Merge NSS trunk to NSS_TLS13_DRAFT19_BRANCH

author: Martin Thomson <martin.thomson@gmail.com> 2017-11-23 12:05:35 +1100
committer: Martin Thomson <martin.thomson@gmail.com> 2017-11-23 12:05:35 +1100
commit: 82f5248254af24e94dd0955297cd5259ca45b1b8 (patch)
tree: 9296417df06d845ad740f45b6ba9f1634a8bd656 /lib
parent: 7bdd85eefb8ae0a63bf8228886b9c2b13a857dd1 (diff)
parent: 6280b248e57fa54bcd197edd6491962c9fc0e772 (diff)
download: nss-hg-82f5248254af24e94dd0955297cd5259ca45b1b8.tar.gz
36 files changed, 2441 insertions, 4530 deletions
diff --git a/lib/ckfw/builtins/certdata.txt b/lib/ckfw/builtins/certdata.txt
index d7e6da6aa..7b207c705 100644
--- a/lib/ckfw/builtins/certdata.txt
+++ b/lib/ckfw/builtins/certdata.txt
@@ -69,34 +69,6 @@ CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Mozilla Builtin Roots"
 
-# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
-# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Serial Number: 1407252 (0x157914)
-# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
-# Not Valid Before: Mon Feb 01 14:54:04 2010
-# Not Valid After : Tue Sep 30 00:00:00 2014
-# Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC
-# Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
-CKA_ISSUER MULTILINE_OCTAL
-\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
-\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
-\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
-\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\003\025\171\024
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "GlobalSign Root CA"
 #
@@ -2313,6 +2285,125 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Certum Root CA"
+#
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
+\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
+\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
+\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
+\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\001\000\040
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\014\060\202\001\364\240\003\002\001\002\002\003\001
+\000\040\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145
+\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060
+\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103
+\101\060\036\027\015\060\062\060\066\061\061\061\060\064\066\063
+\071\132\027\015\062\067\060\066\061\061\061\060\064\066\063\071
+\132\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145
+\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060
+\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103
+\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\316\261\301\056\323\117\174\315\045\316\030\076\117\304
+\214\157\200\152\163\310\133\121\370\233\322\334\273\000\134\261
+\240\374\165\003\356\201\360\210\356\043\122\351\346\025\063\215
+\254\055\011\305\166\371\053\071\200\211\344\227\113\220\245\250
+\170\370\163\103\173\244\141\260\330\130\314\341\154\146\176\234
+\363\011\136\125\143\204\325\250\357\363\261\056\060\150\263\304
+\074\330\254\156\215\231\132\220\116\064\334\066\232\217\201\210
+\120\267\155\226\102\011\363\327\225\203\015\101\113\260\152\153
+\370\374\017\176\142\237\147\304\355\046\137\020\046\017\010\117
+\360\244\127\050\316\217\270\355\105\366\156\356\045\135\252\156
+\071\276\344\223\057\331\107\240\162\353\372\246\133\257\312\123
+\077\342\016\306\226\126\021\156\367\351\146\251\046\330\177\225
+\123\355\012\205\210\272\117\051\245\102\214\136\266\374\205\040
+\000\252\150\013\241\032\205\001\234\304\106\143\202\210\266\042
+\261\356\376\252\106\131\176\317\065\054\325\266\332\135\367\110
+\063\024\124\266\353\331\157\316\315\210\326\253\033\332\226\073
+\035\131\002\003\001\000\001\243\023\060\021\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\270\215\316\357\347\024\272\317\356\260\104\222\154\264\071\076
+\242\204\156\255\270\041\167\322\324\167\202\207\346\040\101\201
+\356\342\370\021\267\143\321\027\067\276\031\166\044\034\004\032
+\114\353\075\252\147\157\055\324\315\376\145\061\160\305\033\246
+\002\012\272\140\173\155\130\302\232\111\376\143\062\013\153\343
+\072\300\254\253\073\260\350\323\011\121\214\020\203\306\064\340
+\305\053\340\032\266\140\024\047\154\062\167\214\274\262\162\230
+\317\315\314\077\271\310\044\102\024\326\127\374\346\046\103\251
+\035\345\200\220\316\003\124\050\076\367\077\323\370\115\355\152
+\012\072\223\023\233\073\024\043\023\143\234\077\321\207\047\171
+\345\114\121\343\001\255\205\135\032\073\261\325\163\020\244\323
+\362\274\156\144\365\132\126\220\250\307\016\114\164\017\056\161
+\073\367\310\107\364\151\157\025\362\021\136\203\036\234\174\122
+\256\375\002\332\022\250\131\147\030\333\274\160\335\233\261\151
+\355\200\316\211\100\110\152\016\065\312\051\146\025\041\224\054
+\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Certum Root CA"
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\142\122\334\100\367\021\103\242\057\336\236\367\064\216\006\102
+\121\261\201\030
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\054\217\237\146\035\030\220\261\107\046\235\216\206\202\214\251
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
+\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
+\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\001\000\040
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Comodo AAA Services root"
 #
 # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -6826,175 +6917,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "MD5 Collisions Forged Rogue CA 25c3"
-#
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 66 (0x42)
-# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
-# Not Valid Before: Sat Jul 31 00:00:01 2004
-# Not Valid After : Thu Sep 02 00:00:01 2004
-# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
-# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
-\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
-\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
-\145\145\144\157\155\056\157\162\147\057\155\144\065\051
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
-\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
-\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
-\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
-\165\163\151\156\145\163\163\040\103\101\055\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\102
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
-\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
-\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
-\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
-\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
-\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
-\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
-\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
-\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
-\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
-\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
-\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
-\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
-\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
-\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
-\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
-\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
-\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
-\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
-\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
-\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
-\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
-\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
-\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
-\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
-\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
-\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
-\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
-\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
-\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
-\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
-\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
-\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
-\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
-\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
-\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
-\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
-\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
-\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
-\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
-\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
-\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
-\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
-\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
-\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
-\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
-\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
-\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
-\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
-\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
-\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
-\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
-\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
-\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
-\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
-\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
-\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
-\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
-\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
-\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
-\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
-\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
-\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
-\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
-\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
-\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
-\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
-\321\236\164\310\166\147
-END
-
-# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 66 (0x42)
-# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
-# Not Valid Before: Sat Jul 31 00:00:01 2004
-# Not Valid After : Thu Sep 02 00:00:01 2004
-# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
-# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
-\005\132\213\212
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
-\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
-\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
-\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
-\165\163\151\156\145\163\163\040\103\101\055\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\102
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-# Distrust "Distrusted AC DG Tresor SSL"
-# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
-# Serial Number: 204199 (0x31da7)
-# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
-# Not Valid Before: Thu Jul 18 10:05:28 2013
-# Not Valid After : Fri Jul 18 10:05:28 2014
-# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
-# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL"
-CKA_ISSUER MULTILINE_OCTAL
-\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
-\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
-\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
-\150\145\156\164\151\146\151\143\141\164\151\157\156
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\003\003\035\247
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "Security Communication EV RootCA1"
 #
 # Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
@@ -10978,1725 +10900,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Bogus Mozilla Addons"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
-# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
-# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Mozilla Addons"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\342\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\033\060\031\006\003\125\004
-\003\023\022\141\144\144\157\156\163\056\155\157\172\151\154\154
-\141\056\157\162\147
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
-\362\077\103
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\370\060\202\004\340\240\003\002\001\002\002\021\000
-\222\071\325\064\217\100\321\151\132\164\124\160\341\362\077\103
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
-\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
-\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
-\061\064\062\063\065\071\065\071\132\060\201\342\061\013\060\011
-\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
-\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
-\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
-\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
-\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
-\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
-\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
-\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
-\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
-\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
-\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
-\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
-\114\061\033\060\031\006\003\125\004\003\023\022\141\144\144\157
-\156\163\056\155\157\172\151\154\154\141\056\157\162\147\060\202
-\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
-\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\253
-\306\155\066\363\025\163\170\203\163\316\164\205\325\256\354\262
-\360\340\044\037\023\203\270\040\254\273\232\376\210\273\253\241
-\035\013\037\105\000\252\111\267\065\067\014\152\357\107\114\271
-\321\276\343\127\022\004\215\222\307\266\354\001\274\266\332\307
-\201\070\040\255\162\205\346\016\374\201\154\007\255\150\166\070
-\305\104\327\314\306\112\305\227\076\144\364\121\346\360\176\262
-\354\126\367\045\202\115\111\230\313\026\230\335\043\361\211\221
-\321\027\227\100\231\046\326\342\242\053\136\337\275\211\362\033
-\032\123\055\314\120\101\172\320\075\052\014\125\160\024\001\351
-\130\111\020\172\013\223\202\213\341\036\355\072\200\020\202\316
-\226\212\064\360\314\327\323\271\264\120\207\125\124\011\270\235
-\102\050\125\000\345\214\065\124\277\335\045\221\106\267\015\345
-\135\203\250\345\213\373\204\344\074\256\166\332\304\103\053\133
-\164\013\370\276\135\150\361\170\133\265\316\175\361\135\231\100
-\332\312\356\070\201\120\276\230\241\154\270\044\255\363\257\214
-\017\327\021\050\054\204\030\114\175\265\331\217\060\265\033\002
-\003\001\000\001\243\202\001\360\060\202\001\354\060\037\006\003
-\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050\230
-\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035\006
-\003\125\035\016\004\026\004\024\335\200\322\124\075\367\114\160
-\312\243\260\335\064\172\062\344\350\073\132\073\060\016\006\003
-\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006\003
-\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125\035
-\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001\006
-\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035\040
-\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061\001
-\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005\007
-\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143\165
-\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103\120
-\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240\066
-\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056\143
-\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116\055
-\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167\141
-\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150\164
-\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157\056
-\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060\161
-\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060\073
-\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160
-\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141\056
-\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164\123
-\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010\053
-\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057\057
-\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143\157
-\155\060\065\006\003\125\035\021\004\056\060\054\202\022\141\144
-\144\157\156\163\056\155\157\172\151\154\154\141\056\157\162\147
-\202\026\167\167\167\056\141\144\144\157\156\163\056\155\157\172
-\151\154\154\141\056\157\162\147\060\015\006\011\052\206\110\206
-\367\015\001\001\005\005\000\003\202\001\001\000\063\073\143\025
-\374\261\354\024\054\223\335\165\224\336\201\132\331\116\231\276
-\373\112\244\071\125\115\241\100\172\336\023\052\207\251\067\317
-\350\325\373\255\321\173\155\157\214\040\207\202\124\346\127\111
-\274\040\050\204\315\326\001\331\223\213\027\156\043\146\345\204
-\310\200\077\306\241\160\200\344\354\115\035\371\374\221\132\163
-\142\051\232\367\040\034\141\340\213\071\237\312\274\176\215\335
-\274\331\261\343\237\236\337\025\123\221\041\122\013\331\032\043
-\017\146\066\333\254\223\226\112\243\245\042\317\051\367\242\231
-\250\366\266\331\100\256\331\176\266\366\130\056\233\254\066\312
-\144\217\145\122\334\206\234\202\253\156\120\113\332\137\372\005
-\000\210\060\016\336\215\126\277\201\107\215\075\006\342\262\142
-\222\147\217\236\310\232\262\345\006\270\160\044\270\167\174\043
-\012\070\303\171\010\330\261\121\235\254\225\021\307\100\027\236
-\243\034\217\362\021\247\150\047\332\111\005\204\030\174\130\055
-\001\147\134\345\237\241\051\273\112\071\105\057\277\021\252\171
-\242\355\264\324\265\145\103\267\223\106\212\323
-END
-
-# Trust for Certificate "Bogus Mozilla Addons"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
-# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
-# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Mozilla Addons"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\060\137\213\321\172\242\313\304\203\244\304\033\031\243\232\014
-\165\332\071\326
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\204\305\030\147\037\052\032\220\276\342\261\030\117\003\000\062
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
-\362\077\103
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus Global Trustee"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
-# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
-# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Global Trustee"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\343\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\016\060\014\006\003\125\004\007\023\005\124\141\155
-\160\141\061\027\060\025\006\003\125\004\011\023\016\123\145\141
-\040\126\151\154\154\141\147\145\040\061\060\061\027\060\025\006
-\003\125\004\012\023\016\107\154\157\142\141\154\040\124\162\165
-\163\164\145\145\061\027\060\025\006\003\125\004\013\023\016\107
-\154\157\142\141\154\040\124\162\165\163\164\145\145\061\050\060
-\046\006\003\125\004\013\023\037\110\157\163\164\145\144\040\142
-\171\040\107\124\111\040\107\162\157\165\160\040\103\157\162\160
-\157\162\141\164\151\157\156\061\024\060\022\006\003\125\004\013
-\023\013\120\154\141\164\151\156\165\155\123\123\114\061\027\060
-\025\006\003\125\004\003\023\016\147\154\157\142\141\154\040\164
-\162\165\163\164\145\145
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
-\070\057\260
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\006\335\060\202\005\305\240\003\002\001\002\002\021\000
-\330\363\137\116\267\207\053\055\253\006\222\343\025\070\057\260
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
-\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
-\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
-\061\064\062\063\065\071\065\071\132\060\201\343\061\013\060\011
-\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
-\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
-\004\010\023\007\106\154\157\162\151\144\141\061\016\060\014\006
-\003\125\004\007\023\005\124\141\155\160\141\061\027\060\025\006
-\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141\147
-\145\040\061\060\061\027\060\025\006\003\125\004\012\023\016\107
-\154\157\142\141\154\040\124\162\165\163\164\145\145\061\027\060
-\025\006\003\125\004\013\023\016\107\154\157\142\141\154\040\124
-\162\165\163\164\145\145\061\050\060\046\006\003\125\004\013\023
-\037\110\157\163\164\145\144\040\142\171\040\107\124\111\040\107
-\162\157\165\160\040\103\157\162\160\157\162\141\164\151\157\156
-\061\024\060\022\006\003\125\004\013\023\013\120\154\141\164\151
-\156\165\155\123\123\114\061\027\060\025\006\003\125\004\003\023
-\016\147\154\157\142\141\154\040\164\162\165\163\164\145\145\060
-\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
-\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
-\331\164\362\252\101\035\337\365\302\026\103\111\134\051\277\266
-\211\164\051\274\234\215\014\106\117\131\176\262\101\027\146\064
-\014\145\211\341\154\045\343\206\012\236\042\105\042\214\335\235
-\346\243\225\336\334\210\002\125\134\343\133\221\165\353\046\151
-\143\271\056\306\312\056\047\337\210\272\002\040\156\376\271\013
-\051\327\247\326\327\110\032\034\316\335\037\251\047\016\142\117
-\241\226\036\335\124\072\064\143\112\166\365\167\175\131\147\330
-\020\324\265\017\072\103\042\230\333\364\011\304\012\160\316\335
-\220\324\057\357\164\023\303\315\302\211\071\142\025\235\346\164
-\250\350\233\360\143\156\234\211\266\016\255\233\367\314\202\350
-\350\055\270\013\332\042\354\111\205\007\210\231\230\077\364\164
-\251\011\367\201\174\227\013\131\231\030\162\213\333\224\202\053
-\247\350\252\153\227\277\210\176\165\260\213\105\105\014\307\250
-\011\352\033\101\130\060\073\137\170\145\025\064\322\344\074\064
-\015\035\330\144\074\212\245\126\111\231\050\055\113\362\317\315
-\331\156\111\144\233\251\171\220\167\125\251\010\033\255\032\164
-\236\340\003\223\012\011\267\255\247\264\134\357\203\154\267\232
-\264\306\150\100\200\035\102\321\156\171\233\251\031\041\232\234
-\371\206\055\000\321\064\376\340\266\371\125\266\365\046\305\225
-\026\245\174\163\237\012\051\211\254\072\230\367\233\164\147\267
-\220\267\135\011\043\152\152\355\054\020\356\123\012\020\360\026
-\037\127\263\261\015\171\221\031\260\353\315\060\077\240\024\137
-\263\306\375\134\063\247\260\377\230\260\125\214\271\245\362\157
-\107\044\111\041\151\314\102\242\121\000\100\205\214\202\202\253
-\062\245\313\232\334\320\331\030\015\337\031\364\257\203\015\301
-\076\061\333\044\110\266\165\200\241\341\311\167\144\036\247\345
-\213\177\025\115\113\247\302\320\355\171\225\136\221\061\354\030
-\377\116\237\110\024\352\165\272\041\316\051\166\351\037\116\121
-\207\056\263\314\004\140\272\043\037\037\145\262\012\270\325\156
-\217\113\102\211\107\251\201\220\133\053\262\266\256\346\240\160
-\173\170\220\012\172\305\345\347\305\373\012\366\057\151\214\214
-\037\127\340\006\231\377\021\325\122\062\040\227\047\230\356\145
-\002\003\001\000\001\243\202\001\324\060\202\001\320\060\037\006
-\003\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050
-\230\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035
-\006\003\125\035\016\004\026\004\024\267\303\336\032\103\355\101
-\227\251\217\051\170\234\003\271\254\100\102\000\254\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006
-\003\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125
-\035\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001
-\006\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035
-\040\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061
-\001\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005
-\007\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143
-\165\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103
-\120\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240
-\066\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056
-\143\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116
-\055\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167
-\141\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150
-\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157
-\056\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162
-\163\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060
-\161\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060
-\073\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164
-\160\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141
-\056\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164
-\123\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010
-\053\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057
-\057\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143
-\157\155\060\031\006\003\125\035\021\004\022\060\020\202\016\147
-\154\157\142\141\154\040\164\162\165\163\164\145\145\060\015\006
-\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
-\000\217\272\165\272\071\324\046\323\160\017\304\263\002\247\305
-\022\043\161\311\376\143\351\243\142\170\044\104\117\324\271\021
-\076\037\307\050\347\125\153\356\364\341\000\221\206\212\311\011
-\153\237\056\244\105\071\321\141\142\136\223\245\005\105\170\237
-\140\022\054\364\154\145\145\015\314\106\064\213\050\272\240\306
-\364\231\161\144\363\042\166\254\117\363\142\311\247\063\132\007
-\037\075\311\206\200\334\333\004\057\207\047\350\277\110\104\201
-\300\360\111\043\156\037\345\344\003\206\044\023\242\205\142\174
-\130\004\312\346\215\023\162\012\272\126\104\242\017\274\373\240
-\075\015\052\177\373\236\251\011\075\267\132\324\212\215\341\045
-\350\244\011\204\160\255\022\104\271\317\271\063\172\272\134\346
-\113\246\273\005\006\230\377\362\230\122\173\167\200\047\112\331
-\342\372\271\122\324\373\373\346\326\055\236\217\301\025\104\215
-\233\164\057\356\224\132\116\323\304\213\212\254\103\235\163\366
-\256\014\207\211\255\207\311\311\307\335\272\024\140\172\370\265
-\065\235\302\215\306\226\201\015\251\122\212\051\100\004\351\031
-\264
-END
-
-# Trust for Certificate "Bogus Global Trustee"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
-# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
-# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Global Trustee"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\141\171\077\313\372\117\220\010\060\233\272\137\361\055\054\262
-\234\324\025\032
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\376\015\001\156\161\313\214\330\077\016\014\315\111\065\270\127
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
-\070\057\260
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus GMail"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
-# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
-# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus GMail"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
-\003\023\017\155\141\151\154\056\147\157\157\147\154\145\056\143
-\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
-\256\036
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\356\060\202\004\326\240\003\002\001\002\002\020\004
-\176\313\351\374\245\137\173\320\236\256\066\341\014\256\036\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
-\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
-\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
-\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
-\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
-\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
-\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
-\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
-\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
-\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
-\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
-\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
-\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
-\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
-\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
-\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
-\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
-\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
-\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
-\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
-\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
-\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
-\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
-\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
-\061\030\060\026\006\003\125\004\003\023\017\155\141\151\154\056
-\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
-\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
-\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
-\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
-\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
-\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
-\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
-\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
-\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
-\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
-\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
-\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
-\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
-\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
-\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
-\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
-\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
-\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
-\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043\004
-\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
-\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
-\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
-\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
-\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
-\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
-\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
-\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
-\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
-\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
-\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
-\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
-\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
-\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
-\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
-\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
-\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
-\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
-\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
-\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
-\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
-\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
-\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
-\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
-\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
-\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057\006
-\003\125\035\021\004\050\060\046\202\017\155\141\151\154\056\147
-\157\157\147\154\145\056\143\157\155\202\023\167\167\167\056\155
-\141\151\154\056\147\157\157\147\154\145\056\143\157\155\060\015
-\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
-\001\000\147\006\010\012\047\305\223\156\002\362\336\027\077\320
-\323\033\174\377\265\315\172\307\167\307\276\337\022\312\031\336
-\260\023\127\014\003\221\304\171\122\317\177\267\136\125\040\204
-\111\335\365\320\051\057\016\004\332\131\236\016\023\237\364\300
-\062\233\377\241\021\044\052\227\243\362\077\075\052\153\250\255
-\214\031\165\225\016\035\045\375\117\304\172\025\303\035\307\023
-\100\310\015\276\227\140\162\246\376\045\276\217\354\325\246\206
-\303\041\134\131\122\331\152\013\134\237\113\336\265\371\354\342
-\364\305\314\142\123\166\211\145\344\051\332\267\277\226\340\140
-\215\015\267\011\125\326\100\125\035\301\362\226\041\165\257\211
-\206\037\135\201\227\051\050\036\051\327\226\301\040\003\062\173
-\000\073\152\067\027\132\243\263\032\157\062\073\156\361\243\135
-\253\253\314\052\313\060\014\037\065\043\213\151\104\134\352\254
-\050\140\355\253\153\143\236\366\222\274\275\232\132\046\114\305
-\230\270\016\031\076\374\005\061\343\026\331\375\220\005\003\206
-\306\127\001\037\177\170\240\317\063\152\252\146\153\042\320\247
-\111\043
-END
-
-# Trust for Certificate "Bogus GMail"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
-# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
-# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus GMail"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\144\061\162\060\066\375\046\336\245\002\171\057\245\225\222\044
-\223\003\017\227
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\114\167\037\353\312\061\301\051\230\351\054\020\263\257\111\034
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
-\256\036
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus Google"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
-# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
-# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Google"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
-\003\023\016\167\167\167\056\147\157\157\147\154\145\056\143\157
-\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
-\130\174\006
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\344\060\202\004\314\240\003\002\001\002\002\021\000
-\365\310\152\363\141\142\361\072\144\365\117\155\311\130\174\006
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
-\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
-\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
-\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
-\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
-\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
-\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
-\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
-\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
-\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
-\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
-\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
-\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
-\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
-\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
-\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
-\114\061\027\060\025\006\003\125\004\003\023\016\167\167\167\056
-\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
-\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
-\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
-\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
-\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
-\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
-\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
-\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
-\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
-\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
-\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
-\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
-\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
-\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
-\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
-\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
-\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
-\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
-\243\202\001\340\060\202\001\334\060\037\006\003\125\035\043\004
-\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
-\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
-\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
-\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
-\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
-\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
-\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
-\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
-\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
-\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
-\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
-\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
-\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
-\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
-\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
-\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
-\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
-\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
-\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
-\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
-\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
-\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
-\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
-\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
-\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
-\056\143\157\155\157\144\157\143\141\056\143\157\155\060\045\006
-\003\125\035\021\004\036\060\034\202\016\167\167\167\056\147\157
-\157\147\154\145\056\143\157\155\202\012\147\157\157\147\154\145
-\056\143\157\155\060\015\006\011\052\206\110\206\367\015\001\001
-\005\005\000\003\202\001\001\000\161\300\231\077\136\366\275\063
-\377\236\026\313\250\277\335\160\371\322\123\073\066\256\311\027
-\310\256\136\115\335\142\367\267\323\076\167\243\376\300\173\062
-\265\311\224\005\122\120\362\137\075\171\204\111\117\135\154\260
-\327\131\275\324\154\210\372\374\305\145\206\353\050\122\242\102
-\366\174\274\152\307\007\056\045\321\220\142\040\306\215\121\302
-\054\105\071\116\003\332\367\030\350\314\012\072\331\105\330\154
-\156\064\213\142\234\116\025\371\103\356\345\227\300\077\255\065
-\023\305\053\006\307\101\375\342\367\176\105\255\233\321\341\146
-\355\370\172\113\224\071\172\057\353\350\077\103\330\065\326\126
-\372\164\347\155\346\355\254\145\204\376\320\115\006\022\336\332
-\131\000\074\011\134\317\210\113\350\075\264\025\041\222\314\155
-\246\121\342\216\227\361\364\202\106\313\304\123\136\332\134\235
-\145\222\001\145\211\000\345\266\231\377\046\100\361\057\031\061
-\010\032\261\147\125\206\015\256\065\063\206\274\227\110\222\327
-\226\140\370\316\374\226\353\207\304\163\314\224\233\130\133\363
-\172\244\047\023\326\117\364\151
-END
-
-# Trust for Certificate "Bogus Google"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
-# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
-# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Google"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\031\026\242\257\064\155\071\237\120\061\074\071\062\000\361\101
-\100\105\146\026
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\001\163\251\130\360\274\311\276\224\053\032\114\230\044\343\270
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
-\130\174\006
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus Skype"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
-# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
-# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Skype"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
-\003\023\017\154\157\147\151\156\056\163\153\171\160\145\056\143
-\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
-\025\104\107
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
-\351\002\213\225\170\344\025\334\032\161\012\053\210\025\104\107
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
-\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
-\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
-\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
-\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
-\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
-\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
-\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
-\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
-\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
-\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
-\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
-\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
-\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
-\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
-\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
-\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
-\156\056\163\153\171\160\145\056\143\157\155\060\202\001\042\060
-\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
-\001\017\000\060\202\001\012\002\202\001\001\000\260\170\231\206
-\016\242\163\043\324\132\303\111\353\261\066\214\174\312\204\256
-\074\257\070\210\050\231\215\055\130\023\261\227\170\076\122\040
-\147\254\133\163\230\154\062\125\311\160\321\331\252\025\350\056
-\046\205\201\274\126\344\274\200\143\333\116\327\365\002\276\121
-\143\036\074\333\337\327\000\135\132\271\345\173\152\352\070\040
-\262\073\266\356\165\124\204\371\246\312\070\160\335\277\260\377
-\245\205\135\264\101\376\335\075\331\052\341\060\103\032\230\171
-\223\240\137\340\147\154\225\372\076\172\256\161\173\343\155\210
-\102\077\045\324\356\276\150\150\254\255\254\140\340\040\243\071
-\203\271\133\050\243\223\155\241\275\166\012\343\353\256\207\047
-\016\124\217\264\110\014\232\124\364\135\216\067\120\334\136\244
-\213\153\113\334\246\363\064\276\167\131\042\210\377\031\053\155
-\166\144\163\332\014\207\007\053\232\067\072\320\342\214\366\066
-\062\153\232\171\314\322\073\223\157\032\115\154\346\301\235\100
-\254\055\164\303\276\352\134\163\145\001\051\261\052\277\160\131
-\301\316\306\303\242\310\105\137\272\147\075\017\002\003\001\000
-\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
-\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
-\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
-\016\004\026\004\024\325\216\132\121\023\264\051\015\061\266\034
-\215\076\121\121\061\012\063\252\201\060\016\006\003\125\035\017
-\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
-\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
-\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
-\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
-\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
-\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
-\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
-\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
-\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
-\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
-\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
-\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
-\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
-\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
-\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
-\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
-\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
-\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
-\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
-\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
-\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
-\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
-\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
-\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
-\056\163\153\171\160\145\056\143\157\155\202\023\167\167\167\056
-\154\157\147\151\156\056\163\153\171\160\145\056\143\157\155\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
-\001\001\000\010\362\201\165\221\273\316\022\004\030\302\115\132
-\373\106\220\012\124\104\364\362\335\007\201\360\037\246\172\157
-\237\317\270\016\054\117\234\304\232\365\250\366\272\244\311\172
-\135\261\342\132\312\074\372\140\250\150\076\313\272\055\342\315
-\326\266\344\222\074\151\255\127\352\250\057\070\020\204\162\345
-\150\161\355\276\353\156\030\357\143\172\276\347\044\377\300\143
-\375\130\073\114\201\222\330\051\253\216\065\135\327\323\011\153
-\205\323\325\163\005\104\342\345\273\203\123\020\313\362\317\267
-\156\341\151\267\241\222\144\305\317\315\202\273\066\240\070\255
-\327\044\337\123\374\077\142\267\267\325\307\127\343\223\061\160
-\216\044\211\206\312\143\053\071\272\135\331\152\140\354\241\116
-\212\376\123\370\136\222\337\057\134\046\027\155\003\175\002\017
-\017\252\103\147\155\260\142\277\176\123\335\314\354\170\163\225
-\345\245\366\000\243\004\375\077\004\052\263\230\305\267\003\034
-\333\311\120\253\260\005\035\036\276\126\264\317\076\102\023\224
-\236\371\347\001\201\245\170\157\014\172\166\254\005\206\354\254
-\302\021\254
-END
-
-# Trust for Certificate "Bogus Skype"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
-# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
-# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Skype"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\107\034\224\232\201\103\333\132\325\315\361\311\162\206\112\045
-\004\372\043\311
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\205\244\264\304\151\041\337\241\152\015\130\126\130\113\063\104
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
-\025\104\107
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus Yahoo 1"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
-# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
-# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Yahoo 1"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
-\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
-\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
-\167\051\243
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
-\327\125\217\332\365\361\020\133\262\023\050\053\160\167\051\243
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
-\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
-\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
-\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
-\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
-\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
-\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
-\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
-\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
-\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
-\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
-\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
-\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
-\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
-\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
-\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
-\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
-\156\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060
-\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
-\001\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075
-\355\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034
-\353\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243
-\011\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030
-\251\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041
-\356\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202
-\356\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161
-\204\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174
-\157\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302
-\314\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321
-\211\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337
-\312\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115
-\175\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072
-\370\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154
-\002\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245
-\231\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167
-\113\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000
-\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
-\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
-\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
-\016\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047
-\141\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017
-\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
-\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
-\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
-\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
-\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
-\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
-\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
-\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
-\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
-\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
-\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
-\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
-\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
-\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
-\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
-\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
-\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
-\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
-\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
-\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
-\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
-\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
-\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
-\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
-\056\171\141\150\157\157\056\143\157\155\202\023\167\167\167\056
-\154\157\147\151\156\056\171\141\150\157\157\056\143\157\155\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
-\001\001\000\075\127\311\110\044\134\356\144\201\365\256\276\125
-\051\026\377\052\057\204\355\331\370\243\003\310\060\146\273\310
-\324\201\055\041\367\010\367\254\226\102\232\101\165\172\272\135
-\020\043\313\222\102\141\372\212\332\155\145\064\031\345\251\326
-\055\023\170\327\201\104\222\251\156\200\143\025\313\376\065\037
-\002\321\212\024\260\250\314\224\040\073\250\032\360\135\066\120
-\333\015\256\351\144\344\366\215\151\175\060\310\024\027\000\112
-\345\246\065\373\175\015\042\235\171\166\122\054\274\227\006\210
-\232\025\364\163\346\361\365\230\245\315\007\104\221\270\247\150
-\147\105\322\162\021\140\342\161\267\120\125\342\212\251\015\326
-\222\356\004\052\213\060\240\242\005\106\064\155\222\306\073\252
-\115\240\320\253\001\031\012\062\267\350\343\317\361\322\227\111
-\173\254\244\227\367\360\127\256\143\167\232\177\226\332\115\375
-\276\334\007\066\343\045\275\211\171\216\051\022\023\213\210\007
-\373\153\333\244\315\263\055\047\351\324\312\140\327\205\123\373
-\164\306\134\065\214\160\037\371\262\267\222\047\040\307\224\325
-\147\024\060
-END
-
-# Trust for Certificate "Bogus Yahoo 1"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
-# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
-# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Yahoo 1"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\143\376\256\226\013\252\221\343\103\316\053\330\267\027\230\307
-\153\333\167\320
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\014\037\276\323\374\011\156\346\156\302\146\071\165\206\153\353
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
-\167\051\243
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus Yahoo 2"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
-# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
-# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Yahoo 2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
-\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
-\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
-\302\051
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\071
-\052\103\117\016\007\337\037\212\243\005\336\064\340\302\051\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
-\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
-\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
-\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
-\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
-\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
-\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
-\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
-\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
-\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
-\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
-\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
-\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
-\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
-\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
-\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
-\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
-\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
-\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
-\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
-\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
-\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
-\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
-\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
-\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
-\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
-\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
-\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
-\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
-\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
-\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
-\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
-\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
-\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
-\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
-\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
-\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
-\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
-\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
-\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
-\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
-\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
-\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
-\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
-\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
-\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
-\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
-\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
-\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
-\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
-\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
-\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
-\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
-\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
-\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
-\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
-\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
-\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
-\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
-\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
-\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
-\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
-\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
-\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
-\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
-\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
-\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
-\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
-\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
-\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
-\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
-\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
-\206\367\015\001\001\005\005\000\003\202\001\001\000\127\142\341
-\167\353\374\037\277\210\123\257\130\323\324\326\155\147\060\027
-\100\276\340\037\144\336\207\025\314\340\244\126\251\321\237\371
-\001\376\002\261\261\352\342\137\356\161\026\061\371\010\325\302
-\327\232\233\262\132\070\327\251\177\351\207\153\061\371\013\254
-\331\375\120\161\340\333\202\222\017\201\234\215\167\351\353\056
-\352\324\043\101\207\354\055\262\170\263\216\261\147\322\356\161
-\003\010\022\231\263\002\051\157\336\213\336\301\251\003\012\132
-\063\034\075\021\003\306\110\014\230\234\025\056\331\246\205\122
-\347\005\212\256\060\043\353\355\050\154\140\351\055\177\217\107
-\213\057\320\334\346\273\017\176\137\362\110\201\216\120\004\143
-\261\121\200\165\232\251\266\020\034\020\137\157\030\157\340\016
-\226\105\316\356\361\265\040\333\357\332\156\310\225\343\366\105
-\375\312\374\245\137\111\155\006\036\322\336\141\075\025\175\067
-\345\034\065\216\006\302\153\367\264\250\050\054\061\313\252\264
-\247\227\117\235\212\366\257\176\067\271\173\075\337\222\146\213
-\217\116\235\306\066\347\134\246\253\022\017\326\317
-END
-
-# Trust for Certificate "Bogus Yahoo 2"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
-# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
-# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Yahoo 2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\320\030\266\055\305\030\220\162\107\337\120\222\133\260\232\317
-\112\134\263\255
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\162\334\310\162\154\123\073\262\375\314\135\031\275\257\246\061
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
-\302\051
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus Yahoo 3"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
-# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
-# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Yahoo 3"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
-\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
-\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
-\052\161
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\076
-\165\316\324\153\151\060\041\041\210\060\256\206\250\052\161\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
-\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
-\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
-\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
-\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
-\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
-\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
-\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
-\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
-\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
-\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
-\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
-\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
-\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
-\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
-\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
-\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
-\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
-\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
-\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
-\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
-\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
-\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
-\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
-\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
-\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
-\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
-\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
-\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
-\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
-\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
-\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
-\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
-\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
-\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
-\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
-\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
-\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
-\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
-\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
-\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
-\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
-\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
-\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
-\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
-\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
-\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
-\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
-\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
-\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
-\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
-\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
-\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
-\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
-\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
-\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
-\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
-\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
-\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
-\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
-\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
-\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
-\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
-\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
-\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
-\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
-\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
-\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
-\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
-\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
-\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
-\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
-\206\367\015\001\001\005\005\000\003\202\001\001\000\123\151\230
-\216\050\116\234\053\133\035\314\153\167\050\075\273\372\245\116
-\176\126\051\244\352\020\342\364\346\055\006\321\204\333\043\316
-\227\363\150\266\017\072\336\025\013\044\035\221\343\154\056\060
-\267\351\160\260\303\106\200\360\323\261\121\277\117\326\170\240
-\374\254\306\317\061\004\143\342\064\125\005\112\075\366\060\272
-\363\063\345\272\322\226\363\325\261\266\223\211\032\244\150\276
-\176\355\143\264\032\110\300\123\344\243\360\071\014\062\222\307
-\103\015\032\161\355\320\106\223\277\223\142\154\063\113\315\066
-\015\151\136\273\154\226\231\041\151\304\113\147\162\333\154\152
-\270\367\150\355\305\217\255\143\145\225\012\114\340\371\017\176
-\067\075\252\324\223\272\147\011\303\245\244\015\003\132\155\325
-\013\376\360\100\024\264\366\270\151\174\155\302\062\113\237\265
-\032\347\106\256\114\132\053\252\172\136\220\127\225\372\333\146
-\002\040\036\152\151\146\025\234\302\266\365\274\120\265\375\105
-\307\037\150\264\107\131\254\304\033\050\223\116\122\123\022\003
-\130\113\161\203\237\146\346\254\171\110\376\376\107
-END
-
-# Trust for Certificate "Bogus Yahoo 3"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
-# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
-# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus Yahoo 3"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\200\226\052\344\326\305\264\102\211\116\225\241\076\112\151\236
-\007\326\224\317
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\112\334\074\147\355\041\315\133\316\135\310\021\344\236\317\075
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
-\052\161
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Bogus live.com"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
-# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
-# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus live.com"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
-\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
-\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
-\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
-\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
-\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
-\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
-\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
-\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
-\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
-\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
-\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
-\003\023\016\154\157\147\151\156\056\154\151\166\145\056\143\157
-\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
-\275\072\300
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\354\060\202\004\324\240\003\002\001\002\002\021\000
-\260\267\023\076\320\226\371\265\157\256\221\310\164\275\072\300
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
-\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
-\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
-\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
-\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
-\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
-\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
-\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
-\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
-\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
-\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
-\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
-\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
-\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
-\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
-\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
-\114\061\027\060\025\006\003\125\004\003\023\016\154\157\147\151
-\156\056\154\151\166\145\056\143\157\155\060\202\001\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
-\017\000\060\202\001\012\002\202\001\001\000\363\374\053\057\357
-\341\255\131\360\102\074\302\361\202\277\054\101\223\321\366\230
-\063\225\114\274\142\361\225\130\010\266\351\173\167\110\260\323
-\334\027\077\274\156\346\354\036\354\215\027\376\034\044\306\076
-\147\075\222\225\242\060\300\247\127\040\317\160\210\227\112\005
-\223\171\223\102\227\057\076\377\304\024\024\050\242\023\066\264
-\370\356\276\035\274\170\135\141\223\137\353\210\327\321\344\053
-\232\315\130\342\007\105\237\117\270\271\100\152\063\054\133\041
-\003\132\112\224\362\172\227\131\033\250\265\102\330\203\000\252
-\064\314\247\166\320\107\003\137\005\257\073\341\271\241\064\045
-\267\154\137\232\060\204\230\302\302\327\362\270\102\112\020\125
-\275\372\123\201\135\215\150\146\105\054\122\176\345\304\004\303
-\124\347\303\071\332\172\112\305\271\230\202\040\341\054\140\127
-\277\272\362\106\000\274\137\072\334\343\063\227\370\112\230\271
-\354\063\117\055\140\154\025\222\246\201\112\013\351\354\166\160
-\064\061\027\160\346\160\113\216\213\323\165\313\170\111\253\146
-\233\206\237\217\251\304\001\350\312\033\347\002\003\001\000\001
-\243\202\001\350\060\202\001\344\060\037\006\003\125\035\043\004
-\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
-\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
-\004\026\004\024\324\144\366\251\350\245\176\327\277\143\122\003
-\203\123\333\305\101\215\352\200\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
-\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
-\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
-\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
-\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
-\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
-\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
-\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
-\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
-\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
-\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
-\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
-\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
-\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
-\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
-\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
-\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
-\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
-\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
-\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
-\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
-\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
-\056\143\157\155\157\144\157\143\141\056\143\157\155\060\055\006
-\003\125\035\021\004\046\060\044\202\016\154\157\147\151\156\056
-\154\151\166\145\056\143\157\155\202\022\167\167\167\056\154\157
-\147\151\156\056\154\151\166\145\056\143\157\155\060\015\006\011
-\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
-\124\343\244\232\044\322\363\035\102\255\033\360\036\253\373\332
-\325\252\351\317\132\263\036\127\173\061\362\156\127\113\061\257
-\063\273\266\015\025\307\136\131\001\316\104\265\267\277\011\311
-\325\334\151\204\351\305\032\267\360\076\324\300\044\275\051\137
-\264\351\326\130\353\105\021\211\064\064\323\021\353\064\316\052
-\117\000\075\366\162\357\151\146\300\237\232\254\176\160\120\254
-\125\107\332\276\103\133\354\213\310\305\043\204\311\237\266\122
-\010\317\221\033\057\200\151\346\064\063\346\263\237\244\345\015
-\232\025\371\127\374\013\251\101\013\365\377\130\101\222\042\047
-\146\022\006\307\052\330\131\247\306\337\104\022\117\300\250\177
-\247\101\310\310\151\377\272\005\056\227\255\073\320\353\363\025
-\155\176\033\345\272\335\064\276\042\021\354\150\230\063\201\002
-\152\013\023\125\171\061\165\116\072\310\266\023\275\227\157\067
-\012\013\055\210\016\336\147\220\302\263\312\040\312\232\121\364
-\144\076\333\364\056\105\362\307\107\027\250\364\372\220\132\177
-\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352
-END
-
-# Trust for Certificate "Bogus live.com"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
-# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
-# Not Valid Before: Tue Mar 15 00:00:00 2011
-# Not Valid After : Fri Mar 14 23:59:59 2014
-# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
-# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus live.com"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\316\245\206\262\316\131\076\307\331\071\211\203\067\305\170\024
-\160\212\262\276
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\320\324\071\343\314\134\122\335\010\315\351\253\350\021\131\324
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
-\275\072\300
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "Go Daddy Root Certificate Authority - G2"
 #
 # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -14108,605 +12311,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
-#
-# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
-# Not Valid Before: Thu Jul 26 15:59:01 2007
-# Not Valid After : Mon Aug 26 16:29:01 2013
-# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
-# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
-\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
-\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
-\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
-\147\151\156\157\164\141\162\056\156\154
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
-\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
-\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
-\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
-\147\151\156\157\164\141\162\056\156\154
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\161\060\202\002\332\240\003\002\001\002\002\004\017
-\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\150\061\013\060\011\006\003\125\004\006\023\002\116
-\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
-\116\157\164\141\162\061\043\060\041\006\003\125\004\003\023\032
-\104\151\147\151\116\157\164\141\162\040\123\145\162\166\151\143
-\145\163\040\061\060\062\064\040\103\101\061\040\060\036\006\011
-\052\206\110\206\367\015\001\011\001\026\021\151\156\146\157\100
-\144\151\147\151\156\157\164\141\162\056\156\154\060\036\027\015
-\060\067\060\067\062\066\061\065\065\071\060\061\132\027\015\061
-\063\060\070\062\066\061\066\062\071\060\061\132\060\150\061\013
-\060\011\006\003\125\004\006\023\002\116\114\061\022\060\020\006
-\003\125\004\012\023\011\104\151\147\151\116\157\164\141\162\061
-\043\060\041\006\003\125\004\003\023\032\104\151\147\151\116\157
-\164\141\162\040\123\145\162\166\151\143\145\163\040\061\060\062
-\064\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
-\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
-\164\141\162\056\156\154\060\201\237\060\015\006\011\052\206\110
-\206\367\015\001\001\001\005\000\003\201\215\000\060\201\211\002
-\201\201\000\332\233\115\135\074\371\321\342\213\306\306\010\040
-\305\331\036\110\354\146\130\147\171\142\053\101\143\364\211\215
-\150\332\257\270\224\066\213\031\044\244\240\223\322\231\017\262
-\255\055\065\115\315\057\152\341\371\233\031\053\274\004\032\176
-\055\075\122\144\315\361\076\147\017\211\056\350\362\117\256\246
-\010\241\205\376\241\251\011\346\306\253\076\103\374\257\172\003
-\221\332\246\071\246\141\356\230\117\030\250\323\263\257\146\202
-\351\237\274\335\162\371\006\004\275\022\331\030\044\347\253\223
-\123\213\131\002\003\001\000\001\243\202\001\046\060\202\001\042
-\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
-\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
-\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
-\007\003\002\006\010\053\006\001\005\005\007\003\004\060\021\006
-\003\125\035\040\004\012\060\010\060\006\006\004\125\035\040\000
-\060\063\006\010\053\006\001\005\005\007\001\001\004\047\060\045
-\060\043\006\010\053\006\001\005\005\007\060\001\206\027\150\164
-\164\160\072\057\057\157\143\163\160\056\145\156\164\162\165\163
-\164\056\156\145\164\060\063\006\003\125\035\037\004\054\060\052
-\060\050\240\046\240\044\206\042\150\164\164\160\072\057\057\143
-\162\154\056\145\156\164\162\165\163\164\056\156\145\164\057\163
-\145\162\166\145\162\061\056\143\162\154\060\035\006\003\125\035
-\016\004\026\004\024\376\334\224\111\014\157\357\134\177\306\361
-\022\231\117\026\111\255\373\202\145\060\013\006\003\125\035\017
-\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030\060
-\026\200\024\360\027\142\023\125\075\263\377\012\000\153\373\120
-\204\227\363\355\142\320\032\060\031\006\011\052\206\110\206\366
-\175\007\101\000\004\014\060\012\033\004\126\067\056\061\003\002
-\000\201\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\201\201\000\143\164\152\067\251\077\226\234\146\310\130
-\254\011\311\357\365\145\224\177\243\002\304\070\061\275\135\043
-\207\354\324\126\262\311\262\156\344\005\006\374\354\365\372\210
-\160\131\324\356\346\335\265\172\240\243\140\057\002\014\253\336
-\022\135\257\360\065\113\252\212\107\221\032\365\205\054\102\307
-\035\357\225\103\263\136\270\225\223\245\332\305\050\252\255\162
-\055\061\255\231\153\154\377\214\041\047\257\255\232\221\053\307
-\335\130\303\156\007\305\237\171\322\307\214\125\277\114\307\047
-\136\121\026\053\076
-END
-
-# Trust for Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
-# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
-# Not Valid Before: Thu Jul 26 15:59:01 2007
-# Not Valid After : Mon Aug 26 16:29:01 2013
-# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
-# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\022\073\352\312\146\147\167\141\340\353\150\362\376\355\242\017
-\040\005\125\160
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\057\026\150\227\114\150\117\316\122\212\354\123\217\223\111\370
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
-\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
-\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
-\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
-\147\151\156\157\164\141\162\056\156\154
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Explicitly Distrust DigiNotar Cyber CA"
-#
-# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Not Valid Before: Wed Oct 04 10:54:12 2006
-# Not Valid After : Tue Oct 04 10:53:12 2011
-# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
-# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
-\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
-\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
-\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
-\156\154
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
-\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
-\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
-\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
-\156\154
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\105\060\202\004\256\240\003\002\001\002\002\004\017
-\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\140\061\013\060\011\006\003\125\004\006\023\002\116
-\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
-\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
-\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
-\103\101\061\040\060\036\006\011\052\206\110\206\367\015\001\011
-\001\026\021\151\156\146\157\100\144\151\147\151\156\157\164\141
-\162\056\156\154\060\036\027\015\060\066\061\060\060\064\061\060
-\065\064\061\062\132\027\015\061\061\061\060\060\064\061\060\065
-\063\061\062\132\060\140\061\013\060\011\006\003\125\004\006\023
-\002\116\114\061\022\060\020\006\003\125\004\012\023\011\104\151
-\147\151\116\157\164\141\162\061\033\060\031\006\003\125\004\003
-\023\022\104\151\147\151\116\157\164\141\162\040\103\171\142\145
-\162\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
-\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
-\164\141\162\056\156\154\060\202\002\042\060\015\006\011\052\206
-\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
-\002\012\002\202\002\001\000\322\316\025\012\055\250\136\204\147
-\255\375\276\357\106\307\310\271\317\163\374\364\064\271\371\054
-\103\347\140\023\075\172\343\262\317\073\147\154\220\255\300\271
-\077\204\122\360\065\102\334\164\334\050\073\275\122\264\247\254
-\162\105\027\306\360\211\353\264\252\045\362\135\113\136\321\331
-\207\272\326\175\174\365\316\062\237\020\063\305\261\112\273\136
-\221\061\302\320\351\101\302\221\144\176\011\101\073\333\213\010
-\067\152\252\312\122\336\265\071\036\300\210\003\245\077\213\231
-\023\141\103\265\233\202\263\356\040\157\317\241\104\242\352\057
-\153\100\237\217\053\127\255\241\123\302\205\042\151\235\240\077
-\121\337\013\101\221\015\245\341\250\252\134\111\010\135\275\336
-\160\101\261\017\311\143\153\323\177\064\164\002\057\064\132\170
-\165\034\150\172\201\147\212\363\332\100\360\140\143\364\222\040
-\327\003\246\075\243\036\147\304\204\033\101\245\311\214\346\275
-\352\110\266\005\026\010\263\067\022\132\367\141\074\367\070\157
-\056\227\340\157\126\070\124\323\050\265\255\024\156\056\113\144
-\265\047\145\267\165\045\011\266\007\075\225\126\002\012\202\140
-\262\163\105\340\063\046\121\164\232\271\324\120\034\366\115\133
-\133\122\122\023\132\246\177\247\016\341\350\101\124\147\230\214
-\207\325\311\323\154\313\323\124\222\006\011\064\101\367\201\157
-\077\236\311\174\165\125\260\347\301\263\167\350\303\304\000\065
-\225\100\160\020\112\005\336\045\273\237\131\245\144\274\107\140
-\277\140\343\166\213\023\125\335\341\164\172\271\317\044\246\152
-\177\336\144\042\104\130\150\202\152\020\371\075\345\076\033\271
-\275\374\042\364\140\004\211\273\125\155\050\125\372\336\216\215
-\033\041\024\327\067\213\064\173\115\366\262\262\020\317\063\261
-\175\034\142\231\110\313\053\154\166\226\125\277\031\015\035\037
-\273\145\252\033\216\231\265\306\050\220\345\202\055\170\120\040
-\232\375\171\057\044\177\360\211\051\151\364\175\315\163\276\263
-\355\116\301\321\355\122\136\217\367\270\327\215\207\255\262\331
-\033\121\022\377\126\263\341\257\064\175\134\244\170\210\020\236
-\235\003\306\245\252\242\044\121\367\111\024\305\261\356\131\103
-\225\337\253\150\050\060\077\002\003\001\000\001\243\202\001\206
-\060\202\001\202\060\022\006\003\125\035\023\001\001\377\004\010
-\060\006\001\001\377\002\001\001\060\123\006\003\125\035\040\004
-\114\060\112\060\110\006\011\053\006\001\004\001\261\076\001\000
-\060\073\060\071\006\010\053\006\001\005\005\007\002\001\026\055
-\150\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151
-\143\055\164\162\165\163\164\056\143\157\155\057\103\120\123\057
-\117\155\156\151\122\157\157\164\056\150\164\155\154\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\240
-\006\003\125\035\043\004\201\230\060\201\225\200\024\246\014\035
-\237\141\377\007\027\265\277\070\106\333\103\060\325\216\260\122
-\006\241\171\244\167\060\165\061\013\060\011\006\003\125\004\006
-\023\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107
-\124\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047
-\060\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142
-\145\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156
-\163\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003
-\023\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164
-\040\107\154\157\142\141\154\040\122\157\157\164\202\002\001\245
-\060\105\006\003\125\035\037\004\076\060\074\060\072\240\070\240
-\066\206\064\150\164\164\160\072\057\057\167\167\167\056\160\165
-\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143
-\147\151\055\142\151\156\057\103\122\114\057\062\060\061\070\057
-\143\144\160\056\143\162\154\060\035\006\003\125\035\016\004\026
-\004\024\253\371\150\337\317\112\067\327\173\105\214\137\162\336
-\100\104\303\145\273\302\060\015\006\011\052\206\110\206\367\015
-\001\001\005\005\000\003\201\201\000\217\150\153\245\133\007\272
-\104\146\016\034\250\134\060\173\063\344\012\046\004\374\357\236
-\032\070\326\056\241\037\320\231\107\302\165\144\044\375\236\073
-\050\166\271\046\050\141\221\014\155\054\370\004\237\174\120\001
-\325\343\151\257\357\025\322\105\233\044\011\052\146\005\117\045
-\201\312\135\276\252\301\131\047\256\063\216\202\367\337\164\260
-\125\263\216\370\347\067\310\156\252\126\104\366\275\123\201\043
-\226\075\264\372\062\212\123\146\104\045\242\045\306\246\074\045
-\214\360\340\050\006\042\267\046\101
-END
-
-# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA"
-# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Not Valid Before: Wed Oct 04 10:54:12 2006
-# Not Valid After : Tue Oct 04 10:53:12 2011
-# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
-# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\245\216\240\354\366\104\126\065\031\035\150\133\307\240\344\034
-\260\115\171\056
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\274\275\211\022\264\377\345\371\046\107\310\140\066\133\331\124
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
-\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
-\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
-\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
-\156\154
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
-#
-# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Not Valid Before: Wed Sep 27 10:53:53 2006
-# Not Valid After : Fri Sep 20 09:44:07 2013
-# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
-# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
-\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
-\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\001\060\202\004\152\240\003\002\001\002\002\004\017
-\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\076\061\013\060\011\006\003\125\004\006\023\002\116
-\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
-\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
-\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
-\103\101\060\036\027\015\060\066\060\071\062\067\061\060\065\063
-\065\063\132\027\015\061\063\060\071\062\060\060\071\064\064\060
-\067\132\060\076\061\013\060\011\006\003\125\004\006\023\002\116
-\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
-\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
-\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
-\103\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
-\002\001\000\322\316\025\012\055\250\136\204\147\255\375\276\357
-\106\307\310\271\317\163\374\364\064\271\371\054\103\347\140\023
-\075\172\343\262\317\073\147\154\220\255\300\271\077\204\122\360
-\065\102\334\164\334\050\073\275\122\264\247\254\162\105\027\306
-\360\211\353\264\252\045\362\135\113\136\321\331\207\272\326\175
-\174\365\316\062\237\020\063\305\261\112\273\136\221\061\302\320
-\351\101\302\221\144\176\011\101\073\333\213\010\067\152\252\312
-\122\336\265\071\036\300\210\003\245\077\213\231\023\141\103\265
-\233\202\263\356\040\157\317\241\104\242\352\057\153\100\237\217
-\053\127\255\241\123\302\205\042\151\235\240\077\121\337\013\101
-\221\015\245\341\250\252\134\111\010\135\275\336\160\101\261\017
-\311\143\153\323\177\064\164\002\057\064\132\170\165\034\150\172
-\201\147\212\363\332\100\360\140\143\364\222\040\327\003\246\075
-\243\036\147\304\204\033\101\245\311\214\346\275\352\110\266\005
-\026\010\263\067\022\132\367\141\074\367\070\157\056\227\340\157
-\126\070\124\323\050\265\255\024\156\056\113\144\265\047\145\267
-\165\045\011\266\007\075\225\126\002\012\202\140\262\163\105\340
-\063\046\121\164\232\271\324\120\034\366\115\133\133\122\122\023
-\132\246\177\247\016\341\350\101\124\147\230\214\207\325\311\323
-\154\313\323\124\222\006\011\064\101\367\201\157\077\236\311\174
-\165\125\260\347\301\263\167\350\303\304\000\065\225\100\160\020
-\112\005\336\045\273\237\131\245\144\274\107\140\277\140\343\166
-\213\023\125\335\341\164\172\271\317\044\246\152\177\336\144\042
-\104\130\150\202\152\020\371\075\345\076\033\271\275\374\042\364
-\140\004\211\273\125\155\050\125\372\336\216\215\033\041\024\327
-\067\213\064\173\115\366\262\262\020\317\063\261\175\034\142\231
-\110\313\053\154\166\226\125\277\031\015\035\037\273\145\252\033
-\216\231\265\306\050\220\345\202\055\170\120\040\232\375\171\057
-\044\177\360\211\051\151\364\175\315\163\276\263\355\116\301\321
-\355\122\136\217\367\270\327\215\207\255\262\331\033\121\022\377
-\126\263\341\257\064\175\134\244\170\210\020\236\235\003\306\245
-\252\242\044\121\367\111\024\305\261\356\131\103\225\337\253\150
-\050\060\077\002\003\001\000\001\243\202\001\206\060\202\001\202
-\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
-\377\002\001\001\060\123\006\003\125\035\040\004\114\060\112\060
-\110\006\011\053\006\001\004\001\261\076\001\000\060\073\060\071
-\006\010\053\006\001\005\005\007\002\001\026\055\150\164\164\160
-\072\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162
-\165\163\164\056\143\157\155\057\103\120\123\057\117\155\156\151
-\122\157\157\164\056\150\164\155\154\060\016\006\003\125\035\017
-\001\001\377\004\004\003\002\001\006\060\201\240\006\003\125\035
-\043\004\201\230\060\201\225\200\024\246\014\035\237\141\377\007
-\027\265\277\070\106\333\103\060\325\216\260\122\006\241\171\244
-\167\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103
-\157\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003
-\125\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162
-\165\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111
-\156\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124
-\105\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157
-\142\141\154\040\122\157\157\164\202\002\001\245\060\105\006\003
-\125\035\037\004\076\060\074\060\072\240\070\240\066\206\064\150
-\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151\143
-\055\164\162\165\163\164\056\143\157\155\057\143\147\151\055\142
-\151\156\057\103\122\114\057\062\060\061\070\057\143\144\160\056
-\143\162\154\060\035\006\003\125\035\016\004\026\004\024\253\371
-\150\337\317\112\067\327\173\105\214\137\162\336\100\104\303\145
-\273\302\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\201\201\000\011\312\142\017\215\273\112\340\324\172\065
-\053\006\055\321\050\141\266\254\001\373\203\111\274\256\324\057
-\055\206\256\031\203\245\326\035\023\342\027\276\376\062\164\351
-\172\024\070\312\224\136\367\051\001\151\161\033\221\032\375\243
-\273\252\035\312\173\342\026\375\241\243\016\363\014\137\262\341
-\040\061\224\053\136\222\166\355\372\351\265\043\246\277\012\073
-\003\251\157\122\140\124\315\137\351\267\057\174\242\047\375\101
-\203\165\266\015\373\170\046\363\261\105\351\062\225\052\032\065
-\041\225\305\242\165
-END
-
-# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
-# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
-# Not Valid Before: Wed Sep 27 10:53:53 2006
-# Not Valid After : Fri Sep 20 09:44:07 2013
-# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
-# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\210\036\105\005\017\230\331\131\373\012\065\371\114\016\050\227
-\125\026\051\263
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\360\256\251\075\362\054\210\334\174\205\033\226\175\132\034\021
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
-\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
-\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
-#
-# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
-# Not Valid Before: Thu Jul 05 08:42:08 2007
-# Not Valid After : Mon Jul 27 08:39:47 2015
-# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
-# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
-\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
-\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
-\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
-\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
-\156
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
-\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
-\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
-\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
-\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
-\156
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\216\060\202\003\166\240\003\002\001\002\002\004\017
-\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\137\061\013\060\011\006\003\125\004\006\023\002\116
-\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147\151
-\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006\003
-\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040\120
-\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117\166
-\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151\152
-\166\145\156\060\036\027\015\060\067\060\067\060\065\060\070\064
-\062\060\070\132\027\015\061\065\060\067\062\067\060\070\063\071
-\064\067\132\060\137\061\013\060\011\006\003\125\004\006\023\002
-\116\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147
-\151\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006
-\003\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040
-\120\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117
-\166\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151
-\152\166\145\156\060\202\001\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
-\002\202\001\001\000\334\275\322\247\116\152\012\273\073\242\205
-\341\177\000\255\276\264\060\150\230\007\315\240\172\304\224\317
-\161\371\212\067\344\123\353\127\166\314\213\346\154\376\356\207
-\125\310\076\273\004\071\000\247\200\170\254\133\117\176\364\275
-\270\124\270\161\073\007\061\111\071\223\124\174\040\073\171\053
-\217\273\141\220\175\261\254\346\037\220\056\235\105\001\251\144
-\055\115\303\057\271\347\120\325\116\052\134\253\166\166\067\106
-\327\171\354\102\231\367\242\354\244\211\160\334\070\053\207\246
-\252\044\346\235\222\044\033\276\366\375\324\057\031\027\172\346
-\062\007\224\124\005\123\103\351\154\274\257\107\313\274\313\375
-\275\073\104\022\201\361\153\113\273\355\264\317\253\045\117\030
-\322\314\002\374\243\117\265\102\063\313\131\315\011\334\323\120
-\375\240\166\214\254\176\146\212\102\366\255\034\222\363\266\373
-\024\106\353\115\327\057\060\340\155\356\133\066\276\104\164\267
-\040\005\127\205\115\350\000\031\242\366\014\346\256\241\300\102
-\337\247\254\202\135\307\150\267\030\346\211\113\232\153\372\316
-\171\371\363\054\247\002\003\001\000\001\243\202\001\120\060\202
-\001\114\060\110\006\003\125\035\040\004\101\060\077\060\075\006
-\004\125\035\040\000\060\065\060\063\006\010\053\006\001\005\005
-\007\002\001\026\047\150\164\164\160\072\057\057\167\167\167\056
-\144\151\147\151\156\157\164\141\162\056\156\154\057\143\160\163
-\057\160\153\151\157\166\145\162\150\145\151\144\060\017\006\003
-\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\200
-\006\003\125\035\043\004\171\060\167\200\024\013\206\326\017\167
-\243\150\261\373\144\011\303\210\156\134\004\034\127\351\075\241
-\131\244\127\060\125\061\013\060\011\006\003\125\004\006\023\002
-\116\114\061\036\060\034\006\003\125\004\012\023\025\123\164\141
-\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
-\145\156\061\046\060\044\006\003\125\004\003\023\035\123\164\141
-\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
-\145\156\040\122\157\157\164\040\103\101\202\004\000\230\232\171
-\060\075\006\003\125\035\037\004\066\060\064\060\062\240\060\240
-\056\206\054\150\164\164\160\072\057\057\143\162\154\056\160\153
-\151\157\166\145\162\150\145\151\144\056\156\154\057\104\157\155
-\117\166\114\141\164\145\163\164\103\122\114\056\143\162\154\060
-\035\006\003\125\035\016\004\026\004\024\114\010\311\215\166\361
-\230\307\076\337\074\327\057\165\015\261\166\171\227\314\060\015
-\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
-\001\000\014\224\207\032\277\115\343\205\342\356\327\330\143\171
-\016\120\337\306\204\133\322\273\331\365\061\012\032\065\227\164
-\337\024\372\052\017\076\355\240\343\010\366\325\116\133\257\246
-\256\045\342\105\153\042\017\267\124\050\176\222\336\215\024\154
-\321\034\345\156\164\004\234\267\357\064\104\105\337\311\203\035
-\031\037\300\051\151\337\211\325\077\302\260\123\155\345\116\027
-\344\163\141\043\023\046\161\103\375\114\131\313\303\337\042\252
-\041\053\331\277\225\021\032\212\244\342\253\247\135\113\157\051
-\365\122\321\344\322\025\261\213\376\360\003\317\247\175\351\231
-\207\070\263\015\163\024\344\162\054\341\316\365\255\006\110\144
-\372\323\051\271\242\330\273\364\325\013\245\100\104\103\216\240
-\277\316\132\245\122\114\144\323\027\061\141\314\350\244\212\350
-\344\210\373\351\345\057\006\063\063\233\224\146\146\261\253\120
-\072\241\011\201\164\123\132\047\271\246\322\045\317\323\303\247
-\377\226\320\057\352\340\036\215\122\351\030\034\040\012\107\240
-\226\126\016\100\220\121\104\254\032\375\361\356\205\037\367\102
-\132\145
-END
-
-# Trust for Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
-# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
-# Serial Number: 268435455 (0xfffffff)
-# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
-# Not Valid Before: Thu Jul 05 08:42:08 2007
-# Not Valid After : Mon Jul 27 08:39:47 2015
-# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
-# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\247\250\311\254\364\137\220\222\166\206\270\300\242\016\223\130
-\175\336\060\344
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\243\317\263\377\371\117\247\261\353\072\165\130\116\056\237\352
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
-\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
-\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
-\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
-\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
-\156
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\017\377\377\377
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
 #
 # Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
@@ -14888,315 +12492,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-#
-# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
-# Serial Number:07:ff:ff:ff:ff:ff
-# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
-# Not Valid Before: Tue Jul 17 15:17:49 2007
-# Not Valid After : Tue Jul 17 15:16:55 2012
-# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
-# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
-\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
-\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
-\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
-\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
-\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
-\162\151\143\150\051
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
-\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
-\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
-\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
-\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
-\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
-\141\154\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\006\007\377\377\377\377\377
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
-\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
-\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
-\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
-\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
-\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
-\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
-\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
-\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
-\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
-\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
-\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
-\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
-\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
-\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
-\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
-\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
-\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
-\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
-\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
-\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
-\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
-\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
-\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
-\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
-\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
-\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
-\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
-\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
-\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
-\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
-\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
-\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
-\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
-\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
-\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
-\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
-\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
-\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
-\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
-\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
-\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
-\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
-\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
-\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
-\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
-\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
-\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
-\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
-\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
-\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
-\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
-\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
-\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
-\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
-\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
-\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
-\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
-\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
-\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
-\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
-\131
-END
-
-# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
-# Serial Number:07:ff:ff:ff:ff:ff
-# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
-# Not Valid Before: Tue Jul 17 15:17:49 2007
-# Not Valid After : Tue Jul 17 15:16:55 2012
-# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
-# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
-\214\071\131\117
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
-\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
-\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
-\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
-\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
-\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
-\141\154\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\006\007\377\377\377\377\377
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-#
-# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
-# Serial Number:07:ff:ff:ff:ff:ff
-# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
-# Not Valid Before: Fri Jul 16 17:23:38 2010
-# Not Valid After : Thu Jul 16 17:53:38 2015
-# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
-# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
-\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
-\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
-\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
-\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
-\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
-\105\156\162\151\143\150\051
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
-\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
-\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
-\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
-\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
-\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
-\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
-\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
-\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
-\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
-\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-\040\050\062\060\064\070\051
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\006\007\377\377\377\377\377
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
-\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
-\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
-\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
-\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
-\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
-\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
-\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
-\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
-\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
-\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
-\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
-\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
-\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
-\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
-\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
-\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
-\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
-\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
-\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
-\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
-\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
-\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
-\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
-\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
-\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
-\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
-\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
-\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
-\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
-\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
-\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
-\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
-\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
-\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
-\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
-\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
-\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
-\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
-\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
-\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
-\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
-\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
-\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
-\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
-\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
-\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
-\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
-\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
-\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
-\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
-\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
-\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
-\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
-\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
-\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
-\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
-\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
-\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
-\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
-\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
-\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
-\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
-\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
-\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
-\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
-\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
-\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
-\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
-\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
-\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
-\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
-\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
-\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
-\355\020\342\305
-END
-
-# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
-# Serial Number:07:ff:ff:ff:ff:ff
-# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
-# Not Valid Before: Fri Jul 16 17:23:38 2010
-# Not Valid After : Thu Jul 16 17:53:38 2015
-# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
-# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
-\005\155\061\046
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
-\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
-\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
-\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
-\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
-\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
-\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
-\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
-\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
-\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
-\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-\040\050\062\060\064\070\051
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\006\007\377\377\377\377\377
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
-#
 # Certificate "Security Communication RootCA2"
 #
 # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
@@ -21838,149 +19133,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Explicitly Distrusted MCSHOLDING CA"
-#
-# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
-# Serial Number: 1228079246 (0x4933008e)
-# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
-# Not Valid Before: Thu Mar 19 06:20:09 2015
-# Not Valid After : Fri Apr 03 06:20:09 2015
-# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
-# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\074\061\013\060\011\006\003\125\004\006\023\002\105\107\061
-\023\060\021\006\003\125\004\012\014\012\115\103\123\110\117\114
-\104\111\116\107\061\030\060\026\006\003\125\004\003\014\017\115
-\103\123\110\117\114\104\111\116\107\040\124\105\123\124
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
-\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
-\122\117\117\124
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\111\063\000\216
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\222\060\202\003\172\240\003\002\001\002\002\004\111
-\063\000\216\060\015\006\011\052\206\110\206\367\015\001\001\013
-\005\000\060\062\061\013\060\011\006\003\125\004\006\023\002\103
-\116\061\016\060\014\006\003\125\004\012\023\005\103\116\116\111
-\103\061\023\060\021\006\003\125\004\003\023\012\103\116\116\111
-\103\040\122\117\117\124\060\036\027\015\061\065\060\063\061\071
-\060\066\062\060\060\071\132\027\015\061\065\060\064\060\063\060
-\066\062\060\060\071\132\060\074\061\013\060\011\006\003\125\004
-\006\023\002\105\107\061\023\060\021\006\003\125\004\012\014\012
-\115\103\123\110\117\114\104\111\116\107\061\030\060\026\006\003
-\125\004\003\014\017\115\103\123\110\117\114\104\111\116\107\040
-\124\105\123\124\060\202\001\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
-\002\202\001\001\000\245\371\165\014\006\256\356\014\021\315\226
-\063\115\153\316\300\112\014\075\135\353\322\113\011\177\347\107
-\054\254\161\000\371\010\257\064\361\243\152\307\374\346\253\316
-\320\276\312\315\052\230\230\271\320\216\063\111\007\141\040\321
-\132\064\316\203\024\006\171\216\032\277\333\344\240\070\072\356
-\224\271\243\240\130\072\211\024\254\140\076\003\324\307\315\073
-\034\260\232\210\032\111\020\251\260\262\375\345\350\341\004\342
-\352\202\155\376\014\121\105\221\255\165\042\256\377\117\220\013
-\300\123\145\167\076\036\302\126\265\066\306\326\205\314\016\203
-\032\063\037\166\231\133\053\227\053\213\327\321\024\025\114\235
-\131\327\200\057\244\242\205\325\210\066\002\140\125\312\130\337
-\223\374\112\142\007\226\323\304\372\277\215\001\047\227\057\246
-\134\164\361\072\102\156\135\171\024\060\061\032\074\331\262\127
-\115\340\270\077\017\151\061\242\235\145\231\331\326\061\207\265
-\230\046\337\360\313\273\025\300\044\023\142\122\032\153\313\105
-\007\227\343\304\224\136\311\015\107\054\351\317\351\364\217\376
-\065\341\062\347\061\002\003\001\000\001\243\202\001\244\060\202
-\001\240\060\166\006\010\053\006\001\005\005\007\001\001\004\152
-\060\150\060\051\006\010\053\006\001\005\005\007\060\001\206\035
-\150\164\164\160\072\057\057\157\143\163\160\143\156\156\151\143
-\162\157\157\164\056\143\156\156\151\143\056\143\156\060\073\006
-\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160\072
-\057\057\167\167\167\056\143\156\156\151\143\056\143\156\057\144
-\157\167\156\154\157\141\144\057\143\145\162\164\057\103\116\116
-\111\103\122\117\117\124\056\143\145\162\060\037\006\003\125\035
-\043\004\030\060\026\200\024\145\362\061\255\052\367\367\335\122
-\226\012\307\002\301\016\357\246\325\073\021\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\077\006\003
-\125\035\040\004\070\060\066\060\064\006\012\053\006\001\004\001
-\201\351\014\001\006\060\046\060\044\006\010\053\006\001\005\005
-\007\002\001\026\030\150\164\164\160\072\057\057\167\167\167\056
-\143\156\156\151\143\056\143\156\057\143\160\163\057\060\201\206
-\006\003\125\035\037\004\177\060\175\060\102\240\100\240\076\244
-\074\060\072\061\013\060\011\006\003\125\004\006\023\002\103\116
-\061\016\060\014\006\003\125\004\012\014\005\103\116\116\111\103
-\061\014\060\012\006\003\125\004\013\014\003\143\162\154\061\015
-\060\013\006\003\125\004\003\014\004\143\162\154\061\060\067\240
-\065\240\063\206\061\150\164\164\160\072\057\057\143\162\154\056
-\143\156\156\151\143\056\143\156\057\144\157\167\156\154\157\141
-\144\057\162\157\157\164\163\150\141\062\143\162\154\057\103\122
-\114\061\056\143\162\154\060\013\006\003\125\035\017\004\004\003
-\002\001\006\060\035\006\003\125\035\016\004\026\004\024\104\244
-\211\253\024\137\075\157\040\074\252\174\372\031\256\364\110\140
-\005\265\060\015\006\011\052\206\110\206\367\015\001\001\013\005
-\000\003\202\001\001\000\134\264\365\123\233\117\271\340\204\211
-\061\276\236\056\352\236\041\113\245\217\155\241\246\363\057\110
-\353\351\333\255\036\061\200\320\171\073\020\357\232\044\367\223
-\033\065\363\032\302\307\302\054\012\177\157\133\361\137\163\221
-\004\373\015\171\015\351\032\006\326\203\375\116\140\235\154\222
-\103\114\352\144\230\104\253\327\373\107\320\257\037\144\114\342
-\335\167\150\026\302\054\241\240\201\227\000\102\037\176\040\170
-\350\306\120\035\013\177\025\223\131\130\100\024\204\360\247\220
-\153\066\005\147\352\177\042\155\273\321\245\046\115\263\060\244
-\130\324\133\265\032\214\120\214\270\015\341\240\007\263\017\130
-\316\327\005\265\175\065\171\157\242\333\014\000\052\150\044\214
-\176\234\301\166\111\272\174\146\021\336\362\107\316\376\320\316
-\125\276\010\332\362\171\046\052\025\071\316\153\030\246\337\330
-\207\050\231\224\016\055\150\241\232\316\122\066\234\053\354\264
-\150\263\154\025\254\313\160\102\362\304\101\245\310\374\041\170
-\123\167\062\040\251\041\114\162\342\323\262\311\166\033\030\130
-\102\013\102\222\263\344
-END
-
-# Distrust "Explicitly Distrusted MCSHOLDING CA"
-# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
-# Serial Number: 1228079246 (0x4933008e)
-# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
-# Not Valid Before: Thu Mar 19 06:20:09 2015
-# Not Valid After : Fri Apr 03 06:20:09 2015
-# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
-# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\341\363\131\036\166\230\145\304\344\107\254\303\176\257\311\342
-\277\344\305\166
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\366\212\253\024\076\326\060\045\267\111\015\167\205\160\231\313
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
-\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
-\122\117\117\124
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\111\063\000\216
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
 #
 # Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
diff --git a/lib/ckfw/builtins/nssckbi.h b/lib/ckfw/builtins/nssckbi.h
index b3bc04a38..7b793e2cc 100644
--- a/lib/ckfw/builtins/nssckbi.h
+++ b/lib/ckfw/builtins/nssckbi.h
@@ -46,8 +46,8 @@
  * It's recommend to switch back to 0 after having reached version 98/99.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 18
-#define NSS_BUILTINS_LIBRARY_VERSION "2.18"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 20
+#define NSS_BUILTINS_LIBRARY_VERSION "2.20"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
index a352a269e..0f141b5c5 100644
--- a/lib/cryptohi/seckey.c
+++ b/lib/cryptohi/seckey.c
@@ -2054,9 +2054,13 @@ sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
         mech->mgf = CKG_MGF1_SHA1; /* default, MGF1 with SHA-1 */
     }
 
-    rv = SEC_ASN1DecodeInteger((SECItem *)&params->saltLength, &saltLength);
-    if (rv != SECSuccess) {
-        return rv;
+    if (params->saltLength.data) {
+        rv = SEC_ASN1DecodeInteger((SECItem *)&params->saltLength, &saltLength);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    } else {
+        saltLength = 20; /* default, 20 */
     }
     mech->sLen = saltLength;
 
diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c
index 693e79c65..dc10f2fa6 100644
--- a/lib/cryptohi/secsign.c
+++ b/lib/cryptohi/secsign.c
@@ -610,6 +610,7 @@ sec_CreateRSAPSSParameters(PLArenaPool *arena,
     SECKEYRSAPSSParams pssParams;
     int modBytes, hashLength;
     unsigned long saltLength;
+    PRBool defaultSHA1 = PR_FALSE;
     SECStatus rv;
 
     if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
@@ -631,6 +632,7 @@ sec_CreateRSAPSSParameters(PLArenaPool *arena,
         if (rv != SECSuccess) {
             return NULL;
         }
+        defaultSHA1 = PR_TRUE;
     }
 
     if (pssParams.trailerField.data) {
@@ -652,15 +654,23 @@ sec_CreateRSAPSSParameters(PLArenaPool *arena,
     /* Determine the hash algorithm to use, based on hashAlgTag and
      * pssParams.hashAlg; there are four cases */
     if (hashAlgTag != SEC_OID_UNKNOWN) {
+        SECOidTag tag = SEC_OID_UNKNOWN;
+
         if (pssParams.hashAlg) {
-            if (SECOID_GetAlgorithmTag(pssParams.hashAlg) != hashAlgTag) {
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                return NULL;
-            }
+            tag = SECOID_GetAlgorithmTag(pssParams.hashAlg);
+        } else if (defaultSHA1) {
+            tag = SEC_OID_SHA1;
+        }
+
+        if (tag != SEC_OID_UNKNOWN && tag != hashAlgTag) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return NULL;
         }
     } else if (hashAlgTag == SEC_OID_UNKNOWN) {
         if (pssParams.hashAlg) {
             hashAlgTag = SECOID_GetAlgorithmTag(pssParams.hashAlg);
+        } else if (defaultSHA1) {
+            hashAlgTag = SEC_OID_SHA1;
         } else {
             /* Find a suitable hash algorithm based on the NIST recommendation */
             if (modBytes <= 384) { /* 128, in NIST 800-57, Part 1 */
@@ -709,6 +719,11 @@ sec_CreateRSAPSSParameters(PLArenaPool *arena,
             PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
             return NULL;
         }
+    } else if (defaultSHA1) {
+        if (hashAlgTag != SEC_OID_SHA1) {
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            return NULL;
+        }
     }
 
     hashLength = HASH_ResultLenByOidTag(hashAlgTag);
@@ -725,6 +740,8 @@ sec_CreateRSAPSSParameters(PLArenaPool *arena,
             PORT_SetError(SEC_ERROR_INVALID_ARGS);
             return NULL;
         }
+    } else if (defaultSHA1) {
+        saltLength = 20;
     }
 
     /* Fill in the parameters */
diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile
index bc1ea86a5..61e2ed21c 100644
--- a/lib/freebl/Makefile
+++ b/lib/freebl/Makefile
@@ -510,6 +510,10 @@ ifdef USE_64
     endif
 endif
 
+ifndef HAVE_INT128_SUPPORT
+    DEFINES += -DKRML_NOUINT128
+endif
+
 ifndef NSS_DISABLE_CHACHAPOLY
     ifeq ($(CPU_ARCH),x86_64)
         ifdef HAVE_INT128_SUPPORT
@@ -520,20 +524,22 @@ ifndef NSS_DISABLE_CHACHAPOLY
 
         ifneq (1,$(CC_IS_GCC))
             EXTRA_SRCS += chacha20.c
+            VERIFIED_SRCS += Hacl_Chacha20.c
         else
             EXTRA_SRCS += chacha20_vec.c
         endif
     else
         EXTRA_SRCS += poly1305.c
         EXTRA_SRCS += chacha20.c
+        VERIFIED_SRCS += Hacl_Chacha20.c
     endif # x86_64
 endif # NSS_DISABLE_CHACHAPOLY
 
-ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
+ifeq (,$(filter-out i386 x386 x86 x86_64 aarch64,$(CPU_ARCH)))
     # All intel architectures get the 64 bit version
     # With custom uint128 if necessary (faster than generic 32 bit version).
     ECL_SRCS += curve25519_64.c
-    VERIFIED_SRCS += hacl_curve25519_64.c
+    VERIFIED_SRCS += Hacl_Curve25519.c FStar.c
 else
     # All non intel architectures get the generic 32 bit implementation (slow!)
     ECL_SRCS += curve25519_32.c
@@ -586,11 +592,6 @@ ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
 
 $(ECL_OBJS): $(ECL_HDRS)
 
-VERIFIED_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(VERIFIED_SRCS:.c=$(OBJ_SUFFIX)))
-
-$(VERIFIED_OBJS): $(VERIFIED_HDRS)
-
-
 $(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c
 
 $(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
diff --git a/lib/freebl/chacha20.c b/lib/freebl/chacha20.c
index f55d1e670..15ed67b5b 100644
--- a/lib/freebl/chacha20.c
+++ b/lib/freebl/chacha20.c
@@ -7,113 +7,13 @@
 #include <string.h>
 #include <stdio.h>
 
-#include "prtypes.h"
-#include "secport.h"
 #include "chacha20.h"
-
-#if defined(_MSC_VER)
-#pragma intrinsic(_lrotl)
-#define ROTL32(x, n) _lrotl(x, n)
-#else
-#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n)))
-#endif
-
-#define ROTATE(v, c) ROTL32((v), (c))
-
-#define U32TO8_LITTLE(p, v)          \
-    {                                \
-        (p)[0] = ((v)) & 0xff;       \
-        (p)[1] = ((v) >> 8) & 0xff;  \
-        (p)[2] = ((v) >> 16) & 0xff; \
-        (p)[3] = ((v) >> 24) & 0xff; \
-    }
-#define U8TO32_LITTLE(p)                                \
-    (((PRUint32)((p)[0])) | ((PRUint32)((p)[1]) << 8) | \
-     ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24))
-
-#define QUARTERROUND(x, a, b, c, d) \
-    x[a] = x[a] + x[b];             \
-    x[d] = ROTATE(x[d] ^ x[a], 16); \
-    x[c] = x[c] + x[d];             \
-    x[b] = ROTATE(x[b] ^ x[c], 12); \
-    x[a] = x[a] + x[b];             \
-    x[d] = ROTATE(x[d] ^ x[a], 8);  \
-    x[c] = x[c] + x[d];             \
-    x[b] = ROTATE(x[b] ^ x[c], 7);
-
-static void
-ChaChaCore(unsigned char output[64], const PRUint32 input[16], int num_rounds)
-{
-    PRUint32 x[16];
-    int i;
-
-    PORT_Memcpy(x, input, sizeof(PRUint32) * 16);
-    for (i = num_rounds; i > 0; i -= 2) {
-        QUARTERROUND(x, 0, 4, 8, 12)
-        QUARTERROUND(x, 1, 5, 9, 13)
-        QUARTERROUND(x, 2, 6, 10, 14)
-        QUARTERROUND(x, 3, 7, 11, 15)
-        QUARTERROUND(x, 0, 5, 10, 15)
-        QUARTERROUND(x, 1, 6, 11, 12)
-        QUARTERROUND(x, 2, 7, 8, 13)
-        QUARTERROUND(x, 3, 4, 9, 14)
-    }
-
-    for (i = 0; i < 16; ++i) {
-        x[i] = x[i] + input[i];
-    }
-    for (i = 0; i < 16; ++i) {
-        U32TO8_LITTLE(output + 4 * i, x[i]);
-    }
-}
-
-static const unsigned char sigma[16] = "expand 32-byte k";
+#include "verified/Hacl_Chacha20.h"
 
 void
 ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inLen,
             const unsigned char key[32], const unsigned char nonce[12],
             uint32_t counter)
 {
-    unsigned char block[64];
-    PRUint32 input[16];
-    unsigned int i;
-
-    input[4] = U8TO32_LITTLE(key + 0);
-    input[5] = U8TO32_LITTLE(key + 4);
-    input[6] = U8TO32_LITTLE(key + 8);
-    input[7] = U8TO32_LITTLE(key + 12);
-
-    input[8] = U8TO32_LITTLE(key + 16);
-    input[9] = U8TO32_LITTLE(key + 20);
-    input[10] = U8TO32_LITTLE(key + 24);
-    input[11] = U8TO32_LITTLE(key + 28);
-
-    input[0] = U8TO32_LITTLE(sigma + 0);
-    input[1] = U8TO32_LITTLE(sigma + 4);
-    input[2] = U8TO32_LITTLE(sigma + 8);
-    input[3] = U8TO32_LITTLE(sigma + 12);
-
-    input[12] = counter;
-    input[13] = U8TO32_LITTLE(nonce + 0);
-    input[14] = U8TO32_LITTLE(nonce + 4);
-    input[15] = U8TO32_LITTLE(nonce + 8);
-
-    while (inLen >= 64) {
-        ChaChaCore(block, input, 20);
-        for (i = 0; i < 64; i++) {
-            out[i] = in[i] ^ block[i];
-        }
-
-        input[12]++;
-        inLen -= 64;
-        in += 64;
-        out += 64;
-    }
-
-    if (inLen > 0) {
-        ChaChaCore(block, input, 20);
-        for (i = 0; i < inLen; i++) {
-            out[i] = in[i] ^ block[i];
-        }
-    }
+    Hacl_Chacha20_chacha20(out, (uint8_t *)in, inLen, (uint8_t *)key, (uint8_t *)nonce, counter);
 }
diff --git a/lib/freebl/ecl/curve25519_64.c b/lib/freebl/ecl/curve25519_64.c
index 21c5d2120..a2e4296bb 100644
--- a/lib/freebl/ecl/curve25519_64.c
+++ b/lib/freebl/ecl/curve25519_64.c
@@ -3,12 +3,12 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ecl-priv.h"
-#include "../verified/hacl_curve25519_64.h"
+#include "../verified/Hacl_Curve25519.h"
 
 SECStatus
 ec_Curve25519_mul(uint8_t *mypublic, const uint8_t *secret, const uint8_t *basepoint)
 {
     // Note: this cast is safe because HaCl* state has a post-condition that only "mypublic" changed.
-    Curve25519_crypto_scalarmult(mypublic, (uint8_t *)secret, (uint8_t *)basepoint);
+    Hacl_Curve25519_crypto_scalarmult(mypublic, (uint8_t *)secret, (uint8_t *)basepoint);
     return 0;
 }
diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
index a57de05e0..2328a677f 100644
--- a/lib/freebl/fipsfreebl.c
+++ b/lib/freebl/fipsfreebl.c
@@ -16,9 +16,7 @@
 #include "secerr.h"
 #include "prtypes.h"
 
-#ifdef NSS_ENABLE_ECC
 #include "ec.h" /* Required for ECDSA */
-#endif
 
 /*
  * different platforms have different ways of calling and initial entry point
@@ -1078,8 +1076,6 @@ rsa_loser:
     return (SECFailure);
 }
 
-#ifdef NSS_ENABLE_ECC
-
 static SECStatus
 freebl_fips_ECDSA_Test(ECParams *ecparams,
                        const PRUint8 *knownSignature,
@@ -1276,8 +1272,6 @@ freebl_fips_ECDSA_PowerUpSelfTest()
     return (SECSuccess);
 }
 
-#endif /* NSS_ENABLE_ECC */
-
 static SECStatus
 freebl_fips_DSA_PowerUpSelfTest(void)
 {
@@ -1560,13 +1554,11 @@ freebl_fipsPowerUpSelfTest(unsigned int tests)
         if (rv != SECSuccess)
             return rv;
 
-#ifdef NSS_ENABLE_ECC
         /* ECDSA Power-Up SelfTest(s). */
         rv = freebl_fips_ECDSA_PowerUpSelfTest();
 
         if (rv != SECSuccess)
             return rv;
-#endif
     }
     /* Passed Power-Up SelfTest(s). */
     return (SECSuccess);
diff --git a/lib/freebl/freebl.gyp b/lib/freebl/freebl.gyp
index 5f59eef29..8b6a546e7 100644
--- a/lib/freebl/freebl.gyp
+++ b/lib/freebl/freebl.gyp
@@ -255,8 +255,16 @@
               # The Makefile does version-tests on GCC, but we're not doing that here.
               'HAVE_INT128_SUPPORT',
             ],
+          }, {
+            'defines': [
+              'KRML_NOUINT128',
+            ],
           }],
         ],
+      }, {
+        'defines': [
+          'KRML_NOUINT128',
+        ],
       }],
       [ 'OS=="linux"', {
         'defines': [
diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi
index 6970eff7d..d9415a7c6 100644
--- a/lib/freebl/freebl_base.gypi
+++ b/lib/freebl/freebl_base.gypi
@@ -130,15 +130,16 @@
         }],
       ],
     }],
-    ['target_arch=="ia32" or target_arch=="x64"', {
+    ['target_arch=="ia32" or target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
       'sources': [
-        # All intel architectures get the 64 bit version
+        # All intel and 64-bit ARM architectures get the 64 bit version.
         'ecl/curve25519_64.c',
-        'verified/hacl_curve25519_64.c',
+        'verified/Hacl_Curve25519.c',
+        'verified/FStar.c',
       ],
     }, {
       'sources': [
-        # All non intel architectures get the generic 32 bit implementation (slow!)
+        # All other architectures get the generic 32 bit implementation (slow!)
         'ecl/curve25519_32.c',
       ],
     }],
@@ -153,6 +154,7 @@
           # not x64
           'sources': [
             'chacha20.c',
+            'verified/Hacl_Chacha20.c',
             'poly1305.c',
           ],
         }],
diff --git a/lib/freebl/mpi/README b/lib/freebl/mpi/README
index 776ba713a..cf4302758 100644
--- a/lib/freebl/mpi/README
+++ b/lib/freebl/mpi/README
@@ -53,7 +53,7 @@ to change are:
     single digit.  This is just a printf() format string, so you
     can adjust it appropriately.
 
-(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the 
+(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the
     largest value expressible in an mp_digit and an mp_word,
     respectively.
 
@@ -345,7 +345,7 @@ returns values of x and y satisfying Bezout's identity.  This is used
 by mp_invmod() to find modular inverses.  However, if you do not need
 these values, you will find that mp_gcd() is MUCH more efficient,
 since it doesn't need all the intermediate values that mp_xgcd()
-requires in order to compute x and y. 
+requires in order to compute x and y.
 
 The mp_gcd() (and mp_xgcd()) functions use the binary (extended) GCD
 algorithm due to Josef Stein.
@@ -361,7 +361,7 @@ mp_read_radix(mp, str, r)  - convert a string in radix r to an mp_int
 mp_read_raw(mp, s, len)    - convert a string of bytes to an mp_int
 mp_radix_size(mp, r)       - return length of buffer needed by mp_toradix()
 mp_raw_size(mp)            - return length of buffer needed by mp_toraw()
-mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r 
+mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r
                              digits
 mp_toraw(mp, str)          - convert an mp_int to a string of bytes
 mp_tovalue(ch, r)          - convert ch to its value when taken as
@@ -387,7 +387,7 @@ The mp_read_radix() and mp_toradix() functions support bases from 2 to
 than this, you will need to write them yourself (that's why mp_div_d()
 is provided, after all).
 
-Note:   mp_read_radix() will accept as digits either capital or 
+Note:   mp_read_radix() will accept as digits either capital or
 ----    lower-case letters.  However, the current implementation of
         mp_toradix() only outputs upper-case letters, when writing
         bases betwee 10 and 36.  The underlying code supports using
@@ -448,14 +448,14 @@ Note:  The mpp_random() and mpp_random_size() functions use the C
        to change.
 
 mpp_divis_vector(a, v, s, w)  - is a divisible by any of the s digits
-                                in v?  If so, let w be the index of 
+                                in v?  If so, let w be the index of
                                 that digit
 
 mpp_divis_primes(a, np)       - is a divisible by any of the first np
-                                primes?  If so, set np to the prime 
+                                primes?  If so, set np to the prime
                                 which divided a.
 
-mpp_fermat(a, d)              - test if w^a = w (mod a).  If so, 
+mpp_fermat(a, d)              - test if w^a = w (mod a).  If so,
                                 returns MP_YES, otherwise MP_NO.
 
 mpp_pprime(a, nt)             - perform nt iterations of the Rabin-
@@ -486,7 +486,7 @@ The file 'mpi-config.h' defines several configurable parameters for
 the library, which you can adjust to suit your application.  At the
 time of this writing, the available options are:
 
-MP_IOFUNC       - Define true to include the mp_print() function, 
+MP_IOFUNC       - Define true to include the mp_print() function,
                   which is moderately useful for debugging.  This
                   implicitly includes <stdio.h>.
 
@@ -502,21 +502,14 @@ MP_LOGTAB       - If true, the file "logtab.h" is included, which
                   the library includes <math.h> and uses log().  This
                   typically forces you to link against math libraries.
 
-MP_MEMSET       - If true, use memset() to zero buffers.  If you run
-                  into weird alignment related bugs, set this to zero
-                  and an explicit loop will be used.
-
-MP_MEMCPY       - If true, use memcpy() to copy buffers.  If you run
-                  into weird alignment bugs, set this to zero and an
-                  explicit loop will be used.
 
 MP_ARGCHK       - Set to 0, 1, or 2.  This defines how the argument
-                  checking macro, ARGCHK(), gets expanded.  If this 
-                  is set to zero, ARGCHK() expands to nothing; no 
+                  checking macro, ARGCHK(), gets expanded.  If this
+                  is set to zero, ARGCHK() expands to nothing; no
                   argument checks are performed.  If this is 1, the
                   ARGCHK() macro expands to code that returns MP_BADARG
-                  or similar at runtime.  If it is 2, ARGCHK() expands 
-                  to an assert() call that aborts the program on a 
+                  or similar at runtime.  If it is 2, ARGCHK() expands
+                  to an assert() call that aborts the program on a
                   bad input.
 
 MP_DEBUG        - Turns on debugging output.  This is probably not at
@@ -528,14 +521,14 @@ MP_DEFPREC      - The default precision of a newly-created mp_int, in
                   the mp_set_prec() function, but this is its initial
                   value.
 
-MP_SQUARE       - If this is set to a nonzero value, the mp_sqr() 
+MP_SQUARE       - If this is set to a nonzero value, the mp_sqr()
                   function will use an alternate algorithm that takes
                   advantage of the redundant inner product computation
                   when both multiplicands are identical.  Unfortunately,
                   with some compilers this is actually SLOWER than just
                   calling mp_mul() with the same argument twice.  So
                   if you set MP_SQUARE to zero, mp_sqr() will be expan-
-                  ded into a call to mp_mul().  This applies to all 
+                  ded into a call to mp_mul().  This applies to all
                   the uses of mp_sqr(), including mp_sqrmod() and the
                   internal calls to s_mp_sqr() inside mpi.c
 
@@ -568,7 +561,7 @@ CFLAGS=-ansi -pedantic -Wall -O2
 
 If all goes well, the library should compile without warnings using
 this combination.  You should, of course, make whatever adjustments
-you find necessary.  
+you find necessary.
 
 The MPI library distribution comes with several additional programs
 which are intended to demonstrate the use of the library, and provide
@@ -580,7 +573,7 @@ directory) for manipulating large numbers.  These include:
 basecvt.c       A radix-conversion program, supporting bases from
                 2 to 64 inclusive.
 
-bbsrand.c       A BBS (quadratic residue) pseudo-random number 
+bbsrand.c       A BBS (quadratic residue) pseudo-random number
                 generator.  The file 'bbsrand.c' is just the driver
                 for the program; the real code lives in the files
                 'bbs_rand.h' and 'bbs_rand.c'
@@ -626,7 +619,7 @@ Acknowledgements:
 ----------------
 
 The algorithms used in this library were drawn primarily from Volume
-2 of Donald Knuth's magnum opus, _The Art of Computer Programming_, 
+2 of Donald Knuth's magnum opus, _The Art of Computer Programming_,
 "Semi-Numerical Methods".  Barrett's algorithm for modular reduction
 came from Menezes, Oorschot, and Vanstone's _Handbook of Applied
 Cryptography_, Chapter 14.
diff --git a/lib/freebl/mpi/mpi-config.h b/lib/freebl/mpi/mpi-config.h
index c6f72b206..0cc868a14 100644
--- a/lib/freebl/mpi/mpi-config.h
+++ b/lib/freebl/mpi/mpi-config.h
@@ -28,14 +28,6 @@
 #define MP_LOGTAB 1 /* use table of logs instead of log()? */
 #endif
 
-#ifndef MP_MEMSET
-#define MP_MEMSET 1 /* use memset() to zero buffers?       */
-#endif
-
-#ifndef MP_MEMCPY
-#define MP_MEMCPY 1 /* use memcpy() to copy buffers?       */
-#endif
-
 #ifndef MP_ARGCHK
 /*
   0 = no parameter checks
diff --git a/lib/freebl/mpi/mpi.c b/lib/freebl/mpi/mpi.c
index f7784c8d9..ae404019d 100644
--- a/lib/freebl/mpi/mpi.c
+++ b/lib/freebl/mpi/mpi.c
@@ -2782,15 +2782,7 @@ s_mp_pad(mp_int *mp, mp_size min)
 void
 s_mp_setz(mp_digit *dp, mp_size count)
 {
-#if MP_MEMSET == 0
-    int ix;
-
-    for (ix = 0; ix < count; ix++)
-        dp[ix] = 0;
-#else
     memset(dp, 0, count * sizeof(mp_digit));
-#endif
-
 } /* end s_mp_setz() */
 
 /* }}} */
@@ -2801,14 +2793,7 @@ s_mp_setz(mp_digit *dp, mp_size count)
 void
 s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
 {
-#if MP_MEMCPY == 0
-    int ix;
-
-    for (ix = 0; ix < count; ix++)
-        dp[ix] = sp[ix];
-#else
     memcpy(dp, sp, count * sizeof(mp_digit));
-#endif
 } /* end s_mp_copy() */
 
 /* }}} */
diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
index 204c8ff02..a08636de6 100644
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
@@ -276,7 +276,10 @@ RSAPrivateKey *
 RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
 {
     unsigned int primeLen;
-    mp_int p, q, e, d;
+    mp_int p = { 0, 0, 0, NULL };
+    mp_int q = { 0, 0, 0, NULL };
+    mp_int e = { 0, 0, 0, NULL };
+    mp_int d = { 0, 0, 0, NULL };
     int kiter;
     int max_attempts;
     mp_err err = MP_OKAY;
@@ -290,41 +293,46 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
-    /* 1. Allocate arena & key */
+    /* 1.  Set the public exponent and check if it's uneven and greater than 2.*/
+    MP_DIGITS(&e) = 0;
+    CHECK_MPI_OK(mp_init(&e));
+    SECITEM_TO_MPINT(*publicExponent, &e);
+    if (mp_iseven(&e) || !(mp_cmp_d(&e, 2) > 0)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto cleanup;
+    }
+#ifndef NSS_FIPS_DISABLED
+    /* Check that the exponent is not smaller than 65537  */
+    if (mp_cmp_d(&e, 0x10001) < 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto cleanup;
+    }
+#endif
+
+    /* 2. Allocate arena & key */
     arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
     if (!arena) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
-        return NULL;
+        goto cleanup;
     }
     key = PORT_ArenaZNew(arena, RSAPrivateKey);
     if (!key) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
-        PORT_FreeArena(arena, PR_TRUE);
-        return NULL;
+        goto cleanup;
     }
     key->arena = arena;
     /* length of primes p and q (in bytes) */
     primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
     MP_DIGITS(&p) = 0;
     MP_DIGITS(&q) = 0;
-    MP_DIGITS(&e) = 0;
     MP_DIGITS(&d) = 0;
     CHECK_MPI_OK(mp_init(&p));
     CHECK_MPI_OK(mp_init(&q));
-    CHECK_MPI_OK(mp_init(&e));
     CHECK_MPI_OK(mp_init(&d));
-    /* 2.  Set the version number (PKCS1 v1.5 says it should be zero) */
+    /* 3.  Set the version number (PKCS1 v1.5 says it should be zero) */
     SECITEM_AllocItem(arena, &key->version, 1);
     key->version.data[0] = 0;
-    /* 3.  Set the public exponent */
-    SECITEM_TO_MPINT(*publicExponent, &e);
-#ifndef NSS_FIPS_DISABLED
-    /* check the exponent size  we  */
-    if (mp_cmp_d(&e, 0x10001) < 0) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto cleanup;
-    }
-#endif
+
     kiter = 0;
     max_attempts = 5 * (keySizeInBits / 2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
     do {
diff --git a/lib/freebl/verified/fstar_uint128.h b/lib/freebl/verified/FStar.c
index cd6ce2dde..4e5f6d50d 100644
--- a/lib/freebl/verified/fstar_uint128.h
+++ b/lib/freebl/verified/FStar.c
@@ -1,51 +1,35 @@
-// Copyright 2016-2017 Microsoft Corporation
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 /* This file was auto-generated by KreMLin! */
 
-#ifndef __FStar_UInt128_H
-#define __FStar_UInt128_H
+#include "FStar.h"
 
-typedef struct
-{
-    uint64_t low;
-    uint64_t high;
-} FStar_UInt128_uint128;
-
-typedef FStar_UInt128_uint128 FStar_UInt128_t;
-
-typedef struct
-{
-    uint64_t fst;
-    uint64_t snd;
-    uint64_t thd;
-    uint64_t f3;
-} K___uint64_t_uint64_t_uint64_t_uint64_t;
-
-static inline uint64_t
+static uint64_t
 FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
 {
-    return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63;
+    return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
 }
 
-static inline uint64_t
+static uint64_t
 FStar_UInt128_carry(uint64_t a, uint64_t b)
 {
     return FStar_UInt128_constant_time_carry(a, b);
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return (
@@ -54,7 +38,7 @@ FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
             .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return (
@@ -63,7 +47,7 @@ FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
             .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return (
@@ -72,7 +56,7 @@ FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
             .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
 }
 
-static inline FStar_UInt128_uint128
+static FStar_UInt128_uint128
 FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return (
@@ -81,54 +65,54 @@ FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
             .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return FStar_UInt128_sub_mod_impl(a, b);
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return ((FStar_UInt128_uint128){.low = a.low & b.low, .high = a.high & b.high });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return ((FStar_UInt128_uint128){.low = a.low ^ b.low, .high = a.high ^ b.high });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return ((FStar_UInt128_uint128){.low = a.low | b.low, .high = a.high | b.high });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_lognot(FStar_UInt128_uint128 a)
 {
     return ((FStar_UInt128_uint128){.low = ~a.low, .high = ~a.high });
 }
 
-static uint32_t FStar_UInt128_u32_64 = (uint32_t)64;
+static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
 
-static inline uint64_t
+static uint64_t
 FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
 {
     return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
 }
 
-static inline uint64_t
+static uint64_t
 FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
 {
     return FStar_UInt128_add_u64_shift_left(hi, lo, s);
 }
 
-static inline FStar_UInt128_uint128
+static FStar_UInt128_uint128
 FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
 {
-    if (s == (uint32_t)0)
+    if (s == (uint32_t)0U)
         return a;
     else
         return (
@@ -137,13 +121,13 @@ FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
                 .high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) });
 }
 
-static inline FStar_UInt128_uint128
+static FStar_UInt128_uint128
 FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
 {
-    return ((FStar_UInt128_uint128){.low = (uint64_t)0, .high = a.low << (s - FStar_UInt128_u32_64) });
+    return ((FStar_UInt128_uint128){.low = (uint64_t)0U, .high = a.low << (s - FStar_UInt128_u32_64) });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
 {
     if (s < FStar_UInt128_u32_64)
@@ -152,22 +136,22 @@ FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
         return FStar_UInt128_shift_left_large(a, s);
 }
 
-static inline uint64_t
+static uint64_t
 FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
 {
     return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
 }
 
-static inline uint64_t
+static uint64_t
 FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
 {
     return FStar_UInt128_add_u64_shift_right(hi, lo, s);
 }
 
-static inline FStar_UInt128_uint128
+static FStar_UInt128_uint128
 FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
 {
-    if (s == (uint32_t)0)
+    if (s == (uint32_t)0U)
         return a;
     else
         return (
@@ -176,13 +160,13 @@ FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
                 .high = a.high >> s });
 }
 
-static inline FStar_UInt128_uint128
+static FStar_UInt128_uint128
 FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
 {
-    return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0 });
+    return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0U });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
 {
     if (s < FStar_UInt128_u32_64)
@@ -191,7 +175,7 @@ FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
         return FStar_UInt128_shift_right_large(a, s);
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return (
@@ -200,44 +184,38 @@ FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
             .high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
 {
     return (
         (FStar_UInt128_uint128){
-            .low = (FStar_UInt64_gte_mask(a.high,
-                                          b.high) &
-                    ~FStar_UInt64_eq_mask(a.high, b.high)) |
-                   (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
-            .high = (FStar_UInt64_gte_mask(a.high,
-                                           b.high) &
-                     ~FStar_UInt64_eq_mask(a.high, b.high)) |
-                    (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) });
+            .low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
+            .high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_uint64_to_uint128(uint64_t a)
 {
-    return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0 });
+    return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0U });
 }
 
-static inline uint64_t
+uint64_t
 FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
 {
     return a.low;
 }
 
-static uint64_t FStar_UInt128_u64_l32_mask = (uint64_t)0xffffffff;
+static uint64_t FStar_UInt128_u64_l32_mask = (uint64_t)0xffffffffU;
 
-static inline uint64_t
+static uint64_t
 FStar_UInt128_u64_mod_32(uint64_t a)
 {
     return a & FStar_UInt128_u64_l32_mask;
 }
 
-static uint32_t FStar_UInt128_u32_32 = (uint32_t)32;
+static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
 
-static inline K___uint64_t_uint64_t_uint64_t_uint64_t
+static K___uint64_t_uint64_t_uint64_t_uint64_t
 FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
 {
     return (
@@ -248,13 +226,13 @@ FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
             .f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) });
 }
 
-static inline uint64_t
+static uint64_t
 FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo)
 {
     return lo + (hi << FStar_UInt128_u32_32);
 }
 
-static inline FStar_UInt128_uint128
+static FStar_UInt128_uint128
 FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
 {
     K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y);
@@ -270,22 +248,8 @@ FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
                     ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) });
 }
 
-static inline FStar_UInt128_uint128
+FStar_UInt128_uint128
 FStar_UInt128_mul_wide(uint64_t x, uint64_t y)
 {
     return FStar_UInt128_mul_wide_impl(x, y);
 }
-
-static inline FStar_UInt128_uint128
-FStar_Int_Cast_Full_uint64_to_uint128(uint64_t a)
-{
-    return FStar_UInt128_uint64_to_uint128(a);
-}
-
-static inline uint64_t
-FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_uint128 a)
-{
-    return FStar_UInt128_uint128_to_uint64(a);
-}
-
-#endif
diff --git a/lib/freebl/verified/FStar.h b/lib/freebl/verified/FStar.h
new file mode 100644
index 000000000..7b105b8f2
--- /dev/null
+++ b/lib/freebl/verified/FStar.h
@@ -0,0 +1,69 @@
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* This file was auto-generated by KreMLin! */
+#ifndef __FStar_H
+#define __FStar_H
+
+#include "kremlib_base.h"
+
+typedef struct
+{
+    uint64_t low;
+    uint64_t high;
+} FStar_UInt128_uint128;
+
+typedef FStar_UInt128_uint128 FStar_UInt128_t;
+
+extern void FStar_UInt128_constant_time_carry_ok(uint64_t x0, uint64_t x1);
+
+FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a);
+
+FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s);
+
+FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s);
+
+FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
+
+FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a);
+
+uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a);
+
+typedef struct
+{
+    uint64_t fst;
+    uint64_t snd;
+    uint64_t thd;
+    uint64_t f3;
+} K___uint64_t_uint64_t_uint64_t_uint64_t;
+
+FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y);
+#endif
diff --git a/lib/freebl/verified/Hacl_Chacha20.c b/lib/freebl/verified/Hacl_Chacha20.c
new file mode 100644
index 000000000..68d0ad21a
--- /dev/null
+++ b/lib/freebl/verified/Hacl_Chacha20.c
@@ -0,0 +1,255 @@
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "Hacl_Chacha20.h"
+
+static void
+Hacl_Lib_LoadStore32_uint32s_from_le_bytes(uint32_t *output, uint8_t *input, uint32_t len)
+{
+    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
+        uint8_t *x0 = input + (uint32_t)4U * i;
+        uint32_t inputi = load32_le(x0);
+        output[i] = inputi;
+    }
+}
+
+static void
+Hacl_Lib_LoadStore32_uint32s_to_le_bytes(uint8_t *output, uint32_t *input, uint32_t len)
+{
+    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
+        uint32_t hd1 = input[i];
+        uint8_t *x0 = output + (uint32_t)4U * i;
+        store32_le(x0, hd1);
+    }
+}
+
+inline static uint32_t
+Hacl_Impl_Chacha20_rotate_left(uint32_t a, uint32_t s)
+{
+    return a << s | a >> ((uint32_t)32U - s);
+}
+
+inline static void
+Hacl_Impl_Chacha20_setup(uint32_t *st, uint8_t *k, uint8_t *n1, uint32_t c)
+{
+    uint32_t *stcst = st;
+    uint32_t *stk = st + (uint32_t)4U;
+    uint32_t *stc = st + (uint32_t)12U;
+    uint32_t *stn = st + (uint32_t)13U;
+    stcst[0U] = (uint32_t)0x61707865U;
+    stcst[1U] = (uint32_t)0x3320646eU;
+    stcst[2U] = (uint32_t)0x79622d32U;
+    stcst[3U] = (uint32_t)0x6b206574U;
+    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(stk, k, (uint32_t)8U);
+    stc[0U] = c;
+    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(stn, n1, (uint32_t)3U);
+}
+
+inline static void
+Hacl_Impl_Chacha20_quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
+{
+    uint32_t sa = st[a];
+    uint32_t sb0 = st[b];
+    st[a] = sa + sb0;
+    uint32_t sd = st[d];
+    uint32_t sa10 = st[a];
+    uint32_t sda = sd ^ sa10;
+    st[d] = Hacl_Impl_Chacha20_rotate_left(sda, (uint32_t)16U);
+    uint32_t sa0 = st[c];
+    uint32_t sb1 = st[d];
+    st[c] = sa0 + sb1;
+    uint32_t sd0 = st[b];
+    uint32_t sa11 = st[c];
+    uint32_t sda0 = sd0 ^ sa11;
+    st[b] = Hacl_Impl_Chacha20_rotate_left(sda0, (uint32_t)12U);
+    uint32_t sa2 = st[a];
+    uint32_t sb2 = st[b];
+    st[a] = sa2 + sb2;
+    uint32_t sd1 = st[d];
+    uint32_t sa12 = st[a];
+    uint32_t sda1 = sd1 ^ sa12;
+    st[d] = Hacl_Impl_Chacha20_rotate_left(sda1, (uint32_t)8U);
+    uint32_t sa3 = st[c];
+    uint32_t sb = st[d];
+    st[c] = sa3 + sb;
+    uint32_t sd2 = st[b];
+    uint32_t sa1 = st[c];
+    uint32_t sda2 = sd2 ^ sa1;
+    st[b] = Hacl_Impl_Chacha20_rotate_left(sda2, (uint32_t)7U);
+}
+
+inline static void
+Hacl_Impl_Chacha20_double_round(uint32_t *st)
+{
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)0U, (uint32_t)4U, (uint32_t)8U, (uint32_t)12U);
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)1U, (uint32_t)5U, (uint32_t)9U, (uint32_t)13U);
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)2U, (uint32_t)6U, (uint32_t)10U, (uint32_t)14U);
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)3U, (uint32_t)7U, (uint32_t)11U, (uint32_t)15U);
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)0U, (uint32_t)5U, (uint32_t)10U, (uint32_t)15U);
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)1U, (uint32_t)6U, (uint32_t)11U, (uint32_t)12U);
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)2U, (uint32_t)7U, (uint32_t)8U, (uint32_t)13U);
+    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)3U, (uint32_t)4U, (uint32_t)9U, (uint32_t)14U);
+}
+
+inline static void
+Hacl_Impl_Chacha20_rounds(uint32_t *st)
+{
+    for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U)
+        Hacl_Impl_Chacha20_double_round(st);
+}
+
+inline static void
+Hacl_Impl_Chacha20_sum_states(uint32_t *st, uint32_t *st_)
+{
+    for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) {
+        uint32_t xi = st[i];
+        uint32_t yi = st_[i];
+        st[i] = xi + yi;
+    }
+}
+
+inline static void
+Hacl_Impl_Chacha20_copy_state(uint32_t *st, uint32_t *st_)
+{
+    memcpy(st, st_, (uint32_t)16U * sizeof st_[0U]);
+}
+
+inline static void
+Hacl_Impl_Chacha20_chacha20_core(uint32_t *k, uint32_t *st, uint32_t ctr)
+{
+    st[12U] = ctr;
+    Hacl_Impl_Chacha20_copy_state(k, st);
+    Hacl_Impl_Chacha20_rounds(k);
+    Hacl_Impl_Chacha20_sum_states(k, st);
+}
+
+inline static void
+Hacl_Impl_Chacha20_chacha20_block(uint8_t *stream_block, uint32_t *st, uint32_t ctr)
+{
+    uint32_t st_[16U] = { 0U };
+    Hacl_Impl_Chacha20_chacha20_core(st_, st, ctr);
+    Hacl_Lib_LoadStore32_uint32s_to_le_bytes(stream_block, st_, (uint32_t)16U);
+}
+
+inline static void
+Hacl_Impl_Chacha20_init(uint32_t *st, uint8_t *k, uint8_t *n1)
+{
+    Hacl_Impl_Chacha20_setup(st, k, n1, (uint32_t)0U);
+}
+
+static void
+Hacl_Impl_Chacha20_update(uint8_t *output, uint8_t *plain, uint32_t *st, uint32_t ctr)
+{
+    uint32_t b[48U] = { 0U };
+    uint32_t *k = b;
+    uint32_t *ib = b + (uint32_t)16U;
+    uint32_t *ob = b + (uint32_t)32U;
+    Hacl_Impl_Chacha20_chacha20_core(k, st, ctr);
+    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(ib, plain, (uint32_t)16U);
+    for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) {
+        uint32_t xi = ib[i];
+        uint32_t yi = k[i];
+        ob[i] = xi ^ yi;
+    }
+    Hacl_Lib_LoadStore32_uint32s_to_le_bytes(output, ob, (uint32_t)16U);
+}
+
+static void
+Hacl_Impl_Chacha20_update_last(
+    uint8_t *output,
+    uint8_t *plain,
+    uint32_t len,
+    uint32_t *st,
+    uint32_t ctr)
+{
+    uint8_t block[64U] = { 0U };
+    Hacl_Impl_Chacha20_chacha20_block(block, st, ctr);
+    uint8_t *mask = block;
+    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
+        uint8_t xi = plain[i];
+        uint8_t yi = mask[i];
+        output[i] = xi ^ yi;
+    }
+}
+
+static void
+Hacl_Impl_Chacha20_chacha20_counter_mode_blocks(
+    uint8_t *output,
+    uint8_t *plain,
+    uint32_t len,
+    uint32_t *st,
+    uint32_t ctr)
+{
+    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
+        uint8_t *b = plain + (uint32_t)64U * i;
+        uint8_t *o = output + (uint32_t)64U * i;
+        Hacl_Impl_Chacha20_update(o, b, st, ctr + i);
+    }
+}
+
+static void
+Hacl_Impl_Chacha20_chacha20_counter_mode(
+    uint8_t *output,
+    uint8_t *plain,
+    uint32_t len,
+    uint32_t *st,
+    uint32_t ctr)
+{
+    uint32_t blocks_len = len >> (uint32_t)6U;
+    uint32_t part_len = len & (uint32_t)0x3fU;
+    uint8_t *output_ = output;
+    uint8_t *plain_ = plain;
+    uint8_t *output__ = output + (uint32_t)64U * blocks_len;
+    uint8_t *plain__ = plain + (uint32_t)64U * blocks_len;
+    Hacl_Impl_Chacha20_chacha20_counter_mode_blocks(output_, plain_, blocks_len, st, ctr);
+    if (part_len > (uint32_t)0U)
+        Hacl_Impl_Chacha20_update_last(output__, plain__, part_len, st, ctr + blocks_len);
+}
+
+static void
+Hacl_Impl_Chacha20_chacha20(
+    uint8_t *output,
+    uint8_t *plain,
+    uint32_t len,
+    uint8_t *k,
+    uint8_t *n1,
+    uint32_t ctr)
+{
+    uint32_t buf[16U] = { 0U };
+    uint32_t *st = buf;
+    Hacl_Impl_Chacha20_init(st, k, n1);
+    Hacl_Impl_Chacha20_chacha20_counter_mode(output, plain, len, st, ctr);
+}
+
+void
+Hacl_Chacha20_chacha20_key_block(uint8_t *block, uint8_t *k, uint8_t *n1, uint32_t ctr)
+{
+    uint32_t buf[16U] = { 0U };
+    uint32_t *st = buf;
+    Hacl_Impl_Chacha20_init(st, k, n1);
+    Hacl_Impl_Chacha20_chacha20_block(block, st, ctr);
+}
+
+void
+Hacl_Chacha20_chacha20(
+    uint8_t *output,
+    uint8_t *plain,
+    uint32_t len,
+    uint8_t *k,
+    uint8_t *n1,
+    uint32_t ctr)
+{
+    Hacl_Impl_Chacha20_chacha20(output, plain, len, k, n1, ctr);
+}
diff --git a/lib/freebl/verified/Hacl_Chacha20.h b/lib/freebl/verified/Hacl_Chacha20.h
new file mode 100644
index 000000000..b5c86968b
--- /dev/null
+++ b/lib/freebl/verified/Hacl_Chacha20.h
@@ -0,0 +1,60 @@
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "kremlib.h"
+#ifndef __Hacl_Chacha20_H
+#define __Hacl_Chacha20_H
+
+typedef uint32_t Hacl_Impl_Xor_Lemmas_u32;
+
+typedef uint8_t Hacl_Impl_Xor_Lemmas_u8;
+
+typedef uint8_t *Hacl_Lib_LoadStore32_uint8_p;
+
+typedef uint32_t Hacl_Impl_Chacha20_u32;
+
+typedef uint32_t Hacl_Impl_Chacha20_h32;
+
+typedef uint8_t *Hacl_Impl_Chacha20_uint8_p;
+
+typedef uint32_t *Hacl_Impl_Chacha20_state;
+
+typedef uint32_t Hacl_Impl_Chacha20_idx;
+
+typedef struct
+{
+    void *k;
+    void *n;
+} Hacl_Impl_Chacha20_log_t_;
+
+typedef void *Hacl_Impl_Chacha20_log_t;
+
+typedef uint32_t Hacl_Lib_Create_h32;
+
+typedef uint8_t *Hacl_Chacha20_uint8_p;
+
+typedef uint32_t Hacl_Chacha20_uint32_t;
+
+void Hacl_Chacha20_chacha20_key_block(uint8_t *block, uint8_t *k, uint8_t *n1, uint32_t ctr);
+
+void
+Hacl_Chacha20_chacha20(
+    uint8_t *output,
+    uint8_t *plain,
+    uint32_t len,
+    uint8_t *k,
+    uint8_t *n1,
+    uint32_t ctr);
+#endif
diff --git a/lib/freebl/verified/Hacl_Curve25519.c b/lib/freebl/verified/Hacl_Curve25519.c
new file mode 100644
index 000000000..f2dcddc57
--- /dev/null
+++ b/lib/freebl/verified/Hacl_Curve25519.c
@@ -0,0 +1,845 @@
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "Hacl_Curve25519.h"
+
+static void
+Hacl_Bignum_Modulo_carry_top(uint64_t *b)
+{
+    uint64_t b4 = b[4U];
+    uint64_t b0 = b[0U];
+    uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU;
+    uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U);
+    b[4U] = b4_;
+    b[0U] = b0_;
+}
+
+inline static void
+Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_t *input)
+{
+    {
+        FStar_UInt128_t xi = input[0U];
+        output[0U] = FStar_UInt128_uint128_to_uint64(xi);
+    }
+    {
+        FStar_UInt128_t xi = input[1U];
+        output[1U] = FStar_UInt128_uint128_to_uint64(xi);
+    }
+    {
+        FStar_UInt128_t xi = input[2U];
+        output[2U] = FStar_UInt128_uint128_to_uint64(xi);
+    }
+    {
+        FStar_UInt128_t xi = input[3U];
+        output[3U] = FStar_UInt128_uint128_to_uint64(xi);
+    }
+    {
+        FStar_UInt128_t xi = input[4U];
+        output[4U] = FStar_UInt128_uint128_to_uint64(xi);
+    }
+}
+
+inline static void
+Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
+    FStar_UInt128_t *output,
+    uint64_t *input,
+    uint64_t s)
+{
+    {
+        FStar_UInt128_t xi = output[0U];
+        uint64_t yi = input[0U];
+        output[0U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
+    }
+    {
+        FStar_UInt128_t xi = output[1U];
+        uint64_t yi = input[1U];
+        output[1U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
+    }
+    {
+        FStar_UInt128_t xi = output[2U];
+        uint64_t yi = input[2U];
+        output[2U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
+    }
+    {
+        FStar_UInt128_t xi = output[3U];
+        uint64_t yi = input[3U];
+        output[3U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
+    }
+    {
+        FStar_UInt128_t xi = output[4U];
+        uint64_t yi = input[4U];
+        output[4U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
+    }
+}
+
+inline static void
+Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_t *tmp)
+{
+    {
+        uint32_t ctr = (uint32_t)0U;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
+        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
+        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
+    }
+    {
+        uint32_t ctr = (uint32_t)1U;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
+        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
+        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
+    }
+    {
+        uint32_t ctr = (uint32_t)2U;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
+        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
+        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
+    }
+    {
+        uint32_t ctr = (uint32_t)3U;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
+        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
+        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
+    }
+}
+
+inline static void
+Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
+{
+    uint64_t tmp = output[4U];
+    {
+        uint32_t ctr = (uint32_t)5U - (uint32_t)0U - (uint32_t)1U;
+        uint64_t z = output[ctr - (uint32_t)1U];
+        output[ctr] = z;
+    }
+    {
+        uint32_t ctr = (uint32_t)5U - (uint32_t)1U - (uint32_t)1U;
+        uint64_t z = output[ctr - (uint32_t)1U];
+        output[ctr] = z;
+    }
+    {
+        uint32_t ctr = (uint32_t)5U - (uint32_t)2U - (uint32_t)1U;
+        uint64_t z = output[ctr - (uint32_t)1U];
+        output[ctr] = z;
+    }
+    {
+        uint32_t ctr = (uint32_t)5U - (uint32_t)3U - (uint32_t)1U;
+        uint64_t z = output[ctr - (uint32_t)1U];
+        output[ctr] = z;
+    }
+    output[0U] = tmp;
+    uint64_t b0 = output[0U];
+    output[0U] = (uint64_t)19U * b0;
+}
+
+static void
+Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input21)
+{
+    {
+        uint64_t input2i = input21[0U];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    {
+        uint64_t input2i = input21[1U];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    {
+        uint64_t input2i = input21[2U];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    {
+        uint64_t input2i = input21[3U];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    uint32_t i = (uint32_t)4U;
+    uint64_t input2i = input21[i];
+    Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+}
+
+inline static void
+Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21)
+{
+    uint64_t tmp[5U] = { 0U };
+    memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]);
+    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
+    FStar_UInt128_t t[5U];
+    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
+        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+    Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input21);
+    Hacl_Bignum_Fproduct_carry_wide_(t);
+    FStar_UInt128_t b4 = t[4U];
+    FStar_UInt128_t b0 = t[0U];
+    FStar_UInt128_t
+        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
+    FStar_UInt128_t
+        b0_ =
+            FStar_UInt128_add(b0,
+                              FStar_UInt128_mul_wide((uint64_t)19U,
+                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
+    t[4U] = b4_;
+    t[0U] = b0_;
+    Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
+    uint64_t i0 = output[0U];
+    uint64_t i1 = output[1U];
+    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
+    output[0U] = i0_;
+    output[1U] = i1_;
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_t *tmp, uint64_t *output)
+{
+    uint64_t r0 = output[0U];
+    uint64_t r1 = output[1U];
+    uint64_t r2 = output[2U];
+    uint64_t r3 = output[3U];
+    uint64_t r4 = output[4U];
+    uint64_t d0 = r0 * (uint64_t)2U;
+    uint64_t d1 = r1 * (uint64_t)2U;
+    uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U;
+    uint64_t d419 = r4 * (uint64_t)19U;
+    uint64_t d4 = d419 * (uint64_t)2U;
+    FStar_UInt128_t
+        s0 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0),
+                                                FStar_UInt128_mul_wide(d4, r1)),
+                              FStar_UInt128_mul_wide(d2, r3));
+    FStar_UInt128_t
+        s1 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1),
+                                                FStar_UInt128_mul_wide(d4, r2)),
+                              FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3));
+    FStar_UInt128_t
+        s2 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2),
+                                                FStar_UInt128_mul_wide(r1, r1)),
+                              FStar_UInt128_mul_wide(d4, r3));
+    FStar_UInt128_t
+        s3 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3),
+                                                FStar_UInt128_mul_wide(d1, r2)),
+                              FStar_UInt128_mul_wide(r4, d419));
+    FStar_UInt128_t
+        s4 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4),
+                                                FStar_UInt128_mul_wide(d1, r3)),
+                              FStar_UInt128_mul_wide(r2, r2));
+    tmp[0U] = s0;
+    tmp[1U] = s1;
+    tmp[2U] = s2;
+    tmp[3U] = s3;
+    tmp[4U] = s4;
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output)
+{
+    Hacl_Bignum_Fsquare_fsquare__(tmp, output);
+    Hacl_Bignum_Fproduct_carry_wide_(tmp);
+    FStar_UInt128_t b4 = tmp[4U];
+    FStar_UInt128_t b0 = tmp[0U];
+    FStar_UInt128_t
+        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
+    FStar_UInt128_t
+        b0_ =
+            FStar_UInt128_add(b0,
+                              FStar_UInt128_mul_wide((uint64_t)19U,
+                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
+    tmp[4U] = b4_;
+    tmp[0U] = b0_;
+    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+    uint64_t i0 = output[0U];
+    uint64_t i1 = output[1U];
+    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
+    output[0U] = i0_;
+    output[1U] = i1_;
+}
+
+static void
+Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, FStar_UInt128_t *tmp, uint32_t count1)
+{
+    Hacl_Bignum_Fsquare_fsquare_(tmp, input);
+    for (uint32_t i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U)
+        Hacl_Bignum_Fsquare_fsquare_(tmp, input);
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
+{
+    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
+    FStar_UInt128_t t[5U];
+    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
+        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
+    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
+{
+    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
+    FStar_UInt128_t t[5U];
+    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
+        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+}
+
+inline static void
+Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
+{
+    uint64_t buf[20U] = { 0U };
+    uint64_t *a = buf;
+    uint64_t *t00 = buf + (uint32_t)5U;
+    uint64_t *b0 = buf + (uint32_t)10U;
+    Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1U);
+    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2U);
+    Hacl_Bignum_Fmul_fmul(b0, t00, z);
+    Hacl_Bignum_Fmul_fmul(a, b0, a);
+    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1U);
+    Hacl_Bignum_Fmul_fmul(b0, t00, b0);
+    Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U);
+    uint64_t *t01 = buf + (uint32_t)5U;
+    uint64_t *b1 = buf + (uint32_t)10U;
+    uint64_t *c0 = buf + (uint32_t)15U;
+    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U);
+    Hacl_Bignum_Fmul_fmul(c0, t01, b1);
+    Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U);
+    Hacl_Bignum_Fmul_fmul(t01, t01, c0);
+    Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U);
+    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U);
+    uint64_t *a0 = buf;
+    uint64_t *t0 = buf + (uint32_t)5U;
+    uint64_t *b = buf + (uint32_t)10U;
+    uint64_t *c = buf + (uint32_t)15U;
+    Hacl_Bignum_Fmul_fmul(c, t0, b);
+    Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U);
+    Hacl_Bignum_Fmul_fmul(t0, t0, c);
+    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U);
+    Hacl_Bignum_Fmul_fmul(t0, t0, b);
+    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U);
+    Hacl_Bignum_Fmul_fmul(out, t0, a0);
+}
+
+inline static void
+Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
+{
+    {
+        uint64_t xi = a[0U];
+        uint64_t yi = b[0U];
+        a[0U] = xi + yi;
+    }
+    {
+        uint64_t xi = a[1U];
+        uint64_t yi = b[1U];
+        a[1U] = xi + yi;
+    }
+    {
+        uint64_t xi = a[2U];
+        uint64_t yi = b[2U];
+        a[2U] = xi + yi;
+    }
+    {
+        uint64_t xi = a[3U];
+        uint64_t yi = b[3U];
+        a[3U] = xi + yi;
+    }
+    {
+        uint64_t xi = a[4U];
+        uint64_t yi = b[4U];
+        a[4U] = xi + yi;
+    }
+}
+
+inline static void
+Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
+{
+    uint64_t tmp[5U] = { 0U };
+    memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]);
+    uint64_t b0 = tmp[0U];
+    uint64_t b1 = tmp[1U];
+    uint64_t b2 = tmp[2U];
+    uint64_t b3 = tmp[3U];
+    uint64_t b4 = tmp[4U];
+    tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U;
+    tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U;
+    tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U;
+    tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U;
+    tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U;
+    {
+        uint64_t xi = a[0U];
+        uint64_t yi = tmp[0U];
+        a[0U] = yi - xi;
+    }
+    {
+        uint64_t xi = a[1U];
+        uint64_t yi = tmp[1U];
+        a[1U] = yi - xi;
+    }
+    {
+        uint64_t xi = a[2U];
+        uint64_t yi = tmp[2U];
+        a[2U] = yi - xi;
+    }
+    {
+        uint64_t xi = a[3U];
+        uint64_t yi = tmp[3U];
+        a[3U] = yi - xi;
+    }
+    {
+        uint64_t xi = a[4U];
+        uint64_t yi = tmp[4U];
+        a[4U] = yi - xi;
+    }
+}
+
+inline static void
+Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
+{
+    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
+    FStar_UInt128_t tmp[5U];
+    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
+        tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
+    {
+        uint64_t xi = b[0U];
+        tmp[0U] = FStar_UInt128_mul_wide(xi, s);
+    }
+    {
+        uint64_t xi = b[1U];
+        tmp[1U] = FStar_UInt128_mul_wide(xi, s);
+    }
+    {
+        uint64_t xi = b[2U];
+        tmp[2U] = FStar_UInt128_mul_wide(xi, s);
+    }
+    {
+        uint64_t xi = b[3U];
+        tmp[3U] = FStar_UInt128_mul_wide(xi, s);
+    }
+    {
+        uint64_t xi = b[4U];
+        tmp[4U] = FStar_UInt128_mul_wide(xi, s);
+    }
+    Hacl_Bignum_Fproduct_carry_wide_(tmp);
+    FStar_UInt128_t b4 = tmp[4U];
+    FStar_UInt128_t b0 = tmp[0U];
+    FStar_UInt128_t
+        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
+    FStar_UInt128_t
+        b0_ =
+            FStar_UInt128_add(b0,
+                              FStar_UInt128_mul_wide((uint64_t)19U,
+                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
+    tmp[4U] = b4_;
+    tmp[0U] = b0_;
+    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+}
+
+inline static void
+Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
+{
+    Hacl_Bignum_Fmul_fmul(output, a, b);
+}
+
+inline static void
+Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
+{
+    Hacl_Bignum_Crecip_crecip(output, input);
+}
+
+static void
+Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+    uint32_t i = ctr - (uint32_t)1U;
+    uint64_t ai = a[i];
+    uint64_t bi = b[i];
+    uint64_t x = swap1 & (ai ^ bi);
+    uint64_t ai1 = ai ^ x;
+    uint64_t bi1 = bi ^ x;
+    a[i] = ai1;
+    b[i] = bi1;
+}
+
+static void
+Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+    if (!(ctr == (uint32_t)0U)) {
+        Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
+        uint32_t i = ctr - (uint32_t)1U;
+        Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
+    }
+}
+
+static void
+Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
+{
+    uint64_t swap1 = (uint64_t)0U - iswap;
+    Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U);
+    Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U);
+}
+
+static void
+Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
+{
+    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
+    memcpy(output + (uint32_t)5U,
+           input + (uint32_t)5U,
+           (uint32_t)5U * sizeof(input + (uint32_t)5U)[0U]);
+}
+
+static void
+Hacl_EC_AddAndDouble_fmonty(
+    uint64_t *pp,
+    uint64_t *ppq,
+    uint64_t *p,
+    uint64_t *pq,
+    uint64_t *qmqp)
+{
+    uint64_t *qx = qmqp;
+    uint64_t *x2 = pp;
+    uint64_t *z2 = pp + (uint32_t)5U;
+    uint64_t *x3 = ppq;
+    uint64_t *z3 = ppq + (uint32_t)5U;
+    uint64_t *x = p;
+    uint64_t *z = p + (uint32_t)5U;
+    uint64_t *xprime = pq;
+    uint64_t *zprime = pq + (uint32_t)5U;
+    uint64_t buf[40U] = { 0U };
+    uint64_t *origx = buf;
+    uint64_t *origxprime = buf + (uint32_t)5U;
+    uint64_t *xxprime0 = buf + (uint32_t)25U;
+    uint64_t *zzprime0 = buf + (uint32_t)30U;
+    memcpy(origx, x, (uint32_t)5U * sizeof x[0U]);
+    Hacl_Bignum_fsum(x, z);
+    Hacl_Bignum_fdifference(z, origx);
+    memcpy(origxprime, xprime, (uint32_t)5U * sizeof xprime[0U]);
+    Hacl_Bignum_fsum(xprime, zprime);
+    Hacl_Bignum_fdifference(zprime, origxprime);
+    Hacl_Bignum_fmul(xxprime0, xprime, z);
+    Hacl_Bignum_fmul(zzprime0, x, zprime);
+    uint64_t *origxprime0 = buf + (uint32_t)5U;
+    uint64_t *xx0 = buf + (uint32_t)15U;
+    uint64_t *zz0 = buf + (uint32_t)20U;
+    uint64_t *xxprime = buf + (uint32_t)25U;
+    uint64_t *zzprime = buf + (uint32_t)30U;
+    uint64_t *zzzprime = buf + (uint32_t)35U;
+    memcpy(origxprime0, xxprime, (uint32_t)5U * sizeof xxprime[0U]);
+    Hacl_Bignum_fsum(xxprime, zzprime);
+    Hacl_Bignum_fdifference(zzprime, origxprime0);
+    Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U);
+    Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U);
+    Hacl_Bignum_fmul(z3, zzzprime, qx);
+    Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U);
+    Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U);
+    uint64_t *zzz = buf + (uint32_t)10U;
+    uint64_t *xx = buf + (uint32_t)15U;
+    uint64_t *zz = buf + (uint32_t)20U;
+    Hacl_Bignum_fmul(x2, xx, zz);
+    Hacl_Bignum_fdifference(zz, xx);
+    uint64_t scalar = (uint64_t)121665U;
+    Hacl_Bignum_fscalar(zzz, zz, scalar);
+    Hacl_Bignum_fsum(zzz, xx);
+    Hacl_Bignum_fmul(z2, zzz, zz);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt)
+{
+    uint64_t bit = (uint64_t)(byt >> (uint32_t)7U);
+    Hacl_EC_Point_swap_conditional(nq, nqpq, bit);
+    Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
+    uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U);
+    Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit0);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt)
+{
+    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
+    uint8_t byt1 = byt << (uint32_t)1U;
+    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt,
+    uint32_t i)
+{
+    if (!(i == (uint32_t)0U)) {
+        uint32_t i_ = i - (uint32_t)1U;
+        Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
+        uint8_t byt_ = byt << (uint32_t)2U;
+        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
+    }
+}
+
+static void
+Hacl_EC_Ladder_BigLoop_cmult_big_loop(
+    uint8_t *n1,
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint32_t i)
+{
+    if (!(i == (uint32_t)0U)) {
+        uint32_t i1 = i - (uint32_t)1U;
+        uint8_t byte = n1[i1];
+        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U);
+        Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
+    }
+}
+
+static void
+Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
+{
+    uint64_t point_buf[40U] = { 0U };
+    uint64_t *nq = point_buf;
+    uint64_t *nqpq = point_buf + (uint32_t)10U;
+    uint64_t *nq2 = point_buf + (uint32_t)20U;
+    uint64_t *nqpq2 = point_buf + (uint32_t)30U;
+    Hacl_EC_Point_copy(nqpq, q);
+    nq[0U] = (uint64_t)1U;
+    Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U);
+    Hacl_EC_Point_copy(result, nq);
+}
+
+static void
+Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
+{
+    uint64_t i0 = load64_le(input);
+    uint8_t *x00 = input + (uint32_t)6U;
+    uint64_t i1 = load64_le(x00);
+    uint8_t *x01 = input + (uint32_t)12U;
+    uint64_t i2 = load64_le(x01);
+    uint8_t *x02 = input + (uint32_t)19U;
+    uint64_t i3 = load64_le(x02);
+    uint8_t *x0 = input + (uint32_t)24U;
+    uint64_t i4 = load64_le(x0);
+    uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU;
+    uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU;
+    uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU;
+    uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU;
+    uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU;
+    output[0U] = output0;
+    output[1U] = output1;
+    output[2U] = output2;
+    output[3U] = output3;
+    output[4U] = output4;
+}
+
+static void
+Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
+{
+    uint64_t t0 = input[0U];
+    uint64_t t1 = input[1U];
+    uint64_t t2 = input[2U];
+    uint64_t t3 = input[3U];
+    uint64_t t4 = input[4U];
+    uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
+    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
+    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
+    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
+    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
+    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
+    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
+    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
+    input[0U] = t0_;
+    input[1U] = t1__;
+    input[2U] = t2__;
+    input[3U] = t3__;
+    input[4U] = t4_;
+}
+
+static void
+Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
+{
+    Hacl_EC_Format_fcontract_first_carry_pass(input);
+    Hacl_Bignum_Modulo_carry_top(input);
+}
+
+static void
+Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
+{
+    uint64_t t0 = input[0U];
+    uint64_t t1 = input[1U];
+    uint64_t t2 = input[2U];
+    uint64_t t3 = input[3U];
+    uint64_t t4 = input[4U];
+    uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
+    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
+    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
+    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
+    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
+    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
+    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
+    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
+    input[0U] = t0_;
+    input[1U] = t1__;
+    input[2U] = t2__;
+    input[3U] = t3__;
+    input[4U] = t4_;
+}
+
+static void
+Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
+{
+    Hacl_EC_Format_fcontract_second_carry_pass(input);
+    Hacl_Bignum_Modulo_carry_top(input);
+    uint64_t i0 = input[0U];
+    uint64_t i1 = input[1U];
+    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
+    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
+    input[0U] = i0_;
+    input[1U] = i1_;
+}
+
+static void
+Hacl_EC_Format_fcontract_trim(uint64_t *input)
+{
+    uint64_t a0 = input[0U];
+    uint64_t a1 = input[1U];
+    uint64_t a2 = input[2U];
+    uint64_t a3 = input[3U];
+    uint64_t a4 = input[4U];
+    uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU);
+    uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU);
+    uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU);
+    uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU);
+    uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU);
+    uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4;
+    uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask);
+    uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask);
+    uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask);
+    uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask);
+    uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask);
+    input[0U] = a0_;
+    input[1U] = a1_;
+    input[2U] = a2_;
+    input[3U] = a3_;
+    input[4U] = a4_;
+}
+
+static void
+Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
+{
+    uint64_t t0 = input[0U];
+    uint64_t t1 = input[1U];
+    uint64_t t2 = input[2U];
+    uint64_t t3 = input[3U];
+    uint64_t t4 = input[4U];
+    uint64_t o0 = t1 << (uint32_t)51U | t0;
+    uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U;
+    uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U;
+    uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U;
+    uint8_t *b0 = output;
+    uint8_t *b1 = output + (uint32_t)8U;
+    uint8_t *b2 = output + (uint32_t)16U;
+    uint8_t *b3 = output + (uint32_t)24U;
+    store64_le(b0, o0);
+    store64_le(b1, o1);
+    store64_le(b2, o2);
+    store64_le(b3, o3);
+}
+
+static void
+Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
+{
+    Hacl_EC_Format_fcontract_first_carry_full(input);
+    Hacl_EC_Format_fcontract_second_carry_full(input);
+    Hacl_EC_Format_fcontract_trim(input);
+    Hacl_EC_Format_fcontract_store(output, input);
+}
+
+static void
+Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
+{
+    uint64_t *x = point;
+    uint64_t *z = point + (uint32_t)5U;
+    uint64_t buf[10U] = { 0U };
+    uint64_t *zmone = buf;
+    uint64_t *sc = buf + (uint32_t)5U;
+    Hacl_Bignum_crecip(zmone, z);
+    Hacl_Bignum_fmul(sc, x, zmone);
+    Hacl_EC_Format_fcontract(scalar, sc);
+}
+
+void
+Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
+{
+    uint64_t buf0[10U] = { 0U };
+    uint64_t *x0 = buf0;
+    uint64_t *z = buf0 + (uint32_t)5U;
+    Hacl_EC_Format_fexpand(x0, basepoint);
+    z[0U] = (uint64_t)1U;
+    uint64_t *q = buf0;
+    uint8_t e[32U] = { 0U };
+    memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]);
+    uint8_t e0 = e[0U];
+    uint8_t e31 = e[31U];
+    uint8_t e01 = e0 & (uint8_t)248U;
+    uint8_t e311 = e31 & (uint8_t)127U;
+    uint8_t e312 = e311 | (uint8_t)64U;
+    e[0U] = e01;
+    e[31U] = e312;
+    uint8_t *scalar = e;
+    uint64_t buf[15U] = { 0U };
+    uint64_t *nq = buf;
+    uint64_t *x = nq;
+    x[0U] = (uint64_t)1U;
+    Hacl_EC_Ladder_cmult(nq, scalar, q);
+    Hacl_EC_Format_scalar_of_point(mypublic, nq);
+}
+
+void
+Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
+{
+    Hacl_EC_crypto_scalarmult(mypublic, secret, basepoint);
+}
diff --git a/lib/freebl/verified/hacl_curve25519_64.h b/lib/freebl/verified/Hacl_Curve25519.h
index 79fbd44b8..0e443f177 100644
--- a/lib/freebl/verified/hacl_curve25519_64.h
+++ b/lib/freebl/verified/Hacl_Curve25519.h
@@ -1,22 +1,21 @@
-// Copyright 2016-2017 INRIA and Microsoft Corporation
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-/* This file was auto-generated by KreMLin! */
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 #include "kremlib.h"
-#ifndef __Hacl_Curve25519_64_H
-#define __Hacl_Curve25519_64_H
+#ifndef __Hacl_Curve25519_H
+#define __Hacl_Curve25519_H
 
 typedef uint64_t Hacl_Bignum_Constants_limb;
 
@@ -52,9 +51,7 @@ typedef uint8_t *Hacl_EC_Format_uint8_p;
 
 void Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
 
-typedef uint8_t *Curve25519_uint8_p;
+typedef uint8_t *Hacl_Curve25519_uint8_p;
 
-void *Curve25519_op_String_Access(FStar_Monotonic_HyperStack_mem h, uint8_t *b);
-
-void Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
+void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
 #endif
diff --git a/lib/freebl/verified/hacl_curve25519_64.c b/lib/freebl/verified/hacl_curve25519_64.c
deleted file mode 100644
index 6e7e29484..000000000
--- a/lib/freebl/verified/hacl_curve25519_64.c
+++ /dev/null
@@ -1,1044 +0,0 @@
-// Copyright 2016-2017 INRIA and Microsoft Corporation
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "hacl_curve25519_64.h"
-
-static void
-Hacl_Bignum_Modulo_carry_top(uint64_t *b)
-{
-    uint64_t b4 = b[4];
-    uint64_t b0 = b[0];
-    uint64_t mask = ((uint64_t)1 << (uint32_t)51) - (uint64_t)1;
-    uint64_t b4_ = b4 & mask;
-    uint64_t b0_ = b0 + (uint64_t)19 * (b4 >> (uint32_t)51);
-    b[4] = b4_;
-    b[0] = b0_;
-}
-
-inline static void
-Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_t *input)
-{
-    {
-        FStar_UInt128_t uu____429 = input[0];
-        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
-        output[0] = uu____428;
-    }
-    {
-        FStar_UInt128_t uu____429 = input[1];
-        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
-        output[1] = uu____428;
-    }
-    {
-        FStar_UInt128_t uu____429 = input[2];
-        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
-        output[2] = uu____428;
-    }
-    {
-        FStar_UInt128_t uu____429 = input[3];
-        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
-        output[3] = uu____428;
-    }
-    {
-        FStar_UInt128_t uu____429 = input[4];
-        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
-        output[4] = uu____428;
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_shift(uint64_t *output)
-{
-    uint64_t tmp = output[4];
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)0 - (uint32_t)1;
-        uint64_t z = output[ctr - (uint32_t)1];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)1 - (uint32_t)1;
-        uint64_t z = output[ctr - (uint32_t)1];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)2 - (uint32_t)1;
-        uint64_t z = output[ctr - (uint32_t)1];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)3 - (uint32_t)1;
-        uint64_t z = output[ctr - (uint32_t)1];
-        output[ctr] = z;
-    }
-    output[0] = tmp;
-}
-
-inline static void
-Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
-    FStar_UInt128_t *output,
-    uint64_t *input,
-    uint64_t s)
-{
-    {
-        FStar_UInt128_t uu____871 = output[0];
-        uint64_t uu____874 = input[0];
-        FStar_UInt128_t
-            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
-        output[0] = uu____870;
-    }
-    {
-        FStar_UInt128_t uu____871 = output[1];
-        uint64_t uu____874 = input[1];
-        FStar_UInt128_t
-            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
-        output[1] = uu____870;
-    }
-    {
-        FStar_UInt128_t uu____871 = output[2];
-        uint64_t uu____874 = input[2];
-        FStar_UInt128_t
-            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
-        output[2] = uu____870;
-    }
-    {
-        FStar_UInt128_t uu____871 = output[3];
-        uint64_t uu____874 = input[3];
-        FStar_UInt128_t
-            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
-        output[3] = uu____870;
-    }
-    {
-        FStar_UInt128_t uu____871 = output[4];
-        uint64_t uu____874 = input[4];
-        FStar_UInt128_t
-            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
-        output[4] = uu____870;
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_t *tmp)
-{
-    {
-        uint32_t ctr = (uint32_t)0;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
-        uint64_t
-            r0 =
-                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
-        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)1;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
-        uint64_t
-            r0 =
-                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
-        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)2;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
-        uint64_t
-            r0 =
-                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
-        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)3;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
-        uint64_t
-            r0 =
-                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
-        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
-{
-    Hacl_Bignum_Fproduct_shift(output);
-    uint64_t b0 = output[0];
-    output[0] = (uint64_t)19 * b0;
-}
-
-static void
-Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input21)
-{
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)0 - (uint32_t)1;
-        uint32_t i1 = ctr;
-        uint32_t j = (uint32_t)4 - i1;
-        uint64_t input2i = input21[j];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        if (ctr > (uint32_t)0)
-            Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)1 - (uint32_t)1;
-        uint32_t i1 = ctr;
-        uint32_t j = (uint32_t)4 - i1;
-        uint64_t input2i = input21[j];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        if (ctr > (uint32_t)0)
-            Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)2 - (uint32_t)1;
-        uint32_t i1 = ctr;
-        uint32_t j = (uint32_t)4 - i1;
-        uint64_t input2i = input21[j];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        if (ctr > (uint32_t)0)
-            Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)3 - (uint32_t)1;
-        uint32_t i1 = ctr;
-        uint32_t j = (uint32_t)4 - i1;
-        uint64_t input2i = input21[j];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        if (ctr > (uint32_t)0)
-            Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint32_t ctr = (uint32_t)5 - (uint32_t)4 - (uint32_t)1;
-        uint32_t i1 = ctr;
-        uint32_t j = (uint32_t)4 - i1;
-        uint64_t input2i = input21[j];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        if (ctr > (uint32_t)0)
-            Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fmul_fmul_(uint64_t *output, uint64_t *input, uint64_t *input21)
-{
-    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
-    FStar_UInt128_t t[5];
-    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
-        t[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
-    Hacl_Bignum_Fmul_mul_shift_reduce_(t, input, input21);
-    Hacl_Bignum_Fproduct_carry_wide_(t);
-    FStar_UInt128_t b4 = t[4];
-    FStar_UInt128_t b0 = t[0];
-    FStar_UInt128_t
-        mask =
-            FStar_UInt128_sub(FStar_UInt128_shift_left(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1),
-                                                       (uint32_t)51),
-                              FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1));
-    FStar_UInt128_t b4_ = FStar_UInt128_logand(b4, mask);
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19,
-                                                     FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51))));
-    t[4] = b4_;
-    t[0] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
-    uint64_t i0 = output[0];
-    uint64_t i1 = output[1];
-    uint64_t i0_ = i0 & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51);
-    output[0] = i0_;
-    output[1] = i1_;
-}
-
-inline static void
-Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21)
-{
-    uint64_t tmp[5] = { 0 };
-    memcpy(tmp, input, (uint32_t)5 * sizeof input[0]);
-    Hacl_Bignum_Fmul_fmul_(output, tmp, input21);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_upd_5(
-    FStar_UInt128_t *tmp,
-    FStar_UInt128_t s0,
-    FStar_UInt128_t s1,
-    FStar_UInt128_t s2,
-    FStar_UInt128_t s3,
-    FStar_UInt128_t s4)
-{
-    tmp[0] = s0;
-    tmp[1] = s1;
-    tmp[2] = s2;
-    tmp[3] = s3;
-    tmp[4] = s4;
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_t *tmp, uint64_t *output)
-{
-    uint64_t r0 = output[0];
-    uint64_t r1 = output[1];
-    uint64_t r2 = output[2];
-    uint64_t r3 = output[3];
-    uint64_t r4 = output[4];
-    uint64_t d0 = r0 * (uint64_t)2;
-    uint64_t d1 = r1 * (uint64_t)2;
-    uint64_t d2 = r2 * (uint64_t)2 * (uint64_t)19;
-    uint64_t d419 = r4 * (uint64_t)19;
-    uint64_t d4 = d419 * (uint64_t)2;
-    FStar_UInt128_t
-        s0 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0),
-                                                FStar_UInt128_mul_wide(d4, r1)),
-                              FStar_UInt128_mul_wide(d2, r3));
-    FStar_UInt128_t
-        s1 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1),
-                                                FStar_UInt128_mul_wide(d4, r2)),
-                              FStar_UInt128_mul_wide(r3 * (uint64_t)19, r3));
-    FStar_UInt128_t
-        s2 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2),
-                                                FStar_UInt128_mul_wide(r1, r1)),
-                              FStar_UInt128_mul_wide(d4, r3));
-    FStar_UInt128_t
-        s3 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3),
-                                                FStar_UInt128_mul_wide(d1, r2)),
-                              FStar_UInt128_mul_wide(r4, d419));
-    FStar_UInt128_t
-        s4 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4),
-                                                FStar_UInt128_mul_wide(d1, r3)),
-                              FStar_UInt128_mul_wide(r2, r2));
-    Hacl_Bignum_Fsquare_upd_5(tmp, s0, s1, s2, s3, s4);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output)
-{
-    Hacl_Bignum_Fsquare_fsquare__(tmp, output);
-    Hacl_Bignum_Fproduct_carry_wide_(tmp);
-    FStar_UInt128_t b4 = tmp[4];
-    FStar_UInt128_t b0 = tmp[0];
-    FStar_UInt128_t
-        mask =
-            FStar_UInt128_sub(FStar_UInt128_shift_left(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1),
-                                                       (uint32_t)51),
-                              FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1));
-    FStar_UInt128_t b4_ = FStar_UInt128_logand(b4, mask);
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19,
-                                                     FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51))));
-    tmp[4] = b4_;
-    tmp[0] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-    uint64_t i0 = output[0];
-    uint64_t i1 = output[1];
-    uint64_t i0_ = i0 & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51);
-    output[0] = i0_;
-    output[1] = i1_;
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *output, FStar_UInt128_t *tmp, uint32_t count1)
-{
-    if (count1 == (uint32_t)1)
-        Hacl_Bignum_Fsquare_fsquare_(tmp, output);
-    else {
-        uint32_t i = count1 - (uint32_t)1;
-        Hacl_Bignum_Fsquare_fsquare_(tmp, output);
-        Hacl_Bignum_Fsquare_fsquare_times_(output, tmp, i);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
-{
-    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
-    FStar_UInt128_t t[5];
-    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
-        t[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
-    memcpy(output, input, (uint32_t)5 * sizeof input[0]);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
-{
-    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
-    FStar_UInt128_t t[5];
-    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
-        t[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-}
-
-inline static void
-Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
-{
-    uint64_t buf[20] = { 0 };
-    uint64_t *a = buf;
-    uint64_t *t00 = buf + (uint32_t)5;
-    uint64_t *b0 = buf + (uint32_t)10;
-    (void)(buf + (uint32_t)15);
-    Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2);
-    Hacl_Bignum_Fmul_fmul(b0, t00, z);
-    Hacl_Bignum_Fmul_fmul(a, b0, a);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1);
-    Hacl_Bignum_Fmul_fmul(b0, t00, b0);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5);
-    uint64_t *t01 = buf + (uint32_t)5;
-    uint64_t *b1 = buf + (uint32_t)10;
-    uint64_t *c0 = buf + (uint32_t)15;
-    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10);
-    Hacl_Bignum_Fmul_fmul(c0, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20);
-    Hacl_Bignum_Fmul_fmul(t01, t01, c0);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10);
-    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50);
-    uint64_t *a0 = buf;
-    uint64_t *t0 = buf + (uint32_t)5;
-    uint64_t *b = buf + (uint32_t)10;
-    uint64_t *c = buf + (uint32_t)15;
-    Hacl_Bignum_Fmul_fmul(c, t0, b);
-    Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100);
-    Hacl_Bignum_Fmul_fmul(t0, t0, c);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50);
-    Hacl_Bignum_Fmul_fmul(t0, t0, b);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5);
-    Hacl_Bignum_Fmul_fmul(out, t0, a0);
-}
-
-inline static void
-Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
-{
-    {
-        uint64_t uu____871 = a[0];
-        uint64_t uu____874 = b[0];
-        uint64_t uu____870 = uu____871 + uu____874;
-        a[0] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[1];
-        uint64_t uu____874 = b[1];
-        uint64_t uu____870 = uu____871 + uu____874;
-        a[1] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[2];
-        uint64_t uu____874 = b[2];
-        uint64_t uu____870 = uu____871 + uu____874;
-        a[2] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[3];
-        uint64_t uu____874 = b[3];
-        uint64_t uu____870 = uu____871 + uu____874;
-        a[3] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[4];
-        uint64_t uu____874 = b[4];
-        uint64_t uu____870 = uu____871 + uu____874;
-        a[4] = uu____870;
-    }
-}
-
-inline static void
-Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
-{
-    uint64_t tmp[5] = { 0 };
-    memcpy(tmp, b, (uint32_t)5 * sizeof b[0]);
-    uint64_t b0 = tmp[0];
-    uint64_t b1 = tmp[1];
-    uint64_t b2 = tmp[2];
-    uint64_t b3 = tmp[3];
-    uint64_t b4 = tmp[4];
-    tmp[0] = b0 + (uint64_t)0x3fffffffffff68;
-    tmp[1] = b1 + (uint64_t)0x3ffffffffffff8;
-    tmp[2] = b2 + (uint64_t)0x3ffffffffffff8;
-    tmp[3] = b3 + (uint64_t)0x3ffffffffffff8;
-    tmp[4] = b4 + (uint64_t)0x3ffffffffffff8;
-    {
-        uint64_t uu____871 = a[0];
-        uint64_t uu____874 = tmp[0];
-        uint64_t uu____870 = uu____874 - uu____871;
-        a[0] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[1];
-        uint64_t uu____874 = tmp[1];
-        uint64_t uu____870 = uu____874 - uu____871;
-        a[1] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[2];
-        uint64_t uu____874 = tmp[2];
-        uint64_t uu____870 = uu____874 - uu____871;
-        a[2] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[3];
-        uint64_t uu____874 = tmp[3];
-        uint64_t uu____870 = uu____874 - uu____871;
-        a[3] = uu____870;
-    }
-    {
-        uint64_t uu____871 = a[4];
-        uint64_t uu____874 = tmp[4];
-        uint64_t uu____870 = uu____874 - uu____871;
-        a[4] = uu____870;
-    }
-}
-
-inline static void
-Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
-{
-    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
-    FStar_UInt128_t tmp[5];
-    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
-        tmp[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
-    {
-        uint64_t uu____429 = b[0];
-        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
-        tmp[0] = uu____428;
-    }
-    {
-        uint64_t uu____429 = b[1];
-        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
-        tmp[1] = uu____428;
-    }
-    {
-        uint64_t uu____429 = b[2];
-        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
-        tmp[2] = uu____428;
-    }
-    {
-        uint64_t uu____429 = b[3];
-        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
-        tmp[3] = uu____428;
-    }
-    {
-        uint64_t uu____429 = b[4];
-        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
-        tmp[4] = uu____428;
-    }
-    Hacl_Bignum_Fproduct_carry_wide_(tmp);
-    FStar_UInt128_t b4 = tmp[4];
-    FStar_UInt128_t b0 = tmp[0];
-    FStar_UInt128_t
-        mask =
-            FStar_UInt128_sub(FStar_UInt128_shift_left(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1),
-                                                       (uint32_t)51),
-                              FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1));
-    FStar_UInt128_t b4_ = FStar_UInt128_logand(b4, mask);
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19,
-                                                     FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51))));
-    tmp[4] = b4_;
-    tmp[0] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-}
-
-inline static void
-Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
-{
-    Hacl_Bignum_Fmul_fmul(output, a, b);
-}
-
-inline static void
-Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
-{
-    Hacl_Bignum_Crecip_crecip(output, input);
-}
-
-static void
-Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-    uint32_t i = ctr - (uint32_t)1;
-    uint64_t ai = a[i];
-    uint64_t bi = b[i];
-    uint64_t x = swap1 & (ai ^ bi);
-    uint64_t ai1 = ai ^ x;
-    uint64_t bi1 = bi ^ x;
-    a[i] = ai1;
-    b[i] = bi1;
-}
-
-static void
-Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-    if (ctr == (uint32_t)0) {
-
-    } else {
-        Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
-        uint32_t i = ctr - (uint32_t)1;
-        Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
-    }
-}
-
-static void
-Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
-{
-    uint64_t swap1 = (uint64_t)0 - iswap;
-    Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5);
-    Hacl_EC_Point_swap_conditional_(a + (uint32_t)5, b + (uint32_t)5, swap1, (uint32_t)5);
-}
-
-static void
-Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
-{
-    memcpy(output, input, (uint32_t)5 * sizeof input[0]);
-    memcpy(output + (uint32_t)5,
-           input + (uint32_t)5,
-           (uint32_t)5 * sizeof(input + (uint32_t)5)[0]);
-}
-
-static void
-Hacl_EC_AddAndDouble_fmonty(
-    uint64_t *pp,
-    uint64_t *ppq,
-    uint64_t *p,
-    uint64_t *pq,
-    uint64_t *qmqp)
-{
-    uint64_t *qx = qmqp;
-    uint64_t *x2 = pp;
-    uint64_t *z2 = pp + (uint32_t)5;
-    uint64_t *x3 = ppq;
-    uint64_t *z3 = ppq + (uint32_t)5;
-    uint64_t *x = p;
-    uint64_t *z = p + (uint32_t)5;
-    uint64_t *xprime = pq;
-    uint64_t *zprime = pq + (uint32_t)5;
-    uint64_t buf[40] = { 0 };
-    (void)(buf + (uint32_t)5);
-    (void)(buf + (uint32_t)10);
-    (void)(buf + (uint32_t)15);
-    (void)(buf + (uint32_t)20);
-    (void)(buf + (uint32_t)25);
-    (void)(buf + (uint32_t)30);
-    (void)(buf + (uint32_t)35);
-    uint64_t *origx = buf;
-    uint64_t *origxprime = buf + (uint32_t)5;
-    (void)(buf + (uint32_t)10);
-    (void)(buf + (uint32_t)15);
-    (void)(buf + (uint32_t)20);
-    uint64_t *xxprime0 = buf + (uint32_t)25;
-    uint64_t *zzprime0 = buf + (uint32_t)30;
-    (void)(buf + (uint32_t)35);
-    memcpy(origx, x, (uint32_t)5 * sizeof x[0]);
-    Hacl_Bignum_fsum(x, z);
-    Hacl_Bignum_fdifference(z, origx);
-    memcpy(origxprime, xprime, (uint32_t)5 * sizeof xprime[0]);
-    Hacl_Bignum_fsum(xprime, zprime);
-    Hacl_Bignum_fdifference(zprime, origxprime);
-    Hacl_Bignum_fmul(xxprime0, xprime, z);
-    Hacl_Bignum_fmul(zzprime0, x, zprime);
-    uint64_t *origxprime0 = buf + (uint32_t)5;
-    (void)(buf + (uint32_t)10);
-    uint64_t *xx0 = buf + (uint32_t)15;
-    uint64_t *zz0 = buf + (uint32_t)20;
-    uint64_t *xxprime = buf + (uint32_t)25;
-    uint64_t *zzprime = buf + (uint32_t)30;
-    uint64_t *zzzprime = buf + (uint32_t)35;
-    memcpy(origxprime0, xxprime, (uint32_t)5 * sizeof xxprime[0]);
-    Hacl_Bignum_fsum(xxprime, zzprime);
-    Hacl_Bignum_fdifference(zzprime, origxprime0);
-    Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1);
-    Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1);
-    Hacl_Bignum_fmul(z3, zzzprime, qx);
-    Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1);
-    Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1);
-    (void)(buf + (uint32_t)5);
-    uint64_t *zzz = buf + (uint32_t)10;
-    uint64_t *xx = buf + (uint32_t)15;
-    uint64_t *zz = buf + (uint32_t)20;
-    (void)(buf + (uint32_t)25);
-    (void)(buf + (uint32_t)30);
-    (void)(buf + (uint32_t)35);
-    Hacl_Bignum_fmul(x2, xx, zz);
-    Hacl_Bignum_fdifference(zz, xx);
-    uint64_t scalar = (uint64_t)121665;
-    Hacl_Bignum_fscalar(zzz, zz, scalar);
-    Hacl_Bignum_fsum(zzz, xx);
-    Hacl_Bignum_fmul(z2, zzz, zz);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_1(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    uint64_t bit = (uint64_t)(byt >> (uint32_t)7);
-    Hacl_EC_Point_swap_conditional(nq, nqpq, bit);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_2(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_1(nq, nqpq, nq2, nqpq2, q, byt);
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_2(nq, nqpq, nq2, nqpq2, q, byt);
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_1(nq2, nqpq2, nq, nqpq, q, byt);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
-    uint8_t byt1 = byt << (uint32_t)1;
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt,
-    uint32_t i)
-{
-    if (i == (uint32_t)0) {
-
-    } else {
-        uint32_t i_ = i - (uint32_t)1;
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
-        uint8_t byt_ = byt << (uint32_t)2;
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
-    }
-}
-
-static void
-Hacl_EC_Ladder_BigLoop_cmult_big_loop(
-    uint8_t *n1,
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint32_t i)
-{
-    if (i == (uint32_t)0) {
-
-    } else {
-        uint32_t i1 = i - (uint32_t)1;
-        uint8_t byte = n1[i1];
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4);
-        Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
-    }
-}
-
-static void
-Hacl_EC_Ladder_cmult_(uint64_t *result, uint64_t *point_buf, uint8_t *n1, uint64_t *q)
-{
-    uint64_t *nq = point_buf;
-    uint64_t *nqpq = point_buf + (uint32_t)10;
-    uint64_t *nq2 = point_buf + (uint32_t)20;
-    uint64_t *nqpq2 = point_buf + (uint32_t)30;
-    Hacl_EC_Point_copy(nqpq, q);
-    nq[0] = (uint64_t)1;
-    Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32);
-    Hacl_EC_Point_copy(result, nq);
-}
-
-static void
-Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
-{
-    uint64_t point_buf[40] = { 0 };
-    Hacl_EC_Ladder_cmult_(result, point_buf, n1, q);
-}
-
-static void
-Hacl_EC_Format_upd_5(
-    uint64_t *output,
-    uint64_t output0,
-    uint64_t output1,
-    uint64_t output2,
-    uint64_t output3,
-    uint64_t output4)
-{
-    output[0] = output0;
-    output[1] = output1;
-    output[2] = output2;
-    output[3] = output3;
-    output[4] = output4;
-}
-
-static void
-Hacl_EC_Format_upd_5_(
-    uint64_t *output,
-    uint64_t output0,
-    uint64_t output1,
-    uint64_t output2,
-    uint64_t output3,
-    uint64_t output4)
-{
-    output[0] = output0;
-    output[1] = output1;
-    output[2] = output2;
-    output[3] = output3;
-    output[4] = output4;
-}
-
-static void
-Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
-{
-    uint64_t mask_511 = (uint64_t)0x7ffffffffffff;
-    uint64_t i0 = load64_le(input);
-    uint8_t *x00 = input + (uint32_t)6;
-    uint64_t i1 = load64_le(x00);
-    uint8_t *x01 = input + (uint32_t)12;
-    uint64_t i2 = load64_le(x01);
-    uint8_t *x02 = input + (uint32_t)19;
-    uint64_t i3 = load64_le(x02);
-    uint8_t *x0 = input + (uint32_t)24;
-    uint64_t i4 = load64_le(x0);
-    uint64_t output0 = i0 & mask_511;
-    uint64_t output1 = i1 >> (uint32_t)3 & mask_511;
-    uint64_t output2 = i2 >> (uint32_t)6 & mask_511;
-    uint64_t output3 = i3 >> (uint32_t)1 & mask_511;
-    uint64_t output4 = i4 >> (uint32_t)12 & mask_511;
-    Hacl_EC_Format_upd_5(output, output0, output1, output2, output3, output4);
-}
-
-static void
-Hacl_EC_Format_store_4(uint8_t *output, uint64_t v0, uint64_t v1, uint64_t v2, uint64_t v3)
-{
-    uint8_t *b0 = output;
-    uint8_t *b1 = output + (uint32_t)8;
-    uint8_t *b2 = output + (uint32_t)16;
-    uint8_t *b3 = output + (uint32_t)24;
-    store64_le(b0, v0);
-    store64_le(b1, v1);
-    store64_le(b2, v2);
-    store64_le(b3, v3);
-}
-
-static void
-Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
-{
-    uint64_t t0 = input[0];
-    uint64_t t1 = input[1];
-    uint64_t t2 = input[2];
-    uint64_t t3 = input[3];
-    uint64_t t4 = input[4];
-    uint64_t t1_ = t1 + (t0 >> (uint32_t)51);
-    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffff;
-    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51);
-    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffff;
-    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51);
-    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffff;
-    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51);
-    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffff;
-    Hacl_EC_Format_upd_5_(input, t0_, t1__, t2__, t3__, t4_);
-}
-
-static void
-Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_first_carry_pass(input);
-    Hacl_Bignum_Modulo_carry_top(input);
-}
-
-static void
-Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
-{
-    uint64_t t0 = input[0];
-    uint64_t t1 = input[1];
-    uint64_t t2 = input[2];
-    uint64_t t3 = input[3];
-    uint64_t t4 = input[4];
-    uint64_t t1_ = t1 + (t0 >> (uint32_t)51);
-    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffff;
-    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51);
-    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffff;
-    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51);
-    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffff;
-    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51);
-    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffff;
-    Hacl_EC_Format_upd_5_(input, t0_, t1__, t2__, t3__, t4_);
-}
-
-static void
-Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_second_carry_pass(input);
-    Hacl_Bignum_Modulo_carry_top(input);
-    uint64_t i0 = input[0];
-    uint64_t i1 = input[1];
-    uint64_t i0_ = i0 & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51);
-    input[0] = i0_;
-    input[1] = i1_;
-}
-
-static void
-Hacl_EC_Format_fcontract_trim(uint64_t *input)
-{
-    uint64_t a0 = input[0];
-    uint64_t a1 = input[1];
-    uint64_t a2 = input[2];
-    uint64_t a3 = input[3];
-    uint64_t a4 = input[4];
-    uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffed);
-    uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffff);
-    uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffff);
-    uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffff);
-    uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffff);
-    uint64_t mask = mask0 & mask1 & mask2 & mask3 & mask4;
-    uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffed & mask);
-    uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffff & mask);
-    uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffff & mask);
-    uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffff & mask);
-    uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffff & mask);
-    Hacl_EC_Format_upd_5_(input, a0_, a1_, a2_, a3_, a4_);
-}
-
-static void
-Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
-{
-    uint64_t t0 = input[0];
-    uint64_t t1 = input[1];
-    uint64_t t2 = input[2];
-    uint64_t t3 = input[3];
-    uint64_t t4 = input[4];
-    uint64_t o0 = t1 << (uint32_t)51 | t0;
-    uint64_t o1 = t2 << (uint32_t)38 | t1 >> (uint32_t)13;
-    uint64_t o2 = t3 << (uint32_t)25 | t2 >> (uint32_t)26;
-    uint64_t o3 = t4 << (uint32_t)12 | t3 >> (uint32_t)39;
-    Hacl_EC_Format_store_4(output, o0, o1, o2, o3);
-}
-
-static void
-Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_first_carry_full(input);
-    Hacl_EC_Format_fcontract_second_carry_full(input);
-    Hacl_EC_Format_fcontract_trim(input);
-    Hacl_EC_Format_fcontract_store(output, input);
-}
-
-static void
-Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
-{
-    uint64_t *x = point;
-    uint64_t *z = point + (uint32_t)5;
-    uint64_t buf[10] = { 0 };
-    uint64_t *zmone = buf;
-    uint64_t *sc = buf + (uint32_t)5;
-    Hacl_Bignum_crecip(zmone, z);
-    Hacl_Bignum_fmul(sc, x, zmone);
-    Hacl_EC_Format_fcontract(scalar, sc);
-}
-
-static void
-Hacl_EC_crypto_scalarmult__(
-    uint8_t *mypublic,
-    uint8_t *scalar,
-    uint8_t *basepoint,
-    uint64_t *q)
-{
-    uint64_t buf[15] = { 0 };
-    uint64_t *nq = buf;
-    uint64_t *x = nq;
-    (void)(nq + (uint32_t)5);
-    (void)(buf + (uint32_t)5);
-    x[0] = (uint64_t)1;
-    Hacl_EC_Ladder_cmult(nq, scalar, q);
-    Hacl_EC_Format_scalar_of_point(mypublic, nq);
-}
-
-static void
-Hacl_EC_crypto_scalarmult_(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint, uint64_t *q)
-{
-    uint8_t e[32] = { 0 };
-    memcpy(e, secret, (uint32_t)32 * sizeof secret[0]);
-    uint8_t e0 = e[0];
-    uint8_t e31 = e[31];
-    uint8_t e01 = e0 & (uint8_t)248;
-    uint8_t e311 = e31 & (uint8_t)127;
-    uint8_t e312 = e311 | (uint8_t)64;
-    e[0] = e01;
-    e[31] = e312;
-    uint8_t *scalar = e;
-    Hacl_EC_crypto_scalarmult__(mypublic, scalar, basepoint, q);
-}
-
-void
-Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-    uint64_t buf[10] = { 0 };
-    uint64_t *x = buf;
-    uint64_t *z = buf + (uint32_t)5;
-    Hacl_EC_Format_fexpand(x, basepoint);
-    z[0] = (uint64_t)1;
-    uint64_t *q = buf;
-    Hacl_EC_crypto_scalarmult_(mypublic, secret, basepoint, q);
-}
-
-void *
-Curve25519_op_String_Access(FStar_Monotonic_HyperStack_mem h, uint8_t *b)
-{
-    return (void *)(uint8_t)0;
-}
-
-void
-Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-    Hacl_EC_crypto_scalarmult(mypublic, secret, basepoint);
-}
diff --git a/lib/freebl/verified/kremlib.h b/lib/freebl/verified/kremlib.h
index 5f1f1dc8e..c5ba5de2f 100644
--- a/lib/freebl/verified/kremlib.h
+++ b/lib/freebl/verified/kremlib.h
@@ -1,88 +1,191 @@
-// Copyright 2016-2017 Microsoft Corporation
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 #ifndef __KREMLIB_H
 #define __KREMLIB_H
 
-#include <inttypes.h>
-#include <stdlib.h>
-
-#include <stdbool.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-
-// Define __cdecl and friends when using GCC, so that we can safely compile code
-// that contains __cdecl on all platforms.
-#ifndef _MSC_VER
-// Use the gcc predefined macros if on a platform/architectures that set them.
-// Otherwise define them to be empty.
-#ifndef __cdecl
-#define __cdecl
-#endif
-#ifndef __stdcall
-#define __stdcall
-#endif
-#ifndef __fastcall
-#define __fastcall
-#endif
+#include "kremlib_base.h"
+
+/* For tests only: we might need this function to be forward-declared, because
+ * the dependency on WasmSupport appears very late, after SimplifyWasm, and
+ * sadly, after the topological order has been done. */
+void WasmSupport_check_buffer_size(uint32_t s);
+
+/******************************************************************************/
+/* Stubs to ease compilation of non-Low* code                                 */
+/******************************************************************************/
+
+/* Some types that KreMLin has no special knowledge of; many of them appear in
+ * signatures of ghost functions, meaning that it suffices to give them (any)
+ * definition. */
+typedef void *FStar_Seq_Base_seq, *Prims_prop, *FStar_HyperStack_mem,
+    *FStar_Set_set, *Prims_st_pre_h, *FStar_Heap_heap, *Prims_all_pre_h,
+    *FStar_TSet_set, *Prims_list, *FStar_Map_t, *FStar_UInt63_t_,
+    *FStar_Int63_t_, *FStar_UInt63_t, *FStar_Int63_t, *FStar_UInt_uint_t,
+    *FStar_Int_int_t, *FStar_HyperStack_stackref, *FStar_Bytes_bytes,
+    *FStar_HyperHeap_rid, *FStar_Heap_aref, *FStar_Monotonic_Heap_heap,
+    *FStar_Monotonic_Heap_aref, *FStar_Monotonic_HyperHeap_rid,
+    *FStar_Monotonic_HyperStack_mem, *FStar_Char_char_;
+
+typedef const char *Prims_string;
+
+/* For "bare" targets that do not have a C stdlib, the user might want to use
+ * [-add-include '"mydefinitions.h"'] and override these. */
+#ifndef KRML_HOST_PRINTF
+#define KRML_HOST_PRINTF printf
 #endif
 
-// GCC-specific attribute syntax; everyone else gets the standard C inline
-// attribute.
-#ifdef __GNU_C__
-#ifndef __clang__
-#define force_inline inline __attribute__((always_inline))
-#else
-#define force_inline inline
+#ifndef KRML_HOST_EXIT
+#define KRML_HOST_EXIT exit
 #endif
-#else
-#define force_inline inline
+
+#ifndef KRML_HOST_MALLOC
+#define KRML_HOST_MALLOC malloc
 #endif
 
-// Uppercase issue; we have to define lowercase version of the C macros (as we
-// have no way to refer to an uppercase *variable* in F*).
-extern int exit_success;
-extern int exit_failure;
-
-// Some types that KreMLin has no special knowledge of; many of them appear in
-// signatures of ghost functions, meaning that it suffices to give them (any)
-// definition.
-typedef void *Prims_pos, *Prims_nat, *Prims_nonzero, *FStar_Seq_Base_seq,
-    *Prims_int, *Prims_prop, *FStar_HyperStack_mem, *FStar_Set_set,
-    *Prims_st_pre_h, *FStar_Heap_heap, *Prims_all_pre_h, *FStar_TSet_set,
-    *Prims_string, *Prims_list, *FStar_Map_t, *FStar_UInt63_t_, *FStar_Int63_t_,
-    *FStar_UInt63_t, *FStar_Int63_t, *FStar_UInt_uint_t, *FStar_Int_int_t,
-    *FStar_HyperStack_stackref, *FStar_Bytes_bytes, *FStar_HyperHeap_rid,
-    *FStar_Heap_aref, *FStar_Monotonic_Heap_heap,
-    *FStar_Monotonic_HyperHeap_rid, *FStar_Monotonic_HyperStack_mem;
-
-#define KRML_CHECK_SIZE(elt, size)                                               \
-    if (((size_t)size) > SIZE_MAX / sizeof(elt)) {                               \
-        printf("Maximum allocatable size exceeded, aborting before overflow at " \
-               "%s:%d\n",                                                        \
-               __FILE__, __LINE__);                                              \
-        exit(253);                                                               \
+/* In statement position, exiting is easy. */
+#define KRML_EXIT                                                                  \
+    do {                                                                           \
+        KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \
+        KRML_HOST_EXIT(254);                                                       \
+    } while (0)
+
+/* In expression position, use the comma-operator and a malloc to return an
+ * expression of the right size. KreMLin passes t as the parameter to the macro.
+ */
+#define KRML_EABORT(t, msg)                                                     \
+    (KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \
+     KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
+
+/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
+ * *elements*. Do an ugly, run-time check (some of which KreMLin can eliminate).
+ */
+#define KRML_CHECK_SIZE(elt, size)                                            \
+    if (((size_t)size) > SIZE_MAX / sizeof(elt)) {                            \
+        KRML_HOST_PRINTF(                                                     \
+            "Maximum allocatable size exceeded, aborting before overflow at " \
+            "%s:%d\n",                                                        \
+            __FILE__, __LINE__);                                              \
+        KRML_HOST_EXIT(253);                                                  \
     }
 
-// Endian-ness
+/* A series of GCC atrocities to trace function calls (kremlin's [-d c-calls]
+ * option). Useful when trying to debug, say, Wasm, to compare traces. */
+/* clang-format off */
+#ifdef __GNUC__
+#define KRML_FORMAT(X) _Generic((X),                                           \
+  uint8_t : "0x%08" PRIx8,                                                     \
+  uint16_t: "0x%08" PRIx16,                                                    \
+  uint32_t: "0x%08" PRIx32,                                                    \
+  uint64_t: "0x%08" PRIx64,                                                    \
+  int8_t  : "0x%08" PRIx8,                                                     \
+  int16_t : "0x%08" PRIx16,                                                    \
+  int32_t : "0x%08" PRIx32,                                                    \
+  int64_t : "0x%08" PRIx64,                                                    \
+  default : "%s")
+
+#define KRML_FORMAT_ARG(X) _Generic((X),                                       \
+  uint8_t : X,                                                                 \
+  uint16_t: X,                                                                 \
+  uint32_t: X,                                                                 \
+  uint64_t: X,                                                                 \
+  int8_t  : X,                                                                 \
+  int16_t : X,                                                                 \
+  int32_t : X,                                                                 \
+  int64_t : X,                                                                 \
+  default : "unknown")
+/* clang-format on */
+
+#define KRML_DEBUG_RETURN(X)                                        \
+    ({                                                              \
+        __auto_type _ret = (X);                                     \
+        KRML_HOST_PRINTF("returning: ");                            \
+        KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \
+        KRML_HOST_PRINTF(" \n");                                    \
+        _ret;                                                       \
+    })
+#endif
+
+#define FStar_Buffer_eqb(b1, b2, n) \
+    (memcmp((b1), (b2), (n) * sizeof((b1)[0])) == 0)
+
+/* Stubs to make ST happy. Important note: you must generate a use of the macro
+ * argument, otherwise, you may have FStar_ST_recall(f) as the only use of f;
+ * KreMLin will think that this is a valid use, but then the C compiler, after
+ * macro expansion, will error out. */
+#define FStar_HyperHeap_root 0
+#define FStar_Pervasives_Native_fst(x) (x).fst
+#define FStar_Pervasives_Native_snd(x) (x).snd
+#define FStar_Seq_Base_createEmpty(x) 0
+#define FStar_Seq_Base_create(len, init) 0
+#define FStar_Seq_Base_upd(s, i, e) 0
+#define FStar_Seq_Base_eq(l1, l2) 0
+#define FStar_Seq_Base_length(l1) 0
+#define FStar_Seq_Base_append(x, y) 0
+#define FStar_Seq_Base_slice(x, y, z) 0
+#define FStar_Seq_Properties_snoc(x, y) 0
+#define FStar_Seq_Properties_cons(x, y) 0
+#define FStar_Seq_Base_index(x, y) 0
+#define FStar_HyperStack_is_eternal_color(x) 0
+#define FStar_Monotonic_HyperHeap_root 0
+#define FStar_Buffer_to_seq_full(x) 0
+#define FStar_Buffer_recall(x)
+#define FStar_HyperStack_ST_op_Colon_Equals(x, v) KRML_EXIT
+#define FStar_HyperStack_ST_op_Bang(x) 0
+#define FStar_HyperStack_ST_salloc(x) 0
+#define FStar_HyperStack_ST_ralloc(x, y) 0
+#define FStar_HyperStack_ST_new_region(x) (0)
+#define FStar_Monotonic_RRef_m_alloc(x) \
+    {                                   \
+        0                               \
+    }
 
-// ... for Linux
+#define FStar_HyperStack_ST_recall(x) \
+    do {                              \
+        (void)(x);                    \
+    } while (0)
+
+#define FStar_HyperStack_ST_recall_region(x) \
+    do {                                     \
+        (void)(x);                           \
+    } while (0)
+
+#define FStar_Monotonic_RRef_m_recall(x1, x2) \
+    do {                                      \
+        (void)(x1);                           \
+        (void)(x2);                           \
+    } while (0)
+
+#define FStar_Monotonic_RRef_m_write(x1, x2, x3, x4, x5) \
+    do {                                                 \
+        (void)(x1);                                      \
+        (void)(x2);                                      \
+        (void)(x3);                                      \
+        (void)(x4);                                      \
+        (void)(x5);                                      \
+    } while (0)
+
+/******************************************************************************/
+/* Endian-ness macros that can only be implemented in C                       */
+/******************************************************************************/
+
+/* ... for Linux */
 #if defined(__linux__) || defined(__CYGWIN__)
 #include <endian.h>
 
-// ... for OSX
+/* ... for OSX */
 #elif defined(__APPLE__)
 #include <libkern/OSByteOrder.h>
 #define htole64(x) OSSwapHostToLittleInt64(x)
@@ -100,14 +203,33 @@ typedef void *Prims_pos, *Prims_nat, *Prims_nonzero, *FStar_Seq_Base_seq,
 #define htobe32(x) OSSwapHostToBigInt32(x)
 #define be32toh(x) OSSwapBigToHostInt32(x)
 
-// ... for Windows
-#elif (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) && \
-    !defined(__WINDOWS__)
-#include <windows.h>
+/* ... for Solaris */
+#elif defined(__sun__)
+#include <sys/byteorder.h>
+#define htole64(x) LE_64(x)
+#define le64toh(x) LE_IN64(x)
+#define htobe64(x) BE_64(x)
+#define be64toh(x) BE_IN64(x)
+
+#define htole16(x) LE_16(x)
+#define le16toh(x) LE_IN16(x)
+#define htobe16(x) BE_16(x)
+#define be16toh(x) BE_IN16(x)
+
+#define htole32(x) LE_32(x)
+#define le32toh(x) LE_IN32(x)
+#define htobe32(x) BE_32(x)
+#define be32toh(x) BE_IN32(x)
+
+/* ... for the BSDs */
+#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#include <sys/endian.h>
+#elif defined(__OpenBSD__)
+#include <endian.h>
 
-#if BYTE_ORDER == LITTLE_ENDIAN
+/* ... for Windows (MSVC)... not targeting XBOX 360! */
+#elif defined(_MSC_VER)
 
-#if defined(_MSC_VER)
 #include <stdlib.h>
 #define htobe16(x) _byteswap_ushort(x)
 #define htole16(x) (x)
@@ -124,7 +246,9 @@ typedef void *Prims_pos, *Prims_nat, *Prims_nonzero, *FStar_Seq_Base_seq,
 #define be64toh(x) _byteswap_uint64(x)
 #define le64toh(x) (x)
 
-#elif defined(__GNUC__) || defined(__clang__)
+/* ... for Windows (GCC-like, e.g. mingw or clang) */
+#elif (defined(_WIN32) || defined(_WIN64)) && \
+    (defined(__GNUC__) || defined(__clang__))
 
 #define htobe16(x) __builtin_bswap16(x)
 #define htole16(x) (x)
@@ -140,14 +264,67 @@ typedef void *Prims_pos, *Prims_nat, *Prims_nonzero, *FStar_Seq_Base_seq,
 #define htole64(x) (x)
 #define be64toh(x) __builtin_bswap64(x)
 #define le64toh(x) (x)
-#endif
 
-#endif
+/* ... generic big-endian fallback code */
+#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+
+/* byte swapping code inspired by:
+ * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
+ * */
+
+#define htobe32(x) (x)
+#define be32toh(x) (x)
+#define htole32(x)                                                      \
+    (__extension__({                                                    \
+        uint32_t _temp = (x);                                           \
+        ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
+            ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
+    }))
+#define le32toh(x) (htole32((x)))
+
+#define htobe64(x) (x)
+#define be64toh(x) (x)
+#define htole64(x)                                           \
+    (__extension__({                                         \
+        uint64_t __temp = (x);                               \
+        uint32_t __low = htobe32((uint32_t)__temp);          \
+        uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
+        (((uint64_t)__low) << 32) | __high;                  \
+    }))
+#define le64toh(x) (htole64((x)))
+
+/* ... generic little-endian fallback code */
+#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
 
-#endif
+#define htole32(x) (x)
+#define le32toh(x) (x)
+#define htobe32(x)                                                      \
+    (__extension__({                                                    \
+        uint32_t _temp = (x);                                           \
+        ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
+            ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
+    }))
+#define be32toh(x) (htobe32((x)))
 
-// Loads and stores. These avoid undefined behavior due to unaligned memory
-// accesses, via memcpy.
+#define htole64(x) (x)
+#define le64toh(x) (x)
+#define htobe64(x)                                           \
+    (__extension__({                                         \
+        uint64_t __temp = (x);                               \
+        uint32_t __low = htobe32((uint32_t)__temp);          \
+        uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
+        (((uint64_t)__low) << 32) | __high;                  \
+    }))
+#define be64toh(x) (htobe64((x)))
+
+/* ... couldn't determine endian-ness of the target platform */
+#else
+#error "Please define __BYTE_ORDER__!"
+
+#endif /* defined(__linux__) || ... */
+
+/* Loads and stores. These avoid undefined behavior due to unaligned memory
+ * accesses, via memcpy. */
 
 inline static uint16_t
 load16(uint8_t *b)
@@ -206,101 +383,139 @@ store64(uint8_t *b, uint64_t i)
 #define load64_be(b) (be64toh(load64(b)))
 #define store64_be(b, i) (store64(b, htobe64(i)))
 
-// Integer types
-typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_;
-typedef int64_t FStar_Int64_t, FStar_Int64_t_;
-typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_;
-typedef int32_t FStar_Int32_t, FStar_Int32_t_;
-typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_;
-typedef int16_t FStar_Int16_t, FStar_Int16_t_;
-typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_;
-typedef int8_t FStar_Int8_t, FStar_Int8_t_;
+/******************************************************************************/
+/* Checked integers to ease the compilation of non-Low* code                  */
+/******************************************************************************/
+
+typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int,
+    krml_checked_int_t;
 
-// Constant time comparisons
-static inline uint8_t
-FStar_UInt8_eq_mask(uint8_t x, uint8_t y)
+inline static bool
+Prims_op_GreaterThanOrEqual(int32_t x, int32_t y)
 {
-    x = ~(x ^ y);
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return (int8_t)x >> 7;
+    return x >= y;
 }
 
-static inline uint8_t
-FStar_UInt8_gte_mask(uint8_t x, uint8_t y)
+inline static bool
+Prims_op_LessThanOrEqual(int32_t x, int32_t y)
 {
-    return ~(uint8_t)(((int32_t)x - y) >> 31);
+    return x <= y;
 }
 
-static inline uint16_t
-FStar_UInt16_eq_mask(uint16_t x, uint16_t y)
+inline static bool
+Prims_op_GreaterThan(int32_t x, int32_t y)
 {
-    x = ~(x ^ y);
-    x &= x << 8;
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return (int16_t)x >> 15;
+    return x > y;
 }
 
-static inline uint16_t
-FStar_UInt16_gte_mask(uint16_t x, uint16_t y)
+inline static bool
+Prims_op_LessThan(int32_t x, int32_t y)
 {
-    return ~(uint16_t)(((int32_t)x - y) >> 31);
+    return x < y;
 }
 
-static inline uint32_t
-FStar_UInt32_eq_mask(uint32_t x, uint32_t y)
+#define RETURN_OR(x)                                                            \
+    do {                                                                        \
+        int64_t __ret = x;                                                      \
+        if (__ret < INT32_MIN || INT32_MAX < __ret) {                           \
+            KRML_HOST_PRINTF("Prims.{int,nat,pos} integer overflow at %s:%d\n", \
+                             __FILE__, __LINE__);                               \
+            KRML_HOST_EXIT(252);                                                \
+        }                                                                       \
+        return (int32_t)__ret;                                                  \
+    } while (0)
+
+inline static int32_t
+Prims_pow2(int32_t x)
 {
-    x = ~(x ^ y);
-    x &= x << 16;
-    x &= x << 8;
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return ((int32_t)x) >> 31;
+    RETURN_OR((int64_t)1 << (int64_t)x);
 }
 
-static inline uint32_t
-FStar_UInt32_gte_mask(uint32_t x, uint32_t y)
+inline static int32_t
+Prims_op_Multiply(int32_t x, int32_t y)
 {
-    return ~((uint32_t)(((int64_t)x - y) >> 63));
+    RETURN_OR((int64_t)x * (int64_t)y);
 }
 
-static inline uint64_t
-FStar_UInt64_eq_mask(uint64_t x, uint64_t y)
+inline static int32_t
+Prims_op_Addition(int32_t x, int32_t y)
 {
-    x = ~(x ^ y);
-    x &= x << 32;
-    x &= x << 16;
-    x &= x << 8;
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return ((int64_t)x) >> 63;
+    RETURN_OR((int64_t)x + (int64_t)y);
 }
 
-static inline uint64_t
-FStar_UInt64_gte_mask(uint64_t x, uint64_t y)
+inline static int32_t
+Prims_op_Subtraction(int32_t x, int32_t y)
 {
-    uint64_t low63 =
-        ~((uint64_t)((int64_t)((int64_t)(x & UINT64_C(0x7fffffffffffffff)) -
-                               (int64_t)(y & UINT64_C(0x7fffffffffffffff))) >>
-                     63));
-    uint64_t high_bit =
-        ~((uint64_t)((int64_t)((int64_t)(x & UINT64_C(0x8000000000000000)) -
-                               (int64_t)(y & UINT64_C(0x8000000000000000))) >>
-                     63));
-    return low63 & high_bit;
+    RETURN_OR((int64_t)x - (int64_t)y);
 }
 
-// Platform-specific 128-bit arithmetic. These are static functions in a header,
-// so that each translation unit gets its own copy and the C compiler can
-// optimize.
-#ifdef HAVE_INT128_SUPPORT
+inline static int32_t
+Prims_op_Division(int32_t x, int32_t y)
+{
+    RETURN_OR((int64_t)x / (int64_t)y);
+}
+
+inline static int32_t
+Prims_op_Modulus(int32_t x, int32_t y)
+{
+    RETURN_OR((int64_t)x % (int64_t)y);
+}
+
+inline static int8_t
+FStar_UInt8_uint_to_t(int8_t x)
+{
+    return x;
+}
+inline static int16_t
+FStar_UInt16_uint_to_t(int16_t x)
+{
+    return x;
+}
+inline static int32_t
+FStar_UInt32_uint_to_t(int32_t x)
+{
+    return x;
+}
+inline static int64_t
+FStar_UInt64_uint_to_t(int64_t x)
+{
+    return x;
+}
+
+inline static int8_t
+FStar_UInt8_v(int8_t x)
+{
+    return x;
+}
+inline static int16_t
+FStar_UInt16_v(int16_t x)
+{
+    return x;
+}
+inline static int32_t
+FStar_UInt32_v(int32_t x)
+{
+    return x;
+}
+inline static int64_t
+FStar_UInt64_v(int64_t x)
+{
+    return x;
+}
+
+/* Platform-specific 128-bit arithmetic. These are static functions in a header,
+ * so that each translation unit gets its own copy and the C compiler can
+ * optimize. */
+#ifndef KRML_NOUINT128
 typedef unsigned __int128 FStar_UInt128_t, FStar_UInt128_t_, uint128_t;
 
+static inline void
+print128(const char *where, uint128_t n)
+{
+    KRML_HOST_PRINTF("%s: [%" PRIu64 ",%" PRIu64 "]\n", where,
+                     (uint64_t)(n >> 64), (uint64_t)n);
+}
+
 static inline uint128_t
 load128_le(uint8_t *b)
 {
@@ -344,8 +559,6 @@ store128_be(uint8_t *b, uint128_t n)
 #define FStar_UInt128_shift_right(x, y) ((x) >> (y))
 #define FStar_UInt128_uint64_to_uint128(x) ((uint128_t)(x))
 #define FStar_UInt128_uint128_to_uint64(x) ((uint64_t)(x))
-#define FStar_Int_Cast_Full_uint64_to_uint128(x) ((uint128_t)(x))
-#define FStar_Int_Cast_Full_uint128_to_uint64(x) ((uint64_t)(x))
 #define FStar_UInt128_mul_wide(x, y) ((uint128_t)(x) * (y))
 #define FStar_UInt128_op_Hat_Hat(x, y) ((x) ^ (y))
 
@@ -368,12 +581,20 @@ FStar_UInt128_gte_mask(uint128_t x, uint128_t y)
     return ((uint128_t)mask) << 64 | mask;
 }
 
-#else // defined(HAVE_INT128_SUPPORT)
+#else /* !defined(KRML_NOUINT128) */
 
-#include "fstar_uint128.h"
+/* This is a bad circular dependency... should fix it properly. */
+#include "FStar.h"
 
 typedef FStar_UInt128_uint128 FStar_UInt128_t_, uint128_t;
 
+/* A series of definitions written using pointers. */
+static inline void
+print128_(const char *where, uint128_t *n)
+{
+    KRML_HOST_PRINTF("%s: [0x%08" PRIx64 ",0x%08" PRIx64 "]\n", where, n->high, n->low);
+}
+
 static inline void
 load128_le_(uint8_t *b, uint128_t *r)
 {
@@ -402,11 +623,50 @@ store128_be_(uint8_t *b, uint128_t *n)
     store64_be(b + 8, n->low);
 }
 
-/* #define print128 print128_ */
+#ifndef KRML_NOSTRUCT_PASSING
+
+static inline void
+print128(const char *where, uint128_t n)
+{
+    print128_(where, &n);
+}
+
+static inline uint128_t
+load128_le(uint8_t *b)
+{
+    uint128_t r;
+    load128_le_(b, &r);
+    return r;
+}
+
+static inline void
+store128_le(uint8_t *b, uint128_t n)
+{
+    store128_le_(b, &n);
+}
+
+static inline uint128_t
+load128_be(uint8_t *b)
+{
+    uint128_t r;
+    load128_be_(b, &r);
+    return r;
+}
+
+static inline void
+store128_be(uint8_t *b, uint128_t n)
+{
+    store128_be_(b, &n);
+}
+
+#else /* !defined(KRML_STRUCT_PASSING) */
+
+#define print128 print128_
 #define load128_le load128_le_
 #define store128_le store128_le_
 #define load128_be load128_be_
 #define store128_be store128_be_
 
-#endif // HAVE_INT128_SUPPORT
-#endif // __KREMLIB_H
+#endif /* KRML_STRUCT_PASSING */
+#endif /* KRML_UINT128 */
+#endif /* __KREMLIB_H */
diff --git a/lib/freebl/verified/kremlib_base.h b/lib/freebl/verified/kremlib_base.h
new file mode 100644
index 000000000..61bac11d4
--- /dev/null
+++ b/lib/freebl/verified/kremlib_base.h
@@ -0,0 +1,191 @@
+/* Copyright 2016-2017 INRIA and Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __KREMLIB_BASE_H
+#define __KREMLIB_BASE_H
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+/******************************************************************************/
+/* Some macros to ease compatibility                                          */
+/******************************************************************************/
+
+/* Define __cdecl and friends when using GCC, so that we can safely compile code
+ * that contains __cdecl on all platforms. Note that this is in a separate
+ * header so that Dafny-generated code can include just this file. */
+#ifndef _MSC_VER
+/* Use the gcc predefined macros if on a platform/architectures that set them.
+ * Otherwise define them to be empty. */
+#ifndef __cdecl
+#define __cdecl
+#endif
+#ifndef __stdcall
+#define __stdcall
+#endif
+#ifndef __fastcall
+#define __fastcall
+#endif
+#endif
+
+#ifdef __GNUC__
+#define inline __inline__
+#endif
+
+/* GCC-specific attribute syntax; everyone else gets the standard C inline
+ * attribute. */
+#ifdef __GNU_C__
+#ifndef __clang__
+#define force_inline inline __attribute__((always_inline))
+#else
+#define force_inline inline
+#endif
+#else
+#define force_inline inline
+#endif
+
+/******************************************************************************/
+/* Implementing C.fst                                                         */
+/******************************************************************************/
+
+/* Uppercase issue; we have to define lowercase versions of the C macros (as we
+ * have no way to refer to an uppercase *variable* in F*). */
+extern int exit_success;
+extern int exit_failure;
+
+/* This one allows the user to write C.EXIT_SUCCESS. */
+typedef int exit_code;
+
+void print_string(const char *s);
+void print_bytes(uint8_t *b, uint32_t len);
+
+/* The universal null pointer defined in C.Nullity.fst */
+#define C_Nullity_null(X) 0
+
+/* If some globals need to be initialized before the main, then kremlin will
+ * generate and try to link last a function with this type: */
+void kremlinit_globals(void);
+
+/******************************************************************************/
+/* Implementation of machine integers (possibly of 128-bit integers)          */
+/******************************************************************************/
+
+/* Integer types */
+typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_;
+typedef int64_t FStar_Int64_t, FStar_Int64_t_;
+typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_;
+typedef int32_t FStar_Int32_t, FStar_Int32_t_;
+typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_;
+typedef int16_t FStar_Int16_t, FStar_Int16_t_;
+typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_;
+typedef int8_t FStar_Int8_t, FStar_Int8_t_;
+
+static inline uint32_t
+rotate32_left(uint32_t x, uint32_t n)
+{
+    /*  assert (n<32); */
+    return (x << n) | (x >> (32 - n));
+}
+static inline uint32_t
+rotate32_right(uint32_t x, uint32_t n)
+{
+    /*  assert (n<32); */
+    return (x >> n) | (x << (32 - n));
+}
+
+/* Constant time comparisons */
+static inline uint8_t
+FStar_UInt8_eq_mask(uint8_t x, uint8_t y)
+{
+    x = ~(x ^ y);
+    x &= x << 4;
+    x &= x << 2;
+    x &= x << 1;
+    return (int8_t)x >> 7;
+}
+
+static inline uint8_t
+FStar_UInt8_gte_mask(uint8_t x, uint8_t y)
+{
+    return ~(uint8_t)(((int32_t)x - y) >> 31);
+}
+
+static inline uint16_t
+FStar_UInt16_eq_mask(uint16_t x, uint16_t y)
+{
+    x = ~(x ^ y);
+    x &= x << 8;
+    x &= x << 4;
+    x &= x << 2;
+    x &= x << 1;
+    return (int16_t)x >> 15;
+}
+
+static inline uint16_t
+FStar_UInt16_gte_mask(uint16_t x, uint16_t y)
+{
+    return ~(uint16_t)(((int32_t)x - y) >> 31);
+}
+
+static inline uint32_t
+FStar_UInt32_eq_mask(uint32_t x, uint32_t y)
+{
+    x = ~(x ^ y);
+    x &= x << 16;
+    x &= x << 8;
+    x &= x << 4;
+    x &= x << 2;
+    x &= x << 1;
+    return ((int32_t)x) >> 31;
+}
+
+static inline uint32_t
+FStar_UInt32_gte_mask(uint32_t x, uint32_t y)
+{
+    return ~((uint32_t)(((int64_t)x - y) >> 63));
+}
+
+static inline uint64_t
+FStar_UInt64_eq_mask(uint64_t x, uint64_t y)
+{
+    x = ~(x ^ y);
+    x &= x << 32;
+    x &= x << 16;
+    x &= x << 8;
+    x &= x << 4;
+    x &= x << 2;
+    x &= x << 1;
+    return ((int64_t)x) >> 63;
+}
+
+static inline uint64_t
+FStar_UInt64_gte_mask(uint64_t x, uint64_t y)
+{
+    uint64_t low63 =
+        ~((uint64_t)((int64_t)((int64_t)(x & UINT64_C(0x7fffffffffffffff)) -
+                               (int64_t)(y & UINT64_C(0x7fffffffffffffff))) >>
+                     63));
+    uint64_t high_bit =
+        ~((uint64_t)((int64_t)((int64_t)(x & UINT64_C(0x8000000000000000)) -
+                               (int64_t)(y & UINT64_C(0x8000000000000000))) >>
+                     63));
+    return low63 & high_bit;
+}
+
+#endif
diff --git a/lib/freebl/verified/specs/Spec.CTR.fst b/lib/freebl/verified/specs/Spec.CTR.fst
new file mode 100644
index 000000000..fecc53ad5
--- /dev/null
+++ b/lib/freebl/verified/specs/Spec.CTR.fst
@@ -0,0 +1,83 @@
+module Spec.CTR
+
+module ST = FStar.HyperStack.ST
+
+open FStar.Mul
+open FStar.Seq
+open Spec.Lib
+
+#reset-options "--initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0"
+
+type block_cipher_ctx = {
+     keylen: nat ;
+     blocklen: (x:nat{x>0});
+     noncelen: nat;
+     counterbits: nat;
+     incr: pos}
+
+type key (c:block_cipher_ctx) = lbytes c.keylen
+type nonce (c:block_cipher_ctx) = lbytes c.noncelen
+type block (c:block_cipher_ctx) = lbytes (c.blocklen*c.incr)
+type counter (c:block_cipher_ctx) = UInt.uint_t c.counterbits
+type block_cipher (c:block_cipher_ctx) =  key c -> nonce c -> counter c -> block c
+
+val xor: #len:nat -> x:lbytes len -> y:lbytes len -> Tot (lbytes len)
+let xor #len x y = map2 FStar.UInt8.(fun x y -> x ^^ y) x y
+
+
+val counter_mode_blocks:
+  ctx: block_cipher_ctx ->
+  bc: block_cipher ctx ->
+  k:key ctx -> n:nonce ctx -> c:counter ctx ->
+  plain:seq UInt8.t{c + ctx.incr * (length plain / ctx.blocklen) < pow2 ctx.counterbits /\
+    length plain % (ctx.blocklen * ctx.incr) = 0} ->
+  Tot (lbytes (length plain))
+      (decreases (length plain))
+#reset-options "--z3rlimit 200 --max_fuel 0"
+let rec counter_mode_blocks ctx block_enc key nonce counter plain =
+  let len  = length plain in
+  let len' = len / (ctx.blocklen * ctx.incr) in
+  Math.Lemmas.lemma_div_mod len (ctx.blocklen * ctx.incr) ;
+  if len = 0 then Seq.createEmpty #UInt8.t
+  else (
+    let prefix, block = split plain (len - ctx.blocklen * ctx.incr) in    
+      (* TODO: move to a single lemma for clarify *)
+      Math.Lemmas.lemma_mod_plus (length prefix) 1 (ctx.blocklen * ctx.incr);
+      Math.Lemmas.lemma_div_le (length prefix) len ctx.blocklen;
+      Spec.CTR.Lemmas.lemma_div len (ctx.blocklen * ctx.incr);
+      (* End TODO *)
+    let cipher        = counter_mode_blocks ctx block_enc key nonce counter prefix in
+    let mask          = block_enc key nonce (counter + (len / ctx.blocklen - 1) * ctx.incr) in
+    let eb            = xor block mask in
+    cipher @| eb
+  )
+
+
+val counter_mode:
+  ctx: block_cipher_ctx ->
+  bc: block_cipher ctx ->
+  k:key ctx -> n:nonce ctx -> c:counter ctx ->
+  plain:seq UInt8.t{c + ctx.incr * (length plain / ctx.blocklen) < pow2 ctx.counterbits} ->
+  Tot (lbytes (length plain))
+      (decreases (length plain))
+#reset-options "--z3rlimit 200 --max_fuel 0"
+let counter_mode ctx block_enc key nonce counter plain =
+  let len = length plain in
+  let blocks_len = (ctx.incr * ctx.blocklen) * (len / (ctx.blocklen * ctx.incr)) in
+  let part_len   = len % (ctx.blocklen * ctx.incr) in
+    (* TODO: move to a single lemma for clarify *)
+    Math.Lemmas.lemma_div_mod len (ctx.blocklen * ctx.incr);
+    Math.Lemmas.multiple_modulo_lemma (len / (ctx.blocklen * ctx.incr)) (ctx.blocklen * ctx.incr);
+    Math.Lemmas.lemma_div_le (blocks_len) len ctx.blocklen;
+    (* End TODO *)
+  let blocks, last_block = split plain blocks_len in
+  let cipher_blocks = counter_mode_blocks ctx block_enc key nonce counter blocks in
+  let cipher_last_block =
+    if part_len > 0
+    then (* encrypt final partial block(s) *)
+      let mask = block_enc key nonce (counter+ctx.incr*(length plain / ctx.blocklen)) in
+      let mask = slice mask 0 part_len in
+      assert(length last_block = part_len);
+      xor #part_len last_block mask
+    else createEmpty in
+  cipher_blocks @| cipher_last_block
diff --git a/lib/freebl/verified/specs/Spec.Chacha20.fst b/lib/freebl/verified/specs/Spec.Chacha20.fst
new file mode 100644
index 000000000..2cc3ea714
--- /dev/null
+++ b/lib/freebl/verified/specs/Spec.Chacha20.fst
@@ -0,0 +1,154 @@
+module Spec.Chacha20
+
+module ST = FStar.HyperStack.ST
+
+open FStar.Mul
+open FStar.Seq
+open FStar.UInt32
+open FStar.Endianness
+open Spec.Lib
+open Spec.Chacha20.Lemmas
+open Seq.Create
+
+#set-options "--max_fuel 0 --z3rlimit 100"
+
+(* Constants *)
+let keylen = 32   (* in bytes *)
+let blocklen = 64 (* in bytes *)
+let noncelen = 12 (* in bytes *)
+
+type key = lbytes keylen
+type block = lbytes blocklen
+type nonce = lbytes noncelen
+type counter = UInt.uint_t 32
+
+// using @ as a functional substitute for ;
+// internally, blocks are represented as 16 x 4-byte integers
+type state = m:seq UInt32.t {length m = 16}
+type idx = n:nat{n < 16}
+type shuffle = state -> Tot state
+
+let line (a:idx) (b:idx) (d:idx) (s:t{0 < v s /\ v s < 32}) (m:state) : Tot state =
+  let m = m.[a] <- (m.[a] +%^ m.[b]) in
+  let m = m.[d] <- ((m.[d] ^^ m.[a]) <<< s) in m
+
+let quarter_round a b c d : shuffle =
+  line a b d 16ul @
+  line c d b 12ul @
+  line a b d 8ul  @
+  line c d b 7ul
+
+let column_round : shuffle =
+  quarter_round 0 4 8  12 @
+  quarter_round 1 5 9  13 @
+  quarter_round 2 6 10 14 @
+  quarter_round 3 7 11 15
+
+let diagonal_round : shuffle =
+  quarter_round 0 5 10 15 @
+  quarter_round 1 6 11 12 @
+  quarter_round 2 7 8  13 @
+  quarter_round 3 4 9  14
+
+let double_round: shuffle =
+    column_round @ diagonal_round (* 2 rounds *)
+
+let rounds : shuffle =
+    iter 10 double_round (* 20 rounds *)
+
+let chacha20_core (s:state) : Tot state =
+    let s' = rounds s in
+    Spec.Loops.seq_map2 (fun x y -> x +%^ y) s' s
+
+(* state initialization *)
+let c0 = 0x61707865ul
+let c1 = 0x3320646eul
+let c2 = 0x79622d32ul
+let c3 = 0x6b206574ul
+
+let setup (k:key) (n:nonce) (c:counter): Tot state =
+  create_4 c0 c1 c2 c3          @|
+  uint32s_from_le 8 k           @|
+  create_1 (UInt32.uint_to_t c) @|
+  uint32s_from_le 3 n
+
+let chacha20_block (k:key) (n:nonce) (c:counter): Tot block =
+    let st  = setup k n c in
+    let st' = chacha20_core st in
+    uint32s_to_le 16 st'
+
+let chacha20_ctx: Spec.CTR.block_cipher_ctx =
+    let open Spec.CTR in
+    {
+    keylen = keylen;
+    blocklen = blocklen;
+    noncelen = noncelen;
+    counterbits = 32;
+    incr = 1
+    }
+
+let chacha20_cipher: Spec.CTR.block_cipher chacha20_ctx = chacha20_block
+
+let chacha20_encrypt_bytes key nonce counter m =
+    Spec.CTR.counter_mode chacha20_ctx chacha20_cipher key nonce counter m
+
+
+unfold let test_plaintext = [
+    0x4cuy; 0x61uy; 0x64uy; 0x69uy; 0x65uy; 0x73uy; 0x20uy; 0x61uy;
+    0x6euy; 0x64uy; 0x20uy; 0x47uy; 0x65uy; 0x6euy; 0x74uy; 0x6cuy;
+    0x65uy; 0x6duy; 0x65uy; 0x6euy; 0x20uy; 0x6fuy; 0x66uy; 0x20uy;
+    0x74uy; 0x68uy; 0x65uy; 0x20uy; 0x63uy; 0x6cuy; 0x61uy; 0x73uy;
+    0x73uy; 0x20uy; 0x6fuy; 0x66uy; 0x20uy; 0x27uy; 0x39uy; 0x39uy;
+    0x3auy; 0x20uy; 0x49uy; 0x66uy; 0x20uy; 0x49uy; 0x20uy; 0x63uy;
+    0x6fuy; 0x75uy; 0x6cuy; 0x64uy; 0x20uy; 0x6fuy; 0x66uy; 0x66uy;
+    0x65uy; 0x72uy; 0x20uy; 0x79uy; 0x6fuy; 0x75uy; 0x20uy; 0x6fuy;
+    0x6euy; 0x6cuy; 0x79uy; 0x20uy; 0x6fuy; 0x6euy; 0x65uy; 0x20uy;
+    0x74uy; 0x69uy; 0x70uy; 0x20uy; 0x66uy; 0x6fuy; 0x72uy; 0x20uy;
+    0x74uy; 0x68uy; 0x65uy; 0x20uy; 0x66uy; 0x75uy; 0x74uy; 0x75uy;
+    0x72uy; 0x65uy; 0x2cuy; 0x20uy; 0x73uy; 0x75uy; 0x6euy; 0x73uy;
+    0x63uy; 0x72uy; 0x65uy; 0x65uy; 0x6euy; 0x20uy; 0x77uy; 0x6fuy;
+    0x75uy; 0x6cuy; 0x64uy; 0x20uy; 0x62uy; 0x65uy; 0x20uy; 0x69uy;
+    0x74uy; 0x2euy
+]
+
+unfold let test_ciphertext = [
+    0x6euy; 0x2euy; 0x35uy; 0x9auy; 0x25uy; 0x68uy; 0xf9uy; 0x80uy;
+    0x41uy; 0xbauy; 0x07uy; 0x28uy; 0xdduy; 0x0duy; 0x69uy; 0x81uy;
+    0xe9uy; 0x7euy; 0x7auy; 0xecuy; 0x1duy; 0x43uy; 0x60uy; 0xc2uy;
+    0x0auy; 0x27uy; 0xafuy; 0xccuy; 0xfduy; 0x9fuy; 0xaeuy; 0x0buy;
+    0xf9uy; 0x1buy; 0x65uy; 0xc5uy; 0x52uy; 0x47uy; 0x33uy; 0xabuy;
+    0x8fuy; 0x59uy; 0x3duy; 0xabuy; 0xcduy; 0x62uy; 0xb3uy; 0x57uy;
+    0x16uy; 0x39uy; 0xd6uy; 0x24uy; 0xe6uy; 0x51uy; 0x52uy; 0xabuy;
+    0x8fuy; 0x53uy; 0x0cuy; 0x35uy; 0x9fuy; 0x08uy; 0x61uy; 0xd8uy;
+    0x07uy; 0xcauy; 0x0duy; 0xbfuy; 0x50uy; 0x0duy; 0x6auy; 0x61uy;
+    0x56uy; 0xa3uy; 0x8euy; 0x08uy; 0x8auy; 0x22uy; 0xb6uy; 0x5euy;
+    0x52uy; 0xbcuy; 0x51uy; 0x4duy; 0x16uy; 0xccuy; 0xf8uy; 0x06uy;
+    0x81uy; 0x8cuy; 0xe9uy; 0x1auy; 0xb7uy; 0x79uy; 0x37uy; 0x36uy;
+    0x5auy; 0xf9uy; 0x0buy; 0xbfuy; 0x74uy; 0xa3uy; 0x5buy; 0xe6uy;
+    0xb4uy; 0x0buy; 0x8euy; 0xeduy; 0xf2uy; 0x78uy; 0x5euy; 0x42uy;
+    0x87uy; 0x4duy
+]
+
+unfold let test_key = [
+    0uy;   1uy;  2uy;  3uy;  4uy;  5uy;  6uy;  7uy;
+    8uy;   9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy;
+    16uy; 17uy; 18uy; 19uy; 20uy; 21uy; 22uy; 23uy;
+    24uy; 25uy; 26uy; 27uy; 28uy; 29uy; 30uy; 31uy
+    ]
+unfold let test_nonce = [
+    0uy; 0uy; 0uy; 0uy; 0uy; 0uy; 0uy; 0x4auy; 0uy; 0uy; 0uy; 0uy
+    ]
+
+unfold let test_counter = 1
+
+let test() =
+  assert_norm(List.Tot.length test_plaintext = 114);
+  assert_norm(List.Tot.length test_ciphertext = 114);
+  assert_norm(List.Tot.length test_key = 32);
+  assert_norm(List.Tot.length test_nonce = 12);
+  let test_plaintext = createL test_plaintext in
+  let test_ciphertext = createL test_ciphertext in
+  let test_key = createL test_key in
+  let test_nonce = createL test_nonce in
+  chacha20_encrypt_bytes test_key test_nonce test_counter test_plaintext
+  = test_ciphertext
diff --git a/lib/pk11wrap/pk11merge.c b/lib/pk11wrap/pk11merge.c
index d14f44c78..b2101b819 100644
--- a/lib/pk11wrap/pk11merge.c
+++ b/lib/pk11wrap/pk11merge.c
@@ -68,8 +68,11 @@ pk11_copyAttributes(PLArenaPool *arena,
                              copyTemplate, copyTemplateCount);
     /* if we have missing attributes, just skip them and create the object */
     if (crv == CKR_ATTRIBUTE_TYPE_INVALID) {
-        int i, j;
+        CK_ULONG i, j;
         newTemplate = PORT_NewArray(CK_ATTRIBUTE, copyTemplateCount);
+        if (!newTemplate) {
+            return SECFailure;
+        }
         /* remove the unknown attributes. If we don't have enough attributes
 	 * PK11_CreateNewObject() will fail */
         for (i = 0, j = 0; i < copyTemplateCount; i++) {
diff --git a/lib/pk11wrap/pk11pbe.c b/lib/pk11wrap/pk11pbe.c
index bea9333f6..5f68f399e 100644
--- a/lib/pk11wrap/pk11pbe.c
+++ b/lib/pk11wrap/pk11pbe.c
@@ -367,7 +367,24 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId)
         cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId);
 
     if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) {
-        length = sec_pkcs5v2_aes_key_length(cipherAlg);
+        /* Previously, the PKCS#12 files created with the old NSS
+         * releases encoded the maximum key size of AES (that is 32)
+         * in the keyLength field of PBKDF2-params. That resulted in
+         * always performing AES-256 even if AES-128-CBC or
+         * AES-192-CBC is specified in the encryptionScheme field of
+         * PBES2-params. This is wrong, but for compatibility reasons,
+         * check the keyLength field and use the value if it is 32.
+         */
+        if (p5_param.keyLength.data != NULL) {
+            length = DER_GetInteger(&p5_param.keyLength);
+        }
+        /* If the keyLength field is present and contains a value
+         * other than 32, that means the file is created outside of
+         * NSS, which we don't care about. Note that the following
+         * also handles the case when the field is absent. */
+        if (length != 32) {
+            length = sec_pkcs5v2_aes_key_length(cipherAlg);
+        }
     } else if (p5_param.keyLength.data != NULL) {
         length = DER_GetInteger(&p5_param.keyLength);
     } else {
diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c
index a962e9bb3..e316f1f1a 100644
--- a/lib/pk11wrap/pk11util.c
+++ b/lib/pk11wrap/pk11util.c
@@ -437,6 +437,11 @@ SECMOD_DeleteInternalModule(const char *name)
         return rv;
     }
 
+#ifdef NSS_FIPS_DISABLED
+    PORT_SetError(PR_OPERATION_NOT_SUPPORTED_ERROR);
+    return rv;
+#endif
+
     SECMOD_GetWriteLock(moduleLock);
     for (mlpp = &modules, mlp = modules;
          mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
@@ -955,7 +960,11 @@ SECMOD_DestroyModuleList(SECMODModuleList *list)
 PRBool
 SECMOD_CanDeleteInternalModule(void)
 {
+#ifdef NSS_FIPS_DISABLED
+    return PR_FALSE;
+#else
     return (PRBool)(pendingModule == NULL);
+#endif
 }
 
 /*
diff --git a/lib/pkcs7/p7create.c b/lib/pkcs7/p7create.c
index d8f436954..a79d5aa26 100644
--- a/lib/pkcs7/p7create.c
+++ b/lib/pkcs7/p7create.c
@@ -18,7 +18,13 @@
 #include "secder.h"
 #include "secpkcs5.h"
 
-const int NSS_PBE_DEFAULT_ITERATION_COUNT = 100000; /* used in p12e.c too */
+const int NSS_PBE_DEFAULT_ITERATION_COUNT = /* used in p12e.c too */
+#ifdef DEBUG
+    10000
+#else
+    1000000
+#endif
+    ;
 
 static SECStatus
 sec_pkcs7_init_content_info(SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp,
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 274dd104e..1dfa3a44e 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -3839,7 +3839,7 @@ ssl3_ConsumeHandshakeNumber64(sslSocket *ss, PRUint64 *num, PRUint32 bytes,
                               PRUint8 **b, PRUint32 *length)
 {
     PRUint8 *buf = *b;
-    int i;
+    PRUint32 i;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
@@ -4513,7 +4513,7 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
 {
     sslSessionID *sid;
     SECStatus rv;
-    int i;
+    unsigned int i;
     int length;
     int num_suites;
     int actual_count = 0;
@@ -4521,7 +4521,7 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
     PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
     PRBool unlockNeeded = PR_FALSE;
     sslBuffer extensionBuf = SSL_BUFFER_EMPTY;
-    PRUint16 version;
+    PRUint16 version = ss->vrange.max;
     PRInt32 flags;
     unsigned int cookieLen = ss->ssl3.hs.cookie.len;
 
@@ -4675,8 +4675,6 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
                 if (sid->version < ss->vrange.min ||
                     sid->version > ss->vrange.max) {
                     sidOK = PR_FALSE;
-                } else {
-                    version = ss->vrange.max;
                 }
             }
         }
@@ -4710,8 +4708,6 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
          */
         if (ss->firstHsDone) {
             version = ss->clientHelloVersion;
-        } else {
-            version = ss->vrange.max;
         }
 
         sid = ssl3_NewSessionID(ss, PR_FALSE);
@@ -6378,7 +6374,7 @@ ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
     rv = ssl3_HandleParsedExtensions(ss, ssl_hs_server_hello);
     ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
     if (rv != SECSuccess) {
-        goto loser;
+        goto alert_loser;
     }
 
     rv = ssl_HashHandshakeMessage(ss, ssl_hs_server_hello,
@@ -6670,11 +6666,11 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
 
     rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
-    if (rv != SECSuccess) {
+    if (rv != SECSuccess || minDH <= 0) {
         minDH = SSL_DH_MIN_P_BITS;
     }
     dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
-    if (dh_p_bits < minDH) {
+    if (dh_p_bits < (unsigned)minDH) {
         errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
         goto alert_loser;
     }
@@ -7610,8 +7606,8 @@ SECStatus
 ssl3_NegotiateCipherSuite(sslSocket *ss, const SECItem *suites,
                           PRBool initHashes)
 {
-    int j;
-    int i;
+    unsigned int j;
+    unsigned int i;
 
     for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
         ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
@@ -8240,19 +8236,9 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
 
     if (IS_DTLS(ss)) {
         ssl3_DisableNonDTLSSuites(ss);
+        dtls_ReceivedFirstMessageInFlight(ss);
     }
 
-#ifdef PARANOID
-    /* Look for a matching cipher suite. */
-    j = ssl3_config_match_init(ss);
-    if (j <= 0) {                  /* no ciphers are working/supported by PK11 */
-        errCode = PORT_GetError(); /* error code is already set. */
-        goto alert_loser;
-    }
-#endif
-
-    dtls_ReceivedFirstMessageInFlight(ss);
-
     if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
         rv = tls13_HandleClientHelloPart2(ss, &suites, sid, savedMsg, savedLen);
     } else {
@@ -8317,7 +8303,7 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
     SSL3AlertDescription desc = illegal_parameter;
     SECStatus rv;
     unsigned int i;
-    int j;
+    unsigned int j;
 
     rv = ssl_HashHandshakeMessage(ss, ssl_hs_client_hello, msg, len);
     if (rv != SECSuccess) {
@@ -8343,7 +8329,7 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
                     break;
             }
             PORT_Assert(j > 0);
-            if (j <= 0)
+            if (j == 0)
                 break;
 #ifdef PARANOID
             /* Double check that the cached cipher suite is still enabled,
@@ -8378,8 +8364,7 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
 
 #ifndef PARANOID
     /* Look for a matching cipher suite. */
-    j = ssl3_config_match_init(ss);
-    if (j <= 0) { /* no ciphers are working/supported by PK11 */
+    if (ssl3_config_match_init(ss) <= 0) {
         desc = internal_error;
         errCode = PORT_GetError(); /* error code is already set. */
         goto alert_loser;
@@ -9199,12 +9184,12 @@ ssl3_SendCertificateRequest(sslSocket *ss)
     PRBool isTLS12;
     const PRUint8 *certTypes;
     SECStatus rv;
-    int length;
+    PRUint32 length;
     const SECItem *names;
     unsigned int calen;
     unsigned int nnames;
     const SECItem *name;
-    int i;
+    unsigned int i;
     int certTypesLength;
     PRUint8 sigAlgs[2 + MAX_SIGNATURE_SCHEMES * 2];
     sslBuffer sigAlgsBuf = SSL_BUFFER(sigAlgs);
@@ -10424,7 +10409,8 @@ ssl3_AuthCertificate(sslSocket *ss)
         }
         if (pubKey) {
             KeyType pubKeyType;
-            PRInt32 minKey;
+            PRUint32 minKey;
+            PRInt32 optval;
             /* This partly fixes Bug 124230 and may cause problems for
              * callers which depend on the old (wrong) behavior. */
             ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey);
@@ -10435,29 +10421,29 @@ ssl3_AuthCertificate(sslSocket *ss)
                 case rsaPssKey:
                 case rsaOaepKey:
                     rv =
-                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey);
-                    if (rv !=
-                        SECSuccess) {
-                        minKey =
-                            SSL_RSA_MIN_MODULUS_BITS;
+                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &optval);
+                    if (rv == SECSuccess && optval > 0) {
+                        minKey = (PRUint32)optval;
+                    } else {
+                        minKey = SSL_RSA_MIN_MODULUS_BITS;
                     }
                     break;
                 case dsaKey:
                     rv =
-                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey);
-                    if (rv !=
-                        SECSuccess) {
-                        minKey =
-                            SSL_DSA_MIN_P_BITS;
+                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &optval);
+                    if (rv == SECSuccess && optval > 0) {
+                        minKey = (PRUint32)optval;
+                    } else {
+                        minKey = SSL_DSA_MIN_P_BITS;
                     }
                     break;
                 case dhKey:
                     rv =
-                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey);
-                    if (rv !=
-                        SECSuccess) {
-                        minKey =
-                            SSL_DH_MIN_P_BITS;
+                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &optval);
+                    if (rv == SECSuccess && optval > 0) {
+                        minKey = (PRUint32)optval;
+                    } else {
+                        minKey = SSL_DH_MIN_P_BITS;
                     }
                     break;
                 default:
diff --git a/lib/ssl/ssl3encode.c b/lib/ssl/ssl3encode.c
index cbbd7ed24..cbb1b9b59 100644
--- a/lib/ssl/ssl3encode.c
+++ b/lib/ssl/ssl3encode.c
@@ -53,7 +53,7 @@ ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes)
 SECStatus
 ssl3_ConsumeNumberFromItem(SECItem *item, PRUint32 *num, PRUint32 bytes)
 {
-    int i;
+    unsigned int i;
 
     if (bytes > item->len || bytes > sizeof(*num)) {
         PORT_SetError(SEC_ERROR_BAD_DATA);
diff --git a/lib/ssl/sslexp.h b/lib/ssl/sslexp.h
index cf71913cb..c1b06e305 100644
--- a/lib/ssl/sslexp.h
+++ b/lib/ssl/sslexp.h
@@ -340,7 +340,7 @@ typedef SSLHelloRetryRequestAction(PR_CALLBACK *SSLHelloRetryRequestCallback)(
                           SSLHelloRetryRequestCallback _cb, void *_arg), \
                          (fd, cb, arg))
 
-#define SSL_UseAltHandshakeType(fd, enable) \
+#define SSL_UseAltServerHelloType(fd, enable) \
     SSL_DEPRECATED_EXPERIMENTAL_API
 
 SEC_END_PROTOS
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index 3e344068d..c6789af80 100644
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -3175,7 +3175,7 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
     }
     blocking = ssl_FdIsBlocking(fd);
 
-#define K16 sizeof(buf)
+#define K16 ((int)sizeof(buf))
 #define KILL_VECTORS                   \
     while (vectors && !iov->iov_len) { \
         ++iov;                         \
diff --git a/lib/util/nssrwlk.c b/lib/util/nssrwlk.c
index dbaeca24b..5af021762 100644
--- a/lib/util/nssrwlk.c
+++ b/lib/util/nssrwlk.c
@@ -120,6 +120,8 @@ NSSRWLock_Destroy(NSSRWLock *rwlock)
 {
     PR_ASSERT(rwlock != NULL);
     PR_ASSERT(rwlock->rw_waiting_readers == 0);
+    PR_ASSERT(rwlock->rw_writer_locks == 0);
+    PR_ASSERT(rwlock->rw_reader_locks == 0);
 
     /* XXX Shouldn't we lock the PZLock before destroying this?? */
 
diff --git a/lib/util/pkcs11uri.c b/lib/util/pkcs11uri.c
index 453440293..94b00171e 100644
--- a/lib/util/pkcs11uri.c
+++ b/lib/util/pkcs11uri.c
@@ -242,7 +242,7 @@ static int
 pk11uri_CompareByPosition(const char *a, const char *b,
                           const char **attr_names, size_t num_attr_names)
 {
-    int i, j;
+    size_t i, j;
 
     for (i = 0; i < num_attr_names; i++) {
         if (strcmp(a, attr_names[i]) == 0) {
diff --git a/lib/util/secport.c b/lib/util/secport.c
index 4eeddec40..e5bd4c1bb 100644
--- a/lib/util/secport.c
+++ b/lib/util/secport.c
@@ -789,7 +789,7 @@ unsigned int
 NSS_SecureMemcmpZero(const void *mem, size_t n)
 {
     PRUint8 zero = 0;
-    int i;
+    size_t i;
     for (i = 0; i < n; ++i) {
         zero |= *(PRUint8 *)((uintptr_t)mem + i);
     }
author	Martin Thomson <martin.thomson@gmail.com>	2017-11-23 12:05:35 +1100
committer	Martin Thomson <martin.thomson@gmail.com>	2017-11-23 12:05:35 +1100
commit	82f5248254af24e94dd0955297cd5259ca45b1b8 (patch)
tree	9296417df06d845ad740f45b6ba9f1634a8bd656 /lib
parent	7bdd85eefb8ae0a63bf8228886b9c2b13a857dd1 (diff)
parent	6280b248e57fa54bcd197edd6491962c9fc0e772 (diff)
download	nss-hg-82f5248254af24e94dd0955297cd5259ca45b1b8.tar.gz