KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:30:27 +00:00
Code Issues Projects Releases Wiki Activity

Base import of NSS-3.28.3-RTM

Browse Source
This commit is contained in:
Pale Moon
2017-02-24 17:05:11 +01:00
committed by roytam1
parent 66cfe70dd6
commit b2b68e070d
1512 changed files with 355516 additions and 334181 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/nss/.clang-format
+65
View File
@@ -0,0 +1,65 @@
---
Language: Cpp
# BasedOnStyle: Mozilla
AccessModifierOffset: -2
AlignAfterOpenBracket: true
AlignEscapedNewlinesLeft: false
AlignOperands: true
AlignTrailingComments: true
AllowAllParametersOfDeclarationOnNextLine: false
AllowShortBlocksOnASingleLine: false
AllowShortCaseLabelsOnASingleLine: false
AllowShortIfStatementsOnASingleLine: false
AllowShortLoopsOnASingleLine: false
AllowShortFunctionsOnASingleLine: All
AlwaysBreakAfterDefinitionReturnType: true
AlwaysBreakTemplateDeclarations: false
AlwaysBreakBeforeMultilineStrings: false
BreakBeforeBinaryOperators: false
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BinPackParameters: true
BinPackArguments: true
ColumnLimit: 0
ConstructorInitializerAllOnOneLineOrOnePerLine: true
ConstructorInitializerIndentWidth: 4
DerivePointerAlignment: true
ExperimentalAutoDetectBinPacking: false
IndentCaseLabels: true
IndentWrappedFunctionNames: false
IndentFunctionDeclarationAfterType: false
MaxEmptyLinesToKeep: 1
KeepEmptyLinesAtTheStartOfBlocks: true
NamespaceIndentation: None
ObjCBlockIndentWidth: 2
ObjCSpaceAfterProperty: true
ObjCSpaceBeforeProtocolList: false
PenaltyBreakBeforeFirstCallParameter: 19
PenaltyBreakComment: 300
PenaltyBreakString: 1000
PenaltyBreakFirstLessLess: 120
PenaltyExcessCharacter: 1000000
PenaltyReturnTypeOnItsOwnLine: 200
PointerAlignment: Right
SpacesBeforeTrailingComments: 1
Cpp11BracedListStyle: false
Standard: Cpp03
IndentWidth: 4
TabWidth: 8
UseTab: Never
BreakBeforeBraces: Linux
SpacesInParentheses: false
SpacesInSquareBrackets: false
SpacesInAngles: false
SpaceInEmptyParentheses: false
SpacesInCStyleCastParentheses: false
SpaceAfterCStyleCast: false
SpacesInContainerLiterals: true
SpaceBeforeAssignmentOperators: true
ContinuationIndentWidth: 4
CommentPragmas: '^ IWYU pragma:'
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
SpaceBeforeParens: ControlStatements
DisableFormat: false
SortIncludes: false
...
security/nss/.gitignore
+19
View File
@@ -0,0 +1,19 @@
*~
*.swp
*OPT.OBJ/
*DBG.OBJ/
*DBG.OBJD/
out/*
*.pyc
*.bak
*.out
*.rej
*.patch
GPATH
GRTAGS
GTAGS
#*
.#*
.ycm_extra_conf.py*
fuzz/libFuzzer/*
fuzz/corpus
security/nss/.hgignore
+19
View File
@@ -0,0 +1,19 @@
syntax: glob
*~
*OPT.OBJ/*
*DBG.OBJ/*
*DBG.OBJD/*
out/*
*.pyc
*.bak
*.out
*.rej
*.patch
GPATH
GRTAGS
GTAGS
#*
.#*
.ycm_extra_conf.py*
fuzz/libFuzzer/*
fuzz/corpus
security/nss/.hgtags
+1596
View File
File diff suppressed because it is too large Load Diff
security/nss/.taskcluster.yml
+89
View File
@@ -0,0 +1,89 @@
---
version: 0
metadata:
name: "NSS Continuous Integration"
description: "The Taskcluster task graph for the NSS tree"
owner: "mozilla-taskcluster-maintenance@mozilla.com"
source: {{{source}}}
scopes:
# Note the below scopes are insecure however these get overriden on the server
# side to whatever scopes are set by mozilla-taskcluster.
- queue:*
- docker-worker:*
- scheduler:*
# Available mustache parameters (see the mozilla-taskcluster source):
#
# - owner: push user (email address)
# - source: URL of this YAML file
# - url: repository URL
# - project: alias for the destination repository (basename of
# the repo url)
# - level: SCM level of the destination repository
# (1 = try, 3 = core)
# - revision: (short) hg revision of the head of the push
# - revision_hash: (long) hg revision of the head of the push
# - comment: comment of the push
# - pushlog_id: id in the pushlog table of the repository
#
# and functions:
# - as_slugid: convert a label into a slugId
# - from_now: generate a timestamp at a fixed offset from now
tasks:
- taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
reruns: 3
task:
created: '{{now}}'
deadline: '{{#from_now}}1 day{{/from_now}}'
expires: '{{#from_now}}14 days{{/from_now}}'
metadata:
owner: mozilla-taskcluster-maintenance@mozilla.com
source: {{{source}}}
name: "NSS Decision Task"
description: |
The task that creates all of the other tasks in the task graph
workerType: "hg-worker"
provisionerId: "aws-provisioner-v1"
tags:
createdForUser: {{owner}}
routes:
- "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
- "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
payload:
image: ttaubert/nss-decision:0.0.2
env:
TC_OWNER: {{owner}}
TC_SOURCE: {{{source}}}
TC_PROJECT: {{project}}
TC_COMMENT: '{{comment}}'
NSS_PUSHLOG_ID: '{{pushlog_id}}'
NSS_HEAD_REPOSITORY: '{{{url}}}'
NSS_HEAD_REVISION: '{{revision}}'
maxRunTime: 1800
command:
- bash
- -cx
- >
bin/checkout.sh &&
nss/automation/taskcluster/scripts/extend_task_graph.sh
features:
taskclusterProxy: true
extra:
treeherder:
symbol: D
build:
platform: nss-decision
machine:
platform: nss-decision
security/nss/Makefile
+45 -5
View File
@@ -26,7 +26,9 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
ifdef NSS_DISABLE_GTESTS
DIRS := $(filter-out gtests,$(DIRS))
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
@@ -44,7 +46,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
nss_build_all: build_nspr all
nss_build_all: build_nspr all latest
nss_clean_all: clobber_nspr clobber
@@ -56,7 +58,11 @@ NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure
#
ifeq ($(OS_TARGET),Android)
NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) --target=arm-linux-androideabi --with-android-version=$(OS_TARGET_RELEASE)
NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \
--target=$(ANDROID_PREFIX) \
--with-android-version=$(OS_TARGET_RELEASE) \
--with-android-toolchain=$(ANDROID_TOOLCHAIN) \
--with-android-platform=$(ANDROID_SYSROOT)
endif
ifdef BUILD_OPT
NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize
@@ -77,7 +83,26 @@ ifdef USE_STATIC_RTL
NSPR_CONFIGURE_OPTS += --enable-static-rtl
endif
ifdef NS_USE_GCC
NSPR_COMPILERS = CC=gcc CXX=g++
NSPR_CONFIGURE_ENV = CC=gcc CXX=g++
endif
ifdef CC
NSPR_CONFIGURE_ENV = CC=$(CC)
endif
ifdef CCC
NSPR_CONFIGURE_ENV += CXX=$(CCC)
endif
# Remove -arch definitions. NSPR can't handle that.
NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV))
NSPR_CONFIGURE_ENV := $(filter-out -arch i386,$(NSPR_CONFIGURE_ENV))
NSPR_CONFIGURE_ENV := $(filter-out -arch ppc,$(NSPR_CONFIGURE_ENV))
ifdef SANITIZER_CFLAGS
ifdef BUILD_OPT
NSPR_CONFIGURE_OPTS += --enable-debug-symbols
endif
NSPR_CONFIGURE_ENV += CFLAGS='$(SANITIZER_CFLAGS)' \
CXXFLAGS='$(SANITIZER_CFLAGS)' \
LDFLAGS='$(SANITIZER_LDFLAGS)'
endif
#
@@ -101,17 +126,29 @@ else
NSPR_PREFIX = $$(topsrcdir)/../dist/$(OBJDIR_NAME)
endif
ifndef NSS_GYP_PREFIX
$(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
mkdir -p $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
cd $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) ; \
$(NSPR_COMPILERS) sh ../configure \
$(NSPR_CONFIGURE_ENV) sh ../configure \
$(NSPR_CONFIGURE_OPTS) \
--with-dist-prefix='$(NSPR_PREFIX)' \
--with-dist-includedir='$(NSPR_PREFIX)/include'
else
$(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
mkdir -p $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
cd $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) ; \
$(NSPR_CONFIGURE_ENV) sh ../configure \
$(NSPR_CONFIGURE_OPTS) \
--prefix='$(NSS_GYP_PREFIX)'
endif
build_nspr: $(NSPR_CONFIG_STATUS)
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
install_nspr: build_nspr
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
clobber_nspr: $(NSPR_CONFIG_STATUS)
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
@@ -126,3 +163,6 @@ nss_RelEng_bld: import all
package:
$(MAKE) -C pkg publish
latest:
echo $(OBJDIR_NAME) > $(CORE_DEPTH)/../dist/latest
security/nss/TAG-INFO
-1
View File
@@ -1 +0,0 @@
NSS_3_19_5_1
security/nss/automation/buildbot-slave/build.sh
+10 -8
View File
@@ -199,7 +199,7 @@ test_nss()
print_log "$ cd ${HGDIR}/nss/tests"
cd ${HGDIR}/nss/tests
print_log "$ ./all.sh"
./all.sh 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
./all.sh 2>&1 | tee ${LOG_TMP} | egrep ${GREP_BUFFER} ": #|^\[.{10}\] "
OUTPUTFILE=${LOG_TMP}
fi
@@ -208,7 +208,7 @@ test_nss()
RET=$?
print_log "######## details of detected failures (if any) ########"
grep -B50 FAIL ${OUTPUTFILE}
grep -B50 FAILED ${OUTPUTFILE}
[ $? -eq 1 ] || RET=1
print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
@@ -288,12 +288,14 @@ prepare()
mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
mkdir -p ${OUTPUTDIR}
if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
cd ${HGDIR}/nss
ECF="lib/freebl/ecl/ecl-curve.h"
print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"
hg revert -r NSS_3_11_1_RTM security/nss/${ECF}
cp -f security/nss/${ECF} ${ECF}
# Remove temporary test files from previous jobs, that weren't cleaned up
# by move_results(), e.g. caused by unexpected interruptions.
rm -rf ${HGDIR}/tests_results/
cd ${HGDIR}/nss
if [ -n "${FEWER_STRESS_ITERATIONS}" ]; then
sed -i 's/-c_1000_/-c_500_/g' tests/ssl/sslstress.txt
fi
return 0
security/nss/automation/buildbot-slave/startbuild.bat
+2 -2
View File
@@ -1,7 +1,7 @@
echo running > ..\buildbot-is-building
echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
"%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
"%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
if %errorlevel% neq 0 (
set EXITCODE=1
security/nss/automation/release/nss-release-helper.py
+250
View File
@@ -0,0 +1,250 @@
#!/usr/bin/python
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
import os
import sys
import datetime
import shutil
import glob
from optparse import OptionParser
from subprocess import check_call
nssutil_h = "lib/util/nssutil.h"
softkver_h = "lib/softoken/softkver.h"
nss_h = "lib/nss/nss.h"
nssckbi_h = "lib/ckfw/builtins/nssckbi.h"
def check_call_noisy(cmd, *args, **kwargs):
print "Executing command:", cmd
check_call(cmd, *args, **kwargs)
o = OptionParser(usage="client.py [options] remove_beta | set_beta | print_library_versions | print_root_ca_version | set_root_ca_version | set_version_to_minor_release | set_version_to_patch_release | set_release_candidate_number | set_4_digit_release_number | create_nss_release_archive")
try:
options, args = o.parse_args()
action = args[0]
except IndexError:
o.print_help()
sys.exit(2)
def exit_with_failure(what):
print "failure: ", what
sys.exit(2)
def check_files_exist():
if (not os.path.exists(nssutil_h) or not os.path.exists(softkver_h)
or not os.path.exists(nss_h) or not os.path.exists(nssckbi_h)):
exit_with_failure("cannot find expected header files, must run from inside NSS hg directory")
def sed_inplace(sed_expression, filename):
backup_file = filename + '.tmp'
check_call_noisy(["sed", "-i.tmp", sed_expression, filename])
os.remove(backup_file)
def toggle_beta_status(is_beta):
check_files_exist()
if (is_beta):
print "adding Beta status to version numbers"
sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\)\" *$/\\1 Beta\"/', nssutil_h)
sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nssutil_h)
sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *$/\\1 \" Beta"/', softkver_h)
sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_FALSE *$/\\1PR_TRUE/', softkver_h)
sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *$/\\1 \" Beta"/', nss_h)
sed_inplace('s/^\(#define *NSS_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nss_h)
else:
print "removing Beta status from version numbers"
sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\) *Beta\" *$/\\1\"/', nssutil_h)
sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nssutil_h)
sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *\" *Beta\" *$/\\1/', softkver_h)
sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_TRUE *$/\\1PR_FALSE/', softkver_h)
sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *\" *Beta\" *$/\\1/', nss_h)
sed_inplace('s/^\(#define *NSS_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nss_h)
print "please run 'hg stat' and 'hg diff' to verify the files have been verified correctly"
def print_beta_versions():
check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define *NSSUTIL_BETA", nssutil_h])
check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define *SOFTOKEN_BETA", softkver_h])
check_call_noisy(["egrep", "#define *NSS_VERSION|#define *NSS_BETA", nss_h])
def remove_beta_status():
print "--- removing beta flags. Existing versions were:"
print_beta_versions()
toggle_beta_status(False)
print "--- finished modifications, new versions are:"
print_beta_versions()
def set_beta_status():
print "--- adding beta flags. Existing versions were:"
print_beta_versions()
toggle_beta_status(True)
print "--- finished modifications, new versions are:"
print_beta_versions()
def print_library_versions():
check_files_exist()
check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define NSSUTIL_VMAJOR|#define *NSSUTIL_VMINOR|#define *NSSUTIL_VPATCH|#define *NSSUTIL_VBUILD|#define *NSSUTIL_BETA", nssutil_h])
check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define SOFTOKEN_VMAJOR|#define *SOFTOKEN_VMINOR|#define *SOFTOKEN_VPATCH|#define *SOFTOKEN_VBUILD|#define *SOFTOKEN_BETA", softkver_h])
check_call_noisy(["egrep", "#define *NSS_VERSION|#define NSS_VMAJOR|#define *NSS_VMINOR|#define *NSS_VPATCH|#define *NSS_VBUILD|#define *NSS_BETA", nss_h])
def print_root_ca_version():
check_files_exist()
check_call_noisy(["grep", "define *NSS_BUILTINS_LIBRARY_VERSION", nssckbi_h])
def ensure_arguments_after_action(how_many, usage):
if (len(sys.argv) != (2+how_many)):
exit_with_failure("incorrect number of arguments, expected parameters are:\n" + usage)
def set_major_versions(major):
sed_inplace('s/^\(#define *NSSUTIL_VMAJOR *\).*$/\\1' + major + '/', nssutil_h)
sed_inplace('s/^\(#define *SOFTOKEN_VMAJOR *\).*$/\\1' + major + '/', softkver_h)
sed_inplace('s/^\(#define *NSS_VMAJOR *\).*$/\\1' + major + '/', nss_h)
def set_minor_versions(minor):
sed_inplace('s/^\(#define *NSSUTIL_VMINOR *\).*$/\\1' + minor + '/', nssutil_h)
sed_inplace('s/^\(#define *SOFTOKEN_VMINOR *\).*$/\\1' + minor + '/', softkver_h)
sed_inplace('s/^\(#define *NSS_VMINOR *\).*$/\\1' + minor + '/', nss_h)
def set_patch_versions(patch):
sed_inplace('s/^\(#define *NSSUTIL_VPATCH *\).*$/\\1' + patch + '/', nssutil_h)
sed_inplace('s/^\(#define *SOFTOKEN_VPATCH *\).*$/\\1' + patch + '/', softkver_h)
sed_inplace('s/^\(#define *NSS_VPATCH *\).*$/\\1' + patch + '/', nss_h)
def set_build_versions(build):
sed_inplace('s/^\(#define *NSSUTIL_VBUILD *\).*$/\\1' + build + '/', nssutil_h)
sed_inplace('s/^\(#define *SOFTOKEN_VBUILD *\).*$/\\1' + build + '/', softkver_h)
sed_inplace('s/^\(#define *NSS_VBUILD *\).*$/\\1' + build + '/', nss_h)
def set_full_lib_versions(version):
sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nssutil_h)
sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', softkver_h)
sed_inplace('s/^\(#define *NSS_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nss_h)
def set_root_ca_version():
ensure_arguments_after_action(2, "major_version minor_version")
major = args[1].strip()
minor = args[2].strip()
version = major + '.' + minor
sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION *\"\).*$/\\1' + version + '/', nssckbi_h)
sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MAJOR *\).*$/\\1' + major + '/', nssckbi_h)
sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MINOR *\).*$/\\1' + minor + '/', nssckbi_h)
def set_all_lib_versions(version, major, minor, patch, build):
set_full_lib_versions(version)
set_major_versions(major)
set_minor_versions(minor)
set_patch_versions(patch)
set_build_versions(build)
def set_version_to_minor_release():
ensure_arguments_after_action(2, "major_version minor_version")
major = args[1].strip()
minor = args[2].strip()
version = major + '.' + minor
patch = "0"
build = "0"
set_all_lib_versions(version, major, minor, patch, build)
def set_version_to_patch_release():
ensure_arguments_after_action(3, "major_version minor_version patch_release")
major = args[1].strip()
minor = args[2].strip()
patch = args[3].strip()
version = major + '.' + minor + '.' + patch
build = "0"
set_all_lib_versions(version, major, minor, patch, build)
def set_release_candidate_number():
ensure_arguments_after_action(1, "release_candidate_number")
build = args[1].strip()
set_build_versions(build)
def set_4_digit_release_number():
ensure_arguments_after_action(4, "major_version minor_version patch_release 4th_digit_release_number")
major = args[1].strip()
minor = args[2].strip()
patch = args[3].strip()
build = args[4].strip()
version = major + '.' + minor + '.' + patch + '.' + build
set_all_lib_versions(version, major, minor, patch, build)
def create_nss_release_archive():
ensure_arguments_after_action(4, "nss_release_version nss_hg_release_tag nspr_release_version path_to_stage_directory")
nssrel = args[1].strip() #e.g. 3.19.3
nssreltag = args[2].strip() #e.g. NSS_3_19_3_RTM
nsprrel = args[3].strip() #e.g. 4.10.8
stagedir = args[4].strip() #e.g. ../stage
nspr_tar = "nspr-" + nsprrel + ".tar.gz"
nsprtar_with_path= stagedir + "/v" + nsprrel + "/src/" + nspr_tar
if (not os.path.exists(nsprtar_with_path)):
exit_with_failure("cannot find nspr archive at expected location " + nsprtar_with_path)
nss_stagedir= stagedir + "/" + nssreltag + "/src"
if (os.path.exists(nss_stagedir)):
exit_with_failure("nss stage directory already exists: " + nss_stagedir)
nss_tar = "nss-" + nssrel + ".tar.gz"
check_call_noisy(["mkdir", "-p", nss_stagedir])
check_call_noisy(["hg", "archive", "-r", nssreltag, "--prefix=nss-" + nssrel + "/nss",
stagedir + "/" + nssreltag + "/src/" + nss_tar, "-X", ".hgtags"])
check_call_noisy(["tar", "-xz", "-C", nss_stagedir, "-f", nsprtar_with_path])
print "changing to directory " + nss_stagedir
os.chdir(nss_stagedir)
check_call_noisy(["tar", "-xz", "-f", nss_tar])
check_call_noisy(["mv", "-i", "nspr-" + nsprrel + "/nspr", "nss-" + nssrel + "/"])
check_call_noisy(["rmdir", "nspr-" + nsprrel])
nss_nspr_tar = "nss-" + nssrel + "-with-nspr-" + nsprrel + ".tar.gz"
check_call_noisy(["tar", "-cz", "--remove-files", "-f", nss_nspr_tar, "nss-" + nssrel])
check_call("sha1sum " + nss_tar + " " + nss_nspr_tar + " > SHA1SUMS", shell=True)
check_call("sha256sum " + nss_tar + " " + nss_nspr_tar + " > SHA256SUMS", shell=True)
print "created directory " + nss_stagedir + " with files:"
check_call_noisy(["ls", "-l"])
if action in ('remove_beta'):
remove_beta_status()
elif action in ('set_beta'):
set_beta_status()
elif action in ('print_library_versions'):
print_library_versions()
elif action in ('print_root_ca_version'):
print_root_ca_version()
elif action in ('set_root_ca_version'):
set_root_ca_version()
# x.y version number - 2 parameters
elif action in ('set_version_to_minor_release'):
set_version_to_minor_release()
# x.y.z version number - 3 parameters
elif action in ('set_version_to_patch_release'):
set_version_to_patch_release()
# change the release candidate number, usually increased by one,
# usually if previous release candiate had a bug
# 1 parameter
elif action in ('set_release_candidate_number'):
set_release_candidate_number()
# use the build/release candiate number in the identifying version number
# 4 parameters
elif action in ('set_4_digit_release_number'):
set_4_digit_release_number()
elif action in ('create_nss_release_archive'):
create_nss_release_archive()
else:
o.print_help()
sys.exit(2)
sys.exit(0)
security/nss/automation/taskcluster/docker-arm/Dockerfile
+27
View File
@@ -0,0 +1,27 @@
FROM armv7/armhf-ubuntu:16.04
MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
ENV DOMSUF localdomain
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]
security/nss/automation/taskcluster/docker-arm/bin/checkout.sh
+25
View File
@@ -0,0 +1,25 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# set up fake uname
if [ ! -f /bin/uname-real ]; then
mv /bin/uname /bin/uname-real
ln -s /home/worker/bin/uname.sh /bin/uname
fi
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1
security/nss/automation/taskcluster/docker-arm/bin/uname.sh
+18
View File
@@ -0,0 +1,18 @@
#!/bin/bash
args=`getopt rmvs $*`
set -- $args
for i
do
if [ "$i" == "-v" ]; then
/bin/uname-real -v
fi
if [ "$i" == "-r" ]; then
echo "4.4.16-v7+"
fi
if [ "$i" == "-m" ]; then
echo "armv7l"
fi
if [ "$i" == "-s" ]; then
echo "Linux"
fi
done
security/nss/automation/taskcluster/docker-arm/setup.sh
+35
View File
@@ -0,0 +1,35 @@
#!/usr/bin/env bash
set -v -e -x
export DEBIAN_FRONTEND=noninteractive
# Update.
apt-get -y update
apt-get -y dist-upgrade
apt_packages=()
apt_packages+=('build-essential')
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('python-dev')
apt_packages+=('python-pip')
apt_packages+=('python-setuptools')
apt_packages+=('zlib1g-dev')
# Install packages.
apt-get install -y --no-install-recommends ${apt_packages[@]}
# Latest Mercurial.
pip install --upgrade pip
pip install Mercurial
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0
security/nss/automation/taskcluster/docker-decision/Dockerfile
+27
View File
@@ -0,0 +1,27 @@
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
ENV DOMSUF localdomain
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]
security/nss/automation/taskcluster/docker-decision/bin/checkout.sh
+20
View File
@@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1
security/nss/automation/taskcluster/docker-decision/setup.sh
+31
View File
@@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need those to install newer packages below.
apt-get install -y --no-install-recommends apt-utils curl ca-certificates
# Latest Mercurial.
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# Install packages.
apt-get -y update && apt-get install -y --no-install-recommends mercurial
# Latest Node.JS.
curl -sL https://deb.nodesource.com/setup_6.x | bash -
apt-get install -y --no-install-recommends nodejs
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0
security/nss/automation/taskcluster/docker/Dockerfile
+27
View File
@@ -0,0 +1,27 @@
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
ENV DOMSUF localdomain
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]
security/nss/automation/taskcluster/docker/bin/checkout.sh
+20
View File
@@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1
security/nss/automation/taskcluster/docker/setup.sh
+62
View File
@@ -0,0 +1,62 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need this to add keys for PPAs below.
apt-get install -y --no-install-recommends apt-utils
apt_packages=()
apt_packages+=('build-essential')
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('npm')
apt_packages+=('git')
apt_packages+=('golang-1.6')
apt_packages+=('ninja-build')
apt_packages+=('pkg-config')
apt_packages+=('zlib1g-dev')
# 32-bit builds
apt_packages+=('lib32z1-dev')
apt_packages+=('gcc-multilib')
apt_packages+=('g++-multilib')
# ct-verif and sanitizers
apt_packages+=('valgrind')
# Latest Mercurial.
apt_packages+=('mercurial')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# gcc 4.8 and 6
apt_packages+=('g++-6')
apt_packages+=('g++-4.8')
apt_packages+=('g++-6-multilib')
apt_packages+=('g++-4.8-multilib')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 60C317803A41BA51845E371A1E9377A2BA9EF27F
echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu xenial main" > /etc/apt/sources.list.d/toolchain.list
# Install packages.
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
# 32-bit builds
ln -s /usr/include/x86_64-linux-gnu/zconf.h /usr/include
# Install clang-3.9 into /usr/local/.
curl -L http://llvm.org/releases/3.9.0/clang+llvm-3.9.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz | tar xJv -C /usr/local --strip-components=1
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0
security/nss/automation/taskcluster/graph/npm-shrinkwrap.json
Generated
+1643
View File
File diff suppressed because it is too large Load Diff
security/nss/automation/taskcluster/graph/package.json
+24
View File
@@ -0,0 +1,24 @@
{
"name": "decision-task",
"version": "0.0.1",
"private": true,
"author": "Tim Taubert <ttaubert@mozilla.com>",
"description": "Decision Task for NSS",
"scripts": {
"compile": "babel-compile -p taskcluster src:lib",
"install": "npm run compile"
},
"dependencies": {
"babel-cli": "^6.14.0",
"babel-compile": "^2.0.0",
"babel-preset-taskcluster": "^3.0.0",
"babel-runtime": "^6.11.6",
"flatmap": "0.0.3",
"intersect": "^1.0.1",
"js-yaml": "^3.6.1",
"merge": "^1.2.0",
"minimist": "^1.2.0",
"slugid": "^1.1.0",
"taskcluster-client": "^1.2.1"
}
}
security/nss/automation/taskcluster/graph/src/context_hash.js
+43
View File
@@ -0,0 +1,43 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import fs from "fs";
import path from "path";
import crypto from "crypto";
import flatmap from "flatmap";
// Compute the SHA-256 digest.
function sha256(data) {
let hash = crypto.createHash("sha256");
hash.update(data);
return hash.digest("hex");
}
// Recursively collect a list of all files of a given directory.
function collectFilesInDirectory(dir) {
return flatmap(fs.readdirSync(dir), entry => {
let entry_path = path.join(dir, entry);
if (fs.lstatSync(entry_path).isDirectory()) {
return collectFilesInDirectory(entry_path);
}
return [entry_path];
});
}
// Compute a context hash for the given context path.
export default function (context_path) {
let root = path.join(__dirname, "../../../..");
let dir = path.join(root, context_path);
let files = collectFilesInDirectory(dir).sort();
let hashes = files.map(file => {
return sha256(file + "|" + fs.readFileSync(file, "utf-8"));
});
// Generate a new prefix every month to ensure the image stays buildable.
let now = new Date();
let prefix = `${now.getUTCFullYear()}-${now.getUTCMonth() + 1}:`;
return sha256(prefix + hashes.join(","));
}
security/nss/automation/taskcluster/graph/src/extend.js
+572
View File
@@ -0,0 +1,572 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import merge from "./merge";
import * as queue from "./queue";
const LINUX_IMAGE = {name: "linux", path: "automation/taskcluster/docker"};
const WINDOWS_CHECKOUT_CMD =
"bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " +
"(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " +
"(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\"";
/*****************************************************************************/
queue.filter(task => {
if (task.group == "Builds") {
// Remove extra builds on {A,UB}San and ARM.
if (task.collection == "asan" || task.collection == "arm-debug" ||
task.collection == "gyp-asan") {
return false;
}
// Remove extra builds w/o libpkix for non-linux64-debug.
if (task.symbol == "noLibpkix" &&
(task.platform != "linux64" || task.collection != "debug")) {
return false;
}
}
if (task.tests == "bogo") {
// No BoGo tests on Windows.
if (task.platform == "windows2012-64") {
return false;
}
// No BoGo tests on ARM.
if (task.collection == "arm-debug") {
return false;
}
}
// GYP builds with -Ddisable_libpkix=1 by default.
if ((task.collection == "gyp" || task.collection == "gyp-asan") &&
task.tests == "chains") {
return false;
}
return true;
});
queue.map(task => {
if (task.collection == "asan" || task.collection == "gyp-asan") {
// CRMF and FIPS tests still leak, unfortunately.
if (task.tests == "crmf" || task.tests == "fips") {
task.env.ASAN_OPTIONS = "detect_leaks=0";
}
}
if (task.collection == "arm-debug") {
// These tests take quite some time on our poor ARM devices.
if (task.tests == "chains" || (task.tests == "ssl" && task.cycle == "standard")) {
task.maxRunTime = 14400;
}
}
// Windows is slow.
if (task.platform == "windows2012-64" && task.tests == "chains") {
task.maxRunTime = 7200;
}
// Enable TLS 1.3 for every task.
task.env = task.env || {};
task.env.NSS_ENABLE_TLS_1_3 = "1";
return task;
});
/*****************************************************************************/
export default async function main() {
await scheduleLinux("Linux 32 (opt)", {
env: {BUILD_OPT: "1"},
platform: "linux32",
image: LINUX_IMAGE
});
await scheduleLinux("Linux 32 (debug)", {
platform: "linux32",
collection: "debug",
image: LINUX_IMAGE
});
await scheduleLinux("Linux 64 (opt)", {
env: {USE_64: "1", BUILD_OPT: "1"},
platform: "linux64",
image: LINUX_IMAGE
});
await scheduleLinux("Linux 64 (debug)", {
env: {USE_64: "1"},
platform: "linux64",
collection: "debug",
image: LINUX_IMAGE
});
await scheduleLinux("Linux 64 (debug, gyp)", {
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
],
platform: "linux64",
collection: "gyp",
image: LINUX_IMAGE
});
await scheduleLinux("Linux 64 (debug, gyp, asan, ubsan)", {
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh -g -v --ubsan --asan"
],
env: {
ASAN_OPTIONS: "detect_odr_violation=0", // bug 1316276
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
CC: "clang",
CCC: "clang++"
},
platform: "linux64",
collection: "gyp-asan",
image: LINUX_IMAGE
});
await scheduleLinux("Linux 64 (ASan, debug)", {
env: {
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
CC: "clang",
CCC: "clang++",
USE_UBSAN: "1",
USE_ASAN: "1",
USE_64: "1"
},
platform: "linux64",
collection: "asan",
image: LINUX_IMAGE
});
await scheduleWindows("Windows 2012 64 (opt)", {
env: {BUILD_OPT: "1"}
});
await scheduleWindows("Windows 2012 64 (debug)", {
collection: "debug"
});
await scheduleFuzzing();
await scheduleTestBuilds();
await scheduleTools();
await scheduleLinux("Linux 32 (ARM, debug)", {
image: "franziskus/nss-arm-ci",
provisioner: "localprovisioner",
collection: "arm-debug",
workerType: "nss-rpi",
platform: "linux32",
maxRunTime: 7200,
tier: 3
});
}
/*****************************************************************************/
async function scheduleLinux(name, base) {
// Build base definition.
let build_base = merge({
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
],
artifacts: {
public: {
expires: 24 * 7,
type: "directory",
path: "/home/worker/artifacts"
}
},
kind: "build",
symbol: "B"
}, base);
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(merge(build_base, {name}));
// The task that generates certificates.
let task_cert = queue.scheduleTask(merge(build_base, {
name: "Certificates",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/gen_certs.sh"
],
parent: task_build,
symbol: "Certs"
}));
// Schedule tests.
scheduleTests(task_build, task_cert, merge(base, {
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
]
}));
// Extra builds.
let extra_base = merge({group: "Builds"}, build_base);
queue.scheduleTask(merge(extra_base, {
name: `${name} w/ clang-3.9`,
env: {
CC: "clang",
CCC: "clang++",
},
symbol: "clang-3.9"
}));
queue.scheduleTask(merge(extra_base, {
name: `${name} w/ gcc-4.8`,
env: {
CC: "gcc-4.8",
CCC: "g++-4.8"
},
symbol: "gcc-4.8"
}));
queue.scheduleTask(merge(extra_base, {
name: `${name} w/ gcc-6.1`,
env: {
CC: "gcc-6",
CCC: "g++-6"
},
symbol: "gcc-6.1"
}));
queue.scheduleTask(merge(extra_base, {
name: `${name} w/ NSS_DISABLE_LIBPKIX=1`,
env: {NSS_DISABLE_LIBPKIX: "1"},
symbol: "noLibpkix"
}));
return queue.submit();
}
/*****************************************************************************/
async function scheduleFuzzing() {
let base = {
env: {
// bug 1316276
ASAN_OPTIONS: "allocator_may_return_null=1:detect_odr_violation=0",
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
CC: "clang",
CCC: "clang++"
},
platform: "linux64",
collection: "fuzz",
image: LINUX_IMAGE
};
// Build base definition.
let build_base = merge({
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz"
],
artifacts: {
public: {
expires: 24 * 7,
type: "directory",
path: "/home/worker/artifacts"
}
},
kind: "build",
symbol: "B"
}, base);
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(merge(build_base, {
name: "Linux x64 (debug, fuzz)"
}));
// Schedule tests.
queue.scheduleTask(merge(base, {
parent: task_build,
name: "Gtests",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
],
env: {GTESTFILTER: "*Fuzz*"},
tests: "ssl_gtests gtests",
cycle: "standard",
symbol: "Gtest",
kind: "test"
}));
queue.scheduleTask(merge(base, {
parent: task_build,
name: "Cert",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
"cert nss/fuzz/corpus/cert -max_total_time=300"
],
// Need a privileged docker container to remove this.
env: {ASAN_OPTIONS: "detect_leaks=0"},
symbol: "SCert",
kind: "test"
}));
queue.scheduleTask(merge(base, {
parent: task_build,
name: "SPKI",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
"spki nss/fuzz/corpus/spki -max_total_time=300"
],
// Need a privileged docker container to remove this.
env: {ASAN_OPTIONS: "detect_leaks=0"},
symbol: "SPKI",
kind: "test"
}));
return queue.submit();
}
/*****************************************************************************/
async function scheduleTestBuilds() {
let base = {
platform: "linux64",
collection: "gyp",
group: "Test",
image: LINUX_IMAGE
};
// Build base definition.
let build = merge({
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --test"
],
artifacts: {
public: {
expires: 24 * 7,
type: "directory",
path: "/home/worker/artifacts"
}
},
kind: "build",
symbol: "B",
name: "Linux 64 (debug, gyp, test)"
}, base);
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(build);
// Schedule tests.
queue.scheduleTask(merge(base, {
parent: task_build,
name: "mpi",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
],
tests: "mpi",
cycle: "standard",
symbol: "mpi",
kind: "test"
}));
return queue.submit();
}
/*****************************************************************************/
async function scheduleWindows(name, base) {
base = merge(base, {
workerType: "nss-win2012r2",
platform: "windows2012-64",
env: {
PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;" +
"c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;" +
"c:\\mozilla-build\\python\\Scripts;c:\\mozilla-build\\yasm;" +
"c:\\mozilla-build\\msys\\bin;c:\\Windows\\system32;" +
"c:\\mozilla-build\\upx391w;c:\\mozilla-build\\moztools-x64\\bin;" +
"c:\\mozilla-build\\wget",
DOMSUF: "localdomain",
HOST: "localhost",
USE_64: "1"
}
});
// Build base definition.
let build_base = merge(base, {
command: [
WINDOWS_CHECKOUT_CMD,
"bash -c nss/automation/taskcluster/windows/build.sh"
],
artifacts: [{
expires: 24 * 7,
type: "directory",
path: "public\\build"
}],
kind: "build",
symbol: "B"
});
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(merge(build_base, {name}));
// The task that generates certificates.
let task_cert = queue.scheduleTask(merge(build_base, {
name: "Certificates",
command: [
WINDOWS_CHECKOUT_CMD,
"bash -c nss/automation/taskcluster/windows/gen_certs.sh"
],
parent: task_build,
symbol: "Certs"
}));
// Schedule tests.
scheduleTests(task_build, task_cert, merge(base, {
command: [
WINDOWS_CHECKOUT_CMD,
"bash -c nss/automation/taskcluster/windows/run_tests.sh"
]
}));
return queue.submit();
}
/*****************************************************************************/
function scheduleTests(task_build, task_cert, test_base) {
test_base = merge({kind: "test"}, test_base);
// Schedule tests that do NOT need certificates.
let no_cert_base = merge(test_base, {parent: task_build});
queue.scheduleTask(merge(no_cert_base, {
name: "Gtests", symbol: "Gtest", tests: "ssl_gtests gtests", cycle: "standard"
}));
queue.scheduleTask(merge(no_cert_base, {
name: "Bogo tests", symbol: "Bogo", tests: "bogo", cycle: "standard"
}));
queue.scheduleTask(merge(no_cert_base, {
name: "Chains tests", symbol: "Chains", tests: "chains"
}));
queue.scheduleTask(merge(no_cert_base, {
name: "Cipher tests", symbol: "Cipher", tests: "cipher"
}));
queue.scheduleTask(merge(no_cert_base, {
name: "EC tests", symbol: "EC", tests: "ec"
}));
queue.scheduleTask(merge(no_cert_base, {
name: "Lowhash tests", symbol: "Lowhash", tests: "lowhash"
}));
queue.scheduleTask(merge(no_cert_base, {
name: "SDR tests", symbol: "SDR", tests: "sdr"
}));
// Schedule tests that need certificates.
let cert_base = merge(test_base, {parent: task_cert});
queue.scheduleTask(merge(cert_base, {
name: "CRMF tests", symbol: "CRMF", tests: "crmf"
}));
queue.scheduleTask(merge(cert_base, {
name: "DB tests", symbol: "DB", tests: "dbtests"
}));
queue.scheduleTask(merge(cert_base, {
name: "FIPS tests", symbol: "FIPS", tests: "fips"
}));
queue.scheduleTask(merge(cert_base, {
name: "Merge tests", symbol: "Merge", tests: "merge"
}));
queue.scheduleTask(merge(cert_base, {
name: "S/MIME tests", symbol: "SMIME", tests: "smime"
}));
queue.scheduleTask(merge(cert_base, {
name: "Tools tests", symbol: "Tools", tests: "tools"
}));
// SSL tests, need certificates too.
let ssl_base = merge(cert_base, {tests: "ssl", group: "SSL"});
queue.scheduleTask(merge(ssl_base, {
name: "SSL tests (standard)", symbol: "standard", cycle: "standard"
}));
queue.scheduleTask(merge(ssl_base, {
name: "SSL tests (pkix)", symbol: "pkix", cycle: "pkix"
}));
queue.scheduleTask(merge(ssl_base, {
name: "SSL tests (sharedb)", symbol: "sharedb", cycle: "sharedb"
}));
queue.scheduleTask(merge(ssl_base, {
name: "SSL tests (upgradedb)", symbol: "upgradedb", cycle: "upgradedb"
}));
}
/*****************************************************************************/
async function scheduleTools() {
let base = {
image: LINUX_IMAGE,
platform: "nss-tools",
kind: "test"
};
queue.scheduleTask(merge(base, {
symbol: "clang-format-3.9",
name: "clang-format-3.9",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh"
]
}));
queue.scheduleTask(merge(base, {
symbol: "scan-build-3.9",
name: "scan-build-3.9",
env: {
USE_64: "1",
CC: "clang",
CCC: "clang++",
},
artifacts: {
public: {
expires: 24 * 7,
type: "directory",
path: "/home/worker/artifacts"
}
},
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/run_scan_build.sh"
]
}));
return queue.submit();
}
security/nss/automation/taskcluster/graph/src/image_builder.js
+62
View File
@@ -0,0 +1,62 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import * as queue from "./queue";
import context_hash from "./context_hash";
import taskcluster from "taskcluster-client";
async function taskHasImageArtifact(taskId) {
let queue = new taskcluster.Queue();
let {artifacts} = await queue.listLatestArtifacts(taskId);
return artifacts.some(artifact => artifact.name == "public/image.tar");
}
async function findTaskWithImageArtifact(ns) {
let index = new taskcluster.Index();
let {taskId} = await index.findTask(ns);
let has_image = await taskHasImageArtifact(taskId);
return has_image ? taskId : null;
}
export async function findTask({name, path}) {
let hash = await context_hash(path);
let ns = `docker.images.v1.${process.env.TC_PROJECT}.${name}.hash.${hash}`;
return findTaskWithImageArtifact(ns).catch(() => null);
}
export async function buildTask({name, path}) {
let hash = await context_hash(path);
let ns = `docker.images.v1.${process.env.TC_PROJECT}.${name}.hash.${hash}`;
return {
name: "Image Builder",
image: "taskcluster/image_builder:0.1.5",
routes: ["index." + ns],
env: {
HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
BASE_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
HEAD_REV: process.env.NSS_HEAD_REVISION,
HEAD_REF: process.env.NSS_HEAD_REVISION,
PROJECT: process.env.TC_PROJECT,
CONTEXT_PATH: path,
HASH: hash
},
artifacts: {
"public/image.tar": {
type: "file",
expires: 24 * 90,
path: "/artifacts/image.tar"
}
},
command: [
"/bin/bash",
"-c",
"/home/worker/bin/build_image.sh"
],
platform: "nss-decision",
features: ["dind"],
kind: "build",
symbol: "I"
};
}
security/nss/automation/taskcluster/graph/src/index.js
+14
View File
@@ -0,0 +1,14 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import * as try_syntax from "./try_syntax";
import extend from "./extend";
// Init try syntax filter.
if (process.env.TC_PROJECT == "nss-try") {
try_syntax.initFilter();
}
// Extend the task graph.
extend().catch(console.error);
security/nss/tests/pkcs11/netscape/trivial/acconfig.h → security/nss/automation/taskcluster/graph/src/merge.js
+5 -2
View File
@@ -2,6 +2,9 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Define to use NSS header files instead of the regular RSA ones */
#undef WITH_NSS
import {recursive as merge} from "merge";
// We always want to clone.
export default function (...args) {
return merge(true, ...args);
}
security/nss/automation/taskcluster/graph/src/queue.js
+242
View File
@@ -0,0 +1,242 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import {clone} from "merge";
import merge from "./merge";
import slugid from "slugid";
import taskcluster from "taskcluster-client";
import * as image_builder from "./image_builder";
let maps = [];
let filters = [];
let tasks = new Map();
let image_tasks = new Map();
let queue = new taskcluster.Queue({
baseUrl: "http://taskcluster/queue/v1"
});
function fromNow(hours) {
let d = new Date();
d.setHours(d.getHours() + (hours|0));
return d.toJSON();
}
function parseRoutes(routes) {
return [
`tc-treeherder.v2.${process.env.TC_PROJECT}.${process.env.NSS_HEAD_REVISION}.${process.env.NSS_PUSHLOG_ID}`,
...routes
];
}
function parseFeatures(list) {
return list.reduce((map, feature) => {
map[feature] = true;
return map;
}, {});
}
function parseArtifacts(artifacts) {
let copy = clone(artifacts);
Object.keys(copy).forEach(key => {
copy[key].expires = fromNow(copy[key].expires);
});
return copy;
}
function parseCollection(name) {
let collection = {};
collection[name] = true;
return collection;
}
function parseTreeherder(def) {
let treeherder = {
build: {
platform: def.platform
},
machine: {
platform: def.platform
},
symbol: def.symbol,
jobKind: def.kind
};
if (def.group) {
treeherder.groupSymbol = def.group;
}
if (def.collection) {
treeherder.collection = parseCollection(def.collection);
}
if (def.tier) {
treeherder.tier = def.tier;
}
return treeherder;
}
function convertTask(def) {
let dependencies = [];
let env = merge({
NSS_HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
NSS_HEAD_REVISION: process.env.NSS_HEAD_REVISION
}, def.env || {});
if (def.parent) {
dependencies.push(def.parent);
env.TC_PARENT_TASK_ID = def.parent;
}
if (def.tests) {
env.NSS_TESTS = def.tests;
}
if (def.cycle) {
env.NSS_CYCLES = def.cycle;
}
let payload = {
env,
command: def.command,
maxRunTime: def.maxRunTime || 3600
};
if (def.image) {
payload.image = def.image;
}
if (def.features) {
payload.features = parseFeatures(def.features);
}
if (def.artifacts) {
payload.artifacts = parseArtifacts(def.artifacts);
}
return {
provisionerId: def.provisioner || "aws-provisioner-v1",
workerType: def.workerType || "hg-worker",
schedulerId: "task-graph-scheduler",
created: fromNow(0),
deadline: fromNow(24),
dependencies,
routes: parseRoutes(def.routes || []),
metadata: {
name: def.name,
description: def.name,
owner: process.env.TC_OWNER,
source: process.env.TC_SOURCE
},
payload,
extra: {
treeherder: parseTreeherder(def)
}
};
}
export function map(fun) {
maps.push(fun);
}
export function filter(fun) {
filters.push(fun);
}
export function scheduleTask(def) {
let taskId = slugid.v4();
tasks.set(taskId, merge({}, def));
return taskId;
}
export async function submit() {
let promises = new Map();
for (let [taskId, task] of tasks) {
// Allow filtering tasks before we schedule them.
if (!filters.every(filter => filter(task))) {
continue;
}
// Allow changing tasks before we schedule them.
maps.forEach(map => { task = map(merge({}, task)) });
let log_id = `${task.name} @ ${task.platform}[${task.collection || "opt"}]`;
console.log(`+ Submitting ${log_id}.`);
let parent = task.parent;
// Convert the task definition.
task = await convertTask(task);
// Convert the docker image definition.
let image_def = task.payload.image;
if (image_def && image_def.hasOwnProperty("path")) {
let key = `${image_def.name}:${image_def.path}`;
let data = {};
// Check the cache first.
if (image_tasks.has(key)) {
data = image_tasks.get(key);
} else {
data.taskId = await image_builder.findTask(image_def);
data.isPending = !data.taskId;
// No task found.
if (data.isPending) {
let image_task = await image_builder.buildTask(image_def);
// Schedule a new image builder task immediately.
data.taskId = slugid.v4();
try {
await queue.createTask(data.taskId, convertTask(image_task));
} catch (e) {
console.error("! FAIL: Scheduling image builder task failed.");
continue; /* Skip this task on failure. */
}
}
// Store in cache.
image_tasks.set(key, data);
}
if (data.isPending) {
task.dependencies.push(data.taskId);
}
task.payload.image = {
path: "public/image.tar",
taskId: data.taskId,
type: "task-image"
};
}
// Wait for the parent task to be created before scheduling dependants.
let predecessor = parent ? promises.get(parent) : Promise.resolve();
promises.set(taskId, predecessor.then(() => {
// Schedule the task.
return queue.createTask(taskId, task).catch(err => {
console.error(`! FAIL: Scheduling ${log_id} failed.`, err);
});
}));
}
// Wait for all requests to finish.
if (promises.length) {
await Promise.all([...promises.values()]);
console.log("=== Total:", promises.length, "tasks. ===");
}
tasks.clear();
}
security/nss/automation/taskcluster/graph/src/try_syntax.js
+159
View File
@@ -0,0 +1,159 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import * as queue from "./queue";
import intersect from "intersect";
import parse_args from "minimist";
function parseOptions(opts) {
opts = parse_args(opts.split(/\s+/), {
default: {build: "do", platform: "all", unittests: "none", tools: "none"},
alias: {b: "build", p: "platform", u: "unittests", t: "tools", e: "extra-builds"},
string: ["build", "platform", "unittests", "tools", "extra-builds"]
});
// Parse build types (d=debug, o=opt).
let builds = intersect(opts.build.split(""), ["d", "o"]);
// If the given value is nonsense default to debug and opt builds.
if (builds.length == 0) {
builds = ["d", "o"];
}
// Parse platforms.
let allPlatforms = ["linux", "linux64", "linux64-asan", "win64", "arm",
"linux64-gyp", "linux64-gyp-asan", "linux64-fuzz"];
let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
// If the given value is nonsense or "none" default to all platforms.
if (platforms.length == 0 && opts.platform != "none") {
platforms = allPlatforms;
}
// Parse unit tests.
let aliases = {"gtests": "gtest"};
let allUnitTests = ["bogo", "crmf", "chains", "cipher", "db", "ec", "fips",
"gtest", "lowhash", "merge", "sdr", "smime", "tools",
"ssl", "mpi", "scert", "spki"];
let unittests = intersect(opts.unittests.split(/\s*,\s*/).map(t => {
return aliases[t] || t;
}), allUnitTests);
// If the given value is "all" run all tests.
// If it's nonsense then don't run any tests.
if (opts.unittests == "all") {
unittests = allUnitTests;
} else if (unittests.length == 0) {
unittests = [];
}
// Parse tools.
let allTools = ["clang-format", "scan-build"];
let tools = intersect(opts.tools.split(/\s*,\s*/), allTools);
// If the given value is "all" run all tools.
// If it's nonsense then don't run any tools.
if (opts.tools == "all") {
tools = allTools;
} else if (tools.length == 0) {
tools = [];
}
return {
builds: builds,
platforms: platforms,
unittests: unittests,
extra: (opts.e == "all"),
tools: tools
};
}
function filter(opts) {
return function (task) {
// Filter tools. We can immediately return here as those
// are not affected by platform or build type selectors.
if (task.platform == "nss-tools") {
return opts.tools.some(tool => {
return task.symbol.toLowerCase().startsWith(tool);
});
}
// Filter unit tests.
if (task.tests) {
let found = opts.unittests.some(test => {
// TODO: think of something more intelligent here.
if (task.symbol.toLowerCase().startsWith("mpi") && test == "mpi") {
return true;
}
return (task.group || task.symbol).toLowerCase().startsWith(test);
});
if (!found) {
return false;
}
}
// Filter extra builds.
if (task.group == "Builds" && !opts.extra) {
return false;
}
let coll = name => name == (task.collection || "opt");
// Filter by platform.
let found = opts.platforms.some(platform => {
let aliases = {
"linux": "linux32",
"linux64-asan": "linux64",
"linux64-fuzz": "linux64",
"linux64-gyp": "linux64",
"linux64-gyp-asan": "linux64",
"win64": "windows2012-64",
"arm": "linux32"
};
// Check the platform name.
let keep = (task.platform == (aliases[platform] || platform));
// Additional checks.
if (platform == "linux64-asan") {
keep &= coll("asan");
} else if (platform == "arm") {
keep &= coll("arm-opt") || coll("arm-debug");
} else if (platform == "linux64-gyp") {
keep &= coll("gyp");
} else if (platform == "linux64-gyp-asan") {
keep &= coll("gyp-asan");
} else if (platform == "linux64-fuzz") {
keep &= coll("fuzz");
} else {
keep &= coll("opt") || coll("debug");
}
return keep;
});
if (!found) {
return false;
}
// Finally, filter by build type.
let isDebug = coll("debug") || coll("asan") || coll("arm-debug") ||
coll("gyp") || coll("fuzz");
return (isDebug && opts.builds.includes("d")) ||
(!isDebug && opts.builds.includes("o"));
}
}
export function initFilter() {
let comment = process.env.TC_COMMENT || "";
// Check for try syntax in changeset comment.
let match = comment.match(/^\s*try:\s*(.*)\s*$/);
// Add try syntax filter.
if (match) {
queue.filter(filter(parseOptions(match[1])));
}
}
security/nss/automation/taskcluster/scripts/build.sh
+18
View File
@@ -0,0 +1,18 @@
#!/usr/bin/env bash
source $(dirname $0)/tools.sh
if [[ $(id -u) -eq 0 ]]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Clone NSPR if needed.
hg_clone https://hg.mozilla.org/projects/nspr nspr default
# Build.
make -C nss nss_build_all
# Package.
mkdir artifacts
tar cvfjh artifacts/dist.tar.bz2 dist
security/nss/automation/taskcluster/scripts/build_gyp.sh
+18
View File
@@ -0,0 +1,18 @@
#!/usr/bin/env bash
source $(dirname $0)/tools.sh
if [[ $(id -u) -eq 0 ]]; then
# Drop privileges by re-running this script.
exec su worker -c "$0 $*"
fi
# Clone NSPR if needed.
hg_clone https://hg.mozilla.org/projects/nspr nspr default
# Build.
nss/build.sh ${*--g -v}
# Package.
mkdir artifacts
tar cvfjh artifacts/dist.tar.bz2 dist
security/nss/automation/taskcluster/scripts/extend_task_graph.sh
+16
View File
@@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
mkdir -p /home/worker/artifacts
# Install Node.JS dependencies.
cd nss/automation/taskcluster/graph/ && npm install
# Extend the task graph.
node lib/index.js
security/nss/automation/taskcluster/scripts/fuzz.sh
+20
View File
@@ -0,0 +1,20 @@
#!/usr/bin/env bash
source $(dirname $0)/tools.sh
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker -c "$0 $*"
fi
# Fetch artifact if needed.
fetch_dist
# Clone corpus.
./nss/fuzz/clone_corpus.sh
# Fetch objdir name.
objdir=$(cat dist/latest)
# Run nssfuzz.
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:dist/$objdir/lib dist/$objdir/bin/nssfuzz $*
security/nss/automation/taskcluster/scripts/gen_certs.sh
+26
View File
@@ -0,0 +1,26 @@
#!/usr/bin/env bash
set -v -e -x
source $(dirname $0)/tools.sh
if [ $(id -u) = 0 ]; then
# Stupid Docker.
echo "127.0.0.1 localhost.localdomain" >> /etc/hosts
# Drop privileges by re-running this script.
exec su worker $0
fi
# Fetch artifact if needed.
fetch_dist
# Generate certificates.
NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" $(dirname $0)/run_tests.sh
# Reset test counter so that test runs pick up our certificates.
echo 1 > tests_results/security/localhost
# Package.
mkdir artifacts
tar cvfjh artifacts/dist.tar.bz2 dist tests_results
security/nss/automation/taskcluster/scripts/run_clang_format.sh
+63
View File
@@ -0,0 +1,63 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) -eq 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0 "$@"
fi
# Apply clang-format on the provided folder and verify that this doesn't change any file.
# If any file differs after formatting, the script eventually exits with 1.
# Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
# Includes a default set of directories.
if [ $# -gt 0 ]; then
dirs=("$@")
else
top=$(dirname $0)/../../..
dirs=( \
"$top/cmd" \
"$top/fuzz" \
"$top/lib/base" \
"$top/lib/certdb" \
"$top/lib/certhigh" \
"$top/lib/ckfw" \
"$top/lib/crmf" \
"$top/lib/cryptohi" \
"$top/lib/dbm" \
"$top/lib/dev" \
"$top/lib/freebl" \
"$top/lib/jar" \
"$top/lib/nss" \
"$top/lib/pk11wrap" \
"$top/lib/pkcs7" \
"$top/lib/pkcs12" \
"$top/lib/pki" \
"$top/lib/smime" \
"$top/lib/softoken" \
"$top/lib/ssl" \
"$top/lib/sysinit" \
"$top/lib/util" \
"$top/gtests/common" \
"$top/gtests/der_gtest" \
"$top/gtests/freebl_gtest" \
"$top/gtests/pk11_gtest" \
"$top/gtests/ssl_gtest" \
"$top/gtests/util_gtest" \
)
fi
for dir in "${dirs[@]}"; do
find "$dir" -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
done
TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX)
trap 'rm $TMPFILE' exit
if (cd $(dirname $0); hg root >/dev/null 2>&1); then
hg diff --git "$top" | tee $TMPFILE
else
git -C "$top" diff | tee $TMPFILE
fi
[[ ! -s $TMPFILE ]]
security/nss/automation/taskcluster/scripts/run_scan_build.sh
+56
View File
@@ -0,0 +1,56 @@
#!/usr/bin/env bash
source $(dirname $0)/tools.sh
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0 $@
fi
# Clone NSPR if needed.
if [ ! -d "nspr" ]; then
hg_clone https://hg.mozilla.org/projects/nspr nspr default
fi
# Build.
cd nss
make nss_build_all
# What we want to scan.
# key: directory to scan
# value: number of errors expected in that directory
declare -A scan=( \
[lib/base]=0 \
[lib/certdb]=0 \
[lib/certhigh]=0 \
[lib/ckfw]=0 \
[lib/crmf]=0 \
[lib/cryptohi]=0 \
[lib/dev]=0 \
[lib/freebl]=0 \
[lib/nss]=0 \
[lib/ssl]=0 \
[lib/util]=0 \
)
# remove .OBJ directories to force a rebuild of just the select few
for i in "${!scan[@]}"; do
find "$i" -name "*.OBJ" -exec rm -rf {} \+
done
# run scan-build (only building affected directories)
scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..
# print errors we found
set +v +x
STATUS=0
for i in "${!scan[@]}"; do
n=$(grep -Rn "$i" /home/worker/artifacts/*/report-*.html | wc -l)
if [ $n -ne ${scan[$i]} ]; then
STATUS=1
echo "$(date '+%T') WARNING - TEST-UNEXPECTED-FAIL: $i contains $n scan-build errors"
elif [ $n -ne 0 ]; then
echo "$(date '+%T') WARNING - TEST-EXPECTED-FAIL: $i contains $n scan-build errors"
fi
done
exit $STATUS
security/nss/automation/taskcluster/scripts/run_tests.sh
+17
View File
@@ -0,0 +1,17 @@
#!/usr/bin/env bash
source $(dirname $0)/tools.sh
if [ $(id -u) = 0 ]; then
# Stupid Docker.
echo "127.0.0.1 localhost.localdomain" >> /etc/hosts
# Drop privileges by re-running this script.
exec su worker $0
fi
# Fetch artifact if needed.
fetch_dist
# Run tests.
cd nss/tests && ./all.sh
security/nss/automation/taskcluster/scripts/tools.sh
+28
View File
@@ -0,0 +1,28 @@
#!/usr/bin/env bash
set -v -e -x
# Usage: hg_clone repo dir [revision=@]
hg_clone() {
repo=$1
dir=$2
rev=${3:-@}
for i in 0 2 5; do
sleep $i
hg clone -r "$rev" "$repo" "$dir" && return
rm -rf "$dir"
done
exit 1
}
fetch_dist() {
url=https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/dist.tar.bz2
if [ ! -d "dist" ]; then
for i in 0 2 5; do
sleep $i
curl --retry 3 -Lo dist.tar.bz2 $url && tar xvjf dist.tar.bz2 && return
rm -fr dist.tar.bz2 dist
done
exit 1
fi
}
security/nss/automation/taskcluster/windows/build.sh
+15
View File
@@ -0,0 +1,15 @@
#!/usr/bin/env bash
set -v -e -x
# Set up the toolchain.
source $(dirname $0)/setup.sh
# Clone NSPR.
hg_clone https://hg.mozilla.org/projects/nspr nspr default
# Build.
make -C nss nss_build_all
# Package.
7z a public/build/dist.7z dist
security/nss/automation/taskcluster/windows/gen_certs.sh
+19
View File
@@ -0,0 +1,19 @@
#!/usr/bin/env bash
set -v -e -x
# Set up the toolchain.
source $(dirname $0)/setup.sh
# Fetch artifact.
wget -t 3 --retry-connrefused -w 5 --random-wait https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/build/dist.7z -O dist.7z
7z x dist.7z
# Generate certificates.
NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" nss/tests/all.sh
# Reset test counter so that test runs pick up our certificates.
echo 1 > tests_results/security/localhost
# Package.
7z a public/build/dist.7z dist tests_results
security/nss/automation/taskcluster/windows/releng.manifest
+10
View File
@@ -0,0 +1,10 @@
[
{
"version": "Visual Studio 2015 Update 2 / SDK 10.0.10586.0/212",
"size": 332442800,
"digest": "995394a4a515c7cb0f8595f26f5395361a638870dd0bbfcc22193fe1d98a0c47126057d5999cc494f3f3eac5cb49160e79757c468f83ee5797298e286ef6252c",
"algorithm": "sha512",
"filename": "vs2015u2.zip",
"unpack": true
}
]
security/nss/automation/taskcluster/windows/run_tests.sh
+13
View File
@@ -0,0 +1,13 @@
#!/usr/bin/env bash
set -v -e -x
# Set up the toolchain.
source $(dirname $0)/setup.sh
# Fetch artifact.
wget -t 3 --retry-connrefused -w 5 --random-wait https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/build/dist.7z -O dist.7z
7z x dist.7z
# Run tests.
cd nss/tests && ./all.sh
security/nss/automation/taskcluster/windows/setup.sh
+30
View File
@@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -v -e -x
# Usage: hg_clone repo dir [revision=@]
hg_clone() {
repo=$1
dir=$2
rev=${3:-@}
for i in 0 2 5; do
sleep $i
hg clone -r "$rev" "$repo" "$dir" && return
rm -rf "$dir"
done
exit 1
}
hg_clone https://hg.mozilla.org/build/tools tools default
tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://api.pub.build.mozilla.org/tooltool/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache
VSPATH="$(pwd)/vs2015u2"
export WINDOWSSDKDIR="${VSPATH}/SDK"
export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
export PATH="${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.10586.0/ucrt:${VSPATH}/SDK/Include/10.0.10586.0/shared:${VSPATH}/SDK/Include/10.0.10586.0/um"
export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.10586.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.10586.0/um/x64"
security/nss/build.sh
+204
View File
@@ -0,0 +1,204 @@
#!/bin/bash
# This script builds NSS with gyp and ninja.
#
# This build system is still under development. It does not yet support all
# the features or platforms that NSS supports.
set -e
source $(dirname $0)/coreconf/nspr.sh
# Usage info
show_help() {
cat << EOF
Usage: ${0##*/} [-hcgv] [-j <n>] [--test] [--fuzz] [--scan-build[=output]]
[-m32] [--opt|-o] [--asan] [--ubsan] [--sancov[=edge|bb|func]]
[--pprof] [--msan]
This script builds NSS with gyp and ninja.
This build system is still under development. It does not yet support all
the features or platforms that NSS supports.
NSS build tool options:
-h display this help and exit
-c clean before build
-g force a rebuild of gyp (and NSPR, because why not)
-j <n> run at most <n> concurrent jobs
-v verbose build
-m32 do a 32-bit build on a 64-bit system
--test ignore map files and export everything we have
--fuzz enable fuzzing mode. this always enables test builds
--scan-build run the build with scan-build (scan-build has to be in the path)
--scan-build=/out/path sets the output path for scan-build
--opt|-o do an opt build
--asan do an asan build
--ubsan do an ubsan build
--msan do an msan build
--sancov do sanitize coverage builds
--sancov=func sets coverage to function level for example
--pprof build with gperftool support
EOF
}
if [ -n "$CCC" ] && [ -z "$CXX" ]; then
export CXX="$CCC"
fi
opt_build=0
build_64=0
clean=0
rebuild_gyp=0
target=Debug
verbose=0
fuzz=0
# parse parameters to store in config
params=$(echo "$*" | perl -pe 's/-c|-v|-g|-j [0-9]*|-h//g' | perl -pe 's/^\s*(.*?)\s*$/\1/')
params=$(echo "$params $CC $CCC" | tr " " "\n" | perl -pe '/^\s*$/d')
params=$(echo "${params[*]}" | sort)
cwd=$(cd $(dirname $0); pwd -P)
dist_dir="$cwd/../dist"
# try to guess sensible defaults
arch=$(python "$cwd/coreconf/detect_host_arch.py")
if [ "$arch" = "x64" -o "$arch" = "aarch64" ]; then
build_64=1
fi
gyp_params=()
ninja_params=()
scanbuild=()
enable_fuzz()
{
fuzz=1
nspr_sanitizer asan
nspr_sanitizer ubsan
nspr_sanitizer sancov edge
gyp_params+=(-Duse_asan=1)
gyp_params+=(-Duse_ubsan=1)
gyp_params+=(-Duse_sancov=edge)
# Adding debug symbols even for opt builds.
nspr_opt+=(--enable-debug-symbols)
}
# parse command line arguments
while [ $# -gt 0 ]; do
case $1 in
-c) clean=1 ;;
-g) rebuild_gyp=1 ;;
-j) ninja_params+=(-j "$2"); shift ;;
-v) ninja_params+=(-v); verbose=1 ;;
--test) gyp_params+=(-Dtest_build=1) ;;
--fuzz) gyp_params+=(-Dtest_build=1 -Dfuzz=1); enable_fuzz ;;
--scan-build) scanbuild=(scan-build) ;;
--scan-build=?*) scanbuild=(scan-build -o "${1#*=}") ;;
--opt|-o) opt_build=1 ;;
-m32|--m32) build_64=0 ;;
--asan) gyp_params+=(-Duse_asan=1); nspr_sanitizer asan ;;
--ubsan) gyp_params+=(-Duse_ubsan=1); nspr_sanitizer ubsan ;;
--sancov) gyp_params+=(-Duse_sancov=edge); nspr_sanitizer sancov edge ;;
--sancov=?*) gyp_params+=(-Duse_sancov="${1#*=}"); nspr_sanitizer sancov "${1#*=}" ;;
--pprof) gyp_params+=(-Duse_pprof=1) ;;
--msan) gyp_params+=(-Duse_msan=1); nspr_sanitizer msan ;;
*) show_help; exit ;;
esac
shift
done
if [ "$opt_build" = "1" ]; then
target=Release
nspr_opt+=(--disable-debug --enable-optimize)
else
target=Debug
fi
if [ "$build_64" == "1" ]; then
nspr_opt+=(--enable-64bit)
else
gyp_params+=(-Dtarget_arch=ia32)
nspr_opt+=(--enable-x32)
fi
# clone fuzzing stuff
if [ "$fuzz" = "1" ]; then
[ $verbose = 0 ] && exec 3>/dev/null || exec 3>&1
echo "[1/2] Cloning libFuzzer files ..."
$cwd/fuzz/clone_libfuzzer.sh 1>&3 2>&3
echo "[2/2] Cloning fuzzing corpus ..."
$cwd/fuzz/clone_corpus.sh 1>&3 2>&3
exec 3>&-
fi
# check if we have to rebuild gyp
if [ "$params" != "$(cat $cwd/out/config 2>/dev/null)" -o "$rebuild_gyp" == 1 -o "$clean" == 1 ]; then
rebuild_gyp=1
rm -rf "$cwd/../nspr/$target" # force NSPR to rebuild
fi
# set paths
target_dir="$cwd/out/$target"
# get the realpath of $dist_dir
dist_dir=$(mkdir -p $dist_dir; cd $dist_dir; pwd -P)
# get object directory
obj_dir="$dist_dir/$target"
gyp_params+=(-Dnss_dist_dir=$dist_dir)
gyp_params+=(-Dnss_dist_obj_dir=$obj_dir)
gyp_params+=(-Dnspr_lib_dir=$obj_dir/lib)
gyp_params+=(-Dnspr_include_dir=$obj_dir/include/nspr)
# -c = clean first
if [ "$clean" = 1 ]; then
rm -rf "$cwd/out"
rm -rf "$cwd/../nspr/$target"
rm -rf "$dist_dir"
fi
# save the chosen target
mkdir -p $dist_dir
echo $target > $dist_dir/latest
# pass on CC and CCC
if [ "${#scanbuild[@]}" -gt 0 ]; then
if [ -n "$CC" ]; then
scanbuild+=(--use-cc="$CC")
fi
if [ -n "$CCC" ]; then
scanbuild+=(--use-c++="$CCC")
fi
fi
# These steps can take a while, so don't overdo them.
# Force a redo with -g.
if [ "$rebuild_gyp" = 1 -o ! -d "$target_dir" ]; then
build_nspr $verbose
# Run gyp.
[ $verbose = 1 ] && set -v -x
"${scanbuild[@]}" gyp -f ninja "${gyp_params[@]}" --depth="$cwd" \
--generator-output="." "$cwd/nss.gyp"
[ $verbose = 1 ] && set +v +x
# Store used parameters for next run.
echo "$params" > "$cwd/out/config"
fi
# Run ninja.
if which ninja >/dev/null 2>&1; then
ninja=(ninja)
elif which ninja-build >/dev/null 2>&1; then
ninja=(ninja-build)
else
echo "Please install ninja" 1>&2
exit 1
fi
"${scanbuild[@]}" $ninja -C "$target_dir" "${ninja_params[@]}"
security/nss/cmd/Makefile
+4
View File
@@ -16,10 +16,14 @@ endif
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
BLTEST_SRCDIR =
ECPERF_SRCDIR =
FREEBL_ECTEST_SRCDIR =
FIPSTEST_SRCDIR =
SHLIBSIGN_SRCDIR =
else
BLTEST_SRCDIR = bltest
ECPERF_SRCDIR = ecperf
FREEBL_ECTEST_SRCDIR = fbectest
FIPSTEST_SRCDIR = fipstest
SHLIBSIGN_SRCDIR = shlibsign
endif
security/nss/cmd/addbuiltin/addbuiltin.c
+268 -267
View File
@@ -18,53 +18,56 @@
#include <io.h>
#endif
void dumpbytes(unsigned char *buf, int len)
void
dumpbytes(unsigned char *buf, int len)
{
int i;
for (i=0; i < len; i++) {
if ((i !=0) && ((i & 0xf) == 0)) {
printf("\n");
}
printf("\\%03o",buf[i]);
for (i = 0; i < len; i++) {
if ((i != 0) && ((i & 0xf) == 0)) {
printf("\n");
}
printf("\\%03o", buf[i]);
}
printf("\n");
}
char *getTrustString(unsigned int trust)
char *
getTrustString(unsigned int trust)
{
if (trust & CERTDB_TRUSTED) {
if (trust & CERTDB_TRUSTED_CA) {
return "CKT_NSS_TRUSTED_DELEGATOR";
} else {
return "CKT_NSS_TRUSTED";
}
if (trust & CERTDB_TRUSTED_CA) {
return "CKT_NSS_TRUSTED_DELEGATOR";
} else {
return "CKT_NSS_TRUSTED";
}
} else {
if (trust & CERTDB_TRUSTED_CA) {
return "CKT_NSS_TRUSTED_DELEGATOR";
} else if (trust & CERTDB_VALID_CA) {
return "CKT_NSS_VALID_DELEGATOR";
} else if (trust & CERTDB_TERMINAL_RECORD) {
return "CKT_NSS_NOT_TRUSTED";
} else {
return "CKT_NSS_MUST_VERIFY_TRUST";
}
if (trust & CERTDB_TRUSTED_CA) {
return "CKT_NSS_TRUSTED_DELEGATOR";
} else if (trust & CERTDB_VALID_CA) {
return "CKT_NSS_VALID_DELEGATOR";
} else if (trust & CERTDB_TERMINAL_RECORD) {
return "CKT_NSS_NOT_TRUSTED";
} else {
return "CKT_NSS_MUST_VERIFY_TRUST";
}
}
return "CKT_NSS_TRUST_UNKNOWN"; /* not reached */
}
static const SEC_ASN1Template serialTemplate[] = {
{ SEC_ASN1_INTEGER, offsetof(CERTCertificate,serialNumber) },
{ SEC_ASN1_INTEGER, offsetof(CERTCertificate, serialNumber) },
{ 0 }
};
void print_crl_info(CERTName *name, SECItem *serial)
void
print_crl_info(CERTName *name, SECItem *serial)
{
PRBool saveWrapeState = SECU_GetWrapEnabled();
SECU_EnableWrap(PR_FALSE);
SECU_PrintNameQuotesOptional(stdout, name, "# Issuer", 0, PR_FALSE);
printf("\n");
SECU_PrintInteger(stdout, serial, "# Serial Number", 0);
SECU_EnableWrap(saveWrapeState);
@@ -77,79 +80,80 @@ ConvertCRLEntry(SECItem *sdder, PRInt32 crlentry, char *nickname)
PLArenaPool *arena = NULL;
CERTSignedCrl *newCrl = NULL;
CERTCrlEntry *entry;
CERTName *name = NULL;
SECItem *derName = NULL;
SECItem *serial = NULL;
rv = SEC_ERROR_NO_MEMORY;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena)
return rv;
return rv;
newCrl = CERT_DecodeDERCrlWithFlags(arena, sdder, SEC_CRL_TYPE,
CRL_DECODE_DEFAULT_OPTIONS);
CRL_DECODE_DEFAULT_OPTIONS);
if (!newCrl)
return SECFailure;
return SECFailure;
name = &newCrl->crl.name;
derName = &newCrl->crl.derName;
if (newCrl->crl.entries != NULL) {
PRInt32 iv = 0;
while ((entry = newCrl->crl.entries[iv++]) != NULL) {
if (crlentry == iv) {
serial = &entry->serialNumber;
break;
}
}
PRInt32 iv = 0;
while ((entry = newCrl->crl.entries[iv++]) != NULL) {
if (crlentry == iv) {
serial = &entry->serialNumber;
break;
}
}
}
if (!name || !derName || !serial)
return SECFailure;
printf("\n# Distrust \"%s\"\n",nickname);
return SECFailure;
printf("\n# Distrust \"%s\"\n", nickname);
print_crl_info(name, serial);
printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n");
printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
printf("CKA_ISSUER MULTILINE_OCTAL\n");
dumpbytes(derName->data,derName->len);
dumpbytes(derName->data, derName->len);
printf("END\n");
printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
printf("\\002\\%03o", serial->len); /* 002: type integer; len >=3 digits */
dumpbytes(serial->data,serial->len);
dumpbytes(serial->data, serial->len);
printf("END\n");
printf("CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED\n");
printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED\n");
printf("CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED\n");
printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE\n");
PORT_FreeArena (arena, PR_FALSE);
PORT_FreeArena(arena, PR_FALSE);
return rv;
}
void print_info(SECItem *sdder, CERTCertificate *c)
void
print_info(SECItem *sdder, CERTCertificate *c)
{
PRBool saveWrapeState = SECU_GetWrapEnabled();
SECU_EnableWrap(PR_FALSE);
SECU_PrintNameQuotesOptional(stdout, &c->issuer, "# Issuer", 0, PR_FALSE);
printf("\n");
SECU_PrintInteger(stdout, &c->serialNumber, "# Serial Number", 0);
SECU_PrintNameQuotesOptional(stdout, &c->subject, "# Subject", 0, PR_FALSE);
printf("\n");
SECU_PrintTimeChoice(stdout, &c->validity.notBefore, "# Not Valid Before", 0);
SECU_PrintTimeChoice(stdout, &c->validity.notAfter, "# Not Valid After ", 0);
SECU_PrintTimeChoice(stdout, &c->validity.notAfter, "# Not Valid After ", 0);
SECU_PrintFingerprints(stdout, sdder, "# Fingerprint", 0);
SECU_EnableWrap(saveWrapeState);
@@ -169,43 +173,43 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname);
if (!cert) {
return SECFailure;
return SECFailure;
}
serial = SEC_ASN1EncodeItem(NULL,NULL,cert,serialTemplate);
serial = SEC_ASN1EncodeItem(NULL, NULL, cert, serialTemplate);
if (!serial) {
return SECFailure;
return SECFailure;
}
if (!excludeCert) {
printf("\n#\n# Certificate \"%s\"\n#\n",nickname);
print_info(sdder, cert);
printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
printf("CKA_SUBJECT MULTILINE_OCTAL\n");
dumpbytes(cert->derSubject.data,cert->derSubject.len);
printf("END\n");
printf("CKA_ID UTF8 \"0\"\n");
printf("CKA_ISSUER MULTILINE_OCTAL\n");
dumpbytes(cert->derIssuer.data,cert->derIssuer.len);
printf("END\n");
printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
dumpbytes(serial->data,serial->len);
printf("END\n");
printf("CKA_VALUE MULTILINE_OCTAL\n");
dumpbytes(sdder->data,sdder->len);
printf("END\n");
printf("\n#\n# Certificate \"%s\"\n#\n", nickname);
print_info(sdder, cert);
printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
printf("CKA_SUBJECT MULTILINE_OCTAL\n");
dumpbytes(cert->derSubject.data, cert->derSubject.len);
printf("END\n");
printf("CKA_ID UTF8 \"0\"\n");
printf("CKA_ISSUER MULTILINE_OCTAL\n");
dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
printf("END\n");
printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
dumpbytes(serial->data, serial->len);
printf("END\n");
printf("CKA_VALUE MULTILINE_OCTAL\n");
dumpbytes(sdder->data, sdder->len);
printf("END\n");
}
if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags)
== CERTDB_TERMINAL_RECORD)
trust_info = "Distrust";
if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==
CERTDB_TERMINAL_RECORD)
trust_info = "Distrust";
else
trust_info = "Trust for";
trust_info = "Trust for";
printf("\n# %s \"%s\"\n", trust_info, nickname);
print_info(sdder, cert);
@@ -213,32 +217,32 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
if (!excludeHash) {
PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
dumpbytes(sha1_hash,SHA1_LENGTH);
printf("END\n");
PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
dumpbytes(md5_hash,MD5_LENGTH);
printf("END\n");
PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
dumpbytes(sha1_hash, SHA1_LENGTH);
printf("END\n");
PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
dumpbytes(md5_hash, MD5_LENGTH);
printf("END\n");
}
printf("CKA_ISSUER MULTILINE_OCTAL\n");
dumpbytes(cert->derIssuer.data,cert->derIssuer.len);
dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
printf("END\n");
printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
dumpbytes(serial->data,serial->len);
dumpbytes(serial->data, serial->len);
printf("END\n");
printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n",
getTrustString(trust->sslFlags));
getTrustString(trust->sslFlags));
printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n",
getTrustString(trust->emailFlags));
getTrustString(trust->emailFlags));
printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n",
getTrustString(trust->objectSigningFlags));
getTrustString(trust->objectSigningFlags));
#ifdef notdef
printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NSS_TRUSTED\n");
printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
@@ -248,111 +252,110 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
#endif
step_up = (trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n",
step_up ? "CK_TRUE" : "CK_FALSE");
step_up ? "CK_TRUE" : "CK_FALSE");
PORT_Free(sdder->data);
return(rv);
return (rv);
}
void printheader() {
void
printheader()
{
printf("# \n"
"# This Source Code Form is subject to the terms of the Mozilla Public\n"
"# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
"# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
"#\n"
"CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$\"\n"
"\n"
"#\n"
"# certdata.txt\n"
"#\n"
"# This file contains the object definitions for the certs and other\n"
"# information \"built into\" NSS.\n"
"#\n"
"# Object definitions:\n"
"#\n"
"# Certificates\n"
"#\n"
"# -- Attribute -- -- type -- -- value --\n"
"# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"
"# CKA_TOKEN CK_BBOOL CK_TRUE\n"
"# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
"# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
"# CKA_LABEL UTF8 (varies)\n"
"# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"
"# CKA_SUBJECT DER+base64 (varies)\n"
"# CKA_ID byte array (varies)\n"
"# CKA_ISSUER DER+base64 (varies)\n"
"# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
"# CKA_VALUE DER+base64 (varies)\n"
"# CKA_NSS_EMAIL ASCII7 (unused here)\n"
"#\n"
"# Trust\n"
"#\n"
"# -- Attribute -- -- type -- -- value --\n"
"# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n"
"# CKA_TOKEN CK_BBOOL CK_TRUE\n"
"# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
"# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
"# CKA_LABEL UTF8 (varies)\n"
"# CKA_ISSUER DER+base64 (varies)\n"
"# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
"# CKA_CERT_HASH binary+base64 (varies)\n"
"# CKA_EXPIRES CK_DATE (not used here)\n"
"# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n"
"# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n"
"# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n"
"# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n"
"# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n"
"# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n"
"# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n"
"# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n"
"# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n"
"# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n"
"# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n"
"# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n"
"# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n"
"# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n"
"# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n"
"# (other trust attributes can be defined)\n"
"#\n"
"\n"
"#\n"
"# The object to tell NSS that this is a root list and we don't\n"
"# have to go looking for others.\n"
"#\n"
"BEGINDATA\n"
"CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n"
"CKA_TOKEN CK_BBOOL CK_TRUE\n"
"CKA_PRIVATE CK_BBOOL CK_FALSE\n"
"CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
"CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
"# This Source Code Form is subject to the terms of the Mozilla Public\n"
"# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
"# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
"#\n"
"# certdata.txt\n"
"#\n"
"# This file contains the object definitions for the certs and other\n"
"# information \"built into\" NSS.\n"
"#\n"
"# Object definitions:\n"
"#\n"
"# Certificates\n"
"#\n"
"# -- Attribute -- -- type -- -- value --\n"
"# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"
"# CKA_TOKEN CK_BBOOL CK_TRUE\n"
"# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
"# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
"# CKA_LABEL UTF8 (varies)\n"
"# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"
"# CKA_SUBJECT DER+base64 (varies)\n"
"# CKA_ID byte array (varies)\n"
"# CKA_ISSUER DER+base64 (varies)\n"
"# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
"# CKA_VALUE DER+base64 (varies)\n"
"# CKA_NSS_EMAIL ASCII7 (unused here)\n"
"#\n"
"# Trust\n"
"#\n"
"# -- Attribute -- -- type -- -- value --\n"
"# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n"
"# CKA_TOKEN CK_BBOOL CK_TRUE\n"
"# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
"# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
"# CKA_LABEL UTF8 (varies)\n"
"# CKA_ISSUER DER+base64 (varies)\n"
"# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
"# CKA_CERT_HASH binary+base64 (varies)\n"
"# CKA_EXPIRES CK_DATE (not used here)\n"
"# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n"
"# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n"
"# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n"
"# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n"
"# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n"
"# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n"
"# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n"
"# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n"
"# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n"
"# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n"
"# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n"
"# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n"
"# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n"
"# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n"
"# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n"
"# (other trust attributes can be defined)\n"
"#\n"
"\n"
"#\n"
"# The object to tell NSS that this is a root list and we don't\n"
"# have to go looking for others.\n"
"#\n"
"BEGINDATA\n"
"CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n"
"CKA_TOKEN CK_BBOOL CK_TRUE\n"
"CKA_PRIVATE CK_BBOOL CK_FALSE\n"
"CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
"CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
}
static void Usage(char *progName)
static void
Usage(char *progName)
{
fprintf(stderr, "%s -t trust -n nickname [-i certfile] [-c] [-h]\n", progName);
fprintf(stderr,
fprintf(stderr,
"\tRead a der-encoded cert from certfile or stdin, and output\n"
"\tit to stdout in a format suitable for the builtin root module.\n"
"\tExample: %s -n MyCA -t \"C,C,C\" -i myca.der >> certdata.txt\n",
progName);
fprintf(stderr, "%s -D -n label [-i certfile]\n", progName);
fprintf(stderr,
fprintf(stderr,
"\tRead a der-encoded cert from certfile or stdin, and output\n"
"\ta distrust record.\n"
"\t(-D is equivalent to -t p,p,p -c -h)\n");
"\t(-D is equivalent to -t p,p,p -c -h)\n");
fprintf(stderr, "%s -C -e crl-entry-number -n label [-i crlfile]\n", progName);
fprintf(stderr,
fprintf(stderr,
"\tRead a CRL from crlfile or stdin, and output\n"
"\ta distrust record (issuer+serial).\n"
"\t(-C implies -c -h)\n");
"\t(-C implies -c -h)\n");
fprintf(stderr, "%-15s trust flags (cCTpPuw).\n", "-t trust");
fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n",
"-n nickname");
fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n",
"-n nickname");
fprintf(stderr, "%-15s a label for the distrust record.\n", "");
fprintf(stderr, "%-15s exclude the certificate (only add a trust record)\n", "-c");
fprintf(stderr, "%-15s exclude hash from trust record\n", "-h");
@@ -376,18 +379,19 @@ enum {
};
static secuCommandFlag addbuiltin_options[] =
{
{ /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
{ /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
{ /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
{ /* opt_Distrust */ 'D', PR_FALSE, 0, PR_FALSE },
{ /* opt_ExcludeCert */ 'c', PR_FALSE, 0, PR_FALSE },
{ /* opt_ExcludeHash */ 'h', PR_FALSE, 0, PR_FALSE },
{ /* opt_DistrustCRL */ 'C', PR_FALSE, 0, PR_FALSE },
{ /* opt_CRLEnry */ 'e', PR_TRUE, 0, PR_FALSE },
};
{
{ /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
{ /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
{ /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
{ /* opt_Distrust */ 'D', PR_FALSE, 0, PR_FALSE },
{ /* opt_ExcludeCert */ 'c', PR_FALSE, 0, PR_FALSE },
{ /* opt_ExcludeHash */ 'h', PR_FALSE, 0, PR_FALSE },
{ /* opt_DistrustCRL */ 'C', PR_FALSE, 0, PR_FALSE },
{ /* opt_CRLEnry */ 'e', PR_TRUE, 0, PR_FALSE },
};
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
SECStatus rv;
char *nickname = NULL;
@@ -401,44 +405,43 @@ int main(int argc, char **argv)
PRBool decodeTrust = PR_FALSE;
secuCommand addbuiltin = { 0 };
addbuiltin.numOptions = sizeof(addbuiltin_options)/sizeof(secuCommandFlag);
addbuiltin.numOptions = sizeof(addbuiltin_options) / sizeof(secuCommandFlag);
addbuiltin.options = addbuiltin_options;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
progName = progName ? progName + 1 : argv[0];
rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin);
if (rv != SECSuccess)
Usage(progName);
Usage(progName);
if (addbuiltin.options[opt_Trust].activated)
++mutuallyExclusiveOpts;
++mutuallyExclusiveOpts;
if (addbuiltin.options[opt_Distrust].activated)
++mutuallyExclusiveOpts;
++mutuallyExclusiveOpts;
if (addbuiltin.options[opt_DistrustCRL].activated)
++mutuallyExclusiveOpts;
++mutuallyExclusiveOpts;
if (mutuallyExclusiveOpts != 1) {
fprintf(stderr, "%s: you must specify exactly one of -t or -D or -C\n",
progName);
Usage(progName);
}
if (addbuiltin.options[opt_DistrustCRL].activated) {
if (!addbuiltin.options[opt_CRLEnry].activated) {
fprintf(stderr, "%s: you must specify the CRL entry number.\n",
progName);
Usage(progName);
}
else {
crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
if (crlentry < 1) {
fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
progName);
Usage(progName);
}
}
if (!addbuiltin.options[opt_CRLEnry].activated) {
fprintf(stderr, "%s: you must specify the CRL entry number.\n",
progName);
Usage(progName);
} else {
crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
if (crlentry < 1) {
fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
progName);
Usage(progName);
}
}
}
if (!addbuiltin.options[opt_Nickname].activated) {
@@ -448,27 +451,27 @@ int main(int argc, char **argv)
}
if (addbuiltin.options[opt_Input].activated) {
infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
if (!infile) {
fprintf(stderr, "%s: failed to open input file.\n", progName);
exit(1);
}
infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
if (!infile) {
fprintf(stderr, "%s: failed to open input file.\n", progName);
exit(1);
}
} else {
#if defined(WIN32)
/* If we're going to read binary data from stdin, we must put stdin
/* If we're going to read binary data from stdin, we must put stdin
** into O_BINARY mode or else incoming \r\n's will become \n's,
** and latin-1 characters will be altered.
*/
int smrv = _setmode(_fileno(stdin), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdin to binary mode. Use -i option instead.\n",
progName);
exit(1);
}
int smrv = _setmode(_fileno(stdin), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdin to binary mode. Use -i option instead.\n",
progName);
exit(1);
}
#endif
infile = PR_STDIN;
infile = PR_STDIN;
}
#if defined(WIN32)
@@ -476,70 +479,68 @@ int main(int argc, char **argv)
** carriage returns.
*/
{
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
exit(1);
}
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
exit(1);
}
}
#endif
nickname = strdup(addbuiltin.options[opt_Nickname].arg);
NSS_NoDB_Init(NULL);
if (addbuiltin.options[opt_Distrust].activated ||
addbuiltin.options[opt_DistrustCRL].activated) {
addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;
addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;
}
if (addbuiltin.options[opt_Distrust].activated) {
trusts = strdup("p,p,p");
decodeTrust = PR_TRUE;
}
else if (addbuiltin.options[opt_Trust].activated) {
decodeTrust = PR_TRUE;
} else if (addbuiltin.options[opt_Trust].activated) {
trusts = strdup(addbuiltin.options[opt_Trust].arg);
decodeTrust = PR_TRUE;
decodeTrust = PR_TRUE;
}
if (decodeTrust) {
rv = CERT_DecodeTrustString(&trust, trusts);
if (rv) {
fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
Usage(progName);
}
rv = CERT_DecodeTrustString(&trust, trusts);
if (rv) {
fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
Usage(progName);
}
}
if (addbuiltin.options[opt_Trust].activated &&
addbuiltin.options[opt_ExcludeHash].activated) {
if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags)
!= CERTDB_TERMINAL_RECORD) {
fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName);
Usage(progName);
}
if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) !=
CERTDB_TERMINAL_RECORD) {
fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName);
Usage(progName);
}
}
SECU_FileToItem(&derItem, infile);
/*printheader();*/
if (addbuiltin.options[opt_DistrustCRL].activated) {
rv = ConvertCRLEntry(&derItem, crlentry, nickname);
rv = ConvertCRLEntry(&derItem, crlentry, nickname);
} else {
rv = ConvertCertificate(&derItem, nickname, &trust,
addbuiltin.options[opt_ExcludeCert].activated,
addbuiltin.options[opt_ExcludeHash].activated);
if (rv) {
fprintf(stderr, "%s: failed to convert certificate.\n", progName);
exit(1);
}
}
else {
rv = ConvertCertificate(&derItem, nickname, &trust,
addbuiltin.options[opt_ExcludeCert].activated,
addbuiltin.options[opt_ExcludeHash].activated);
if (rv) {
fprintf(stderr, "%s: failed to convert certificate.\n", progName);
exit(1);
}
}
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
return(SECSuccess);
return (SECSuccess);
}
security/nss/cmd/addbuiltin/addbuiltin.gyp
+24
View File
@@ -0,0 +1,24 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'addbuiltin',
'type': 'executable',
'sources': [
'addbuiltin.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports'
]
}
],
'variables': {
'module': 'nss'
}
}
security/nss/cmd/atob/atob.c
+84 -80
View File
@@ -9,8 +9,8 @@
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
extern int fread(char *, size_t, size_t, FILE*);
extern int fwrite(char *, size_t, size_t, FILE*);
extern int fread(char *, size_t, size_t, FILE *);
extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
@@ -20,16 +20,16 @@ extern int fprintf(FILE *, char *, ...);
#include "io.h"
#endif
static PRInt32
output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
static PRInt32
output_binary(void *arg, const unsigned char *obuf, PRInt32 size)
{
FILE *outFile = arg;
int nb;
nb = fwrite(obuf, 1, size, outFile);
if (nb != size) {
PORT_SetError(SEC_ERROR_IO);
return -1;
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return nb;
@@ -38,12 +38,11 @@ output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
static PRBool
isBase64Char(char c)
{
return ((c >= 'A' && c <= 'Z')
|| (c >= 'a' && c <= 'z')
|| (c >= '0' && c <= '9')
|| c == '+'
|| c == '/'
|| c == '=');
return ((c >= 'A' && c <= 'Z') ||
(c >= 'a' && c <= 'z') ||
(c >= '0' && c <= '9') ||
c == '+' || c == '/' ||
c == '=');
}
static SECStatus
@@ -56,57 +55,61 @@ decode_file(FILE *outFile, FILE *inFile)
cx = NSSBase64Decoder_Create(output_binary, outFile);
if (!cx) {
return -1;
return -1;
}
for (;;) {
if (feof(inFile)) break;
if (!fgets(ibuf, sizeof(ibuf), inFile)) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
goto loser;
}
/* eof */
break;
}
for (ptr = ibuf; *ptr; ++ptr) {
char c = *ptr;
if (c == '\n' || c == '\r') {
break; /* found end of line */
}
if (!isBase64Char(c)) {
ptr = ibuf; /* ignore line */
break;
}
}
if (ibuf == ptr) {
continue; /* skip empty or non-base64 line */
}
if (feof(inFile))
break;
if (!fgets(ibuf, sizeof(ibuf), inFile)) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
goto loser;
}
/* eof */
break;
}
for (ptr = ibuf; *ptr; ++ptr) {
char c = *ptr;
if (c == '\n' || c == '\r') {
break; /* found end of line */
}
if (!isBase64Char(c)) {
ptr = ibuf; /* ignore line */
break;
}
}
if (ibuf == ptr) {
continue; /* skip empty or non-base64 line */
}
status = NSSBase64Decoder_Update(cx, ibuf, ptr-ibuf);
if (status != SECSuccess) goto loser;
status = NSSBase64Decoder_Update(cx, ibuf, ptr - ibuf);
if (status != SECSuccess)
goto loser;
}
return NSSBase64Decoder_Destroy(cx, PR_FALSE);
loser:
(void) NSSBase64Decoder_Destroy(cx, PR_TRUE);
loser:
(void)NSSBase64Decoder_Destroy(cx, PR_TRUE);
return status;
}
static void Usage(char *progName)
static void
Usage(char *progName)
{
fprintf(stderr,
"Usage: %s [-i input] [-o output]\n",
progName);
"Usage: %s [-i input] [-o output]\n",
progName);
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
"-i input");
"-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
"-o output");
exit(-1);
}
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
char *progName;
SECStatus rv;
@@ -117,54 +120,55 @@ int main(int argc, char **argv)
inFile = 0;
outFile = 0;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
progName = progName ? progName + 1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "?hi:o:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
case 'h':
Usage(progName);
break;
switch (optstate->option) {
case '?':
case 'h':
Usage(progName);
break;
case 'i':
inFile = fopen(optstate->value, "r");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'i':
inFile = fopen(optstate->value, "r");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
}
case 'o':
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
}
}
if (!inFile) inFile = stdin;
if (!inFile)
inFile = stdin;
if (!outFile) {
#if defined(WIN32)
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdout to binary mode. Use -o option instead.\n",
progName);
return smrv;
}
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdout to binary mode. Use -o option instead.\n",
progName);
return smrv;
}
#endif
outFile = stdout;
outFile = stdout;
}
rv = decode_file(outFile, inFile);
if (rv != SECSuccess) {
fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
progName, PORT_GetError(), errno);
return -1;
fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
progName, PORT_GetError(), errno);
return -1;
}
return 0;
}
security/nss/cmd/atob/atob.gyp
+30
View File
@@ -0,0 +1,30 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'atob',
'type': 'executable',
'sources': [
'atob.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports'
]
}
],
'target_defaults': {
'defines': [
'NSPR20'
]
},
'variables': {
'module': 'nss'
}
}
security/nss/cmd/bltest/blapitest.c
+2069 -1849
View File
File diff suppressed because it is too large Load Diff
security/nss/cmd/bltest/bltest.gyp
+35
View File
@@ -0,0 +1,35 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'bltest',
'type': 'executable',
'sources': [
'blapitest.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
]
}
],
'target_defaults': {
'include_dirs': [
'../../nss/lib/softoken'
],
'defines': [
'NSS_USE_STATIC_LIBS'
]
},
'variables': {
'module': 'nss',
'use_static_libs': 1
}
}
security/nss/cmd/bltest/pkcs1_vectors.h
+789
View File
@@ -0,0 +1,789 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Vectors from pkcs1v15sign-vectors.txt */
struct pkcs1_test_vector {
unsigned char *n;
unsigned long n_len;
unsigned char *e;
unsigned long e_len;
unsigned char *d;
unsigned long d_len;
unsigned char *p;
unsigned long p_len;
unsigned char *q;
unsigned long q_len;
};
struct pkcs1_test_vector PKCS1_VECTORS[15] = {
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88,
0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac,
0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02,
0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1,
0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f,
0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7,
0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53,
0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c,
0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52,
0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22,
0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3,
0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
},
{
(unsigned char[]){
0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
128,
(unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
(unsigned char[]){
0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
128,
(unsigned char[]){
0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
0x9a, 0x67, 0x99, 0xfd },
64,
(unsigned char[]){
0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
0xda, 0x8e, 0x64, 0x43 },
64,
}
};
security/nss/cmd/bltest/tests/aes_gcm/hex.c
+55 -45
View File
@@ -2,67 +2,77 @@
#include <stdio.h>
#include <stdlib.h>
int tohex(int c)
int
tohex(int c)
{
if ((c >= '0') && (c <= '9')) {
if ((c >= '0') && (c <= '9')) {
return c - '0';
}
if ((c >= 'a') && (c <= 'f')) {
}
if ((c >= 'a') && (c <= 'f')) {
return c - 'a' + 10;
}
if ((c >= 'A') && (c <= 'F')) {
}
if ((c >= 'A') && (c <= 'F')) {
return c - 'A' + 10;
}
return 0;
}
return 0;
}
int isspace(int c)
int
isspace(int c)
{
if (c <= ' ') return 1;
if (c == '\n') return 1;
if (c == '\t') return 1;
if (c == ':') return 1;
if (c == ';') return 1;
if (c == ',') return 1;
return 0;
if (c <= ' ')
return 1;
if (c == '\n')
return 1;
if (c == '\t')
return 1;
if (c == ':')
return 1;
if (c == ';')
return 1;
if (c == ',')
return 1;
return 0;
}
void verify_nibble(int nibble, int current)
void
verify_nibble(int nibble, int current)
{
if (nibble != 0) {
fprintf(stderr,"count mismatch %d (nibbles=0x%x)\n",nibble,current);
if (nibble != 0) {
fprintf(stderr, "count mismatch %d (nibbles=0x%x)\n", nibble, current);
fflush(stderr);
}
}
}
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
int c;
int current = 0;
int nibble = 0;
int skip = 0;
int c;
int current = 0;
int nibble = 0;
int skip = 0;
if (argv[1]) {
if (argv[1]) {
skip = atoi(argv[1]);
}
}
#define NIBBLE_COUNT 2
while ((c=getchar()) != EOF) {
if (isspace(c)) {
verify_nibble(nibble,current);
continue;
}
if (skip) {
skip--;
continue;
}
current = current << 4 | tohex(c);
nibble++;
if (nibble == NIBBLE_COUNT) {
putchar(current);
nibble = 0;
current = 0;
}
}
return 0;
while ((c = getchar()) != EOF) {
if (isspace(c)) {
verify_nibble(nibble, current);
continue;
}
if (skip) {
skip--;
continue;
}
current = current << 4 | tohex(c);
nibble++;
if (nibble == NIBBLE_COUNT) {
putchar(current);
nibble = 0;
current = 0;
}
}
return 0;
}
security/nss/cmd/bltest/tests/chacha20_poly1305/aad0
+1
View File
@@ -0,0 +1 @@
PQRSタチツテトナニヌ
security/nss/cmd/bltest/tests/chacha20_poly1305/aad1
BIN
View File
Binary file not shown.
security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0
+1
View File
@@ -0,0 +1 @@
0xqNNGSOYNt7hq+8U+9+wqSt7VEpbgj+qeK1pzbuYtY9vqRejKlnEoL6+2naknKLGnHeCp4GCykF1qW2fs07NpLdvX8td4uMmAOu4ygJG1j6syTk+tZ1lFWFgItIMde8P/Te8I5Lep3ldtJlhs7GS2EWGuELWU8J4mp+kC7L0GAGkQ==
security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1
+1
View File
@@ -0,0 +1 @@
ZKCGFXWGGvRg8GLHm+ZDvV6AXP00XPOJ8QhnCsdsjLJMbPwYdV1D7qCe6U44LSawvbe3PDIbAQDU8Dt/NViUzzMvgw5xC5fOmMioSr0LlIEUrRduAI0zvWD5grH/N8hVl5egbvTw72HBhjJOKzUGODYGkHtqfAKw+fYVe1PIZ+S5Fmx2e4BNRqWbUhbN56TpkEDFpAQzIl7igqGwoGxSPq9FNNf4P6EVWwBHcYy8VGoNBysEs1ZO6htCInP1SCcaC7IxYFP6dpkZVevWMVlDTs67TkZtrloQc6ZydicJehBJ5hfZHTYQlPpo8P93mHEwMFvqui7aBN+Ze3FNbG8sKaatXLQCKwJwm+6tnWeJDLsiOSM2/qGFHzg=
security/nss/cmd/bltest/tests/chacha20_poly1305/iv0
BIN
View File
Binary file not shown.
security/nss/cmd/bltest/tests/chacha20_poly1305/iv1
BIN
View File
Binary file not shown.
security/nss/cmd/bltest/tests/chacha20_poly1305/key0
+1
View File
@@ -0,0 +1 @@
€≠ヤ㊧炎旧克署葬灯楓利劒屆撼
security/nss/cmd/bltest/tests/chacha20_poly1305/key1
+1
View File
@@ -0,0 +1 @@
@3G9@+ \ pu
security/nss/cmd/bltest/tests/chacha20_poly1305/numtests
+1
View File
@@ -0,0 +1 @@
2
security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0
+1
View File
@@ -0,0 +1 @@
Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.
security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1
+1
View File
@@ -0,0 +1 @@
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as /“work in progress./”
security/nss/cmd/bltest/tests/ecdsa/README
+3 -21
View File
@@ -1,22 +1,4 @@
0 secp160k1
1 secp160r1
2 secp160r2
3 nistk163
4 sect163r1
5 nistb163
6 secp192k1
7 nistp192
8 secp224k1
9 nistp224
10 nistk233
11 nistb233
12 nistp256
13 nistk283
14 nistb283
15 nistp384
16 nistk409
17 nistb409
18 nistk571
19 nistb571
0 nistp256
1 nistp384
# the following tests are not yet implemented
#20 nistp521
2 nistp521
security/nss/cmd/bltest/tests/ecdsa/key0
+3 -2
View File
@@ -1,2 +1,3 @@
AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD
WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ=
AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
security/nss/cmd/bltest/tests/ecdsa/key1
+4 -2
View File
@@ -1,2 +1,4 @@
AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T
5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ=
AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
yALMCiXJqRVXwbq42WMuaELMW+g=
security/nss/cmd/bltest/tests/ecdsa/key10
-3
View File
@@ -1,3 +0,0 @@
AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn
dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p
LYtBpK23jzfdVWO8SAY=
security/nss/cmd/bltest/tests/ecdsa/key11
-3
View File
@@ -1,3 +0,0 @@
AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv
KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J
LUg3xVL00vviR0KyFZY=
security/nss/cmd/bltest/tests/ecdsa/key12
-3
View File
@@ -1,3 +0,0 @@
AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
security/nss/cmd/bltest/tests/ecdsa/key13
-3
View File
@@ -1,3 +0,0 @@
AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF
7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX
mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY=
security/nss/cmd/bltest/tests/ecdsa/key14
-3
View File
@@ -1,3 +0,0 @@
AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi
xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa
d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc=
security/nss/cmd/bltest/tests/ecdsa/key15
-4
View File
@@ -1,4 +0,0 @@
AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
yALMCiXJqRVXwbq42WMuaELMW+g=
security/nss/cmd/bltest/tests/ecdsa/key16
-4
View File
@@ -1,4 +0,0 @@
AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz
Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW
2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T
NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w=
security/nss/cmd/bltest/tests/ecdsa/key17
-4
View File
@@ -1,4 +0,0 @@
AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K
1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U
V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx
t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII=
security/nss/cmd/bltest/tests/ecdsa/key18
-5
View File
@@ -1,5 +0,0 @@
AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+
LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH
NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF
3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY
poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA=
security/nss/cmd/bltest/tests/ecdsa/key19
-5
View File
@@ -1,5 +0,0 @@
AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s
6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy
TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/
amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc
wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ=
security/nss/cmd/bltest/tests/ecdsa/key2
+5 -2
View File
@@ -1,2 +1,5 @@
AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA
p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato=
AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
security/nss/cmd/bltest/tests/ecdsa/key20
-5
View File
@@ -1,5 +0,0 @@
AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
security/nss/cmd/bltest/tests/ecdsa/key3
-2
View File
@@ -1,2 +0,0 @@
AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7
gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E=
security/nss/cmd/bltest/tests/ecdsa/key4
-2
View File
@@ -1,2 +0,0 @@
AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa
dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY=
security/nss/cmd/bltest/tests/ecdsa/key5
-2
View File
@@ -1,2 +0,0 @@
AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO
Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA=
security/nss/cmd/bltest/tests/ecdsa/key6
-2
View File
@@ -1,2 +0,0 @@
AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7
uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM=
security/nss/cmd/bltest/tests/ecdsa/key7
-2
View File
@@ -1,2 +0,0 @@
AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+
D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI=
security/nss/cmd/bltest/tests/ecdsa/key8
-3
View File
@@ -1,3 +0,0 @@
AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI
gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G
qkpgzPIwe7U=
security/nss/cmd/bltest/tests/ecdsa/key9
-3
View File
@@ -1,3 +0,0 @@
AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc
rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b
1NJv4ULUbIs=
security/nss/cmd/btoa/btoa.c
+94 -90
View File
@@ -9,8 +9,8 @@
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
extern int fread(char *, size_t, size_t, FILE*);
extern int fwrite(char *, size_t, size_t, FILE*);
extern int fread(char *, size_t, size_t, FILE *);
extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
@@ -20,16 +20,16 @@ extern int fprintf(FILE *, char *, ...);
#include "io.h"
#endif
static PRInt32
output_ascii (void *arg, const char *obuf, PRInt32 size)
static PRInt32
output_ascii(void *arg, const char *obuf, PRInt32 size)
{
FILE *outFile = arg;
int nb;
nb = fwrite(obuf, 1, size, outFile);
if (nb != size) {
PORT_SetError(SEC_ERROR_IO);
return -1;
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return nb;
@@ -45,30 +45,32 @@ encode_file(FILE *outFile, FILE *inFile)
cx = NSSBase64Encoder_Create(output_ascii, outFile);
if (!cx) {
return -1;
return -1;
}
for (;;) {
if (feof(inFile)) break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
goto loser;
}
/* eof */
break;
}
}
if (feof(inFile))
break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
goto loser;
}
/* eof */
break;
}
}
status = NSSBase64Encoder_Update(cx, ibuf, nb);
if (status != SECSuccess) goto loser;
status = NSSBase64Encoder_Update(cx, ibuf, nb);
if (status != SECSuccess)
goto loser;
}
status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
if (status != SECSuccess)
return status;
return status;
/*
* Add a trailing CRLF. Note this must be done *after* the call
@@ -78,28 +80,30 @@ encode_file(FILE *outFile, FILE *inFile)
fwrite("\r\n", 1, 2, outFile);
return SECSuccess;
loser:
(void) NSSBase64Encoder_Destroy(cx, PR_TRUE);
loser:
(void)NSSBase64Encoder_Destroy(cx, PR_TRUE);
return status;
}
static void Usage(char *progName)
static void
Usage(char *progName)
{
fprintf(stderr,
"Usage: %s [-i input] [-o output]\n",
progName);
"Usage: %s [-i input] [-o output]\n",
progName);
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
"-i input");
"-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
"-o output");
fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n",
"-w suffix");
"-w suffix");
fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n",
"");
"");
exit(-1);
}
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
char *progName;
SECStatus rv;
@@ -112,88 +116,88 @@ int main(int argc, char **argv)
outFile = 0;
progName = strrchr(argv[0], '/');
if (!progName)
progName = strrchr(argv[0], '\\');
progName = progName ? progName+1 : argv[0];
progName = strrchr(argv[0], '\\');
progName = progName ? progName + 1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "i:o:w:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
default:
Usage(progName);
break;
switch (optstate->option) {
default:
Usage(progName);
break;
case 'i':
inFile = fopen(optstate->value, "rb");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'i':
inFile = fopen(optstate->value, "rb");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
case 'w':
if (!strcmp(optstate->value, "c"))
suffix = strdup("CERTIFICATE");
else
suffix = strdup(optstate->value);
break;
}
case 'o':
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
case 'w':
if (!strcmp(optstate->value, "c"))
suffix = strdup("CERTIFICATE");
else
suffix = strdup(optstate->value);
break;
}
}
if (status == PL_OPT_BAD)
Usage(progName);
Usage(progName);
if (!inFile) {
#if defined(WIN32)
/* If we're going to read binary data from stdin, we must put stdin
** into O_BINARY mode or else incoming \r\n's will become \n's.
*/
/* If we're going to read binary data from stdin, we must put stdin
** into O_BINARY mode or else incoming \r\n's will become \n's.
*/
int smrv = _setmode(_fileno(stdin), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdin to binary mode. Use -i option instead.\n",
progName);
return smrv;
}
int smrv = _setmode(_fileno(stdin), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdin to binary mode. Use -i option instead.\n",
progName);
return smrv;
}
#endif
inFile = stdin;
inFile = stdin;
}
if (!outFile) {
#if defined(WIN32)
/* We're going to write binary data to stdout. We must put stdout
** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's.
*/
/* We're going to write binary data to stdout. We must put stdout
** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's.
*/
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdout to binary mode. Use -o option instead.\n",
progName);
return smrv;
}
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdout to binary mode. Use -o option instead.\n",
progName);
return smrv;
}
#endif
outFile = stdout;
outFile = stdout;
}
if (suffix) {
fprintf(outFile, "-----BEGIN %s-----\n", suffix);
fprintf(outFile, "-----BEGIN %s-----\n", suffix);
}
rv = encode_file(outFile, inFile);
if (rv != SECSuccess) {
fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
progName, PORT_GetError(), errno);
return -1;
fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
progName, PORT_GetError(), errno);
return -1;
}
if (suffix) {
fprintf(outFile, "-----END %s-----\n", suffix);
fprintf(outFile, "-----END %s-----\n", suffix);
}
return 0;
}
security/nss/cmd/btoa/btoa.gyp
+30
View File
@@ -0,0 +1,30 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'btoa',
'type': 'executable',
'sources': [
'btoa.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports'
]
}
],
'target_defaults': {
'defines': [
'NSPR20'
]
},
'variables': {
'module': 'nss'
}
}
security/nss/cmd/certcgi/certcgi.c
+1498 -1633
View File
File diff suppressed because it is too large Load Diff
security/nss/cmd/certcgi/certcgi.gyp
+33
View File
@@ -0,0 +1,33 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'certcgi',
'type': 'executable',
'sources': [
'certcgi.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
]
}
],
'target_defaults': {
'defines': [
'NSPR20',
'NSS_USE_STATIC_LIBS'
]
},
'variables': {
'module': 'nss',
'use_static_libs': 1
}
}
security/nss/cmd/certutil/certext.c
+718 -713
View File
File diff suppressed because it is too large Load Diff
security/nss/cmd/certutil/certutil.c
+1748 -1611
View File
File diff suppressed because it is too large Load Diff
security/nss/cmd/certutil/certutil.gyp
+32
View File
@@ -0,0 +1,32 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'certutil',
'type': 'executable',
'sources': [
'certext.c',
'certutil.c',
'keystuff.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports'
]
}
],
'target_defaults': {
'defines': [
'NSPR20'
]
},
'variables': {
'module': 'nss'
}
}
security/nss/cmd/certutil/certutil.h
+4 -5
View File
@@ -3,11 +3,11 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _CERTUTIL_H
#define _CERTUTIL_H
#define _CERTUTIL_H
extern SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype,
PK11SlotInfo *slot,
PK11SlotInfo *slot,
int rsasize,
int publicExponent,
char *noise,
@@ -41,7 +41,7 @@ enum certutilExtns {
typedef struct ExtensionEntryStr {
PRBool activated;
const char *arg;
const char *arg;
} ExtensionEntry;
typedef ExtensionEntry certutilExtnList[ext_End];
@@ -54,5 +54,4 @@ extern SECStatus
GetOidFromString(PLArenaPool *arena, SECItem *to,
const char *from, size_t fromLen);
#endif /* _CERTUTIL_H */
#endif /* _CERTUTIL_H */
security/nss/cmd/certutil/keystuff.c
+325 -290
View File
@@ -12,13 +12,13 @@
#include <termios.h>
#endif
#if defined(XP_WIN) || defined (XP_PC)
#if defined(XP_WIN) || defined(XP_PC)
#include <time.h>
#include <conio.h>
#endif
#if defined(__sun) && !defined(SVR4)
extern int fclose(FILE*);
extern int fclose(FILE *);
extern int fprintf(FILE *, char *, ...);
extern int isatty(int);
extern char *sys_errlist[];
@@ -35,34 +35,37 @@ extern char *sys_errlist[];
#define NUM_KEYSTROKES 120
#define RAND_BUF_SIZE 60
#define ERROR_BREAK rv = SECFailure;break;
#define ERROR_BREAK \
rv = SECFailure; \
break;
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
{ 0, }
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
{ 0 }
};
/* returns 0 for success, -1 for failure (EOF encountered) */
static int
UpdateRNG(void)
{
char randbuf[RAND_BUF_SIZE];
int fd, count;
int c;
int rv = 0;
char randbuf[RAND_BUF_SIZE];
int fd, count;
int c;
int rv = 0;
#ifdef XP_UNIX
cc_t orig_cc_min;
cc_t orig_cc_time;
tcflag_t orig_lflag;
cc_t orig_cc_min;
cc_t orig_cc_time;
tcflag_t orig_lflag;
struct termios tio;
#endif
char meter[] = {
"\r| |" };
char meter[] = {
"\r| |"
};
#define FPS fprintf(stderr,
#define FPS fprintf(stderr,
FPS "\n");
FPS "A random seed must be generated that will be used in the\n");
FPS "creation of your key. One of the easiest ways to create a\n");
@@ -95,19 +98,19 @@ UpdateRNG(void)
count = 0;
while (count < sizeof randbuf) {
#if defined(XP_UNIX)
c = getc(stdin);
c = getc(stdin);
#else
c = getch();
c = getch();
#endif
if (c == EOF) {
rv = -1;
break;
}
randbuf[count] = c;
if (count == 0 || c != randbuf[count-1]) {
count++;
FPS "*");
}
if (c == EOF) {
rv = -1;
break;
}
randbuf[count] = c;
if (count == 0 || c != randbuf[count - 1]) {
count++;
FPS "*");
}
}
PK11_RandomUpdate(randbuf, sizeof randbuf);
memset(randbuf, 0, sizeof randbuf);
@@ -115,9 +118,9 @@ UpdateRNG(void)
FPS "\n\n");
FPS "Finished. Press enter to continue: ");
while ((c = getc(stdin)) != '\n' && c != EOF)
;
if (c == EOF)
rv = -1;
;
if (c == EOF)
rv = -1;
FPS "\n");
#undef FPS
@@ -132,65 +135,93 @@ UpdateRNG(void)
return rv;
}
static const unsigned char P[] = { 0,
0x98, 0xef, 0x3a, 0xae, 0x70, 0x98, 0x9b, 0x44,
0xdb, 0x35, 0x86, 0xc1, 0xb6, 0xc2, 0x47, 0x7c,
0xb4, 0xff, 0x99, 0xe8, 0xae, 0x44, 0xf2, 0xeb,
0xc3, 0xbe, 0x23, 0x0f, 0x65, 0xd0, 0x4c, 0x04,
0x82, 0x90, 0xa7, 0x9d, 0x4a, 0xc8, 0x93, 0x7f,
0x41, 0xdf, 0xf8, 0x80, 0x6b, 0x0b, 0x68, 0x7f,
0xaf, 0xe4, 0xa8, 0xb5, 0xb2, 0x99, 0xc3, 0x69,
0xfb, 0x3f, 0xe7, 0x1b, 0xd0, 0x0f, 0xa9, 0x7a,
0x4a, 0x04, 0xbf, 0x50, 0x9e, 0x22, 0x33, 0xb8,
0x89, 0x53, 0x24, 0x10, 0xf9, 0x68, 0x77, 0xad,
0xaf, 0x10, 0x68, 0xb8, 0xd3, 0x68, 0x5d, 0xa3,
0xc3, 0xeb, 0x72, 0x3b, 0xa0, 0x0b, 0x73, 0x65,
0xc5, 0xd1, 0xfa, 0x8c, 0xc0, 0x7d, 0xaa, 0x52,
0x29, 0x34, 0x44, 0x01, 0xbf, 0x12, 0x25, 0xfe,
0x18, 0x0a, 0xc8, 0x3f, 0xc1, 0x60, 0x48, 0xdb,
0xad, 0x93, 0xb6, 0x61, 0x67, 0xd7, 0xa8, 0x2d };
static const unsigned char P[] = { 0,
0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65,
0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd,
0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66,
0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08,
0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b,
0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b,
0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6,
0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83,
0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13,
0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9,
0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5,
0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8,
0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe,
0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63,
0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c,
0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef,
0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e,
0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3,
0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47,
0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f,
0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb,
0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97,
0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d,
0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81,
0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20,
0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c,
0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93,
0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9,
0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60,
0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32,
0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42,
0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 };
static const unsigned char Q[] = { 0,
0xb5, 0xb0, 0x84, 0x8b, 0x44, 0x29, 0xf6, 0x33,
0x59, 0xa1, 0x3c, 0xbe, 0xd2, 0x7f, 0x35, 0xa1,
0x76, 0x27, 0x03, 0x81 };
static const unsigned char G[] = {
0x04, 0x0e, 0x83, 0x69, 0xf1, 0xcd, 0x7d, 0xe5,
0x0c, 0x78, 0x93, 0xd6, 0x49, 0x6f, 0x00, 0x04,
0x4e, 0x0e, 0x6c, 0x37, 0xaa, 0x38, 0x22, 0x47,
0xd2, 0x58, 0xec, 0x83, 0x12, 0x95, 0xf9, 0x9c,
0xf1, 0xf4, 0x27, 0xff, 0xd7, 0x99, 0x57, 0x35,
0xc6, 0x64, 0x4c, 0xc0, 0x47, 0x12, 0x31, 0x50,
0x82, 0x3c, 0x2a, 0x07, 0x03, 0x01, 0xef, 0x30,
0x09, 0x89, 0x82, 0x41, 0x76, 0x71, 0xda, 0x9e,
0x57, 0x8b, 0x76, 0x38, 0x37, 0x5f, 0xa5, 0xcd,
0x32, 0x84, 0x45, 0x8d, 0x4c, 0x17, 0x54, 0x2b,
0x5d, 0xc2, 0x6b, 0xba, 0x3e, 0xa0, 0x7b, 0x95,
0xd7, 0x00, 0x42, 0xf7, 0x08, 0xb8, 0x83, 0x87,
0x60, 0xe1, 0xe5, 0xf4, 0x1a, 0x54, 0xc2, 0x20,
0xda, 0x38, 0x3a, 0xd1, 0xb6, 0x10, 0xf4, 0xcb,
0x35, 0xda, 0x97, 0x92, 0x87, 0xd6, 0xa5, 0x37,
0x62, 0xb4, 0x93, 0x4a, 0x15, 0x21, 0xa5, 0x10 };
0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3,
0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03,
0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d,
0x3a, 0x95, 0xf4, 0xf1 };
static const unsigned char G[] = {
0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62,
0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79,
0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7,
0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc,
0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1,
0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e,
0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54,
0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6,
0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a,
0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8,
0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f,
0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93,
0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83,
0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae,
0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3,
0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb,
0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e,
0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4,
0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58,
0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac,
0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e,
0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1,
0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d,
0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c,
0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a,
0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03,
0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5,
0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac,
0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d,
0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa,
0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd,
0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4
};
/* h:
* 4a:76:30:89:eb:e1:81:7c:99:0b:39:7f:95:4a:65:72:
* c6:b4:05:92:48:6c:3c:b2:7e:e7:39:f3:92:7d:c1:3f:
* bf:e1:fd:b3:4a:46:3e:ce:29:80:e3:d6:f4:59:c6:92:
* 16:2b:0e:d7:d6:bb:ef:94:36:31:c2:66:46:c5:4a:77:
* aa:95:84:ef:99:7e:e3:9c:d9:a0:32:42:09:b6:4e:d0:
* b3:c8:5e:06:df:a1:ac:4d:2d:f9:08:c2:cb:4b:a4:42:
* db:8a:5b:de:25:6e:2b:5b:ca:00:75:2c:57:00:18:aa:
* 68:59:a1:94:03:07:94:78:38:bc:f8:7c:1e:1c:a3:2e
* SEED:
* b5:44:66:c9:0f:f1:ca:1c:95:45:ce:90:74:89:14:f2:
* 13:3e:23:5a:b0:6a:bf:86:ad:cb:a0:7d:ce:3b:c8:16:
* 7f:2d:a2:1a:cb:33:7d:c1:e7:d7:07:aa:1b:a2:d7:89:
* f5:a4:db:f7:8b:50:00:cd:b4:7d:25:81:3f:f8:a8:dd:
* 6c:46:e5:77:b5:60:7e:75:79:b8:99:57:c1:c4:f3:f7:
* 17:ca:43:00:b8:33:b6:06:8f:4d:91:ed:23:a5:66:1b:
* ef:14:d7:bc:21:2b:82:d8:ab:fa:fd:a7:c3:4d:bf:52:
* af:8e:57:59:61:1a:4e:65:c6:90:d6:a6:ff:0b:15:b1
* g: 1024
* counter: 1003
/* P, Q, G have been generated using the NSS makepqg utility:
* makepqg -l 2048 -g 224 -r
* (see also: bug 1170322)
*
* h: 1 (0x1)
* SEED:
* d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:
* 0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63:
* 1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:
* e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36:
* b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c:
* 7c:9e:aa:3e
* g: 672
* counter: 0
*/
static const SECKEYPQGParams default_pqg_params = {
@@ -208,33 +239,33 @@ decode_pqg_params(const char *str)
PLArenaPool *arena;
SECKEYPQGParams *params;
SECStatus status;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL)
return NULL;
params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
if (params == NULL)
goto loser;
params->arena = arena;
buf = (char *)ATOB_AsciiToData(str, &len);
if ((buf == NULL) || (len == 0))
goto loser;
status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len);
if (status != SECSuccess)
goto loser;
return params;
loser:
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
void
void
CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params)
{
if (params->arena) {
@@ -246,110 +277,110 @@ static int
pqg_prime_bits(const SECKEYPQGParams *params)
{
int primeBits = 0;
if (params != NULL) {
int i;
for (i = 0; params->prime.data[i] == 0; i++) {
/* empty */;
}
primeBits = (params->prime.len - i) * 8;
int i;
for (i = 0; params->prime.data[i] == 0; i++) {
/* empty */;
}
primeBits = (params->prime.len - i) * 8;
}
return primeBits;
}
static char *
getPQGString(const char *filename)
{
unsigned char *buf = NULL;
PRFileDesc *src;
PRInt32 numBytes;
PRStatus prStatus;
PRFileInfo info;
unsigned char *buf = NULL;
PRFileDesc *src;
PRInt32 numBytes;
PRStatus prStatus;
PRFileInfo info;
src = PR_Open(filename, PR_RDONLY, 0);
src = PR_Open(filename, PR_RDONLY, 0);
if (!src) {
fprintf(stderr, "Failed to open PQG file %s\n", filename);
return NULL;
fprintf(stderr, "Failed to open PQG file %s\n", filename);
return NULL;
}
prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus == PR_SUCCESS) {
buf = (unsigned char*)PORT_Alloc(info.size + 1);
buf = (unsigned char *)PORT_Alloc(info.size + 1);
}
if (!buf) {
PR_Close(src);
fprintf(stderr, "Failed to read PQG file %s\n", filename);
return NULL;
PR_Close(src);
fprintf(stderr, "Failed to read PQG file %s\n", filename);
return NULL;
}
numBytes = PR_Read(src, buf, info.size);
PR_Close(src);
if (numBytes != info.size) {
PORT_Free(buf);
fprintf(stderr, "Failed to read PQG file %s\n", filename);
PORT_SetError(SEC_ERROR_IO);
return NULL;
PORT_Free(buf);
fprintf(stderr, "Failed to read PQG file %s\n", filename);
PORT_SetError(SEC_ERROR_IO);
return NULL;
}
if (buf[numBytes-1] == '\n')
numBytes--;
if (buf[numBytes-1] == '\r')
numBytes--;
if (buf[numBytes - 1] == '\n')
numBytes--;
if (buf[numBytes - 1] == '\r')
numBytes--;
buf[numBytes] = 0;
return (char *)buf;
}
static SECKEYPQGParams*
static SECKEYPQGParams *
getpqgfromfile(int keyBits, const char *pqgFile)
{
char *end, *str, *pqgString;
SECKEYPQGParams* params = NULL;
SECKEYPQGParams *params = NULL;
str = pqgString = getPQGString(pqgFile);
if (!str)
return NULL;
if (!str)
return NULL;
do {
end = PORT_Strchr(str, ',');
if (end)
*end = '\0';
params = decode_pqg_params(str);
if (params) {
int primeBits = pqg_prime_bits(params);
if (keyBits == primeBits)
break;
CERTUTIL_DestroyParamsPQG(params);
params = NULL;
}
if (end)
str = end + 1;
end = PORT_Strchr(str, ',');
if (end)
*end = '\0';
params = decode_pqg_params(str);
if (params) {
int primeBits = pqg_prime_bits(params);
if (keyBits == primeBits)
break;
CERTUTIL_DestroyParamsPQG(params);
params = NULL;
}
if (end)
str = end + 1;
} while (end);
PORT_Free(pqgString);
return params;
}
static SECStatus
static SECStatus
CERTUTIL_FileForRNG(const char *noise)
{
char buf[2048];
PRFileDesc *fd;
PRInt32 count;
fd = PR_Open(noise,PR_RDONLY,0);
fd = PR_Open(noise, PR_RDONLY, 0);
if (!fd) {
fprintf(stderr, "failed to open noise file.");
return SECFailure;
fprintf(stderr, "failed to open noise file.");
return SECFailure;
}
do {
count = PR_Read(fd,buf,sizeof(buf));
if (count > 0) {
PK11_RandomUpdate(buf,count);
}
count = PR_Read(fd, buf, sizeof(buf));
if (count > 0) {
PK11_RandomUpdate(buf, count);
}
} while (count > 0);
PR_Close(fd);
@@ -362,92 +393,90 @@ typedef struct curveNameTagPairStr {
SECOidTag curveOidTag;
} CurveNameTagPair;
#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
static CurveNameTagPair nameTagPair[] =
{
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1},
{ "nistk163", SEC_OID_SECG_EC_SECT163K1},
{ "sect163r1", SEC_OID_SECG_EC_SECT163R1},
{ "sect163r2", SEC_OID_SECG_EC_SECT163R2},
{ "nistb163", SEC_OID_SECG_EC_SECT163R2},
{ "sect193r1", SEC_OID_SECG_EC_SECT193R1},
{ "sect193r2", SEC_OID_SECG_EC_SECT193R2},
{ "sect233k1", SEC_OID_SECG_EC_SECT233K1},
{ "nistk233", SEC_OID_SECG_EC_SECT233K1},
{ "sect233r1", SEC_OID_SECG_EC_SECT233R1},
{ "nistb233", SEC_OID_SECG_EC_SECT233R1},
{ "sect239k1", SEC_OID_SECG_EC_SECT239K1},
{ "sect283k1", SEC_OID_SECG_EC_SECT283K1},
{ "nistk283", SEC_OID_SECG_EC_SECT283K1},
{ "sect283r1", SEC_OID_SECG_EC_SECT283R1},
{ "nistb283", SEC_OID_SECG_EC_SECT283R1},
{ "sect409k1", SEC_OID_SECG_EC_SECT409K1},
{ "nistk409", SEC_OID_SECG_EC_SECT409K1},
{ "sect409r1", SEC_OID_SECG_EC_SECT409R1},
{ "nistb409", SEC_OID_SECG_EC_SECT409R1},
{ "sect571k1", SEC_OID_SECG_EC_SECT571K1},
{ "nistk571", SEC_OID_SECG_EC_SECT571K1},
{ "sect571r1", SEC_OID_SECG_EC_SECT571R1},
{ "nistb571", SEC_OID_SECG_EC_SECT571R1},
{ "secp160k1", SEC_OID_SECG_EC_SECP160K1},
{ "secp160r1", SEC_OID_SECG_EC_SECP160R1},
{ "secp160r2", SEC_OID_SECG_EC_SECP160R2},
{ "secp192k1", SEC_OID_SECG_EC_SECP192K1},
{ "secp192r1", SEC_OID_SECG_EC_SECP192R1},
{ "nistp192", SEC_OID_SECG_EC_SECP192R1},
{ "secp224k1", SEC_OID_SECG_EC_SECP224K1},
{ "secp224r1", SEC_OID_SECG_EC_SECP224R1},
{ "nistp224", SEC_OID_SECG_EC_SECP224R1},
{ "secp256k1", SEC_OID_SECG_EC_SECP256K1},
{ "secp256r1", SEC_OID_SECG_EC_SECP256R1},
{ "nistp256", SEC_OID_SECG_EC_SECP256R1},
{ "secp384r1", SEC_OID_SECG_EC_SECP384R1},
{ "nistp384", SEC_OID_SECG_EC_SECP384R1},
{ "secp521r1", SEC_OID_SECG_EC_SECP521R1},
{ "nistp521", SEC_OID_SECG_EC_SECP521R1},
{
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
{ "nistk163", SEC_OID_SECG_EC_SECT163K1 },
{ "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
{ "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
{ "nistb163", SEC_OID_SECG_EC_SECT163R2 },
{ "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
{ "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
{ "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
{ "nistk233", SEC_OID_SECG_EC_SECT233K1 },
{ "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
{ "nistb233", SEC_OID_SECG_EC_SECT233R1 },
{ "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
{ "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
{ "nistk283", SEC_OID_SECG_EC_SECT283K1 },
{ "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
{ "nistb283", SEC_OID_SECG_EC_SECT283R1 },
{ "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
{ "nistk409", SEC_OID_SECG_EC_SECT409K1 },
{ "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
{ "nistb409", SEC_OID_SECG_EC_SECT409R1 },
{ "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
{ "nistk571", SEC_OID_SECG_EC_SECT571K1 },
{ "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
{ "nistb571", SEC_OID_SECG_EC_SECT571R1 },
{ "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
{ "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
{ "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
{ "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
{ "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
{ "nistp192", SEC_OID_SECG_EC_SECP192R1 },
{ "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
{ "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
{ "nistp224", SEC_OID_SECG_EC_SECP224R1 },
{ "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
{ "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
{ "nistp256", SEC_OID_SECG_EC_SECP256R1 },
{ "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
{ "nistp384", SEC_OID_SECG_EC_SECP384R1 },
{ "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
{ "nistp521", SEC_OID_SECG_EC_SECP521R1 },
{ "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
{ "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
{ "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
{ "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
{ "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
{ "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
{ "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
{ "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
{ "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
{ "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
{ "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
{ "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
{ "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
{ "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
{ "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
{ "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
{ "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
{ "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
{ "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
{ "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
{ "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
{ "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
{ "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
{ "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
{ "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
{ "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
{ "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
{ "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
{ "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
{ "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
{ "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
{ "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
{ "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
{ "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
{ "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
{ "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
{ "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
{ "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
{ "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
{ "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
{ "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
{ "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
{ "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
{ "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
{ "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
{ "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
{ "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
{ "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
{ "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
{ "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
{ "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
{ "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
{ "secp112r1", SEC_OID_SECG_EC_SECP112R1},
{ "secp112r2", SEC_OID_SECG_EC_SECP112R2},
{ "secp128r1", SEC_OID_SECG_EC_SECP128R1},
{ "secp128r2", SEC_OID_SECG_EC_SECP128R2},
{ "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
{ "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
{ "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
{ "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
{ "sect113r1", SEC_OID_SECG_EC_SECT113R1},
{ "sect113r2", SEC_OID_SECG_EC_SECT113R2},
{ "sect131r1", SEC_OID_SECG_EC_SECT131R1},
{ "sect131r2", SEC_OID_SECG_EC_SECT131R2},
};
{ "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
{ "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
{ "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
{ "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
{ "curve25519", SEC_OID_CURVE25519 },
};
static SECKEYECParams *
static SECKEYECParams *
getECParams(const char *curve)
{
SECKEYECParams *ecparams;
@@ -456,19 +485,19 @@ getECParams(const char *curve)
int i, numCurves;
if (curve != NULL) {
numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
i++) {
if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
curveOidTag = nameTagPair[i].curveOidTag;
}
numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
i++) {
if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
curveOidTag = nameTagPair[i].curveOidTag;
}
}
/* Return NULL if curve name is not recognized */
if ((curveOidTag == SEC_OID_UNKNOWN) ||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
if ((curveOidTag == SEC_OID_UNKNOWN) ||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
return NULL;
return NULL;
}
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
@@ -488,86 +517,92 @@ getECParams(const char *curve)
SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
int publicExponent, const char *noise,
SECKEYPublicKey **pubkeyp, const char *pqgFile,
PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn,
CK_FLAGS opFlagsOff, secuPWData *pwdata)
int publicExponent, const char *noise,
SECKEYPublicKey **pubkeyp, const char *pqgFile,
PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn,
CK_FLAGS opFlagsOff, secuPWData *pwdata)
{
CK_MECHANISM_TYPE mechanism;
PK11RSAGenParams rsaparams;
SECKEYPQGParams * dsaparams = NULL;
void * params;
SECKEYPrivateKey * privKey = NULL;
CK_MECHANISM_TYPE mechanism;
PK11RSAGenParams rsaparams;
SECKEYPQGParams *dsaparams = NULL;
void *params;
SECKEYPrivateKey *privKey = NULL;
if (slot == NULL)
return NULL;
return NULL;
if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess)
return NULL;
return NULL;
/*
* Do some random-number initialization.
*/
if (noise) {
SECStatus rv = CERTUTIL_FileForRNG(noise);
if (rv != SECSuccess) {
PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */
return NULL;
}
SECStatus rv = CERTUTIL_FileForRNG(noise);
if (rv != SECSuccess) {
PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */
return NULL;
}
} else {
int rv = UpdateRNG();
if (rv) {
PORT_SetError(PR_END_OF_FILE_ERROR);
return NULL;
}
int rv = UpdateRNG();
if (rv) {
PORT_SetError(PR_END_OF_FILE_ERROR);
return NULL;
}
}
switch (keytype) {
case rsaKey:
rsaparams.keySizeInBits = size;
rsaparams.pe = publicExponent;
mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
params = &rsaparams;
break;
case dsaKey:
mechanism = CKM_DSA_KEY_PAIR_GEN;
if (pqgFile) {
dsaparams = getpqgfromfile(size, pqgFile);
if (dsaparams == NULL)
return NULL;
params = dsaparams;
} else {
/* cast away const, and don't set dsaparams */
params = (void *)&default_pqg_params;
}
break;
case rsaKey:
rsaparams.keySizeInBits = size;
rsaparams.pe = publicExponent;
mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
params = &rsaparams;
break;
case dsaKey:
mechanism = CKM_DSA_KEY_PAIR_GEN;
if (pqgFile) {
dsaparams = getpqgfromfile(size, pqgFile);
if (dsaparams == NULL)
return NULL;
params = dsaparams;
} else {
/* cast away const, and don't set dsaparams */
params = (void *)&default_pqg_params;
}
break;
#ifndef NSS_DISABLE_ECC
case ecKey:
mechanism = CKM_EC_KEY_PAIR_GEN;
/* For EC keys, PQGFile determines EC parameters */
if ((params = (void *) getECParams(pqgFile)) == NULL)
return NULL;
break;
case ecKey:
mechanism = CKM_EC_KEY_PAIR_GEN;
/* For EC keys, PQGFile determines EC parameters */
if ((params = (void *)getECParams(pqgFile)) == NULL)
return NULL;
break;
#endif /* NSS_DISABLE_ECC */
default:
return NULL;
default:
return NULL;
}
fprintf(stderr, "\n\n");
fprintf(stderr, "Generating key. This may take a few moments...\n\n");
privKey = PK11_GenerateKeyPairWithOpFlags(slot, mechanism, params, pubkeyp,
attrFlags, opFlagsOn, opFlagsOn|opFlagsOff,
pwdata /*wincx*/);
attrFlags, opFlagsOn, opFlagsOn |
opFlagsOff,
pwdata /*wincx*/);
/* free up the params */
switch (keytype) {
case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams);
break;
case dsaKey:
if (dsaparams)
CERTUTIL_DestroyParamsPQG(dsaparams);
break;
#ifndef NSS_DISABLE_ECC
case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break;
case ecKey:
SECITEM_FreeItem((SECItem *)params, PR_TRUE);
break;
#endif
default: /* nothing to free */ break;
default: /* nothing to free */
break;
}
return privKey;
}
security/nss/cmd/checkcert/checkcert.c
-578
View File
@@ -1,578 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "secutil.h"
#include "plgetopt.h"
#include "cert.h"
#include "secoid.h"
#include "cryptohi.h"
/* maximum supported modulus length in bits (indicate problem if over this) */
#define MAX_MODULUS (1024)
static void Usage(char *progName)
{
fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n",
progName);
fprintf(stderr, "%-20s Cert to check is base64 encoded\n",
"-a");
fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n",
"-A");
fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n",
"-v");
fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n",
"-f");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
fprintf(stderr, "%-20s Specify the input type (no default)\n",
"-t type");
exit(-1);
}
/*
* Check integer field named fieldName, printing out results and
* returning the length of the integer in bits
*/
static
int checkInteger(SECItem *intItem, char *fieldName, int verbose)
{
int len, bitlen;
if (verbose) {
printf("Checking %s\n", fieldName);
}
len = intItem->len;
if (len && (intItem->data[0] & 0x80)) {
printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n",
fieldName);
}
/* calculate bit length and check for unnecessary leading zeros */
bitlen = len << 3;
if (len > 1 && intItem->data[0] == 0) {
/* leading zero byte(s) */
if (!(intItem->data[1] & 0x80)) {
printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n",
fieldName);
}
/* strip leading zeros in length calculation */
{
int i=0;
while (bitlen > 8 && intItem->data[i] == 0) {
bitlen -= 8;
i++;
}
}
}
return bitlen;
}
static
void checkName(CERTName *n, char *fieldName, int verbose)
{
char *v=0;
if (verbose) {
printf("Checking %s\n", fieldName);
}
v = CERT_GetCountryName(n);
if (!v) {
printf("PROBLEM: %s lacks Country Name (C)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgName(n);
if (!v) {
printf("PROBLEM: %s lacks Organization Name (O)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgUnitName(n);
if (!v) {
printf("WARNING: %s lacks Organization Unit Name (OU)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetCommonName(n);
if (!v) {
printf("PROBLEM: %s lacks Common Name (CN)\n",
fieldName);
}
PORT_Free(v);
}
static
SECStatus
OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
SECItem *sig, SECAlgorithmID *sigAlgorithm)
{
SECStatus rv;
VFYContext *cx;
SECOidData *sigAlgOid, *oiddata;
SECOidTag sigAlgTag;
SECOidTag hashAlgTag;
int showDigestOid=0;
cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag,
NULL);
if (cx == NULL)
return SECFailure;
sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
if (sigAlgOid == 0)
return SECFailure;
sigAlgTag = sigAlgOid->offset;
if (showDigestOid) {
oiddata = SECOID_FindOIDByTag(hashAlgTag);
if ( oiddata ) {
printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
} else {
SECU_PrintAsHex(stdout,
&oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
}
}
rv = VFY_Begin(cx);
if (rv == SECSuccess) {
rv = VFY_Update(cx, buf, len);
if (rv == SECSuccess)
rv = VFY_End(cx);
}
VFY_DestroyContext(cx, PR_TRUE);
return rv;
}
static
SECStatus
OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert)
{
SECItem sig;
SECKEYPublicKey *pubKey = 0;
SECStatus rv;
/* check the certificate's validity */
rv = CERT_CertTimesValid(cert);
if ( rv ) {
return(SECFailure);
}
/* get cert's public key */
pubKey = CERT_ExtractPublicKey(cert);
if ( !pubKey ) {
return(SECFailure);
}
/* check the signature */
sig = sd->signature;
DER_ConvertBitString(&sig);
rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig,
&sd->signatureAlgorithm);
SECKEY_DestroyPublicKey(pubKey);
if ( rv ) {
return(SECFailure);
}
return(SECSuccess);
}
static
CERTCertificate *createEmptyCertificate(void)
{
PLArenaPool *arena = 0;
CERTCertificate *c = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
return 0;
}
c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
if (c) {
c->referenceCount = 1;
c->arena = arena;
} else {
PORT_FreeArena(arena,PR_TRUE);
}
return c;
}
int main(int argc, char **argv)
{
int verbose=0, force=0;
int ascii=0, issuerAscii=0;
char *progName=0;
PRFileDesc *inFile=0, *issuerCertFile=0;
SECItem derCert, derIssuerCert;
PLArenaPool *arena=0;
CERTSignedData *signedData=0;
CERTCertificate *cert=0, *issuerCert=0;
SECKEYPublicKey *rsapubkey=0;
SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
SECItem spk;
int selfSigned=0;
int invalid=0;
char *inFileName = NULL, *issuerCertFileName = NULL;
PLOptState *optstate;
PLOptStatus status;
SECStatus rv;
PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption));
PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption));
PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption));
PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption));
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "aAvf");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'v':
verbose = 1;
break;
case 'f':
force = 1;
break;
case 'a':
ascii = 1;
break;
case 'A':
issuerAscii = 1;
break;
case '\0':
if (!inFileName)
inFileName = PL_strdup(optstate->value);
else if (!issuerCertFileName)
issuerCertFileName = PL_strdup(optstate->value);
else
Usage(progName);
break;
}
}
if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) {
/* insufficient or excess args */
Usage(progName);
}
inFile = PR_Open(inFileName, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, inFileName);
exit(1);
}
issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0);
if (!issuerCertFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, issuerCertFileName);
exit(1);
}
if (SECU_ReadDERFromFile(&derCert, inFile, ascii, PR_FALSE) != SECSuccess) {
printf("Couldn't read input certificate as DER binary or base64\n");
exit(1);
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == 0) {
fprintf(stderr,"%s: can't allocate scratch arena!", progName);
exit(1);
}
if (issuerCertFile) {
CERTSignedData *issuerCertSD=0;
if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii,
PR_FALSE) != SECSuccess) {
printf("Couldn't read issuer certificate as DER binary or base64.\n");
exit(1);
}
issuerCertSD = PORT_ArenaZNew(arena, CERTSignedData);
if (!issuerCertSD) {
fprintf(stderr,"%s: can't allocate issuer signed data!", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, issuerCertSD,
SEC_ASN1_GET(CERT_SignedDataTemplate),
&derIssuerCert);
if (rv) {
fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n",
progName);
exit(1);
}
issuerCert = createEmptyCertificate();
if (!issuerCert) {
printf("%s: can't allocate space for issuer cert.", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, issuerCert,
SEC_ASN1_GET(CERT_CertificateTemplate),
&issuerCertSD->data);
if (rv) {
printf("%s: Does not appear to be an X509 Certificate.\n",
progName);
exit(1);
}
}
signedData = PORT_ArenaZNew(arena,CERTSignedData);
if (!signedData) {
fprintf(stderr,"%s: can't allocate signedData!", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, signedData,
SEC_ASN1_GET(CERT_SignedDataTemplate),
&derCert);
if (rv) {
fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n",
progName);
exit(1);
}
if (verbose) {
printf("Decoded ok as X509 SIGNED data.\n");
}
cert = createEmptyCertificate();
if (!cert) {
fprintf(stderr, "%s: can't allocate cert", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, cert,
SEC_ASN1_GET(CERT_CertificateTemplate),
&signedData->data);
if (rv) {
fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n",
progName);
exit(1);
}
if (verbose) {
printf("Decoded ok as an X509 certificate.\n");
}
SECU_RegisterDynamicOids();
rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0,
SECU_PrintCertificate);
if (rv) {
fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n",
progName, PORT_GetError());
if (!force) {
exit(1);
}
}
/* Do various checks on the cert */
printf("\n");
/* Check algorithms */
rv = SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption,
SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
rv = SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption,
SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
rv = SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption,
SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
rv = SECOID_SetAlgorithmID(arena, &rsaEncryption,
SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
{
int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&md5WithRSAEncryption) == 0);
int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&md2WithRSAEncryption) == 0);
int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&sha1WithRSAEncryption) == 0);
if (verbose) {
printf("\nDoing algorithm checks.\n");
}
if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) {
printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n");
} else if (!isMD5RSA) {
printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n");
}
if (SECOID_CompareAlgorithmID(&cert->signature,
&signedData->signatureAlgorithm)) {
printf("PROBLEM: Algorithm in sig and certInfo don't match.\n");
}
}
if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm,
&rsaEncryption)) {
printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n");
}
/* Check further public key properties */
spk = cert->subjectPublicKeyInfo.subjectPublicKey;
DER_ConvertBitString(&spk);
if (verbose) {
printf("\nsubjectPublicKey DER\n");
rv = DER_PrettyPrint(stdout, &spk, PR_FALSE);
printf("\n");
}
rsapubkey = (SECKEYPublicKey *)
PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey));
if (!rsapubkey) {
fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, rsapubkey,
SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk);
if (rv) {
printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n");
} else {
int mlen;
int pubexp;
if (verbose) {
printf("Decoded RSA Public Key ok. Doing key checks.\n");
}
PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */
mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose);
printf("INFO: Public Key modulus length in bits: %d\n", mlen);
if (mlen > MAX_MODULUS) {
printf("PROBLEM: Modulus length exceeds %d bits.\n",
MAX_MODULUS);
}
if (mlen < 512) {
printf("WARNING: Short modulus.\n");
}
if (mlen != (1 << (ffs(mlen)-1))) {
printf("WARNING: Unusual modulus length (not a power of two).\n");
}
checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent",
verbose);
pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent);
if (pubexp != 17 && pubexp != 3 && pubexp != 65537) {
printf("WARNING: Public exponent not any of: 3, 17, 65537\n");
}
}
/* Name checks */
checkName(&cert->issuer, "Issuer Name", verbose);
checkName(&cert->subject, "Subject Name", verbose);
if (issuerCert) {
SECComparison c =
CERT_CompareName(&cert->issuer, &issuerCert->subject);
if (c) {
printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n");
}
}
/* Check if self-signed */
selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0);
if (selfSigned) {
printf("INFO: Certificate is self signed.\n");
} else {
printf("INFO: Certificate is NOT self-signed.\n");
}
/* Validity time check */
if (CERT_CertTimesValid(cert) == SECSuccess) {
printf("INFO: Inside validity period of certificate.\n");
} else {
printf("PROBLEM: Not in validity period of certificate.\n");
invalid = 1;
}
/* Signature check if self-signed */
if (selfSigned && !invalid) {
if (rsapubkey->u.rsa.modulus.len) {
SECStatus ver;
if (verbose) {
printf("Checking self signature.\n");
}
ver = OurVerifySignedData(signedData, cert);
if (ver != SECSuccess) {
printf("PROBLEM: Verification of self-signature failed!\n");
} else {
printf("INFO: Self-signature verifies ok.\n");
}
} else {
printf("INFO: Not checking signature due to key problems.\n");
}
} else if (!selfSigned && !invalid && issuerCert) {
SECStatus ver;
ver = OurVerifySignedData(signedData, issuerCert);
if (ver != SECSuccess) {
printf("PROBLEM: Verification of issuer's signature failed!\n");
} else {
printf("INFO: Issuer's signature verifies ok.\n");
}
} else {
printf("INFO: Not checking signature.\n");
}
return 0;
}
security/nss/cmd/checkcert/manifest.mn
-19
View File
@@ -1,19 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = nss
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = checkcert.c
PROGRAM = checkcert
security/nss/cmd/chktest/chktest.c
+8 -6
View File
@@ -8,7 +8,8 @@
#include "blapi.h"
#include "secutil.h"
static int Usage()
static int
Usage()
{
fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
fprintf(stderr, " Will test for valid chk file.\n");
@@ -16,14 +17,15 @@ static int Usage()
exit(1);
}
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
SECStatus rv = SECFailure;
PRBool good_result = PR_FALSE;
if (argc != 2)
return Usage();
return Usage();
rv = RNG_RNGInit();
if (rv != SECSuccess) {
SECU_PrintPRandOSError("");
@@ -37,7 +39,7 @@ int main(int argc, char **argv)
RNG_SystemInfoForRNG();
good_result = BLAPI_SHVerifyFile(argv[1]);
printf("%s\n",
(good_result ? "SUCCESS" : "FAILURE"));
printf("%s\n",
(good_result ? "SUCCESS" : "FAILURE"));
return (good_result) ? SECSuccess : SECFailure;
}
security/nss/cmd/chktest/chktest.gyp
+32
View File
@@ -0,0 +1,32 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'chktest',
'type': 'executable',
'sources': [
'chktest.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
]
}
],
'target_defaults': {
'defines': [
'NSS_USE_STATIC_LIBS'
]
},
'variables': {
'module': 'nss',
'use_static_libs': 1
}
}
security/nss/cmd/crlutil/crlgen.c
+391 -406
View File
File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More