPL. # # ***** END LICENSE BLOCK ***** -CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.1 $ $Date: 2010/08/27 15:46:44 $" +CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.6 $ $Date: 2010/12/02 23:26:35 $" # # certdata.txt @@ -102,96 +102,6 @@ CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE CKA_LABEL UTF8 "Mozilla Builtin Roots" -# -# Certificate "GTE CyberTrust Root CA" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTE CyberTrust Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 -\162\160\157\162\141\164\151\157\156\061\034\060\032\006\003\125 -\004\003\023\023\107\124\105\040\103\171\142\145\162\124\162\165 -\163\164\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 -\162\160\157\162\141\164\151\157\156\061\034\060\032\006\003\125 -\004\003\023\023\107\124\105\040\103\171\142\145\162\124\162\165 -\163\164\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\001\243 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\001\372\060\202\001\143\002\002\001\243\060\015\006\011 -\052\206\110\206\367\015\001\001\004\005\000\060\105\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\030\060\026\006\003 -\125\004\012\023\017\107\124\105\040\103\157\162\160\157\162\141 -\164\151\157\156\061\034\060\032\006\003\125\004\003\023\023\107 -\124\105\040\103\171\142\145\162\124\162\165\163\164\040\122\157 -\157\164\060\036\027\015\071\066\060\062\062\063\062\063\060\061 -\060\060\132\027\015\060\066\060\062\062\063\062\063\065\071\060 -\060\132\060\105\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\030\060\026\006\003\125\004\012\023\017\107\124\105\040 -\103\157\162\160\157\162\141\164\151\157\156\061\034\060\032\006 -\003\125\004\003\023\023\107\124\105\040\103\171\142\145\162\124 -\162\165\163\164\040\122\157\157\164\060\201\237\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060 -\201\211\002\201\201\000\270\346\117\272\333\230\174\161\174\257 -\104\267\323\017\106\331\144\345\223\301\102\216\307\272\111\215 -\065\055\172\347\213\275\345\005\061\131\306\261\057\012\014\373 -\237\247\077\242\011\146\204\126\036\067\051\033\207\351\176\014 -\312\232\237\245\177\365\025\224\243\325\242\106\202\330\150\114 -\321\067\025\006\150\257\275\370\260\263\360\051\365\225\132\011 -\026\141\167\012\042\045\324\117\105\252\307\275\345\226\337\371 -\324\250\216\102\314\044\300\036\221\047\112\265\155\006\200\143 -\071\304\242\136\070\003\002\003\001\000\001\060\015\006\011\052 -\206\110\206\367\015\001\001\004\005\000\003\201\201\000\022\263 -\165\306\137\035\341\141\125\200\000\324\201\113\173\061\017\043 -\143\347\075\363\003\371\364\066\250\273\331\343\245\227\115\352 -\053\051\340\326\152\163\201\346\300\211\243\323\361\340\245\245 -\042\067\232\143\302\110\040\264\333\162\343\310\366\331\174\276 -\261\257\123\332\024\264\041\270\326\325\226\343\376\116\014\131 -\142\266\232\112\371\102\335\214\157\201\251\161\377\364\012\162 -\155\155\104\016\235\363\164\164\250\325\064\111\351\136\236\351 -\264\172\341\345\132\037\204\060\234\323\237\245\045\330 -END - -# Trust for Certificate "GTE CyberTrust Root CA" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTE CyberTrust Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\220\336\336\236\114\116\237\157\330\206\027\127\235\323\221\274 -\145\246\211\144 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\304\327\360\262\243\305\175\141\147\360\004\315\103\323\272\130 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 -\162\160\157\162\141\164\151\157\156\061\034\060\032\006\003\125 -\004\003\023\023\107\124\105\040\103\171\142\145\162\124\162\165 -\163\164\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\001\243 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "GTE CyberTrust Global Root" # @@ -3983,150 +3893,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "beTRUSTed Root CA" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061 -\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123 -\124\145\144\061\033\060\031\006\003\125\004\003\023\022\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\163 -\061\032\060\030\006\003\125\004\003\023\021\142\145\124\122\125 -\123\124\145\144\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061 -\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123 -\124\145\144\061\033\060\031\006\003\125\004\003\023\022\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\163 -\061\032\060\030\006\003\125\004\003\023\021\142\145\124\122\125 -\123\124\145\144\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\071\117\175\207 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\054\060\202\004\024\240\003\002\001\002\002\004\071 -\117\175\207\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\127 -\127\061\022\060\020\006\003\125\004\012\023\011\142\145\124\122 -\125\123\124\145\144\061\033\060\031\006\003\125\004\003\023\022 -\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103 -\101\163\061\032\060\030\006\003\125\004\003\023\021\142\145\124 -\122\125\123\124\145\144\040\122\157\157\164\040\103\101\060\036 -\027\015\060\060\060\066\062\060\061\064\062\061\060\064\132\027 -\015\061\060\060\066\062\060\061\063\062\061\060\064\132\060\132 -\061\013\060\011\006\003\125\004\006\023\002\127\127\061\022\060 -\020\006\003\125\004\012\023\011\142\145\124\122\125\123\124\145 -\144\061\033\060\031\006\003\125\004\003\023\022\142\145\124\122 -\125\123\124\145\144\040\122\157\157\164\040\103\101\163\061\032 -\060\030\006\003\125\004\003\023\021\142\145\124\122\125\123\124 -\145\144\040\122\157\157\164\040\103\101\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\324\264\163\172\023 -\012\070\125\001\276\211\126\341\224\236\324\276\132\353\112\064 -\165\033\141\051\304\341\255\010\140\041\170\110\377\264\320\372 -\136\101\215\141\104\207\350\355\311\130\372\374\223\232\337\117 -\352\076\065\175\370\063\172\346\361\327\315\157\111\113\075\117 -\055\156\016\203\072\030\170\167\243\317\347\364\115\163\330\232 -\073\032\035\276\225\123\317\040\227\302\317\076\044\122\154\014 -\216\145\131\305\161\377\142\011\217\252\305\217\314\140\240\163 -\112\327\070\077\025\162\277\242\227\267\160\350\257\342\176\026 -\006\114\365\252\144\046\162\007\045\255\065\374\030\261\046\327 -\330\377\031\016\203\033\214\334\170\105\147\064\075\364\257\034 -\215\344\155\153\355\040\263\147\232\264\141\313\027\157\211\065 -\377\347\116\300\062\022\347\356\354\337\377\227\060\164\355\215 -\107\216\353\264\303\104\346\247\114\177\126\103\350\270\274\266 -\276\372\203\227\346\273\373\304\266\223\276\031\030\076\214\201 -\271\163\210\026\364\226\103\234\147\163\027\220\330\011\156\143 -\254\112\266\043\304\001\241\255\244\344\305\002\003\001\000\001 -\243\202\001\370\060\202\001\364\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\202\001\131\006\003\125 -\035\040\004\202\001\120\060\202\001\114\060\202\001\110\006\012 -\053\006\001\004\001\261\076\001\000\000\060\202\001\070\060\202 -\001\001\006\010\053\006\001\005\005\007\002\002\060\201\364\032 -\201\361\122\145\154\151\141\156\143\145\040\157\156\040\164\150 -\151\163\040\143\145\162\164\151\146\151\143\141\164\145\040\142 -\171\040\141\156\171\040\160\141\162\164\171\040\141\163\163\165 -\155\145\163\040\141\143\143\145\160\164\141\156\143\145\040\157 -\146\040\164\150\145\040\164\150\145\156\040\141\160\160\154\151 -\143\141\142\154\145\040\163\164\141\156\144\141\162\144\040\164 -\145\162\155\163\040\141\156\144\040\143\157\156\144\151\164\151 -\157\156\163\040\157\146\040\165\163\145\054\040\141\156\144\040 -\143\145\162\164\151\146\151\143\141\164\151\157\156\040\160\162 -\141\143\164\151\143\145\040\163\164\141\164\145\155\145\156\164 -\054\040\167\150\151\143\150\040\143\141\156\040\142\145\040\146 -\157\165\156\144\040\141\164\040\142\145\124\122\125\123\124\145 -\144\047\163\040\167\145\142\040\163\151\164\145\054\040\150\164 -\164\160\163\072\057\057\167\167\167\056\142\145\124\122\125\123 -\124\145\144\056\143\157\155\057\166\141\165\154\164\057\164\145 -\162\155\163\060\061\006\010\053\006\001\005\005\007\002\001\026 -\045\150\164\164\160\163\072\057\057\167\167\167\056\142\145\124 -\122\125\123\124\145\144\056\143\157\155\057\166\141\165\154\164 -\057\164\145\162\155\163\060\064\006\003\125\035\037\004\055\060 -\053\060\051\240\047\240\045\244\043\060\041\061\022\060\020\006 -\003\125\004\012\023\011\142\145\124\122\125\123\124\145\144\061 -\013\060\011\006\003\125\004\006\023\002\127\127\060\035\006\003 -\125\035\016\004\026\004\024\052\271\233\151\056\073\233\330\315 -\336\052\061\004\064\153\312\007\030\253\147\060\037\006\003\125 -\035\043\004\030\060\026\200\024\052\271\233\151\056\073\233\330 -\315\336\052\061\004\064\153\312\007\030\253\147\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\376\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000 -\171\141\333\243\136\156\026\261\352\166\121\371\313\025\233\313 -\151\276\346\201\153\237\050\037\145\076\335\021\205\222\324\350 -\101\277\176\063\275\043\347\361\040\277\244\264\246\031\001\306 -\214\215\065\174\145\244\117\011\244\326\330\043\025\005\023\247 -\103\171\257\333\243\016\233\173\170\032\363\004\206\132\306\366 -\214\040\107\070\111\120\006\235\162\147\072\360\230\003\255\226 -\147\104\374\077\020\015\206\115\344\000\073\051\173\316\073\073 -\231\206\141\045\100\204\334\023\142\267\372\312\131\326\003\036 -\326\123\001\315\155\114\150\125\100\341\356\153\307\052\000\000 -\110\202\263\012\001\303\140\052\014\367\202\065\356\110\206\226 -\344\164\324\075\352\001\161\272\004\165\100\247\251\177\071\071 -\232\125\227\051\145\256\031\125\045\005\162\107\323\350\030\334 -\270\351\257\103\163\001\022\164\243\341\134\137\025\135\044\363 -\371\344\364\266\147\147\022\347\144\042\212\366\245\101\246\034 -\266\140\143\105\212\020\264\272\106\020\256\101\127\145\154\077 -\043\020\077\041\020\131\267\344\100\335\046\014\043\366\252\256 -END - -# Trust for Certificate "beTRUSTed Root CA" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\133\315\315\314\146\366\334\344\104\037\343\175\134\303\023\114 -\106\364\160\070 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\205\312\166\132\033\321\150\042\334\242\043\022\312\306\200\064 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061 -\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123 -\124\145\144\061\033\060\031\006\003\125\004\003\023\022\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\163 -\061\032\060\030\006\003\125\004\003\023\021\142\145\124\122\125 -\123\124\145\144\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\071\117\175\207 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "AddTrust Low-Value Services Root" # @@ -4551,7 +4317,7 @@ CKA_ISSUER MULTILINE_OCTAL \144\040\103\101\040\122\157\157\164 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\001 +\002\001\001 END CKA_VALUE MULTILINE_OCTAL \060\202\004\036\060\202\003\006\240\003\002\001\002\002\001\001 @@ -5522,476 +5288,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "beTRUSTed Root CA-Baltimore Implementation" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA-Baltimore Implementation" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055 -\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155 -\145\156\164\141\164\151\157\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055 -\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155 -\145\156\164\141\164\151\157\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\074\265\075\106 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\152\060\202\004\122\240\003\002\001\002\002\004\074 -\265\075\106\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\146\061\022\060\020\006\003\125\004\012\023\011\142 -\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125\004 -\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157\157 -\164\040\103\101\163\061\063\060\061\006\003\125\004\003\023\052 -\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103 -\101\055\102\141\154\164\151\155\157\162\145\040\111\155\160\154 -\145\155\145\156\164\141\164\151\157\156\060\036\027\015\060\062 -\060\064\061\061\060\067\063\070\065\061\132\027\015\062\062\060 -\064\061\061\060\067\063\070\065\061\132\060\146\061\022\060\020 -\006\003\125\004\012\023\011\142\145\124\122\125\123\124\145\144 -\061\033\060\031\006\003\125\004\013\023\022\142\145\124\122\125 -\123\124\145\144\040\122\157\157\164\040\103\101\163\061\063\060 -\061\006\003\125\004\003\023\052\142\145\124\122\125\123\124\145 -\144\040\122\157\157\164\040\103\101\055\102\141\154\164\151\155 -\157\162\145\040\111\155\160\154\145\155\145\156\164\141\164\151 -\157\156\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\274\176\304\071\234\214\343\326\034\206\377\312\142 -\255\340\177\060\105\172\216\032\263\270\307\371\321\066\377\042 -\363\116\152\137\204\020\373\146\201\303\224\171\061\322\221\341 -\167\216\030\052\303\024\336\121\365\117\243\053\274\030\026\342 -\265\335\171\336\042\370\202\176\313\201\037\375\047\054\217\372 -\227\144\042\216\370\377\141\243\234\033\036\222\217\300\250\011 -\337\011\021\354\267\175\061\232\032\352\203\041\006\074\237\272 -\134\377\224\352\152\270\303\153\125\064\117\075\062\037\335\201 -\024\340\304\074\315\235\060\370\060\251\227\323\356\314\243\320 -\037\137\034\023\201\324\030\253\224\321\143\303\236\177\065\222 -\236\137\104\352\354\364\042\134\267\350\075\175\244\371\211\251 -\221\262\052\331\353\063\207\356\245\375\343\332\314\210\346\211 -\046\156\307\053\202\320\136\235\131\333\024\354\221\203\005\303 -\136\016\306\052\320\004\335\161\075\040\116\130\047\374\123\373 -\170\170\031\024\262\374\220\122\211\070\142\140\007\264\240\354 -\254\153\120\326\375\271\050\153\357\122\055\072\262\377\361\001 -\100\254\067\002\003\001\000\001\243\202\002\036\060\202\002\032 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\202\001\265\006\003\125\035\040\004\202\001\254\060\202 -\001\250\060\202\001\244\006\017\053\006\001\004\001\261\076\000 -\000\001\011\050\203\221\061\060\202\001\217\060\202\001\110\006 -\010\053\006\001\005\005\007\002\002\060\202\001\072\032\202\001 -\066\122\145\154\151\141\156\143\145\040\157\156\040\157\162\040 -\165\163\145\040\157\146\040\164\150\151\163\040\103\145\162\164 -\151\146\151\143\141\164\145\040\143\162\145\141\164\145\163\040 -\141\156\040\141\143\153\156\157\167\154\145\144\147\155\145\156 -\164\040\141\156\144\040\141\143\143\145\160\164\141\156\143\145 -\040\157\146\040\164\150\145\040\164\150\145\156\040\141\160\160 -\154\151\143\141\142\154\145\040\163\164\141\156\144\141\162\144 -\040\164\145\162\155\163\040\141\156\144\040\143\157\156\144\151 -\164\151\157\156\163\040\157\146\040\165\163\145\054\040\164\150 -\145\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\120\162\141\143\164\151\143\145\040\123\164\141\164\145\155\145 -\156\164\040\141\156\144\040\164\150\145\040\122\145\154\171\151 -\156\147\040\120\141\162\164\171\040\101\147\162\145\145\155\145 -\156\164\054\040\167\150\151\143\150\040\143\141\156\040\142\145 -\040\146\157\165\156\144\040\141\164\040\164\150\145\040\142\145 -\124\122\125\123\124\145\144\040\167\145\142\040\163\151\164\145 -\054\040\150\164\164\160\072\057\057\167\167\167\056\142\145\164 -\162\165\163\164\145\144\056\143\157\155\057\160\162\157\144\165 -\143\164\163\137\163\145\162\166\151\143\145\163\057\151\156\144 -\145\170\056\150\164\155\154\060\101\006\010\053\006\001\005\005 -\007\002\001\026\065\150\164\164\160\072\057\057\167\167\167\056 -\142\145\164\162\165\163\164\145\144\056\143\157\155\057\160\162 -\157\144\165\143\164\163\137\163\145\162\166\151\143\145\163\057 -\151\156\144\145\170\056\150\164\155\154\060\035\006\003\125\035 -\016\004\026\004\024\105\075\303\251\321\334\077\044\126\230\034 -\163\030\210\152\377\203\107\355\266\060\037\006\003\125\035\043 -\004\030\060\026\200\024\105\075\303\251\321\334\077\044\126\230 -\034\163\030\210\152\377\203\107\355\266\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\111\222 -\274\243\356\254\275\372\015\311\213\171\206\034\043\166\260\200 -\131\167\374\332\177\264\113\337\303\144\113\152\116\016\255\362 -\175\131\167\005\255\012\211\163\260\372\274\313\334\215\000\210 -\217\246\240\262\352\254\122\047\277\241\110\174\227\020\173\272 -\355\023\035\232\007\156\313\061\142\022\350\143\003\252\175\155 -\343\370\033\166\041\170\033\237\113\103\214\323\111\206\366\033 -\134\366\056\140\025\323\351\343\173\165\077\320\002\203\320\030 -\202\101\315\145\067\352\216\062\176\275\153\231\135\060\021\310 -\333\110\124\034\073\341\247\023\323\152\110\223\367\075\214\177 -\005\350\316\363\210\052\143\004\270\352\176\130\174\001\173\133 -\341\305\175\357\041\340\215\016\135\121\175\261\147\375\243\275 -\070\066\306\362\070\206\207\032\226\150\140\106\373\050\024\107 -\125\341\247\200\014\153\342\352\337\115\174\220\110\240\066\275 -\011\027\211\177\303\362\323\234\234\343\335\304\033\335\365\267 -\161\263\123\005\211\006\320\313\112\200\301\310\123\220\265\074 -\061\210\027\120\237\311\304\016\213\330\250\002\143\015 -END - -# Trust for Certificate "beTRUSTed Root CA-Baltimore Implementation" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA-Baltimore Implementation" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\334\273\236\267\031\113\304\162\005\301\021\165\051\206\203\133 -\123\312\344\370 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\201\065\271\373\373\022\312\030\151\066\353\256\151\170\241\361 -END -CKA_ISSUER MULTILINE_OCTAL -\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055 -\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155 -\145\156\164\141\164\151\157\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\074\265\075\106 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "beTRUSTed Root CA - Entrust Implementation" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA - Entrust Implementation" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 -\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155 -\145\156\164\141\164\151\157\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 -\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155 -\145\156\164\141\164\151\157\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\074\265\117\100 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\121\060\202\005\071\240\003\002\001\002\002\004\074 -\265\117\100\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\146\061\022\060\020\006\003\125\004\012\023\011\142 -\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125\004 -\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157\157 -\164\040\103\101\163\061\063\060\061\006\003\125\004\003\023\052 -\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103 -\101\040\055\040\105\156\164\162\165\163\164\040\111\155\160\154 -\145\155\145\156\164\141\164\151\157\156\060\036\027\015\060\062 -\060\064\061\061\060\070\062\064\062\067\132\027\015\062\062\060 -\064\061\061\060\070\065\064\062\067\132\060\146\061\022\060\020 -\006\003\125\004\012\023\011\142\145\124\122\125\123\124\145\144 -\061\033\060\031\006\003\125\004\013\023\022\142\145\124\122\125 -\123\124\145\144\040\122\157\157\164\040\103\101\163\061\063\060 -\061\006\003\125\004\003\023\052\142\145\124\122\125\123\124\145 -\144\040\122\157\157\164\040\103\101\040\055\040\105\156\164\162 -\165\163\164\040\111\155\160\154\145\155\145\156\164\141\164\151 -\157\156\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\272\364\104\003\252\022\152\265\103\354\125\222\266 -\060\175\065\127\014\333\363\015\047\156\114\367\120\250\233\116 -\053\157\333\365\255\034\113\135\263\251\301\376\173\104\353\133 -\243\005\015\037\305\064\053\060\000\051\361\170\100\262\244\377 -\072\364\001\210\027\176\346\324\046\323\272\114\352\062\373\103 -\167\227\207\043\305\333\103\243\365\052\243\121\136\341\073\322 -\145\151\176\125\025\233\172\347\151\367\104\340\127\265\025\350 -\146\140\017\015\003\373\202\216\243\350\021\173\154\276\307\143 -\016\027\223\337\317\113\256\156\163\165\340\363\252\271\244\300 -\011\033\205\352\161\051\210\101\062\371\360\052\016\154\011\362 -\164\153\146\154\122\023\037\030\274\324\076\367\330\156\040\236 -\312\376\374\041\224\356\023\050\113\327\134\136\014\146\356\351 -\273\017\301\064\261\177\010\166\363\075\046\160\311\213\045\035 -\142\044\014\352\034\165\116\300\022\344\272\023\035\060\051\055 -\126\063\005\273\227\131\176\306\111\117\211\327\057\044\250\266 -\210\100\265\144\222\123\126\044\344\242\240\205\263\136\220\264 -\022\063\315\002\003\001\000\001\243\202\003\005\060\202\003\001 -\060\202\001\267\006\003\125\035\040\004\202\001\256\060\202\001 -\252\060\202\001\246\006\017\053\006\001\004\001\261\076\000\000 -\002\011\050\203\221\061\060\202\001\221\060\202\001\111\006\010 -\053\006\001\005\005\007\002\002\060\202\001\073\032\202\001\067 -\122\145\154\151\141\156\143\145\040\157\156\040\157\162\040\165 -\163\145\040\157\146\040\164\150\151\163\040\103\145\162\164\151 -\146\151\143\141\164\145\040\143\162\145\141\164\145\163\040\141 -\156\040\141\143\153\156\157\167\154\145\144\147\155\145\156\164 -\040\141\156\144\040\141\143\143\145\160\164\141\156\143\145\040 -\157\146\040\164\150\145\040\164\150\145\156\040\141\160\160\154 -\151\143\141\142\154\145\040\163\164\141\156\144\141\162\144\040 -\164\145\162\155\163\040\141\156\144\040\143\157\156\144\151\164 -\151\157\156\163\040\157\146\040\165\163\145\054\040\164\150\145 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\120 -\162\141\143\164\151\143\145\040\123\164\141\164\145\155\145\156 -\164\040\141\156\144\040\164\150\145\040\122\145\154\171\151\156 -\147\040\120\141\162\164\171\040\101\147\162\145\145\155\145\156 -\164\054\040\167\150\151\143\150\040\143\141\156\040\142\145\040 -\146\157\165\156\144\040\141\164\040\164\150\145\040\142\145\124 -\122\125\123\124\145\144\040\167\145\142\040\163\151\164\145\054 -\040\150\164\164\160\163\072\057\057\167\167\167\056\142\145\164 -\162\165\163\164\145\144\056\143\157\155\057\160\162\157\144\165 -\143\164\163\137\163\145\162\166\151\143\145\163\057\151\156\144 -\145\170\056\150\164\155\154\060\102\006\010\053\006\001\005\005 -\007\002\001\026\066\150\164\164\160\163\072\057\057\167\167\167 -\056\142\145\164\162\165\163\164\145\144\056\143\157\155\057\160 -\162\157\144\165\143\164\163\137\163\145\162\166\151\143\145\163 -\057\151\156\144\145\170\056\150\164\155\154\060\021\006\011\140 -\206\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201 -\211\006\003\125\035\037\004\201\201\060\177\060\175\240\173\240 -\171\244\167\060\165\061\022\060\020\006\003\125\004\012\023\011 -\142\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125 -\004\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157 -\157\164\040\103\101\163\061\063\060\061\006\003\125\004\003\023 -\052\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\040\055\040\105\156\164\162\165\163\164\040\111\155\160 -\154\145\155\145\156\164\141\164\151\157\156\061\015\060\013\006 -\003\125\004\003\023\004\103\122\114\061\060\053\006\003\125\035 -\020\004\044\060\042\200\017\062\060\060\062\060\064\061\061\060 -\070\062\064\062\067\132\201\017\062\060\062\062\060\064\061\061 -\060\070\065\064\062\067\132\060\013\006\003\125\035\017\004\004 -\003\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200 -\024\175\160\345\256\070\213\006\077\252\034\032\217\371\317\044 -\060\252\204\204\026\060\035\006\003\125\035\016\004\026\004\024 -\175\160\345\256\070\213\006\077\252\034\032\217\371\317\044\060 -\252\204\204\026\060\014\006\003\125\035\023\004\005\060\003\001 -\001\377\060\035\006\011\052\206\110\206\366\175\007\101\000\004 -\020\060\016\033\010\126\066\056\060\072\064\056\060\003\002\004 -\220\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\052\270\027\316\037\020\224\353\270\232\267 -\271\137\354\332\367\222\044\254\334\222\073\307\040\215\362\231 -\345\135\070\241\302\064\355\305\023\131\134\005\265\053\117\141 -\233\221\373\101\374\374\325\074\115\230\166\006\365\201\175\353 -\335\220\346\321\126\124\332\343\055\014\237\021\062\224\042\001 -\172\366\154\054\164\147\004\314\245\217\216\054\263\103\265\224 -\242\320\175\351\142\177\006\276\047\001\203\236\072\375\212\356 -\230\103\112\153\327\265\227\073\072\277\117\155\264\143\372\063 -\000\064\056\055\155\226\311\173\312\231\143\272\276\364\366\060 -\240\055\230\226\351\126\104\005\251\104\243\141\020\353\202\241 -\147\135\274\135\047\165\252\212\050\066\052\070\222\331\335\244 -\136\000\245\314\314\174\051\052\336\050\220\253\267\341\266\377 -\175\045\013\100\330\252\064\243\055\336\007\353\137\316\012\335 -\312\176\072\175\046\301\142\150\072\346\057\067\363\201\206\041 -\304\251\144\252\357\105\066\321\032\146\174\370\351\067\326\326 -\141\276\242\255\110\347\337\346\164\376\323\155\175\322\045\334 -\254\142\127\251\367 -END - -# Trust for Certificate "beTRUSTed Root CA - Entrust Implementation" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA - Entrust Implementation" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\162\231\171\023\354\233\015\256\145\321\266\327\262\112\166\243 -\256\302\356\026 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\175\206\220\217\133\361\362\100\300\367\075\142\265\244\251\073 -END -CKA_ISSUER MULTILINE_OCTAL -\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 -\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155 -\145\156\164\141\164\151\157\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\074\265\117\100 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "beTRUSTed Root CA - RSA Implementation" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA - RSA Implementation" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 -\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141 -\164\151\157\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 -\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141 -\164\151\157\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\073\131\307\173\315\133\127\236\275\067\122\254\166\264 -\252\032 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\150\060\202\004\120\240\003\002\001\002\002\020\073 -\131\307\173\315\133\127\236\275\067\122\254\166\264\252\032\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\142 -\061\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125 -\123\124\145\144\061\033\060\031\006\003\125\004\013\023\022\142 -\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101 -\163\061\057\060\055\006\003\125\004\003\023\046\142\145\124\122 -\125\123\124\145\144\040\122\157\157\164\040\103\101\040\055\040 -\122\123\101\040\111\155\160\154\145\155\145\156\164\141\164\151 -\157\156\060\036\027\015\060\062\060\064\061\061\061\061\061\070 -\061\063\132\027\015\062\062\060\064\061\062\061\061\060\067\062 -\065\132\060\142\061\022\060\020\006\003\125\004\012\023\011\142 -\145\124\122\125\123\124\145\144\061\033\060\031\006\003\125\004 -\013\023\022\142\145\124\122\125\123\124\145\144\040\122\157\157 -\164\040\103\101\163\061\057\060\055\006\003\125\004\003\023\046 -\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040\103 -\101\040\055\040\122\123\101\040\111\155\160\154\145\155\145\156 -\164\141\164\151\157\156\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\344\272\064\060\011\216\127\320\271 -\006\054\157\156\044\200\042\277\135\103\246\372\117\254\202\347 -\034\150\160\205\033\243\156\265\252\170\331\156\007\113\077\351 -\337\365\352\350\124\241\141\212\016\057\151\165\030\267\014\345 -\024\215\161\156\230\270\125\374\014\225\320\233\156\341\055\210 -\324\072\100\153\222\361\231\226\144\336\333\377\170\364\356\226 -\035\107\211\174\324\276\271\210\167\043\072\011\346\004\236\155 -\252\136\322\310\275\232\116\031\337\211\352\133\016\176\303\344 -\264\360\340\151\073\210\017\101\220\370\324\161\103\044\301\217 -\046\113\073\126\351\377\214\154\067\351\105\255\205\214\123\303 -\140\206\220\112\226\311\263\124\260\273\027\360\034\105\331\324 -\033\031\144\126\012\031\367\314\341\377\206\257\176\130\136\254 -\172\220\037\311\050\071\105\173\242\266\307\234\037\332\205\324 -\041\206\131\060\223\276\123\063\067\366\357\101\317\063\307\253 -\162\153\045\365\363\123\033\014\114\056\361\165\113\357\240\207 -\367\376\212\025\320\154\325\313\371\150\123\271\160\025\023\302 -\365\056\373\103\065\165\055\002\003\001\000\001\243\202\002\030 -\060\202\002\024\060\014\006\003\125\035\023\004\005\060\003\001 -\001\377\060\202\001\265\006\003\125\035\040\004\202\001\254\060 -\202\001\250\060\202\001\244\006\017\053\006\001\004\001\261\076 -\000\000\003\011\050\203\221\061\060\202\001\217\060\101\006\010 -\053\006\001\005\005\007\002\001\026\065\150\164\164\160\072\057 -\057\167\167\167\056\142\145\164\162\165\163\164\145\144\056\143 -\157\155\057\160\162\157\144\165\143\164\163\137\163\145\162\166 -\151\143\145\163\057\151\156\144\145\170\056\150\164\155\154\060 -\202\001\110\006\010\053\006\001\005\005\007\002\002\060\202\001 -\072\032\202\001\066\122\145\154\151\141\156\143\145\040\157\156 -\040\157\162\040\165\163\145\040\157\146\040\164\150\151\163\040 -\103\145\162\164\151\146\151\143\141\164\145\040\143\162\145\141 -\164\145\163\040\141\156\040\141\143\153\156\157\167\154\145\144 -\147\155\145\156\164\040\141\156\144\040\141\143\143\145\160\164 -\141\156\143\145\040\157\146\040\164\150\145\040\164\150\145\156 -\040\141\160\160\154\151\143\141\142\154\145\040\163\164\141\156 -\144\141\162\144\040\164\145\162\155\163\040\141\156\144\040\143 -\157\156\144\151\164\151\157\156\163\040\157\146\040\165\163\145 -\054\040\164\150\145\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\120\162\141\143\164\151\143\145\040\123\164\141 -\164\145\155\145\156\164\040\141\156\144\040\164\150\145\040\122 -\145\154\171\151\156\147\040\120\141\162\164\171\040\101\147\162 -\145\145\155\145\156\164\054\040\167\150\151\143\150\040\143\141 -\156\040\142\145\040\146\157\165\156\144\040\141\164\040\164\150 -\145\040\142\145\124\122\125\123\124\145\144\040\167\145\142\040 -\163\151\164\145\054\040\150\164\164\160\072\057\057\167\167\167 -\056\142\145\164\162\165\163\164\145\144\056\143\157\155\057\160 -\162\157\144\165\143\164\163\137\163\145\162\166\151\143\145\163 -\057\151\156\144\145\170\056\150\164\155\154\060\013\006\003\125 -\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004 -\030\060\026\200\024\251\354\024\176\371\331\103\314\123\053\024 -\255\317\367\360\131\211\101\315\031\060\035\006\003\125\035\016 -\004\026\004\024\251\354\024\176\371\331\103\314\123\053\024\255 -\317\367\360\131\211\101\315\031\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\001\001\000\333\227\260\165 -\352\014\304\301\230\312\126\005\300\250\255\046\110\257\055\040 -\350\201\307\266\337\103\301\054\035\165\113\324\102\215\347\172 -\250\164\334\146\102\131\207\263\365\151\155\331\251\236\263\175 -\034\061\301\365\124\342\131\044\111\345\356\275\071\246\153\212 -\230\104\373\233\327\052\203\227\064\055\307\175\065\114\055\064 -\270\076\015\304\354\210\047\257\236\222\375\120\141\202\250\140 -\007\024\123\314\145\023\301\366\107\104\151\322\061\310\246\335 -\056\263\013\336\112\215\133\075\253\015\302\065\122\242\126\067 -\314\062\213\050\205\102\234\221\100\172\160\053\070\066\325\341 -\163\032\037\345\372\176\137\334\326\234\073\060\352\333\300\133 -\047\134\323\163\007\301\302\363\114\233\157\237\033\312\036\252 -\250\070\063\011\130\262\256\374\007\350\066\334\125\272\057\117 -\100\376\172\275\006\246\201\301\223\042\174\206\021\012\006\167 -\110\256\065\267\057\062\232\141\136\213\276\051\237\051\044\210 -\126\071\054\250\322\253\226\003\132\324\110\237\271\100\204\013 -\230\150\373\001\103\326\033\342\011\261\227\034 -END - -# Trust for Certificate "beTRUSTed Root CA - RSA Implementation" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "beTRUSTed Root CA - RSA Implementation" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\035\202\131\312\041\047\303\313\301\154\331\062\366\054\145\051 -\214\250\207\022 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\206\102\005\011\274\247\235\354\035\363\056\016\272\330\035\320 -END -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124 -\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 -\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 -\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145 -\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 -\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141 -\164\151\157\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\073\131\307\173\315\133\127\236\275\067\122\254\166\264 -\252\032 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "RSA Security 2048 v3" # @@ -13372,7 +12668,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # @@ -13498,7 +12794,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # @@ -13625,7 +12921,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # @@ -21508,3 +20804,835 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "TC TrustCenter Universal CA III" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TC TrustCenter Universal CA III" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\173\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 +\163\164\103\145\156\164\145\162\040\107\155\142\110\061\044\060 +\042\006\003\125\004\013\023\033\124\103\040\124\162\165\163\164 +\103\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154 +\040\103\101\061\050\060\046\006\003\125\004\003\023\037\124\103 +\040\124\162\165\163\164\103\145\156\164\145\162\040\125\156\151 +\166\145\162\163\141\154\040\103\101\040\111\111\111 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\173\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 +\163\164\103\145\156\164\145\162\040\107\155\142\110\061\044\060 +\042\006\003\125\004\013\023\033\124\103\040\124\162\165\163\164 +\103\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154 +\040\103\101\061\050\060\046\006\003\125\004\003\023\037\124\103 +\040\124\162\165\163\164\103\145\156\164\145\162\040\125\156\151 +\166\145\162\163\141\154\040\103\101\040\111\111\111 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\016\143\045\000\001\000\002\024\215\063\025\002\344\154\364 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\341\060\202\002\311\240\003\002\001\002\002\016\143 +\045\000\001\000\002\024\215\063\025\002\344\154\364\060\015\006 +\011\052\206\110\206\367\015\001\001\005\005\000\060\173\061\013 +\060\011\006\003\125\004\006\023\002\104\105\061\034\060\032\006 +\003\125\004\012\023\023\124\103\040\124\162\165\163\164\103\145 +\156\164\145\162\040\107\155\142\110\061\044\060\042\006\003\125 +\004\013\023\033\124\103\040\124\162\165\163\164\103\145\156\164 +\145\162\040\125\156\151\166\145\162\163\141\154\040\103\101\061 +\050\060\046\006\003\125\004\003\023\037\124\103\040\124\162\165 +\163\164\103\145\156\164\145\162\040\125\156\151\166\145\162\163 +\141\154\040\103\101\040\111\111\111\060\036\027\015\060\071\060 +\071\060\071\060\070\061\065\062\067\132\027\015\062\071\061\062 +\063\061\062\063\065\071\065\071\132\060\173\061\013\060\011\006 +\003\125\004\006\023\002\104\105\061\034\060\032\006\003\125\004 +\012\023\023\124\103\040\124\162\165\163\164\103\145\156\164\145 +\162\040\107\155\142\110\061\044\060\042\006\003\125\004\013\023 +\033\124\103\040\124\162\165\163\164\103\145\156\164\145\162\040 +\125\156\151\166\145\162\163\141\154\040\103\101\061\050\060\046 +\006\003\125\004\003\023\037\124\103\040\124\162\165\163\164\103 +\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154\040 +\103\101\040\111\111\111\060\202\001\042\060\015\006\011\052\206 +\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 +\001\012\002\202\001\001\000\302\332\234\142\260\271\161\022\260 +\013\310\032\127\262\256\203\024\231\263\064\113\233\220\242\305 +\347\347\057\002\240\115\055\244\372\205\332\233\045\205\055\100 +\050\040\155\352\340\275\261\110\203\042\051\104\237\116\203\356 +\065\121\023\163\164\325\274\362\060\146\224\123\300\100\066\057 +\014\204\145\316\017\156\302\130\223\350\054\013\072\351\301\216 +\373\362\153\312\074\342\234\116\216\344\371\175\323\047\237\033 +\325\147\170\207\055\177\013\107\263\307\350\311\110\174\257\057 +\314\012\331\101\357\237\376\232\341\262\256\371\123\265\345\351 +\106\237\140\343\337\215\323\177\373\226\176\263\265\162\370\113 +\255\010\171\315\151\211\100\047\365\052\301\255\103\354\244\123 +\310\141\266\367\322\171\052\147\030\166\110\155\133\045\001\321 +\046\305\267\127\151\043\025\133\141\212\255\360\033\055\331\257 +\134\361\046\220\151\251\325\014\100\365\063\200\103\217\234\243 +\166\052\105\264\257\277\177\076\207\077\166\305\315\052\336\040 +\305\026\130\313\371\033\365\017\313\015\021\122\144\270\322\166 +\142\167\203\361\130\237\377\002\003\001\000\001\243\143\060\141 +\060\037\006\003\125\035\043\004\030\060\026\200\024\126\347\341 +\133\045\103\200\340\366\214\341\161\274\216\345\200\057\304\110 +\342\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\035\006\003\125\035\016\004\026\004\024\126\347\341 +\133\045\103\200\340\366\214\341\161\274\216\345\200\057\304\110 +\342\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 +\003\202\001\001\000\203\307\257\352\177\115\012\074\071\261\150 +\276\173\155\211\056\351\263\011\347\030\127\215\205\232\027\363 +\166\102\120\023\017\307\220\157\063\255\305\111\140\053\154\111 +\130\031\324\342\276\267\277\253\111\274\224\310\253\276\050\154 +\026\150\340\310\227\106\040\240\150\147\140\210\071\040\121\330 +\150\001\021\316\247\366\021\007\366\354\354\254\032\037\262\146 +\156\126\147\140\172\164\136\300\155\227\066\256\265\015\135\146 +\163\300\045\062\105\330\112\006\007\217\304\267\007\261\115\006 +\015\341\245\353\364\165\312\272\234\320\275\263\323\062\044\114 +\356\176\342\166\004\113\111\123\330\362\351\124\063\374\345\161 +\037\075\024\134\226\113\361\072\362\000\273\154\264\372\226\125 +\010\210\011\301\314\221\031\051\260\040\055\377\313\070\244\100 +\341\027\276\171\141\200\377\007\003\206\114\116\173\006\237\021 +\206\215\211\356\047\304\333\342\274\031\216\013\303\303\023\307 +\055\003\143\073\323\350\344\242\052\302\202\010\224\026\124\360 +\357\037\047\220\045\270\015\016\050\033\107\167\107\275\034\250 +\045\361\224\264\146 +END + +# Trust for Certificate "TC TrustCenter Universal CA III" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TC TrustCenter Universal CA III" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\226\126\315\173\127\226\230\225\320\341\101\106\150\006\373\270 +\306\021\006\207 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\237\335\333\253\377\216\377\105\041\137\360\154\235\217\376\053 +END +CKA_ISSUER MULTILINE_OCTAL +\060\173\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 +\163\164\103\145\156\164\145\162\040\107\155\142\110\061\044\060 +\042\006\003\125\004\013\023\033\124\103\040\124\162\165\163\164 +\103\145\156\164\145\162\040\125\156\151\166\145\162\163\141\154 +\040\103\101\061\050\060\046\006\003\125\004\003\023\037\124\103 +\040\124\162\165\163\164\103\145\156\164\145\162\040\125\156\151 +\166\145\162\163\141\154\040\103\101\040\111\111\111 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\016\143\045\000\001\000\002\024\215\063\025\002\344\154\364 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 +\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 +\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 +\060\066\070 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 +\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 +\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 +\060\066\070 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\123\354\073\356\373\262\110\137 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\006\024\060\202\003\374\240\003\002\001\002\002\010\123 +\354\073\356\373\262\110\137\060\015\006\011\052\206\110\206\367 +\015\001\001\005\005\000\060\121\061\013\060\011\006\003\125\004 +\006\023\002\105\123\061\102\060\100\006\003\125\004\003\014\071 +\101\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162 +\164\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141 +\160\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040 +\101\066\062\066\063\064\060\066\070\060\036\027\015\060\071\060 +\065\062\060\060\070\063\070\061\065\132\027\015\063\060\061\062 +\063\061\060\070\063\070\061\065\132\060\121\061\013\060\011\006 +\003\125\004\006\023\002\105\123\061\102\060\100\006\003\125\004 +\003\014\071\101\165\164\157\162\151\144\141\144\040\144\145\040 +\103\145\162\164\151\146\151\143\141\143\151\157\156\040\106\151 +\162\155\141\160\162\157\146\145\163\151\157\156\141\154\040\103 +\111\106\040\101\066\062\066\063\064\060\066\070\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\312\226\153 +\216\352\370\373\361\242\065\340\177\114\332\340\303\122\327\175 +\266\020\310\002\136\263\103\052\304\117\152\262\312\034\135\050 +\232\170\021\032\151\131\127\257\265\040\102\344\213\017\346\337 +\133\246\003\222\057\365\021\344\142\327\062\161\070\331\004\014 +\161\253\075\121\176\017\007\337\143\005\134\351\277\224\157\301 +\051\202\300\264\332\121\260\301\074\273\255\067\112\134\312\361 +\113\066\016\044\253\277\303\204\167\375\250\120\364\261\347\306 +\057\322\055\131\215\172\012\116\226\151\122\002\252\066\230\354 +\374\372\024\203\014\067\037\311\222\067\177\327\201\055\345\304 +\271\340\076\064\376\147\364\076\146\321\323\364\100\317\136\142 +\064\017\160\006\076\040\030\132\316\367\162\033\045\154\223\164 +\024\223\243\163\261\016\252\207\020\043\131\137\040\005\031\107 +\355\150\216\222\022\312\135\374\326\053\262\222\074\040\317\341 +\137\257\040\276\240\166\177\166\345\354\032\206\141\063\076\347 +\173\264\077\240\017\216\242\271\152\157\271\207\046\157\101\154 +\210\246\120\375\152\143\013\365\223\026\033\031\217\262\355\233 +\233\311\220\365\001\014\337\031\075\017\076\070\043\311\057\217 +\014\321\002\376\033\125\326\116\320\215\074\257\117\244\363\376 +\257\052\323\005\235\171\010\241\313\127\061\264\234\310\220\262 +\147\364\030\026\223\072\374\107\330\321\170\226\061\037\272\053 +\014\137\135\231\255\143\211\132\044\040\166\330\337\375\253\116 +\246\042\252\235\136\346\047\212\175\150\051\243\347\212\270\332 +\021\273\027\055\231\235\023\044\106\367\305\342\330\237\216\177 +\307\217\164\155\132\262\350\162\365\254\356\044\020\255\057\024 +\332\377\055\232\106\161\107\276\102\337\273\001\333\364\177\323 +\050\217\061\131\133\323\311\002\246\264\122\312\156\227\373\103 +\305\010\046\157\212\364\273\375\237\050\252\015\325\105\363\023 +\072\035\330\300\170\217\101\147\074\036\224\144\256\173\013\305 +\350\331\001\210\071\032\227\206\144\101\325\073\207\014\156\372 +\017\306\275\110\024\277\071\115\324\236\101\266\217\226\035\143 +\226\223\331\225\006\170\061\150\236\067\006\073\200\211\105\141 +\071\043\307\033\104\243\025\345\034\370\222\060\273\002\003\001 +\000\001\243\201\357\060\201\354\060\022\006\003\125\035\023\001 +\001\377\004\010\060\006\001\001\377\002\001\001\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 +\125\035\016\004\026\004\024\145\315\353\253\065\036\000\076\176 +\325\164\300\034\264\163\107\016\032\144\057\060\201\246\006\003 +\125\035\040\004\201\236\060\201\233\060\201\230\006\004\125\035 +\040\000\060\201\217\060\057\006\010\053\006\001\005\005\007\002 +\001\026\043\150\164\164\160\072\057\057\167\167\167\056\146\151 +\162\155\141\160\162\157\146\145\163\151\157\156\141\154\056\143 +\157\155\057\143\160\163\060\134\006\010\053\006\001\005\005\007 +\002\002\060\120\036\116\000\120\000\141\000\163\000\145\000\157 +\000\040\000\144\000\145\000\040\000\154\000\141\000\040\000\102 +\000\157\000\156\000\141\000\156\000\157\000\166\000\141\000\040 +\000\064\000\067\000\040\000\102\000\141\000\162\000\143\000\145 +\000\154\000\157\000\156\000\141\000\040\000\060\000\070\000\060 +\000\061\000\067\060\015\006\011\052\206\110\206\367\015\001\001 +\005\005\000\003\202\002\001\000\027\175\240\371\264\335\305\305 +\353\255\113\044\265\241\002\253\335\245\210\112\262\017\125\113 +\053\127\214\073\345\061\335\376\304\062\361\347\133\144\226\066 +\062\030\354\245\062\167\327\343\104\266\300\021\052\200\271\075 +\152\156\174\233\323\255\374\303\326\243\346\144\051\174\321\341 +\070\036\202\053\377\047\145\257\373\026\025\304\056\161\204\345 +\265\377\372\244\107\275\144\062\273\366\045\204\242\047\102\365 +\040\260\302\023\020\021\315\020\025\272\102\220\052\322\104\341 +\226\046\353\061\110\022\375\052\332\311\006\317\164\036\251\113 +\325\207\050\371\171\064\222\076\056\104\350\366\217\117\217\065 +\077\045\263\071\334\143\052\220\153\040\137\304\122\022\116\227 +\054\052\254\235\227\336\110\362\243\146\333\302\322\203\225\246 +\146\247\236\045\017\351\013\063\221\145\012\132\303\331\124\022 +\335\257\303\116\016\037\046\136\015\334\263\215\354\325\201\160 +\336\322\117\044\005\363\154\116\365\114\111\146\215\321\377\322 +\013\045\101\110\376\121\204\306\102\257\200\004\317\320\176\144 +\111\344\362\337\242\354\261\114\300\052\035\347\264\261\145\242 +\304\274\361\230\364\252\160\007\143\264\270\332\073\114\372\100 +\042\060\133\021\246\360\005\016\306\002\003\110\253\206\233\205 +\335\333\335\352\242\166\200\163\175\365\234\004\304\105\215\347 +\271\034\213\236\352\327\165\321\162\261\336\165\104\347\102\175 +\342\127\153\175\334\231\274\075\203\050\352\200\223\215\305\114 +\145\301\160\201\270\070\374\103\061\262\366\003\064\107\262\254 +\373\042\006\313\036\335\027\107\034\137\146\271\323\032\242\332 +\021\261\244\274\043\311\344\276\207\377\271\224\266\370\135\040 +\112\324\137\347\275\150\173\145\362\025\036\322\072\251\055\351 +\330\153\044\254\227\130\104\107\255\131\030\361\041\145\160\336 +\316\064\140\250\100\361\363\074\244\303\050\043\214\376\047\063 +\103\100\240\027\074\353\352\073\260\162\246\243\271\112\113\136 +\026\110\364\262\274\310\214\222\305\235\237\254\162\066\274\064 +\200\064\153\251\213\222\300\270\027\355\354\166\123\365\044\001 +\214\263\042\350\113\174\125\306\235\372\243\024\273\145\205\156 +\156\117\022\176\012\074\235\225 +END + +# Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\256\305\373\077\310\341\277\304\345\117\003\007\132\232\350\000 +\267\367\266\372 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\163\072\164\172\354\273\243\226\246\302\344\342\310\233\300\303 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 +\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 +\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 +\060\066\070 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\123\354\073\356\373\262\110\137 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Izenpe.com" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Izenpe.com" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 +\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 +\111\172\145\156\160\145\056\143\157\155 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 +\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 +\111\172\145\156\160\145\056\143\157\155 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 +\346\175 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\361\060\202\003\331\240\003\002\001\002\002\020\000 +\260\267\132\026\110\137\277\341\313\365\213\327\031\346\175\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\070 +\061\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060 +\022\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123 +\056\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172 +\145\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062 +\061\063\061\063\060\070\062\070\132\027\015\063\067\061\062\061 +\063\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003 +\125\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012 +\014\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060 +\021\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143 +\157\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 +\002\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152 +\261\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171 +\001\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244 +\054\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216 +\305\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231 +\025\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014 +\262\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207 +\056\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267 +\335\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301 +\106\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127 +\271\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074 +\040\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174 +\205\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003 +\310\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341 +\304\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340 +\011\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376 +\046\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204 +\203\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046 +\312\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020 +\254\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265 +\361\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251 +\157\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215 +\006\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242 +\372\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353 +\336\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013 +\206\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360 +\366\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044 +\114\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001 +\100\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114 +\212\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215 +\277\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176 +\034\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354 +\107\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201 +\260\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156 +\146\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221 +\060\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132 +\105\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040 +\101\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056 +\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040 +\124\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101 +\006\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040 +\115\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157 +\162\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061 +\060\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151 +\172\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145 +\016\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154 +\005\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 +\003\202\002\001\000\170\246\014\026\112\237\114\210\072\300\313 +\016\245\026\175\237\271\110\137\030\217\015\142\066\366\315\031 +\153\254\253\325\366\221\175\256\161\363\077\263\016\170\205\233 +\225\244\047\041\107\102\112\174\110\072\365\105\174\263\014\216 +\121\170\254\225\023\336\306\375\175\270\032\220\114\253\222\003 +\307\355\102\001\316\017\330\261\372\242\222\341\140\155\256\172 +\153\011\252\306\051\356\150\111\147\060\200\044\172\061\026\071 +\133\176\361\034\056\335\154\011\255\362\061\301\202\116\271\273 +\371\276\277\052\205\077\300\100\243\072\131\374\131\113\074\050 +\044\333\264\025\165\256\015\210\272\056\163\300\275\130\207\345 +\102\362\353\136\356\036\060\042\231\313\067\321\304\041\154\201 +\354\276\155\046\346\034\344\102\040\236\107\260\254\203\131\160 +\054\065\326\257\066\064\264\315\073\370\062\250\357\343\170\211 +\373\215\105\054\332\234\270\176\100\034\141\347\076\242\222\054 +\113\362\315\372\230\266\051\377\363\362\173\251\037\056\240\223 +\127\053\336\205\003\371\151\067\313\236\170\152\005\264\305\061 +\170\211\354\172\247\205\341\271\173\074\336\276\036\171\204\316 +\237\160\016\131\302\065\056\220\052\061\331\344\105\172\101\244 +\056\023\233\064\016\146\173\111\253\144\227\320\106\303\171\235 +\162\120\143\246\230\133\006\275\110\155\330\071\203\160\350\065 +\360\005\321\252\274\343\333\310\002\352\174\375\202\332\302\133 +\122\065\256\230\072\255\272\065\223\043\247\037\110\335\065\106 +\230\262\020\150\344\245\061\302\012\130\056\031\201\020\311\120 +\165\374\352\132\026\316\021\327\356\357\120\210\055\141\377\077 +\102\163\005\224\103\325\216\074\116\001\072\031\245\037\106\116 +\167\320\135\345\201\042\041\207\376\224\175\204\330\223\255\326 +\150\103\110\262\333\353\163\044\347\221\177\124\244\266\200\076 +\235\243\074\114\162\302\127\304\240\324\314\070\047\316\325\006 +\236\242\110\331\351\237\316\202\160\066\223\232\073\337\226\041 +\343\131\267\014\332\221\067\360\375\131\132\263\231\310\151\154 +\103\046\001\065\143\140\125\211\003\072\165\330\272\112\331\124 +\377\356\336\200\330\055\321\070\325\136\055\013\230\175\076\154 +\333\374\046\210\307 +END + +# Trust for Certificate "Izenpe.com" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Izenpe.com" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\057\170\075\045\122\030\247\112\145\071\161\265\054\242\234\105 +\025\157\351\031 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\246\260\315\205\200\332\134\120\064\243\071\220\057\125\147\163 +END +CKA_ISSUER MULTILINE_OCTAL +\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 +\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 +\111\172\145\156\160\145\056\143\157\155 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 +\346\175 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Chambers of Commerce Root - 2008" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 +\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 +\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 +\070 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 +\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 +\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 +\070 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\011\000\243\332\102\176\244\261\256\332 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\007\117\060\202\005\067\240\003\002\001\002\002\011\000 +\243\332\102\176\244\261\256\332\060\015\006\011\052\206\110\206 +\367\015\001\001\005\005\000\060\201\256\061\013\060\011\006\003 +\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 +\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 +\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 +\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 +\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 +\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 +\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 +\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051\060 +\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162\163 +\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 +\164\040\055\040\062\060\060\070\060\036\027\015\060\070\060\070 +\060\061\061\062\062\071\065\060\132\027\015\063\070\060\067\063 +\061\061\062\062\071\065\060\132\060\201\256\061\013\060\011\006 +\003\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004 +\007\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143 +\165\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141 +\164\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141 +\056\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060 +\020\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070 +\067\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103 +\141\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051 +\060\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162 +\163\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157 +\157\164\040\055\040\062\060\060\070\060\202\002\042\060\015\006 +\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017 +\000\060\202\002\012\002\202\002\001\000\257\000\313\160\067\053 +\200\132\112\072\154\170\224\175\243\177\032\037\366\065\325\275 +\333\313\015\104\162\076\046\262\220\122\272\143\073\050\130\157 +\245\263\155\224\246\363\335\144\014\125\366\366\347\362\042\042 +\200\136\341\142\306\266\051\341\201\154\362\277\345\175\062\152 +\124\240\062\031\131\376\037\213\327\075\140\206\205\044\157\343 +\021\263\167\076\040\226\065\041\153\263\010\331\160\056\144\367 +\204\222\123\326\016\260\220\212\212\343\207\215\006\323\275\220 +\016\342\231\241\033\206\016\332\232\012\273\013\141\120\006\122 +\361\236\177\166\354\313\017\320\036\015\317\231\060\075\034\304 +\105\020\130\254\326\323\350\327\345\352\305\001\007\167\326\121 +\346\003\177\212\110\245\115\150\165\271\351\274\236\116\031\161 +\365\062\113\234\155\140\031\013\373\314\235\165\334\277\046\315 +\217\223\170\071\171\163\136\045\016\312\134\353\167\022\007\313 +\144\101\107\162\223\253\120\303\353\011\166\144\064\322\071\267 +\166\021\011\015\166\105\304\251\256\075\152\257\265\175\145\057 +\224\130\020\354\134\174\257\176\342\266\030\331\320\233\116\132 +\111\337\251\146\013\314\074\306\170\174\247\234\035\343\316\216 +\123\276\005\336\140\017\153\345\032\333\077\343\341\041\311\051 +\301\361\353\007\234\122\033\001\104\121\074\173\045\327\304\345 +\122\124\135\045\007\312\026\040\270\255\344\101\356\172\010\376 +\231\157\203\246\221\002\260\154\066\125\152\347\175\365\226\346 +\312\201\326\227\361\224\203\351\355\260\261\153\022\151\036\254 +\373\135\251\305\230\351\264\133\130\172\276\075\242\104\072\143 +\131\324\013\045\336\033\117\275\345\001\236\315\322\051\325\237 +\027\031\012\157\277\014\220\323\011\137\331\343\212\065\314\171 +\132\115\031\067\222\267\304\301\255\257\364\171\044\232\262\001 +\013\261\257\134\226\363\200\062\373\134\075\230\361\240\077\112 +\336\276\257\224\056\331\125\232\027\156\140\235\143\154\270\143 +\311\256\201\134\030\065\340\220\273\276\074\117\067\042\271\176 +\353\317\236\167\041\246\075\070\201\373\110\332\061\075\053\343 +\211\365\320\265\275\176\340\120\304\022\211\263\043\232\020\061 +\205\333\256\157\357\070\063\030\166\021\002\003\001\000\001\243 +\202\001\154\060\202\001\150\060\022\006\003\125\035\023\001\001 +\377\004\010\060\006\001\001\377\002\001\014\060\035\006\003\125 +\035\016\004\026\004\024\371\044\254\017\262\265\370\171\300\372 +\140\210\033\304\331\115\002\236\027\031\060\201\343\006\003\125 +\035\043\004\201\333\060\201\330\200\024\371\044\254\017\262\265 +\370\171\300\372\140\210\033\304\331\115\002\236\027\031\241\201 +\264\244\201\261\060\201\256\061\013\060\011\006\003\125\004\006 +\023\002\105\125\061\103\060\101\006\003\125\004\007\023\072\115 +\141\144\162\151\144\040\050\163\145\145\040\143\165\162\162\145 +\156\164\040\141\144\144\162\145\163\163\040\141\164\040\167\167 +\167\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155 +\057\141\144\144\162\145\163\163\051\061\022\060\020\006\003\125 +\004\005\023\011\101\070\062\067\064\063\062\070\067\061\033\060 +\031\006\003\125\004\012\023\022\101\103\040\103\141\155\145\162 +\146\151\162\155\141\040\123\056\101\056\061\051\060\047\006\003 +\125\004\003\023\040\103\150\141\155\142\145\162\163\040\157\146 +\040\103\157\155\155\145\162\143\145\040\122\157\157\164\040\055 +\040\062\060\060\070\202\011\000\243\332\102\176\244\261\256\332 +\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 +\060\075\006\003\125\035\040\004\066\060\064\060\062\006\004\125 +\035\040\000\060\052\060\050\006\010\053\006\001\005\005\007\002 +\001\026\034\150\164\164\160\072\057\057\160\157\154\151\143\171 +\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155\060 +\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 +\002\001\000\220\022\257\042\065\302\243\071\360\056\336\351\265 +\351\170\174\110\276\077\175\105\222\136\351\332\261\031\374\026 +\074\237\264\133\146\236\152\347\303\271\135\210\350\017\255\317 +\043\017\336\045\072\136\314\117\245\301\265\055\254\044\322\130 +\007\336\242\317\151\204\140\063\350\020\015\023\251\043\320\205 +\345\216\173\246\236\075\162\023\162\063\365\252\175\306\143\037 +\010\364\376\001\177\044\317\053\054\124\011\336\342\053\155\222 +\306\071\117\026\352\074\176\172\106\324\105\152\106\250\353\165 +\202\126\247\253\240\174\150\023\063\366\235\060\360\157\047\071 +\044\043\052\220\375\220\051\065\362\223\337\064\245\306\367\370 +\357\214\017\142\112\174\256\323\365\124\370\215\266\232\126\207 +\026\202\072\063\253\132\042\010\367\202\272\352\056\340\107\232 +\264\265\105\243\005\073\331\334\056\105\100\073\352\334\177\350 +\073\353\321\354\046\330\065\244\060\305\072\254\127\236\263\166 +\245\040\173\371\036\112\005\142\001\246\050\165\140\227\222\015 +\156\076\115\067\103\015\222\025\234\030\042\315\121\231\240\051 +\032\074\137\212\062\063\133\060\307\211\057\107\230\017\243\003 +\306\366\361\254\337\062\360\331\201\032\344\234\275\366\200\024 +\360\321\054\271\205\365\330\243\261\310\245\041\345\034\023\227 +\356\016\275\337\051\251\357\064\123\133\323\344\152\023\204\006 +\266\062\002\304\122\256\042\322\334\262\041\102\032\332\100\360 +\051\311\354\012\014\134\342\320\272\314\110\323\067\012\314\022 +\012\212\171\260\075\003\177\151\113\364\064\040\175\263\064\352 +\216\113\144\365\076\375\263\043\147\025\015\004\270\360\055\301 +\011\121\074\262\154\025\360\245\043\327\203\164\344\345\056\311 +\376\230\047\102\306\253\306\236\260\320\133\070\245\233\120\336 +\176\030\230\265\105\073\366\171\264\350\367\032\173\006\203\373 +\320\213\332\273\307\275\030\253\010\157\074\200\153\100\077\031 +\031\272\145\212\346\276\325\134\323\066\327\357\100\122\044\140 +\070\147\004\061\354\217\363\202\306\336\271\125\363\073\061\221 +\132\334\265\010\025\255\166\045\012\015\173\056\207\342\014\246 +\006\274\046\020\155\067\235\354\335\170\214\174\200\305\360\331 +\167\110\320 +END + +# Trust for Certificate "Chambers of Commerce Root - 2008" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\170\152\164\254\166\253\024\177\234\152\060\120\272\236\250\176 +\376\232\316\074 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\136\200\236\204\132\016\145\013\027\002\363\125\030\052\076\327 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 +\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 +\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 +\070 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\011\000\243\332\102\176\244\261\256\332 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Global Chambersign Root - 2008" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Global Chambersign Root - 2008" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\011\000\311\315\323\351\325\175\043\316 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\007\111\060\202\005\061\240\003\002\001\002\002\011\000 +\311\315\323\351\325\175\043\316\060\015\006\011\052\206\110\206 +\367\015\001\001\005\005\000\060\201\254\061\013\060\011\006\003 +\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 +\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 +\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 +\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 +\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 +\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 +\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 +\155\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060 +\045\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103 +\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040 +\055\040\062\060\060\070\060\036\027\015\060\070\060\070\060\061 +\061\062\063\061\064\060\132\027\015\063\070\060\067\063\061\061 +\062\063\061\064\060\132\060\201\254\061\013\060\011\006\003\125 +\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007\023 +\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165\162 +\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164\040 +\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056\143 +\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020\006 +\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067\061 +\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141\155 +\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060\045 +\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103\150 +\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040\055 +\040\062\060\060\070\060\202\002\042\060\015\006\011\052\206\110 +\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002 +\012\002\202\002\001\000\300\337\126\323\344\072\233\166\105\264 +\023\333\377\301\266\031\213\067\101\030\225\122\107\353\027\235 +\051\210\216\065\154\006\062\056\107\142\363\111\004\277\175\104 +\066\261\161\314\275\132\011\163\325\331\205\104\377\221\127\045 +\337\136\066\216\160\321\134\161\103\035\331\332\357\134\322\373 +\033\275\072\265\313\255\243\314\104\247\015\256\041\025\077\271 +\172\133\222\165\330\244\022\070\211\031\212\267\200\322\342\062 +\157\126\234\221\326\210\020\013\263\164\144\222\164\140\363\366 +\317\030\117\140\262\043\320\307\073\316\141\113\231\217\302\014 +\320\100\262\230\334\015\250\116\243\271\012\256\140\240\255\105 +\122\143\272\146\275\150\340\371\276\032\250\201\273\036\101\170 +\165\323\301\376\000\125\260\207\124\350\047\220\065\035\114\063 +\255\227\374\227\056\230\204\277\054\311\243\277\321\230\021\024 +\355\143\370\312\230\210\130\027\231\355\105\003\227\176\074\206 +\036\210\214\276\362\221\204\217\145\064\330\000\114\175\267\061 +\027\132\051\172\012\030\044\060\243\067\265\172\251\001\175\046 +\326\371\016\216\131\361\375\033\063\265\051\073\027\073\101\266 +\041\335\324\300\075\245\237\237\037\103\120\311\273\274\154\172 +\227\230\356\315\214\037\373\234\121\256\213\160\275\047\237\161 +\300\153\254\175\220\146\350\327\135\072\015\260\325\302\215\325 +\310\235\235\301\155\320\320\277\121\344\343\370\303\070\066\256 +\326\247\165\346\257\204\103\135\223\222\014\152\007\336\073\035 +\230\042\326\254\301\065\333\243\240\045\377\162\265\166\035\336 +\155\351\054\146\054\122\204\320\105\222\316\034\345\345\063\035 +\334\007\123\124\243\252\202\073\232\067\057\334\335\240\144\351 +\346\335\275\256\374\144\205\035\074\247\311\006\336\204\377\153 +\350\153\032\074\305\242\263\102\373\213\011\076\137\010\122\307 +\142\304\324\005\161\277\304\144\344\370\241\203\350\076\022\233 +\250\036\324\066\115\057\161\366\215\050\366\203\251\023\322\141 +\301\221\273\110\300\064\217\101\214\113\114\333\151\022\377\120 +\224\234\040\203\131\163\355\174\241\362\361\375\335\367\111\323 +\103\130\240\126\143\312\075\075\345\065\126\131\351\016\312\040 +\314\053\113\223\051\017\002\003\001\000\001\243\202\001\152\060 +\202\001\146\060\022\006\003\125\035\023\001\001\377\004\010\060 +\006\001\001\377\002\001\014\060\035\006\003\125\035\016\004\026 +\004\024\271\011\312\234\036\333\323\154\072\153\256\355\124\361 +\133\223\006\065\056\136\060\201\341\006\003\125\035\043\004\201 +\331\060\201\326\200\024\271\011\312\234\036\333\323\154\072\153 +\256\355\124\361\133\223\006\065\056\136\241\201\262\244\201\257 +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070\202 +\011\000\311\315\323\351\325\175\043\316\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\075\006\003\125\035 +\040\004\066\060\064\060\062\006\004\125\035\040\000\060\052\060 +\050\006\010\053\006\001\005\005\007\002\001\026\034\150\164\164 +\160\072\057\057\160\157\154\151\143\171\056\143\141\155\145\162 +\146\151\162\155\141\056\143\157\155\060\015\006\011\052\206\110 +\206\367\015\001\001\005\005\000\003\202\002\001\000\200\210\177 +\160\336\222\050\331\005\224\106\377\220\127\251\361\057\337\032 +\015\153\372\174\016\034\111\044\171\047\330\106\252\157\051\131 +\122\210\160\022\352\335\075\365\233\123\124\157\341\140\242\250 +\011\271\354\353\131\174\306\065\361\334\030\351\361\147\345\257 +\272\105\340\011\336\312\104\017\302\027\016\167\221\105\172\063 +\137\137\226\054\150\213\301\107\217\230\233\075\300\354\313\365 +\325\202\222\204\065\321\276\066\070\126\162\061\133\107\055\252 +\027\244\143\121\353\012\001\255\177\354\165\236\313\241\037\361 +\177\022\261\271\344\144\177\147\326\043\052\364\270\071\135\230 +\350\041\247\341\275\075\102\032\164\232\160\257\150\154\120\135 +\111\317\377\373\016\135\346\054\107\327\201\072\131\000\265\163 +\153\143\040\366\061\105\010\071\016\364\160\176\100\160\132\077 +\320\153\102\251\164\075\050\057\002\155\165\162\225\011\215\110 +\143\306\306\043\127\222\223\136\065\301\215\371\012\367\054\235 +\142\034\366\255\174\335\246\061\036\266\261\307\176\205\046\372 +\244\152\265\332\143\060\321\357\223\067\262\146\057\175\005\367 +\347\267\113\230\224\065\300\331\072\051\301\235\262\120\063\035 +\112\251\132\246\311\003\357\355\364\347\250\156\212\264\127\204 +\353\244\077\320\356\252\252\207\133\143\350\223\342\153\250\324 +\270\162\170\153\033\355\071\344\135\313\233\252\207\325\117\116 +\000\376\331\152\237\074\061\017\050\002\001\175\230\350\247\260 +\242\144\236\171\370\110\362\025\251\314\346\310\104\353\077\170 +\231\362\173\161\076\074\361\230\247\305\030\022\077\346\273\050 +\063\102\351\105\012\174\155\362\206\171\057\305\202\031\175\011 +\211\174\262\124\166\210\256\336\301\363\314\341\156\333\061\326 +\223\256\231\240\357\045\152\163\230\211\133\072\056\023\210\036 +\277\300\222\224\064\033\343\047\267\213\036\157\102\377\347\351 +\067\233\120\035\055\242\371\002\356\313\130\130\072\161\274\150 +\343\252\301\257\034\050\037\242\334\043\145\077\201\352\256\231 +\323\330\060\317\023\015\117\025\311\204\274\247\110\055\370\060 +\043\167\330\106\113\171\155\366\214\355\072\177\140\021\170\364 +\351\233\256\325\124\300\164\200\321\013\102\237\301 +END + +# Trust for Certificate "Global Chambersign Root - 2008" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Global Chambersign Root - 2008" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\112\275\356\354\225\015\065\234\211\256\307\122\241\054\133\051 +\366\326\252\014 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\236\200\377\170\001\014\056\301\066\275\376\226\220\156\010\363 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 +\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 +\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 +\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 +\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 +\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 +\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 +\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 +\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 +\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 +\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\011\000\311\315\323\351\325\175\043\316 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index f23e2494fd0..c9e57aaad06 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -77,8 +77,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 80 -#define NSS_BUILTINS_LIBRARY_VERSION "1.80" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 81 +#define NSS_BUILTINS_LIBRARY_VERSION "1.81" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index a155c4fcbe7..6e52bb9b11a 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -168,8 +168,8 @@ ifeq ($(CPU_ARCH),x86_64) DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN # DEFINES += -DMPI_AMD64_ADD # comment the next two lines to turn off intel HW accelleration -# DEFINES += -DUSE_HW_AES -# ASFILES += intel-aes.s + DEFINES += -DUSE_HW_AES + ASFILES += intel-aes.s MPI_SRCS += mpi_amd64.c mp_comba.c endif ifeq ($(CPU_ARCH),x86) @@ -415,8 +415,8 @@ else DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY DEFINES += -DNSS_USE_COMBA -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN # comment the next two lines to turn off intel HW accelleration -# DEFINES += -DUSE_HW_AES -# ASFILES += intel-aes.s + DEFINES += -DUSE_HW_AES + ASFILES += intel-aes.s MPI_SRCS += mpi_amd64.c else # Solaris x86 diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 21e93531945..bfe23f8353b 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: blapi.h,v 1.33 2009/03/29 03:45:32 wtc%google.com Exp $ */ +/* $Id: blapi.h,v 1.33.22.2 2010/12/04 18:59:01 rrelyea%redhat.com Exp $ */ #ifndef _BLAPI_H_ #define _BLAPI_H_ @@ -98,11 +98,58 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, */ extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); +/* +** Given only minimal private key parameters, fill in the rest of the +** parameters. +** +** +** All the entries, including those supplied by the caller, will be +** overwritten with data alocated out of the arena. +** +** If no arena is supplied, one will be created. +** +** The following fields must be supplied in order for this function +** to succeed: +** one of either publicExponent or privateExponent +** two more of the following 5 parameters (not counting the above). +** modulus (n) +** prime1 (p) +** prime2 (q) +** publicExponent (e) +** privateExponent (d) +** +** NOTE: if only the publicExponent, privateExponent, and one prime is given, +** then there may be more than one RSA key that matches that combination. If +** we find 2 possible valid keys that meet this criteria, we return an error. +** If we return the wrong key, and the original modulus is compared to the +** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get +** the common prime. +** +** NOTE: in some cases the publicExponent must be less than 2^23 for this +** function to work correctly. (The case where we have only one of: modulus +** prime1 and prime2). +** +** All parameters will be replaced in the key structure with new parameters +** allocated out of the arena. There is no attempt to free the old structures. +** prime1 will always be greater than prime2 (even if the caller supplies the +** smaller prime as prime1 or the larger prime as prime2). The parameters are +** not overwritten on failure. +** +** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv) +** can also be used in reconstructing the private key, they are currently +** ignored in this implementation. +*/ +extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key); /******************************************************************** ** DSA signing algorithm */ +/* Generate a new random value within the interval [2, q-1]. +*/ +extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q, + SECItem * random); + /* ** Generate and return a new DSA public and private key pair, ** both of which are encoded into a single DSAPrivateKey struct. @@ -193,6 +240,72 @@ extern SECStatus KEA_Derive(SECItem *prime, */ extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime); +/**************************************** + * J-PAKE key transport + */ + +/* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x + * using the specified hash algorithm and signer ID. The signature is + * returned in the values gv and r. testRandom must be NULL for a PRNG + * generated random committment to be used in the sigature. When testRandom + * is non-NULL, that value must contain a value in the subgroup q; that + * value will be used instead of a PRNG-generated committment in order to + * facilitate known-answer tests. + * + * If gxIn is non-NULL then it must contain a pre-computed value of g^x that + * will be used by the function; in this case, the gxOut parameter must be NULL. + * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case + * gxOut will contain the value g^x on output. + * + * gx (if not supplied by the caller), gv, and r will be allocated in the arena. + * The arena is *not* optional so do not pass NULL for the arena parameter. + * The arena should be zeroed when it is freed. + */ +SECStatus +JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType, + const SECItem * signerID, const SECItem * x, + const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut, + SECItem * gv, SECItem * r); + +/* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the + * value x using the specified hash algorithm and signer ID. + * + * The arena is *not* optional so do not pass NULL for the arena parameter. + */ +SECStatus +JPAKE_Verify(PRArenaPool * arena, const PQGParams * pqg, + HASH_HashType hashType, const SECItem * signerID, + const SECItem * peerID, const SECItem * gx, + const SECItem * gv, const SECItem * r); + +/* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate + * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in + * round 2 (A and the proof of knowledge of x2s) can then be calculated with + * JPAKE_Sign using pqg->base = base and x = x2s. + * + * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3) + * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then call + * JPAKE_Verify with pqg->base = base and then JPAKE_Final. + * + * base and x2s will be allocated in the arena. The arena is *not* optional so + * do not pass NULL for the arena parameter. The arena should be zeroed when it + * is freed. +*/ +SECStatus +JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q, + const SECItem * gx1, const SECItem * gx3, const SECItem * gx4, + SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s); + +/* K = (B/g^(x2*x4*s))^x2 (mod p) + * + * K will be allocated in the arena. The arena is *not* optional so do not pass + * NULL for the arena parameter. The arena should be zeroed when it is freed. + */ +SECStatus +JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q, + const SECItem * x2, const SECItem * gx4, const SECItem * x2s, + const SECItem * B, SECItem * K); + /****************************************************** ** Elliptic Curve algorithms */ diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c index d24626227f7..ac5606e1f73 100644 --- a/security/nss/lib/freebl/dsa.c +++ b/security/nss/lib/freebl/dsa.c @@ -35,7 +35,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: dsa.c,v 1.20 2009/03/29 16:51:58 wtc%google.com Exp $ */ +/* $Id: dsa.c,v 1.20.22.1 2010/12/04 18:59:01 rrelyea%redhat.com Exp $ */ #ifdef FREEBL_NO_DEPEND #include "stubs.h" @@ -56,21 +56,17 @@ /* XXX to be replaced by define in blapit.h */ #define NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE 2048 -#define FIPS_DSA_Q 160 -#define QSIZE (FIPS_DSA_Q / PR_BITS_PER_BYTE) - /* * FIPS 186-2 requires result from random output to be reduced mod q when * generating random numbers for DSA. * - * Input: w, 2*QSIZE bytes - * q, DSA_SUBPRIME_LEN bytes - * Output: xj, DSA_SUBPRIME_LEN bytes + * Input: w, 2*qLen bytes + * q, qLen bytes + * Output: xj, qLen bytes */ -SECStatus -FIPS186Change_ReduceModQForDSA(const PRUint8 *w, - const PRUint8 *q, - PRUint8 *xj) +static SECStatus +fips186Change_ReduceModQForDSA(const PRUint8 *w, const PRUint8 *q, + unsigned int qLen, PRUint8 * xj) { mp_int W, Q, Xj; mp_err err; @@ -86,15 +82,16 @@ FIPS186Change_ReduceModQForDSA(const PRUint8 *w, /* * Convert input arguments into MPI integers. */ - CHECK_MPI_OK( mp_read_unsigned_octets(&W, w, 2*QSIZE) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&Q, q, DSA_SUBPRIME_LEN) ); + CHECK_MPI_OK( mp_read_unsigned_octets(&W, w, 2*qLen) ); + CHECK_MPI_OK( mp_read_unsigned_octets(&Q, q, qLen) ); + /* * Algorithm 1 of FIPS 186-2 Change Notice 1, Step 3.3 * * xj = (w0 || w1) mod q */ CHECK_MPI_OK( mp_mod(&W, &Q, &Xj) ); - CHECK_MPI_OK( mp_to_fixlen_octets(&Xj, xj, DSA_SUBPRIME_LEN) ); + CHECK_MPI_OK( mp_to_fixlen_octets(&Xj, xj, qLen) ); cleanup: mp_clear(&W); mp_clear(&Q); @@ -106,6 +103,17 @@ cleanup: return rv; } +/* + * FIPS 186-2 requires result from random output to be reduced mod q when + * generating random numbers for DSA. + */ +SECStatus +FIPS186Change_ReduceModQForDSA(const unsigned char *w, + const unsigned char *q, + unsigned char *xj) { + return fips186Change_ReduceModQForDSA(w, q, DSA_SUBPRIME_LEN, xj); +} + /* * The core of Algorithm 1 of FIPS 186-2 Change Notice 1. * @@ -137,24 +145,36 @@ FIPS186Change_GenerateX(PRUint8 *XKEY, const PRUint8 *XSEEDj, ** object. In DSA mode, so there is a q. */ static SECStatus -dsa_GenerateGlobalRandomBytes(void *dest, size_t len, const PRUint8 *q) +dsa_GenerateGlobalRandomBytes(const SECItem * qItem, PRUint8 * dest, + unsigned int * destLen, unsigned int maxDestLen) { SECStatus rv; - PRUint8 w[2*QSIZE]; + SECItem w; + const PRUint8 * q = qItem->data; + unsigned int qLen = qItem->len; - PORT_Assert(q && len == DSA_SUBPRIME_LEN); - if (len != DSA_SUBPRIME_LEN) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } if (*q == 0) { ++q; + --qLen; } - rv = RNG_GenerateGlobalRandomBytes(w, 2*QSIZE); - if (rv != SECSuccess) { - return rv; + if (maxDestLen < qLen) { + /* This condition can occur when DSA_SignDigest is passed a group + with a subprime that is larger than DSA_SUBPRIME_LEN. */ + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } - FIPS186Change_ReduceModQForDSA(w, q, (PRUint8 *)dest); + w.data = NULL; /* otherwise SECITEM_AllocItem asserts */ + if (!SECITEM_AllocItem(NULL, &w, 2*qLen)) { + return SECFailure; + } + *destLen = qLen; + + rv = RNG_GenerateGlobalRandomBytes(w.data, w.len); + if (rv == SECSuccess) { + rv = fips186Change_ReduceModQForDSA(w.data, q, qLen, dest); + } + + SECITEM_FreeItem(&w, PR_FALSE); return rv; } @@ -163,9 +183,9 @@ static void translate_mpi_error(mp_err err) MP_TO_SEC_ERROR(err); } -SECStatus -dsa_NewKey(const PQGParams *params, DSAPrivateKey **privKey, - const unsigned char *xb) +static SECStatus +dsa_NewKeyExtended(const PQGParams *params, const SECItem * seed, + DSAPrivateKey **privKey) { mp_int p, g; mp_int x, y; @@ -173,7 +193,7 @@ dsa_NewKey(const PQGParams *params, DSAPrivateKey **privKey, PRArenaPool *arena; DSAPrivateKey *key; /* Check args. */ - if (!params || !privKey) { + if (!params || !privKey || !seed || !seed->data) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -208,10 +228,10 @@ dsa_NewKey(const PQGParams *params, DSAPrivateKey **privKey, /* Convert stored p, g, and received x into MPI integers. */ SECITEM_TO_MPINT(params->prime, &p); SECITEM_TO_MPINT(params->base, &g); - OCTETS_TO_MPINT(xb, &x, DSA_SUBPRIME_LEN); + OCTETS_TO_MPINT(seed->data, &x, seed->len); /* Store x in private key */ - SECITEM_AllocItem(arena, &key->privateValue, DSA_SUBPRIME_LEN); - memcpy(key->privateValue.data, xb, DSA_SUBPRIME_LEN); + SECITEM_AllocItem(arena, &key->privateValue, seed->len); + PORT_Memcpy(key->privateValue.data, seed->data, seed->len); /* Compute public key y = g**x mod p */ CHECK_MPI_OK( mp_exptmod(&g, &x, &p, &y) ); /* Store y in public key */ @@ -232,6 +252,53 @@ cleanup: return SECSuccess; } +SECStatus +DSA_NewRandom(PLArenaPool * arena, const SECItem * q, SECItem * seed) +{ + int retries = 10; + unsigned int i; + PRBool good; + + if (q == NULL || q->data == NULL || q->len == 0 || + (q->data[0] == 0 && q->len == 1)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + if (!SECITEM_AllocItem(arena, seed, q->len)) { + return SECFailure; + } + + do { + /* Generate seed bytes for x according to FIPS 186-1 appendix 3 */ + if (dsa_GenerateGlobalRandomBytes(q, seed->data, &seed->len, + seed->len)) { + goto loser; + } + /* Disallow values of 0 and 1 for x. */ + good = PR_FALSE; + for (i = 0; i < seed->len-1; i++) { + if (seed->data[i] != 0) { + good = PR_TRUE; + break; + } + } + if (!good && seed->data[i] > 1) { + good = PR_TRUE; + } + } while (!good && --retries > 0); + + if (!good) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); +loser: if (arena != NULL) { + SECITEM_FreeItem(seed, PR_FALSE); + } + return SECFailure; + } + + return SECSuccess; +} + /* ** Generate and return a new DSA public and private key pair, ** both of which are encoded into a single DSAPrivateKey struct. @@ -241,37 +308,21 @@ cleanup: SECStatus DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey) { + SECItem seed; SECStatus rv; - unsigned char seed[DSA_SUBPRIME_LEN]; - int retries = 10; - int i; - PRBool good; - do { - /* Generate seed bytes for x according to FIPS 186-1 appendix 3 */ - if (dsa_GenerateGlobalRandomBytes(seed, DSA_SUBPRIME_LEN, - params->subPrime.data)) - return SECFailure; - /* Disallow values of 0 and 1 for x. */ - good = PR_FALSE; - for (i = 0; i < DSA_SUBPRIME_LEN-1; i++) { - if (seed[i] != 0) { - good = PR_TRUE; - break; - } - } - if (!good && seed[i] > 1) { - good = PR_TRUE; - } - } while (!good && --retries > 0); + seed.data = NULL; - if (!good) { - PORT_SetError(SEC_ERROR_NEED_RANDOM); - return SECFailure; + rv = DSA_NewRandom(NULL, ¶ms->subPrime, &seed); + if (rv == SECSuccess) { + if (seed.len != DSA_SUBPRIME_LEN) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } else { + rv = dsa_NewKeyExtended(params, &seed, privKey); + } } - - /* Generate a new DSA key using random seed. */ - rv = dsa_NewKey(params, privKey, seed); + SECITEM_FreeItem(&seed, PR_FALSE); return rv; } @@ -281,9 +332,11 @@ DSA_NewKeyFromSeed(const PQGParams *params, const unsigned char *seed, DSAPrivateKey **privKey) { - SECStatus rv; - rv = dsa_NewKey(params, privKey, seed); - return rv; + /* TODO: check Q size */ + SECItem seedItem; + seedItem.data = (unsigned char*) seed; + seedItem.len = DSA_SUBPRIME_LEN; + return dsa_NewKeyExtended(params, &seedItem, privKey); } static SECStatus @@ -393,18 +446,24 @@ DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest) SECStatus rv; int retries = 10; unsigned char kSeed[DSA_SUBPRIME_LEN]; - int i; + unsigned int kSeedLen = 0; + unsigned int i; PRBool good; PORT_SetError(0); do { - rv = dsa_GenerateGlobalRandomBytes(kSeed, DSA_SUBPRIME_LEN, - key->params.subPrime.data); + rv = dsa_GenerateGlobalRandomBytes(&key->params.subPrime, + kSeed, &kSeedLen, sizeof kSeed); if (rv != SECSuccess) break; + if (kSeedLen != DSA_SUBPRIME_LEN) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } /* Disallow a value of 0 for k. */ good = PR_FALSE; - for (i = 0; i < DSA_SUBPRIME_LEN; i++) { + for (i = 0; i < kSeedLen; i++) { if (kSeed[i] != 0) { good = PR_TRUE; break; diff --git a/security/nss/lib/freebl/intel-aes.s b/security/nss/lib/freebl/intel-aes.s index a154ba0797e..823508b188f 100644 --- a/security/nss/lib/freebl/intel-aes.s +++ b/security/nss/lib/freebl/intel-aes.s @@ -438,22 +438,18 @@ intel_aes_encrypt_cbc_128: .globl intel_aes_decrypt_cbc_128 .align 16 intel_aes_decrypt_cbc_128: -// leaq IV_OFFSET(%rdi), %rdx -// leaq EXPANDED_KEY_OFFSET(%rdi), %rdi - leaq 16(%rdi), %rdx - leaq 48(%rdi), %rdi + leaq 16(%rdi), %rdx /* iv */ + leaq 48(%rdi), %rdi /* expanded key */ - movdqu (%rdx), %xmm0 - movdqu (%rdi), %xmm2 - movdqu 160(%rdi), %xmm12 + movdqu (%rdx), %xmm0 /* iv */ + movdqu (%rdi), %xmm2 /* first key block */ + movdqu 160(%rdi), %xmm12 /* last key block */ xorl %eax, %eax -// cmpq $8*16, %r9 cmpq $128, %r9 jb 1f -// leaq -8*16(%r9), %r11 leaq -128(%r9), %r11 -2: movdqu (%r8, %rax), %xmm3 - movdqu 16(%r8, %rax), %xmm4 +2: movdqu (%r8, %rax), %xmm3 /* 1st data block */ + movdqu 16(%r8, %rax), %xmm4 /* 2d data block */ movdqu 32(%r8, %rax), %xmm5 movdqu 48(%r8, %rax), %xmm6 movdqu 64(%r8, %rax), %xmm7 @@ -469,7 +465,7 @@ intel_aes_decrypt_cbc_128: pxor %xmm12, %xmm9 pxor %xmm12, %xmm10 movq $144, %r10 -3: movdqu (%rdi, %r10), %xmm1 +3: movdqu (%rdi, %r10), %xmm1 /* n-th block of the key */ .byte 0x66,0x0f,0x38,0xde,0xd9 /* aesdec %xmm1, %xmm3 */ .byte 0x66,0x0f,0x38,0xde,0xe1 /* aesdec %xmm1, %xmm4 */ .byte 0x66,0x0f,0x38,0xde,0xe9 /* aesdec %xmm1, %xmm5 */ @@ -488,14 +484,21 @@ intel_aes_decrypt_cbc_128: .byte 0x66,0x44,0x0f,0x38,0xdf,0xc2 /* aesdeclast %xmm2, %xmm8 */ .byte 0x66,0x44,0x0f,0x38,0xdf,0xca /* aesdeclast %xmm2, %xmm9 */ .byte 0x66,0x44,0x0f,0x38,0xdf,0xd2 /* aesdeclast %xmm2, %xmm10 */ - pxor %xmm0, %xmm3 - pxor (%r8, %rax), %xmm4 - pxor 16(%r8, %rax), %xmm5 - pxor 32(%r8, %rax), %xmm6 - pxor 48(%r8, %rax), %xmm7 - pxor 64(%r8, %rax), %xmm8 - pxor 80(%r8, %rax), %xmm9 - pxor 96(%r8, %rax), %xmm10 + pxor %xmm0, %xmm3 + movdqu (%r8, %rax), %xmm0 + pxor %xmm0, %xmm4 + movdqu 16(%r8, %rax), %xmm0 + pxor %xmm0, %xmm5 + movdqu 32(%r8, %rax), %xmm0 + pxor %xmm0, %xmm6 + movdqu 48(%r8, %rax), %xmm0 + pxor %xmm0, %xmm7 + movdqu 64(%r8, %rax), %xmm0 + pxor %xmm0, %xmm8 + movdqu 80(%r8, %rax), %xmm0 + pxor %xmm0, %xmm9 + movdqu 96(%r8, %rax), %xmm0 + pxor %xmm0, %xmm10 movdqu 112(%r8, %rax), %xmm0 movdqu %xmm3, (%rsi, %rax) movdqu %xmm4, 16(%rsi, %rax) @@ -505,7 +508,6 @@ intel_aes_decrypt_cbc_128: movdqu %xmm8, 80(%rsi, %rax) movdqu %xmm9, 96(%rsi, %rax) movdqu %xmm10, 112(%rsi, %rax) -// addq $8*16, %rax addq $128, %rax cmpq %r11, %rax jbe 2b @@ -547,8 +549,7 @@ intel_aes_decrypt_cbc_128: xor %eax, %eax ret .size intel_aes_decrypt_cbc_128, .-intel_aes_decrypt_cbc_128 - - + /* in %rdi : the key in %rsi : buffer for expanded key */ @@ -974,8 +975,6 @@ intel_aes_encrypt_cbc_192: .globl intel_aes_decrypt_cbc_192 .align 16 intel_aes_decrypt_cbc_192: -// leaq IV_OFFSET(%rdi), %rdx -// leaq EXPANDED_KEY_OFFSET(%rdi), %rdi leaq 16(%rdi), %rdx leaq 48(%rdi), %rdi @@ -983,10 +982,8 @@ intel_aes_decrypt_cbc_192: movdqu (%rdi), %xmm2 movdqu 192(%rdi), %xmm14 xorl %eax, %eax -// cmpq $8*16, %r9 cmpq $128, %r9 jb 1f -// leaq -8*16(%r9), %r11 leaq -128(%r9), %r11 2: movdqu (%r8, %rax), %xmm3 movdqu 16(%r8, %rax), %xmm4 @@ -1024,14 +1021,21 @@ intel_aes_decrypt_cbc_192: .byte 0x66,0x44,0x0f,0x38,0xdf,0xc2 /* aesdeclast %xmm2, %xmm8 */ .byte 0x66,0x44,0x0f,0x38,0xdf,0xca /* aesdeclast %xmm2, %xmm9 */ .byte 0x66,0x44,0x0f,0x38,0xdf,0xd2 /* aesdeclast %xmm2, %xmm10 */ - pxor %xmm0, %xmm3 - pxor (%r8, %rax), %xmm4 - pxor 16(%r8, %rax), %xmm5 - pxor 32(%r8, %rax), %xmm6 - pxor 48(%r8, %rax), %xmm7 - pxor 64(%r8, %rax), %xmm8 - pxor 80(%r8, %rax), %xmm9 - pxor 96(%r8, %rax), %xmm10 + pxor %xmm0, %xmm3 + movdqu (%r8, %rax), %xmm0 + pxor %xmm0, %xmm4 + movdqu 16(%r8, %rax), %xmm0 + pxor %xmm0, %xmm5 + movdqu 32(%r8, %rax), %xmm0 + pxor %xmm0, %xmm6 + movdqu 48(%r8, %rax), %xmm0 + pxor %xmm0, %xmm7 + movdqu 64(%r8, %rax), %xmm0 + pxor %xmm0, %xmm8 + movdqu 80(%r8, %rax), %xmm0 + pxor %xmm0, %xmm9 + movdqu 96(%r8, %rax), %xmm0 + pxor %xmm0, %xmm10 movdqu 112(%r8, %rax), %xmm0 movdqu %xmm3, (%rsi, %rax) movdqu %xmm4, 16(%rsi, %rax) @@ -1041,7 +1045,6 @@ intel_aes_decrypt_cbc_192: movdqu %xmm8, 80(%rsi, %rax) movdqu %xmm9, 96(%rsi, %rax) movdqu %xmm10, 112(%rsi, %rax) -// addq $8*16, %rax addq $128, %rax cmpq %r11, %rax jbe 2b @@ -1088,7 +1091,6 @@ intel_aes_decrypt_cbc_192: ret .size intel_aes_decrypt_cbc_192, .-intel_aes_decrypt_cbc_192 - /* in %rdi : the key in %rsi : buffer for expanded key */ @@ -1296,13 +1298,13 @@ intel_aes_encrypt_ecb_256: 1: cmpq %rax, %r9 je 5f + movdqu (%rdi), %xmm8 movdqu 16(%rdi), %xmm2 movdqu 32(%rdi), %xmm3 movdqu 48(%rdi), %xmm4 movdqu 64(%rdi), %xmm5 movdqu 80(%rdi), %xmm6 movdqu 96(%rdi), %xmm7 - movdqu 112(%rdi), %xmm8 movdqu 128(%rdi), %xmm9 movdqu 144(%rdi), %xmm10 movdqu 160(%rdi), %xmm11 @@ -1311,7 +1313,8 @@ intel_aes_encrypt_ecb_256: movdqu 208(%rdi), %xmm14 4: movdqu (%r8, %rax), %xmm1 - pxor (%rdi), %xmm1 + pxor %xmm8, %xmm1 + movdqu 112(%rdi), %xmm8 .byte 0x66,0x0f,0x38,0xdc,0xca /* aesenc %xmm2, %xmm1 */ .byte 0x66,0x0f,0x38,0xdc,0xcb /* aesenc %xmm3, %xmm1 */ .byte 0x66,0x0f,0x38,0xdc,0xcc /* aesenc %xmm4, %xmm1 */ @@ -1319,6 +1322,7 @@ intel_aes_encrypt_ecb_256: .byte 0x66,0x0f,0x38,0xdc,0xce /* aesenc %xmm6, %xmm1 */ .byte 0x66,0x0f,0x38,0xdc,0xcf /* aesenc %xmm7, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xdc,0xc8 /* aesenc %xmm8, %xmm1 */ + movdqu (%rdi), %xmm8 .byte 0x66,0x41,0x0f,0x38,0xdc,0xc9 /* aesenc %xmm9, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xdc,0xca /* aesenc %xmm10, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xdc,0xcb /* aesenc %xmm11, %xmm1 */ @@ -1434,13 +1438,15 @@ intel_aes_decrypt_ecb_256: .byte 0x66,0x41,0x0f,0x38,0xde,0xca /* aesdec %xmm10, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xde,0xc9 /* aesdec %xmm9, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xde,0xc8 /* aesdec %xmm8, %xmm1 */ + movdqu (%rdi), %xmm8 .byte 0x66,0x0f,0x38,0xde,0xcf /* aesdec %xmm7, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xce /* aesdec %xmm6, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xcd /* aesdec %xmm5, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xcc /* aesdec %xmm4, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xcb /* aesdec %xmm3, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xca /* aesdec %xmm2, %xmm1 */ - .byte 0x66,0x0f,0x38,0xdf,0x0f /* aesdeclast (%rdi), %xmm1 */ + .byte 0x66,0x41,0x0f,0x38,0xdf,0xc8 /* aesdeclast %xmm8, %xmm1 */ + movdqu 112(%rdi), %xmm8 movdqu %xmm1, (%rsi, %rax) addq $16, %rax cmpq %rax, %r9 @@ -1473,13 +1479,13 @@ intel_aes_encrypt_cbc_256: leaq 48(%rdi), %rdi movdqu (%rdx), %xmm0 + movdqu (%rdi), %xmm8 movdqu 16(%rdi), %xmm2 movdqu 32(%rdi), %xmm3 movdqu 48(%rdi), %xmm4 movdqu 64(%rdi), %xmm5 movdqu 80(%rdi), %xmm6 movdqu 96(%rdi), %xmm7 - movdqu 112(%rdi), %xmm8 movdqu 128(%rdi), %xmm9 movdqu 144(%rdi), %xmm10 movdqu 160(%rdi), %xmm11 @@ -1491,7 +1497,8 @@ intel_aes_encrypt_cbc_256: xorl %eax, %eax 1: movdqu (%r8, %rax), %xmm1 pxor %xmm0, %xmm1 - pxor (%rdi), %xmm1 + pxor %xmm8, %xmm1 + movdqu 112(%rdi), %xmm8 .byte 0x66,0x0f,0x38,0xdc,0xca /* aesenc %xmm2, %xmm1 */ .byte 0x66,0x0f,0x38,0xdc,0xcb /* aesenc %xmm3, %xmm1 */ .byte 0x66,0x0f,0x38,0xdc,0xcc /* aesenc %xmm4, %xmm1 */ @@ -1499,6 +1506,7 @@ intel_aes_encrypt_cbc_256: .byte 0x66,0x0f,0x38,0xdc,0xce /* aesenc %xmm6, %xmm1 */ .byte 0x66,0x0f,0x38,0xdc,0xcf /* aesenc %xmm7, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xdc,0xc8 /* aesenc %xmm8, %xmm1 */ + movdqu (%rdi), %xmm8 .byte 0x66,0x41,0x0f,0x38,0xdc,0xc9 /* aesenc %xmm9, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xdc,0xca /* aesenc %xmm10, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xdc,0xcb /* aesenc %xmm11, %xmm1 */ @@ -1582,14 +1590,21 @@ intel_aes_decrypt_cbc_256: .byte 0x66,0x44,0x0f,0x38,0xdf,0xc2 /* aesdeclast %xmm2, %xmm8 */ .byte 0x66,0x44,0x0f,0x38,0xdf,0xca /* aesdeclast %xmm2, %xmm9 */ .byte 0x66,0x44,0x0f,0x38,0xdf,0xd2 /* aesdeclast %xmm2, %xmm10 */ - pxor %xmm0, %xmm3 - pxor (%r8, %rax), %xmm4 - pxor 16(%r8, %rax), %xmm5 - pxor 32(%r8, %rax), %xmm6 - pxor 48(%r8, %rax), %xmm7 - pxor 64(%r8, %rax), %xmm8 - pxor 80(%r8, %rax), %xmm9 - pxor 96(%r8, %rax), %xmm10 + pxor %xmm0, %xmm3 + movdqu (%r8, %rax), %xmm0 + pxor %xmm0, %xmm4 + movdqu 16(%r8, %rax), %xmm0 + pxor %xmm0, %xmm5 + movdqu 32(%r8, %rax), %xmm0 + pxor %xmm0, %xmm6 + movdqu 48(%r8, %rax), %xmm0 + pxor %xmm0, %xmm7 + movdqu 64(%r8, %rax), %xmm0 + pxor %xmm0, %xmm8 + movdqu 80(%r8, %rax), %xmm0 + pxor %xmm0, %xmm9 + movdqu 96(%r8, %rax), %xmm0 + pxor %xmm0, %xmm10 movdqu 112(%r8, %rax), %xmm0 movdqu %xmm3, (%rsi, %rax) movdqu %xmm4, 16(%rsi, %rax) @@ -1629,13 +1644,15 @@ intel_aes_decrypt_cbc_256: .byte 0x66,0x41,0x0f,0x38,0xde,0xca /* aesdec %xmm10, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xde,0xc9 /* aesdec %xmm9, %xmm1 */ .byte 0x66,0x41,0x0f,0x38,0xde,0xc8 /* aesdec %xmm8, %xmm1 */ + movdqu (%rdi), %xmm8 .byte 0x66,0x0f,0x38,0xde,0xcf /* aesdec %xmm7, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xce /* aesdec %xmm6, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xcd /* aesdec %xmm5, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xcc /* aesdec %xmm4, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xcb /* aesdec %xmm3, %xmm1 */ .byte 0x66,0x0f,0x38,0xde,0xca /* aesdec %xmm2, %xmm1 */ - .byte 0x66,0x0f,0x38,0xdf,0x0f /* aesdeclast (%rdi), %xmm1 */ + .byte 0x66,0x41,0x0f,0x38,0xdf,0xc8 /* aesdeclast %xmm8, %xmm1 */ + movdqu 112(%rdi), %xmm8 pxor %xmm0, %xmm1 movdqu %xmm1, (%rsi, %rax) movdqu (%r8, %rax), %xmm0 diff --git a/security/nss/lib/freebl/jpake.c b/security/nss/lib/freebl/jpake.c new file mode 100644 index 00000000000..c74e418193d --- /dev/null +++ b/security/nss/lib/freebl/jpake.c @@ -0,0 +1,525 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Mozilla Fonudation. + * Portions created by the Initial Developer are Copyright (C) 2010 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef FREEBL_NO_DEPEND +#include "stubs.h" +#endif + +#include "blapi.h" +#include "secerr.h" +#include "secitem.h" +#include "secmpi.h" + +/* Hash an item's length and then its value. Only items smaller than 2^16 bytes + * are allowed. Lengths are hashed in network byte order. This is designed + * to match the OpenSSL J-PAKE implementation. + */ +static mp_err +hashSECItem(HASHContext * hash, const SECItem * it) +{ + unsigned char length[2]; + + if (it->len > 0xffff) + return MP_BADARG; + + length[0] = (unsigned char) (it->len >> 8); + length[1] = (unsigned char) (it->len); + hash->hashobj->update(hash->hash_context, length, 2); + hash->hashobj->update(hash->hash_context, it->data, it->len); + return MP_OKAY; +} + +/* Hash all public components of the signature, each prefixed with its + length, and then convert the hash to an mp_int. */ +static mp_err +hashPublicParams(HASH_HashType hashType, const SECItem * g, + const SECItem * gv, const SECItem * gx, + const SECItem * signerID, mp_int * h) +{ + mp_err err; + unsigned char hBuf[HASH_LENGTH_MAX]; + SECItem hItem; + HASHContext hash; + + hash.hashobj = HASH_GetRawHashObject(hashType); + if (hash.hashobj == NULL || hash.hashobj->length > sizeof hBuf) { + return MP_BADARG; + } + hash.hash_context = hash.hashobj->create(); + if (hash.hash_context == NULL) { + return MP_MEM; + } + + hItem.data = hBuf; + hItem.len = hash.hashobj->length; + + hash.hashobj->begin(hash.hash_context); + CHECK_MPI_OK( hashSECItem(&hash, g) ); + CHECK_MPI_OK( hashSECItem(&hash, gv) ); + CHECK_MPI_OK( hashSECItem(&hash, gx) ); + CHECK_MPI_OK( hashSECItem(&hash, signerID) ); + hash.hashobj->end(hash.hash_context, hItem.data, &hItem.len, + sizeof hBuf); + SECITEM_TO_MPINT(hItem, h); + +cleanup: + if (hash.hash_context != NULL) { + hash.hashobj->destroy(hash.hash_context, PR_TRUE); + } + + return err; +} + +/* Generate a Schnorr signature for round 1 or round 2 */ +SECStatus +JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType, + const SECItem * signerID, const SECItem * x, + const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut, + SECItem * gv, SECItem * r) +{ + SECStatus rv = SECSuccess; + mp_err err; + mp_int p; + mp_int q; + mp_int g; + mp_int X; + mp_int GX; + mp_int V; + mp_int GV; + mp_int h; + mp_int tmp; + mp_int R; + SECItem v; + + if (!arena || + !pqg || !pqg->prime.data || pqg->prime.len == 0 || + !pqg->subPrime.data || pqg->subPrime.len == 0 || + !pqg->base.data || pqg->base.len == 0 || + !signerID || !signerID->data || signerID->len == 0 || + !x || !x->data || x->len == 0 || + (testRandom && (!testRandom->data || testRandom->len == 0)) || + (gxIn == NULL && (!gxOut || gxOut->data != NULL)) || + (gxIn != NULL && (!gxIn->data || gxIn->len == 0 || gxOut != NULL)) || + !gv || gv->data != NULL || + !r || r->data != NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + + MP_DIGITS(&p) = 0; + MP_DIGITS(&q) = 0; + MP_DIGITS(&g) = 0; + MP_DIGITS(&X) = 0; + MP_DIGITS(&GX) = 0; + MP_DIGITS(&V) = 0; + MP_DIGITS(&GV) = 0; + MP_DIGITS(&h) = 0; + MP_DIGITS(&tmp) = 0; + MP_DIGITS(&R) = 0; + + CHECK_MPI_OK( mp_init(&p) ); + CHECK_MPI_OK( mp_init(&q) ); + CHECK_MPI_OK( mp_init(&g) ); + CHECK_MPI_OK( mp_init(&X) ); + CHECK_MPI_OK( mp_init(&GX) ); + CHECK_MPI_OK( mp_init(&V) ); + CHECK_MPI_OK( mp_init(&GV) ); + CHECK_MPI_OK( mp_init(&h) ); + CHECK_MPI_OK( mp_init(&tmp) ); + CHECK_MPI_OK( mp_init(&R) ); + + SECITEM_TO_MPINT(pqg->prime, &p); + SECITEM_TO_MPINT(pqg->subPrime, &q); + SECITEM_TO_MPINT(pqg->base, &g); + SECITEM_TO_MPINT(*x, &X); + + /* gx = g^x */ + if (gxIn == NULL) { + CHECK_MPI_OK( mp_exptmod(&g, &X, &p, &GX) ); + MPINT_TO_SECITEM(&GX, gxOut, arena); + gxIn = gxOut; + } else { + SECITEM_TO_MPINT(*gxIn, &GX); + } + + /* v is a random value in the q subgroup */ + if (testRandom == NULL) { + v.data = NULL; + rv = DSA_NewRandom(arena, &pqg->subPrime, &v); + if (rv != SECSuccess) { + goto cleanup; + } + } else { + v.data = testRandom->data; + v.len = testRandom->len; + } + SECITEM_TO_MPINT(v, &V); + + /* gv = g^v (mod q), random v, 1 <= v < q */ + CHECK_MPI_OK( mp_exptmod(&g, &V, &p, &GV) ); + MPINT_TO_SECITEM(&GV, gv, arena); + + /* h = H(g, gv, gx, signerID) */ + CHECK_MPI_OK( hashPublicParams(hashType, &pqg->base, gv, gxIn, signerID, + &h) ); + + /* r = v - x*h (mod q) */ + CHECK_MPI_OK( mp_mulmod(&X, &h, &q, &tmp) ); + CHECK_MPI_OK( mp_submod(&V, &tmp, &q, &R) ); + MPINT_TO_SECITEM(&R, r, arena); + +cleanup: + mp_clear(&p); + mp_clear(&q); + mp_clear(&g); + mp_clear(&X); + mp_clear(&GX); + mp_clear(&V); + mp_clear(&GV); + mp_clear(&h); + mp_clear(&tmp); + mp_clear(&R); + + if (rv == SECSuccess && err != MP_OKAY) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +/* Verify a Schnorr signature generated by the peer in round 1 or round 2. */ +SECStatus +JPAKE_Verify(PRArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType, + const SECItem * signerID, const SECItem * peerID, + const SECItem * gx, const SECItem * gv, const SECItem * r) +{ + SECStatus rv = SECSuccess; + mp_err err; + mp_int p; + mp_int q; + mp_int g; + mp_int p_minus_1; + mp_int GX; + mp_int h; + mp_int one; + mp_int R; + mp_int gr; + mp_int gxh; + mp_int gr_gxh; + SECItem calculated; + + if (!arena || + !pqg || !pqg->prime.data || pqg->prime.len == 0 || + !pqg->subPrime.data || pqg->subPrime.len == 0 || + !pqg->base.data || pqg->base.len == 0 || + !signerID || !signerID->data || signerID->len == 0 || + !peerID || !peerID->data || peerID->len == 0 || + !gx || !gx->data || gx->len == 0 || + !gv || !gv->data || gv->len == 0 || + !r || !r->data || r->len == 0 || + SECITEM_CompareItem(signerID, peerID) == SECEqual) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + MP_DIGITS(&p) = 0; + MP_DIGITS(&q) = 0; + MP_DIGITS(&g) = 0; + MP_DIGITS(&p_minus_1) = 0; + MP_DIGITS(&GX) = 0; + MP_DIGITS(&h) = 0; + MP_DIGITS(&one) = 0; + MP_DIGITS(&R) = 0; + MP_DIGITS(&gr) = 0; + MP_DIGITS(&gxh) = 0; + MP_DIGITS(&gr_gxh) = 0; + calculated.data = NULL; + + CHECK_MPI_OK( mp_init(&p) ); + CHECK_MPI_OK( mp_init(&q) ); + CHECK_MPI_OK( mp_init(&g) ); + CHECK_MPI_OK( mp_init(&p_minus_1) ); + CHECK_MPI_OK( mp_init(&GX) ); + CHECK_MPI_OK( mp_init(&h) ); + CHECK_MPI_OK( mp_init(&one) ); + CHECK_MPI_OK( mp_init(&R) ); + CHECK_MPI_OK( mp_init(&gr) ); + CHECK_MPI_OK( mp_init(&gxh) ); + CHECK_MPI_OK( mp_init(&gr_gxh) ); + + SECITEM_TO_MPINT(pqg->prime, &p); + SECITEM_TO_MPINT(pqg->subPrime, &q); + SECITEM_TO_MPINT(pqg->base, &g); + SECITEM_TO_MPINT(*gx, &GX); + SECITEM_TO_MPINT(*r, &R); + + CHECK_MPI_OK( mp_sub_d(&p, 1, &p_minus_1) ); + CHECK_MPI_OK( mp_exptmod(&GX, &q, &p, &one) ); + /* Check g^x is in [1, p-2], R is in [0, q-1], and (g^x)^q mod p == 1 */ + if (!(mp_cmp_z(&GX) > 0 && + mp_cmp(&GX, &p_minus_1) < 0 && + mp_cmp(&R, &q) < 0 && + mp_cmp_d(&one, 1) == 0)) { + goto badSig; + } + + CHECK_MPI_OK( hashPublicParams(hashType, &pqg->base, gv, gx, peerID, + &h) ); + + /* Calculate g^v = g^r * g^x^h */ + CHECK_MPI_OK( mp_exptmod(&g, &R, &p, &gr) ); + CHECK_MPI_OK( mp_exptmod(&GX, &h, &p, &gxh) ); + CHECK_MPI_OK( mp_mulmod(&gr, &gxh, &p, &gr_gxh) ); + + /* Compare calculated g^v to given g^v */ + MPINT_TO_SECITEM(&gr_gxh, &calculated, arena); + if (calculated.len == gv->len && + NSS_SecureMemcmp(calculated.data, gv->data, calculated.len) == 0) { + rv = SECSuccess; + } else { +badSig: PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + rv = SECFailure; + } + +cleanup: + mp_clear(&p); + mp_clear(&q); + mp_clear(&g); + mp_clear(&p_minus_1); + mp_clear(&GX); + mp_clear(&h); + mp_clear(&one); + mp_clear(&R); + mp_clear(&gr); + mp_clear(&gxh); + mp_clear(&gr_gxh); + + if (rv == SECSuccess && err != MP_OKAY) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +/* Calculate base = gx1*gx3*gx4 (mod p), i.e. g^(x1+x3+x4) (mod p) */ +static mp_err +jpake_Round2Base(const SECItem * gx1, const SECItem * gx3, + const SECItem * gx4, const mp_int * p, mp_int * base) +{ + mp_err err; + mp_int GX1; + mp_int GX3; + mp_int GX4; + mp_int tmp; + + MP_DIGITS(&GX1) = 0; + MP_DIGITS(&GX3) = 0; + MP_DIGITS(&GX4) = 0; + MP_DIGITS(&tmp) = 0; + + CHECK_MPI_OK( mp_init(&GX1) ); + CHECK_MPI_OK( mp_init(&GX3) ); + CHECK_MPI_OK( mp_init(&GX4) ); + CHECK_MPI_OK( mp_init(&tmp) ); + + SECITEM_TO_MPINT(*gx1, &GX1); + SECITEM_TO_MPINT(*gx3, &GX3); + SECITEM_TO_MPINT(*gx4, &GX4); + + /* In round 2, the peer/attacker sends us g^x3 and g^x4 and the protocol + requires that these values are distinct. */ + if (mp_cmp(&GX3, &GX4) == 0) { + return MP_BADARG; + } + + CHECK_MPI_OK( mp_mul(&GX1, &GX3, &tmp) ); + CHECK_MPI_OK( mp_mul(&tmp, &GX4, &tmp) ); + CHECK_MPI_OK( mp_mod(&tmp, p, base) ); + +cleanup: + mp_clear(&GX1); + mp_clear(&GX3); + mp_clear(&GX4); + mp_clear(&tmp); + return err; +} + +SECStatus +JPAKE_Round2(PLArenaPool * arena, + const SECItem * p, const SECItem *q, const SECItem * gx1, + const SECItem * gx3, const SECItem * gx4, SECItem * base, + const SECItem * x2, const SECItem * s, SECItem * x2s) +{ + mp_err err; + mp_int P; + mp_int Q; + mp_int X2; + mp_int S; + mp_int result; + + if (!arena || + !p || !p->data || p->len == 0 || + !q || !q->data || q->len == 0 || + !gx1 || !gx1->data || gx1->len == 0 || + !gx3 || !gx3->data || gx3->len == 0 || + !gx4 || !gx4->data || gx4->len == 0 || + !base || base->data != NULL || + (x2s != NULL && (x2s->data != NULL || + !x2 || !x2->data || x2->len == 0 || + !s || !s->data || s->len == 0))) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + MP_DIGITS(&P) = 0; + MP_DIGITS(&Q) = 0; + MP_DIGITS(&X2) = 0; + MP_DIGITS(&S) = 0; + MP_DIGITS(&result) = 0; + + CHECK_MPI_OK( mp_init(&P) ); + CHECK_MPI_OK( mp_init(&Q) ); + CHECK_MPI_OK( mp_init(&result) ); + + if (x2s != NULL) { + CHECK_MPI_OK( mp_init(&X2) ); + CHECK_MPI_OK( mp_init(&S) ); + + SECITEM_TO_MPINT(*q, &Q); + SECITEM_TO_MPINT(*x2, &X2); + + SECITEM_TO_MPINT(*s, &S); + if (mp_cmp(&S, &Q) >= 0) { + err = MP_BADARG; + goto cleanup; + } + + CHECK_MPI_OK( mp_mulmod(&X2, &S, &Q, &result) ); + MPINT_TO_SECITEM(&result, x2s, arena); + } + + SECITEM_TO_MPINT(*p, &P); + CHECK_MPI_OK( jpake_Round2Base(gx1, gx3, gx4, &P, &result) ); + MPINT_TO_SECITEM(&result, base, arena); + +cleanup: + mp_clear(&P); + mp_clear(&Q); + mp_clear(&X2); + mp_clear(&S); + mp_clear(&result); + + if (err != MP_OKAY) { + MP_TO_SEC_ERROR(err); + return SECFailure; + } + return SECSuccess; +} + +SECStatus +JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem * q, + const SECItem * x2, const SECItem * gx4, const SECItem * x2s, + const SECItem * B, SECItem * K) +{ + mp_err err; + mp_int P; + mp_int Q; + mp_int tmp; + mp_int exponent; + mp_int divisor; + mp_int base; + + if (!arena || + !p || !p->data || p->len == 0 || + !q || !q->data || q->len == 0 || + !x2 || !x2->data || x2->len == 0 || + !gx4 || !gx4->data || gx4->len == 0 || + !x2s || !x2s->data || x2s->len == 0 || + !B || !B->data || B->len == 0 || + !K || K->data != NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + MP_DIGITS(&P) = 0; + MP_DIGITS(&Q) = 0; + MP_DIGITS(&tmp) = 0; + MP_DIGITS(&exponent) = 0; + MP_DIGITS(&divisor) = 0; + MP_DIGITS(&base) = 0; + + CHECK_MPI_OK( mp_init(&P) ); + CHECK_MPI_OK( mp_init(&Q) ); + CHECK_MPI_OK( mp_init(&tmp) ); + CHECK_MPI_OK( mp_init(&exponent) ); + CHECK_MPI_OK( mp_init(&divisor) ); + CHECK_MPI_OK( mp_init(&base) ); + + /* exponent = -x2s (mod q) */ + SECITEM_TO_MPINT(*q, &Q); + SECITEM_TO_MPINT(*x2s, &tmp); + /* q == 0 (mod q), so q - x2s == -x2s (mod q) */ + CHECK_MPI_OK( mp_sub(&Q, &tmp, &exponent) ); + + /* divisor = gx4^-x2s = 1/(gx4^x2s) (mod p) */ + SECITEM_TO_MPINT(*p, &P); + SECITEM_TO_MPINT(*gx4, &tmp); + CHECK_MPI_OK( mp_exptmod(&tmp, &exponent, &P, &divisor) ); + + /* base = B*divisor = B/(gx4^x2s) (mod p) */ + SECITEM_TO_MPINT(*B, &tmp); + CHECK_MPI_OK( mp_mulmod(&divisor, &tmp, &P, &base) ); + + /* tmp = base^x2 (mod p) */ + SECITEM_TO_MPINT(*x2, &exponent); + CHECK_MPI_OK( mp_exptmod(&base, &exponent, &P, &tmp) ); + + MPINT_TO_SECITEM(&tmp, K, arena); + +cleanup: + mp_clear(&P); + mp_clear(&Q); + mp_clear(&tmp); + mp_clear(&exponent); + mp_clear(&divisor); + mp_clear(&base); + + if (err != MP_OKAY) { + MP_TO_SEC_ERROR(err); + return SECFailure; + } + return SECSuccess; +} diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index 1c4d8cbb4d9..a4e683c81e8 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ldvector.c,v 1.21.22.1 2010/07/31 00:11:52 wtc%google.com Exp $ */ +/* $Id: ldvector.c,v 1.21.22.3 2010/12/04 18:59:01 rrelyea%redhat.com Exp $ */ #ifdef FREEBL_NO_DEPEND extern int FREEBL_InitStubs(void); @@ -257,9 +257,20 @@ static const struct FREEBLVectorStr vector = PRNGTEST_Instantiate, PRNGTEST_Reseed, PRNGTEST_Generate, - PRNGTEST_Uninstantiate + PRNGTEST_Uninstantiate, /* End of Version 3.011. */ + + RSA_PopulatePrivateKey, + + DSA_NewRandom, + + JPAKE_Sign, + JPAKE_Verify, + JPAKE_Round2, + JPAKE_Final, + + /* End of Version 3.012. */ }; const FREEBLVector * diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 0e63044f933..2bcf1352e9f 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: loader.c,v 1.44 2009/03/29 03:45:32 wtc%google.com Exp $ */ +/* $Id: loader.c,v 1.44.22.2 2010/12/04 18:59:01 rrelyea%redhat.com Exp $ */ #include "loader.h" #include "prmem.h" @@ -295,6 +295,14 @@ DSA_SignDigestWithSeed(DSAPrivateKey * key, SECItem * signature, return (vector->p_DSA_SignDigestWithSeed)( key, signature, digest, seed); } +SECStatus +DSA_NewRandom(PLArenaPool * arena, const SECItem * q, SECItem * seed) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_DSA_NewRandom)(arena, q, seed); +} + SECStatus DH_GenParam(int primeLen, DHParams ** params) { @@ -1696,4 +1704,54 @@ PRNGTEST_Uninstantiate() return (vector->p_PRNGTEST_Uninstantiate)(); } +SECStatus +RSA_PopulatePrivateKey(RSAPrivateKey *key) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_RSA_PopulatePrivateKey)(key); +} +SECStatus +JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType, + const SECItem * signerID, const SECItem * x, + const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut, + SECItem * gv, SECItem * r) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_JPAKE_Sign)(arena, pqg, hashType, signerID, x, + testRandom, gxIn, gxOut, gv, r); +} + +SECStatus +JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, + HASH_HashType hashType, const SECItem * signerID, + const SECItem * peerID, const SECItem * gx, + const SECItem * gv, const SECItem * r) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_JPAKE_Verify)(arena, pqg, hashType, signerID, peerID, + gx, gv, r); +} + +SECStatus +JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q, + const SECItem * gx1, const SECItem * gx3, const SECItem * gx4, + SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_JPAKE_Round2)(arena, p, q, gx1, gx3, gx4, base, x2, s, x2s); +} + +SECStatus +JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q, + const SECItem * x2, const SECItem * gx4, const SECItem * x2s, + const SECItem * B, SECItem * K) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_JPAKE_Final)(arena, p, q, x2, gx4, x2s, B, K); +} diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index 0cf7ba6e06d..d846be6877b 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -37,14 +37,14 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: loader.h,v 1.26 2009/03/29 03:45:32 wtc%google.com Exp $ */ +/* $Id: loader.h,v 1.26.22.2 2010/12/04 18:59:01 rrelyea%redhat.com Exp $ */ #ifndef _LOADER_H_ #define _LOADER_H_ 1 #include "blapi.h" -#define FREEBL_VERSION 0x030B +#define FREEBL_VERSION 0x030C struct FREEBLVectorStr { @@ -540,6 +540,37 @@ struct FREEBLVectorStr { SECStatus (* p_PRNGTEST_Uninstantiate)(void); /* Version 3.011 came to here */ + + + SECStatus (*p_RSA_PopulatePrivateKey)(RSAPrivateKey *key); + + SECStatus (*p_DSA_NewRandom)(PLArenaPool * arena, const SECItem * q, + SECItem * seed); + + SECStatus (*p_JPAKE_Sign)(PLArenaPool * arena, const PQGParams * pqg, + HASH_HashType hashType, const SECItem * signerID, + const SECItem * x, const SECItem * testRandom, + const SECItem * gxIn, SECItem * gxOut, + SECItem * gv, SECItem * r); + + SECStatus (*p_JPAKE_Verify)(PLArenaPool * arena, const PQGParams * pqg, + HASH_HashType hashType, const SECItem * signerID, + const SECItem * peerID, const SECItem * gx, + const SECItem * gv, const SECItem * r); + + SECStatus (*p_JPAKE_Round2)(PLArenaPool * arena, const SECItem * p, + const SECItem *q, const SECItem * gx1, + const SECItem * gx3, const SECItem * gx4, + SECItem * base, const SECItem * x2, + const SECItem * s, SECItem * x2s); + + SECStatus (*p_JPAKE_Final)(PLArenaPool * arena, const SECItem * p, + const SECItem *q, const SECItem * x2, + const SECItem * gx4, const SECItem * x2s, + const SECItem * B, SECItem * K); + + /* Version 3.012 came to here */ + }; typedef struct FREEBLVectorStr FREEBLVector; diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index 5b0f3794142..80ba1ae3974 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -146,6 +146,7 @@ CSRCS = \ shvfy.c \ tlsprfalg.c \ seed.c \ + jpake.c \ $(MPI_SRCS) \ $(MPCPU_SRCS) \ $(ECL_SRCS) \ diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c index 79deebdaca7..dea7de31e1d 100644 --- a/security/nss/lib/freebl/rijndael.c +++ b/security/nss/lib/freebl/rijndael.c @@ -33,7 +33,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: rijndael.c,v 1.25 2009/04/09 22:11:07 julien.pierre.boogz%sun.com Exp $ */ +/* $Id: rijndael.c,v 1.25.6.1 2010/11/18 01:33:42 rrelyea%redhat.com Exp $ */ #ifdef FREEBL_NO_DEPEND #include "stubs.h" @@ -1027,9 +1027,14 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, #if USE_HW_AES if (has_intel_aes == 0) { unsigned long eax, ebx, ecx, edx; + char *disable_hw_aes = getenv("NSS_DISABLE_HW_AES"); - freebl_cpuid(1, &eax, &ebx, &ecx, &edx); - has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1; + if (disable_hw_aes == NULL) { + freebl_cpuid(1, &eax, &ebx, &ecx, &edx); + has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1; + } else { + has_intel_aes = -1; + } } use_hw_aes = (PRBool) (has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16); diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index 83f9da5f383..5c443ca0586 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -37,7 +37,7 @@ /* * RSA key generation, public key op, private key op. * - * $Id: rsa.c,v 1.39 2009/02/03 05:34:41 julien.pierre.boogz%sun.com Exp $ + * $Id: rsa.c,v 1.39.22.1 2010/11/16 19:06:38 rrelyea%redhat.com Exp $ */ #ifdef FREEBL_NO_DEPEND #include "stubs.h" @@ -116,21 +116,21 @@ static struct RSABlindingParamsListStr blindingParamsList = { 0 }; static PRBool nssRSAUseBlinding = PR_TRUE; static SECStatus -rsa_keygen_from_primes(mp_int *p, mp_int *q, mp_int *e, RSAPrivateKey *key, - unsigned int keySizeInBits) +rsa_build_from_primes(mp_int *p, mp_int *q, + mp_int *e, PRBool needPublicExponent, + mp_int *d, PRBool needPrivateExponent, + RSAPrivateKey *key, unsigned int keySizeInBits) { - mp_int n, d, phi; + mp_int n, phi; mp_int psub1, qsub1, tmp; mp_err err = MP_OKAY; SECStatus rv = SECSuccess; MP_DIGITS(&n) = 0; - MP_DIGITS(&d) = 0; MP_DIGITS(&phi) = 0; MP_DIGITS(&psub1) = 0; MP_DIGITS(&qsub1) = 0; MP_DIGITS(&tmp) = 0; CHECK_MPI_OK( mp_init(&n) ); - CHECK_MPI_OK( mp_init(&d) ); CHECK_MPI_OK( mp_init(&phi) ); CHECK_MPI_OK( mp_init(&psub1) ); CHECK_MPI_OK( mp_init(&qsub1) ); @@ -143,12 +143,25 @@ rsa_keygen_from_primes(mp_int *p, mp_int *q, mp_int *e, RSAPrivateKey *key, rv = SECFailure; goto cleanup; } + + /* at least one exponent must be given */ + PORT_Assert(!(needPublicExponent && needPrivateExponent)); + /* 2. Compute phi = (p-1)*(q-1) */ CHECK_MPI_OK( mp_sub_d(p, 1, &psub1) ); CHECK_MPI_OK( mp_sub_d(q, 1, &qsub1) ); - CHECK_MPI_OK( mp_mul(&psub1, &qsub1, &phi) ); - /* 3. Compute d = e**-1 mod(phi) */ - err = mp_invmod(e, &phi, &d); + if (needPublicExponent || needPrivateExponent) { + CHECK_MPI_OK( mp_mul(&psub1, &qsub1, &phi) ); + /* 3. Compute d = e**-1 mod(phi) */ + /* or e = d**-1 mod(phi) as necessary */ + if (needPublicExponent) { + err = mp_invmod(d, &phi, e); + } else { + err = mp_invmod(e, &phi, d); + } + } else { + err = MP_OKAY; + } /* Verify that phi(n) and e have no common divisors */ if (err != MP_OKAY) { if (err == MP_UNDEF) { @@ -158,20 +171,30 @@ rsa_keygen_from_primes(mp_int *p, mp_int *q, mp_int *e, RSAPrivateKey *key, } goto cleanup; } - MPINT_TO_SECITEM(&n, &key->modulus, key->arena); - MPINT_TO_SECITEM(&d, &key->privateExponent, key->arena); + /* 4. Compute exponent1 = d mod (p-1) */ - CHECK_MPI_OK( mp_mod(&d, &psub1, &tmp) ); + CHECK_MPI_OK( mp_mod(d, &psub1, &tmp) ); MPINT_TO_SECITEM(&tmp, &key->exponent1, key->arena); /* 5. Compute exponent2 = d mod (q-1) */ - CHECK_MPI_OK( mp_mod(&d, &qsub1, &tmp) ); + CHECK_MPI_OK( mp_mod(d, &qsub1, &tmp) ); MPINT_TO_SECITEM(&tmp, &key->exponent2, key->arena); /* 6. Compute coefficient = q**-1 mod p */ CHECK_MPI_OK( mp_invmod(q, p, &tmp) ); MPINT_TO_SECITEM(&tmp, &key->coefficient, key->arena); + + /* copy our calculated results, overwrite what is there */ + key->modulus.data = NULL; + MPINT_TO_SECITEM(&n, &key->modulus, key->arena); + key->privateExponent.data = NULL; + MPINT_TO_SECITEM(d, &key->privateExponent, key->arena); + key->publicExponent.data = NULL; + MPINT_TO_SECITEM(e, &key->publicExponent, key->arena); + key->prime1.data = NULL; + MPINT_TO_SECITEM(p, &key->prime1, key->arena); + key->prime2.data = NULL; + MPINT_TO_SECITEM(q, &key->prime2, key->arena); cleanup: mp_clear(&n); - mp_clear(&d); mp_clear(&phi); mp_clear(&psub1); mp_clear(&qsub1); @@ -229,7 +252,7 @@ RSAPrivateKey * RSA_NewKey(int keySizeInBits, SECItem *publicExponent) { unsigned int primeLen; - mp_int p, q, e; + mp_int p, q, e, d; int kiter; mp_err err = MP_OKAY; SECStatus rv = SECSuccess; @@ -260,14 +283,15 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) MP_DIGITS(&p) = 0; MP_DIGITS(&q) = 0; MP_DIGITS(&e) = 0; + MP_DIGITS(&d) = 0; CHECK_MPI_OK( mp_init(&p) ); CHECK_MPI_OK( mp_init(&q) ); CHECK_MPI_OK( mp_init(&e) ); + CHECK_MPI_OK( mp_init(&d) ); /* 2. Set the version number (PKCS1 v1.5 says it should be zero) */ SECITEM_AllocItem(arena, &key->version, 1); key->version.data[0] = 0; /* 3. Set the public exponent */ - SECITEM_CopyItem(arena, &key->publicExponent, publicExponent); SECITEM_TO_MPINT(*publicExponent, &e); kiter = 0; do { @@ -279,7 +303,10 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) if (mp_cmp(&p, &q) < 0) mp_exch(&p, &q); /* Attempt to use these primes to generate a key */ - rv = rsa_keygen_from_primes(&p, &q, &e, key, keySizeInBits); + rv = rsa_build_from_primes(&p, &q, + &e, PR_FALSE, /* needPublicExponent=false */ + &d, PR_TRUE, /* needPrivateExponent=true */ + key, keySizeInBits); if (rv == SECSuccess) break; /* generated two good primes */ prerr = PORT_GetError(); @@ -288,12 +315,11 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < MAX_KEY_GEN_ATTEMPTS); if (prerr) goto cleanup; - MPINT_TO_SECITEM(&p, &key->prime1, arena); - MPINT_TO_SECITEM(&q, &key->prime2, arena); cleanup: mp_clear(&p); mp_clear(&q); mp_clear(&e); + mp_clear(&d); if (err) { MP_TO_SEC_ERROR(err); rv = SECFailure; @@ -305,6 +331,484 @@ cleanup: return key; } +mp_err +rsa_is_prime(mp_int *p) { + int res; + + /* run a Fermat test */ + res = mpp_fermat(p, 2); + if (res != MP_OKAY) { + return res; + } + + /* If that passed, run some Miller-Rabin tests */ + res = mpp_pprime(p, 2); + return res; +} + +/* + * Try to find the two primes based on 2 exponents plus either a prime + * or a modulus. + * + * In: e, d and either p or n (depending on the setting of hasModulus). + * Out: p,q. + * + * Step 1, Since d = e**-1 mod phi, we know that d*e == 1 mod phi, or + * d*e = 1+k*phi, or d*e-1 = k*phi. since d is less than phi and e is + * usually less than d, then k must be an integer between e-1 and 1 + * (probably on the order of e). + * Step 1a, If we were passed just a prime, we can divide k*phi by that + * prime-1 and get k*(q-1). This will reduce the size of our division + * through the rest of the loop. + * Step 2, Loop through the values k=e-1 to 1 looking for k. k should be on + * the order or e, and e is typically small. This may take a while for + * a large random e. We are looking for a k that divides kphi + * evenly. Once we find a k that divides kphi evenly, we assume it + * is the true k. It's possible this k is not the 'true' k but has + * swapped factors of p-1 and/or q-1. Because of this, we + * tentatively continue Steps 3-6 inside this loop, and may return looking + * for another k on failure. + * Step 3, Calculate are tentative phi=kphi/k. Note: real phi is (p-1)*(q-1). + * Step 4a, if we have a prime, kphi is already k*(q-1), so phi is or tenative + * q-1. q = phi+1. If k is correct, q should be the right length and + * prime. + * Step 4b, It's possible q-1 and k could have swapped factors. We now have a + * possible solution that meets our criteria. It may not be the only + * solution, however, so we keep looking. If we find more than one, + * we will fail since we cannot determine which is the correct + * solution, and returning the wrong modulus will compromise both + * moduli. If no other solution is found, we return the unique solution. + * Step 5a, If we have the modulus (n=pq), then use the following formula to + * calculate s=(p+q): , phi = (p-1)(q-1) = pq -p-q +1 = n-s+1. so + * s=n-phi+1. + * Step 5b, Use n=pq and s=p+q to solve for p and q as follows: + * since q=s-p, then n=p*(s-p)= sp - p^2, rearranging p^2-s*p+n = 0. + * from the quadratic equation we have p=1/2*(s+sqrt(s*s-4*n)) and + * q=1/2*(s-sqrt(s*s-4*n)) if s*s-4*n is a perfect square, we are DONE. + * If it is not, continue in our look looking for another k. NOTE: the + * code actually distributes the 1/2 and results in the equations: + * sqrt = sqrt(s/2*s/2-n), p=s/2+sqrt, q=s/2-sqrt. The algebra saves us + * and extra divide by 2 and a multiply by 4. + * + * This will return p & q. q may be larger than p in the case that p was given + * and it was the smaller prime. + */ +static mp_err +rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q, + mp_int *n, PRBool hasModulus, + unsigned int keySizeInBits) +{ + mp_int kphi; /* k*phi */ + mp_int k; /* current guess at 'k' */ + mp_int phi; /* (p-1)(q-1) */ + mp_int s; /* p+q/2 (s/2 in the algebra) */ + mp_int r; /* remainder */ + mp_int tmp; /* p-1 if p is given, n+1 is modulus is given */ + mp_int sqrt; /* sqrt(s/2*s/2-n) */ + mp_err err = MP_OKAY; + unsigned int order_k; + + MP_DIGITS(&kphi) = 0; + MP_DIGITS(&phi) = 0; + MP_DIGITS(&s) = 0; + MP_DIGITS(&k) = 0; + MP_DIGITS(&r) = 0; + MP_DIGITS(&tmp) = 0; + MP_DIGITS(&sqrt) = 0; + CHECK_MPI_OK( mp_init(&kphi) ); + CHECK_MPI_OK( mp_init(&phi) ); + CHECK_MPI_OK( mp_init(&s) ); + CHECK_MPI_OK( mp_init(&k) ); + CHECK_MPI_OK( mp_init(&r) ); + CHECK_MPI_OK( mp_init(&tmp) ); + CHECK_MPI_OK( mp_init(&sqrt) ); + + /* our algorithm looks for a factor k whose maximum size is dependent + * on the size of our smallest exponent, which had better be the public + * exponent (if it's the private, the key is vulnerable to a brute force + * attack). + * + * since our factor search is linear, we need to limit the maximum + * size of the public key. this should not be a problem normally, since + * public keys are usually small. + * + * if we want to handle larger public key sizes, we should have + * a version which tries to 'completely' factor k*phi (where completely + * means 'factor into primes, or composites with which are products of + * large primes). Once we have all the factors, we can sort them out and + * try different combinations to form our phi. The risk is if (p-1)/2, + * (q-1)/2, and k are all large primes. In any case if the public key + * is small (order of 20 some bits), then a linear search for k is + * manageable. + */ + if (mpl_significant_bits(e) > 23) { + err=MP_RANGE; + goto cleanup; + } + + /* calculate k*phi = e*d - 1 */ + CHECK_MPI_OK( mp_mul(e, d, &kphi) ); + CHECK_MPI_OK( mp_sub_d(&kphi, 1, &kphi) ); + + + /* kphi is (e*d)-1, which is the same as k*(p-1)(q-1) + * d < (p-1)(q-1), therefor k must be less than e-1 + * We can narrow down k even more, though. Since p and q are odd and both + * have their high bit set, then we know that phi must be on order of + * keySizeBits. + */ + order_k = (unsigned)mpl_significant_bits(&kphi) - keySizeInBits; + + /* for (k=kinit; order(k) >= order_k; k--) { */ + /* k=kinit: k can't be bigger than kphi/2^(keySizeInBits -1) */ + CHECK_MPI_OK( mp_2expt(&k,keySizeInBits-1) ); + CHECK_MPI_OK( mp_div(&kphi, &k, &k, NULL)); + if (mp_cmp(&k,e) >= 0) { + /* also can't be bigger then e-1 */ + CHECK_MPI_OK( mp_sub_d(e, 1, &k) ); + } + + /* calculate our temp value */ + /* This saves recalculating this value when the k guess is wrong, which + * is reasonably frequent. */ + /* for the modulus case, tmp = n+1 (used to calculate p+q = tmp - phi) */ + /* for the prime case, tmp = p-1 (used to calculate q-1= phi/tmp) */ + if (hasModulus) { + CHECK_MPI_OK( mp_add_d(n, 1, &tmp) ); + } else { + CHECK_MPI_OK( mp_sub_d(p, 1, &tmp) ); + CHECK_MPI_OK(mp_div(&kphi,&tmp,&kphi,&r)); + if (mp_cmp_z(&r) != 0) { + /* p-1 doesn't divide kphi, some parameter wasn't correct */ + err=MP_RANGE; + goto cleanup; + } + mp_zero(q); + /* kphi is now k*(q-1) */ + } + + /* rest of the for loop */ + for (; (err == MP_OKAY) && (mpl_significant_bits(&k) >= order_k); + err = mp_sub_d(&k, 1, &k)) { + /* looking for k as a factor of kphi */ + CHECK_MPI_OK(mp_div(&kphi,&k,&phi,&r)); + if (mp_cmp_z(&r) != 0) { + /* not a factor, try the next one */ + continue; + } + /* we have a possible phi, see if it works */ + if (!hasModulus) { + if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits/2) { + /* phi is not the right size */ + continue; + } + /* phi should be divisible by 2, since + * q is odd and phi=(q-1). */ + if (mpp_divis_d(&phi,2) == MP_NO) { + /* phi is not divisible by 4 */ + continue; + } + /* we now have a candidate for the second prime */ + CHECK_MPI_OK(mp_add_d(&phi, 1, &tmp)); + + /* check to make sure it is prime */ + err = rsa_is_prime(&tmp); + if (err != MP_OKAY) { + if (err == MP_NO) { + /* No, then we still have the wrong phi */ + err = MP_OKAY; + continue; + } + goto cleanup; + } + /* + * It is possible that we have the wrong phi if + * k_guess*(q_guess-1) = k*(q-1) (k and q-1 have swapped factors). + * since our q_quess is prime, however. We have found a valid + * rsa key because: + * q is the correct order of magnitude. + * phi = (p-1)(q-1) where p and q are both primes. + * e*d mod phi = 1. + * There is no way to know from the info given if this is the + * original key. We never want to return the wrong key because if + * two moduli with the same factor is known, then euclid's gcd + * algorithm can be used to find that factor. Even though the + * caller didn't pass the original modulus, it doesn't mean the + * modulus wasn't known or isn't available somewhere. So to be safe + * if we can't be sure we have the right q, we don't return any. + * + * So to make sure we continue looking for other valid q's. If none + * are found, then we can safely return this one, otherwise we just + * fail */ + if (mp_cmp_z(q) != 0) { + /* this is the second valid q, don't return either, + * just fail */ + err = MP_RANGE; + break; + } + /* we only have one q so far, save it and if no others are found, + * it's safe to return it */ + CHECK_MPI_OK(mp_copy(&tmp, q)); + continue; + } + /* test our tentative phi */ + /* phi should be the correct order */ + if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits) { + /* phi is not the right size */ + continue; + } + /* phi should be divisible by 4, since + * p and q are odd and phi=(p-1)(q-1). */ + if (mpp_divis_d(&phi,4) == MP_NO) { + /* phi is not divisible by 4 */ + continue; + } + /* n was given, calculate s/2=(p+q)/2 */ + CHECK_MPI_OK( mp_sub(&tmp, &phi, &s) ); + CHECK_MPI_OK( mp_div_2(&s, &s) ); + + /* calculate sqrt(s/2*s/2-n) */ + CHECK_MPI_OK(mp_sqr(&s,&sqrt)); + CHECK_MPI_OK(mp_sub(&sqrt,n,&r)); /* r as a tmp */ + CHECK_MPI_OK(mp_sqrt(&r,&sqrt)); + /* make sure it's a perfect square */ + /* r is our original value we took the square root of */ + /* q is the square of our tentative square root. They should be equal*/ + CHECK_MPI_OK(mp_sqr(&sqrt,q)); /* q as a tmp */ + if (mp_cmp(&r,q) != 0) { + /* sigh according to the doc, mp_sqrt could return sqrt-1 */ + CHECK_MPI_OK(mp_add_d(&sqrt,1,&sqrt)); + CHECK_MPI_OK(mp_sqr(&sqrt,q)); + if (mp_cmp(&r,q) != 0) { + /* s*s-n not a perfect square, this phi isn't valid, find * another.*/ + continue; + } + } + + /* NOTE: In this case we know we have the one and only answer. + * "Why?", you ask. Because: + * 1) n is a composite of two large primes (or it wasn't a + * valid RSA modulus). + * 2) If we know any number such that x^2-n is a perfect square + * and x is not (n+1)/2, then we can calculate 2 non-trivial + * factors of n. + * 3) Since we know that n has only 2 non-trivial prime factors, + * we know the two factors we have are the only possible factors. + */ + + /* Now we are home free to calculate p and q */ + /* p = s/2 + sqrt, q= s/2 - sqrt */ + CHECK_MPI_OK(mp_add(&s,&sqrt,p)); + CHECK_MPI_OK(mp_sub(&s,&sqrt,q)); + break; + } + if ((unsigned)mpl_significant_bits(&k) < order_k) { + if (hasModulus || (mp_cmp_z(q) == 0)) { + /* If we get here, something was wrong with the parameters we + * were given */ + err = MP_RANGE; + } + } +cleanup: + mp_clear(&kphi); + mp_clear(&phi); + mp_clear(&s); + mp_clear(&k); + mp_clear(&r); + mp_clear(&tmp); + mp_clear(&sqrt); + return err; +} + +/* + * take a private key with only a few elements and fill out the missing pieces. + * + * All the entries will be overwritten with data allocated out of the arena + * If no arena is supplied, one will be created. + * + * The following fields must be supplied in order for this function + * to succeed: + * one of either publicExponent or privateExponent + * two more of the following 5 parameters. + * modulus (n) + * prime1 (p) + * prime2 (q) + * publicExponent (e) + * privateExponent (d) + * + * NOTE: if only the publicExponent, privateExponent, and one prime is given, + * then there may be more than one RSA key that matches that combination. + * + * All parameters will be replaced in the key structure with new parameters + * Allocated out of the arena. There is no attempt to free the old structures. + * Prime1 will always be greater than prime2 (even if the caller supplies the + * smaller prime as prime1 or the larger prime as prime2). The parameters are + * not overwritten on failure. + * + * How it works: + * We can generate all the parameters from: + * one of the exponents, plus the two primes. (rsa_build_key_from_primes) * + * If we are given one of the exponents and both primes, we are done. + * If we are given one of the exponents, the modulus and one prime, we + * caclulate the second prime by dividing the modulus by the given + * prime, giving us and exponent and 2 primes. + * If we are given 2 exponents and either the modulus or one of the primes + * we calculate k*phi = d*e-1, where k is an integer less than d which + * divides d*e-1. We find factor k so we can isolate phi. + * phi = (p-1)(q-1) + * If one of the primes are given, we can use phi to find the other prime + * as follows: q = (phi/(p-1)) + 1. We now have 2 primes and an + * exponent. (NOTE: if more then one prime meets this condition, the + * operation will fail. See comments elsewhere in this file about this). + * If the modulus is given, then we can calculate the sum of the primes + * as follows: s := (p+q), phi = (p-1)(q-1) = pq -p - q +1, pq = n -> + * phi = n - s + 1, s = n - phi +1. Now that we have s = p+q and n=pq, + * we can solve our 2 equations and 2 unknowns as follows: q=s-p -> + * n=p*(s-p)= sp -p^2 -> p^2-sp+n = 0. Using the quadratic to solve for + * p, p=1/2*(s+ sqrt(s*s-4*n)) [q=1/2*(s-sqrt(s*s-4*n)]. We again have + * 2 primes and an exponent. + * + */ +SECStatus +RSA_PopulatePrivateKey(RSAPrivateKey *key) +{ + PRArenaPool *arena = NULL; + PRBool needPublicExponent = PR_TRUE; + PRBool needPrivateExponent = PR_TRUE; + PRBool hasModulus = PR_FALSE; + unsigned int keySizeInBits = 0; + int prime_count = 0; + /* standard RSA nominclature */ + mp_int p, q, e, d, n; + /* remainder */ + mp_int r; + mp_err err = 0; + SECStatus rv = SECFailure; + + MP_DIGITS(&p) = 0; + MP_DIGITS(&q) = 0; + MP_DIGITS(&e) = 0; + MP_DIGITS(&d) = 0; + MP_DIGITS(&n) = 0; + MP_DIGITS(&r) = 0; + CHECK_MPI_OK( mp_init(&p) ); + CHECK_MPI_OK( mp_init(&q) ); + CHECK_MPI_OK( mp_init(&e) ); + CHECK_MPI_OK( mp_init(&d) ); + CHECK_MPI_OK( mp_init(&n) ); + CHECK_MPI_OK( mp_init(&r) ); + + /* if the key didn't already have an arena, create one. */ + if (key->arena == NULL) { + arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); + if (!arena) { + goto cleanup; + } + key->arena = arena; + } + + /* load up the known exponents */ + if (key->publicExponent.data) { + SECITEM_TO_MPINT(key->publicExponent, &e); + needPublicExponent = PR_FALSE; + } + if (key->privateExponent.data) { + SECITEM_TO_MPINT(key->privateExponent, &d); + needPrivateExponent = PR_FALSE; + } + if (needPrivateExponent && needPublicExponent) { + /* Not enough information, we need at least one exponent */ + err = MP_BADARG; + goto cleanup; + } + + /* load up the known primes. If only one prime is given, it will be + * assigned 'p'. Once we have both primes, well make sure p is the larger. + * The value prime_count tells us howe many we have acquired. + */ + if (key->prime1.data) { + int primeLen = key->prime1.len; + if (key->prime1.data[0] == 0) { + primeLen--; + } + keySizeInBits = primeLen * 2 * BITS_PER_BYTE; + SECITEM_TO_MPINT(key->prime1, &p); + prime_count++; + } + if (key->prime2.data) { + int primeLen = key->prime2.len; + if (key->prime2.data[0] == 0) { + primeLen--; + } + keySizeInBits = primeLen * 2 * BITS_PER_BYTE; + SECITEM_TO_MPINT(key->prime2, prime_count ? &q : &p); + prime_count++; + } + /* load up the modulus */ + if (key->modulus.data) { + int modLen = key->modulus.len; + if (key->modulus.data[0] == 0) { + modLen--; + } + keySizeInBits = modLen * BITS_PER_BYTE; + SECITEM_TO_MPINT(key->modulus, &n); + hasModulus = PR_TRUE; + } + /* if we have the modulus and one prime, calculate the second. */ + if ((prime_count == 1) && (hasModulus)) { + mp_div(&n,&p,&q,&r); + if (mp_cmp_z(&r) != 0) { + /* p is not a factor or n, fail */ + err = MP_BADARG; + goto cleanup; + } + prime_count++; + } + + /* If we didn't have enough primes try to calculate the primes from + * the exponents */ + if (prime_count < 2) { + /* if we don't have at least 2 primes at this point, then we need both + * exponents and one prime or a modulus*/ + if (!needPublicExponent && !needPrivateExponent && + ((prime_count > 0) || hasModulus)) { + CHECK_MPI_OK(rsa_get_primes_from_exponents(&e,&d,&p,&q, + &n,hasModulus,keySizeInBits)); + } else { + /* not enough given parameters to get both primes */ + err = MP_BADARG; + goto cleanup; + } + } + + /* force p to the the larger prime */ + if (mp_cmp(&p, &q) < 0) + mp_exch(&p, &q); + + /* we now have our 2 primes and at least one exponent, we can fill + * in the key */ + rv = rsa_build_from_primes(&p, &q, + &e, needPublicExponent, + &d, needPrivateExponent, + key, keySizeInBits); +cleanup: + mp_clear(&p); + mp_clear(&q); + mp_clear(&e); + mp_clear(&d); + mp_clear(&n); + mp_clear(&r); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + if (rv && arena) { + PORT_FreeArena(arena, PR_TRUE); + key->arena = NULL; + } + return rv; +} + static unsigned int rsa_modulusLen(SECItem *modulus) { diff --git a/security/nss/lib/freebl/sha512.c b/security/nss/lib/freebl/sha512.c index 44499859547..91b446e5912 100644 --- a/security/nss/lib/freebl/sha512.c +++ b/security/nss/lib/freebl/sha512.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sha512.c,v 1.14 2009/04/09 22:11:07 julien.pierre.boogz%sun.com Exp $ */ +/* $Id: sha512.c,v 1.14.6.1 2010/11/18 18:32:52 kaie%kuix.de Exp $ */ #ifdef FREEBL_NO_DEPEND #include "stubs.h" @@ -48,6 +48,7 @@ #undef HAVE_LONG_LONG #endif #include "prtypes.h" /* for PRUintXX */ +#include "prlong.h" #include "secport.h" /* for PORT_XXX */ #include "blapi.h" #include "sha256.h" /* for struct SHA256ContextStr */ @@ -1106,16 +1107,14 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest, { #if defined(HAVE_LONG_LONG) unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f; - unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); - PRUint64 lo, t1; - lo = (ctx->sizeLo << 3); + PRUint64 t1; #else unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; - unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); - PRUint64 lo = ctx->sizeLo; PRUint32 t1; - lo.lo <<= 3; #endif + unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); + PRUint64 lo; + LL_SHL(lo, ctx->sizeLo, 3); SHA512_Update(ctx, pad, padLen); diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c index e3f855baf6a..7697533d88f 100644 --- a/security/nss/lib/freebl/stubs.c +++ b/security/nss/lib/freebl/stubs.c @@ -171,6 +171,7 @@ STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PRArenaPool *arena, SECItem *to,const SECItem *from)); STUB_DECLARE(void,SECITEM_FreeItem_Util,(SECItem *zap, PRBool freeit)); STUB_DECLARE(void,SECITEM_ZfreeItem_Util,(SECItem *zap, PRBool freeit)); +STUB_DECLARE(int, NSS_SecureMemcmp,(const void *a, const void *b, size_t n)); #define PORT_ZNew_stub(type) (type*)PORT_ZAlloc_stub(sizeof(type)) @@ -482,6 +483,13 @@ SECITEM_ZfreeItem_stub(SECItem *zap, PRBool freeit) abort(); } +extern int +NSS_SecureMemcmp_stub(const void *a, const void *b, size_t n) +{ + STUB_SAFE_CALL3(NSS_SecureMemcmp, a, b, n); + abort(); +} + #ifdef FREEBL_NO_WEAK static const char *nsprLibName = SHLIB_PREFIX"nspr4."SHLIB_SUFFIX; @@ -523,6 +531,7 @@ freebl_InitNSSUtil(void *lib) STUB_FETCH_FUNCTION(SECITEM_CompareItem_Util); STUB_FETCH_FUNCTION(SECITEM_CopyItem_Util); STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util); + STUB_FETCH_FUNCTION(NSS_SecureMemcmp); return SECSuccess; } diff --git a/security/nss/lib/freebl/stubs.h b/security/nss/lib/freebl/stubs.h index b8c4f85d57f..730ed4a647b 100644 --- a/security/nss/lib/freebl/stubs.h +++ b/security/nss/lib/freebl/stubs.h @@ -69,6 +69,8 @@ #define SECITEM_FreeItem SECITEM_FreeItem_stub #define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub +#define NSS_SecureMemcmp NSS_SecureMemcmp_stub + #define PR_Assert PR_Assert_stub #define PR_CallOnce PR_CallOnce_stub #define PR_Close PR_Close_stub diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h index 48aae25ac12..92d802de46a 100755 --- a/security/nss/lib/libpkix/include/pkix_errorstrings.h +++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h @@ -610,8 +610,8 @@ PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed, PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0), PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0), PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0), -PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,0), -PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,0), +PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), +PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0), PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0), PKIX_ERRORENTRY(INPUTLISTMUSTBEHEADER,Input List must be header,SEC_ERROR_INVALID_ARGS), @@ -732,7 +732,7 @@ PKIX_ERRORENTRY(NORESPONSEDATAINHTTPRESPONSE,No responseData in Http Response,SE PKIX_ERRORENTRY(NOTARGETCERTSUPPLIED,No target cert supplied,SEC_ERROR_INVALID_ARGS), PKIX_ERRORENTRY(NOTCONFORMINGCRLDP,Cert CRL DP does not conform to the rfc, 0), PKIX_ERRORENTRY(NOTDERPACKAGE,Not a DER package,0), -PKIX_ERRORENTRY(NOTENOUGHNAMECOMPONENTSINGENERALNAME,Not enough name components in GeneralName,0), +PKIX_ERRORENTRY(NOTENOUGHNAMECOMPONENTSINGENERALNAME,Not enough name components in GeneralName,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), PKIX_ERRORENTRY(NSSCERTIFICATEUSAGETOPKIXKUANDEKUFAILED,Failed to convert nss certificate usage to pkix ku and eku data structures,0), PKIX_ERRORENTRY(NSSCONTEXTCREATEFAILED,PKIX_PL_NssContext_Create failed,0), PKIX_ERRORENTRY(NSSCONTEXTDESTROYFAILED,PKIX_PL_NssContext_Destroy failed,0), @@ -1071,7 +1071,6 @@ PKIX_ERRORENTRY(UNDEFINEDEQUALSCALLBACK,Undefined equals callback,0), PKIX_ERRORENTRY(UNEXPECTEDERRORINESTABLISHINGCONNECTION,Unexpected error in establishing connection,0), PKIX_ERRORENTRY(UNEXPECTEDRESULTCODEINRESPONSE,Unexpected result code in Response,SEC_ERROR_BAD_LDAP_RESPONSE), PKIX_ERRORENTRY(UNKNOWNFORMAT,Unknown format,SEC_ERROR_INVALID_ARGS), -PKIX_ERRORENTRY(UNKNOWNINFOACCESSTYPE,Unknown InfoAccess type,SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE), PKIX_ERRORENTRY(UNKNOWNINFOACCESSMETHOD,Unknown InfoAccess method,SEC_ERROR_BAD_INFO_ACCESS_METHOD), PKIX_ERRORENTRY(UNKNOWNOBJECTOID,Unknown object OID,0), PKIX_ERRORENTRY(UNKNOWNOBJECTTYPE,Unknown object type,0), diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c index 3d1dc64cc9b..29be9dd5253 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c @@ -658,7 +658,8 @@ PKIX_PL_AIAMgr_GetAIACerts( PKIX_AIAMGRGETLDAPCERTSFAILED); } else { /* We only support http and ldap requests. */ - PKIX_ERROR(PKIX_UNKNOWNINFOACCESSTYPE); + PKIX_DECREF(ia); + continue; } if (nbio != NULL) { /* WOULDBLOCK */ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index 945c251f5f6..083197e5dce 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -849,7 +849,7 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, location[uri->len] = 0; if (CERT_ParseURL(location, &hostname, &port, &path) != SECSuccess) { - PORT_SetError(SEC_ERROR_BAD_INFO_ACCESS_LOCATION); + PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); savedError = PKIX_URLPARSINGFAILED; break; } @@ -859,7 +859,7 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if ((*hcv1->createSessionFcn)(hostname, port, &pServerSession) != SECSuccess) { - PORT_SetError(SEC_ERROR_BAD_INFO_ACCESS_LOCATION); + PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); savedError = PKIX_URLPARSINGFAILED; break; } diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index ebc5c31b33a..6c4495d58f8 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1003,3 +1003,13 @@ CERT_GetConstrainedCertificateNames; ;+ local: ;+ *; ;+}; +;+NSS_3.12.9 { # NSS 3.12.9 release +;+ global: +CERT_FindCertByNicknameOrEmailAddrForUsage; +PK11_DeriveWithTemplate; +PK11_FindCertsFromEmailAddress; +PK11_KeyGenWithTemplate; +SECMOD_RestartModules; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 505b97959f5..d4b6b498db5 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: nss.h,v 1.81.2.2 2010/09/16 18:08:52 christophe.ravel.bugs%sun.com Exp $ */ +/* $Id: nss.h,v 1.81.2.3 2010/09/23 17:07:52 christophe.ravel.bugs%sun.com Exp $ */ #ifndef __nss_h_ #define __nss_h_ @@ -66,12 +66,12 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.12.8.0" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.12.9.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta" #define NSS_VMAJOR 3 #define NSS_VMINOR 12 -#define NSS_VPATCH 8 +#define NSS_VPATCH 9 #define NSS_VBUILD 0 -#define NSS_BETA PR_FALSE +#define NSS_BETA PR_TRUE #ifndef RC_INVOKED diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 884ebee470e..78acd302c43 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -653,6 +653,82 @@ loser: return NULL; } +/* Traverse slots callback */ +typedef struct FindCertsEmailArgStr { + char *email; + CERTCertList *certList; +} FindCertsEmailArg; + +SECStatus +FindCertsEmailCallback(CERTCertificate *cert, SECItem *item, void *arg) +{ + FindCertsEmailArg *cbparam = (FindCertsEmailArg *) arg; + const char *cert_email = CERT_GetFirstEmailAddress(cert); + PRBool found = PR_FALSE; + + /* Email address present in certificate? */ + if (cert_email == NULL){ + return SECSuccess; + } + + /* Parameter correctly set? */ + if (cbparam->email == NULL) { + return SECFailure; + } + + /* Loop over all email addresses */ + do { + if (!strcmp(cert_email, cbparam->email)) { + /* found one matching email address */ + PRTime now = PR_Now(); + found = PR_TRUE; + CERT_AddCertToListSorted(cbparam->certList, + CERT_DupCertificate(cert), + CERT_SortCBValidity, &now); + } + cert_email = CERT_GetNextEmailAddress(cert, cert_email); + } while (cert_email && !found); + + return SECSuccess; +} + +/* Find all certificates with matching email address */ +CERTCertList * +PK11_FindCertsFromEmailAddress(const char *email, void *wincx) +{ + FindCertsEmailArg cbparam; + SECStatus rv; + + cbparam.certList = CERT_NewCertList(); + if (cbparam.certList == NULL) { + return NULL; + } + + cbparam.email = CERT_FixupEmailAddr(email); + if (cbparam.email == NULL) { + CERT_DestroyCertList(cbparam.certList); + return NULL; + } + + rv = PK11_TraverseSlotCerts(FindCertsEmailCallback, &cbparam, NULL); + if (rv != SECSuccess) { + CERT_DestroyCertList(cbparam.certList); + PORT_Free(cbparam.email); + return NULL; + } + + /* empty list? */ + if (CERT_LIST_HEAD(cbparam.certList) == NULL || + CERT_LIST_END(CERT_LIST_HEAD(cbparam.certList), cbparam.certList)) { + CERT_DestroyCertList(cbparam.certList); + cbparam.certList = NULL; + } + + PORT_Free(cbparam.email); + return cbparam.certList; +} + + CERTCertList * PK11_FindCertsFromNickname(const char *nickname, void *wincx) { diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index f6587b1a628..2813e370b55 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -334,6 +334,19 @@ PK11SymKey *PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, int keySize, SECItem *keyid, CK_FLAGS opFlags, PK11AttrFlags attrFlags, void *wincx); +/* Generates a key using the exact template supplied by the caller. The other + * PK11_[Token]KeyGen mechanisms should be used instead of this one whenever + * they work because they include/exclude the CKA_VALUE_LEN template value + * based on the mechanism type as required by many tokens. + * + * keyGenType should be PK11_GetKeyGenWithSize(type, ) or it should + * be equal to type if PK11_GetKeyGenWithSize cannot be used (e.g. because + * pk11wrap does not know about the mechanisms). + */ +PK11SymKey *PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + CK_MECHANISM_TYPE keyGenType, + SECItem *param, CK_ATTRIBUTE * attrs, + unsigned int attrsCount, void *wincx); PK11SymKey * PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx); PK11SymKey *PK11_GetNextSymKey(PK11SymKey *symKey); @@ -403,6 +416,12 @@ PK11SymKey * PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags, PRBool isPerm); +PK11SymKey * +PK11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, + SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs, + PRBool isPerm); + PK11SymKey *PK11_PubDerive( SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB, @@ -604,6 +623,7 @@ SECStatus PK11_TraverseSlotCerts( SECStatus(* callback)(CERTCertificate*,SECItem *,void *), void *arg, void *wincx); CERTCertificate * PK11_FindCertFromNickname(const char *nickname, void *wincx); +CERTCertList * PK11_FindCertsFromEmailAddress(const char *email, void *wincx); CERTCertList * PK11_FindCertsFromNickname(const char *nickname, void *wincx); CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey); SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 03e314cd0b7..ae72f52e759 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -52,12 +52,6 @@ #include "secerr.h" #include "hasht.h" -/* forward static declarations. */ -static PK11SymKey *pk11_DeriveWithTemplate(PK11SymKey *baseKey, - CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, - CK_ATTRIBUTE_TYPE operation, int keySize, CK_ATTRIBUTE *userAttr, - unsigned int numAttrs, PRBool isPerm); - static void pk11_EnterKeyMonitor(PK11SymKey *symKey) { if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe)) @@ -921,7 +915,7 @@ pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, CK_ATTRIBUTE *attrs = genTemplate; int count = sizeof(genTemplate)/sizeof(genTemplate[0]); CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; + CK_MECHANISM_TYPE keyGenType; CK_RV crv; CK_BBOOL cktrue = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; @@ -957,76 +951,16 @@ pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, count = attrs - genTemplate; PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE)); - /* Initialize the Key Gen Mechanism */ - mechanism.mechanism = PK11_GetKeyGenWithSize(type, keySize); - if (mechanism.mechanism == CKM_FAKE_RANDOM) { - PORT_SetError( SEC_ERROR_NO_MODULE ); - return NULL; + keyGenType = PK11_GetKeyGenWithSize(type, keySize); + if (keyGenType == CKM_FAKE_RANDOM) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; } - - /* find a slot to generate the key into */ - /* Only do slot management if this is not a token key */ - if (!isToken && (slot == NULL || !PK11_DoesMechanism(slot,type))) { - PK11SlotInfo *bestSlot; - - bestSlot = PK11_GetBestSlot(type,wincx); - if (bestSlot == NULL) { - PORT_SetError( SEC_ERROR_NO_MODULE ); - return NULL; - } - - symKey = pk11_CreateSymKey(bestSlot, type, !isToken, PR_TRUE, wincx); - - PK11_FreeSlot(bestSlot); - } else { - symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE, wincx); + symKey = PK11_KeyGenWithTemplate(slot, type, keyGenType, + param, genTemplate, count, wincx); + if (symKey != NULL) { + symKey->size = keySize; } - if (symKey == NULL) return NULL; - - symKey->size = keySize; - symKey->origin = PK11_OriginGenerated; - - /* Set the parameters for the key gen if provided */ - mechanism.pParameter = NULL; - mechanism.ulParameterLen = 0; - if (param) { - mechanism.pParameter = param->data; - mechanism.ulParameterLen = param->len; - } - - /* Get session and perform locking */ - if (isToken) { - PK11_Authenticate(symKey->slot,PR_TRUE,wincx); - /* Should always be original slot */ - session = PK11_GetRWSession(symKey->slot); - symKey->owner = PR_FALSE; - } else { - session = symKey->session; - if (session != CK_INVALID_SESSION) - pk11_EnterKeyMonitor(symKey); - } - if (session == CK_INVALID_SESSION) { - PK11_FreeSymKey(symKey); - PORT_SetError(SEC_ERROR_BAD_DATA); - return NULL; - } - - crv = PK11_GETTAB(symKey->slot)->C_GenerateKey(session, - &mechanism, genTemplate, count, &symKey->objectID); - - /* Release lock and session */ - if (isToken) { - PK11_RestoreROSession(symKey->slot, session); - } else { - pk11_ExitKeyMonitor(symKey); - } - - if (crv != CKR_OK) { - PK11_FreeSymKey(symKey); - PORT_SetError( PK11_MapError(crv) ); - return NULL; - } - return symKey; } @@ -1098,6 +1032,107 @@ PK11_KeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, return PK11_TokenKeyGen(slot, type, param, keySize, 0, PR_FALSE, wincx); } +PK11SymKey * +PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + CK_MECHANISM_TYPE keyGenType, + SECItem *param, CK_ATTRIBUTE * attrs, + unsigned int attrsCount, void *wincx) +{ + PK11SymKey *symKey; + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_RV crv; + PRBool isToken = CK_FALSE; + CK_ULONG keySize = 0; + unsigned i; + + /* Extract the template's CKA_VALUE_LEN into keySize and CKA_TOKEN into + isToken. */ + for (i = 0; i < attrsCount; ++i) { + switch (attrs[i].type) { + case CKA_VALUE_LEN: + if (attrs[i].pValue == NULL || + attrs[i].ulValueLen != sizeof(CK_ULONG)) { + PORT_SetError(PK11_MapError(CKR_TEMPLATE_INCONSISTENT)); + return NULL; + } + keySize = * (CK_ULONG *) attrs[i].pValue; + break; + case CKA_TOKEN: + if (attrs[i].pValue == NULL || + attrs[i].ulValueLen != sizeof(CK_BBOOL)) { + PORT_SetError(PK11_MapError(CKR_TEMPLATE_INCONSISTENT)); + return NULL; + } + isToken = (*(CK_BBOOL*)attrs[i].pValue) ? PR_TRUE : PR_FALSE; + break; + } + } + + /* find a slot to generate the key into */ + /* Only do slot management if this is not a token key */ + if (!isToken && (slot == NULL || !PK11_DoesMechanism(slot,type))) { + PK11SlotInfo *bestSlot = PK11_GetBestSlot(type,wincx); + if (bestSlot == NULL) { + PORT_SetError( SEC_ERROR_NO_MODULE ); + return NULL; + } + symKey = pk11_CreateSymKey(bestSlot, type, !isToken, PR_TRUE, wincx); + PK11_FreeSlot(bestSlot); + } else { + symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE, wincx); + } + if (symKey == NULL) return NULL; + + symKey->size = keySize; + symKey->origin = PK11_OriginGenerated; + + /* Set the parameters for the key gen if provided */ + mechanism.mechanism = keyGenType; + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + if (param) { + mechanism.pParameter = param->data; + mechanism.ulParameterLen = param->len; + } + + /* Get session and perform locking */ + if (isToken) { + PK11_Authenticate(symKey->slot,PR_TRUE,wincx); + /* Should always be original slot */ + session = PK11_GetRWSession(symKey->slot); + symKey->owner = PR_FALSE; + } else { + session = symKey->session; + if (session != CK_INVALID_SESSION) + pk11_EnterKeyMonitor(symKey); + } + if (session == CK_INVALID_SESSION) { + PK11_FreeSymKey(symKey); + PORT_SetError(SEC_ERROR_BAD_DATA); + return NULL; + } + + crv = PK11_GETTAB(symKey->slot)->C_GenerateKey(session, + &mechanism, attrs, attrsCount, &symKey->objectID); + + /* Release lock and session */ + if (isToken) { + PK11_RestoreROSession(symKey->slot, session); + } else { + pk11_ExitKeyMonitor(symKey); + } + + if (crv != CKR_OK) { + PK11_FreeSymKey(symKey); + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + + return symKey; +} + + /* --- */ PK11SymKey * PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx) @@ -1368,7 +1403,7 @@ PK11_Derive( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize) { - return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, + return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation, keySize, NULL, 0, PR_FALSE); } @@ -1383,7 +1418,7 @@ PK11_DeriveWithFlags( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, unsigned int templateCount; templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue); - return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, + return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation, keySize, keyTemplate, templateCount, PR_FALSE); } @@ -1403,12 +1438,12 @@ PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, } templateCount = attrs - keyTemplate; templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue); - return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, + return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation, keySize, keyTemplate, templateCount, isPerm); } -static PK11SymKey * -pk11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, +PK11SymKey * +PK11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs, PRBool isPerm) diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c index 6983a24c5d2..f8828d4652e 100644 --- a/security/nss/lib/pk11wrap/pk11util.c +++ b/security/nss/lib/pk11wrap/pk11util.c @@ -1504,3 +1504,82 @@ SECMOD_CloseUserDB(PK11SlotInfo *slot) PR_smprintf_free(sendSpec); return rv; } + +/* + * Restart PKCS #11 modules after a fork(). See secmod.h for more information. + */ +SECStatus +SECMOD_RestartModules(PRBool force) +{ + SECMODModuleList *mlp; + SECStatus rrv = SECSuccess; + int lastError = 0; + + if (!moduleLock) { + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return SECFailure; + } + + /* Only need to restart the PKCS #11 modules that were initialized */ + SECMOD_GetReadLock(moduleLock); + for (mlp = modules; mlp != NULL; mlp = mlp->next) { + SECMODModule *mod = mlp->module; + CK_ULONG count; + SECStatus rv; + int i; + + /* If the module needs to be reset, do so */ + if (force || (PK11_GETTAB(mod)-> + C_GetSlotList(CK_FALSE, NULL, &count) != CKR_OK)) { + PRBool alreadyLoaded; + /* first call Finalize. This is not required by PKCS #11, but some + * older modules require it, and it doesn't hurt (compliant modules + * will return CKR_NOT_INITIALIZED */ + (void) PK11_GETTAB(mod)->C_Finalize(NULL); + /* now initialize the module, this function reinitializes + * a module in place, preserving existing slots (even if they + * no longer exist) */ + rv = secmod_ModuleInit(mod, NULL, &alreadyLoaded); + if (rv != SECSuccess) { + /* save the last error code */ + lastError = PORT_GetError(); + rrv = rv; + /* couldn't reinit the module, disable all its slots */ + for (i=0; i < mod->slotCount; i++) { + mod->slots[i]->disabled = PR_TRUE; + mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN; + } + continue; + } + for (i=0; i < mod->slotCount; i++) { + /* get new token sessions, bump the series up so that + * we refresh other old sessions. This will tell much of + * NSS to flush cached handles it may hold as well */ + rv = PK11_InitToken(mod->slots[i],PR_TRUE); + /* PK11_InitToken could fail if the slot isn't present. + * If it is present, though, something is wrong and we should + * disable the slot and let the caller know. */ + if (rv != SECSuccess && PK11_IsPresent(mod->slots[i])) { + /* save the last error code */ + lastError = PORT_GetError(); + rrv = rv; + /* disable the token */ + mod->slots[i]->disabled = PR_TRUE; + mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN; + } + } + } + } + SECMOD_ReleaseReadLock(moduleLock); + + /* + * on multiple failures, we are only returning the lastError. The caller + * can determine which slots are bad by calling PK11_IsDisabled(). + */ + if (rrv != SECSuccess) { + /* restore the last error code */ + PORT_SetError(lastError); + } + + return rrv; +} diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index 4dc930d1692..214aab69a3c 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -95,6 +95,18 @@ SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); SECMODModule * SECMOD_CreateModule(const char *lib, const char *name, const char *param, const char *nss); +/* + * After a fork(), PKCS #11 says we need to call C_Initialize again in + * the child before we can use the module. This function causes this + * reinitialization. + * NOTE: Any outstanding handles will become invalid, which means your + * keys and contexts will fail, but new ones can be created. + * + * Setting 'force' to true means to do the reinitialization even if the + * PKCS #11 module does not seem to need it. This allows software modules + * which ignore fork to preserve their keys across the fork(). + */ +SECStatus SECMOD_RestartModules(PRBool force); /* Module Management */ diff --git a/security/nss/lib/softoken/jpakesftk.c b/security/nss/lib/softoken/jpakesftk.c new file mode 100644 index 00000000000..9f4a01293f4 --- /dev/null +++ b/security/nss/lib/softoken/jpakesftk.c @@ -0,0 +1,396 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Mozilla Fonudation. + * Portions created by the Initial Developer are Copyright (C) 2010 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "seccomon.h" +#include "secerr.h" +#include "blapi.h" +#include "pkcs11i.h" +#include "softoken.h" + +static CK_RV +jpake_mapStatus(SECStatus rv, CK_RV invalidArgsMapping) { + int err; + if (rv == SECSuccess) + return CKR_OK; + err = PORT_GetError(); + switch (err) { + /* XXX: SEC_ERROR_INVALID_ARGS might be caused by invalid template + parameters. */ + case SEC_ERROR_INVALID_ARGS: return invalidArgsMapping; + case SEC_ERROR_BAD_SIGNATURE: return CKR_SIGNATURE_INVALID; + case SEC_ERROR_NO_MEMORY: return CKR_HOST_MEMORY; + } + return CKR_FUNCTION_FAILED; +} + +/* If key is not NULL then the gx value will be stored as an attribute with + the type given by the gxAttrType parameter. */ +static CK_RV +jpake_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType, + const SECItem * signerID, const SECItem * x, + CK_NSS_JPAKEPublicValue * out) +{ + SECItem gx, gv, r; + CK_RV crv; + + PORT_Assert(arena != NULL); + + gx.data = NULL; + gv.data = NULL; + r.data = NULL; + crv = jpake_mapStatus(JPAKE_Sign(arena, pqg, hashType, signerID, x, NULL, + NULL, &gx, &gv, &r), + CKR_MECHANISM_PARAM_INVALID); + if (crv == CKR_OK) { + if (out->pGX != NULL && out->ulGXLen >= gx.len || + out->pGV != NULL && out->ulGVLen >= gv.len || + out->pR != NULL && out->ulRLen >= r.len) { + PORT_Memcpy(out->pGX, gx.data, gx.len); + PORT_Memcpy(out->pGV, gv.data, gv.len); + PORT_Memcpy(out->pR, r.data, r.len); + out->ulGXLen = gx.len; + out->ulGVLen = gv.len; + out->ulRLen = r.len; + } else { + crv = CKR_MECHANISM_PARAM_INVALID; + } + } + return crv; +} + +static CK_RV +jpake_Verify(PLArenaPool * arena, const PQGParams * pqg, + HASH_HashType hashType, const SECItem * signerID, + const CK_BYTE * peerIDData, CK_ULONG peerIDLen, + const CK_NSS_JPAKEPublicValue * publicValueIn) +{ + SECItem peerID, gx, gv, r; + peerID.data = (unsigned char *) peerIDData; peerID.len = peerIDLen; + gx.data = publicValueIn->pGX; gx.len = publicValueIn->ulGXLen; + gv.data = publicValueIn->pGV; gv.len = publicValueIn->ulGVLen; + r.data = publicValueIn->pR; r.len = publicValueIn->ulRLen; + return jpake_mapStatus(JPAKE_Verify(arena, pqg, hashType, signerID, &peerID, + &gx, &gv, &r), + CKR_MECHANISM_PARAM_INVALID); +} + +#define NUM_ELEM(x) (sizeof (x) / sizeof (x)[0]) + +/* Ensure that the key is of the given type. */ +static CK_RV +jpake_ensureKeyType(SFTKObject * key, CK_KEY_TYPE keyType) +{ + CK_RV crv; + SFTKAttribute * keyTypeAttr = sftk_FindAttribute(key, CKA_KEY_TYPE); + crv = keyTypeAttr != NULL && + *(CK_KEY_TYPE *)keyTypeAttr->attrib.pValue == keyType + ? CKR_OK + : CKR_TEMPLATE_INCONSISTENT; + if (keyTypeAttr != NULL) + sftk_FreeAttribute(keyTypeAttr); + return crv; +} + +/* If the template has the key type set, ensure that it was set to the correct + * value. If the template did not have the key type set, set it to the + * correct value. + */ +static CK_RV +jpake_enforceKeyType(SFTKObject * key, CK_KEY_TYPE keyType) { + CK_RV crv; + SFTKAttribute * keyTypeAttr = sftk_FindAttribute(key, CKA_KEY_TYPE); + if (keyTypeAttr != NULL) { + crv = *(CK_KEY_TYPE *)keyTypeAttr->attrib.pValue == keyType + ? CKR_OK + : CKR_TEMPLATE_INCONSISTENT; + sftk_FreeAttribute(keyTypeAttr); + } else { + crv = sftk_forceAttribute(key, CKA_KEY_TYPE, &keyType, sizeof keyType); + } + return crv; +} + +static CK_RV +jpake_MultipleSecItem2Attribute(SFTKObject * key, const SFTKItemTemplate * attrs, + size_t attrsCount) +{ + size_t i; + + for (i = 0; i < attrsCount; ++i) { + CK_RV crv = sftk_forceAttribute(key, attrs[i].type, attrs[i].item->data, + attrs[i].item->len); + if (crv != CKR_OK) + return crv; + } + return CKR_OK; +} + +CK_RV +jpake_Round1(HASH_HashType hashType, CK_NSS_JPAKERound1Params * params, + SFTKObject * key) +{ + CK_RV crv; + PQGParams pqg; + PLArenaPool * arena; + SECItem signerID; + SFTKItemTemplate templateAttrs[] = { + { CKA_PRIME, &pqg.prime }, + { CKA_SUBPRIME, &pqg.subPrime }, + { CKA_BASE, &pqg.base }, + { CKA_NSS_JPAKE_SIGNERID, &signerID } + }; + SECItem x2, gx1, gx2; + const SFTKItemTemplate generatedAttrs[] = { + { CKA_NSS_JPAKE_X2, &x2 }, + { CKA_NSS_JPAKE_GX1, &gx1 }, + { CKA_NSS_JPAKE_GX2, &gx2 }, + }; + SECItem x1; + + PORT_Assert(params != NULL); + PORT_Assert(key != NULL); + + arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE); + if (arena == NULL) + crv = CKR_HOST_MEMORY; + + crv = sftk_MultipleAttribute2SecItem(arena, key, templateAttrs, + NUM_ELEM(templateAttrs)); + + if (crv == CKR_OK && (signerID.data == NULL || signerID.len == 0)) + crv = CKR_TEMPLATE_INCOMPLETE; + + /* generate x1, g^x1 and the proof of knowledge of x1 */ + if (crv == CKR_OK) { + x1.data = NULL; + crv = jpake_mapStatus(DSA_NewRandom(arena, &pqg.subPrime, &x1), + CKR_TEMPLATE_INCONSISTENT); + } + if (crv == CKR_OK) + crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x1, ¶ms->gx1); + + /* generate x2, g^x2 and the proof of knowledge of x2 */ + if (crv == CKR_OK) { + x2.data = NULL; + crv = jpake_mapStatus(DSA_NewRandom(arena, &pqg.subPrime, &x2), + CKR_TEMPLATE_INCONSISTENT); + } + if (crv == CKR_OK) + crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x2, ¶ms->gx2); + + /* Save the values needed for round 2 into CKA_VALUE */ + if (crv == CKR_OK) { + gx1.data = params->gx1.pGX; + gx1.len = params->gx1.ulGXLen; + gx2.data = params->gx2.pGX; + gx2.len = params->gx2.ulGXLen; + crv = jpake_MultipleSecItem2Attribute(key, generatedAttrs, + NUM_ELEM(generatedAttrs)); + } + + PORT_FreeArena(arena, PR_TRUE); + return crv; +} + +CK_RV +jpake_Round2(HASH_HashType hashType, CK_NSS_JPAKERound2Params * params, + SFTKObject * sourceKey, SFTKObject * key) +{ + CK_RV crv; + PLArenaPool * arena; + PQGParams pqg; + SECItem signerID, x2, gx1, gx2; + SFTKItemTemplate sourceAttrs[] = { + { CKA_PRIME, &pqg.prime }, + { CKA_SUBPRIME, &pqg.subPrime }, + { CKA_BASE, &pqg.base }, + { CKA_NSS_JPAKE_SIGNERID, &signerID }, + { CKA_NSS_JPAKE_X2, &x2 }, + { CKA_NSS_JPAKE_GX1, &gx1 }, + { CKA_NSS_JPAKE_GX2, &gx2 }, + }; + SECItem x2s, gx3, gx4; + const SFTKItemTemplate copiedAndGeneratedAttrs[] = { + { CKA_NSS_JPAKE_SIGNERID, &signerID }, + { CKA_PRIME, &pqg.prime }, + { CKA_SUBPRIME, &pqg.subPrime }, + { CKA_NSS_JPAKE_X2, &x2 }, + { CKA_NSS_JPAKE_X2S, &x2s }, + { CKA_NSS_JPAKE_GX1, &gx1 }, + { CKA_NSS_JPAKE_GX2, &gx2 }, + { CKA_NSS_JPAKE_GX3, &gx3 }, + { CKA_NSS_JPAKE_GX4, &gx4 } + }; + SECItem peerID; + + PORT_Assert(params != NULL); + PORT_Assert(sourceKey != NULL); + PORT_Assert(key != NULL); + + arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE); + if (arena == NULL) + crv = CKR_HOST_MEMORY; + + /* TODO: check CKK_NSS_JPAKE_ROUND1 */ + + crv = sftk_MultipleAttribute2SecItem(arena, sourceKey, sourceAttrs, + NUM_ELEM(sourceAttrs)); + + /* Get the peer's ID out of the template and sanity-check it. */ + if (crv == CKR_OK) + crv = sftk_Attribute2SecItem(arena, &peerID, key, + CKA_NSS_JPAKE_PEERID); + if (crv == CKR_OK && (peerID.data == NULL || peerID.len == 0)) + crv = CKR_TEMPLATE_INCOMPLETE; + if (crv == CKR_OK && SECITEM_CompareItem(&signerID, &peerID) == SECEqual) + crv = CKR_TEMPLATE_INCONSISTENT; + + /* Verify zero-knowledge proofs for g^x3 and g^x4 */ + if (crv == CKR_OK) + crv = jpake_Verify(arena, &pqg, hashType, &signerID, + peerID.data, peerID.len, ¶ms->gx3); + if (crv == CKR_OK) + crv = jpake_Verify(arena, &pqg, hashType, &signerID, + peerID.data, peerID.len, ¶ms->gx4); + + /* Calculate the base and x2s for A=base^x2s */ + if (crv == CKR_OK) { + SECItem s; + s.data = params->pSharedKey; + s.len = params->ulSharedKeyLen; + gx3.data = params->gx3.pGX; + gx3.len = params->gx3.ulGXLen; + gx4.data = params->gx4.pGX; + gx4.len = params->gx4.ulGXLen; + pqg.base.data = NULL; + x2s.data = NULL; + crv = jpake_mapStatus(JPAKE_Round2(arena, &pqg.prime, &pqg.subPrime, + &gx1, &gx3, &gx4, &pqg.base, + &x2, &s, &x2s), + CKR_MECHANISM_PARAM_INVALID); + } + + /* Generate A=base^x2s and its zero-knowledge proof. */ + if (crv == CKR_OK) + crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x2s, ¶ms->A); + + /* Copy P and Q from the ROUND1 key to the ROUND2 key and save the values + needed for the final key material derivation into CKA_VALUE. */ + if (crv == CKR_OK) + crv = sftk_forceAttribute(key, CKA_PRIME, pqg.prime.data, + pqg.prime.len); + if (crv == CKR_OK) + crv = sftk_forceAttribute(key, CKA_SUBPRIME, pqg.subPrime.data, + pqg.subPrime.len); + if (crv == CKR_OK) { + crv = jpake_MultipleSecItem2Attribute(key, copiedAndGeneratedAttrs, + NUM_ELEM(copiedAndGeneratedAttrs)); + } + + if (crv == CKR_OK) + crv = jpake_enforceKeyType(key, CKK_NSS_JPAKE_ROUND2); + + PORT_FreeArena(arena, PR_TRUE); + return crv; +} + +CK_RV +jpake_Final(HASH_HashType hashType, const CK_NSS_JPAKEFinalParams * param, + SFTKObject * sourceKey, SFTKObject * key) +{ + PLArenaPool * arena; + SECItem K; + PQGParams pqg; + CK_RV crv; + SECItem peerID, signerID, x2s, x2, gx1, gx2, gx3, gx4; + SFTKItemTemplate sourceAttrs[] = { + { CKA_NSS_JPAKE_PEERID, &peerID }, + { CKA_NSS_JPAKE_SIGNERID, &signerID }, + { CKA_PRIME, &pqg.prime }, + { CKA_SUBPRIME, &pqg.subPrime }, + { CKA_NSS_JPAKE_X2, &x2 }, + { CKA_NSS_JPAKE_X2S, &x2s }, + { CKA_NSS_JPAKE_GX1, &gx1 }, + { CKA_NSS_JPAKE_GX2, &gx2 }, + { CKA_NSS_JPAKE_GX3, &gx3 }, + { CKA_NSS_JPAKE_GX4, &gx4 } + }; + + PORT_Assert(param != NULL); + PORT_Assert(sourceKey != NULL); + PORT_Assert(key != NULL); + + arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE); + if (arena == NULL) + crv = CKR_HOST_MEMORY; + + /* TODO: verify key type CKK_NSS_JPAKE_ROUND2 */ + + crv = sftk_MultipleAttribute2SecItem(arena, sourceKey, sourceAttrs, + NUM_ELEM(sourceAttrs)); + + /* Calculate base for B=base^x4s */ + if (crv == CKR_OK) { + pqg.base.data = NULL; + crv = jpake_mapStatus(JPAKE_Round2(arena, &pqg.prime, &pqg.subPrime, + &gx1, &gx2, &gx3, &pqg.base, + NULL, NULL, NULL), + CKR_MECHANISM_PARAM_INVALID); + } + + /* Verify zero-knowledge proof for B */ + if (crv == CKR_OK) + crv = jpake_Verify(arena, &pqg, hashType, &signerID, + peerID.data, peerID.len, ¶m->B); + if (crv == CKR_OK) { + SECItem B; + B.data = param->B.pGX; + B.len = param->B.ulGXLen; + K.data = NULL; + crv = jpake_mapStatus(JPAKE_Final(arena, &pqg.prime, &pqg.subPrime, + &x2, &gx4, &x2s, &B, &K), + CKR_MECHANISM_PARAM_INVALID); + } + + /* Save key material into CKA_VALUE. */ + if (crv == CKR_OK) + crv = sftk_forceAttribute(key, CKA_VALUE, K.data, K.len); + + if (crv == CKR_OK) + crv = jpake_enforceKeyType(key, CKK_GENERIC_SECRET); + + PORT_FreeArena(arena, PR_TRUE); + return crv; +} diff --git a/security/nss/lib/softoken/legacydb/lgfind.c b/security/nss/lib/softoken/legacydb/lgfind.c index b45f0096ce8..29aab3dd314 100644 --- a/security/nss/lib/softoken/legacydb/lgfind.c +++ b/security/nss/lib/softoken/legacydb/lgfind.c @@ -714,7 +714,7 @@ lg_searchTokenList(SDB *sdb, SDBFind *search, crv = lg_GetULongAttribute(CKA_CLASS,&pTemplate[i],1, &objectClass); if (crv != CKR_OK) { classFlags = 0; - break;; + break; } switch (objectClass) { case CKO_CERTIFICATE: @@ -746,6 +746,7 @@ lg_searchTokenList(SDB *sdb, SDBFind *search, case CKA_PRIVATE: if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) { classFlags = 0; + break; } if (*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE) { classFlags &= (LG_PRIVATE|LG_KEY); @@ -756,6 +757,7 @@ lg_searchTokenList(SDB *sdb, SDBFind *search, case CKA_SENSITIVE: if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) { classFlags = 0; + break; } if (*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE) { classFlags &= (LG_PRIVATE|LG_KEY); @@ -766,6 +768,7 @@ lg_searchTokenList(SDB *sdb, SDBFind *search, case CKA_TOKEN: if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) { classFlags = 0; + break; } if (*((CK_BBOOL *)pTemplate[i].pValue) != CK_TRUE) { classFlags = 0; @@ -778,9 +781,11 @@ lg_searchTokenList(SDB *sdb, SDBFind *search, classFlags &= LG_TRUST; copy = &cert_md5_hash; break; case CKA_CERTIFICATE_TYPE: - crv = lg_GetULongAttribute(CKA_CLASS,&pTemplate[i],1,&certType); + crv = lg_GetULongAttribute(CKA_CERTIFICATE_TYPE,&pTemplate[i], + 1,&certType); if (crv != CKR_OK) { classFlags = 0; + break; } classFlags &= LG_CERT; if (certType != CKC_X_509) { @@ -794,6 +799,7 @@ lg_searchTokenList(SDB *sdb, SDBFind *search, case CKA_NETSCAPE_KRL: if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) { classFlags = 0; + break; } classFlags &= LG_CRL; isKrl = (PRBool)(*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE); diff --git a/security/nss/lib/softoken/manifest.mn b/security/nss/lib/softoken/manifest.mn index 307683c38ec..d70470d8702 100644 --- a/security/nss/lib/softoken/manifest.mn +++ b/security/nss/lib/softoken/manifest.mn @@ -89,6 +89,7 @@ CSRCS = \ sftkpwd.c \ softkver.c \ tlsprf.c \ + jpakesftk.c \ $(NULL) ifdef SQLITE_UNSAFE_THREADS diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 5007a8a7574..737f7ea95ad 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -407,6 +407,11 @@ static const struct mechanismList mechanisms[] = { {CKM_SHA512_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_SHA512_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_TLS_PRF_GENERAL, {0, 512, CKF_SN_VR}, PR_FALSE}, + /* ------------------------- HKDF Operations -------------------------- */ + {CKM_NSS_HKDF_SHA1, {1, 128, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_HKDF_SHA256, {1, 128, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_HKDF_SHA384, {1, 128, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_HKDF_SHA512, {1, 128, CKF_DERIVE}, PR_TRUE}, /* ------------------------- CAST Operations --------------------------- */ #ifdef NSS_SOFTOKEN_DOES_CAST /* Cast operations are not supported ( yet? ) */ @@ -487,6 +492,19 @@ static const struct mechanismList mechanisms[] = { /* ------------------ AES Key Wrap (also encrypt) ------------------- */ {CKM_NETSCAPE_AES_KEY_WRAP, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, {CKM_NETSCAPE_AES_KEY_WRAP_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, + /* --------------------------- J-PAKE -------------------------------- */ + {CKM_NSS_JPAKE_ROUND1_SHA1, {0, 0, CKF_GENERATE}, PR_TRUE}, + {CKM_NSS_JPAKE_ROUND1_SHA256, {0, 0, CKF_GENERATE}, PR_TRUE}, + {CKM_NSS_JPAKE_ROUND1_SHA384, {0, 0, CKF_GENERATE}, PR_TRUE}, + {CKM_NSS_JPAKE_ROUND1_SHA512, {0, 0, CKF_GENERATE}, PR_TRUE}, + {CKM_NSS_JPAKE_ROUND2_SHA1, {0, 0, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_JPAKE_ROUND2_SHA256, {0, 0, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_JPAKE_ROUND2_SHA384, {0, 0, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_JPAKE_ROUND2_SHA512, {0, 0, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_JPAKE_FINAL_SHA1, {0, 0, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_JPAKE_FINAL_SHA256, {0, 0, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_JPAKE_FINAL_SHA384, {0, 0, CKF_DERIVE}, PR_TRUE}, + {CKM_NSS_JPAKE_FINAL_SHA512, {0, 0, CKF_DERIVE}, PR_TRUE} }; static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]); @@ -969,6 +987,9 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, static NSSLOWKEYPrivateKey * sftk_mkPrivKey(SFTKObject *object,CK_KEY_TYPE key, CK_RV *rvp); +static SECStatus +sftk_fillRSAPrivateKey(SFTKObject *object); + /* * check the consistancy and initialize a Private Key Object */ @@ -982,35 +1003,60 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE CK_BBOOL wrap = CK_TRUE; CK_BBOOL derive = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; + PRBool createObjectInfo = PR_TRUE; + int missing_rsa_mod_component = 0; + int missing_rsa_exp_component = 0; + int missing_rsa_crt_component = 0; + SECItem mod; CK_RV crv; switch (key_type) { case CKK_RSA: if ( !sftk_hasAttribute(object, CKA_MODULUS)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_mod_component++; } if ( !sftk_hasAttribute(object, CKA_PUBLIC_EXPONENT)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_exp_component++; } if ( !sftk_hasAttribute(object, CKA_PRIVATE_EXPONENT)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_exp_component++; } if ( !sftk_hasAttribute(object, CKA_PRIME_1)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_mod_component++; } if ( !sftk_hasAttribute(object, CKA_PRIME_2)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_mod_component++; } if ( !sftk_hasAttribute(object, CKA_EXPONENT_1)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_crt_component++; } if ( !sftk_hasAttribute(object, CKA_EXPONENT_2)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_crt_component++; } if ( !sftk_hasAttribute(object, CKA_COEFFICIENT)) { - return CKR_TEMPLATE_INCOMPLETE; + missing_rsa_crt_component++; } + if (missing_rsa_mod_component || missing_rsa_exp_component || + missing_rsa_crt_component) { + /* we are missing a component, see if we have enough to rebuild + * the rest */ + int have_exp = 2- missing_rsa_exp_component; + int have_component = 5- + (missing_rsa_exp_component+missing_rsa_mod_component); + SECStatus rv; + + if ((have_exp == 0) || (have_component < 3)) { + /* nope, not enough to reconstruct the private key */ + return CKR_TEMPLATE_INCOMPLETE; + } + /*fill in the missing parameters */ + rv = sftk_fillRSAPrivateKey(object); + if (rv != SECSuccess) { + return CKR_TEMPLATE_INCOMPLETE; + } + } + /* make sure Netscape DB attribute is set correctly */ crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS); if (crv != CKR_OK) return crv; @@ -1057,6 +1103,20 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE wrap = CK_FALSE; break; #endif /* NSS_ENABLE_ECC */ + case CKK_NSS_JPAKE_ROUND1: + if (!sftk_hasAttribute(object, CKA_PRIME || + !sftk_hasAttribute(object, CKA_SUBPRIME) || + !sftk_hasAttribute(object, CKA_BASE))) { + return CKR_TEMPLATE_INCOMPLETE; + } + /* fall through */ + case CKK_NSS_JPAKE_ROUND2: + /* CKA_NSS_JPAKE_SIGNERID and CKA_NSS_JPAKE_PEERID are checked in + the J-PAKE code. */ + encrypt = sign = recover = wrap = CK_FALSE; + derive = CK_TRUE; + createObjectInfo = PR_FALSE; + break; default: return CKR_ATTRIBUTE_VALUE_INVALID; } @@ -1099,7 +1159,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE crv = sftkdb_write(keyHandle, object, &object->handle); sftk_freeDB(keyHandle); return crv; - } else { + } else if (createObjectInfo) { object->objectInfo = sftk_mkPrivKey(object,key_type,&crv); if (object->objectInfo == NULL) return crv; object->infoFree = (SFTKFree) nsslowkey_DestroyPrivateKey; @@ -1835,6 +1895,116 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) return privKey; } +/* + * we have a partial rsa private key, fill in the rest + */ +static SECStatus +sftk_fillRSAPrivateKey(SFTKObject *object) +{ + RSAPrivateKey tmpKey = { 0 }; + SFTKAttribute *modulus = NULL; + SFTKAttribute *prime1 = NULL; + SFTKAttribute *prime2 = NULL; + SFTKAttribute *privateExponent = NULL; + SFTKAttribute *publicExponent = NULL; + SECStatus rv; + CK_RV crv; + + /* first fill in the components that we have. Populate only uses + * the non-crt components, so only fill those in */ + tmpKey.arena = NULL; + modulus = sftk_FindAttribute(object, CKA_MODULUS); + if (modulus) { + tmpKey.modulus.data = modulus->attrib.pValue; + tmpKey.modulus.len = modulus->attrib.ulValueLen; + } + prime1 = sftk_FindAttribute(object, CKA_PRIME_1); + if (prime1) { + tmpKey.prime1.data = prime1->attrib.pValue; + tmpKey.prime1.len = prime1->attrib.ulValueLen; + } + prime2 = sftk_FindAttribute(object, CKA_PRIME_2); + if (prime2) { + tmpKey.prime2.data = prime2->attrib.pValue; + tmpKey.prime2.len = prime2->attrib.ulValueLen; + } + privateExponent = sftk_FindAttribute(object, CKA_PRIVATE_EXPONENT); + if (privateExponent) { + tmpKey.privateExponent.data = privateExponent->attrib.pValue; + tmpKey.privateExponent.len = privateExponent->attrib.ulValueLen; + } + publicExponent = sftk_FindAttribute(object, CKA_PUBLIC_EXPONENT); + if (publicExponent) { + tmpKey.publicExponent.data = publicExponent->attrib.pValue; + tmpKey.publicExponent.len = publicExponent->attrib.ulValueLen; + } + + /* + * populate requires one exponent plus 2 other components to work. + * we expected our caller to check that first. If that didn't happen, + * populate will simply return an error here. + */ + rv = RSA_PopulatePrivateKey(&tmpKey); + if (rv != SECSuccess) { + goto loser; + } + + /* now that we have a fully populated key, set all our attribute values */ + rv = SECFailure; + crv = sftk_forceAttribute(object,CKA_MODULUS, + sftk_item_expand(&tmpKey.modulus)); + if (crv != CKR_OK) goto loser; + crv = sftk_forceAttribute(object,CKA_PUBLIC_EXPONENT, + sftk_item_expand(&tmpKey.publicExponent)); + if (crv != CKR_OK) goto loser; + crv = sftk_forceAttribute(object,CKA_PRIVATE_EXPONENT, + sftk_item_expand(&tmpKey.privateExponent)); + if (crv != CKR_OK) goto loser; + crv = sftk_forceAttribute(object,CKA_PRIME_1, + sftk_item_expand(&tmpKey.prime1)); + if (crv != CKR_OK) goto loser; + crv = sftk_forceAttribute(object,CKA_PRIME_2, + sftk_item_expand(&tmpKey.prime2)); + if (crv != CKR_OK) goto loser; + crv = sftk_forceAttribute(object,CKA_EXPONENT_1, + sftk_item_expand(&tmpKey.exponent1)); + if (crv != CKR_OK) goto loser; + crv = sftk_forceAttribute(object,CKA_EXPONENT_2, + sftk_item_expand(&tmpKey.exponent2)); + if (crv != CKR_OK) goto loser; + crv = sftk_forceAttribute(object,CKA_COEFFICIENT, + sftk_item_expand(&tmpKey.coefficient)); + if (crv != CKR_OK) goto loser; + rv = SECSuccess; + + /* we're done (one way or the other), clean up all our stuff */ +loser: + if (tmpKey.arena) { + PORT_FreeArena(tmpKey.arena,PR_TRUE); + } + if (modulus) { + sftk_FreeAttribute(modulus); + } + if (prime1) { + sftk_FreeAttribute(prime1); + } + if (prime2) { + sftk_FreeAttribute(prime2); + } + if (privateExponent) { + sftk_FreeAttribute(privateExponent); + } + if (publicExponent) { + sftk_FreeAttribute(publicExponent); + } + return rv; +} + + + + + + /* Generate a low private key structure from an object */ NSSLOWKEYPrivateKey * diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index d45c6ff5f2d..8847c2f797f 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -3141,7 +3141,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, int i; SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); unsigned char buf[MAX_KEY_LEN]; - enum {nsc_pbe, nsc_ssl, nsc_bulk, nsc_param} key_gen_type; + enum {nsc_pbe, nsc_ssl, nsc_bulk, nsc_param, nsc_jpake} key_gen_type; NSSPKCS5PBEParameter *pbe_param; SSL3RSAPreMasterSecret *rsa_pms; CK_VERSION *version; @@ -3150,6 +3150,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, * produce them any more. The affected algorithm was 3DES. */ PRBool faultyPBE3DES = PR_FALSE; + HASH_HashType hashType; CHECK_FORK(); @@ -3249,6 +3250,24 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, objclass = CKO_KG_PARAMETERS; crv = CKR_OK; break; + case CKM_NSS_JPAKE_ROUND1_SHA1: hashType = HASH_AlgSHA1; goto jpake1; + case CKM_NSS_JPAKE_ROUND1_SHA256: hashType = HASH_AlgSHA256; goto jpake1; + case CKM_NSS_JPAKE_ROUND1_SHA384: hashType = HASH_AlgSHA384; goto jpake1; + case CKM_NSS_JPAKE_ROUND1_SHA512: hashType = HASH_AlgSHA512; goto jpake1; +jpake1: + key_gen_type = nsc_jpake; + key_type = CKK_NSS_JPAKE_ROUND1; + objclass = CKO_PRIVATE_KEY; + if (pMechanism->pParameter == NULL || + pMechanism->ulParameterLen != sizeof(CK_NSS_JPAKERound1Params)) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + if (sftk_isTrue(key, CKA_TOKEN)) { + crv = CKR_TEMPLATE_INCONSISTENT; + } + crv = CKR_OK; + break; default: crv = CKR_MECHANISM_INVALID; break; @@ -3295,6 +3314,11 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, *buf = 0; crv = nsc_parameter_gen(key_type,key); break; + case nsc_jpake: + crv = jpake_Round1(hashType, + (CK_NSS_JPAKERound1Params *) pMechanism->pParameter, + key); + break; } if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } @@ -5000,8 +5024,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, SFTKSlot * slot = sftk_SlotFromSessionHandle(hSession); SFTKObject * key; SFTKObject * sourceKey; - SFTKAttribute * att; - SFTKAttribute * att2; + SFTKAttribute * att = NULL; + SFTKAttribute * att2 = NULL; unsigned char * buf; SHA1Context * sha; MD5Context * md5; @@ -5024,6 +5048,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; unsigned char key_block2[MD5_LENGTH]; PRBool isFIPS; + HASH_HashType hashType; + PRBool extractValue = PR_TRUE; CHECK_FORK(); @@ -5061,8 +5087,24 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, keySize = sftk_MapKeySize(keyType); } - /* Derive can only create SECRET KEY's currently... */ - classType = CKO_SECRET_KEY; + switch (pMechanism->mechanism) { + case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ + case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ + case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ + case CKM_NSS_JPAKE_ROUND2_SHA512: + extractValue = PR_FALSE; + classType = CKO_PRIVATE_KEY; + break; + case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ + case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */ + case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */ + case CKM_NSS_JPAKE_FINAL_SHA512: + extractValue = PR_FALSE; + /* fall through */ + default: + classType = CKO_SECRET_KEY; + } + crv = sftk_forceAttribute (key,CKA_CLASS,&classType,sizeof(classType)); if (crv != CKR_OK) { sftk_FreeObject(key); @@ -5083,12 +5125,14 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, return CKR_KEY_HANDLE_INVALID; } - /* get the value of the base key */ - att = sftk_FindAttribute(sourceKey,CKA_VALUE); - if (att == NULL) { - sftk_FreeObject(key); - sftk_FreeObject(sourceKey); - return CKR_KEY_HANDLE_INVALID; + if (extractValue) { + /* get the value of the base key */ + att = sftk_FindAttribute(sourceKey,CKA_VALUE); + if (att == NULL) { + sftk_FreeObject(key); + sftk_FreeObject(sourceKey); + return CKR_KEY_HANDLE_INVALID; + } } switch (pMechanism->mechanism) { @@ -6008,10 +6052,161 @@ ec_loser: } #endif /* NSS_ENABLE_ECC */ + /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */ + case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf; + case CKM_NSS_HKDF_SHA256: hashType = HASH_AlgSHA256; goto hkdf; + case CKM_NSS_HKDF_SHA384: hashType = HASH_AlgSHA384; goto hkdf; + case CKM_NSS_HKDF_SHA512: hashType = HASH_AlgSHA512; goto hkdf; +hkdf: { + const CK_NSS_HKDFParams * params = + (const CK_NSS_HKDFParams *) pMechanism->pParameter; + const SECHashObject * rawHash; + unsigned hashLen; + CK_BYTE buf[HASH_LENGTH_MAX]; + /* const */ CK_BYTE * prk; /* psuedo-random key */ + CK_ULONG prkLen; + const CK_BYTE * okm; /* output keying material */ + + rawHash = HASH_GetRawHashObject(hashType); + if (rawHash == NULL || rawHash->length > sizeof buf) { + crv = CKR_FUNCTION_FAILED; + break; + } + hashLen = rawHash->length; + + if (pMechanism->ulParameterLen != sizeof(CK_NSS_HKDFParams) || + !params || (!params->bExpand && !params->bExtract) || + (params->bExtract && params->ulSaltLen > 0 && !params->pSalt) || + (params->bExpand && params->ulInfoLen > 0 && !params->pInfo)) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + if (keySize == 0 || keySize > sizeof key_block || + (!params->bExpand && keySize > hashLen) || + (params->bExpand && keySize > 255 * hashLen)) { + crv = CKR_TEMPLATE_INCONSISTENT; + break; + } + crv = sftk_DeriveSensitiveCheck(sourceKey, key); + if (crv != CKR_OK) + break; + + /* HKDF-Extract(salt, base key value) */ + if (params->bExtract) { + CK_BYTE * salt; + CK_ULONG saltLen; + HMACContext * hmac; + unsigned int bufLen; + + salt = params->pSalt; + saltLen = params->ulSaltLen; + if (salt == NULL) { + saltLen = hashLen; + salt = buf; + memset(salt, 0, saltLen); + } + hmac = HMAC_Create(rawHash, salt, saltLen, isFIPS); + if (!hmac) { + crv = CKR_HOST_MEMORY; + break; + } + HMAC_Begin(hmac); + HMAC_Update(hmac, (const unsigned char*) att->attrib.pValue, + att->attrib.ulValueLen); + HMAC_Finish(hmac, buf, &bufLen, sizeof(buf)); + HMAC_Destroy(hmac, PR_TRUE); + PORT_Assert(bufLen == rawHash->length); + prk = buf; + prkLen = bufLen; + } else { + /* PRK = base key value */ + prk = (CK_BYTE*) att->attrib.pValue; + prkLen = att->attrib.ulValueLen; + } + + /* HKDF-Expand */ + if (!params->bExpand) { + okm = prk; + } else { + /* T(1) = HMAC-Hash(prk, "" | info | 0x01) + * T(n) = HMAC-Hash(prk, T(n-1) | info | n + * key material = T(1) | ... | T(n) + */ + HMACContext * hmac; + CK_BYTE i; + unsigned iterations = PR_ROUNDUP(keySize, hashLen) / hashLen; + hmac = HMAC_Create(rawHash, prk, prkLen, isFIPS); + if (hmac == NULL) { + crv = CKR_HOST_MEMORY; + break; + } + for (i = 1; i <= iterations; ++i) { + unsigned len; + HMAC_Begin(hmac); + if (i > 1) { + HMAC_Update(hmac, key_block + ((i-2) * hashLen), hashLen); + } + if (params->ulInfoLen != 0) { + HMAC_Update(hmac, params->pInfo, params->ulInfoLen); + } + HMAC_Update(hmac, &i, 1); + HMAC_Finish(hmac, key_block + ((i-1) * hashLen), &len, + hashLen); + PORT_Assert(len == hashLen); + } + HMAC_Destroy(hmac, PR_TRUE); + okm = key_block; + } + /* key material = prk */ + crv = sftk_forceAttribute(key, CKA_VALUE, okm, keySize); + break; + } /* end of CKM_NSS_HKDF_* */ + + case CKM_NSS_JPAKE_ROUND2_SHA1: hashType = HASH_AlgSHA1; goto jpake2; + case CKM_NSS_JPAKE_ROUND2_SHA256: hashType = HASH_AlgSHA256; goto jpake2; + case CKM_NSS_JPAKE_ROUND2_SHA384: hashType = HASH_AlgSHA384; goto jpake2; + case CKM_NSS_JPAKE_ROUND2_SHA512: hashType = HASH_AlgSHA512; goto jpake2; +jpake2: + if (pMechanism->pParameter == NULL || + pMechanism->ulParameterLen != sizeof(CK_NSS_JPAKERound2Params)) + crv = CKR_MECHANISM_PARAM_INVALID; + if (crv == CKR_OK && sftk_isTrue(key, CKA_TOKEN)) + crv = CKR_TEMPLATE_INCONSISTENT; + if (crv == CKR_OK) + crv = sftk_DeriveSensitiveCheck(sourceKey, key); + if (crv == CKR_OK) + crv = jpake_Round2(hashType, + (CK_NSS_JPAKERound2Params *) pMechanism->pParameter, + sourceKey, key); + break; + + case CKM_NSS_JPAKE_FINAL_SHA1: hashType = HASH_AlgSHA1; goto jpakeFinal; + case CKM_NSS_JPAKE_FINAL_SHA256: hashType = HASH_AlgSHA256; goto jpakeFinal; + case CKM_NSS_JPAKE_FINAL_SHA384: hashType = HASH_AlgSHA384; goto jpakeFinal; + case CKM_NSS_JPAKE_FINAL_SHA512: hashType = HASH_AlgSHA512; goto jpakeFinal; +jpakeFinal: + if (pMechanism->pParameter == NULL || + pMechanism->ulParameterLen != sizeof(CK_NSS_JPAKEFinalParams)) + crv = CKR_MECHANISM_PARAM_INVALID; + /* We purposely do not do the derive sensitivity check; we want to be + able to derive non-sensitive keys while allowing the ROUND1 and + ROUND2 keys to be sensitive (which they always are, since they are + in the CKO_PRIVATE_KEY class). The caller must include CKA_SENSITIVE + in the template in order for the resultant keyblock key to be + sensitive. + */ + if (crv == CKR_OK) + crv = jpake_Final(hashType, + (CK_NSS_JPAKEFinalParams *) pMechanism->pParameter, + sourceKey, key); + break; + default: crv = CKR_MECHANISM_INVALID; } - sftk_FreeAttribute(att); + if (att) { + sftk_FreeAttribute(att); + } sftk_FreeObject(sourceKey); if (crv != CKR_OK) { if (key) sftk_FreeObject(key); diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 32d62c9459f..aead2456f6f 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -46,7 +46,7 @@ #include "pkcs11t.h" #include "sftkdbt.h" - +#include "hasht.h" /* * Configuration Defines @@ -702,6 +702,21 @@ SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle); SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so); + +/* J-PAKE (jpakesftk.c) */ +extern +CK_RV jpake_Round1(HASH_HashType hashType, + CK_NSS_JPAKERound1Params * params, + SFTKObject * key); +extern +CK_RV jpake_Round2(HASH_HashType hashType, + CK_NSS_JPAKERound2Params * params, + SFTKObject * sourceKey, SFTKObject * key); +extern +CK_RV jpake_Final(HASH_HashType hashType, + const CK_NSS_JPAKEFinalParams * params, + SFTKObject * sourceKey, SFTKObject * key); + /**************************************** * implement TLS Pseudo Random Function (PRF) */ diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 9cc41faae2d..2971fe79db2 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -57,11 +57,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.12.8.0" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.12.9.0" SOFTOKEN_ECC_STRING " Beta" #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 12 -#define SOFTOKEN_VPATCH 8 +#define SOFTOKEN_VPATCH 9 #define SOFTOKEN_VBUILD 0 -#define SOFTOKEN_BETA PR_FALSE +#define SOFTOKEN_BETA PR_TRUE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 55245f9e09c..3df0a253a8f 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -51,11 +51,11 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.12.8.0" +#define NSSUTIL_VERSION "3.12.9.0 Beta" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 12 -#define NSSUTIL_VPATCH 8 +#define NSSUTIL_VPATCH 9 #define NSSUTIL_VBUILD 0 -#define NSSUTIL_BETA PR_FALSE +#define NSSUTIL_BETA PR_TRUE #endif /* __nssutil_h_ */ diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index c4d15649bb3..833e7008b44 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -39,7 +39,7 @@ #define _PKCS11N_H_ #ifdef DEBUG -static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ $Date: 2009/03/25 05:21:03 $"; +static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19.22.2 $ $Date: 2010/12/04 19:10:46 $"; #endif /* DEBUG */ /* @@ -84,6 +84,10 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ #define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS) #define CKK_NSS_PKCS8 (CKK_NSS + 1) + +#define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) +#define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) + /* * NSS-defined certificate types * @@ -116,6 +120,15 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ #define CKA_NSS_MODULE_SPEC (CKA_NSS + 24) #define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25) +#define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26) +#define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27) +#define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28) +#define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29) +#define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30) +#define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31) +#define CKA_NSS_JPAKE_X2 (CKA_NSS + 32) +#define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) + /* * Trust attributes: * @@ -168,6 +181,54 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ #define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1) #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) +/* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */ +#define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3) +#define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4) +#define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) +#define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) + +/* J-PAKE round 1 key generation mechanisms. + * + * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE, + * CKA_NSS_JPAKE_SIGNERID + * Output key type: CKK_NSS_JPAKE_ROUND1 + * Output key class: CKO_PRIVATE_KEY + * Parameter type: CK_NSS_JPAKERound1Params + * + */ +#define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7) +#define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8) +#define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9) +#define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) + +/* J-PAKE round 2 key derivation mechanisms. + * + * Required template attributes: CKA_NSS_JPAKE_PEERID + * Input key type: CKK_NSS_JPAKE_ROUND1 + * Output key type: CKK_NSS_JPAKE_ROUND2 + * Output key class: CKO_PRIVATE_KEY + * Parameter type: CK_NSS_JPAKERound2Params + */ +#define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11) +#define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12) +#define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) +#define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) + +/* J-PAKE final key material derivation mechanisms + * + * Input key type: CKK_NSS_JPAKE_ROUND2 + * Output key type: CKK_GENERIC_SECRET + * Output key class: CKO_SECRET_KEY + * Parameter type: CK_NSS_JPAKEFinalParams + * + * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material + * to get a key with uniformly distributed bits. + */ +#define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) +#define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16) +#define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) +#define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) + /* * HISTORICAL: * Do not attempt to use these. They are only used by NETSCAPE's internal @@ -187,6 +248,32 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ #define CKM_TLS_PRF_GENERAL 0x80000373UL +typedef struct CK_NSS_JPAKEPublicValue { + CK_BYTE * pGX; + CK_ULONG ulGXLen; + CK_BYTE * pGV; + CK_ULONG ulGVLen; + CK_BYTE * pR; + CK_ULONG ulRLen; +} CK_NSS_JPAKEPublicValue; + +typedef struct CK_NSS_JPAKERound1Params { + CK_NSS_JPAKEPublicValue gx1; /* out */ + CK_NSS_JPAKEPublicValue gx2; /* out */ +} CK_NSS_JPAKERound1Params; + +typedef struct CK_NSS_JPAKERound2Params { + CK_BYTE * pSharedKey; /* in */ + CK_ULONG ulSharedKeyLen; /* in */ + CK_NSS_JPAKEPublicValue gx3; /* in */ + CK_NSS_JPAKEPublicValue gx4; /* in */ + CK_NSS_JPAKEPublicValue A; /* out */ +} CK_NSS_JPAKERound2Params; + +typedef struct CK_NSS_JPAKEFinalParams { + CK_NSS_JPAKEPublicValue B; /* in */ +} CK_NSS_JPAKEFinalParams; + /* * NSS-defined return values * @@ -196,6 +283,33 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ #define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1) #define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2) +/* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. + See RFC 5869. + + bExtract: If set, HKDF-Extract will be applied to the input key. If + the optional salt is given, it is used; otherwise, the salt is + set to a sequence of zeros equal in length to the HMAC output. + If bExpand is not set, then the key template given to + C_DeriveKey must indicate an output key size less than or equal + to the output size of the HMAC. + + bExpand: If set, HKDF-Expand will be applied to the input key (if + bExtract is not set) or to the result of HKDF-Extract (if + bExtract is set). Any info given in the optional pInfo field will + be included in the calculation. + + The size of the output key must be specified in the template passed to + C_DeriveKey. +*/ +typedef struct CK_NSS_HKDFParams { + CK_BBOOL bExtract; + CK_BYTE_PTR pSalt; + CK_ULONG ulSaltLen; + CK_BBOOL bExpand; + CK_BYTE_PTR pInfo; + CK_ULONG ulInfoLen; +} CK_NSS_HKDFParams; + /* * Trust info * diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index e72728b9206..663cd42b16c 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -213,6 +213,7 @@ SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157), SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158), SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159), SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160), +/* No longer used. Unknown AIA location types are now silently ignored. */ SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161), SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162), SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163), @@ -231,6 +232,10 @@ SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171), SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172), SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173), +SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174), + +SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175), + /* Add new error codes above here. */ SEC_ERROR_END_OF_LIST } SECErrorCodes;