mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-07 01:44:42 +00:00
Bug 1748820 - land NSS 44e6341be5e8 UPGRADE_NSS_RELEASE, r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D135690
This commit is contained in:
parent
9b397f2ea0
commit
84a342941b
@ -9,7 +9,7 @@ system_lib_option("--with-system-nss", help="Use system NSS")
|
||||
imply_option("--with-system-nspr", True, when="--with-system-nss")
|
||||
|
||||
nss_pkg = pkg_check_modules(
|
||||
"NSS", "nss >= 3.74", when="--with-system-nss", config=False
|
||||
"NSS", "nss >= 3.75", when="--with-system-nss", config=False
|
||||
)
|
||||
|
||||
set_config("MOZ_SYSTEM_NSS", True, when="--with-system-nss")
|
||||
|
@ -1 +1 @@
|
||||
NSS_3_74_RTM
|
||||
44e6341be5e8
|
@ -1 +1 @@
|
||||
NSS_3_73_BRANCH
|
||||
NSS_3_74_BRANCH
|
||||
|
@ -68,10 +68,6 @@ sslkeylogfile=1
|
||||
gyp_params=(--depth="$cwd" --generator-output=".")
|
||||
ninja_params=()
|
||||
|
||||
# Assume that the target architecture is the same as the host by default.
|
||||
host_arch=$(python "$cwd/coreconf/detect_host_arch.py")
|
||||
target_arch=$host_arch
|
||||
|
||||
# Assume that MSVC is wanted if this is running on windows.
|
||||
platform=$(uname -s)
|
||||
if [ "${platform%-*}" = "MINGW32_NT" -o "${platform%-*}" = "MINGW64_NT" ]; then
|
||||
@ -132,12 +128,24 @@ while [ $# -gt 0 ]; do
|
||||
--disable-keylog) sslkeylogfile=0 ;;
|
||||
--enable-legacy-db) gyp_params+=(-Ddisable_dbm=0) ;;
|
||||
--mozilla-central) gyp_params+=(-Dmozilla_central=1) ;;
|
||||
--python) python="$2"; shift ;;
|
||||
--python=*) python="${1#*=}" ;;
|
||||
-D*) gyp_params+=("$1") ;;
|
||||
*) show_help; exit 2 ;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [ -n "$python" ]; then
|
||||
gyp_params+=(-Dpython="$python")
|
||||
fi
|
||||
|
||||
if [ -z "$target_arch" ]; then
|
||||
# Assume that the target architecture is the same as the host by default.
|
||||
host_arch=$(${python:-python} "$cwd/coreconf/detect_host_arch.py")
|
||||
target_arch=$host_arch
|
||||
fi
|
||||
|
||||
# Set the target architecture and build type.
|
||||
gyp_params+=(-Dtarget_arch="$target_arch")
|
||||
if [ "$opt_build" = 1 ]; then
|
||||
|
@ -552,7 +552,9 @@ main(int argc, char **argv)
|
||||
|
||||
nickname = strdup(addbuiltin.options[opt_Nickname].arg);
|
||||
|
||||
NSS_NoDB_Init(NULL);
|
||||
if (NSS_NoDB_Init(NULL) != SECSuccess) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (addbuiltin.options[opt_Distrust].activated ||
|
||||
addbuiltin.options[opt_DistrustCRL].activated) {
|
||||
|
@ -1,4 +1,5 @@
|
||||
0 nistp256
|
||||
1 nistp384
|
||||
# the following tests are not yet implemented
|
||||
2 nistp521
|
||||
The files in this directory contain test-vectors for ECDSA using NIST P-256 Curve (the test-vectors from 0 to 6 included), using NIST P-384 Curve (the test-vectors from 7 to 13 included) and using NIST P-521 Curve (the test-vectors from 14 to 20 included).
|
||||
|
||||
The key files used for the signature contain a curve, a private key and a public key. Each key is represented as follows: Base64(len (curveID), curveID, len(privateKey), privateKey, len(publicKey), publicKey). The length is 4 bytes long. The curveID is a DER encoded OID (as stated in http://www.secg.org/sec2-v2.pdf). A public key (a point) is encoded as 0x4 || x coordinate || y coordinate, where (x, y) computed using the base point. The private key is generated randomly. To generate the test-vectors we were using Sage Math system.
|
||||
|
||||
The random nonces (sigseed) and the plaintexts (already as hashes) are generated randomly and encoded using Base64 encoding. The resulted ciphertexts are presented in the ciphertext files and encoded using Base64 encoding.
|
@ -1 +1 @@
|
||||
GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg==
|
||||
g0O4OK4uKlJAlR1MDRLTBjyfxFI3PLKLYk+pJyu7gDJTgMptbhg+vZS0lgEBR7jHFDG89TymXn2bZ+NWDE6h5Q==
|
@ -1 +1 @@
|
||||
PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ==
|
||||
yaMRWtXb5AUhgva2zYOq3aczhYOP5pEldcaXtbnIbARVv3o2RjdhnVl2Nq6BaL36nPdO6KZrjHm0oQoUvD2bTA==
|
@ -1,2 +1,2 @@
|
||||
AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1
|
||||
nWpHF7VcyCVzJeV6
|
||||
AIlc19+p3H+s2rJ98KkTaA351Vz2pAVuMCFB1jRshJVrw4QbHS+UQ9VuSGjZLe6dTf5vBAjlfeYQ
|
||||
NGnU7yhOxU2nl3tI+9qe/MrAL76d3e0+G/jBHk8hp006TbdiBrNK
|
@ -1,2 +1 @@
|
||||
AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG
|
||||
JOsY/MHnGhDeAGRl
|
||||
L8GGYb8eZCyjr/YAgmB7jWonjqXZ773+Iizm80wRe9PQzQKjaP3c9PiBjAJ5W8VBH8X0twayfznc/v4jozzE2PC3adIkOiIhn4TGWd0zcD/TpxeVreCEOLtCnO7ZTwGh
|
@ -1,2 +1 @@
|
||||
aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+
|
||||
DpDaGnOLkfAyZ8GcuaCujg==
|
||||
lbxmnrmyoI+SotJ0F3cTBm+XigEB12hCBhXWdLotb1juvr80ksg2komHRqzKuuyrgQbmQwTnpQfmn/Y2iNx3CsL4++UWRH77/MaleccxGjHTJ0fNoQsBTT3Pa7s+1FDg
|
@ -1,2 +1 @@
|
||||
AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz
|
||||
jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG
|
||||
wRJKnt6DnqSYtMHr0HX/4v3qT2FTdLA/aY40y0Grz8Jc5aPD062+mUSSI3d43BKy3aGvJBJPXo5FfBAGZrrcPTZ4hb783D8MnRRzGnYqlP18d+HxGbhI/X3FgQvDpvoA
|
@ -1,2 +1,3 @@
|
||||
AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC
|
||||
PSDJasPT90T5Va8sNtjXtSpHWxc2roV9
|
||||
AcKWiddIfeC5MGnUw8HxiW6h55HY+QgSgE2aPGdgv06hz3fF7+ibSHHWOOOKDAb+DOkDS/06fUSj
|
||||
Bz4JPrI+1S7GAfsjSDNA7FCdMMDlz6SzJ/AXtDqEnqPvuKjxkZTIWFoGcl3ckEqaXuHZQY6/ZUEC
|
||||
tU6BBedWeaZcj0VDiFDhT7VM
|
@ -1,2 +1,3 @@
|
||||
NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp
|
||||
dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX
|
||||
ALrhfS4bAPvF9GooBRAmS5BPItf9JJxuB9kXAnqFyoTfeo9Qj2X1BsZ1lRQ9/tNm791Pg434w6XT
|
||||
jVifx3sWdo79AZ/sgRq97VGVjVLvSNPkEuDWUP0UcjHQP7sOPZS3i04pactfM2D/xI9KKTH7nF0/
|
||||
oNQGqp3kSV5pdo9tBD5kNLxP
|
@ -1,3 +1,3 @@
|
||||
ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH
|
||||
dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I
|
||||
nBLCHIppt/Q=
|
||||
AUpC4BhuE7JTjlHZVrtjHZgzyudEOC5/I73cN3IJREJoUi4GaD34Lbc2Uaj2I40J/imqTukMAF92
|
||||
AIhzAoPKbY7LATmfsfCzC9QJJ110ch19FxipEUEmgYi2khejzsDgSjhDP9DjUHyvnX5GCC/jGzbZ
|
||||
+38Vef+1pH73V1Dk7VGPfly/
|
@ -1,3 +1,3 @@
|
||||
AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj
|
||||
qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds
|
||||
Dme40b2G6fE=
|
||||
AVu1YHSDn9uZIQcRKy79vaUtrfJb6dG6gX001BmwMnInkt3QpylrzyPScpWlMHHeNG7WhSJudTp+
|
||||
9EbcmQOvG6eUAb1cnamAm0q3oX4PlJMM50lUsX1bjSG7CEYwb0x1H9xr9fN+TgFMUgvZZXC7pY5r
|
||||
bhHlEUYQcMmRKG9ZHFc6LbEj
|
@ -1,3 +1,3 @@
|
||||
AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE
|
||||
RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA
|
||||
3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8
|
||||
AHC8RciYJUDbd9w/47KfKD/9pKS98cXqep7XnKi9NDRuKi1wzgnVDMiUACkRA4IRy2I1/9cNKA8o
|
||||
j17hRNbWAEO9AF2fg5BhJSNLiOAkhBCt2GvLOsBRvPX58xn4u6gWyY8oV5bFBrMQvHS2avNujgHs
|
||||
MI+/lDXXb7w6GOFiScWeX6NC
|
@ -1,3 +1,3 @@
|
||||
AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf
|
||||
i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O
|
||||
uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7
|
||||
AXNA1v4coiWNri0FEpHBpyDBt3IWjsaSa222ySUgcf6bz1SUIfB0DBGPZI7CZpRHl+B8oRHaD6gB
|
||||
+IN6+4UI+nf+ACSsoM4ivi6HO3OcwG1uK1I93qhujMOkHSWZ27njMq6K20VbAW1WIAOwIwhEyqUc
|
||||
br/V+GZCCQgoKdmRh4Q2daOi
|
@ -1 +1 @@
|
||||
Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg==
|
||||
tnDjU02HxiZc64bV5bXn0SY9qRc302CSEXbSojvsVWL9MDLf7n+HYoCL3KzDzc9c3Am23YkNe+UmGmyiQ2cDsQ==
|
@ -1,3 +1,3 @@
|
||||
ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot
|
||||
70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k
|
||||
n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N
|
||||
APkk3zqRJEzbXeIJ1d7RgzkRJzgTUZwwpTDSVvSGgkMLs/vKSBnWHQk4sVGbU5lTNbgltF6sBC+1
|
||||
J2XgsiQ/xqLbAG/Bu4mbGTmWs1kaNDiDFg/BUr+au2QQSx8HbBTHZcXLmsLxNzItCS8oAlRA2Rjv
|
||||
Nq9oZNaz3rebPdt9xHXFh6bw
|
@ -1 +1 @@
|
||||
AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU
|
||||
4KKGd2/fEIClyuhRwrehW6BKH0/+OQgsirRfzIcrOZvFzAfKi5khbVYxHK37tL9P5PomDbXN4Dp0AeruvBLAiA==
|
@ -1 +1 @@
|
||||
AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp
|
||||
pnjNl+SQmTBayW5VQ+CkmKP0xnB7UTBY4RsZtkSbCeTHWSbv3i6bZPR105a0uMLG5nS/gQjyl4eH/zE+MgETpA==
|
@ -1 +1 @@
|
||||
AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz
|
||||
U9uDPGgYelgtc3AfIMnUtUUbAy0r+Gfu4Ig2RnrtlEZyEBE4VFKqwT55ScQqD5FUwjCqhjtnrKohq+FbrRejjA==
|
@ -1 +1 @@
|
||||
5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA
|
||||
7ED/IZr06H2cFwgTZ3iOtg59SCsSIa4+t1DW9cwd2u1oMgkkFvPHMgQboH8aULC6lRE8aGMJZTZ6WnTYJR3hBw==
|
@ -1 +1 @@
|
||||
WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx
|
||||
b37O7Ui12JgVhBxhPsr6SVBu9WAfYgNj0VE5j8sIq7S2KH2UkLMsV87cAn0LAj58clN0lmBJXJViLyU9zptz5A/IodDm/mAY92yVr2V/SdOGdrubjqQ74giLceDaWK5G
|
@ -1,2 +1 @@
|
||||
ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ
|
||||
LPDBU0i2uOg=
|
||||
5wrpYRET0Om1gAeZOQrqeDkWLC11pKLF2ECxWwaUD4lqDbJYKF6mfYPXz8hrrbFvfq1TQywm+Wvb9fkAofHg99tdlv5HOE0vrhIdZHyXACtJ9hAjlYYZhmp0wSjP02ZH
|
@ -1,2 +1 @@
|
||||
QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1
|
||||
TIRGjkV2L+A=
|
||||
Ehmee5KL3MVy+ulw/4sw22HbIqY2pPp3V29Q7MTTSmA9xxhyLe4tuzWvio3rRFFaSiTDJUs9FJ/qN5uRrU59VtyU27jv+jXmRZGF14eW/+bI7pJ46u2I4oC/PKWrJUlg
|
@ -1,4 +1 @@
|
||||
AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
|
||||
r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
|
||||
q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
|
||||
yALMCiXJqRVXwbq42WMuaELMW+g=
|
||||
AAAACgYIKoZIzj0DAQcAAABBBP8XY2jN9iSwGmgjiKiEJ13traQZAfQjp9gm/s1ued3vKcAUoCya7wVzoOtE+1e318eseAmUCFTmSue3oRQ4iNAAAAAgUoPXpYUpyVq3AM/eQ8krtoa+IvndvJSu2d0Wfmw4G3k=
|
3
security/nss/cmd/bltest/tests/ecdsa/key10
Normal file
3
security/nss/cmd/bltest/tests/ecdsa/key10
Normal file
@ -0,0 +1,3 @@
|
||||
AAAABwYFK4EEACIAAABhBGNmUY5lDAhCxgugJReD7Q9NWibKxv4mPCeXk90hyZKquY0U1Z6WUOEY
|
||||
PbpMei6MDGdjOUnMAfTLKa10WajMqIFgR7rInBQqZqOtpKqtFUb3ilJbiOZUnUpn4zuWoDUCFQAA
|
||||
ADD/dS8s2Bui8eTEmURjxj0bzlPVfhbPErX/BETy11xb63U48OK2obH+N5b1mJlck3w=
|
3
security/nss/cmd/bltest/tests/ecdsa/key11
Normal file
3
security/nss/cmd/bltest/tests/ecdsa/key11
Normal file
@ -0,0 +1,3 @@
|
||||
AAAABwYFK4EEACIAAABhBI+fZwvjDD9sX9mh9nLTOiy6npcJ2nzGGeDLkcSlFhsnwigQLvyMNBvP
|
||||
d7afj9P09hHRozYAf2Z0UWhCHAiFccw9GChq2eTgCvTl6jxNKsdPIHqa1+eoukMB2mLchEKk8gAA
|
||||
ADAVhVW7PB4G4UBgfYgSDrbKZ4MJaED8XCvlKjjvPHaiYlr7+le4A54annNInynW3DY=
|
3
security/nss/cmd/bltest/tests/ecdsa/key12
Normal file
3
security/nss/cmd/bltest/tests/ecdsa/key12
Normal file
@ -0,0 +1,3 @@
|
||||
AAAABwYFK4EEACIAAABhBPF9n9O34oRxht9krXuHEQFusdW2Q7XrgWTMX4w4YXasi3OXSzOHywxa
|
||||
JQ8jIXu7AcUVQTLfhSwQvswwvzvJUD1vPiJH/AZFPhQOrg8fYzsuSVs0NLQ/PW0nDqdcz9BVxAAA
|
||||
ADBfPgxyWf18Zn/ftiQfrpU/+Td0WD3QhAVYbNmRGGzP73YSLgmD8rafs1fW6NjZEOg=
|
3
security/nss/cmd/bltest/tests/ecdsa/key13
Normal file
3
security/nss/cmd/bltest/tests/ecdsa/key13
Normal file
@ -0,0 +1,3 @@
|
||||
AAAABwYFK4EEACIAAABhBN9riLgrpq184TDaWpgqnU4pYyqyTXreZQ69O2sU4GENCGN9tmsgyGi3
|
||||
lt0r4wRwchlU4cxJeO5f6XrX0dqF46s57Pw6+tFf2OCU1X0jCPn7NrYz8X9Gjw9ZrKnqESLNyQAA
|
||||
ADBIzoBK0nAaFkL9z0H/6dmakHfrRZtrZE556sN0bHbN6uo+YGv8JK4xYJ+okqorCV4=
|
5
security/nss/cmd/bltest/tests/ecdsa/key14
Normal file
5
security/nss/cmd/bltest/tests/ecdsa/key14
Normal file
@ -0,0 +1,5 @@
|
||||
AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
|
||||
jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
|
||||
nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
|
||||
MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
|
||||
DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
|
4
security/nss/cmd/bltest/tests/ecdsa/key15
Normal file
4
security/nss/cmd/bltest/tests/ecdsa/key15
Normal file
@ -0,0 +1,4 @@
|
||||
AAAABwYFK4EEACMAAACFBAHNraBOZWsOfiIfcjggO2UgdVT/hWKgnuPNxeiBUN0y7hhWdeJDJEQw
|
||||
h8CKaKe34NwLHkI9v3srwrjjgrZhSE1C0wEqnTHutNYvzgdim0/1ez1AltxjpE2EELzUqnsrXl+V
|
||||
IbvO/SMGiUb4SPz3ddc3BDQ6uCCWkawr6CryY6fbQHSZgQAAAEIBVb3HzBg8uneljgGlyFD+6hQs
|
||||
nyNyOwYeMZTgd7pPCY43K4TGDGFtKzpDWPWjf5/TvLgxFhvzwPGLPMK5TLPtTPs=
|
4
security/nss/cmd/bltest/tests/ecdsa/key16
Normal file
4
security/nss/cmd/bltest/tests/ecdsa/key16
Normal file
@ -0,0 +1,4 @@
|
||||
AAAABwYFK4EEACMAAACFBAELM1S0u6wWCy7/Alg1B/a3VSSnO42mKq/7Eydq+ae+nqhLUa7tX7Vv
|
||||
e6N1uWdJOX4t1ZwdHKyQUrrcR2ZhXCymmABTwSVTmcqRRIALlehX+Z24mE1hMyxJwlJAGOmDNpXg
|
||||
aWhBXQXu10vqQVfWqOER5OdvZlSMDlsHVmldgTxFi/tw8wAAAEIBc6g47xXFFvgOcqgikHnuMm+4
|
||||
F4YmKLbIXuCAlVqeMtlGG4utC4jeX2BKgsVoifsL1amJM4NNP9PJmeXHjtJKpRo=
|
4
security/nss/cmd/bltest/tests/ecdsa/key17
Normal file
4
security/nss/cmd/bltest/tests/ecdsa/key17
Normal file
@ -0,0 +1,4 @@
|
||||
AAAABwYFK4EEACMAAACFBADPXFUBwFhZPy1f6FaZu6IWEDpPRh0UmxGsbBYyXGXme/zgR9masrLY
|
||||
Q9SmgR9I+qfl2tpBjmwB8ltoNjcxyJGg+QFAdH/rM+0TRJo6qDm7uJNzY5mloOsKVgefekfMEPdX
|
||||
A2Sn2FVafJLZW7A6R6GvxRX5btTgjM6/XfnJaHr47DFBMwAAAEIAwzmBaAc3LPeoyPzcX70vAo6T
|
||||
jfI7tvA+N3DXvynLTcKWYZjIilMIqsNn7u+eMQ0xDM45im6j3yPcATmgGzUDam4=
|
4
security/nss/cmd/bltest/tests/ecdsa/key18
Normal file
4
security/nss/cmd/bltest/tests/ecdsa/key18
Normal file
@ -0,0 +1,4 @@
|
||||
AAAABwYFK4EEACMAAACFBAFieatjCQKes5RNySyOxoR3TvNJ9tDAHwsR9RZJM4S3At6tU3fe8Pql
|
||||
yPt1eibbLvh7wgELngpPmoIRVWGG4LbCiQGHsWFJtpZQ2bs7BHGHT7L/t+vGqOUtvubTLq+xfTgW
|
||||
pUj0epQp+M8ZD0Fd622S4hODtlmPae695+yzNfUub4AjrAAAAEIBDMKWdudLb+7AriZjMEir6Qr+
|
||||
JUw6SG5KjiAi3nYymFRqr7tRGwUTkvX1Q64lMV7BgJ1Ch9qW6J11g4H6vtbGxLc=
|
4
security/nss/cmd/bltest/tests/ecdsa/key19
Normal file
4
security/nss/cmd/bltest/tests/ecdsa/key19
Normal file
@ -0,0 +1,4 @@
|
||||
AAAABwYFK4EEACMAAACFBAFRn1tqa8+H8gsEY6SDyUIg7L0ssJAePQcx1ADEbqorSXraND7BecWW
|
||||
fdzB/l3KbHXcFWAySIEhHJsxiaZEkoiOlQHKvTgw4WVzThQ09xcPBxP01R2Z29jRvoR6dh0vwCt6
|
||||
/Yw8Bt5DkafIV3fhrGSQcAPHNomub9yKoSrntNzgPBPZKQAAAEIBBeO8oosJMamU5b7R5LVAkl+J
|
||||
WEpiwFKGyK9svHBF5xbBy5HSFxt0tKXCzkhaJhu/tXGyeSedFATSTznrUR71tYU=
|
@ -1,5 +1 @@
|
||||
AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
|
||||
jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
|
||||
nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
|
||||
MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
|
||||
DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
|
||||
AAAACgYIKoZIzj0DAQcAAABBBGVG3cGzcX5hDchx/w8PZLuMMc2P6qlhzbfzWvtxVTkEd7MQ9deN7hIlyVUYk198Q2PQIRTiWtRVYA7bRwIlRCIAAAAggL+HbIocY2czS/UJE8y5lYKptWxLz7l2nkDCicqb3BM=
|
4
security/nss/cmd/bltest/tests/ecdsa/key20
Normal file
4
security/nss/cmd/bltest/tests/ecdsa/key20
Normal file
@ -0,0 +1,4 @@
|
||||
AAAABwYFK4EEACMAAACFBAAO18BJbSwNGxuZotCaEE2ZRutYNruikxsjqbXE5WtbyED65bllWUzD
|
||||
iCi9kn+r7avAL/ld+qDoTme1Pmzt+BSreQBBird/RGH5XIDuge8UQjnNMUPu6Iu4/j4DcoDuewtG
|
||||
O2y44isoGdRvOc3Iw9jQULJ5VtJtuCMmsIleglJ9gjAO9QAAAEIBPQClifuzZvzcrw4Hahu1UH3o
|
||||
A1m6xnJUK9JL8B/tZmUCdUwBevXHQ1xIajGxVka1DnYC7KzfgoqTJQhZnmejCOY=
|
1
security/nss/cmd/bltest/tests/ecdsa/key3
Normal file
1
security/nss/cmd/bltest/tests/ecdsa/key3
Normal file
@ -0,0 +1 @@
|
||||
AAAACgYIKoZIzj0DAQcAAABBBNgKE5o33CAcWXYgyE967xgyVCx/Ny3T+46oDsNoGguKssq2oVqlhpDwJeuwcSWjFUADuZKdpfGsfsCZwoG2oTsAAAAgc1T8iAilEQPJwL3QLVoSYH+gj9WyaMIzlEXb/BdDXHA=
|
1
security/nss/cmd/bltest/tests/ecdsa/key4
Normal file
1
security/nss/cmd/bltest/tests/ecdsa/key4
Normal file
@ -0,0 +1 @@
|
||||
AAAACgYIKoZIzj0DAQcAAABBBF5bq/2D0xa1ImD8HKoGiWLNU2p7HOegQcYVROWRQQyzFl3UOtrjQVHsef4oKfo8G3eHWAJRVc+iuLyvGOPQXl8AAAAgjzwuwj9STrQmn1vaUjll1jDQe6K/cH0F2IbIuFImXgQ=
|
1
security/nss/cmd/bltest/tests/ecdsa/key5
Normal file
1
security/nss/cmd/bltest/tests/ecdsa/key5
Normal file
@ -0,0 +1 @@
|
||||
AAAACgYIKoZIzj0DAQcAAABBBFB50pPWkcrENLddIYxsb/1DyEEFqk+k3NODT7NfrgDPmP+rgdYQS8dpSTDMLio+lS9BWAHEXPLJpY9RuSkjlD8AAAAgP9tI3QDXD5JFPCNfxYRSiQCsvwH+rKefnaKPUOBqIcM=
|
1
security/nss/cmd/bltest/tests/ecdsa/key6
Normal file
1
security/nss/cmd/bltest/tests/ecdsa/key6
Normal file
@ -0,0 +1 @@
|
||||
AAAACgYIKoZIzj0DAQcAAABBBMaKRuPseagu0jdyGJMGK/v/R3hGN2Jgsx0nLOKxDQTjD96BClG7fFOf4KlWY5+SVvIa+ySmH95oOEvlvFw/O7QAAAAg9pRcgToGhu2rwCf97g7rWxMv8ZM+nn7KhN1ChI25xuU=
|
3
security/nss/cmd/bltest/tests/ecdsa/key7
Normal file
3
security/nss/cmd/bltest/tests/ecdsa/key7
Normal file
@ -0,0 +1,3 @@
|
||||
AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGGr2VDwOfqb9tM
|
||||
ninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lMq0RSVECCgdBOKIhB0H6VxAAA
|
||||
ADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsAyALMCiXJqRVXwbq42WMuaELMW+g=
|
3
security/nss/cmd/bltest/tests/ecdsa/key8
Normal file
3
security/nss/cmd/bltest/tests/ecdsa/key8
Normal file
@ -0,0 +1,3 @@
|
||||
AAAABwYFK4EEACIAAABhBFAOD4kkHmLG2ASSN8n3K/R/ZNOKl8egsJUv+l2KNicOjOJqwTnhi1gN
|
||||
0gFX6tV0ZN9IEzj48bvMG3T9goEptgk5GWVMZv4tbsctnWzO6xEOD3szB0rWc+0Gdc9ZNxVuWQAA
|
||||
ADBMZ8FYtBjL0iyvCuK3sv7SKqjPBlRap0IhzlhGq8yROlBNj9O9T+SbVPqSGg4dca0=
|
3
security/nss/cmd/bltest/tests/ecdsa/key9
Normal file
3
security/nss/cmd/bltest/tests/ecdsa/key9
Normal file
@ -0,0 +1,3 @@
|
||||
AAAABwYFK4EEACIAAABhBHwN4O5s8oMHEZRW9Cw25pBY1wN3aEA1FhY+YB6pGuRWW2gyR8gER0LJ
|
||||
iaL678GU9dRO6M3vqtxUXtmS/f3RkvsV/kcQa5tod5G7EPGzcnnhxB4jQ7s+eVtDEE3LQRm54AAA
|
||||
ADA4ahA2Ems2zcznoW2Ogdv9XOTfuVU5cx7RvcygOqljsXs7kMIiK0g7ChP9AgRcmmM=
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
70+lqMS2yiBPPask+j3Iru0I+CBps0dkxKYv9wkKN/0=
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
O7xOr9dtXLrVOUwnoZuOamJoksOCu/AJQl7vnM5nKBrG+MiyB6tT0QinvJf/V/Dg
|
||||
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
2Ea3W3p+4T9F8jQ3u1sB08h45Icn0g0XZdAkqkZAl8C+bNRt7HFD2yelVjO1n2++
|
||||
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
7tI6LK4h3omU9JIsy3YQ5D35Q6bvA7SSHC5dfr7HRHVBO0aHG8LvB/MmUeSKC1Lx
|
||||
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
V3J3ZsDxwglKTddpj0cZb+iDqOyJ6GeQqJAkPW9bFwAmsD2UVBntvKR4kQsk7CQR
|
||||
|
@ -1 +1,2 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
ASGhzaNwWzEVNsr0G7vLgzHLmwanZp/58qj/yrcC711bn6cAzVnm0yD7klFyypW55PmE07T0b45D
|
||||
0hMzO3URX8kY
|
@ -1 +1,2 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
ACU0to4fsw+gcz5fwzPuRGxbnh1wk0kNPbk09Bg7zarJb/0SnZf0RL/JciIZXS0mfZwBprfYcLss
|
||||
g5E09EiLyYPE
|
||||
|
@ -1 +1,2 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
AHFZ+2hr7LE73SrITnxBdRIAQuIhe9sJv2IjH6mZ63hz7B0lUZBRq1L1UZYCMiJcySQE72fm58qD
|
||||
HBTp4TZFT4i6
|
@ -1 +1,2 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
ASwIYky567pL6O3quwElPDfKVZO/7mDgYfyTfDXPdgzshZy5m0m9QeBHyt+nR0tHHEQGGm+fyhD2
|
||||
j3ymdPPQ7vhO
|
@ -1 +1,2 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
AeL/vCfQJqo6G0cKf4JP85zORGd2wDp47NI8jilqs3hPzN0DRV322Kgwpn1Wm819FP6zOiMgtw+p
|
||||
lKiA2AoX9vA1
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
SfpXl5Llf4iquhkXy4lshoIqoSbnaBB+PxGW17x99sU=
|
@ -1 +1,2 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
ANDejmBr18vwOj5bRuaVvsbCJsJUnsY0h7meGKBmehWiaSzEy+Uk3frUxD+jFwB3QJ+y00mfjJHk
|
||||
gcQTb1dNKtk7
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
5zRhgEl3WocyPf53pVA08iC9rhwsXNu6esNgfNOd09A=
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
CbvtewBEVhbGdugFywOCh7YyM/99PoGsqgmM100hFok=
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
cROiGlKZaGbm1nfrM2L8YXXX9l+h4IkQtI5ovo66Vm0=
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
nBtD5rFYJ+4NmPw6qfeAxfcjl+UtcHJ6AtXgnC04Kck=
|
@ -1 +1,2 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
Mxl2AoAoODkjI3BRRJhERyaYl3mGdClyckJTOYg3ApBlAXdQY2mQJmOXQDiUiXhyGEIyEWWRcJJI
|
||||
GQ==
|
@ -1 +1 @@
|
||||
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
|
||||
cxSK1gNt4qh6Q/YMYTPGb06yvMmOA8CdF2Fe+TA3KWu9Sma4Uw60bsNiUXVfGJaG
|
||||
|
@ -1 +1 @@
|
||||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
+uIjgHPQK45HEoD6scaacINDhCSlavy/LOQstFOjA9I=
|
@ -1 +1 @@
|
||||
fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
|
||||
Ee3Cm8MeIculRkFplZnPEv7gBCPRTq+C9g55xgfw6XlEDgwQ2O4sW0QBpSbV1bkE
|
||||
|
@ -1 +1 @@
|
||||
fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
|
||||
eacQrgxAKTRE67OWEAIn1PiBGMjr1MHrAvugBZGvWLWj0qpJK7ysGrP5AUU5knA6
|
||||
|
@ -1 +1 @@
|
||||
/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk=
|
||||
OZyWwfeQNAwuldqcxrvG6D1U53pto7nNeBtFOxWApMAsfy8znVlNJ392yPOYFXR1
|
||||
|
@ -1 +1 @@
|
||||
ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
|
||||
E5M7txkzv3/JJzgkWgYkjSb+auo3diREUK6QtEe5tUovRinB9D62rwsUnYO4Zh9h
|
||||
|
@ -1 +1,2 @@
|
||||
/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx
|
||||
AWTDEcA39i86TZu4RjBbkDE4Bo0PcPsy3Vs7uSpfEpzG1za21tk7778bg0zjh+Cn40uqfG0F47do
|
||||
hMKNtshEivBN
|
@ -1 +1,2 @@
|
||||
fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
|
||||
ASnw0hIQ2FzntL2vHcZrIFWeJHVhlPlIBQformN6nv8vzp7a9/hqIudPY/uHv001e9ryEuczmG36
|
||||
cgjmxOTEca2X
|
@ -1 +1,2 @@
|
||||
fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
|
||||
AKdGyvpvfzX4pI3TBFsTbVyLLlOoVQXpvz8xYLGB6n/bMEe3pLpsb8lRCbVuS/9agXzY3XZN27PX
|
||||
tf3CclGx4rbW
|
@ -1,2 +1,2 @@
|
||||
PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
|
||||
MTQxNTE2MTcxODE5MWExYjE=
|
||||
AUr+RxF9oCVYkIwufo/WMRy6x4ftZlTojmEwUIQ3XS/tEtsqOJmvSKB304R1P6hpdghAYUVQ5Lf0
|
||||
P8BheUDuOLE5
|
@ -1,2 +1,2 @@
|
||||
PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
|
||||
MTQxNTE2MTcxODE5MWExYjE=
|
||||
AJWl5lI4w6SWNnOAIM5JG2/zJlLmG8KtuVy0LALG0geNHjNuh6WOjmBMOB0Ru14m/nvVp/AOXOaD
|
||||
NXbhZaCuuwoX
|
@ -1 +1 @@
|
||||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
a5F2DtjzM797shbFrp7g4O/tBT9jdtljEWKhnldZOak=
|
@ -1,2 +1,2 @@
|
||||
/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
|
||||
MTQxNTE2MTcxODE=
|
||||
ABJ+5ak5x4Npkzxcq1hRKJjhKjIy4jVkVDhgZ9+3p+1ItpbJxsWMlVD835yQyeW/lFOENrcLo2Qw
|
||||
RyNEPndnPG5D
|
@ -1 +1 @@
|
||||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
IV8M637yzsL+KYLyALkf92O+euGBw9PrMopiHcb/SJU=
|
@ -1 +1 @@
|
||||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
ZxclhYSFGNGLM7tZ1Z5k39ZVXiWCnd/PnsVUza3O/WQ=
|
@ -1 +1 @@
|
||||
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
|
||||
gbPop+RXoXIuYeNAb+IGgLwdTE1AnhG7LsPkfETvayQ=
|
@ -1 +1 @@
|
||||
/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
|
||||
WAHT3XYcVbT0ZB5MxfUo9636BVA4JkEKcYBFhQvIWkQ=
|
@ -1 +1 @@
|
||||
/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
|
||||
LLGTvUo3kUNR3qdAVcvKCDEFPT/ialozxy0RY3aJJxkJJ3NpuXl3l7v6dUo51/qg
|
||||
|
@ -1 +1 @@
|
||||
/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
|
||||
3pch8aH8+9zNR8+8P8gS0ftX0dqTkzExF1x4TkKfnYUfttwtkU0D1ge62Hg0tiVr
|
||||
|
@ -1044,7 +1044,10 @@ main(int argc, char **argv)
|
||||
PK11_SetPasswordFunc(SECU_GetModulePassword);
|
||||
|
||||
if (showFileCRL) {
|
||||
NSS_NoDB_Init(NULL);
|
||||
rv = NSS_NoDB_Init(NULL);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
} else {
|
||||
secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
|
||||
"secmod.db", readonly ? NSS_INIT_READONLY : 0);
|
||||
|
@ -295,7 +295,9 @@ main(int argc, char **argv)
|
||||
outFile = stdout;
|
||||
}
|
||||
|
||||
NSS_NoDB_Init(NULL);
|
||||
if (NSS_NoDB_Init(NULL) != SECSuccess) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (keySizeInBits > 1024 || qSizeInBits != 0) {
|
||||
rv = PK11_PQG_ParamGenV2((unsigned)keySizeInBits,
|
||||
@ -340,6 +342,9 @@ main(int argc, char **argv)
|
||||
|
||||
PK11_PQG_DestroyParams(pqgParams);
|
||||
PK11_PQG_DestroyVerify(pqgVerify);
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
||||
loser:
|
||||
|
@ -439,10 +439,13 @@ loser:
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
if (argc < 2) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
NSS_NoDB_Init(NULL);
|
||||
if (NSS_NoDB_Init(NULL) != SECSuccess) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*************/
|
||||
/* AES */
|
||||
@ -455,6 +458,8 @@ main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
NSS_Shutdown();
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -196,13 +196,17 @@ main(int argc, char **argv)
|
||||
if (status != PR_SUCCESS) {
|
||||
ERROR++;
|
||||
fprintf(stderr,
|
||||
"PR_CreateThread filed iteration %d, %s]n", i,
|
||||
"PR_CreateThread filed iteration %d, %s\n", i,
|
||||
PORT_ErrorToString(PORT_GetError()));
|
||||
}
|
||||
}
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
ERROR++;
|
||||
fprintf(stderr, "NSS_Shutdown failed: %s\n",
|
||||
PORT_ErrorToString(PORT_GetError()));
|
||||
}
|
||||
printf("%d failures and %d errors found\n", FAILED, ERROR);
|
||||
/* clean up */
|
||||
NSS_Shutdown();
|
||||
if (FAILED) {
|
||||
exit(1);
|
||||
}
|
||||
|
@ -2580,6 +2580,8 @@ main(int argc, char *argv[])
|
||||
get_time_string());
|
||||
} while (looparound); /* accept connection and process it. */
|
||||
PR_Close(s_rend);
|
||||
NSS_Shutdown();
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -136,6 +136,7 @@
|
||||
'coverage%': 0,
|
||||
'softfp_cflags%': '',
|
||||
'enable_draft_hpke%': 0,
|
||||
'force_integrated_as%': 0,
|
||||
},
|
||||
'target_defaults': {
|
||||
# Settings specific to targets should go here.
|
||||
|
@ -10,3 +10,4 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
@ -32,6 +32,15 @@ class DataBuffer {
|
||||
}
|
||||
return *this;
|
||||
}
|
||||
DataBuffer& operator=(DataBuffer&& other) {
|
||||
if (this == &other) {
|
||||
data_ = other.data_;
|
||||
len_ = other.len_;
|
||||
other.data_ = nullptr;
|
||||
other.len_ = 0;
|
||||
}
|
||||
return *this;
|
||||
}
|
||||
|
||||
void Allocate(size_t l) {
|
||||
delete[] data_;
|
||||
|
@ -8,8 +8,10 @@
|
||||
#define nss_scoped_ptrs_h__
|
||||
|
||||
#include <memory>
|
||||
|
||||
#include "cert.h"
|
||||
#include "keyhi.h"
|
||||
#include "nss.h"
|
||||
#include "p12.h"
|
||||
#include "pk11hpke.h"
|
||||
#include "pk11pqg.h"
|
||||
@ -54,6 +56,7 @@ struct ScopedDelete {
|
||||
void operator()(SEC_PKCS12DecoderContext* dcx) {
|
||||
SEC_PKCS12DecoderFinish(dcx);
|
||||
}
|
||||
void operator()(NSSInitContext* init) { NSS_ShutdownContext(init); }
|
||||
};
|
||||
|
||||
template <class T>
|
||||
@ -75,6 +78,7 @@ SCOPED(CERTDistNames);
|
||||
SCOPED(CERTName);
|
||||
SCOPED(CERTSubjectPublicKeyInfo);
|
||||
SCOPED(HpkeContext);
|
||||
SCOPED(NSSInitContext);
|
||||
SCOPED(PK11Context);
|
||||
SCOPED(PK11GenericObject);
|
||||
SCOPED(PK11SlotInfo);
|
||||
|
62
security/nss/doc/rst/releases/nss_3_68_1.rst
Normal file
62
security/nss/doc/rst/releases/nss_3_68_1.rst
Normal file
@ -0,0 +1,62 @@
|
||||
.. _mozilla_projects_nss_nss_3_68_1_release_notes:
|
||||
|
||||
NSS 3.68.1 release notes
|
||||
========================
|
||||
|
||||
`Introduction <#introduction>`__
|
||||
--------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Network Security Services (NSS) 3.68.1 (ESR) was released on **1 December 2021**.
|
||||
|
||||
**This release contains an important security fix for CVE-2021-43527:**
|
||||
|
||||
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
|
||||
|
||||
.. _distribution_information:
|
||||
|
||||
`Distribution Information <#distribution_information>`__
|
||||
--------------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
The HG tag is NSS_3_68_1_RTM. NSS 3.68.1 requires NSPR 4.32 or newer.
|
||||
|
||||
NSS 3.68.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
|
||||
|
||||
- Source tarballs:
|
||||
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_1_RTM/src/
|
||||
|
||||
Other releases are available :ref:`mozilla_projects_nss_releases`.
|
||||
|
||||
.. _changes_in_nss_3.68.1:
|
||||
|
||||
`Changes in NSS 3.68.1 <#changes_in_nss_3.68.1>`__
|
||||
----------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
- Bug 1735028 - Check for missing signedData field.
|
||||
- Bug 1737470 - Ensure DER encoded signatures are within size limits.
|
||||
|
||||
|
||||
`Compatibility <#compatibility>`__
|
||||
----------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
NSS 3.68.1 shared libraries are backwards-compatible with all older NSS 3.x shared
|
||||
libraries. A program linked with older NSS 3.x shared libraries will work with
|
||||
this new version of the shared libraries without recompiling or
|
||||
relinking. Furthermore, applications that restrict their use of NSS APIs to the
|
||||
functions listed in NSS Public Functions will remain compatible with future
|
||||
versions of the NSS shared libraries.
|
||||
|
||||
`Feedback <#feedback>`__
|
||||
------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Bugs discovered should be reported by filing a bug report on
|
||||
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
57
security/nss/doc/rst/releases/nss_3_68_2.rst
Normal file
57
security/nss/doc/rst/releases/nss_3_68_2.rst
Normal file
@ -0,0 +1,57 @@
|
||||
.. _mozilla_projects_nss_nss_3_68_2_release_notes:
|
||||
|
||||
NSS 3.68.2 (ESR) release notes
|
||||
==============================
|
||||
|
||||
`Introduction <#introduction>`__
|
||||
--------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Network Security Services (NSS) 3.68.2 (ESR) was released on **15 December 2021**.
|
||||
|
||||
.. _distribution_information:
|
||||
|
||||
`Distribution Information <#distribution_information>`__
|
||||
--------------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
The HG tag is NSS_3_68_2_RTM. NSS 3.68.2 requires NSPR 4.32 or newer.
|
||||
|
||||
NSS 3.68.2 source distributions are available on ftp.mozilla.org for secure HTTPS download:
|
||||
|
||||
- Source tarballs:
|
||||
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_2_RTM/src/
|
||||
|
||||
Other releases are available :ref:`mozilla_projects_nss_releases`.
|
||||
|
||||
.. _changes_in_nss_3.68.2:
|
||||
|
||||
`Changes in NSS 3.68.2 <#changes_in_nss_3.68.2>`__
|
||||
----------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
- Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
|
||||
|
||||
|
||||
`Compatibility <#compatibility>`__
|
||||
----------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
NSS 3.68.2 shared libraries are backwards-compatible with all older NSS 3.x shared
|
||||
libraries. A program linked with older NSS 3.x shared libraries will work with
|
||||
this new version of the shared libraries without recompiling or
|
||||
relinking. Furthermore, applications that restrict their use of NSS APIs to the
|
||||
functions listed in NSS Public Functions will remain compatible with future
|
||||
versions of the NSS shared libraries.
|
||||
|
||||
`Feedback <#feedback>`__
|
||||
------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Bugs discovered should be reported by filing a bug report on
|
||||
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
57
security/nss/doc/rst/releases/nss_3_72_1.rst
Normal file
57
security/nss/doc/rst/releases/nss_3_72_1.rst
Normal file
@ -0,0 +1,57 @@
|
||||
.. _mozilla_projects_nss_nss_3_72_1_release_notes:
|
||||
|
||||
NSS 3.72.1 release notes
|
||||
========================
|
||||
|
||||
`Introduction <#introduction>`__
|
||||
--------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Network Security Services (NSS) 3.72.1 was released on **15 December 2021**.
|
||||
|
||||
.. _distribution_information:
|
||||
|
||||
`Distribution Information <#distribution_information>`__
|
||||
--------------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
The HG tag is NSS_3_72_1_RTM. NSS 3.72.1 requires NSPR 4.32 or newer.
|
||||
|
||||
NSS 3.72.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
|
||||
|
||||
- Source tarballs:
|
||||
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_72_1_RTM/src/
|
||||
|
||||
Other releases are available :ref:`mozilla_projects_nss_releases`.
|
||||
|
||||
.. _changes_in_nss_3.72.1:
|
||||
|
||||
`Changes in NSS 3.72.1 <#changes_in_nss_3.72.1>`__
|
||||
----------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
- Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
|
||||
|
||||
|
||||
`Compatibility <#compatibility>`__
|
||||
----------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
NSS 3.72.1 shared libraries are backwards-compatible with all older NSS 3.x shared
|
||||
libraries. A program linked with older NSS 3.x shared libraries will work with
|
||||
this new version of the shared libraries without recompiling or
|
||||
relinking. Furthermore, applications that restrict their use of NSS APIs to the
|
||||
functions listed in NSS Public Functions will remain compatible with future
|
||||
versions of the NSS shared libraries.
|
||||
|
||||
`Feedback <#feedback>`__
|
||||
------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Bugs discovered should be reported by filing a bug report on
|
||||
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
65
security/nss/doc/rst/releases/nss_3_73.rst
Normal file
65
security/nss/doc/rst/releases/nss_3_73.rst
Normal file
@ -0,0 +1,65 @@
|
||||
.. _mozilla_projects_nss_nss_3_73_release_notes:
|
||||
|
||||
NSS 3.73 release notes
|
||||
======================
|
||||
|
||||
`Introduction <#introduction>`__
|
||||
--------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Network Security Services (NSS) 3.73 was released on **1 December 2021**.
|
||||
|
||||
**This release contains an important security fix for CVE-2021-43527:**
|
||||
|
||||
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
|
||||
|
||||
.. _distribution_information:
|
||||
|
||||
`Distribution Information <#distribution_information>`__
|
||||
--------------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
The HG tag is NSS_3_73_RTM. NSS 3.73 requires NSPR 4.32 or newer.
|
||||
|
||||
NSS 3.73 source distributions are available on ftp.mozilla.org for secure HTTPS download:
|
||||
|
||||
- Source tarballs:
|
||||
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_RTM/src/
|
||||
|
||||
Other releases are available :ref:`mozilla_projects_nss_releases`.
|
||||
|
||||
.. _changes_in_nss_3.73:
|
||||
|
||||
`Changes in NSS 3.73 <#changes_in_nss_3.73>`__
|
||||
----------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
- Bug 1735028 - Check for missing signedData field.
|
||||
- Bug 1737470 - Ensure DER encoded signatures are within size limits.
|
||||
- Bug 1729550 - NSS needs FiPS 140-3 version indicators.
|
||||
- Bug 1692132 - pkix_CacheCert_Lookup doesn't return cached certs.
|
||||
- Bug 1738600 - Sunset Coverity from NSS.
|
||||
|
||||
|
||||
`Compatibility <#compatibility>`__
|
||||
----------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
NSS 3.73 shared libraries are backwards-compatible with all older NSS 3.x shared
|
||||
libraries. A program linked with older NSS 3.x shared libraries will work with
|
||||
this new version of the shared libraries without recompiling or
|
||||
relinking. Furthermore, applications that restrict their use of NSS APIs to the
|
||||
functions listed in NSS Public Functions will remain compatible with future
|
||||
versions of the NSS shared libraries.
|
||||
|
||||
`Feedback <#feedback>`__
|
||||
------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Bugs discovered should be reported by filing a bug report on
|
||||
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
57
security/nss/doc/rst/releases/nss_3_73_1.rst
Normal file
57
security/nss/doc/rst/releases/nss_3_73_1.rst
Normal file
@ -0,0 +1,57 @@
|
||||
.. _mozilla_projects_nss_nss_3_73_1_release_notes:
|
||||
|
||||
NSS 3.73.1 release notes
|
||||
========================
|
||||
|
||||
`Introduction <#introduction>`__
|
||||
--------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Network Security Services (NSS) 3.73.1 was released on **15 December 2021**.
|
||||
|
||||
.. _distribution_information:
|
||||
|
||||
`Distribution Information <#distribution_information>`__
|
||||
--------------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
The HG tag is NSS_3_73_1_RTM. NSS 3.73.1 requires NSPR 4.32 or newer.
|
||||
|
||||
NSS 3.73.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
|
||||
|
||||
- Source tarballs:
|
||||
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_1_RTM/src/
|
||||
|
||||
Other releases are available :ref:`mozilla_projects_nss_releases`.
|
||||
|
||||
.. _changes_in_nss_3.73.1:
|
||||
|
||||
`Changes in NSS 3.73.1 <#changes_in_nss_3.73.1>`__
|
||||
----------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
- Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
|
||||
|
||||
|
||||
`Compatibility <#compatibility>`__
|
||||
----------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
NSS 3.73.1 shared libraries are backwards-compatible with all older NSS 3.x shared
|
||||
libraries. A program linked with older NSS 3.x shared libraries will work with
|
||||
this new version of the shared libraries without recompiling or
|
||||
relinking. Furthermore, applications that restrict their use of NSS APIs to the
|
||||
functions listed in NSS Public Functions will remain compatible with future
|
||||
versions of the NSS shared libraries.
|
||||
|
||||
`Feedback <#feedback>`__
|
||||
------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Bugs discovered should be reported by filing a bug report on
|
||||
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
77
security/nss/doc/rst/releases/nss_3_74.rst
Normal file
77
security/nss/doc/rst/releases/nss_3_74.rst
Normal file
@ -0,0 +1,77 @@
|
||||
.. _mozilla_projects_nss_nss_3_74_release_notes:
|
||||
|
||||
NSS 3.74 release notes
|
||||
======================
|
||||
|
||||
`Introduction <#introduction>`__
|
||||
--------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Network Security Services (NSS) 3.74 was released on **6 January 2022**.
|
||||
|
||||
|
||||
.. _distribution_information:
|
||||
|
||||
`Distribution Information <#distribution_information>`__
|
||||
--------------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
The HG tag is NSS_3_74_RTM. NSS 3.74 requires NSPR 4.32 or newer.
|
||||
|
||||
NSS 3.74 source distributions are available on ftp.mozilla.org for secure HTTPS download:
|
||||
|
||||
- Source tarballs:
|
||||
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_74_RTM/src/
|
||||
|
||||
Other releases are available :ref:`mozilla_projects_nss_releases`.
|
||||
|
||||
.. _changes_in_nss_3.74:
|
||||
|
||||
`Changes in NSS 3.74 <#changes_in_nss_3.74>`__
|
||||
----------------------------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
- Bug 966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses.
|
||||
- Bug 1553612 - Ensure clients offer consistent ciphersuites after HRR.
|
||||
- Bug 1721426 - NSS does not properly restrict server keys based on policy.
|
||||
- Bug 1733003 - Set nssckbi version number to 2.54.
|
||||
- Bug 1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate in NSS.
|
||||
- Bug 1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate in NSS.
|
||||
- Bug 1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate in NSS.
|
||||
- Bug 1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate in NSS.
|
||||
- Bug 1735407 - Replace GlobalSign ECC Root CA R4 in NSS.
|
||||
- Bug 1733560 - Remove Expired Root Certificates from NSS - DST Root CA X3.
|
||||
- Bug 1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates from NSS.
|
||||
- Bug 1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate to NSS.
|
||||
- Bug 1740095 - Add iTrusChina ECC root certificate to NSS.
|
||||
- Bug 1740095 - Add iTrusChina RSA root certificate to NSS.
|
||||
- Bug 1738805 - Add ISRG Root X2 root certificate to NSS.
|
||||
- Bug 1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate to NSS.
|
||||
- Bug 1738028 - Avoid a clang 13 unused variable warning in opt build.
|
||||
- Bug 1735028 - Check for missing signedData field.
|
||||
- Bug 1737470 - Ensure DER encoded signatures are within size limits.
|
||||
|
||||
|
||||
|
||||
`Compatibility <#compatibility>`__
|
||||
----------------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
NSS 3.74 shared libraries are backwards-compatible with all older NSS 3.x shared
|
||||
libraries. A program linked with older NSS 3.x shared libraries will work with
|
||||
this new version of the shared libraries without recompiling or
|
||||
relinking. Furthermore, applications that restrict their use of NSS APIs to the
|
||||
functions listed in NSS Public Functions will remain compatible with future
|
||||
versions of the NSS shared libraries.
|
||||
|
||||
`Feedback <#feedback>`__
|
||||
------------------------
|
||||
|
||||
.. container::
|
||||
|
||||
Bugs discovered should be reported by filing a bug report on
|
||||
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
@ -19,53 +19,41 @@
|
||||
|
||||
namespace nss_test {
|
||||
|
||||
static const CK_MECHANISM_TYPE kMech = CKM_NSS_CHACHA20_POLY1305;
|
||||
static const CK_MECHANISM_TYPE kMechXor = CKM_NSS_CHACHA20_CTR;
|
||||
static const CK_MECHANISM_TYPE kMech = CKM_CHACHA20_POLY1305;
|
||||
static const CK_MECHANISM_TYPE kMechLegacy = CKM_NSS_CHACHA20_POLY1305;
|
||||
static const CK_MECHANISM_TYPE kMechXor = CKM_CHACHA20;
|
||||
static const CK_MECHANISM_TYPE kMechXorLegacy = CKM_NSS_CHACHA20_CTR;
|
||||
// Some test data for simple tests.
|
||||
static const uint8_t kKeyData[32] = {'k'};
|
||||
static const uint8_t kCtrNonce[16] = {'c', 0, 0, 0, 'n'};
|
||||
static const uint8_t kXorParamsLegacy[16] = {'c', 0, 0, 0, 'n'};
|
||||
static const uint8_t kCounter[4] = {'c', 0};
|
||||
static const uint8_t kNonce[12] = {'n', 0};
|
||||
static const CK_CHACHA20_PARAMS kXorParams{
|
||||
/* pBlockCounter */ const_cast<CK_BYTE_PTR>(kCounter),
|
||||
/* blockCounterBits */ sizeof(kCounter) * 8,
|
||||
/* pNonce */ const_cast<CK_BYTE_PTR>(kNonce),
|
||||
/* ulNonceBits */ sizeof(kNonce) * 8,
|
||||
};
|
||||
static const uint8_t kData[16] = {'d'};
|
||||
static const uint8_t kExpectedXor[sizeof(kData)] = {
|
||||
0xd8, 0x15, 0xd3, 0xb3, 0xe9, 0x34, 0x3b, 0x7a,
|
||||
0x24, 0xf6, 0x5f, 0xd7, 0x95, 0x3d, 0xd3, 0x51};
|
||||
static const size_t kTagLen = 16;
|
||||
|
||||
class Pkcs11ChaCha20Poly1305Test
|
||||
: public ::testing::TestWithParam<ChaChaTestVector> {
|
||||
public:
|
||||
void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalid_iv,
|
||||
const bool invalid_tag, const uint8_t* data,
|
||||
size_t data_len, const uint8_t* aad, size_t aad_len,
|
||||
const uint8_t* iv, size_t iv_len,
|
||||
size_t data_len, CK_MECHANISM_TYPE mech, SECItem* params,
|
||||
std::vector<uint8_t>* nonce, std::vector<uint8_t>* aad,
|
||||
const uint8_t* ct = nullptr, size_t ct_len = 0) {
|
||||
// Prepare AEAD params.
|
||||
CK_NSS_AEAD_PARAMS aead_params;
|
||||
aead_params.pNonce = toUcharPtr(iv);
|
||||
aead_params.ulNonceLen = iv_len;
|
||||
aead_params.pAAD = toUcharPtr(aad);
|
||||
aead_params.ulAADLen = aad_len;
|
||||
aead_params.ulTagLen = 16;
|
||||
|
||||
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
|
||||
sizeof(aead_params)};
|
||||
|
||||
// Encrypt with bad parameters (TagLen is too long).
|
||||
std::vector<uint8_t> encrypted(data_len + kTagLen);
|
||||
unsigned int encrypted_len = 0;
|
||||
std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
|
||||
aead_params.ulTagLen = 158072;
|
||||
SECStatus rv =
|
||||
PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, encrypted_len);
|
||||
|
||||
// Encrypt with bad parameters (TagLen is too short).
|
||||
aead_params.ulTagLen = 2;
|
||||
rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, encrypted_len);
|
||||
|
||||
// Encrypt.
|
||||
aead_params.ulTagLen = 16;
|
||||
rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
SECStatus rv =
|
||||
PK11_Encrypt(key.get(), mech, params, encrypted.data(), &encrypted_len,
|
||||
encrypted.size(), data, data_len);
|
||||
|
||||
// Return if encryption failure was expected due to invalid IV.
|
||||
// Without valid ciphertext, all further tests can be skipped.
|
||||
@ -92,7 +80,7 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
// passed to a subsequent decryption call (for AEAD we
|
||||
// must authenticate even when the pt is zero-length).
|
||||
unsigned int decrypt_bytes_needed = 0;
|
||||
rv = PK11_Decrypt(key.get(), kMech, ¶ms, nullptr, &decrypt_bytes_needed,
|
||||
rv = PK11_Decrypt(key.get(), mech, params, nullptr, &decrypt_bytes_needed,
|
||||
0, encrypted.data(), encrypted_len);
|
||||
EXPECT_EQ(rv, SECSuccess);
|
||||
EXPECT_GT(decrypt_bytes_needed, data_len);
|
||||
@ -100,9 +88,8 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
// Now decrypt it
|
||||
std::vector<uint8_t> decrypted(decrypt_bytes_needed);
|
||||
unsigned int decrypted_len = 0;
|
||||
rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(),
|
||||
&decrypted_len, decrypted.size(), encrypted.data(),
|
||||
encrypted.size());
|
||||
rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(), &decrypted_len,
|
||||
decrypted.size(), encrypted.data(), encrypted.size());
|
||||
EXPECT_EQ(rv, SECSuccess);
|
||||
|
||||
// Check the plaintext.
|
||||
@ -115,7 +102,7 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
decrypted_len = 0;
|
||||
std::vector<uint8_t> bogus_ciphertext(encrypted);
|
||||
bogus_ciphertext[0] ^= 0xff;
|
||||
rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(),
|
||||
rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(),
|
||||
&decrypted_len, decrypted.size(),
|
||||
bogus_ciphertext.data(), encrypted_len);
|
||||
EXPECT_EQ(rv, SECFailure);
|
||||
@ -128,47 +115,32 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
decrypted_len = 0;
|
||||
std::vector<uint8_t> bogus_tag(encrypted);
|
||||
bogus_tag[encrypted_len - 1] ^= 0xff;
|
||||
rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(),
|
||||
rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(),
|
||||
&decrypted_len, decrypted.size(), bogus_tag.data(),
|
||||
encrypted_len);
|
||||
EXPECT_EQ(rv, SECFailure);
|
||||
EXPECT_EQ(0U, decrypted_len);
|
||||
}
|
||||
|
||||
// Decrypt with bogus IV.
|
||||
// iv_len == 0 is invalid and should be caught earlier.
|
||||
// Still skip, if there's no IV to modify.
|
||||
if (iv_len != 0) {
|
||||
decrypted_len = 0;
|
||||
SECItem bogus_params(params);
|
||||
CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
|
||||
bogus_params.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
|
||||
|
||||
std::vector<uint8_t> bogusIV(iv, iv + iv_len);
|
||||
bogusAeadParams.pNonce = toUcharPtr(bogusIV.data());
|
||||
bogusIV[0] ^= 0xff;
|
||||
|
||||
rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(),
|
||||
&decrypted_len, data_len, encrypted.data(),
|
||||
encrypted.size());
|
||||
EXPECT_EQ(rv, SECFailure);
|
||||
EXPECT_EQ(0U, decrypted_len);
|
||||
}
|
||||
// Decrypt with bogus nonce.
|
||||
// A nonce length of 0 is invalid and should be caught earlier.
|
||||
ASSERT_NE(0U, nonce->size());
|
||||
decrypted_len = 0;
|
||||
nonce->data()[0] ^= 0xff;
|
||||
rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(), &decrypted_len,
|
||||
data_len, encrypted.data(), encrypted.size());
|
||||
EXPECT_EQ(rv, SECFailure);
|
||||
EXPECT_EQ(0U, decrypted_len);
|
||||
nonce->data()[0] ^= 0xff; // restore value
|
||||
|
||||
// Decrypt with bogus additional data.
|
||||
// Skip when AAD was empty and can't be modified.
|
||||
// Alternatively we could generate random aad.
|
||||
if (aad_len != 0) {
|
||||
if (aad->size() != 0) {
|
||||
decrypted_len = 0;
|
||||
SECItem bogus_params(params);
|
||||
CK_NSS_AEAD_PARAMS bogus_aead_params(aead_params);
|
||||
bogus_params.data = reinterpret_cast<unsigned char*>(&bogus_aead_params);
|
||||
aad->data()[0] ^= 0xff;
|
||||
|
||||
std::vector<uint8_t> bogus_aad(aad, aad + aad_len);
|
||||
bogus_aead_params.pAAD = toUcharPtr(bogus_aad.data());
|
||||
bogus_aad[0] ^= 0xff;
|
||||
|
||||
rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(),
|
||||
rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(),
|
||||
&decrypted_len, data_len, encrypted.data(),
|
||||
encrypted.size());
|
||||
EXPECT_EQ(rv, SECFailure);
|
||||
@ -176,6 +148,69 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
}
|
||||
}
|
||||
|
||||
void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalid_iv,
|
||||
const bool invalid_tag, const uint8_t* data,
|
||||
size_t data_len, const uint8_t* aad_ptr, size_t aad_len,
|
||||
const uint8_t* iv_ptr, size_t iv_len,
|
||||
const uint8_t* ct = nullptr, size_t ct_len = 0) {
|
||||
std::vector<uint8_t> nonce(iv_ptr, iv_ptr + iv_len);
|
||||
std::vector<uint8_t> aad(aad_ptr, aad_ptr + aad_len);
|
||||
// Prepare AEAD params.
|
||||
CK_SALSA20_CHACHA20_POLY1305_PARAMS aead_params;
|
||||
aead_params.pNonce = toUcharPtr(nonce.data());
|
||||
aead_params.ulNonceLen = nonce.size();
|
||||
aead_params.pAAD = toUcharPtr(aad.data());
|
||||
aead_params.ulAADLen = aad.size();
|
||||
|
||||
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
|
||||
sizeof(aead_params)};
|
||||
|
||||
EncryptDecrypt(key, invalid_iv, invalid_tag, data, data_len, kMech, ¶ms,
|
||||
&nonce, &aad, ct, ct_len);
|
||||
}
|
||||
|
||||
void EncryptDecryptLegacy(const ScopedPK11SymKey& key, const bool invalid_iv,
|
||||
const bool invalid_tag, const uint8_t* data,
|
||||
size_t data_len, const uint8_t* aad_ptr,
|
||||
size_t aad_len, const uint8_t* iv_ptr,
|
||||
size_t iv_len, const uint8_t* ct = nullptr,
|
||||
size_t ct_len = 0) {
|
||||
std::vector<uint8_t> nonce(iv_ptr, iv_ptr + iv_len);
|
||||
std::vector<uint8_t> aad(aad_ptr, aad_ptr + aad_len);
|
||||
// Prepare AEAD params.
|
||||
CK_NSS_AEAD_PARAMS aead_params;
|
||||
aead_params.pNonce = toUcharPtr(nonce.data());
|
||||
aead_params.ulNonceLen = nonce.size();
|
||||
aead_params.pAAD = toUcharPtr(aad.data());
|
||||
aead_params.ulAADLen = aad.size();
|
||||
aead_params.ulTagLen = kTagLen;
|
||||
|
||||
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
|
||||
sizeof(aead_params)};
|
||||
|
||||
// Encrypt with bad parameters (TagLen is too long).
|
||||
unsigned int encrypted_len = 0;
|
||||
std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
|
||||
aead_params.ulTagLen = 158072;
|
||||
SECStatus rv =
|
||||
PK11_Encrypt(key.get(), kMechLegacy, ¶ms, encrypted.data(),
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, encrypted_len);
|
||||
|
||||
// Encrypt with bad parameters (TagLen is too short).
|
||||
aead_params.ulTagLen = 2;
|
||||
rv = PK11_Encrypt(key.get(), kMechLegacy, ¶ms, encrypted.data(),
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, encrypted_len);
|
||||
|
||||
// Encrypt.
|
||||
aead_params.ulTagLen = kTagLen;
|
||||
EncryptDecrypt(key, invalid_iv, invalid_tag, data, data_len, kMechLegacy,
|
||||
¶ms, &nonce, &aad, ct, ct_len);
|
||||
}
|
||||
|
||||
void EncryptDecrypt(const ChaChaTestVector testvector) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
SECItem keyItem = {siBuffer, toUcharPtr(testvector.key.data()),
|
||||
@ -203,7 +238,7 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr));
|
||||
ASSERT_NE(nullptr, sym_key);
|
||||
|
||||
int tagSize = 16;
|
||||
int tagSize = kTagLen;
|
||||
int cipher_simulated_size;
|
||||
int output_len_message = 0;
|
||||
int output_len_simulated = 0;
|
||||
@ -218,8 +253,8 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
std::vector<uint8_t> cipher_simulated(33);
|
||||
std::vector<uint8_t> cipher_v24(33);
|
||||
std::vector<uint8_t> aad(16);
|
||||
std::vector<uint8_t> tag_message(16);
|
||||
std::vector<uint8_t> tag_simulated(16);
|
||||
std::vector<uint8_t> tag_message(kTagLen);
|
||||
std::vector<uint8_t> tag_simulated(kTagLen);
|
||||
|
||||
// Prepare AEAD v2.40 params.
|
||||
CK_SALSA20_CHACHA20_POLY1305_PARAMS chacha_params;
|
||||
@ -387,10 +422,6 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) {
|
||||
}
|
||||
|
||||
TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) {
|
||||
static const uint8_t kExpected[sizeof(kData)] = {
|
||||
0xd8, 0x15, 0xd3, 0xb3, 0xe9, 0x34, 0x3b, 0x7a,
|
||||
0x24, 0xf6, 0x5f, 0xd7, 0x95, 0x3d, 0xd3, 0x51};
|
||||
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
SECItem keyItem = {siBuffer, toUcharPtr(kKeyData),
|
||||
static_cast<unsigned int>(sizeof(kKeyData))};
|
||||
@ -398,30 +429,66 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) {
|
||||
slot.get(), kMechXor, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
|
||||
EXPECT_TRUE(!!key);
|
||||
|
||||
SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce),
|
||||
static_cast<unsigned int>(sizeof(kCtrNonce))};
|
||||
SECItem params = {siBuffer,
|
||||
toUcharPtr(reinterpret_cast<const uint8_t*>(&kXorParams)),
|
||||
static_cast<unsigned int>(sizeof(kXorParams))};
|
||||
uint8_t encrypted[sizeof(kData)];
|
||||
unsigned int encrypted_len = 88; // This should be overwritten.
|
||||
SECStatus rv =
|
||||
PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kData, sizeof(kData));
|
||||
PK11_Encrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kData, sizeof(kData));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len));
|
||||
EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected)));
|
||||
ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
|
||||
EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
|
||||
|
||||
// Decrypting has the same effect.
|
||||
rv = PK11_Decrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
|
||||
rv = PK11_Decrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kData, sizeof(kData));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
|
||||
EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
|
||||
|
||||
// Operating in reverse too.
|
||||
rv = PK11_Encrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kExpectedXor, sizeof(kExpectedXor));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
|
||||
EXPECT_EQ(0, memcmp(kData, encrypted, sizeof(kData)));
|
||||
}
|
||||
|
||||
TEST_F(Pkcs11ChaCha20Poly1305Test, XorLegacy) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
SECItem keyItem = {siBuffer, toUcharPtr(kKeyData),
|
||||
static_cast<unsigned int>(sizeof(kKeyData))};
|
||||
ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), kMechXorLegacy,
|
||||
PK11_OriginUnwrap, CKA_ENCRYPT,
|
||||
&keyItem, nullptr));
|
||||
EXPECT_TRUE(!!key);
|
||||
|
||||
SECItem ctrNonceItem = {siBuffer, toUcharPtr(kXorParamsLegacy),
|
||||
static_cast<unsigned int>(sizeof(kXorParamsLegacy))};
|
||||
uint8_t encrypted[sizeof(kData)];
|
||||
unsigned int encrypted_len = 88; // This should be overwritten.
|
||||
SECStatus rv =
|
||||
PK11_Encrypt(key.get(), kMechXorLegacy, &ctrNonceItem, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kData, sizeof(kData));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
|
||||
EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
|
||||
|
||||
// Decrypting has the same effect.
|
||||
rv = PK11_Decrypt(key.get(), kMechXorLegacy, &ctrNonceItem, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kData, sizeof(kData));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
|
||||
EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected)));
|
||||
EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
|
||||
|
||||
// Operating in reverse too.
|
||||
rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kExpected,
|
||||
sizeof(kExpected));
|
||||
rv = PK11_Encrypt(key.get(), kMechXorLegacy, &ctrNonceItem, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kExpectedXor,
|
||||
sizeof(kExpectedXor));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len));
|
||||
ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
|
||||
EXPECT_EQ(0, memcmp(kData, encrypted, sizeof(kData)));
|
||||
}
|
||||
|
||||
@ -429,18 +496,45 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) {
|
||||
// function. The result is random and therefore cannot be checked.
|
||||
TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateXor) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
|
||||
ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMechXor, nullptr, 32, nullptr));
|
||||
EXPECT_TRUE(!!key);
|
||||
|
||||
std::vector<uint8_t> iv(16);
|
||||
SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), iv.data(), iv.size());
|
||||
EXPECT_EQ(SECSuccess, rv);
|
||||
|
||||
SECItem ctrNonceItem = {siBuffer, toUcharPtr(iv.data()),
|
||||
static_cast<unsigned int>(iv.size())};
|
||||
CK_CHACHA20_PARAMS chacha_params;
|
||||
chacha_params.pBlockCounter = iv.data();
|
||||
chacha_params.blockCounterBits = 32;
|
||||
chacha_params.pNonce = iv.data() + 4;
|
||||
chacha_params.ulNonceBits = 96;
|
||||
|
||||
SECItem params = {
|
||||
siBuffer, toUcharPtr(reinterpret_cast<const uint8_t*>(&chacha_params)),
|
||||
static_cast<unsigned int>(sizeof(chacha_params))};
|
||||
uint8_t encrypted[sizeof(kData)];
|
||||
unsigned int encrypted_len = 88; // This should be overwritten.
|
||||
rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
|
||||
rv = PK11_Encrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kData, sizeof(kData));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
|
||||
}
|
||||
|
||||
TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateXorLegacy) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
ScopedPK11SymKey key(
|
||||
PK11_KeyGen(slot.get(), kMechXorLegacy, nullptr, 32, nullptr));
|
||||
EXPECT_TRUE(!!key);
|
||||
|
||||
std::vector<uint8_t> iv(16);
|
||||
SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), iv.data(), iv.size());
|
||||
EXPECT_EQ(SECSuccess, rv);
|
||||
|
||||
SECItem params = {siBuffer, toUcharPtr(iv.data()),
|
||||
static_cast<unsigned int>(iv.size())};
|
||||
uint8_t encrypted[sizeof(kData)];
|
||||
unsigned int encrypted_len = 88; // This should be overwritten.
|
||||
rv = PK11_Encrypt(key.get(), kMechXorLegacy, ¶ms, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kData, sizeof(kData));
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
|
||||
@ -451,18 +545,40 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, XorInvalidParams) {
|
||||
ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
|
||||
EXPECT_TRUE(!!key);
|
||||
|
||||
SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce),
|
||||
static_cast<unsigned int>(sizeof(kCtrNonce)) - 1};
|
||||
SECItem params = {siBuffer,
|
||||
toUcharPtr(reinterpret_cast<const uint8_t*>(&kXorParams)),
|
||||
static_cast<unsigned int>(sizeof(kXorParams)) - 1};
|
||||
uint8_t encrypted[sizeof(kData)];
|
||||
unsigned int encrypted_len = 88;
|
||||
SECStatus rv =
|
||||
PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kData, sizeof(kData));
|
||||
PK11_Encrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kData, sizeof(kData));
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
|
||||
ctrNonceItem.data = nullptr;
|
||||
rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
|
||||
&encrypted_len, sizeof(encrypted), kData, sizeof(kData));
|
||||
params.data = nullptr;
|
||||
rv = PK11_Encrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kData, sizeof(kData));
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
|
||||
}
|
||||
|
||||
TEST_F(Pkcs11ChaCha20Poly1305Test, XorLegacyInvalidParams) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
|
||||
EXPECT_TRUE(!!key);
|
||||
|
||||
SECItem params = {siBuffer, toUcharPtr(kXorParamsLegacy),
|
||||
static_cast<unsigned int>(sizeof(kXorParamsLegacy)) - 1};
|
||||
uint8_t encrypted[sizeof(kData)];
|
||||
unsigned int encrypted_len = 88;
|
||||
SECStatus rv =
|
||||
PK11_Encrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kData, sizeof(kData));
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
|
||||
params.data = nullptr;
|
||||
rv = PK11_Encrypt(key.get(), kMechXor, ¶ms, encrypted, &encrypted_len,
|
||||
sizeof(encrypted), kData, sizeof(kData));
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
|
||||
}
|
||||
|
@ -3,6 +3,7 @@
|
||||
// You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
#include "gtest/gtest.h"
|
||||
#include "nss_scoped_ptrs.h"
|
||||
|
||||
#include <assert.h>
|
||||
#include <limits.h>
|
||||
@ -21,30 +22,29 @@ namespace nss_test {
|
||||
// cipher context with data that is not cipher block aligned.
|
||||
//
|
||||
|
||||
static SECStatus GetBytes(PK11Context* ctx, uint8_t* bytes, size_t len) {
|
||||
static SECStatus GetBytes(const ScopedPK11Context& ctx, size_t len) {
|
||||
std::vector<uint8_t> in(len, 0);
|
||||
|
||||
uint8_t outbuf[128];
|
||||
PORT_Assert(len <= sizeof(outbuf));
|
||||
int outlen;
|
||||
SECStatus rv = PK11_CipherOp(ctx, bytes, &outlen, len, &in[0], len);
|
||||
SECStatus rv = PK11_CipherOp(ctx.get(), outbuf, &outlen, len, in.data(), len);
|
||||
if (static_cast<size_t>(outlen) != len) {
|
||||
return SECFailure;
|
||||
EXPECT_EQ(rv, SECFailure);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
|
||||
PK11SlotInfo* slot;
|
||||
PK11SymKey* key;
|
||||
PK11Context* ctx;
|
||||
|
||||
NSSInitContext* globalctx =
|
||||
NSS_InitContext("", "", "", "", NULL,
|
||||
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
|
||||
NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
|
||||
ScopedNSSInitContext globalctx(NSS_InitContext(
|
||||
"", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
|
||||
NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
|
||||
NSS_INIT_NOROOTINIT));
|
||||
ASSERT_TRUE(globalctx);
|
||||
|
||||
const CK_MECHANISM_TYPE cipher = CKM_AES_CTR;
|
||||
|
||||
slot = PK11_GetInternalSlot();
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
ASSERT_TRUE(slot);
|
||||
|
||||
// Use arbitrary bytes for the AES key
|
||||
@ -61,35 +61,28 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
|
||||
SECItem paramItem = {siBuffer, reinterpret_cast<unsigned char*>(¶m),
|
||||
sizeof(CK_AES_CTR_PARAMS)};
|
||||
|
||||
key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
|
||||
&keyItem, NULL);
|
||||
ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, ¶mItem);
|
||||
ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap,
|
||||
CKA_ENCRYPT, &keyItem, NULL));
|
||||
ASSERT_TRUE(key);
|
||||
ScopedPK11Context ctx(
|
||||
PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key.get(), ¶mItem));
|
||||
ASSERT_TRUE(ctx);
|
||||
|
||||
uint8_t outbuf[128];
|
||||
ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECSuccess);
|
||||
ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
|
||||
|
||||
PK11_FreeSymKey(key);
|
||||
PK11_FreeSlot(slot);
|
||||
PK11_DestroyContext(ctx, PR_TRUE);
|
||||
NSS_ShutdownContext(globalctx);
|
||||
ASSERT_EQ(GetBytes(ctx, 7), SECSuccess);
|
||||
ASSERT_EQ(GetBytes(ctx, 17), SECSuccess);
|
||||
}
|
||||
|
||||
TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
|
||||
PK11SlotInfo* slot;
|
||||
PK11SymKey* key;
|
||||
PK11Context* ctx;
|
||||
// A context can't be used for Chacha20 as the underlying
|
||||
// PK11_CipherOp operation is calling the C_EncryptUpdate function for
|
||||
// which multi-part is disabled for ChaCha20 in counter mode.
|
||||
void ChachaMulti(CK_MECHANISM_TYPE cipher, SECItem* param) {
|
||||
ScopedNSSInitContext globalctx(NSS_InitContext(
|
||||
"", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
|
||||
NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
|
||||
NSS_INIT_NOROOTINIT));
|
||||
ASSERT_TRUE(globalctx);
|
||||
|
||||
NSSInitContext* globalctx =
|
||||
NSS_InitContext("", "", "", "", NULL,
|
||||
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
|
||||
NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
|
||||
|
||||
const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
|
||||
|
||||
slot = PK11_GetInternalSlot();
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
ASSERT_TRUE(slot);
|
||||
|
||||
// Use arbitrary bytes for the ChaCha20 key and IV
|
||||
@ -97,33 +90,42 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
|
||||
for (size_t i = 0; i < 32; i++) {
|
||||
key_bytes[i] = i;
|
||||
}
|
||||
SECItem keyItem = {siBuffer, key_bytes, 32};
|
||||
SECItem keyItem = {siBuffer, key_bytes, sizeof(key_bytes)};
|
||||
|
||||
uint8_t iv_bytes[16];
|
||||
for (size_t i = 0; i < 16; i++) {
|
||||
key_bytes[i] = i;
|
||||
}
|
||||
SECItem ivItem = {siBuffer, iv_bytes, 16};
|
||||
|
||||
SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
|
||||
|
||||
key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
|
||||
&keyItem, NULL);
|
||||
ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
|
||||
ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap,
|
||||
CKA_ENCRYPT, &keyItem, NULL));
|
||||
ASSERT_TRUE(key);
|
||||
ScopedSECItem param_item(PK11_ParamFromIV(cipher, param));
|
||||
ASSERT_TRUE(param_item);
|
||||
ScopedPK11Context ctx(PK11_CreateContextBySymKey(
|
||||
cipher, CKA_ENCRYPT, key.get(), param_item.get()));
|
||||
ASSERT_TRUE(ctx);
|
||||
|
||||
uint8_t outbuf[128];
|
||||
// This is supposed to fail for Chacha20. This is because the underlying
|
||||
// PK11_CipherOp operation is calling the C_EncryptUpdate function for
|
||||
// which multi-part is disabled for ChaCha20 in counter mode.
|
||||
ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
|
||||
ASSERT_EQ(GetBytes(ctx, 7), SECFailure);
|
||||
}
|
||||
|
||||
PK11_FreeSymKey(key);
|
||||
PK11_FreeSlot(slot);
|
||||
SECITEM_FreeItem(param, PR_TRUE);
|
||||
PK11_DestroyContext(ctx, PR_TRUE);
|
||||
NSS_ShutdownContext(globalctx);
|
||||
TEST(Pkcs11CipherOp, ChachaMultiLegacy) {
|
||||
uint8_t iv_bytes[16];
|
||||
for (size_t i = 0; i < 16; i++) {
|
||||
iv_bytes[i] = i;
|
||||
}
|
||||
SECItem param_item = {siBuffer, iv_bytes, sizeof(iv_bytes)};
|
||||
|
||||
ChachaMulti(CKM_NSS_CHACHA20_CTR, ¶m_item);
|
||||
}
|
||||
|
||||
TEST(Pkcs11CipherOp, ChachaMulti) {
|
||||
uint8_t iv_bytes[16];
|
||||
for (size_t i = 0; i < 16; i++) {
|
||||
iv_bytes[i] = i;
|
||||
}
|
||||
CK_CHACHA20_PARAMS chacha_params = {
|
||||
iv_bytes, 32, iv_bytes + 4, 96,
|
||||
};
|
||||
SECItem param_item = {siBuffer, reinterpret_cast<uint8_t*>(&chacha_params),
|
||||
sizeof(chacha_params)};
|
||||
|
||||
ChachaMulti(CKM_CHACHA20, ¶m_item);
|
||||
}
|
||||
|
||||
} // namespace nss_test
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user