Backed out 1 changesets (bug 1420060) for xpcshell failures on test_pkcs11_module.js UPGRADE_NSS_RELEASE r=backout on a CLOSED TREE
authorNarcis Beleuzu <nbeleuzu@mozilla.com>
Thu, 23 Nov 2017 14:01:48 +0200
changeset 445167 4c669cc6ea5223ace22e47c7af0e15f9dc9911c5
parent 445166 b2b7f05f33728f3914094a49bdb8d93557015f32
child 445168 72fd7816dd7711b8e8d867e50299dbc6fee1bb13
push id8527
push userCallek@gmail.com
push dateThu, 11 Jan 2018 21:05:50 +0000
treeherdermozilla-beta@95342d212a7a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1420060
milestone59.0a1
backs out40f90a8fd17ddc13f6c7100541c74d4df51917f5
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 1 changesets (bug 1420060) for xpcshell failures on test_pkcs11_module.js UPGRADE_NSS_RELEASE r=backout on a CLOSED TREE Backed out changeset 40f90a8fd17d (bug 1420060)
old-configure.in
security/manager/ssl/RootHashes.inc
security/manager/tools/KnownRootHashes.json
security/nss/TAG-INFO
security/nss/automation/abi-check/expected-report-libnss3.so.txt
security/nss/automation/abi-check/expected-report-libssl3.so.txt
security/nss/automation/abi-check/previous-nss-release
security/nss/automation/taskcluster/docker-hacl/Dockerfile
security/nss/automation/taskcluster/scripts/run_hacl.sh
security/nss/automation/taskcluster/windows/releng.manifest
security/nss/automation/taskcluster/windows/setup.sh
security/nss/automation/taskcluster/windows/setup32.sh
security/nss/automation/taskcluster/windows/setup64.sh
security/nss/build.sh
security/nss/cmd/fipstest/runtest.sh
security/nss/cmd/lib/secutil.c
security/nss/cmd/modutil/pk11.c
security/nss/cmd/rsapoptst/rsapoptst.c
security/nss/cmd/selfserv/selfserv.c
security/nss/coreconf/coreconf.dep
security/nss/gtests/common/util.h
security/nss/gtests/freebl_gtest/freebl_gtest.gyp
security/nss/gtests/freebl_gtest/rsa_unittest.cc
security/nss/gtests/pk11_gtest/manifest.mn
security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
security/nss/gtests/pk11_gtest/pk11_gtest.gyp
security/nss/help.txt
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/cryptohi/seckey.c
security/nss/lib/cryptohi/secsign.c
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/chacha20.c
security/nss/lib/freebl/ecl/curve25519_64.c
security/nss/lib/freebl/fipsfreebl.c
security/nss/lib/freebl/freebl.gyp
security/nss/lib/freebl/freebl_base.gypi
security/nss/lib/freebl/mpi/README
security/nss/lib/freebl/mpi/mpi-config.h
security/nss/lib/freebl/mpi/mpi.c
security/nss/lib/freebl/poly1305.h
security/nss/lib/freebl/rsa.c
security/nss/lib/freebl/verified/FStar.c
security/nss/lib/freebl/verified/FStar.h
security/nss/lib/freebl/verified/Hacl_Chacha20.c
security/nss/lib/freebl/verified/Hacl_Chacha20.h
security/nss/lib/freebl/verified/Hacl_Curve25519.c
security/nss/lib/freebl/verified/Hacl_Curve25519.h
security/nss/lib/freebl/verified/fstar_uint128.h
security/nss/lib/freebl/verified/hacl_curve25519_64.c
security/nss/lib/freebl/verified/hacl_curve25519_64.h
security/nss/lib/freebl/verified/kremlib.h
security/nss/lib/freebl/verified/kremlib_base.h
security/nss/lib/freebl/verified/specs/Spec.CTR.fst
security/nss/lib/freebl/verified/specs/Spec.Chacha20.fst
security/nss/lib/nss/nss.h
security/nss/lib/pk11wrap/pk11merge.c
security/nss/lib/pk11wrap/pk11pbe.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/pkcs7/p7create.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/softkver.h
security/nss/lib/softoken/softoknt.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3encode.c
security/nss/lib/ssl/sslexp.h
security/nss/lib/ssl/sslsock.c
security/nss/lib/util/nssrwlk.c
security/nss/lib/util/nssutil.h
security/nss/lib/util/pkcs11uri.c
security/nss/lib/util/secport.c
security/nss/tests/all.sh
security/nss/tests/cert/cert.sh
security/nss/tests/ssl/ssl.sh
security/nss/tests/ssl_gtests/ssl_gtests.sh
security/nss/tests/tools/TestOldAES128CA.p12
security/nss/tests/tools/tools.sh
--- a/old-configure.in
+++ b/old-configure.in
@@ -1930,17 +1930,17 @@ dnl = If NSS was not detected in the sys
 dnl = use the one in the source tree (mozilla/security/nss)
 dnl ========================================================
 
 MOZ_ARG_WITH_BOOL(system-nss,
 [  --with-system-nss       Use system installed NSS],
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.35, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.34, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_SYSTEM_NSS"; then
    NSS_LIBS="$NSS_LIBS -lcrmf"
 else
    NSS_CFLAGS="-I${DIST}/include/nss"
    case "${OS_ARCH}" in
         # Only few platforms have been tested with GYP
--- a/security/manager/ssl/RootHashes.inc
+++ b/security/manager/ssl/RootHashes.inc
@@ -47,22 +47,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* DST_Root_CA_X3 */
     { 0x06, 0x87, 0x26, 0x03, 0x31, 0xA7, 0x24, 0x03, 0xD9, 0x09, 0xF1, 0x05, 0xE6, 0x9B, 0xCF, 0x0D,
       0x32, 0xE1, 0xBD, 0x24, 0x93, 0xFF, 0xC6, 0xD9, 0x20, 0x6D, 0x11, 0xBC, 0xD6, 0x77, 0x07, 0x39 },
       52 /* Bin Number */
   },
   {
-    /* TrustCor_RootCert_CA_2 */
-    { 0x07, 0x53, 0xE9, 0x40, 0x37, 0x8C, 0x1B, 0xD5, 0xE3, 0x83, 0x6E, 0x39, 0x5D, 0xAE, 0xA5, 0xCB,
-      0x83, 0x9E, 0x50, 0x46, 0xF1, 0xBD, 0x0E, 0xAE, 0x19, 0x51, 0xCF, 0x10, 0xFE, 0xC7, 0xC9, 0x65 },
-      191 /* Bin Number */
-  },
-  {
     /* AddTrust_Public_CA_Root */
     { 0x07, 0x91, 0xCA, 0x07, 0x49, 0xB2, 0x07, 0x82, 0xAA, 0xD3, 0xC7, 0xD7, 0xBD, 0x0C, 0xDF, 0xC9,
       0x48, 0x58, 0x35, 0x84, 0x3E, 0xB2, 0xD7, 0x99, 0x60, 0x09, 0xCE, 0x43, 0xAB, 0x6C, 0x69, 0x27 },
       16 /* Bin Number */
   },
   {
     /* OU_Equifax_Secure_Certificate_Authority_O_Equifax_C_US */
     { 0x08, 0x29, 0x7A, 0x40, 0x47, 0xDB, 0xA2, 0x36, 0x80, 0xC7, 0x31, 0xDB, 0x6E, 0x31, 0x76, 0x53,
@@ -167,22 +161,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* Swisscom_Root_CA_1 */
     { 0x21, 0xDB, 0x20, 0x12, 0x36, 0x60, 0xBB, 0x2E, 0xD4, 0x18, 0x20, 0x5D, 0xA1, 0x1E, 0xE7, 0xA8,
       0x5A, 0x65, 0xE2, 0xBC, 0x6E, 0x55, 0xB5, 0xAF, 0x7E, 0x78, 0x99, 0xC8, 0xA2, 0x66, 0xD9, 0x2E },
       47 /* Bin Number */
   },
   {
-    /* SSL_com_EV_Root_Certification_Authority_ECC */
-    { 0x22, 0xA2, 0xC1, 0xF7, 0xBD, 0xED, 0x70, 0x4C, 0xC1, 0xE7, 0x01, 0xB5, 0xF4, 0x08, 0xC3, 0x10,
-      0x88, 0x0F, 0xE9, 0x56, 0xB5, 0xDE, 0x2A, 0x4A, 0x44, 0xF9, 0x9C, 0x87, 0x3A, 0x25, 0xA7, 0xC8 },
-      196 /* Bin Number */
-  },
-  {
     /* VeriSign_Universal_Root_Certification_Authority */
     { 0x23, 0x99, 0x56, 0x11, 0x27, 0xA5, 0x71, 0x25, 0xDE, 0x8C, 0xEF, 0xEA, 0x61, 0x0D, 0xDF, 0x2F,
       0xA0, 0x78, 0xB5, 0xC8, 0x06, 0x7F, 0x4E, 0x82, 0x82, 0x90, 0xBF, 0xB8, 0x60, 0xE8, 0x4B, 0x3C },
       90 /* Bin Number */
   },
   {
     /* Izenpe_com */
     { 0x25, 0x30, 0xCC, 0x8E, 0x98, 0x32, 0x15, 0x02, 0xBA, 0xD9, 0x6F, 0x9B, 0x1F, 0xBA, 0x1B, 0x09,
@@ -209,22 +197,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* OU_ApplicationCA_O_Japanese_Government_C_JP */
     { 0x2D, 0x47, 0x43, 0x7D, 0xE1, 0x79, 0x51, 0x21, 0x5A, 0x12, 0xF3, 0xC5, 0x8E, 0x51, 0xC7, 0x29,
       0xA5, 0x80, 0x26, 0xEF, 0x1F, 0xCC, 0x0A, 0x5F, 0xB3, 0xD9, 0xDC, 0x01, 0x2F, 0x60, 0x0D, 0x19 },
       85 /* Bin Number */
   },
   {
-    /* SSL_com_EV_Root_Certification_Authority_RSA_R2 */
-    { 0x2E, 0x7B, 0xF1, 0x6C, 0xC2, 0x24, 0x85, 0xA7, 0xBB, 0xE2, 0xAA, 0x86, 0x96, 0x75, 0x07, 0x61,
-      0xB0, 0xAE, 0x39, 0xBE, 0x3B, 0x2F, 0xE9, 0xD0, 0xCC, 0x6D, 0x4E, 0xF7, 0x34, 0x91, 0x42, 0x5C },
-      195 /* Bin Number */
-  },
-  {
     /* IdenTrust_Public_Sector_Root_CA_1 */
     { 0x30, 0xD0, 0x89, 0x5A, 0x9A, 0x44, 0x8A, 0x26, 0x20, 0x91, 0x63, 0x55, 0x22, 0xD1, 0xF5, 0x20,
       0x10, 0xB5, 0x86, 0x7A, 0xCA, 0xE1, 0x2C, 0x78, 0xEF, 0x95, 0x8F, 0xD4, 0xF4, 0x38, 0x9F, 0x2F },
       162 /* Bin Number */
   },
   {
     /* DigiCert_Global_Root_G3 */
     { 0x31, 0xAD, 0x66, 0x48, 0xF8, 0x10, 0x41, 0x38, 0xC7, 0x38, 0xF3, 0x9E, 0xA4, 0x32, 0x01, 0x33,
@@ -233,22 +215,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* Microsec_e_Szigno_Root_CA */
     { 0x32, 0x7A, 0x3D, 0x76, 0x1A, 0xBA, 0xDE, 0xA0, 0x34, 0xEB, 0x99, 0x84, 0x06, 0x27, 0x5C, 0xB1,
       0xA4, 0x77, 0x6E, 0xFD, 0xAE, 0x2F, 0xDF, 0x6D, 0x01, 0x68, 0xEA, 0x1C, 0x4F, 0x55, 0x67, 0xD0 },
       70 /* Bin Number */
   },
   {
-    /* SSL_com_Root_Certification_Authority_ECC */
-    { 0x34, 0x17, 0xBB, 0x06, 0xCC, 0x60, 0x07, 0xDA, 0x1B, 0x96, 0x1C, 0x92, 0x0B, 0x8A, 0xB4, 0xCE,
-      0x3F, 0xAD, 0x82, 0x0E, 0x4A, 0xA3, 0x0B, 0x9A, 0xCB, 0xC4, 0xA7, 0x4E, 0xBD, 0xCE, 0xBC, 0x65 },
-      194 /* Bin Number */
-  },
-  {
     /* EBG_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
     { 0x35, 0xAE, 0x5B, 0xDD, 0xD8, 0xF7, 0xAE, 0x63, 0x5C, 0xFF, 0xBA, 0x56, 0x82, 0xA8, 0xF0, 0x0B,
       0x95, 0xF4, 0x84, 0x62, 0xC7, 0x10, 0x8E, 0xE9, 0xA0, 0xE5, 0x29, 0x2B, 0x07, 0x4A, 0xAF, 0xB2 },
       82 /* Bin Number */
   },
   {
     /* GeoTrust_Primary_Certification_Authority */
     { 0x37, 0xD5, 0x10, 0x06, 0xC5, 0x12, 0xEA, 0xAB, 0x62, 0x64, 0x21, 0xF1, 0xEC, 0x8C, 0x92, 0x01,
@@ -425,22 +401,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* TWCA_Global_Root_CA */
     { 0x59, 0x76, 0x90, 0x07, 0xF7, 0x68, 0x5D, 0x0F, 0xCD, 0x50, 0x87, 0x2F, 0x9F, 0x95, 0xD5, 0x75,
       0x5A, 0x5B, 0x2B, 0x45, 0x7D, 0x81, 0xF3, 0x69, 0x2B, 0x61, 0x0A, 0x98, 0x67, 0x2F, 0x0E, 0x1B },
       139 /* Bin Number */
   },
   {
-    /* TrustCor_ECA_1 */
-    { 0x5A, 0x88, 0x5D, 0xB1, 0x9C, 0x01, 0xD9, 0x12, 0xC5, 0x75, 0x93, 0x88, 0x93, 0x8C, 0xAF, 0xBB,
-      0xDF, 0x03, 0x1A, 0xB2, 0xD4, 0x8E, 0x91, 0xEE, 0x15, 0x58, 0x9B, 0x42, 0x97, 0x1D, 0x03, 0x9C },
-      192 /* Bin Number */
-  },
-  {
     /* Certum_Trusted_Network_CA */
     { 0x5C, 0x58, 0x46, 0x8D, 0x55, 0xF5, 0x8E, 0x49, 0x7E, 0x74, 0x39, 0x82, 0xD2, 0xB5, 0x00, 0x10,
       0xB6, 0xD1, 0x65, 0x37, 0x4A, 0xCF, 0x83, 0xA7, 0xD4, 0xA3, 0x2D, 0xB7, 0x68, 0xC4, 0x40, 0x8E },
       113 /* Bin Number */
   },
   {
     /* CFCA_EV_ROOT */
     { 0x5C, 0xC3, 0xD7, 0x8E, 0x4E, 0x1D, 0x5E, 0x45, 0x54, 0x7A, 0x04, 0xE6, 0x87, 0x3E, 0x64, 0xF9,
@@ -605,22 +575,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* OU_VeriSign_Trust_Network_OU___c__1998_VeriSign__Inc____For_authorized_use_only__OU_Class_3_Public_Primary_Certification_Authority___G2_O__VeriSign__Inc___C_US */
     { 0x83, 0xCE, 0x3C, 0x12, 0x29, 0x68, 0x8A, 0x59, 0x3D, 0x48, 0x5F, 0x81, 0x97, 0x3C, 0x0F, 0x91,
       0x95, 0x43, 0x1E, 0xDA, 0x37, 0xCC, 0x5E, 0x36, 0x43, 0x0E, 0x79, 0xC7, 0xA8, 0x88, 0x63, 0x8B },
       5 /* Bin Number */
   },
   {
-    /* SSL_com_Root_Certification_Authority_RSA */
-    { 0x85, 0x66, 0x6A, 0x56, 0x2E, 0xE0, 0xBE, 0x5C, 0xE9, 0x25, 0xC1, 0xD8, 0x89, 0x0A, 0x6F, 0x76,
-      0xA8, 0x7E, 0xC1, 0x6D, 0x4D, 0x7D, 0x5F, 0x29, 0xEA, 0x74, 0x19, 0xCF, 0x20, 0x12, 0x3B, 0x69 },
-      193 /* Bin Number */
-  },
-  {
     /* QuoVadis_Root_CA_2 */
     { 0x85, 0xA0, 0xDD, 0x7D, 0xD7, 0x20, 0xAD, 0xB7, 0xFF, 0x05, 0xF8, 0x3D, 0x54, 0x2B, 0x20, 0x9D,
       0xC7, 0xFF, 0x45, 0x28, 0xF7, 0xD6, 0x77, 0xB1, 0x83, 0x89, 0xFE, 0xA5, 0xE5, 0xC4, 0x9E, 0x86 },
       32 /* Bin Number */
   },
   {
     /* UTN___DATACorp_SGC */
     { 0x85, 0xFB, 0x2F, 0x91, 0xDD, 0x12, 0x27, 0x5A, 0x01, 0x45, 0xB6, 0x36, 0x53, 0x4F, 0x84, 0x02,
@@ -893,22 +857,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* TWCA_Root_Certification_Authority */
     { 0xBF, 0xD8, 0x8F, 0xE1, 0x10, 0x1C, 0x41, 0xAE, 0x3E, 0x80, 0x1B, 0xF8, 0xBE, 0x56, 0x35, 0x0E,
       0xE9, 0xBA, 0xD1, 0xA6, 0xB9, 0xBD, 0x51, 0x5E, 0xDC, 0x5C, 0x6D, 0x5B, 0x87, 0x11, 0xAC, 0x44 },
       117 /* Bin Number */
   },
   {
-    /* GDCA_TrustAUTH_R5_ROOT */
-    { 0xBF, 0xFF, 0x8F, 0xD0, 0x44, 0x33, 0x48, 0x7D, 0x6A, 0x8A, 0xA6, 0x0C, 0x1A, 0x29, 0x76, 0x7A,
-      0x9F, 0xC2, 0xBB, 0xB0, 0x5E, 0x42, 0x0F, 0x71, 0x3A, 0x13, 0xB9, 0x92, 0x89, 0x1D, 0x38, 0x93 },
-      189 /* Bin Number */
-  },
-  {
     /* OU_ePKI_Root_Certification_Authority_O__Chunghwa_Telecom_Co___Ltd___C_TW */
     { 0xC0, 0xA6, 0xF4, 0xDC, 0x63, 0xA2, 0x4B, 0xFD, 0xCF, 0x54, 0xEF, 0x2A, 0x6A, 0x08, 0x2A, 0x0A,
       0x72, 0xDE, 0x35, 0x80, 0x3E, 0x2F, 0xF5, 0xFF, 0x52, 0x7A, 0xE5, 0xD8, 0x72, 0x06, 0xDF, 0xD5 },
       78 /* Bin Number */
   },
   {
     /* OU_Trustis_FPS_Root_CA_O_Trustis_Limited_C_GB */
     { 0xC1, 0xB4, 0x82, 0x99, 0xAB, 0xA5, 0x20, 0x8F, 0xE9, 0x63, 0x0A, 0xCE, 0x55, 0xCA, 0x68, 0xA0,
@@ -971,22 +929,16 @@ static const struct CertAuthorityHash RO
   },
   {
     /* Equifax_Secure_eBusiness_CA_1 */
     { 0xCF, 0x56, 0xFF, 0x46, 0xA4, 0xA1, 0x86, 0x10, 0x9D, 0xD9, 0x65, 0x84, 0xB5, 0xEE, 0xB5, 0x8A,
       0x51, 0x0C, 0x42, 0x75, 0xB0, 0xE5, 0xF9, 0x4F, 0x40, 0xBB, 0xAE, 0x86, 0x5E, 0x19, 0xF6, 0x73 },
       13 /* Bin Number */
   },
   {
-    /* TrustCor_RootCert_CA_1 */
-    { 0xD4, 0x0E, 0x9C, 0x86, 0xCD, 0x8F, 0xE4, 0x68, 0xC1, 0x77, 0x69, 0x59, 0xF4, 0x9E, 0xA7, 0x74,
-      0xFA, 0x54, 0x86, 0x84, 0xB6, 0xC4, 0x06, 0xF3, 0x90, 0x92, 0x61, 0xF4, 0xDC, 0xE2, 0x57, 0x5C },
-      190 /* Bin Number */
-  },
-  {
     /* Staat_der_Nederlanden_Root_CA */
     { 0xD4, 0x1D, 0x82, 0x9E, 0x8C, 0x16, 0x59, 0x82, 0x2A, 0xF9, 0x3F, 0xCE, 0x62, 0xBF, 0xFC, 0xDE,
       0x26, 0x4F, 0xC8, 0x4E, 0x8B, 0x95, 0x0C, 0x5F, 0xF2, 0x75, 0xD0, 0x52, 0x35, 0x46, 0x95, 0xA3 },
       36 /* Bin Number */
   },
   {
     /* Certification_Authority_of_WoSign_G2 */
     { 0xD4, 0x87, 0xA5, 0x6F, 0x83, 0xB0, 0x74, 0x82, 0xE8, 0x5E, 0x96, 0x33, 0x94, 0xC1, 0xEC, 0xC2,
--- a/security/manager/tools/KnownRootHashes.json
+++ b/security/manager/tools/KnownRootHashes.json
@@ -943,52 +943,12 @@
       "label": "LuxTrust_Global_Root_2",
       "binNumber": 187,
       "sha256Fingerprint": "VEVfcSnCCxRHxBj5lxaPJMWPxQI79dpb4utuHdiQLtU="
     },
     {
       "label": "TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi___Surum_1",
       "binNumber": 188,
       "sha256Fingerprint": "Ru3DaJBG1TpFP7MQSrgNyuxliyZg6hYp3X6GeZBkhxY="
-    },
-    {
-      "label": "GDCA_TrustAUTH_R5_ROOT",
-      "binNumber": 189,
-      "sha256Fingerprint": "v/+P0EQzSH1qiqYMGil2ep/Cu7BeQg9xOhO5kokdOJM="
-    },
-    {
-      "label": "TrustCor_RootCert_CA_1",
-      "binNumber": 190,
-      "sha256Fingerprint": "1A6chs2P5GjBd2lZ9J6ndPpUhoS2xAbzkJJh9NziV1w="
-    },
-    {
-      "label": "TrustCor_RootCert_CA_2",
-      "binNumber": 191,
-      "sha256Fingerprint": "B1PpQDeMG9Xjg245Xa6ly4OeUEbxvQ6uGVHPEP7HyWU="
-    },
-    {
-      "label": "TrustCor_ECA_1",
-      "binNumber": 192,
-      "sha256Fingerprint": "WohdsZwB2RLFdZOIk4yvu98DGrLUjpHuFVibQpcdA5w="
-    },
-    {
-      "label": "SSL_com_Root_Certification_Authority_RSA",
-      "binNumber": 193,
-      "sha256Fingerprint": "hWZqVi7gvlzpJcHYiQpvdqh+wW1NfV8p6nQZzyASO2k="
-    },
-    {
-      "label": "SSL_com_Root_Certification_Authority_ECC",
-      "binNumber": 194,
-      "sha256Fingerprint": "NBe7BsxgB9oblhySC4q0zj+tgg5Kowuay8SnTr3OvGU="
-    },
-    {
-      "label": "SSL_com_EV_Root_Certification_Authority_RSA_R2",
-      "binNumber": 195,
-      "sha256Fingerprint": "LnvxbMIkhae74qqGlnUHYbCuOb47L+nQzG1O9zSRQlw="
-    },
-    {
-      "label": "SSL_com_EV_Root_Certification_Authority_ECC",
-      "binNumber": 196,
-      "sha256Fingerprint": "IqLB973tcEzB5wG19AjDEIgP6Va13ipKRPmchzolp8g="
     }
   ],
-  "maxBin": 196
+  "maxBin": 188
 }
\ No newline at end of file
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-ff7594d3dc94
+NSS_3_34_BETA5
--- a/security/nss/automation/abi-check/expected-report-libnss3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libnss3.so.txt
@@ -0,0 +1,11 @@
+Functions changes summary: 0 Removed, 0 Changed, 4 Added functions
+Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
+
+4 Added functions:
+
+  'function SECItem* SEC_CreateSignatureAlgorithmParameters(SECItem*, SECOidTag, SECOidTag, const SECItem*, const SECKEYPrivateKey*)'    {SEC_CreateSignatureAlgorithmParameters@@NSS_3.34}
+  'function SECStatus SEC_DerSignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)'    {SEC_DerSignDataWithAlgorithmID@@NSS_3.34}
+  'function SECStatus SEC_SignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)'    {SEC_SignDataWithAlgorithmID@@NSS_3.34}
+  'function void SGN_NewContextWithAlgorithmID(SECAlgorithmID*, SECKEYPrivateKey*)'    {SGN_NewContextWithAlgorithmID@@NSS_3.34}
+
+
--- a/security/nss/automation/abi-check/expected-report-libssl3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libssl3.so.txt
@@ -0,0 +1,15 @@
+Functions changes summary: 0 Removed, 1 Changed, 0 Added function
+Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
+
+1 function with some indirect sub-type change:
+
+  [C]'function SECStatus SSL_GetChannelInfo(SSLChannelInfo*, PRUintn)' at sslinfo.c:26:1 has some indirect sub-type changes:
+    parameter 1 of type 'SSLChannelInfo*' has sub-type changes:
+      in pointed to type 'typedef SSLChannelInfo' at sslt.h:288:1:
+        underlying type 'struct SSLChannelInfoStr' at sslt.h:229:1 changed:
+          type size changed from 896 to 960 bits
+          2 data member insertions:
+            'SSLNamedGroup SSLChannelInfoStr::originalKeaGroup', at offset 864 (in bits) at sslt.h:281:1
+            'PRBool SSLChannelInfoStr::resumed', at offset 896 (in bits) at sslt.h:284:1
+
+
--- a/security/nss/automation/abi-check/previous-nss-release
+++ b/security/nss/automation/abi-check/previous-nss-release
@@ -1,1 +1,1 @@
-NSS_3_34_BRANCH
+NSS_3_33_BRANCH
--- a/security/nss/automation/taskcluster/docker-hacl/Dockerfile
+++ b/security/nss/automation/taskcluster/docker-hacl/Dockerfile
@@ -1,67 +1,70 @@
 FROM ubuntu:xenial
 
 MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
 # Based on the HACL* image from Benjamin Beurdouche and
 # the original F* formula with Daniel Fabian
 
-# Pinned versions of HACL* (F* and KreMLin are pinned as submodules)
+# Pinned versions of HaCl* (F* and KreMLin are pinned as submodules)
 ENV haclrepo https://github.com/mitls/hacl-star.git
 
 # Define versions of dependencies
 ENV opamv 4.04.2
-ENV haclversion daa7e159f0adf252b5e6962967bc0f27dbac243b
+ENV z3v 4.5.1.1f29cebd4df6-x64-ubuntu-14.04
+ENV haclversion 0030539598cde15d1a0e5f93b32e121f7b7b5a1c
+ENV haclbranch production-nss
 
 # Install required packages and set versions
 RUN apt-get -qq update
-RUN apt-get install --yes sudo libssl-dev libsqlite3-dev g++-5 gcc-5 m4 make opam pkg-config python libgmp3-dev cmake curl libtool-bin autoconf wget
+RUN apt-get install --yes sudo libssl-dev libsqlite3-dev g++-5 gcc-5 m4 make opam pkg-config python libgmp3-dev cmake curl libtool-bin autoconf
 RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 200
 RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 200
 
 # Create user
 RUN useradd -ms /bin/bash worker
 RUN echo "worker ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
 WORKDIR /home/worker
 
 # Add build and test scripts.
 ADD bin /home/worker/bin
 RUN chmod +x /home/worker/bin/*
 USER worker
 
+# Add "known-good" version of Z3
+RUN curl -LO https://github.com/FStarLang/binaries/raw/master/z3-tested/z3-${z3v}.zip
+RUN unzip z3-${z3v}.zip
+RUN rm z3-${z3v}.zip
+RUN mv z3-${z3v} z3
+ENV PATH "/home/worker/z3/bin:$PATH"
+
 # Prepare build (OCaml packages)
 ENV OPAMYES true
 RUN opam init
 RUN echo ". /home/worker/.opam/opam-init/init.sh > /dev/null 2> /dev/null || true" >> .bashrc
 RUN opam switch -v ${opamv}
 RUN opam install ocamlfind batteries sqlite3 fileutils yojson ppx_deriving_yojson zarith pprint menhir ulex process fix wasm stdint
 
-# Get the HACL* code
+# Get the HaCl* code
 RUN git clone ${haclrepo} hacl-star
 RUN git -C hacl-star checkout ${haclversion}
 
 # Prepare submodules, and build, verify, test, and extract c code
-# This caches the extracted c code (pins the HACL* version). All we need to do
+# This caches the extracted c code (pins the HaCl* version). All we need to do
 # on CI now is comparing the code in this docker image with the one in NSS.
-RUN opam config exec -- make -C hacl-star prepare -j$(nproc)
-ENV PATH "/home/worker/hacl-star/dependencies/z3/bin:$PATH"
-RUN make -C hacl-star verify-nss -j$(nproc)
-RUN make -C hacl-star -f Makefile.build snapshots/nss -j$(nproc)
-RUN KOPTS="-funroll-loops 5" make -C hacl-star/code/curve25519 test -j$(nproc)
-RUN make -C hacl-star/code/salsa-family test -j$(nproc)
+RUN opam config exec -- make -C hacl-star nss -j$(nproc)
 
 # Get clang-format-3.9
 RUN curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
 RUN curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
 # Verify the signature.
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
 RUN gpg --verify *.tar.xz.sig
 # Install into /usr/local/.
 RUN sudo tar xJvf *.tar.xz -C /usr/local --strip-components=1
 # Cleanup.
 RUN rm *.tar.xz*
 
 # Cleanup
 RUN rm -rf ~/.ccache ~/.cache
-RUN rm -rf /home/worker/hacl-star/dependencies
 RUN sudo apt-get autoremove -y
 RUN sudo apt-get clean
 RUN sudo apt-get autoclean
--- a/security/nss/automation/taskcluster/scripts/run_hacl.sh
+++ b/security/nss/automation/taskcluster/scripts/run_hacl.sh
@@ -8,24 +8,17 @@ fi
 
 set -e -x -v
 
 # The docker image this is running in has the HACL* and NSS sources.
 # The extracted C code from HACL* is already generated and the HACL* tests were
 # successfully executed.
 
 # Format the extracted C code.
-cd ~/hacl-star/snapshots/nss
+cd ~/hacl-star/snapshots/nss-production
 cp ~/nss/.clang-format .
 find . -type f -name '*.[ch]' -exec clang-format -i {} \+
 
 # These diff commands will return 1 if there are differences and stop the script.
 files=($(find ~/nss/lib/freebl/verified/ -type f -name '*.[ch]'))
 for f in "${files[@]}"; do
     diff $f $(basename "$f")
 done
-
-# Check that the specs didn't change either.
-cd ~/hacl-star/specs
-files=($(find ~/nss/lib/freebl/verified/specs -type f))
-for f in "${files[@]}"; do
-    diff $f $(basename "$f")
-done
--- a/security/nss/automation/taskcluster/windows/releng.manifest
+++ b/security/nss/automation/taskcluster/windows/releng.manifest
@@ -1,15 +1,15 @@
 [
   {
-    "version": "Visual Studio 2017 15.4.2 / SDK 10.0.15063.0",
-    "size": 303146863,
-    "digest": "18700889e6b5e81613b9cf57ce4e0d46a6ee45bb4c5c33bae2604a5275326128775b8a032a1eb178c5db973746d565340c4e36d98375789e1d5bd836ab16ba58",
+    "version": "Visual Studio 2015 Update 3 14.0.25425.01 / SDK 10.0.14393.0",
+    "size": 326656969,
+    "digest": "babc414ffc0457d27f5a1ed24a8e4873afbe2f1c1a4075469a27c005e1babc3b2a788f643f825efedff95b79686664c67ec4340ed535487168a3482e68559bc7",
     "algorithm": "sha512",
-    "filename": "vs2017_15.4.2.zip",
+    "filename": "vs2015u3.zip",
     "unpack": true
   },
   {
     "version": "Ninja 1.7.1",
     "size": 184821,
     "digest": "e4f9a1ae624a2630e75264ba37d396d9c7407d6e6aea3763056210ba6e1387908bd31cf4037a6a3661a418e86c4d2761e0c333e6a3bd0d66549d2b0d72d3f43b",
     "algorithm": "sha512",
     "filename": "ninja171.zip",
--- a/security/nss/automation/taskcluster/windows/setup.sh
+++ b/security/nss/automation/taskcluster/windows/setup.sh
@@ -1,18 +1,18 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-export VSPATH="$(pwd)/vs2017_15.4.2"
+export VSPATH="$(pwd)/vs2015u3"
 export NINJA_PATH="$(pwd)/ninja/bin"
 
 export WINDOWSSDKDIR="${VSPATH}/SDK"
 export VS90COMNTOOLS="${VSPATH}/VC"
-export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.15063.0/ucrt:${VSPATH}/SDK/Include/10.0.15063.0/shared:${VSPATH}/SDK/Include/10.0.15063.0/um"
+export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.14393.0/ucrt:${VSPATH}/SDK/Include/10.0.14393.0/shared:${VSPATH}/SDK/Include/10.0.14393.0/um"
 
 # Usage: hg_clone repo dir [revision=@]
 hg_clone() {
     repo=$1
     dir=$2
     rev=${3:-@}
     for i in 0 2 5; do
         sleep $i
--- a/security/nss/automation/taskcluster/windows/setup32.sh
+++ b/security/nss/automation/taskcluster/windows/setup32.sh
@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
 source $(dirname $0)/setup.sh
 
-export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x86/Microsoft.VC141.CRT"
+export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x86/Microsoft.VC140.CRT"
 export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x86"
-export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/Hostx64/x86:${VSPATH}/VC/bin/Hostx64/x64:${VSPATH}/VC/Hostx86/x86:${VSPATH}/SDK/bin/10.0.15063.0/x64:${VSPATH}/VC/redist/x86/Microsoft.VC141.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x86:${PATH}"
-export LIB="${VSPATH}/VC/lib/x86:${VSPATH}/SDK/lib/10.0.15063.0/ucrt/x86:${VSPATH}/SDK/lib/10.0.15063.0/um/x86"
+export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/amd64_x86:${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x86:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x86/Microsoft.VC140.CRT:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x86:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
+export LIB="${VSPATH}/VC/lib:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x86:${VSPATH}/SDK/lib/10.0.14393.0/um/x86"
--- a/security/nss/automation/taskcluster/windows/setup64.sh
+++ b/security/nss/automation/taskcluster/windows/setup64.sh
@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
 source $(dirname $0)/setup.sh
 
-export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC141.CRT"
+export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
 export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
-export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/Hostx64/x64:${VSPATH}/VC/bin/Hostx86/x86:${VSPATH}/SDK/bin/10.0.15063.0/x64:${VSPATH}/VC/redist/x64/Microsoft.VC141.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
-export LIB="${VSPATH}/VC/lib/x64:${VSPATH}/SDK/lib/10.0.15063.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.15063.0/um/x64"
+export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
+export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.14393.0/um/x64"
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -63,17 +63,16 @@ if [ "$arch" = "x64" -o "$arch" = "aarch
 elif [ "$arch" = "arm" ]; then
     armhf=1
 fi
 
 # parse command line arguments
 while [ $# -gt 0 ]; do
     case $1 in
         -c) clean=1 ;;
-        -cc) clean_only=1 ;;
         --gyp|-g) rebuild_gyp=1 ;;
         --nspr) nspr_clean; rebuild_nspr=1 ;;
         -j) ninja_params+=(-j "$2"); shift ;;
         -v) ninja_params+=(-v); verbose=1 ;;
         --test) gyp_params+=(-Dtest_build=1) ;;
         --clang) export CC=clang; export CCC=clang++; export CXX=clang++ ;;
         --gcc) export CC=gcc; export CCC=g++; export CXX=g++ ;;
         --fuzz) fuzz=1 ;;
@@ -120,25 +119,20 @@ fi
 # set paths
 target_dir="$cwd"/out/$target
 mkdir -p "$target_dir"
 dist_dir="$cwd"/../dist
 dist_dir=$(mkdir -p "$dist_dir"; cd "$dist_dir"; pwd -P)
 gyp_params+=(-Dnss_dist_dir="$dist_dir")
 
 # -c = clean first
-if [ "$clean" = 1 -o "$clean_only" = 1 ]; then
+if [ "$clean" = 1 ]; then
     nspr_clean
     rm -rf "$cwd"/out
     rm -rf "$dist_dir"
-    # -cc = only clean, don't build
-    if [ "$clean_only" = 1 ]; then
-        echo "Cleaned"
-        exit 0
-    fi
 fi
 
 # This saves a canonical representation of arguments that we are passing to gyp
 # or the NSPR build so that we can work out if a rebuild is needed.
 # Caveat: This can fail for arguments that are position-dependent.
 # e.g., "-e 2 -f 1" and "-e 1 -f 2" canonicalize the same.
 check_config()
 {
--- a/security/nss/cmd/fipstest/runtest.sh
+++ b/security/nss/cmd/fipstest/runtest.sh
@@ -2,13 +2,16 @@
 # 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 TESTDIR=${1-.}
 COMMAND=${2-run}
 TESTS="aes aesgcm dsa ecdsa hmac tls rng rsa sha tdea"
+if [ ${NSS_ENABLE_ECC}x = 1x ]; then
+   TESTS=${TESTS} ecdsa
+fi
 for i in $TESTS
 do
     echo "********************Running $i tests"
     sh ./${i}.sh ${TESTDIR} ${COMMAND}
 done
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -235,18 +235,17 @@ SECU_GetModulePassword(PK11SlotInfo *slo
                     PK11_GetTokenName(slot));
             return SECU_GetPasswordString(NULL, prompt);
         case PW_FROMFILE:
             return SECU_FilePasswd(slot, retry, pwdata->data);
         case PW_EXTERNAL:
             sprintf(prompt,
                     "Press Enter, then enter PIN for \"%s\" on external device.\n",
                     PK11_GetTokenName(slot));
-            char *pw = SECU_GetPasswordString(NULL, prompt);
-            PORT_Free(pw);
+            (void)SECU_GetPasswordString(NULL, prompt);
         /* Fall Through */
         case PW_PLAINTEXT:
             return PL_strdup(pwdata->data);
         default:
             break;
     }
 
     PR_fprintf(PR_STDERR, "Password check failed:  No password found.\n");
@@ -1188,17 +1187,17 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
                 SECU_Indent(out, level + 1);
                 fprintf(out, "Invalid mask generation algorithm parameters\n");
             }
         }
         if (!param.saltLength.data) {
             SECU_Indent(out, level + 1);
             fprintf(out, "Salt length: default, %i (0x%2X)\n", 20, 20);
         } else {
-            SECU_PrintInteger(out, &param.saltLength, "Salt length", level + 1);
+            SECU_PrintInteger(out, &param.saltLength, "Salt Length", level + 1);
         }
     } else {
         SECU_Indent(out, level + 1);
         fprintf(out, "Invalid RSA-PSS parameters\n");
     }
     PORT_FreeArena(pool, PR_FALSE);
 }
 
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -723,17 +723,17 @@ ChangePW(char *tokenName, char *pwFile, 
     if (!PK11_NeedUserInit(slot)) {
         if (pwFile) {
             oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile);
             if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
                 PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
                 ret = BAD_PW_ERR;
                 goto loser;
             }
-        } else if (PK11_NeedLogin(slot)) {
+        } else {
             for (matching = PR_FALSE; !matching;) {
                 oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
                 if (PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
                     matching = PR_TRUE;
                 } else {
                     PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
                 }
             }
--- a/security/nss/cmd/rsapoptst/rsapoptst.c
+++ b/security/nss/cmd/rsapoptst/rsapoptst.c
@@ -211,17 +211,17 @@ rsaKeysAreEqual(PK11ObjectType srcType, 
     memcpy(srcTemplate, rsaTemplate, RSA_SIZE);
     memcpy(destTemplate, rsaTemplate, RSA_SIZE);
 
     rv = readKey(srcType, src, srcTemplate, 0, RSA_ATTRIBUTES);
     if (rv != SECSuccess) {
         printf("Could read source key\n");
         return PR_FALSE;
     }
-    rv = readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
+    readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
     if (rv != SECSuccess) {
         printf("Could read dest key\n");
         return PR_FALSE;
     }
 
     for (i = 0; i < RSA_ATTRIBUTES; i++) {
         if (srcTemplate[i].type == CKA_ID) {
             continue; /* we purposefully make the CKA_ID different */
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -2544,24 +2544,16 @@ main(int argc, char **argv)
     }
 
     envString = PR_GetEnvSecure(envVarName);
     tmp = PR_GetEnvSecure("TMP");
     if (!tmp)
         tmp = PR_GetEnvSecure("TMPDIR");
     if (!tmp)
         tmp = PR_GetEnvSecure("TEMP");
-
-    /* Call the NSS initialization routines */
-    rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
-    if (rv != SECSuccess) {
-        fputs("NSS_Init failed.\n", stderr);
-        exit(8);
-    }
-
     if (envString) {
         /* we're one of the children in a multi-process server. */
         listen_sock = PR_GetInheritedFD(inheritableSockName);
         if (!listen_sock)
             errExit("PR_GetInheritedFD");
 #ifndef WINNT
         /* we can't do this on NT because it breaks NSPR and
     PR_Accept will fail on the socket in the child process if
@@ -2606,16 +2598,23 @@ main(int argc, char **argv)
     lm = PR_NewLogModule("TestCase");
 
     if (fileName)
         readBigFile(fileName);
 
     /* set our password function */
     PK11_SetPasswordFunc(SECU_GetModulePassword);
 
+    /* Call the NSS initialization routines */
+    rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
+    if (rv != SECSuccess) {
+        fputs("NSS_Init failed.\n", stderr);
+        exit(8);
+    }
+
     /* all SSL3 cipher suites are enabled by default. */
     if (cipherString) {
         char *cstringSaved = cipherString;
         int ndx;
 
         /* disable all the ciphers, then enable the ones we want. */
         disableAllSSLCiphers();
 
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/gtests/common/util.h
+++ b/security/nss/gtests/common/util.h
@@ -5,17 +5,17 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef util_h__
 #define util_h__
 
 #include <cassert>
 #include <vector>
 
-static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
   std::vector<uint8_t> bytes;
   for (size_t i = 0; i < s.length(); i += 2) {
     bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
   }
   return bytes;
 }
 
 #endif  // util_h__
--- a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
+++ b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
@@ -28,17 +28,16 @@
     {
       'target_name': 'freebl_gtest',
       'type': 'executable',
       'sources': [
         'mpi_unittest.cc',
         'dh_unittest.cc',
         'ecl_unittest.cc',
         'ghash_unittest.cc',
-        'rsa_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
         'freebl_gtest_deps',
         '<(DEPTH)/exports.gyp:nss_exports',
       ],
     },
     {
deleted file mode 100644
--- a/security/nss/gtests/freebl_gtest/rsa_unittest.cc
+++ /dev/null
@@ -1,57 +0,0 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#include "gtest/gtest.h"
-
-#include <stdint.h>
-
-#include "blapi.h"
-#include "secitem.h"
-
-template <class T>
-struct ScopedDelete {
-  void operator()(T* ptr) {
-    if (ptr) {
-      PORT_FreeArena(ptr->arena, PR_TRUE);
-    }
-  }
-};
-
-typedef std::unique_ptr<RSAPrivateKey, ScopedDelete<RSAPrivateKey>>
-    ScopedRSAPrivateKey;
-
-class RSANewKeyTest : public ::testing::Test {
- protected:
-  RSAPrivateKey* CreateKeyWithExponent(int keySizeInBits,
-                                       unsigned char publicExponent) {
-    SECItem exp = {siBuffer, 0, 0};
-    unsigned char pubExp[1] = {publicExponent};
-    exp.data = pubExp;
-    exp.len = 1;
-
-    return RSA_NewKey(keySizeInBits, &exp);
-  }
-};
-
-TEST_F(RSANewKeyTest, expOneTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x01));
-  ASSERT_TRUE(key == nullptr);
-}
-TEST_F(RSANewKeyTest, expTwoTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x02));
-  ASSERT_TRUE(key == nullptr);
-}
-TEST_F(RSANewKeyTest, expFourTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x04));
-  ASSERT_TRUE(key == nullptr);
-}
-TEST_F(RSANewKeyTest, WrongKeysizeTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2047, 0x03));
-  ASSERT_TRUE(key == nullptr);
-}
-
-TEST_F(RSANewKeyTest, expThreeTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));
-  ASSERT_TRUE(key != nullptr);
-}
--- a/security/nss/gtests/pk11_gtest/manifest.mn
+++ b/security/nss/gtests/pk11_gtest/manifest.mn
@@ -6,17 +6,16 @@ CORE_DEPTH = ../..
 DEPTH      = ../..
 MODULE = nss
 
 CPPSRCS = \
       pk11_aeskeywrap_unittest.cc \
       pk11_chacha20poly1305_unittest.cc \
       pk11_curve25519_unittest.cc \
       pk11_ecdsa_unittest.cc \
-      pk11_encrypt_derive_unittest.cc \
       pk11_export_unittest.cc \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \
       pk11_prng_unittest.cc \
       pk11_rsapss_unittest.cc \
       pk11_der_private_key_import_unittest.cc \
       $(NULL)
 
deleted file mode 100644
--- a/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
+++ /dev/null
@@ -1,210 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "pk11pub.h"
-#include "nssutil.h"
-#include <stdio.h>
-#include "prerror.h"
-#include "nss.h"
-#include "gtest/gtest.h"
-#include "scoped_ptrs.h"
-#include "cpputil.h"
-#include "databuffer.h"
-#include "util.h"
-
-#define MAX_KEY_SIZE 24
-
-namespace nss_test {
-
-static const uint8_t kIv[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-                              0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
-                              0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
-static const uint8_t kInput[] = {
-    0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 0xff, 0xee, 0xdd, 0xcc,
-    0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00};
-
-class EncryptDeriveTest
-    : public ::testing::Test,
-      public ::testing::WithParamInterface<CK_MECHANISM_TYPE> {
- public:
-  void TestEncryptDerive() {
-    ScopedPK11SymKey derived_key(PK11_Derive(key_.get(), derive_mech(),
-                                             derive_param(), encrypt_mech(),
-                                             CKA_DECRYPT, keysize()));
-    ASSERT_TRUE(derived_key);
-
-    uint8_t derived_key_data[MAX_KEY_SIZE];
-    ASSERT_GE(sizeof(derived_key_data), keysize());
-    GetKeyData(derived_key, derived_key_data, keysize());
-    RemoveChecksum(derived_key_data);
-
-    uint8_t reference_key_data[MAX_KEY_SIZE];
-    unsigned int reference_len = 0;
-    SECStatus rv = PK11_Encrypt(key_.get(), encrypt_mech(), encrypt_param(),
-                                reference_key_data, &reference_len, keysize(),
-                                kInput, keysize());
-    ASSERT_EQ(SECSuccess, rv);
-    ASSERT_EQ(keysize(), static_cast<size_t>(reference_len));
-    RemoveChecksum(reference_key_data);
-
-    EXPECT_EQ(DataBuffer(reference_key_data, keysize()),
-              DataBuffer(derived_key_data, keysize()));
-  }
-
- protected:
-  unsigned int keysize() const { return 16; }
-
- private:
-  CK_MECHANISM_TYPE encrypt_mech() const { return GetParam(); }
-
-  CK_MECHANISM_TYPE derive_mech() const {
-    switch (encrypt_mech()) {
-      case CKM_DES3_ECB:
-        return CKM_DES3_ECB_ENCRYPT_DATA;
-      case CKM_DES3_CBC:
-        return CKM_DES3_CBC_ENCRYPT_DATA;
-      case CKM_AES_ECB:
-        return CKM_AES_ECB_ENCRYPT_DATA;
-      case CKM_AES_CBC:
-        return CKM_AES_CBC_ENCRYPT_DATA;
-      case CKM_CAMELLIA_ECB:
-        return CKM_CAMELLIA_ECB_ENCRYPT_DATA;
-      case CKM_CAMELLIA_CBC:
-        return CKM_CAMELLIA_CBC_ENCRYPT_DATA;
-      case CKM_SEED_ECB:
-        return CKM_SEED_ECB_ENCRYPT_DATA;
-      case CKM_SEED_CBC:
-        return CKM_SEED_CBC_ENCRYPT_DATA;
-      default:
-        ADD_FAILURE() << "Unknown mechanism";
-        break;
-    }
-    return CKM_INVALID_MECHANISM;
-  }
-
-  SECItem* derive_param() const {
-    static CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_data;
-    static CK_DES_CBC_ENCRYPT_DATA_PARAMS des_data;
-    static CK_KEY_DERIVATION_STRING_DATA string_data;
-    static SECItem param = {siBuffer, NULL, 0};
-
-    switch (encrypt_mech()) {
-      case CKM_DES3_ECB:
-      case CKM_AES_ECB:
-      case CKM_CAMELLIA_ECB:
-      case CKM_SEED_ECB:
-        string_data.pData = toUcharPtr(kInput);
-        string_data.ulLen = keysize();
-        param.data = reinterpret_cast<uint8_t*>(&string_data);
-        param.len = sizeof(string_data);
-        break;
-
-      case CKM_DES3_CBC:
-        des_data.pData = toUcharPtr(kInput);
-        des_data.length = keysize();
-        PORT_Memcpy(des_data.iv, kIv, 8);
-        param.data = reinterpret_cast<uint8_t*>(&des_data);
-        param.len = sizeof(des_data);
-        break;
-
-      case CKM_AES_CBC:
-      case CKM_CAMELLIA_CBC:
-      case CKM_SEED_CBC:
-        aes_data.pData = toUcharPtr(kInput);
-        aes_data.length = keysize();
-        PORT_Memcpy(aes_data.iv, kIv, keysize());
-        param.data = reinterpret_cast<uint8_t*>(&aes_data);
-        param.len = sizeof(aes_data);
-        break;
-
-      default:
-        ADD_FAILURE() << "Unknown mechanism";
-        break;
-    }
-    return &param;
-  }
-
-  SECItem* encrypt_param() const {
-    static SECItem param = {siBuffer, NULL, 0};
-
-    switch (encrypt_mech()) {
-      case CKM_DES3_ECB:
-      case CKM_AES_ECB:
-      case CKM_CAMELLIA_ECB:
-      case CKM_SEED_ECB:
-        // No parameter needed here.
-        break;
-
-      case CKM_DES3_CBC:
-      case CKM_AES_CBC:
-      case CKM_CAMELLIA_CBC:
-      case CKM_SEED_CBC:
-        param.data = toUcharPtr(kIv);
-        param.len = keysize();
-        break;
-
-      default:
-        ADD_FAILURE() << "Unknown mechanism";
-        break;
-    }
-    return &param;
-  }
-
-  virtual void SetUp() {
-    slot_.reset(PK11_GetBestSlot(derive_mech(), NULL));
-    ASSERT_TRUE(slot_);
-
-    key_.reset(PK11_TokenKeyGenWithFlags(slot_.get(), encrypt_mech(), NULL,
-                                         keysize(), NULL,
-                                         CKF_ENCRYPT | CKF_DERIVE, 0, NULL));
-    ASSERT_TRUE(key_);
-  }
-
-  void GetKeyData(ScopedPK11SymKey& key, uint8_t* buf, size_t max_len) const {
-    ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(key.get()));
-    SECItem* data = PK11_GetKeyData(key.get());
-    ASSERT_TRUE(data);
-    ASSERT_EQ(max_len, static_cast<size_t>(data->len));
-    PORT_Memcpy(buf, data->data, data->len);
-  }
-
-  // Remove checksum if the key is a 3DES key.
-  void RemoveChecksum(uint8_t* key_data) const {
-    if (encrypt_mech() != CKM_DES3_CBC && encrypt_mech() != CKM_DES3_ECB) {
-      return;
-    }
-    for (size_t i = 0; i < keysize(); ++i) {
-      key_data[i] &= 0xfe;
-    }
-  }
-
-  ScopedPK11SlotInfo slot_;
-  ScopedPK11SymKey key_;
-};
-
-TEST_P(EncryptDeriveTest, Test) { TestEncryptDerive(); }
-
-static const CK_MECHANISM_TYPE kEncryptDeriveMechanisms[] = {
-    CKM_DES3_ECB,     CKM_DES3_CBC,     CKM_AES_ECB,  CKM_AES_ECB, CKM_AES_CBC,
-    CKM_CAMELLIA_ECB, CKM_CAMELLIA_CBC, CKM_SEED_ECB, CKM_SEED_CBC};
-
-INSTANTIATE_TEST_CASE_P(EncryptDeriveTests, EncryptDeriveTest,
-                        ::testing::ValuesIn(kEncryptDeriveMechanisms));
-
-// This class handles the case where 3DES takes a 192-bit key
-// where all 24 octets will be used.
-class EncryptDerive3Test : public EncryptDeriveTest {
- protected:
-  unsigned int keysize() const { return 24; }
-};
-
-TEST_P(EncryptDerive3Test, Test) { TestEncryptDerive(); }
-
-static const CK_MECHANISM_TYPE kDES3EncryptDeriveMechanisms[] = {CKM_DES3_ECB,
-                                                                 CKM_DES3_CBC};
-
-INSTANTIATE_TEST_CASE_P(Encrypt3DeriveTests, EncryptDerive3Test,
-                        ::testing::ValuesIn(kDES3EncryptDeriveMechanisms));
-
-}  // namespace nss_test
--- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -11,17 +11,16 @@
       'target_name': 'pk11_gtest',
       'type': 'executable',
       'sources': [
         'pk11_aeskeywrap_unittest.cc',
         'pk11_aes_gcm_unittest.cc',
         'pk11_chacha20poly1305_unittest.cc',
         'pk11_curve25519_unittest.cc',
         'pk11_ecdsa_unittest.cc',
-        'pk11_encrypt_derive_unittest.cc',
         'pk11_pbkdf2_unittest.cc',
         'pk11_prf_unittest.cc',
         'pk11_prng_unittest.cc',
         'pk11_rsapss_unittest.cc',
         'pk11_der_private_key_import_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
--- a/security/nss/help.txt
+++ b/security/nss/help.txt
@@ -1,25 +1,24 @@
-Usage: build.sh [-hcv] [-cc] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
+Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
                 [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
                 [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
                 [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
                 [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
                 [--enable-fips]
 
 This script builds NSS with gyp and ninja.
 
 This build system is still under development.  It does not yet support all
 the features or platforms that NSS supports.
 
 NSS build tool options:
 
     -h               display this help and exit
     -c               clean before build
-    -cc              clean without building
     -v               verbose build
     -j <n>           run at most <n> concurrent jobs
     --nspr           force a rebuild of NSPR
     --gyp|-g         force a rerun of gyp
     --opt|-o         do an opt build
     -m32             do a 32-bit build on a 64-bit system
     --clang          build with clang and clang++
     --gcc            build with gcc and g++
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -64,16 +64,44 @@
 #
 BEGINDATA
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Mozilla Builtin Roots"
 
+# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 1407252 (0x157914)
+# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
+# Not Valid Before: Mon Feb 01 14:54:04 2010
+# Not Valid After : Tue Sep 30 00:00:00 2014
+# Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC
+# Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
+\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
+\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
+\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\025\171\024
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
 #
 # Certificate "GlobalSign Root CA"
 #
 # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
 # Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94
 # Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
 # Not Valid Before: Tue Sep 01 12:00:00 1998
 # Not Valid After : Fri Jan 28 12:00:00 2028
@@ -2280,135 +2308,16 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \034\142
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Certum Root CA"
-#
-# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
-# Serial Number: 65568 (0x10020)
-# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
-# Not Valid Before: Tue Jun 11 10:46:39 2002
-# Not Valid After : Fri Jun 11 10:46:39 2027
-# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
-# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certum Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
-\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
-\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
-\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
-\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
-\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
-\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\003\001\000\040
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\014\060\202\001\364\240\003\002\001\002\002\003\001
-\000\040\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114
-\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145
-\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060
-\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103
-\101\060\036\027\015\060\062\060\066\061\061\061\060\064\066\063
-\071\132\027\015\062\067\060\066\061\061\061\060\064\066\063\071
-\132\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114
-\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145
-\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060
-\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103
-\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
-\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
-\001\000\316\261\301\056\323\117\174\315\045\316\030\076\117\304
-\214\157\200\152\163\310\133\121\370\233\322\334\273\000\134\261
-\240\374\165\003\356\201\360\210\356\043\122\351\346\025\063\215
-\254\055\011\305\166\371\053\071\200\211\344\227\113\220\245\250
-\170\370\163\103\173\244\141\260\330\130\314\341\154\146\176\234
-\363\011\136\125\143\204\325\250\357\363\261\056\060\150\263\304
-\074\330\254\156\215\231\132\220\116\064\334\066\232\217\201\210
-\120\267\155\226\102\011\363\327\225\203\015\101\113\260\152\153
-\370\374\017\176\142\237\147\304\355\046\137\020\046\017\010\117
-\360\244\127\050\316\217\270\355\105\366\156\356\045\135\252\156
-\071\276\344\223\057\331\107\240\162\353\372\246\133\257\312\123
-\077\342\016\306\226\126\021\156\367\351\146\251\046\330\177\225
-\123\355\012\205\210\272\117\051\245\102\214\136\266\374\205\040
-\000\252\150\013\241\032\205\001\234\304\106\143\202\210\266\042
-\261\356\376\252\106\131\176\317\065\054\325\266\332\135\367\110
-\063\024\124\266\353\331\157\316\315\210\326\253\033\332\226\073
-\035\131\002\003\001\000\001\243\023\060\021\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011
-\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
-\270\215\316\357\347\024\272\317\356\260\104\222\154\264\071\076
-\242\204\156\255\270\041\167\322\324\167\202\207\346\040\101\201
-\356\342\370\021\267\143\321\027\067\276\031\166\044\034\004\032
-\114\353\075\252\147\157\055\324\315\376\145\061\160\305\033\246
-\002\012\272\140\173\155\130\302\232\111\376\143\062\013\153\343
-\072\300\254\253\073\260\350\323\011\121\214\020\203\306\064\340
-\305\053\340\032\266\140\024\047\154\062\167\214\274\262\162\230
-\317\315\314\077\271\310\044\102\024\326\127\374\346\046\103\251
-\035\345\200\220\316\003\124\050\076\367\077\323\370\115\355\152
-\012\072\223\023\233\073\024\043\023\143\234\077\321\207\047\171
-\345\114\121\343\001\255\205\135\032\073\261\325\163\020\244\323
-\362\274\156\144\365\132\126\220\250\307\016\114\164\017\056\161
-\073\367\310\107\364\151\157\025\362\021\136\203\036\234\174\122
-\256\375\002\332\022\250\131\147\030\333\274\160\335\233\261\151
-\355\200\316\211\100\110\152\016\065\312\051\146\025\041\224\054
-\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Certum Root CA"
-# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
-# Serial Number: 65568 (0x10020)
-# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
-# Not Valid Before: Tue Jun 11 10:46:39 2002
-# Not Valid After : Fri Jun 11 10:46:39 2027
-# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
-# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certum Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\142\122\334\100\367\021\103\242\057\336\236\367\064\216\006\102
-\121\261\201\030
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\054\217\237\146\035\030\220\261\107\046\235\216\206\202\214\251
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
-\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
-\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
-\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\003\001\000\040
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "Comodo AAA Services root"
 #
 # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
 # Serial Number: 1 (0x1)
 # Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
 # Not Valid Before: Thu Jan 01 00:00:00 2004
 # Not Valid After : Sun Dec 31 23:59:59 2028
 # Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
@@ -6912,16 +6821,185 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \231\052
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "MD5 Collisions Forged Rogue CA 25c3"
+#
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
+\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
+\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
+\145\145\144\157\155\056\157\162\147\057\155\144\065\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
+\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
+\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
+\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
+\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
+\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
+\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
+\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
+\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
+\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
+\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
+\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
+\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
+\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
+\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
+\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
+\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
+\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
+\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
+\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
+\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
+\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
+\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
+\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
+\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
+\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
+\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
+\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
+\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
+\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
+\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
+\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
+\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
+\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
+\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
+\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
+\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
+\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
+\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
+\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
+\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
+\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
+\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
+\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
+\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
+\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
+\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
+\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
+\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
+\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
+\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
+\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
+\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
+\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
+\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
+\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
+\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
+\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
+\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
+\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
+\321\236\164\310\166\147
+END
+
+# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
+\005\132\213\212
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Distrust "Distrusted AC DG Tresor SSL"
+# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
+# Serial Number: 204199 (0x31da7)
+# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
+# Not Valid Before: Thu Jul 18 10:05:28 2013
+# Not Valid After : Fri Jul 18 10:05:28 2014
+# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
+# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL"
+CKA_ISSUER MULTILINE_OCTAL
+\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
+\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
+\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
+\150\145\156\164\151\146\151\143\141\164\151\157\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\003\035\247
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Security Communication EV RootCA1"
 #
 # Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
 # Serial Number: 0 (0x0)
 # Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
 # Not Valid Before: Wed Jun 06 02:12:32 2007
 # Not Valid After : Sat Jun 06 02:12:32 2037
 # Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
@@ -10895,16 +10973,1735 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\011\000\311\315\323\351\325\175\043\316
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Bogus Mozilla Addons"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
+# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
+# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Mozilla Addons"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\342\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\033\060\031\006\003\125\004
+\003\023\022\141\144\144\157\156\163\056\155\157\172\151\154\154
+\141\056\157\162\147
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
+\362\077\103
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\370\060\202\004\340\240\003\002\001\002\002\021\000
+\222\071\325\064\217\100\321\151\132\164\124\160\341\362\077\103
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\342\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\033\060\031\006\003\125\004\003\023\022\141\144\144\157
+\156\163\056\155\157\172\151\154\154\141\056\157\162\147\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\253
+\306\155\066\363\025\163\170\203\163\316\164\205\325\256\354\262
+\360\340\044\037\023\203\270\040\254\273\232\376\210\273\253\241
+\035\013\037\105\000\252\111\267\065\067\014\152\357\107\114\271
+\321\276\343\127\022\004\215\222\307\266\354\001\274\266\332\307
+\201\070\040\255\162\205\346\016\374\201\154\007\255\150\166\070
+\305\104\327\314\306\112\305\227\076\144\364\121\346\360\176\262
+\354\126\367\045\202\115\111\230\313\026\230\335\043\361\211\221
+\321\027\227\100\231\046\326\342\242\053\136\337\275\211\362\033
+\032\123\055\314\120\101\172\320\075\052\014\125\160\024\001\351
+\130\111\020\172\013\223\202\213\341\036\355\072\200\020\202\316
+\226\212\064\360\314\327\323\271\264\120\207\125\124\011\270\235
+\102\050\125\000\345\214\065\124\277\335\045\221\106\267\015\345
+\135\203\250\345\213\373\204\344\074\256\166\332\304\103\053\133
+\164\013\370\276\135\150\361\170\133\265\316\175\361\135\231\100
+\332\312\356\070\201\120\276\230\241\154\270\044\255\363\257\214
+\017\327\021\050\054\204\030\114\175\265\331\217\060\265\033\002
+\003\001\000\001\243\202\001\360\060\202\001\354\060\037\006\003
+\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050\230
+\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035\006
+\003\125\035\016\004\026\004\024\335\200\322\124\075\367\114\160
+\312\243\260\335\064\172\062\344\350\073\132\073\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006\003
+\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125\035
+\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001\006
+\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035\040
+\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061\001
+\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005\007
+\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143\165
+\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103\120
+\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240\066
+\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056\143
+\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116\055
+\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167\141
+\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150\164
+\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157\056
+\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060\161
+\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060\073
+\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160
+\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141\056
+\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164\123
+\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010\053
+\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057\057
+\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143\157
+\155\060\065\006\003\125\035\021\004\056\060\054\202\022\141\144
+\144\157\156\163\056\155\157\172\151\154\154\141\056\157\162\147
+\202\026\167\167\167\056\141\144\144\157\156\163\056\155\157\172
+\151\154\154\141\056\157\162\147\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\063\073\143\025
+\374\261\354\024\054\223\335\165\224\336\201\132\331\116\231\276
+\373\112\244\071\125\115\241\100\172\336\023\052\207\251\067\317
+\350\325\373\255\321\173\155\157\214\040\207\202\124\346\127\111
+\274\040\050\204\315\326\001\331\223\213\027\156\043\146\345\204
+\310\200\077\306\241\160\200\344\354\115\035\371\374\221\132\163
+\142\051\232\367\040\034\141\340\213\071\237\312\274\176\215\335
+\274\331\261\343\237\236\337\025\123\221\041\122\013\331\032\043
+\017\146\066\333\254\223\226\112\243\245\042\317\051\367\242\231
+\250\366\266\331\100\256\331\176\266\366\130\056\233\254\066\312
+\144\217\145\122\334\206\234\202\253\156\120\113\332\137\372\005
+\000\210\060\016\336\215\126\277\201\107\215\075\006\342\262\142
+\222\147\217\236\310\232\262\345\006\270\160\044\270\167\174\043
+\012\070\303\171\010\330\261\121\235\254\225\021\307\100\027\236
+\243\034\217\362\021\247\150\047\332\111\005\204\030\174\130\055
+\001\147\134\345\237\241\051\273\112\071\105\057\277\021\252\171
+\242\355\264\324\265\145\103\267\223\106\212\323
+END
+
+# Trust for Certificate "Bogus Mozilla Addons"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
+# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
+# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Mozilla Addons"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\060\137\213\321\172\242\313\304\203\244\304\033\031\243\232\014
+\165\332\071\326
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\204\305\030\147\037\052\032\220\276\342\261\030\117\003\000\062
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
+\362\077\103
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Global Trustee"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
+# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
+# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Global Trustee"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\343\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\016\060\014\006\003\125\004\007\023\005\124\141\155
+\160\141\061\027\060\025\006\003\125\004\011\023\016\123\145\141
+\040\126\151\154\154\141\147\145\040\061\060\061\027\060\025\006
+\003\125\004\012\023\016\107\154\157\142\141\154\040\124\162\165
+\163\164\145\145\061\027\060\025\006\003\125\004\013\023\016\107
+\154\157\142\141\154\040\124\162\165\163\164\145\145\061\050\060
+\046\006\003\125\004\013\023\037\110\157\163\164\145\144\040\142
+\171\040\107\124\111\040\107\162\157\165\160\040\103\157\162\160
+\157\162\141\164\151\157\156\061\024\060\022\006\003\125\004\013
+\023\013\120\154\141\164\151\156\165\155\123\123\114\061\027\060
+\025\006\003\125\004\003\023\016\147\154\157\142\141\154\040\164
+\162\165\163\164\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
+\070\057\260
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\335\060\202\005\305\240\003\002\001\002\002\021\000
+\330\363\137\116\267\207\053\055\253\006\222\343\025\070\057\260
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\343\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\016\060\014\006
+\003\125\004\007\023\005\124\141\155\160\141\061\027\060\025\006
+\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141\147
+\145\040\061\060\061\027\060\025\006\003\125\004\012\023\016\107
+\154\157\142\141\154\040\124\162\165\163\164\145\145\061\027\060
+\025\006\003\125\004\013\023\016\107\154\157\142\141\154\040\124
+\162\165\163\164\145\145\061\050\060\046\006\003\125\004\013\023
+\037\110\157\163\164\145\144\040\142\171\040\107\124\111\040\107
+\162\157\165\160\040\103\157\162\160\157\162\141\164\151\157\156
+\061\024\060\022\006\003\125\004\013\023\013\120\154\141\164\151
+\156\165\155\123\123\114\061\027\060\025\006\003\125\004\003\023
+\016\147\154\157\142\141\154\040\164\162\165\163\164\145\145\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\331\164\362\252\101\035\337\365\302\026\103\111\134\051\277\266
+\211\164\051\274\234\215\014\106\117\131\176\262\101\027\146\064
+\014\145\211\341\154\045\343\206\012\236\042\105\042\214\335\235
+\346\243\225\336\334\210\002\125\134\343\133\221\165\353\046\151
+\143\271\056\306\312\056\047\337\210\272\002\040\156\376\271\013
+\051\327\247\326\327\110\032\034\316\335\037\251\047\016\142\117
+\241\226\036\335\124\072\064\143\112\166\365\167\175\131\147\330
+\020\324\265\017\072\103\042\230\333\364\011\304\012\160\316\335
+\220\324\057\357\164\023\303\315\302\211\071\142\025\235\346\164
+\250\350\233\360\143\156\234\211\266\016\255\233\367\314\202\350
+\350\055\270\013\332\042\354\111\205\007\210\231\230\077\364\164
+\251\011\367\201\174\227\013\131\231\030\162\213\333\224\202\053
+\247\350\252\153\227\277\210\176\165\260\213\105\105\014\307\250
+\011\352\033\101\130\060\073\137\170\145\025\064\322\344\074\064
+\015\035\330\144\074\212\245\126\111\231\050\055\113\362\317\315
+\331\156\111\144\233\251\171\220\167\125\251\010\033\255\032\164
+\236\340\003\223\012\011\267\255\247\264\134\357\203\154\267\232
+\264\306\150\100\200\035\102\321\156\171\233\251\031\041\232\234
+\371\206\055\000\321\064\376\340\266\371\125\266\365\046\305\225
+\026\245\174\163\237\012\051\211\254\072\230\367\233\164\147\267
+\220\267\135\011\043\152\152\355\054\020\356\123\012\020\360\026
+\037\127\263\261\015\171\221\031\260\353\315\060\077\240\024\137
+\263\306\375\134\063\247\260\377\230\260\125\214\271\245\362\157
+\107\044\111\041\151\314\102\242\121\000\100\205\214\202\202\253
+\062\245\313\232\334\320\331\030\015\337\031\364\257\203\015\301
+\076\061\333\044\110\266\165\200\241\341\311\167\144\036\247\345
+\213\177\025\115\113\247\302\320\355\171\225\136\221\061\354\030
+\377\116\237\110\024\352\165\272\041\316\051\166\351\037\116\121
+\207\056\263\314\004\140\272\043\037\037\145\262\012\270\325\156
+\217\113\102\211\107\251\201\220\133\053\262\266\256\346\240\160
+\173\170\220\012\172\305\345\347\305\373\012\366\057\151\214\214
+\037\127\340\006\231\377\021\325\122\062\040\227\047\230\356\145
+\002\003\001\000\001\243\202\001\324\060\202\001\320\060\037\006
+\003\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050
+\230\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035
+\006\003\125\035\016\004\026\004\024\267\303\336\032\103\355\101
+\227\251\217\051\170\234\003\271\254\100\102\000\254\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006
+\003\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125
+\035\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001
+\006\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035
+\040\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061
+\001\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005
+\007\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143
+\165\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103
+\120\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240
+\066\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056
+\143\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116
+\055\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167
+\141\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150
+\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157
+\056\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162
+\163\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060
+\161\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060
+\073\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164
+\160\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141
+\056\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164
+\123\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010
+\053\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057
+\057\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143
+\157\155\060\031\006\003\125\035\021\004\022\060\020\202\016\147
+\154\157\142\141\154\040\164\162\165\163\164\145\145\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\217\272\165\272\071\324\046\323\160\017\304\263\002\247\305
+\022\043\161\311\376\143\351\243\142\170\044\104\117\324\271\021
+\076\037\307\050\347\125\153\356\364\341\000\221\206\212\311\011
+\153\237\056\244\105\071\321\141\142\136\223\245\005\105\170\237
+\140\022\054\364\154\145\145\015\314\106\064\213\050\272\240\306
+\364\231\161\144\363\042\166\254\117\363\142\311\247\063\132\007
+\037\075\311\206\200\334\333\004\057\207\047\350\277\110\104\201
+\300\360\111\043\156\037\345\344\003\206\044\023\242\205\142\174
+\130\004\312\346\215\023\162\012\272\126\104\242\017\274\373\240
+\075\015\052\177\373\236\251\011\075\267\132\324\212\215\341\045
+\350\244\011\204\160\255\022\104\271\317\271\063\172\272\134\346
+\113\246\273\005\006\230\377\362\230\122\173\167\200\047\112\331
+\342\372\271\122\324\373\373\346\326\055\236\217\301\025\104\215
+\233\164\057\356\224\132\116\323\304\213\212\254\103\235\163\366
+\256\014\207\211\255\207\311\311\307\335\272\024\140\172\370\265
+\065\235\302\215\306\226\201\015\251\122\212\051\100\004\351\031
+\264
+END
+
+# Trust for Certificate "Bogus Global Trustee"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
+# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
+# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Global Trustee"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\141\171\077\313\372\117\220\010\060\233\272\137\361\055\054\262
+\234\324\025\032
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\376\015\001\156\161\313\214\330\077\016\014\315\111\065\270\127
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
+\070\057\260
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus GMail"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
+# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
+# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus GMail"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\155\141\151\154\056\147\157\157\147\154\145\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
+\256\036
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\356\060\202\004\326\240\003\002\001\002\002\020\004
+\176\313\351\374\245\137\173\320\236\256\066\341\014\256\036\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\155\141\151\154\056
+\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
+\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
+\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
+\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
+\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
+\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
+\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
+\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
+\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
+\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
+\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
+\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
+\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
+\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
+\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
+\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
+\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
+\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
+\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057\006
+\003\125\035\021\004\050\060\046\202\017\155\141\151\154\056\147
+\157\157\147\154\145\056\143\157\155\202\023\167\167\167\056\155
+\141\151\154\056\147\157\157\147\154\145\056\143\157\155\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
+\001\000\147\006\010\012\047\305\223\156\002\362\336\027\077\320
+\323\033\174\377\265\315\172\307\167\307\276\337\022\312\031\336
+\260\023\127\014\003\221\304\171\122\317\177\267\136\125\040\204
+\111\335\365\320\051\057\016\004\332\131\236\016\023\237\364\300
+\062\233\377\241\021\044\052\227\243\362\077\075\052\153\250\255
+\214\031\165\225\016\035\045\375\117\304\172\025\303\035\307\023
+\100\310\015\276\227\140\162\246\376\045\276\217\354\325\246\206
+\303\041\134\131\122\331\152\013\134\237\113\336\265\371\354\342
+\364\305\314\142\123\166\211\145\344\051\332\267\277\226\340\140
+\215\015\267\011\125\326\100\125\035\301\362\226\041\165\257\211
+\206\037\135\201\227\051\050\036\051\327\226\301\040\003\062\173
+\000\073\152\067\027\132\243\263\032\157\062\073\156\361\243\135
+\253\253\314\052\313\060\014\037\065\043\213\151\104\134\352\254
+\050\140\355\253\153\143\236\366\222\274\275\232\132\046\114\305
+\230\270\016\031\076\374\005\061\343\026\331\375\220\005\003\206
+\306\127\001\037\177\170\240\317\063\152\252\146\153\042\320\247
+\111\043
+END
+
+# Trust for Certificate "Bogus GMail"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
+# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
+# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus GMail"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\144\061\162\060\066\375\046\336\245\002\171\057\245\225\222\044
+\223\003\017\227
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\114\167\037\353\312\061\301\051\230\351\054\020\263\257\111\034
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
+\256\036
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Google"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
+# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
+# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Google"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
+\003\023\016\167\167\167\056\147\157\157\147\154\145\056\143\157
+\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
+\130\174\006
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\344\060\202\004\314\240\003\002\001\002\002\021\000
+\365\310\152\363\141\142\361\072\144\365\117\155\311\130\174\006
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\027\060\025\006\003\125\004\003\023\016\167\167\167\056
+\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
+\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
+\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
+\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
+\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
+\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
+\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
+\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
+\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
+\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
+\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
+\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
+\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
+\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
+\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
+\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
+\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
+\243\202\001\340\060\202\001\334\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
+\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\045\006
+\003\125\035\021\004\036\060\034\202\016\167\167\167\056\147\157
+\157\147\154\145\056\143\157\155\202\012\147\157\157\147\154\145
+\056\143\157\155\060\015\006\011\052\206\110\206\367\015\001\001
+\005\005\000\003\202\001\001\000\161\300\231\077\136\366\275\063
+\377\236\026\313\250\277\335\160\371\322\123\073\066\256\311\027
+\310\256\136\115\335\142\367\267\323\076\167\243\376\300\173\062
+\265\311\224\005\122\120\362\137\075\171\204\111\117\135\154\260
+\327\131\275\324\154\210\372\374\305\145\206\353\050\122\242\102
+\366\174\274\152\307\007\056\045\321\220\142\040\306\215\121\302
+\054\105\071\116\003\332\367\030\350\314\012\072\331\105\330\154
+\156\064\213\142\234\116\025\371\103\356\345\227\300\077\255\065
+\023\305\053\006\307\101\375\342\367\176\105\255\233\321\341\146
+\355\370\172\113\224\071\172\057\353\350\077\103\330\065\326\126
+\372\164\347\155\346\355\254\145\204\376\320\115\006\022\336\332
+\131\000\074\011\134\317\210\113\350\075\264\025\041\222\314\155
+\246\121\342\216\227\361\364\202\106\313\304\123\136\332\134\235
+\145\222\001\145\211\000\345\266\231\377\046\100\361\057\031\061
+\010\032\261\147\125\206\015\256\065\063\206\274\227\110\222\327
+\226\140\370\316\374\226\353\207\304\163\314\224\233\130\133\363
+\172\244\047\023\326\117\364\151
+END
+
+# Trust for Certificate "Bogus Google"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
+# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
+# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Google"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\031\026\242\257\064\155\071\237\120\061\074\071\062\000\361\101
+\100\105\146\026
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\001\163\251\130\360\274\311\276\224\053\032\114\230\044\343\270
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
+\130\174\006
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Skype"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
+# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
+# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Skype"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\163\153\171\160\145\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
+\025\104\107
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
+\351\002\213\225\170\344\025\334\032\161\012\053\210\025\104\107
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
+\156\056\163\153\171\160\145\056\143\157\155\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\260\170\231\206
+\016\242\163\043\324\132\303\111\353\261\066\214\174\312\204\256
+\074\257\070\210\050\231\215\055\130\023\261\227\170\076\122\040
+\147\254\133\163\230\154\062\125\311\160\321\331\252\025\350\056
+\046\205\201\274\126\344\274\200\143\333\116\327\365\002\276\121
+\143\036\074\333\337\327\000\135\132\271\345\173\152\352\070\040
+\262\073\266\356\165\124\204\371\246\312\070\160\335\277\260\377
+\245\205\135\264\101\376\335\075\331\052\341\060\103\032\230\171
+\223\240\137\340\147\154\225\372\076\172\256\161\173\343\155\210
+\102\077\045\324\356\276\150\150\254\255\254\140\340\040\243\071
+\203\271\133\050\243\223\155\241\275\166\012\343\353\256\207\047
+\016\124\217\264\110\014\232\124\364\135\216\067\120\334\136\244
+\213\153\113\334\246\363\064\276\167\131\042\210\377\031\053\155
+\166\144\163\332\014\207\007\053\232\067\072\320\342\214\366\066
+\062\153\232\171\314\322\073\223\157\032\115\154\346\301\235\100
+\254\055\164\303\276\352\134\163\145\001\051\261\052\277\160\131
+\301\316\306\303\242\310\105\137\272\147\075\017\002\003\001\000
+\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
+\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
+\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
+\016\004\026\004\024\325\216\132\121\023\264\051\015\061\266\034
+\215\076\121\121\061\012\063\252\201\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
+\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
+\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
+\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
+\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
+\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
+\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
+\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
+\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
+\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
+\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
+\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
+\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
+\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
+\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
+\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
+\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
+\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
+\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
+\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
+\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
+\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
+\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
+\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
+\056\163\153\171\160\145\056\143\157\155\202\023\167\167\167\056
+\154\157\147\151\156\056\163\153\171\160\145\056\143\157\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\010\362\201\165\221\273\316\022\004\030\302\115\132
+\373\106\220\012\124\104\364\362\335\007\201\360\037\246\172\157
+\237\317\270\016\054\117\234\304\232\365\250\366\272\244\311\172
+\135\261\342\132\312\074\372\140\250\150\076\313\272\055\342\315
+\326\266\344\222\074\151\255\127\352\250\057\070\020\204\162\345
+\150\161\355\276\353\156\030\357\143\172\276\347\044\377\300\143
+\375\130\073\114\201\222\330\051\253\216\065\135\327\323\011\153
+\205\323\325\163\005\104\342\345\273\203\123\020\313\362\317\267
+\156\341\151\267\241\222\144\305\317\315\202\273\066\240\070\255
+\327\044\337\123\374\077\142\267\267\325\307\127\343\223\061\160
+\216\044\211\206\312\143\053\071\272\135\331\152\140\354\241\116
+\212\376\123\370\136\222\337\057\134\046\027\155\003\175\002\017
+\017\252\103\147\155\260\142\277\176\123\335\314\354\170\163\225
+\345\245\366\000\243\004\375\077\004\052\263\230\305\267\003\034
+\333\311\120\253\260\005\035\036\276\126\264\317\076\102\023\224
+\236\371\347\001\201\245\170\157\014\172\166\254\005\206\354\254
+\302\021\254
+END
+
+# Trust for Certificate "Bogus Skype"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
+# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
+# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Skype"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\107\034\224\232\201\103\333\132\325\315\361\311\162\206\112\045
+\004\372\043\311
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\205\244\264\304\151\041\337\241\152\015\130\126\130\113\063\104
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
+\025\104\107
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 1"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
+# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
+\167\051\243
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
+\327\125\217\332\365\361\020\133\262\023\050\053\160\167\051\243
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
+\156\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075
+\355\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034
+\353\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243
+\011\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030
+\251\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041
+\356\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202
+\356\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161
+\204\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174
+\157\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302
+\314\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321
+\211\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337
+\312\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115
+\175\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072
+\370\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154
+\002\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245
+\231\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167
+\113\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000
+\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
+\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
+\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
+\016\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047
+\141\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
+\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
+\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
+\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
+\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
+\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
+\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
+\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
+\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
+\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
+\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
+\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
+\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
+\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
+\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
+\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
+\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
+\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
+\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
+\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
+\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
+\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
+\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
+\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\202\023\167\167\167\056
+\154\157\147\151\156\056\171\141\150\157\157\056\143\157\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\075\127\311\110\044\134\356\144\201\365\256\276\125
+\051\026\377\052\057\204\355\331\370\243\003\310\060\146\273\310
+\324\201\055\041\367\010\367\254\226\102\232\101\165\172\272\135
+\020\043\313\222\102\141\372\212\332\155\145\064\031\345\251\326
+\055\023\170\327\201\104\222\251\156\200\143\025\313\376\065\037
+\002\321\212\024\260\250\314\224\040\073\250\032\360\135\066\120
+\333\015\256\351\144\344\366\215\151\175\060\310\024\027\000\112
+\345\246\065\373\175\015\042\235\171\166\122\054\274\227\006\210
+\232\025\364\163\346\361\365\230\245\315\007\104\221\270\247\150
+\147\105\322\162\021\140\342\161\267\120\125\342\212\251\015\326
+\222\356\004\052\213\060\240\242\005\106\064\155\222\306\073\252
+\115\240\320\253\001\031\012\062\267\350\343\317\361\322\227\111
+\173\254\244\227\367\360\127\256\143\167\232\177\226\332\115\375
+\276\334\007\066\343\045\275\211\171\216\051\022\023\213\210\007
+\373\153\333\244\315\263\055\047\351\324\312\140\327\205\123\373
+\164\306\134\065\214\160\037\371\262\267\222\047\040\307\224\325
+\147\024\060
+END
+
+# Trust for Certificate "Bogus Yahoo 1"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
+# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\143\376\256\226\013\252\221\343\103\316\053\330\267\027\230\307
+\153\333\167\320
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\014\037\276\323\374\011\156\346\156\302\146\071\165\206\153\353
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
+\167\051\243
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 2"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
+# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
+\302\051
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\071
+\052\103\117\016\007\337\037\212\243\005\336\064\340\302\051\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
+\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
+\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
+\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
+\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
+\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
+\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
+\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
+\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
+\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
+\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
+\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
+\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
+\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
+\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
+\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
+\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
+\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
+\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
+\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
+\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\127\142\341
+\167\353\374\037\277\210\123\257\130\323\324\326\155\147\060\027
+\100\276\340\037\144\336\207\025\314\340\244\126\251\321\237\371
+\001\376\002\261\261\352\342\137\356\161\026\061\371\010\325\302
+\327\232\233\262\132\070\327\251\177\351\207\153\061\371\013\254
+\331\375\120\161\340\333\202\222\017\201\234\215\167\351\353\056
+\352\324\043\101\207\354\055\262\170\263\216\261\147\322\356\161
+\003\010\022\231\263\002\051\157\336\213\336\301\251\003\012\132
+\063\034\075\021\003\306\110\014\230\234\025\056\331\246\205\122
+\347\005\212\256\060\043\353\355\050\154\140\351\055\177\217\107
+\213\057\320\334\346\273\017\176\137\362\110\201\216\120\004\143
+\261\121\200\165\232\251\266\020\034\020\137\157\030\157\340\016
+\226\105\316\356\361\265\040\333\357\332\156\310\225\343\366\105
+\375\312\374\245\137\111\155\006\036\322\336\141\075\025\175\067
+\345\034\065\216\006\302\153\367\264\250\050\054\061\313\252\264
+\247\227\117\235\212\366\257\176\067\271\173\075\337\222\146\213
+\217\116\235\306\066\347\134\246\253\022\017\326\317
+END
+
+# Trust for Certificate "Bogus Yahoo 2"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
+# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\320\030\266\055\305\030\220\162\107\337\120\222\133\260\232\317
+\112\134\263\255
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\162\334\310\162\154\123\073\262\375\314\135\031\275\257\246\061
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
+\302\051
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 3"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
+# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
+\052\161
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\076
+\165\316\324\153\151\060\041\041\210\060\256\206\250\052\161\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
+\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
+\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
+\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
+\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
+\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
+\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
+\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
+\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
+\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
+\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
+\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
+\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
+\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
+\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
+\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
+\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
+\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
+\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
+\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
+\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\123\151\230
+\216\050\116\234\053\133\035\314\153\167\050\075\273\372\245\116
+\176\126\051\244\352\020\342\364\346\055\006\321\204\333\043\316
+\227\363\150\266\017\072\336\025\013\044\035\221\343\154\056\060
+\267\351\160\260\303\106\200\360\323\261\121\277\117\326\170\240
+\374\254\306\317\061\004\143\342\064\125\005\112\075\366\060\272
+\363\063\345\272\322\226\363\325\261\266\223\211\032\244\150\276
+\176\355\143\264\032\110\300\123\344\243\360\071\014\062\222\307
+\103\015\032\161\355\320\106\223\277\223\142\154\063\113\315\066
+\015\151\136\273\154\226\231\041\151\304\113\147\162\333\154\152
+\270\367\150\355\305\217\255\143\145\225\012\114\340\371\017\176
+\067\075\252\324\223\272\147\011\303\245\244\015\003\132\155\325
+\013\376\360\100\024\264\366\270\151\174\155\302\062\113\237\265
+\032\347\106\256\114\132\053\252\172\136\220\127\225\372\333\146
+\002\040\036\152\151\146\025\234\302\266\365\274\120\265\375\105
+\307\037\150\264\107\131\254\304\033\050\223\116\122\123\022\003
+\130\113\161\203\237\146\346\254\171\110\376\376\107
+END
+
+# Trust for Certificate "Bogus Yahoo 3"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
+# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\200\226\052\344\326\305\264\102\211\116\225\241\076\112\151\236
+\007\326\224\317
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\112\334\074\147\355\041\315\133\316\135\310\021\344\236\317\075
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
+\052\161
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus live.com"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
+# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
+# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus live.com"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
+\003\023\016\154\157\147\151\156\056\154\151\166\145\056\143\157
+\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
+\275\072\300
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\354\060\202\004\324\240\003\002\001\002\002\021\000
+\260\267\023\076\320\226\371\265\157\256\221\310\164\275\072\300
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\027\060\025\006\003\125\004\003\023\016\154\157\147\151
+\156\056\154\151\166\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\363\374\053\057\357
+\341\255\131\360\102\074\302\361\202\277\054\101\223\321\366\230
+\063\225\114\274\142\361\225\130\010\266\351\173\167\110\260\323
+\334\027\077\274\156\346\354\036\354\215\027\376\034\044\306\076
+\147\075\222\225\242\060\300\247\127\040\317\160\210\227\112\005
+\223\171\223\102\227\057\076\377\304\024\024\050\242\023\066\264
+\370\356\276\035\274\170\135\141\223\137\353\210\327\321\344\053
+\232\315\130\342\007\105\237\117\270\271\100\152\063\054\133\041
+\003\132\112\224\362\172\227\131\033\250\265\102\330\203\000\252
+\064\314\247\166\320\107\003\137\005\257\073\341\271\241\064\045
+\267\154\137\232\060\204\230\302\302\327\362\270\102\112\020\125
+\275\372\123\201\135\215\150\146\105\054\122\176\345\304\004\303
+\124\347\303\071\332\172\112\305\271\230\202\040\341\054\140\127
+\277\272\362\106\000\274\137\072\334\343\063\227\370\112\230\271
+\354\063\117\055\140\154\025\222\246\201\112\013\351\354\166\160
+\064\061\027\160\346\160\113\216\213\323\165\313\170\111\253\146
+\233\206\237\217\251\304\001\350\312\033\347\002\003\001\000\001
+\243\202\001\350\060\202\001\344\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\324\144\366\251\350\245\176\327\277\143\122\003
+\203\123\333\305\101\215\352\200\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\055\006
+\003\125\035\021\004\046\060\044\202\016\154\157\147\151\156\056
+\154\151\166\145\056\143\157\155\202\022\167\167\167\056\154\157
+\147\151\156\056\154\151\166\145\056\143\157\155\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\124\343\244\232\044\322\363\035\102\255\033\360\036\253\373\332
+\325\252\351\317\132\263\036\127\173\061\362\156\127\113\061\257
+\063\273\266\015\025\307\136\131\001\316\104\265\267\277\011\311
+\325\334\151\204\351\305\032\267\360\076\324\300\044\275\051\137
+\264\351\326\130\353\105\021\211\064\064\323\021\353\064\316\052
+\117\000\075\366\162\357\151\146\300\237\232\254\176\160\120\254
+\125\107\332\276\103\133\354\213\310\305\043\204\311\237\266\122
+\010\317\221\033\057\200\151\346\064\063\346\263\237\244\345\015
+\232\025\371\127\374\013\251\101\013\365\377\130\101\222\042\047
+\146\022\006\307\052\330\131\247\306\337\104\022\117\300\250\177
+\247\101\310\310\151\377\272\005\056\227\255\073\320\353\363\025
+\155\176\033\345\272\335\064\276\042\021\354\150\230\063\201\002
+\152\013\023\125\171\061\165\116\072\310\266\023\275\227\157\067
+\012\013\055\210\016\336\147\220\302\263\312\040\312\232\121\364
+\144\076\333\364\056\105\362\307\107\027\250\364\372\220\132\177
+\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352
+END
+
+# Trust for Certificate "Bogus live.com"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
+# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
+# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus live.com"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\316\245\206\262\316\131\076\307\331\071\211\203\067\305\170\024
+\160\212\262\276
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\320\324\071\343\314\134\122\335\010\315\351\253\350\021\131\324
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
+\275\072\300
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Go Daddy Root Certificate Authority - G2"
 #
 # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
 # Serial Number: 0 (0x0)
 # Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
 # Not Valid Before: Tue Sep 01 00:00:00 2009
 # Not Valid After : Thu Dec 31 23:59:59 2037
 # Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01
@@ -12306,16 +14103,615 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \377\377
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
+#
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Not Valid Before: Thu Jul 26 15:59:01 2007
+# Not Valid After : Mon Aug 26 16:29:01 2013
+# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
+# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\161\060\202\002\332\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\150\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\043\060\041\006\003\125\004\003\023\032
+\104\151\147\151\116\157\164\141\162\040\123\145\162\166\151\143
+\145\163\040\061\060\062\064\040\103\101\061\040\060\036\006\011
+\052\206\110\206\367\015\001\011\001\026\021\151\156\146\157\100
+\144\151\147\151\156\157\164\141\162\056\156\154\060\036\027\015
+\060\067\060\067\062\066\061\065\065\071\060\061\132\027\015\061
+\063\060\070\062\066\061\066\062\071\060\061\132\060\150\061\013
+\060\011\006\003\125\004\006\023\002\116\114\061\022\060\020\006
+\003\125\004\012\023\011\104\151\147\151\116\157\164\141\162\061
+\043\060\041\006\003\125\004\003\023\032\104\151\147\151\116\157
+\164\141\162\040\123\145\162\166\151\143\145\163\040\061\060\062
+\064\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
+\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
+\164\141\162\056\156\154\060\201\237\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\201\215\000\060\201\211\002
+\201\201\000\332\233\115\135\074\371\321\342\213\306\306\010\040
+\305\331\036\110\354\146\130\147\171\142\053\101\143\364\211\215
+\150\332\257\270\224\066\213\031\044\244\240\223\322\231\017\262
+\255\055\065\115\315\057\152\341\371\233\031\053\274\004\032\176
+\055\075\122\144\315\361\076\147\017\211\056\350\362\117\256\246
+\010\241\205\376\241\251\011\346\306\253\076\103\374\257\172\003
+\221\332\246\071\246\141\356\230\117\030\250\323\263\257\146\202
+\351\237\274\335\162\371\006\004\275\022\331\030\044\347\253\223
+\123\213\131\002\003\001\000\001\243\202\001\046\060\202\001\042
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\021\006
+\003\125\035\040\004\012\060\010\060\006\006\004\125\035\040\000
+\060\063\006\010\053\006\001\005\005\007\001\001\004\047\060\045
+\060\043\006\010\053\006\001\005\005\007\060\001\206\027\150\164
+\164\160\072\057\057\157\143\163\160\056\145\156\164\162\165\163
+\164\056\156\145\164\060\063\006\003\125\035\037\004\054\060\052
+\060\050\240\046\240\044\206\042\150\164\164\160\072\057\057\143
+\162\154\056\145\156\164\162\165\163\164\056\156\145\164\057\163
+\145\162\166\145\162\061\056\143\162\154\060\035\006\003\125\035
+\016\004\026\004\024\376\334\224\111\014\157\357\134\177\306\361
+\022\231\117\026\111\255\373\202\145\060\013\006\003\125\035\017
+\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030\060
+\026\200\024\360\027\142\023\125\075\263\377\012\000\153\373\120
+\204\227\363\355\142\320\032\060\031\006\011\052\206\110\206\366
+\175\007\101\000\004\014\060\012\033\004\126\067\056\061\003\002
+\000\201\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\201\201\000\143\164\152\067\251\077\226\234\146\310\130
+\254\011\311\357\365\145\224\177\243\002\304\070\061\275\135\043
+\207\354\324\126\262\311\262\156\344\005\006\374\354\365\372\210
+\160\131\324\356\346\335\265\172\240\243\140\057\002\014\253\336
+\022\135\257\360\065\113\252\212\107\221\032\365\205\054\102\307
+\035\357\225\103\263\136\270\225\223\245\332\305\050\252\255\162
+\055\061\255\231\153\154\377\214\041\047\257\255\232\221\053\307
+\335\130\303\156\007\305\237\171\322\307\214\125\277\114\307\047
+\136\121\026\053\076
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Not Valid Before: Thu Jul 26 15:59:01 2007
+# Not Valid After : Mon Aug 26 16:29:01 2013
+# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
+# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\022\073\352\312\146\147\167\141\340\353\150\362\376\355\242\017
+\040\005\125\160
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\057\026\150\227\114\150\117\316\122\212\354\123\217\223\111\370
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Cyber CA"
+#
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Oct 04 10:54:12 2006
+# Not Valid After : Tue Oct 04 10:53:12 2011
+# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
+# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\105\060\202\004\256\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\140\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\061\040\060\036\006\011\052\206\110\206\367\015\001\011
+\001\026\021\151\156\146\157\100\144\151\147\151\156\157\164\141
+\162\056\156\154\060\036\027\015\060\066\061\060\060\064\061\060
+\065\064\061\062\132\027\015\061\061\061\060\060\064\061\060\065
+\063\061\062\132\060\140\061\013\060\011\006\003\125\004\006\023
+\002\116\114\061\022\060\020\006\003\125\004\012\023\011\104\151
+\147\151\116\157\164\141\162\061\033\060\031\006\003\125\004\003
+\023\022\104\151\147\151\116\157\164\141\162\040\103\171\142\145
+\162\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
+\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
+\164\141\162\056\156\154\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\322\316\025\012\055\250\136\204\147
+\255\375\276\357\106\307\310\271\317\163\374\364\064\271\371\054
+\103\347\140\023\075\172\343\262\317\073\147\154\220\255\300\271
+\077\204\122\360\065\102\334\164\334\050\073\275\122\264\247\254
+\162\105\027\306\360\211\353\264\252\045\362\135\113\136\321\331
+\207\272\326\175\174\365\316\062\237\020\063\305\261\112\273\136
+\221\061\302\320\351\101\302\221\144\176\011\101\073\333\213\010
+\067\152\252\312\122\336\265\071\036\300\210\003\245\077\213\231
+\023\141\103\265\233\202\263\356\040\157\317\241\104\242\352\057
+\153\100\237\217\053\127\255\241\123\302\205\042\151\235\240\077
+\121\337\013\101\221\015\245\341\250\252\134\111\010\135\275\336
+\160\101\261\017\311\143\153\323\177\064\164\002\057\064\132\170
+\165\034\150\172\201\147\212\363\332\100\360\140\143\364\222\040
+\327\003\246\075\243\036\147\304\204\033\101\245\311\214\346\275
+\352\110\266\005\026\010\263\067\022\132\367\141\074\367\070\157
+\056\227\340\157\126\070\124\323\050\265\255\024\156\056\113\144
+\265\047\145\267\165\045\011\266\007\075\225\126\002\012\202\140
+\262\163\105\340\063\046\121\164\232\271\324\120\034\366\115\133
+\133\122\122\023\132\246\177\247\016\341\350\101\124\147\230\214
+\207\325\311\323\154\313\323\124\222\006\011\064\101\367\201\157
+\077\236\311\174\165\125\260\347\301\263\167\350\303\304\000\065
+\225\100\160\020\112\005\336\045\273\237\131\245\144\274\107\140
+\277\140\343\166\213\023\125\335\341\164\172\271\317\044\246\152
+\177\336\144\042\104\130\150\202\152\020\371\075\345\076\033\271
+\275\374\042\364\140\004\211\273\125\155\050\125\372\336\216\215
+\033\041\024\327\067\213\064\173\115\366\262\262\020\317\063\261
+\175\034\142\231\110\313\053\154\166\226\125\277\031\015\035\037
+\273\145\252\033\216\231\265\306\050\220\345\202\055\170\120\040
+\232\375\171\057\044\177\360\211\051\151\364\175\315\163\276\263
+\355\116\301\321\355\122\136\217\367\270\327\215\207\255\262\331
+\033\121\022\377\126\263\341\257\064\175\134\244\170\210\020\236
+\235\003\306\245\252\242\044\121\367\111\024\305\261\356\131\103
+\225\337\253\150\050\060\077\002\003\001\000\001\243\202\001\206
+\060\202\001\202\060\022\006\003\125\035\023\001\001\377\004\010
+\060\006\001\001\377\002\001\001\060\123\006\003\125\035\040\004
+\114\060\112\060\110\006\011\053\006\001\004\001\261\076\001\000
+\060\073\060\071\006\010\053\006\001\005\005\007\002\001\026\055
+\150\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151
+\143\055\164\162\165\163\164\056\143\157\155\057\103\120\123\057
+\117\155\156\151\122\157\157\164\056\150\164\155\154\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\240
+\006\003\125\035\043\004\201\230\060\201\225\200\024\246\014\035
+\237\141\377\007\027\265\277\070\106\333\103\060\325\216\260\122
+\006\241\171\244\167\060\165\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107
+\124\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047
+\060\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142
+\145\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156
+\163\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003
+\023\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164
+\040\107\154\157\142\141\154\040\122\157\157\164\202\002\001\245
+\060\105\006\003\125\035\037\004\076\060\074\060\072\240\070\240
+\066\206\064\150\164\164\160\072\057\057\167\167\167\056\160\165
+\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143
+\147\151\055\142\151\156\057\103\122\114\057\062\060\061\070\057
+\143\144\160\056\143\162\154\060\035\006\003\125\035\016\004\026
+\004\024\253\371\150\337\317\112\067\327\173\105\214\137\162\336
+\100\104\303\145\273\302\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\201\201\000\217\150\153\245\133\007\272
+\104\146\016\034\250\134\060\173\063\344\012\046\004\374\357\236
+\032\070\326\056\241\037\320\231\107\302\165\144\044\375\236\073
+\050\166\271\046\050\141\221\014\155\054\370\004\237\174\120\001
+\325\343\151\257\357\025\322\105\233\044\011\052\146\005\117\045
+\201\312\135\276\252\301\131\047\256\063\216\202\367\337\164\260
+\125\263\216\370\347\067\310\156\252\126\104\366\275\123\201\043
+\226\075\264\372\062\212\123\146\104\045\242\045\306\246\074\045
+\214\360\340\050\006\042\267\046\101
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA"
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Oct 04 10:54:12 2006
+# Not Valid After : Tue Oct 04 10:53:12 2011
+# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
+# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\245\216\240\354\366\104\126\065\031\035\150\133\307\240\344\034
+\260\115\171\056
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\274\275\211\022\264\377\345\371\046\107\310\140\066\133\331\124
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
+#
+# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Sep 27 10:53:53 2006
+# Not Valid After : Fri Sep 20 09:44:07 2013
+# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
+# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\001\060\202\004\152\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\076\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\060\036\027\015\060\066\060\071\062\067\061\060\065\063
+\065\063\132\027\015\061\063\060\071\062\060\060\071\064\064\060
+\067\132\060\076\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\322\316\025\012\055\250\136\204\147\255\375\276\357
+\106\307\310\271\317\163\374\364\064\271\371\054\103\347\140\023
+\075\172\343\262\317\073\147\154\220\255\300\271\077\204\122\360
+\065\102\334\164\334\050\073\275\122\264\247\254\162\105\027\306
+\360\211\353\264\252\045\362\135\113\136\321\331\207\272\326\175
+\174\365\316\062\237\020\063\305\261\112\273\136\221\061\302\320
+\351\101\302\221\144\176\011\101\073\333\213\010\067\152\252\312
+\122\336\265\071\036\300\210\003\245\077\213\231\023\141\103\265
+\233\202\263\356\040\157\317\241\104\242\352\057\153\100\237\217
+\053\127\255\241\123\302\205\042\151\235\240\077\121\337\013\101
+\221\015\245\341\250\252\134\111\010\135\275\336\160\101\261\017
+\311\143\153\323\177\064\164\002\057\064\132\170\165\034\150\172
+\201\147\212\363\332\100\360\140\143\364\222\040\327\003\246\075
+\243\036\147\304\204\033\101\245\311\214\346\275\352\110\266\005
+\026\010\263\067\022\132\367\141\074\367\070\157\056\227\340\157
+\126\070\124\323\050\265\255\024\156\056\113\144\265\047\145\267
+\165\045\011\266\007\075\225\126\002\012\202\140\262\163\105\340
+\063\046\121\164\232\271\324\120\034\366\115\133\133\122\122\023
+\132\246\177\247\016\341\350\101\124\147\230\214\207\325\311\323
+\154\313\323\124\222\006\011\064\101\367\201\157\077\236\311\174
+\165\125\260\347\301\263\167\350\303\304\000\065\225\100\160\020
+\112\005\336\045\273\237\131\245\144\274\107\140\277\140\343\166
+\213\023\125\335\341\164\172\271\317\044\246\152\177\336\144\042
+\104\130\150\202\152\020\371\075\345\076\033\271\275\374\042\364
+\140\004\211\273\125\155\050\125\372\336\216\215\033\041\024\327
+\067\213\064\173\115\366\262\262\020\317\063\261\175\034\142\231
+\110\313\053\154\166\226\125\277\031\015\035\037\273\145\252\033
+\216\231\265\306\050\220\345\202\055\170\120\040\232\375\171\057
+\044\177\360\211\051\151\364\175\315\163\276\263\355\116\301\321
+\355\122\136\217\367\270\327\215\207\255\262\331\033\121\022\377
+\126\263\341\257\064\175\134\244\170\210\020\236\235\003\306\245
+\252\242\044\121\367\111\024\305\261\356\131\103\225\337\253\150
+\050\060\077\002\003\001\000\001\243\202\001\206\060\202\001\202
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\001\060\123\006\003\125\035\040\004\114\060\112\060
+\110\006\011\053\006\001\004\001\261\076\001\000\060\073\060\071
+\006\010\053\006\001\005\005\007\002\001\026\055\150\164\164\160
+\072\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162
+\165\163\164\056\143\157\155\057\103\120\123\057\117\155\156\151
+\122\157\157\164\056\150\164\155\154\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\201\240\006\003\125\035
+\043\004\201\230\060\201\225\200\024\246\014\035\237\141\377\007
+\027\265\277\070\106\333\103\060\325\216\260\122\006\241\171\244
+\167\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103
+\157\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003
+\125\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162
+\165\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111
+\156\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124
+\105\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157
+\142\141\154\040\122\157\157\164\202\002\001\245\060\105\006\003
+\125\035\037\004\076\060\074\060\072\240\070\240\066\206\064\150
+\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151\143
+\055\164\162\165\163\164\056\143\157\155\057\143\147\151\055\142
+\151\156\057\103\122\114\057\062\060\061\070\057\143\144\160\056
+\143\162\154\060\035\006\003\125\035\016\004\026\004\024\253\371
+\150\337\317\112\067\327\173\105\214\137\162\336\100\104\303\145
+\273\302\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\201\201\000\011\312\142\017\215\273\112\340\324\172\065
+\053\006\055\321\050\141\266\254\001\373\203\111\274\256\324\057
+\055\206\256\031\203\245\326\035\023\342\027\276\376\062\164\351
+\172\024\070\312\224\136\367\051\001\151\161\033\221\032\375\243
+\273\252\035\312\173\342\026\375\241\243\016\363\014\137\262\341
+\040\061\224\053\136\222\166\355\372\351\265\043\246\277\012\073
+\003\251\157\122\140\124\315\137\351\267\057\174\242\047\375\101
+\203\165\266\015\373\170\046\363\261\105\351\062\225\052\032\065
+\041\225\305\242\165
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
+# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Sep 27 10:53:53 2006
+# Not Valid After : Fri Sep 20 09:44:07 2013
+# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
+# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\210\036\105\005\017\230\331\131\373\012\065\371\114\016\050\227
+\125\026\051\263
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\360\256\251\075\362\054\210\334\174\205\033\226\175\132\034\021
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
+#
+# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Thu Jul 05 08:42:08 2007
+# Not Valid After : Mon Jul 27 08:39:47 2015
+# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
+# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\216\060\202\003\166\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\137\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147\151
+\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006\003
+\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040\120
+\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117\166
+\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151\152
+\166\145\156\060\036\027\015\060\067\060\067\060\065\060\070\064
+\062\060\070\132\027\015\061\065\060\067\062\067\060\070\063\071
+\064\067\132\060\137\061\013\060\011\006\003\125\004\006\023\002
+\116\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147
+\151\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006
+\003\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040
+\120\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117
+\166\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151
+\152\166\145\156\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\334\275\322\247\116\152\012\273\073\242\205
+\341\177\000\255\276\264\060\150\230\007\315\240\172\304\224\317
+\161\371\212\067\344\123\353\127\166\314\213\346\154\376\356\207
+\125\310\076\273\004\071\000\247\200\170\254\133\117\176\364\275
+\270\124\270\161\073\007\061\111\071\223\124\174\040\073\171\053
+\217\273\141\220\175\261\254\346\037\220\056\235\105\001\251\144
+\055\115\303\057\271\347\120\325\116\052\134\253\166\166\067\106
+\327\171\354\102\231\367\242\354\244\211\160\334\070\053\207\246
+\252\044\346\235\222\044\033\276\366\375\324\057\031\027\172\346
+\062\007\224\124\005\123\103\351\154\274\257\107\313\274\313\375
+\275\073\104\022\201\361\153\113\273\355\264\317\253\045\117\030
+\322\314\002\374\243\117\265\102\063\313\131\315\011\334\323\120
+\375\240\166\214\254\176\146\212\102\366\255\034\222\363\266\373
+\024\106\353\115\327\057\060\340\155\356\133\066\276\104\164\267
+\040\005\127\205\115\350\000\031\242\366\014\346\256\241\300\102
+\337\247\254\202\135\307\150\267\030\346\211\113\232\153\372\316
+\171\371\363\054\247\002\003\001\000\001\243\202\001\120\060\202
+\001\114\060\110\006\003\125\035\040\004\101\060\077\060\075\006
+\004\125\035\040\000\060\065\060\063\006\010\053\006\001\005\005
+\007\002\001\026\047\150\164\164\160\072\057\057\167\167\167\056
+\144\151\147\151\156\157\164\141\162\056\156\154\057\143\160\163
+\057\160\153\151\157\166\145\162\150\145\151\144\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\200
+\006\003\125\035\043\004\171\060\167\200\024\013\206\326\017\167
+\243\150\261\373\144\011\303\210\156\134\004\034\127\351\075\241
+\131\244\127\060\125\061\013\060\011\006\003\125\004\006\023\002
+\116\114\061\036\060\034\006\003\125\004\012\023\025\123\164\141
+\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
+\145\156\061\046\060\044\006\003\125\004\003\023\035\123\164\141
+\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
+\145\156\040\122\157\157\164\040\103\101\202\004\000\230\232\171
+\060\075\006\003\125\035\037\004\066\060\064\060\062\240\060\240
+\056\206\054\150\164\164\160\072\057\057\143\162\154\056\160\153
+\151\157\166\145\162\150\145\151\144\056\156\154\057\104\157\155
+\117\166\114\141\164\145\163\164\103\122\114\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\114\010\311\215\166\361
+\230\307\076\337\074\327\057\165\015\261\166\171\227\314\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
+\001\000\014\224\207\032\277\115\343\205\342\356\327\330\143\171
+\016\120\337\306\204\133\322\273\331\365\061\012\032\065\227\164
+\337\024\372\052\017\076\355\240\343\010\366\325\116\133\257\246
+\256\045\342\105\153\042\017\267\124\050\176\222\336\215\024\154
+\321\034\345\156\164\004\234\267\357\064\104\105\337\311\203\035
+\031\037\300\051\151\337\211\325\077\302\260\123\155\345\116\027
+\344\163\141\043\023\046\161\103\375\114\131\313\303\337\042\252
+\041\053\331\277\225\021\032\212\244\342\253\247\135\113\157\051
+\365\122\321\344\322\025\261\213\376\360\003\317\247\175\351\231
+\207\070\263\015\163\024\344\162\054\341\316\365\255\006\110\144
+\372\323\051\271\242\330\273\364\325\013\245\100\104\103\216\240
+\277\316\132\245\122\114\144\323\027\061\141\314\350\244\212\350
+\344\210\373\351\345\057\006\063\063\233\224\146\146\261\253\120
+\072\241\011\201\164\123\132\047\271\246\322\045\317\323\303\247
+\377\226\320\057\352\340\036\215\122\351\030\034\040\012\107\240
+\226\126\016\100\220\121\104\254\032\375\361\356\205\037\367\102
+\132\145
+END
+
+# Trust for Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
+# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Thu Jul 05 08:42:08 2007
+# Not Valid After : Mon Jul 27 08:39:47 2015
+# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
+# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\247\250\311\254\364\137\220\222\166\206\270\300\242\016\223\130
+\175\336\060\344
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\243\317\263\377\371\117\247\261\353\072\165\130\116\056\237\352
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
 #
 # Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
 # Serial Number: 268435455 (0xfffffff)
 # Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
 # Not Valid Before: Wed May 12 08:51:39 2010
 # Not Valid After : Mon Mar 23 09:50:05 2020
 # Fingerprint (MD5): 2E:61:A2:D1:78:CE:EE:BF:59:33:B0:23:14:0F:94:1C
@@ -12487,16 +14883,325 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\004\017\377\377\377
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+#
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Tue Jul 17 15:17:49 2007
+# Not Valid After : Tue Jul 17 15:16:55 2012
+# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
+# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
+\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
+\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
+\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
+\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
+\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
+\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
+\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
+\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
+\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
+\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
+\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
+\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
+\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
+\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
+\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
+\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
+\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
+\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
+\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
+\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
+\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
+\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
+\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
+\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
+\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
+\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
+\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
+\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
+\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
+\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
+\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
+\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
+\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
+\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
+\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
+\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
+\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
+\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
+\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
+\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
+\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
+\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
+\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
+\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
+\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
+\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
+\131
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Tue Jul 17 15:17:49 2007
+# Not Valid After : Tue Jul 17 15:16:55 2012
+# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
+# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
+\214\071\131\117
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+#
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Fri Jul 16 17:23:38 2010
+# Not Valid After : Thu Jul 16 17:53:38 2015
+# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
+# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
+\105\156\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
+\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
+\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
+\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
+\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
+\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
+\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
+\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
+\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
+\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
+\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
+\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
+\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
+\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
+\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
+\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
+\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
+\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
+\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
+\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
+\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
+\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
+\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
+\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
+\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
+\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
+\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
+\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
+\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
+\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
+\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
+\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
+\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
+\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
+\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
+\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
+\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
+\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
+\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
+\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
+\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
+\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
+\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
+\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
+\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
+\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
+\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
+\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
+\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
+\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
+\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
+\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
+\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
+\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
+\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
+\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
+\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
+\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
+\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
+\355\020\342\305
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Fri Jul 16 17:23:38 2010
+# Not Valid After : Thu Jul 16 17:53:38 2015
+# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
+# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
+\005\155\061\046
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
 # Certificate "Security Communication RootCA2"
 #
 # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
 # Serial Number: 0 (0x0)
 # Subject: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
 # Not Valid Before: Fri May 29 05:00:39 2009
 # Not Valid After : Tue May 29 05:00:39 2029
 # Fingerprint (MD5): 6C:39:7D:A4:0E:55:59:B2:3F:D6:41:B1:12:50:DE:43
@@ -19128,16 +21833,159 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\004\030\112\314\326
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Explicitly Distrusted MCSHOLDING CA"
+#
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079246 (0x4933008e)
+# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
+# Not Valid Before: Thu Mar 19 06:20:09 2015
+# Not Valid After : Fri Apr 03 06:20:09 2015
+# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
+# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\013\060\011\006\003\125\004\006\023\002\105\107\061
+\023\060\021\006\003\125\004\012\014\012\115\103\123\110\117\114
+\104\111\116\107\061\030\060\026\006\003\125\004\003\014\017\115
+\103\123\110\117\114\104\111\116\107\040\124\105\123\124
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\216
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\222\060\202\003\172\240\003\002\001\002\002\004\111
+\063\000\216\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\062\061\013\060\011\006\003\125\004\006\023\002\103
+\116\061\016\060\014\006\003\125\004\012\023\005\103\116\116\111
+\103\061\023\060\021\006\003\125\004\003\023\012\103\116\116\111
+\103\040\122\117\117\124\060\036\027\015\061\065\060\063\061\071
+\060\066\062\060\060\071\132\027\015\061\065\060\064\060\063\060
+\066\062\060\060\071\132\060\074\061\013\060\011\006\003\125\004
+\006\023\002\105\107\061\023\060\021\006\003\125\004\012\014\012
+\115\103\123\110\117\114\104\111\116\107\061\030\060\026\006\003
+\125\004\003\014\017\115\103\123\110\117\114\104\111\116\107\040
+\124\105\123\124\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\245\371\165\014\006\256\356\014\021\315\226
+\063\115\153\316\300\112\014\075\135\353\322\113\011\177\347\107
+\054\254\161\000\371\010\257\064\361\243\152\307\374\346\253\316
+\320\276\312\315\052\230\230\271\320\216\063\111\007\141\040\321
+\132\064\316\203\024\006\171\216\032\277\333\344\240\070\072\356
+\224\271\243\240\130\072\211\024\254\140\076\003\324\307\315\073
+\034\260\232\210\032\111\020\251\260\262\375\345\350\341\004\342
+\352\202\155\376\014\121\105\221\255\165\042\256\377\117\220\013
+\300\123\145\167\076\036\302\126\265\066\306\326\205\314\016\203
+\032\063\037\166\231\133\053\227\053\213\327\321\024\025\114\235
+\131\327\200\057\244\242\205\325\210\066\002\140\125\312\130\337
+\223\374\112\142\007\226\323\304\372\277\215\001\047\227\057\246
+\134\164\361\072\102\156\135\171\024\060\061\032\074\331\262\127
+\115\340\270\077\017\151\061\242\235\145\231\331\326\061\207\265
+\230\046\337\360\313\273\025\300\044\023\142\122\032\153\313\105
+\007\227\343\304\224\136\311\015\107\054\351\317\351\364\217\376
+\065\341\062\347\061\002\003\001\000\001\243\202\001\244\060\202
+\001\240\060\166\006\010\053\006\001\005\005\007\001\001\004\152
+\060\150\060\051\006\010\053\006\001\005\005\007\060\001\206\035
+\150\164\164\160\072\057\057\157\143\163\160\143\156\156\151\143
+\162\157\157\164\056\143\156\156\151\143\056\143\156\060\073\006
+\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160\072
+\057\057\167\167\167\056\143\156\156\151\143\056\143\156\057\144
+\157\167\156\154\157\141\144\057\143\145\162\164\057\103\116\116
+\111\103\122\117\117\124\056\143\145\162\060\037\006\003\125\035
+\043\004\030\060\026\200\024\145\362\061\255\052\367\367\335\122
+\226\012\307\002\301\016\357\246\325\073\021\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\077\006\003
+\125\035\040\004\070\060\066\060\064\006\012\053\006\001\004\001
+\201\351\014\001\006\060\046\060\044\006\010\053\006\001\005\005
+\007\002\001\026\030\150\164\164\160\072\057\057\167\167\167\056
+\143\156\156\151\143\056\143\156\057\143\160\163\057\060\201\206
+\006\003\125\035\037\004\177\060\175\060\102\240\100\240\076\244
+\074\060\072\061\013\060\011\006\003\125\004\006\023\002\103\116
+\061\016\060\014\006\003\125\004\012\014\005\103\116\116\111\103
+\061\014\060\012\006\003\125\004\013\014\003\143\162\154\061\015
+\060\013\006\003\125\004\003\014\004\143\162\154\061\060\067\240
+\065\240\063\206\061\150\164\164\160\072\057\057\143\162\154\056
+\143\156\156\151\143\056\143\156\057\144\157\167\156\154\157\141
+\144\057\162\157\157\164\163\150\141\062\143\162\154\057\103\122
+\114\061\056\143\162\154\060\013\006\003\125\035\017\004\004\003
+\002\001\006\060\035\006\003\125\035\016\004\026\004\024\104\244
+\211\253\024\137\075\157\040\074\252\174\372\031\256\364\110\140
+\005\265\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\003\202\001\001\000\134\264\365\123\233\117\271\340\204\211
+\061\276\236\056\352\236\041\113\245\217\155\241\246\363\057\110
+\353\351\333\255\036\061\200\320\171\073\020\357\232\044\367\223
+\033\065\363\032\302\307\302\054\012\177\157\133\361\137\163\221
+\004\373\015\171\015\351\032\006\326\203\375\116\140\235\154\222
+\103\114\352\144\230\104\253\327\373\107\320\257\037\144\114\342
+\335\167\150\026\302\054\241\240\201\227\000\102\037\176\040\170
+\350\306\120\035\013\177\025\223\131\130\100\024\204\360\247\220
+\153\066\005\147\352\177\042\155\273\321\245\046\115\263\060\244
+\130\324\133\265\032\214\120\214\270\015\341\240\007\263\017\130
+\316\327\005\265\175\065\171\157\242\333\014\000\052\150\044\214
+\176\234\301\166\111\272\174\146\021\336\362\107\316\376\320\316
+\125\276\010\332\362\171\046\052\025\071\316\153\030\246\337\330
+\207\050\231\224\016\055\150\241\232\316\122\066\234\053\354\264
+\150\263\154\025\254\313\160\102\362\304\101\245\310\374\041\170
+\123\167\062\040\251\041\114\162\342\323\262\311\166\033\030\130
+\102\013\102\222\263\344
+END
+
+# Distrust "Explicitly Distrusted MCSHOLDING CA"
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079246 (0x4933008e)
+# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
+# Not Valid Before: Thu Mar 19 06:20:09 2015
+# Not Valid After : Fri Apr 03 06:20:09 2015
+# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
+# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\341\363\131\036\166\230\145\304\344\107\254\303\176\257\311\342
+\277\344\305\166
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\366\212\253\024\076\326\060\045\267\111\015\167\205\160\231\313
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\216
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
 #
 # Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
 # Serial Number:00:8e:17:fe:24:20:81
 # Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
 # Not Valid Before: Tue Apr 30 08:07:01 2013
 # Not Valid After : Fri Apr 28 08:07:01 2023
 # Fingerprint (SHA-256): 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -41,18 +41,18 @@
  *   made on that branch.
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  * It's recommend to switch back to 0 after having reached version 98/99.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 20
-#define NSS_BUILTINS_LIBRARY_VERSION "2.20"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 18
+#define NSS_BUILTINS_LIBRARY_VERSION "2.18"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -2051,20 +2051,16 @@ sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_
             return rv;
         }
         maskHashAlgTag = SECOID_GetAlgorithmTag(&maskHashAlg);
         mech->mgf = sec_GetMgfTypeByOidTag(maskHashAlgTag);
     } else {
         mech->mgf = CKG_MGF1_SHA1; /* default, MGF1 with SHA-1 */
     }
 
-    if (params->saltLength.data) {
-        rv = SEC_ASN1DecodeInteger((SECItem *)&params->saltLength, &saltLength);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-    } else {
-        saltLength = 20; /* default, 20 */
+    rv = SEC_ASN1DecodeInteger((SECItem *)&params->saltLength, &saltLength);
+    if (rv != SECSuccess) {
+        return rv;
     }
     mech->sLen = saltLength;
 
     return rv;
 }
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -605,17 +605,16 @@ sec_CreateRSAPSSParameters(PLArenaPool *
                            SECItem *result,
                            SECOidTag hashAlgTag,
                            const SECItem *params,
                            const SECKEYPrivateKey *key)
 {
     SECKEYRSAPSSParams pssParams;
     int modBytes, hashLength;
     unsigned long saltLength;
-    PRBool defaultSHA1 = PR_FALSE;
     SECStatus rv;
 
     if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
         PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
         return NULL;
     }
 
     PORT_Memset(&pssParams, 0, sizeof(pssParams));
@@ -627,17 +626,16 @@ sec_CreateRSAPSSParameters(PLArenaPool *
                       params->data[0] == SEC_ASN1_NULL &&
                       params->data[1] == 0));
         rv = SEC_QuickDERDecodeItem(arena, &pssParams,
                                     SECKEY_RSAPSSParamsTemplate,
                                     params);
         if (rv != SECSuccess) {
             return NULL;
         }
-        defaultSHA1 = PR_TRUE;
     }
 
     if (pssParams.trailerField.data) {
         unsigned long trailerField;
 
         rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.trailerField,
                                    &trailerField);
         if (rv != SECSuccess) {
@@ -649,33 +647,25 @@ sec_CreateRSAPSSParameters(PLArenaPool *
         }
     }
 
     modBytes = PK11_GetPrivateModulusLen((SECKEYPrivateKey *)key);
 
     /* Determine the hash algorithm to use, based on hashAlgTag and
      * pssParams.hashAlg; there are four cases */
     if (hashAlgTag != SEC_OID_UNKNOWN) {
-        SECOidTag tag = SEC_OID_UNKNOWN;
-
         if (pssParams.hashAlg) {
-            tag = SECOID_GetAlgorithmTag(pssParams.hashAlg);
-        } else if (defaultSHA1) {
-            tag = SEC_OID_SHA1;
-        }
-
-        if (tag != SEC_OID_UNKNOWN && tag != hashAlgTag) {
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return NULL;
+            if (SECOID_GetAlgorithmTag(pssParams.hashAlg) != hashAlgTag) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return NULL;
+            }
         }
     } else if (hashAlgTag == SEC_OID_UNKNOWN) {
         if (pssParams.hashAlg) {
             hashAlgTag = SECOID_GetAlgorithmTag(pssParams.hashAlg);
-        } else if (defaultSHA1) {
-            hashAlgTag = SEC_OID_SHA1;
         } else {
             /* Find a suitable hash algorithm based on the NIST recommendation */
             if (modBytes <= 384) { /* 128, in NIST 800-57, Part 1 */
                 hashAlgTag = SEC_OID_SHA256;
             } else if (modBytes <= 960) { /* 192, NIST 800-57, Part 1 */
                 hashAlgTag = SEC_OID_SHA384;
             } else {
                 hashAlgTag = SEC_OID_SHA512;
@@ -714,39 +704,32 @@ sec_CreateRSAPSSParameters(PLArenaPool *
         }
 
         /* Following the recommendation in RFC 4055, assume the hash
          * algorithm identical to pssParam.hashAlg */
         if (SECOID_GetAlgorithmTag(&maskHashAlg) != hashAlgTag) {
             PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
             return NULL;
         }
-    } else if (defaultSHA1) {
-        if (hashAlgTag != SEC_OID_SHA1) {
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return NULL;
-        }
     }
 
     hashLength = HASH_ResultLenByOidTag(hashAlgTag);
 
     if (pssParams.saltLength.data) {
         rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.saltLength,
                                    &saltLength);
         if (rv != SECSuccess) {
             return NULL;
         }
 
         /* The specified salt length is too long */
         if (saltLength > modBytes - hashLength - 2) {
             PORT_SetError(SEC_ERROR_INVALID_ARGS);
             return NULL;
         }
-    } else if (defaultSHA1) {
-        saltLength = 20;
     }
 
     /* Fill in the parameters */
     if (pssParams.hashAlg) {
         if (hashAlgTag == SEC_OID_SHA1) {
             /* Omit hashAlg if the the algorithm is SHA-1 (default) */
             pssParams.hashAlg = NULL;
         }
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -505,46 +505,40 @@ ifdef USE_64
         endif
         ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
             HAVE_INT128_SUPPORT = 1
             DEFINES += -DHAVE_INT128_SUPPORT
         endif
     endif
 endif
 
-ifndef HAVE_INT128_SUPPORT
-    DEFINES += -DKRML_NOUINT128
-endif
-
 ifndef NSS_DISABLE_CHACHAPOLY
     ifeq ($(CPU_ARCH),x86_64)
         ifdef HAVE_INT128_SUPPORT
             EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c
         else
             EXTRA_SRCS += poly1305.c
         endif
 
         ifneq (1,$(CC_IS_GCC))
             EXTRA_SRCS += chacha20.c
-            VERIFIED_SRCS += Hacl_Chacha20.c
         else
             EXTRA_SRCS += chacha20_vec.c
         endif
     else
         EXTRA_SRCS += poly1305.c
         EXTRA_SRCS += chacha20.c
-        VERIFIED_SRCS += Hacl_Chacha20.c
     endif # x86_64
 endif # NSS_DISABLE_CHACHAPOLY
 
-ifeq (,$(filter-out i386 x386 x86 x86_64 aarch64,$(CPU_ARCH)))
+ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
     # All intel architectures get the 64 bit version
     # With custom uint128 if necessary (faster than generic 32 bit version).
     ECL_SRCS += curve25519_64.c
-    VERIFIED_SRCS += Hacl_Curve25519.c FStar.c
+    VERIFIED_SRCS += hacl_curve25519_64.c
 else
     # All non intel architectures get the generic 32 bit implementation (slow!)
     ECL_SRCS += curve25519_32.c
 endif
 
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
@@ -587,16 +581,21 @@ MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG
 
 ECL_USERS = ec.c
 
 ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX)))
 ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
 
 $(ECL_OBJS): $(ECL_HDRS)
 
+VERIFIED_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(VERIFIED_SRCS:.c=$(OBJ_SUFFIX)))
+
+$(VERIFIED_OBJS): $(VERIFIED_HDRS)
+
+
 $(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c
 
 $(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
 
 $(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h
 
 ifeq ($(SYSV_SPARC),1)
 
--- a/security/nss/lib/freebl/chacha20.c
+++ b/security/nss/lib/freebl/chacha20.c
@@ -2,18 +2,118 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* Adopted from the public domain code in NaCl by djb. */
 
 #include <string.h>
 #include <stdio.h>
 
+#include "prtypes.h"
+#include "secport.h"
 #include "chacha20.h"
-#include "verified/Hacl_Chacha20.h"
+
+#if defined(_MSC_VER)
+#pragma intrinsic(_lrotl)
+#define ROTL32(x, n) _lrotl(x, n)
+#else
+#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n)))
+#endif
+
+#define ROTATE(v, c) ROTL32((v), (c))
+
+#define U32TO8_LITTLE(p, v)          \
+    {                                \
+        (p)[0] = ((v)) & 0xff;       \
+        (p)[1] = ((v) >> 8) & 0xff;  \
+        (p)[2] = ((v) >> 16) & 0xff; \
+        (p)[3] = ((v) >> 24) & 0xff; \
+    }
+#define U8TO32_LITTLE(p)                                \
+    (((PRUint32)((p)[0])) | ((PRUint32)((p)[1]) << 8) | \
+     ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24))
+
+#define QUARTERROUND(x, a, b, c, d) \
+    x[a] = x[a] + x[b];             \
+    x[d] = ROTATE(x[d] ^ x[a], 16); \
+    x[c] = x[c] + x[d];             \
+    x[b] = ROTATE(x[b] ^ x[c], 12); \
+    x[a] = x[a] + x[b];             \
+    x[d] = ROTATE(x[d] ^ x[a], 8);  \
+    x[c] = x[c] + x[d];             \
+    x[b] = ROTATE(x[b] ^ x[c], 7);
+
+static void
+ChaChaCore(unsigned char output[64], const PRUint32 input[16], int num_rounds)
+{
+    PRUint32 x[16];
+    int i;
+
+    PORT_Memcpy(x, input, sizeof(PRUint32) * 16);
+    for (i = num_rounds; i > 0; i -= 2) {
+        QUARTERROUND(x, 0, 4, 8, 12)
+        QUARTERROUND(x, 1, 5, 9, 13)
+        QUARTERROUND(x, 2, 6, 10, 14)
+        QUARTERROUND(x, 3, 7, 11, 15)
+        QUARTERROUND(x, 0, 5, 10, 15)
+        QUARTERROUND(x, 1, 6, 11, 12)
+        QUARTERROUND(x, 2, 7, 8, 13)
+        QUARTERROUND(x, 3, 4, 9, 14)
+    }
+
+    for (i = 0; i < 16; ++i) {
+        x[i] = x[i] + input[i];
+    }
+    for (i = 0; i < 16; ++i) {
+        U32TO8_LITTLE(output + 4 * i, x[i]);
+    }
+}
+
+static const unsigned char sigma[16] = "expand 32-byte k";
 
 void
 ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inLen,
             const unsigned char key[32], const unsigned char nonce[12],
             uint32_t counter)
 {
-    Hacl_Chacha20_chacha20(out, (uint8_t *)in, inLen, (uint8_t *)key, (uint8_t *)nonce, counter);
+    unsigned char block[64];
+    PRUint32 input[16];
+    unsigned int i;
+
+    input[4] = U8TO32_LITTLE(key + 0);
+    input[5] = U8TO32_LITTLE(key + 4);
+    input[6] = U8TO32_LITTLE(key + 8);
+    input[7] = U8TO32_LITTLE(key + 12);
+
+    input[8] = U8TO32_LITTLE(key + 16);
+    input[9] = U8TO32_LITTLE(key + 20);
+    input[10] = U8TO32_LITTLE(key + 24);
+    input[11] = U8TO32_LITTLE(key + 28);
+
+    input[0] = U8TO32_LITTLE(sigma + 0);
+    input[1] = U8TO32_LITTLE(sigma + 4);
+    input[2] = U8TO32_LITTLE(sigma + 8);
+    input[3] = U8TO32_LITTLE(sigma + 12);
+
+    input[12] = counter;
+    input[13] = U8TO32_LITTLE(nonce + 0);
+    input[14] = U8TO32_LITTLE(nonce + 4);
+    input[15] = U8TO32_LITTLE(nonce + 8);
+
+    while (inLen >= 64) {
+        ChaChaCore(block, input, 20);
+        for (i = 0; i < 64; i++) {
+            out[i] = in[i] ^ block[i];
+        }
+
+        input[12]++;
+        inLen -= 64;
+        in += 64;
+        out += 64;
+    }
+
+    if (inLen > 0) {
+        ChaChaCore(block, input, 20);
+        for (i = 0; i < inLen; i++) {
+            out[i] = in[i] ^ block[i];
+        }
+    }
 }
--- a/security/nss/lib/freebl/ecl/curve25519_64.c
+++ b/security/nss/lib/freebl/ecl/curve25519_64.c
@@ -1,14 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ecl-priv.h"
-#include "../verified/Hacl_Curve25519.h"
+#include "../verified/hacl_curve25519_64.h"
 
 SECStatus
 ec_Curve25519_mul(uint8_t *mypublic, const uint8_t *secret, const uint8_t *basepoint)
 {
     // Note: this cast is safe because HaCl* state has a post-condition that only "mypublic" changed.
-    Hacl_Curve25519_crypto_scalarmult(mypublic, (uint8_t *)secret, (uint8_t *)basepoint);
+    Curve25519_crypto_scalarmult(mypublic, (uint8_t *)secret, (uint8_t *)basepoint);
     return 0;
 }
--- a/security/nss/lib/freebl/fipsfreebl.c
+++ b/security/nss/lib/freebl/fipsfreebl.c
@@ -11,17 +11,19 @@
 #include "stubs.h"
 #endif
 
 #include "blapi.h"
 #include "seccomon.h" /* Required for RSA and DSA. */
 #include "secerr.h"
 #include "prtypes.h"
 
+#ifdef NSS_ENABLE_ECC
 #include "ec.h" /* Required for ECDSA */
+#endif
 
 /*
  * different platforms have different ways of calling and initial entry point
  * when the dll/.so is loaded. Most platforms support either a posix pragma
  * or the GCC attribute. Some platforms suppor a pre-defined name, and some
  * platforms have a link line way of invoking this function.
  */
 
@@ -1071,16 +1073,18 @@ freebl_fips_RSA_PowerUpSelfTest(void)
     return (SECSuccess);
 
 rsa_loser:
 
     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     return (SECFailure);
 }
 
+#ifdef NSS_ENABLE_ECC
+
 static SECStatus
 freebl_fips_ECDSA_Test(ECParams *ecparams,
                        const PRUint8 *knownSignature,
                        unsigned int knownSignatureLen)
 {
 
     /* ECDSA Known Seed info for curves nistp256 and nistk283  */
     static const PRUint8 ecdsa_Known_Seed[] = {
@@ -1267,16 +1271,18 @@ freebl_fips_ECDSA_PowerUpSelfTest()
                                 sizeof ecdsa_known_P256_signature);
     if (rv != SECSuccess) {
         return (SECFailure);
     }
 
     return (SECSuccess);
 }
 
+#endif /* NSS_ENABLE_ECC */
+
 static SECStatus
 freebl_fips_DSA_PowerUpSelfTest(void)
 {
     /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
     static const PRUint8 dsa_P[] = {
         0x80, 0xb0, 0xd1, 0x9d, 0x6e, 0xa4, 0xf3, 0x28,
         0x9f, 0x24, 0xa9, 0x8a, 0x49, 0xd0, 0x0c, 0x63,
         0xe8, 0x59, 0x04, 0xf9, 0x89, 0x4a, 0x5e, 0xc0,
@@ -1549,21 +1555,23 @@ freebl_fipsPowerUpSelfTest(unsigned int 
             return rv;
 
         /* DSA Power-Up SelfTest(s). */
         rv = freebl_fips_DSA_PowerUpSelfTest();
 
         if (rv != SECSuccess)
             return rv;
 
+#ifdef NSS_ENABLE_ECC
         /* ECDSA Power-Up SelfTest(s). */
         rv = freebl_fips_ECDSA_PowerUpSelfTest();
 
         if (rv != SECSuccess)
             return rv;
+#endif
     }
     /* Passed Power-Up SelfTest(s). */
     return (SECSuccess);
 }
 
 /*
  * state variables. NOTE: freebl has two uses: a standalone use which
  * provided limitted access to the hash functions throught the NSSLOWHASH_
--- a/security/nss/lib/freebl/freebl.gyp
+++ b/security/nss/lib/freebl/freebl.gyp
@@ -250,26 +250,18 @@
       }],
       [ 'OS!="win"', {
         'conditions': [
           [ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
             'defines': [
               # The Makefile does version-tests on GCC, but we're not doing that here.
               'HAVE_INT128_SUPPORT',
             ],
-          }, {
-            'defines': [
-              'KRML_NOUINT128',
-            ],
           }],
         ],
-      }, {
-        'defines': [
-          'KRML_NOUINT128',
-        ],
       }],
       [ 'OS=="linux"', {
         'defines': [
           'FREEBL_LOWHASH',
           'FREEBL_NO_DEPEND',
         ],
         'cflags': [
           '-std=gnu99',
--- a/security/nss/lib/freebl/freebl_base.gypi
+++ b/security/nss/lib/freebl/freebl_base.gypi
@@ -125,41 +125,39 @@
         [ 'cc_is_clang!=1', {
           # MSVC
           'sources': [
             'intel-gcm-wrap.c',
           ],
         }],
       ],
     }],
-    ['target_arch=="ia32" or target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
+    ['target_arch=="ia32" or target_arch=="x64"', {
       'sources': [
-        # All intel and 64-bit ARM architectures get the 64 bit version.
+        # All intel architectures get the 64 bit version
         'ecl/curve25519_64.c',
-        'verified/Hacl_Curve25519.c',
-        'verified/FStar.c',
+        'verified/hacl_curve25519_64.c',
       ],
     }, {
       'sources': [
-        # All other architectures get the generic 32 bit implementation (slow!)
+        # All non intel architectures get the generic 32 bit implementation (slow!)
         'ecl/curve25519_32.c',
       ],
     }],
     [ 'disable_chachapoly==0', {
       'conditions': [
         [ 'OS!="win" and target_arch=="x64"', {
           'sources': [
             'chacha20_vec.c',
             'poly1305-donna-x64-sse2-incremental-source.c',
           ],
         }, {
           # not x64
           'sources': [
             'chacha20.c',
-            'verified/Hacl_Chacha20.c',
             'poly1305.c',
           ],
         }],
       ],
     }],
     [ 'fuzz==1', {
       'sources!': [ 'drbg.c' ],
       'sources': [ 'det_rng.c' ],
--- a/security/nss/lib/freebl/mpi/README
+++ b/security/nss/lib/freebl/mpi/README
@@ -48,17 +48,17 @@ 2-byte words, as well.  Whatever you cho
 to change are:
 
 (1) The type definitions for mp_digit and mp_word.
 
 (2) The macro DIGIT_FMT which tells mp_print() how to display a
     single digit.  This is just a printf() format string, so you
     can adjust it appropriately.
 
-(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the
+(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the 
     largest value expressible in an mp_digit and an mp_word,
     respectively.
 
 Both the mp_digit and mp_word should be UNSIGNED integer types.  The
 code relies on having the full positive precision of the type used for
 digits and words.
 
 The remaining type definitions should be left alone, for the most
@@ -340,33 +340,33 @@ exist:
 
 mp_invmod(a, m, c)      - compute c = a^-1 (mod m), if it exists
 
 The function mp_xgcd() computes the greatest common divisor, and also
 returns values of x and y satisfying Bezout's identity.  This is used
 by mp_invmod() to find modular inverses.  However, if you do not need
 these values, you will find that mp_gcd() is MUCH more efficient,
 since it doesn't need all the intermediate values that mp_xgcd()
-requires in order to compute x and y.
+requires in order to compute x and y. 
 
 The mp_gcd() (and mp_xgcd()) functions use the binary (extended) GCD
 algorithm due to Josef Stein.
 
 
 Input & Output Functions
 ------------------------
 
 The following basic I/O routines are provided.  These are present at
 all times:
 
 mp_read_radix(mp, str, r)  - convert a string in radix r to an mp_int
 mp_read_raw(mp, s, len)    - convert a string of bytes to an mp_int
 mp_radix_size(mp, r)       - return length of buffer needed by mp_toradix()
 mp_raw_size(mp)            - return length of buffer needed by mp_toraw()
-mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r
+mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r 
                              digits
 mp_toraw(mp, str)          - convert an mp_int to a string of bytes
 mp_tovalue(ch, r)          - convert ch to its value when taken as
                              a radix r digit, or -1 if invalid
 mp_strerror(err)           - get a string describing mp_err value 'err'
 
 If you compile the MPI library with MP_IOFUNC defined, you will also
 have access to the following additional I/O function:
@@ -382,17 +382,17 @@ will actually be written by mp_toradix()
 creates will be NUL terminated, so the standard C library function
 strlen() should be able to ascertain this for you, if you need it.
 
 The mp_read_radix() and mp_toradix() functions support bases from 2 to
 64 inclusive.  If you require more general radix conversion facilities
 than this, you will need to write them yourself (that's why mp_div_d()
 is provided, after all).
 
-Note:   mp_read_radix() will accept as digits either capital or
+Note:   mp_read_radix() will accept as digits either capital or 
 ----    lower-case letters.  However, the current implementation of
         mp_toradix() only outputs upper-case letters, when writing
         bases betwee 10 and 36.  The underlying code supports using
         lower-case letters, but the interface stub does not have a
         selector for it.  You can add one yourself if you think it
         is worthwhile -- I do not.  Bases from 36 to 64 use lower-
         case letters as distinct from upper-case.  Bases 63 and
         64 use the characters '+' and '/' as digits.
@@ -443,24 +443,24 @@ Note:  The mpp_random() and mpp_random_s
        requiring cryptographic-quality randomness; they are intended
        primarily for use in primality testing.
 
        Note too that the MPI library does not call srand(), so your
        application should do this, if you ever want the sequence
        to change.
 
 mpp_divis_vector(a, v, s, w)  - is a divisible by any of the s digits
-                                in v?  If so, let w be the index of
+                                in v?  If so, let w be the index of 
                                 that digit
 
 mpp_divis_primes(a, np)       - is a divisible by any of the first np
-                                primes?  If so, set np to the prime
+                                primes?  If so, set np to the prime 
                                 which divided a.
 
-mpp_fermat(a, d)              - test if w^a = w (mod a).  If so,
+mpp_fermat(a, d)              - test if w^a = w (mod a).  If so, 
                                 returns MP_YES, otherwise MP_NO.
 
 mpp_pprime(a, nt)             - perform nt iterations of the Rabin-
                                 Miller probabilistic primality test
                                 on a.  Returns MP_YES if all tests
                                 passed, or MP_NO if any test fails.
 
 The mpp_fermat() function works based on Fermat's little theorem, a
@@ -481,59 +481,66 @@ link it into your program directly.  If 
 the GNU C compiler (gcc), the following should work:
 
 % gcc -ansi -pedantic -Wall -O2 -c mpi.c
 
 The file 'mpi-config.h' defines several configurable parameters for
 the library, which you can adjust to suit your application.  At the
 time of this writing, the available options are:
 
-MP_IOFUNC       - Define true to include the mp_print() function,
+MP_IOFUNC       - Define true to include the mp_print() function, 
                   which is moderately useful for debugging.  This
                   implicitly includes <stdio.h>.
 
 MP_MODARITH     - Define true to include the modular arithmetic
                   functions.  If you don't need modular arithmetic
                   in your application, you can set this to zero to
                   leave out all the modular routines.
 
 MP_LOGTAB       - If true, the file "logtab.h" is included, which
                   is basically a static table of base 2 logarithms.
                   These are used to compute how big the buffers for
                   radix conversion need to be.  If you set this false,
                   the library includes <math.h> and uses log().  This
                   typically forces you to link against math libraries.
 
+MP_MEMSET       - If true, use memset() to zero buffers.  If you run
+                  into weird alignment related bugs, set this to zero
+                  and an explicit loop will be used.
+
+MP_MEMCPY       - If true, use memcpy() to copy buffers.  If you run
+                  into weird alignment bugs, set this to zero and an
+                  explicit loop will be used.
 
 MP_ARGCHK       - Set to 0, 1, or 2.  This defines how the argument
-                  checking macro, ARGCHK(), gets expanded.  If this
-                  is set to zero, ARGCHK() expands to nothing; no
+                  checking macro, ARGCHK(), gets expanded.  If this 
+                  is set to zero, ARGCHK() expands to nothing; no 
                   argument checks are performed.  If this is 1, the
                   ARGCHK() macro expands to code that returns MP_BADARG
-                  or similar at runtime.  If it is 2, ARGCHK() expands
-                  to an assert() call that aborts the program on a
+                  or similar at runtime.  If it is 2, ARGCHK() expands 
+                  to an assert() call that aborts the program on a 
                   bad input.
 
 MP_DEBUG        - Turns on debugging output.  This is probably not at
                   all useful unless you are debugging the library.  It
                   tends to spit out a LOT of output.
 
 MP_DEFPREC      - The default precision of a newly-created mp_int, in
                   digits.  The precision can be changed at runtime by
                   the mp_set_prec() function, but this is its initial
                   value.
 
-MP_SQUARE       - If this is set to a nonzero value, the mp_sqr()
+MP_SQUARE       - If this is set to a nonzero value, the mp_sqr() 
                   function will use an alternate algorithm that takes
                   advantage of the redundant inner product computation
                   when both multiplicands are identical.  Unfortunately,
                   with some compilers this is actually SLOWER than just
                   calling mp_mul() with the same argument twice.  So
                   if you set MP_SQUARE to zero, mp_sqr() will be expan-
-                  ded into a call to mp_mul().  This applies to all
+                  ded into a call to mp_mul().  This applies to all 
                   the uses of mp_sqr(), including mp_sqrmod() and the
                   internal calls to s_mp_sqr() inside mpi.c
 
                   The program 'mulsqr' (mulsqr.c) can be used to test
                   which works best for your configuration.  Set up the
                   CC and CFLAGS variables in the Makefile, then type:
 
                         make mulsqr
@@ -556,29 +563,29 @@ the library for you, if you have set the
 the top of the file appropriately.  By default, they are set up to
 use the GNU C compiler:
 
 CC=gcc
 CFLAGS=-ansi -pedantic -Wall -O2
 
 If all goes well, the library should compile without warnings using
 this combination.  You should, of course, make whatever adjustments
-you find necessary.
+you find necessary.  
 
 The MPI library distribution comes with several additional programs
 which are intended to demonstrate the use of the library, and provide
 a framework for testing it.  There are a handful of test driver
 programs, in the files named 'mptest-X.c', where X is a digit.  Also,
 there are some simple command-line utilities (in the 'utils'
 directory) for manipulating large numbers.  These include:
 
 basecvt.c       A radix-conversion program, supporting bases from
                 2 to 64 inclusive.
 
-bbsrand.c       A BBS (quadratic residue) pseudo-random number
+bbsrand.c       A BBS (quadratic residue) pseudo-random number 
                 generator.  The file 'bbsrand.c' is just the driver
                 for the program; the real code lives in the files
                 'bbs_rand.h' and 'bbs_rand.c'
 
 dec2hex.c       Converts decimal to hexadecimal
 
 gcd.c           Computes the greatest common divisor of two values.
                 If invoked as 'xgcd', also computes constants x and
@@ -614,17 +621,17 @@ exptmod.c       Computes arbitrary preci
 Most of these can be built from the Makefile that comes with the
 library.  Try 'make tools', if your environment supports it.
 
 
 Acknowledgements:
 ----------------
 
 The algorithms used in this library were drawn primarily from Volume
-2 of Donald Knuth's magnum opus, _The Art of Computer Programming_,
+2 of Donald Knuth's magnum opus, _The Art of Computer Programming_, 
 "Semi-Numerical Methods".  Barrett's algorithm for modular reduction
 came from Menezes, Oorschot, and Vanstone's _Handbook of Applied
 Cryptography_, Chapter 14.
 
 Thanks are due to Tom St. Denis, for finding an obnoxious sign-related
 bug in mp_read_raw() that made things break on platforms which use
 signed chars.
 
--- a/security/nss/lib/freebl/mpi/mpi-config.h
+++ b/security/nss/lib/freebl/mpi/mpi-config.h
@@ -23,16 +23,24 @@
 #ifndef MP_MODARITH
 #define MP_MODARITH 1 /* include modular arithmetic ?        */
 #endif
 
 #ifndef MP_LOGTAB
 #define MP_LOGTAB 1 /* use table of logs instead of log()? */
 #endif
 
+#ifndef MP_MEMSET
+#define MP_MEMSET 1 /* use memset() to zero buffers?       */
+#endif
+
+#ifndef MP_MEMCPY
+#define MP_MEMCPY 1 /* use memcpy() to copy buffers?       */
+#endif
+
 #ifndef MP_ARGCHK
 /*
   0 = no parameter checks
   1 = runtime checks, continue execution and return an error to caller
   2 = assertions; dump core on parameter errors
  */
 #ifdef DEBUG
 #define MP_ARGCHK 2 /* how to check input arguments        */
--- a/security/nss/lib/freebl/mpi/mpi.c
+++ b/security/nss/lib/freebl/mpi/mpi.c
@@ -2777,28 +2777,43 @@ s_mp_pad(mp_int *mp, mp_size min)
 /* }}} */
 
 /* {{{ s_mp_setz(dp, count) */
 
 /* Set 'count' digits pointed to by dp to be zeroes                       */
 void
 s_mp_setz(mp_digit *dp, mp_size count)
 {
+#if MP_MEMSET == 0
+    int ix;
+
+    for (ix = 0; ix < count; ix++)
+        dp[ix] = 0;
+#else
     memset(dp, 0, count * sizeof(mp_digit));
+#endif
+
 } /* end s_mp_setz() */
 
 /* }}} */
 
 /* {{{ s_mp_copy(sp, dp, count) */
 
 /* Copy 'count' digits from sp to dp                                      */
 void
 s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
 {
+#if MP_MEMCPY == 0
+    int ix;
+
+    for (ix = 0; ix < count; ix++)
+        dp[ix] = sp[ix];
+#else
     memcpy(dp, sp, count * sizeof(mp_digit));
+#endif
 } /* end s_mp_copy() */
 
 /* }}} */
 
 /* {{{ s_mp_alloc(nb, ni) */
 
 /* Allocate ni records of nb bytes each, and return a pointer to that     */
 void *
--- a/security/nss/lib/freebl/poly1305.h
+++ b/security/nss/lib/freebl/poly1305.h
@@ -3,18 +3,16 @@
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef FREEBL_POLY1305_H_
 #define FREEBL_POLY1305_H_
 
-#include "stddef.h"
-
 typedef unsigned char poly1305_state[512];
 
 /* Poly1305Init sets up |state| so that it can be used to calculate an
  * authentication tag with the one-time key |key|. Note that |key| is a
  * one-time key and therefore there is no `reset' method because that would
  * enable several messages to be authenticated with the same key. */
 extern void Poly1305Init(poly1305_state* state, const unsigned char key[32]);
 
--- a/security/nss/lib/freebl/rsa.c
+++ b/security/nss/lib/freebl/rsa.c
@@ -271,73 +271,65 @@ cleanup:
 **  "publicExponent" when not NULL is a pointer to some data that
 **     represents the public exponent to use. The data is a byte
 **     encoded integer, in "big endian" order.
 */
 RSAPrivateKey *
 RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
 {
     unsigned int primeLen;
-    mp_int p = { 0, 0, 0, NULL };
-    mp_int q = { 0, 0, 0, NULL };
-    mp_int e = { 0, 0, 0, NULL };
-    mp_int d = { 0, 0, 0, NULL };
+    mp_int p, q, e, d;
     int kiter;
     int max_attempts;
     mp_err err = MP_OKAY;
     SECStatus rv = SECSuccess;
     int prerr = 0;
     RSAPrivateKey *key = NULL;
     PLArenaPool *arena = NULL;
     /* Require key size to be a multiple of 16 bits. */
     if (!publicExponent || keySizeInBits % 16 != 0 ||
         BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits / 8, publicExponent->len)) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
-    /* 1.  Set the public exponent and check if it's uneven and greater than 2.*/
-    MP_DIGITS(&e) = 0;
-    CHECK_MPI_OK(mp_init(&e));
-    SECITEM_TO_MPINT(*publicExponent, &e);
-    if (mp_iseven(&e) || !(mp_cmp_d(&e, 2) > 0)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto cleanup;
-    }
-#ifndef NSS_FIPS_DISABLED
-    /* Check that the exponent is not smaller than 65537  */
-    if (mp_cmp_d(&e, 0x10001) < 0) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto cleanup;
-    }
-#endif
-
-    /* 2. Allocate arena & key */
+    /* 1. Allocate arena & key */
     arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
     if (!arena) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
-        goto cleanup;
+        return NULL;
     }
     key = PORT_ArenaZNew(arena, RSAPrivateKey);
     if (!key) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
-        goto cleanup;
+        PORT_FreeArena(arena, PR_TRUE);
+        return NULL;
     }
     key->arena = arena;
     /* length of primes p and q (in bytes) */
     primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
     MP_DIGITS(&p) = 0;
     MP_DIGITS(&q) = 0;
+    MP_DIGITS(&e) = 0;
     MP_DIGITS(&d) = 0;
     CHECK_MPI_OK(mp_init(&p));
     CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&e));
     CHECK_MPI_OK(mp_init(&d));
-    /* 3.  Set the version number (PKCS1 v1.5 says it should be zero) */
+    /* 2.  Set the version number (PKCS1 v1.5 says it should be zero) */
     SECITEM_AllocItem(arena, &key->version, 1);
     key->version.data[0] = 0;
-
+    /* 3.  Set the public exponent */
+    SECITEM_TO_MPINT(*publicExponent, &e);
+#ifndef NSS_FIPS_DISABLED
+    /* check the exponent size  we  */
+    if (mp_cmp_d(&e, 0x10001) < 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto cleanup;
+    }
+#endif
     kiter = 0;
     max_attempts = 5 * (keySizeInBits / 2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
     do {
         PORT_SetError(0);
         CHECK_SEC_OK(generate_prime(&p, primeLen));
         CHECK_SEC_OK(generate_prime(&q, primeLen));
         /* Assure p > q */
         /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
deleted file mode 100644
--- a/security/nss/lib/freebl/verified/FStar.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* This file was auto-generated by KreMLin! */
-
-#include "FStar.h"
-
-static uint64_t
-FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
-{
-    return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
-}
-
-static uint64_t
-FStar_UInt128_carry(uint64_t a, uint64_t b)
-{
-    return FStar_UInt128_constant_time_carry(a, b);
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low + b.low,
-            .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low + b.low,
-            .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low - b.low,
-            .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low - b.low,
-            .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return FStar_UInt128_sub_mod_impl(a, b);
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return ((FStar_UInt128_uint128){.low = a.low & b.low, .high = a.high & b.high });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return ((FStar_UInt128_uint128){.low = a.low ^ b.low, .high = a.high ^ b.high });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return ((FStar_UInt128_uint128){.low = a.low | b.low, .high = a.high | b.high });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_lognot(FStar_UInt128_uint128 a)
-{
-    return ((FStar_UInt128_uint128){.low = ~a.low, .high = ~a.high });
-}
-
-static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
-
-static uint64_t
-FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
-}
-
-static uint64_t
-FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return FStar_UInt128_add_u64_shift_left(hi, lo, s);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s == (uint32_t)0U)
-        return a;
-    else
-        return (
-            (FStar_UInt128_uint128){
-                .low = a.low << s,
-                .high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) });
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
-{
-    return ((FStar_UInt128_uint128){.low = (uint64_t)0U, .high = a.low << (s - FStar_UInt128_u32_64) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s < FStar_UInt128_u32_64)
-        return FStar_UInt128_shift_left_small(a, s);
-    else
-        return FStar_UInt128_shift_left_large(a, s);
-}
-
-static uint64_t
-FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
-}
-
-static uint64_t
-FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return FStar_UInt128_add_u64_shift_right(hi, lo, s);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s == (uint32_t)0U)
-        return a;
-    else
-        return (
-            (FStar_UInt128_uint128){
-                .low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s),
-                .high = a.high >> s });
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
-{
-    return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0U });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s < FStar_UInt128_u32_64)
-        return FStar_UInt128_shift_right_small(a, s);
-    else
-        return FStar_UInt128_shift_right_large(a, s);
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high),
-            .high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
-            .high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_uint64_to_uint128(uint64_t a)
-{
-    return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0U });
-}
-
-uint64_t
-FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
-{
-    return a.low;
-}
-
-static uint64_t FStar_UInt128_u64_l32_mask = (uint64_t)0xffffffffU;
-
-static uint64_t
-FStar_UInt128_u64_mod_32(uint64_t a)
-{
-    return a & FStar_UInt128_u64_l32_mask;
-}
-
-static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
-
-static K___uint64_t_uint64_t_uint64_t_uint64_t
-FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
-{
-    return (
-        (K___uint64_t_uint64_t_uint64_t_uint64_t){
-            .fst = FStar_UInt128_u64_mod_32(x),
-            .snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)),
-            .thd = x >> FStar_UInt128_u32_32,
-            .f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) });
-}
-
-static uint64_t
-FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo)
-{
-    return lo + (hi << FStar_UInt128_u32_32);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
-{
-    K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y);
-    uint64_t u1 = scrut.fst;
-    uint64_t w3 = scrut.snd;
-    uint64_t x_ = scrut.thd;
-    uint64_t t_ = scrut.f3;
-    return (
-        (FStar_UInt128_uint128){
-            .low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_),
-                                              w3),
-            .high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) +
-                    ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_mul_wide(uint64_t x, uint64_t y)
-{
-    return FStar_UInt128_mul_wide_impl(x, y);
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/verified/FStar.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* This file was auto-generated by KreMLin! */
-#ifndef __FStar_H
-#define __FStar_H
-
-#include "kremlib_base.h"
-
-typedef struct
-{
-    uint64_t low;
-    uint64_t high;
-} FStar_UInt128_uint128;
-
-typedef FStar_UInt128_uint128 FStar_UInt128_t;
-
-extern void FStar_UInt128_constant_time_carry_ok(uint64_t x0, uint64_t x1);
-
-FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a);
-
-FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s);
-
-FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s);
-
-FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a);
-
-uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a);
-
-typedef struct
-{
-    uint64_t fst;
-    uint64_t snd;
-    uint64_t thd;
-    uint64_t f3;
-} K___uint64_t_uint64_t_uint64_t_uint64_t;
-
-FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y);
-#endif
deleted file mode 100644
--- a/security/nss/lib/freebl/verified/Hacl_Chacha20.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "Hacl_Chacha20.h"
-
-static void
-Hacl_Lib_LoadStore32_uint32s_from_le_bytes(uint32_t *output, uint8_t *input, uint32_t len)
-{
-    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
-        uint8_t *x0 = input + (uint32_t)4U * i;
-        uint32_t inputi = load32_le(x0);
-        output[i] = inputi;
-    }
-}
-
-static void
-Hacl_Lib_LoadStore32_uint32s_to_le_bytes(uint8_t *output, uint32_t *input, uint32_t len)
-{
-    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
-        uint32_t hd1 = input[i];
-        uint8_t *x0 = output + (uint32_t)4U * i;
-        store32_le(x0, hd1);
-    }
-}
-
-inline static uint32_t
-Hacl_Impl_Chacha20_rotate_left(uint32_t a, uint32_t s)
-{
-    return a << s | a >> ((uint32_t)32U - s);
-}
-
-inline static void
-Hacl_Impl_Chacha20_setup(uint32_t *st, uint8_t *k, uint8_t *n1, uint32_t c)
-{
-    uint32_t *stcst = st;
-    uint32_t *stk = st + (uint32_t)4U;
-    uint32_t *stc = st + (uint32_t)12U;
-    uint32_t *stn = st + (uint32_t)13U;
-    stcst[0U] = (uint32_t)0x61707865U;
-    stcst[1U] = (uint32_t)0x3320646eU;
-    stcst[2U] = (uint32_t)0x79622d32U;
-    stcst[3U] = (uint32_t)0x6b206574U;
-    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(stk, k, (uint32_t)8U);
-    stc[0U] = c;
-    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(stn, n1, (uint32_t)3U);
-}
-
-inline static void
-Hacl_Impl_Chacha20_quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
-{
-    uint32_t sa = st[a];
-    uint32_t sb0 = st[b];
-    st[a] = sa + sb0;
-    uint32_t sd = st[d];
-    uint32_t sa10 = st[a];
-    uint32_t sda = sd ^ sa10;
-    st[d] = Hacl_Impl_Chacha20_rotate_left(sda, (uint32_t)16U);
-    uint32_t sa0 = st[c];
-    uint32_t sb1 = st[d];
-    st[c] = sa0 + sb1;
-    uint32_t sd0 = st[b];
-    uint32_t sa11 = st[c];
-    uint32_t sda0 = sd0 ^ sa11;
-    st[b] = Hacl_Impl_Chacha20_rotate_left(sda0, (uint32_t)12U);
-    uint32_t sa2 = st[a];
-    uint32_t sb2 = st[b];
-    st[a] = sa2 + sb2;
-    uint32_t sd1 = st[d];
-    uint32_t sa12 = st[a];
-    uint32_t sda1 = sd1 ^ sa12;
-    st[d] = Hacl_Impl_Chacha20_rotate_left(sda1, (uint32_t)8U);
-    uint32_t sa3 = st[c];
-    uint32_t sb = st[d];
-    st[c] = sa3 + sb;
-    uint32_t sd2 = st[b];
-    uint32_t sa1 = st[c];
-    uint32_t sda2 = sd2 ^ sa1;
-    st[b] = Hacl_Impl_Chacha20_rotate_left(sda2, (uint32_t)7U);
-}
-
-inline static void
-Hacl_Impl_Chacha20_double_round(uint32_t *st)
-{
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)0U, (uint32_t)4U, (uint32_t)8U, (uint32_t)12U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)1U, (uint32_t)5U, (uint32_t)9U, (uint32_t)13U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)2U, (uint32_t)6U, (uint32_t)10U, (uint32_t)14U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)3U, (uint32_t)7U, (uint32_t)11U, (uint32_t)15U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)0U, (uint32_t)5U, (uint32_t)10U, (uint32_t)15U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)1U, (uint32_t)6U, (uint32_t)11U, (uint32_t)12U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)2U, (uint32_t)7U, (uint32_t)8U, (uint32_t)13U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)3U, (uint32_t)4U, (uint32_t)9U, (uint32_t)14U);
-}
-
-inline static void
-Hacl_Impl_Chacha20_rounds(uint32_t *st)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U)
-        Hacl_Impl_Chacha20_double_round(st);
-}
-
-inline static void
-Hacl_Impl_Chacha20_sum_states(uint32_t *st, uint32_t *st_)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) {
-        uint32_t xi = st[i];
-        uint32_t yi = st_[i];
-        st[i] = xi + yi;
-    }
-}
-
-inline static void
-Hacl_Impl_Chacha20_copy_state(uint32_t *st, uint32_t *st_)
-{
-    memcpy(st, st_, (uint32_t)16U * sizeof st_[0U]);
-}
-
-inline static void
-Hacl_Impl_Chacha20_chacha20_core(uint32_t *k, uint32_t *st, uint32_t ctr)
-{
-    st[12U] = ctr;
-    Hacl_Impl_Chacha20_copy_state(k, st);
-    Hacl_Impl_Chacha20_rounds(k);
-    Hacl_Impl_Chacha20_sum_states(k, st);
-}
-
-inline static void
-Hacl_Impl_Chacha20_chacha20_block(uint8_t *stream_block, uint32_t *st, uint32_t ctr)
-{
-    uint32_t st_[16U] = { 0U };
-    Hacl_Impl_Chacha20_chacha20_core(st_, st, ctr);
-    Hacl_Lib_LoadStore32_uint32s_to_le_bytes(stream_block, st_, (uint32_t)16U);
-}
-
-inline static void
-Hacl_Impl_Chacha20_init(uint32_t *st, uint8_t *k, uint8_t *n1)
-{
-    Hacl_Impl_Chacha20_setup(st, k, n1, (uint32_t)0U);
-}
-
-static void
-Hacl_Impl_Chacha20_update(uint8_t *output, uint8_t *plain, uint32_t *st, uint32_t ctr)
-{
-    uint32_t b[48U] = { 0U };
-    uint32_t *k = b;
-    uint32_t *ib = b + (uint32_t)16U;
-    uint32_t *ob = b + (uint32_t)32U;
-    Hacl_Impl_Chacha20_chacha20_core(k, st, ctr);
-    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(ib, plain, (uint32_t)16U);
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) {
-        uint32_t xi = ib[i];
-        uint32_t yi = k[i];
-        ob[i] = xi ^ yi;
-    }
-    Hacl_Lib_LoadStore32_uint32s_to_le_bytes(output, ob, (uint32_t)16U);
-}
-
-static void
-Hacl_Impl_Chacha20_update_last(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint32_t *st,
-    uint32_t ctr)
-{
-    uint8_t block[64U] = { 0U };
-    Hacl_Impl_Chacha20_chacha20_block(block, st, ctr);
-    uint8_t *mask = block;
-    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
-        uint8_t xi = plain[i];
-        uint8_t yi = mask[i];
-        output[i] = xi ^ yi;
-    }
-}
-
-static void
-Hacl_Impl_Chacha20_chacha20_counter_mode_blocks(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint32_t *st,
-    uint32_t ctr)
-{
-    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
-        uint8_t *b = plain + (uint32_t)64U * i;
-        uint8_t *o = output + (uint32_t)64U * i;
-        Hacl_Impl_Chacha20_update(o, b, st, ctr + i);
-    }
-}
-
-static void
-Hacl_Impl_Chacha20_chacha20_counter_mode(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint32_t *st,
-    uint32_t ctr)
-{
-    uint32_t blocks_len = len >> (uint32_t)6U;
-    uint32_t part_len = len & (uint32_t)0x3fU;
-    uint8_t *output_ = output;
-    uint8_t *plain_ = plain;
-    uint8_t *output__ = output + (uint32_t)64U * blocks_len;
-    uint8_t *plain__ = plain + (uint32_t)64U * blocks_len;
-    Hacl_Impl_Chacha20_chacha20_counter_mode_blocks(output_, plain_, blocks_len, st, ctr);
-    if (part_len > (uint32_t)0U)
-        Hacl_Impl_Chacha20_update_last(output__, plain__, part_len, st, ctr + blocks_len);
-}
-
-static void
-Hacl_Impl_Chacha20_chacha20(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint8_t *k,
-    uint8_t *n1,
-    uint32_t ctr)
-{
-    uint32_t buf[16U] = { 0U };
-    uint32_t *st = buf;
-    Hacl_Impl_Chacha20_init(st, k, n1);
-    Hacl_Impl_Chacha20_chacha20_counter_mode(output, plain, len, st, ctr);
-}
-
-void
-Hacl_Chacha20_chacha20_key_block(uint8_t *block, uint8_t *k, uint8_t *n1, uint32_t ctr)
-{
-    uint32_t buf[16U] = { 0U };
-    uint32_t *st = buf;
-    Hacl_Impl_Chacha20_init(st, k, n1);
-    Hacl_Impl_Chacha20_chacha20_block(block, st, ctr);
-}
-
-void
-Hacl_Chacha20_chacha20(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint8_t *k,
-    uint8_t *n1,
-    uint32_t ctr)
-{
-    Hacl_Impl_Chacha20_chacha20(output, plain, len, k, n1, ctr);
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/verified/Hacl_Chacha20.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "kremlib.h"
-#ifndef __Hacl_Chacha20_H
-#define __Hacl_Chacha20_H
-
-typedef uint32_t Hacl_Impl_Xor_Lemmas_u32;
-
-typedef uint8_t Hacl_Impl_Xor_Lemmas_u8;
-
-typedef uint8_t *Hacl_Lib_LoadStore32_uint8_p;
-
-typedef uint32_t Hacl_Impl_Chacha20_u32;
-
-typedef uint32_t Hacl_Impl_Chacha20_h32;
-
-typedef uint8_t *Hacl_Impl_Chacha20_uint8_p;
-
-typedef uint32_t *Hacl_Impl_Chacha20_state;
-
-typedef uint32_t Hacl_Impl_Chacha20_idx;
-
-typedef struct
-{
-    void *k;
-    void *n;
-} Hacl_Impl_Chacha20_log_t_;
-
-typedef void *Hacl_Impl_Chacha20_log_t;
-
-typedef uint32_t Hacl_Lib_Create_h32;
-
-typedef uint8_t *Hacl_Chacha20_uint8_p;
-
-typedef uint32_t Hacl_Chacha20_uint32_t;
-
-void Hacl_Chacha20_chacha20_key_block(uint8_t *block, uint8_t *k, uint8_t *n1, uint32_t ctr);
-
-void
-Hacl_Chacha20_chacha20(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint8_t *k,
-    uint8_t *n1,
-    uint32_t ctr);
-#endif
deleted file mode 100644
--- a/security/nss/lib/freebl/verified/Hacl_Curve25519.c
+++ /dev/null
@@ -1,845 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "Hacl_Curve25519.h"
-
-static void
-Hacl_Bignum_Modulo_carry_top(uint64_t *b)
-{
-    uint64_t b4 = b[4U];
-    uint64_t b0 = b[0U];
-    uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU;
-    uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U);
-    b[4U] = b4_;
-    b[0U] = b0_;
-}
-
-inline static void
-Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_t *input)
-{
-    {
-        FStar_UInt128_t xi = input[0U];
-        output[0U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[1U];
-        output[1U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[2U];
-        output[2U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[3U];
-        output[3U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[4U];
-        output[4U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
-    FStar_UInt128_t *output,
-    uint64_t *input,
-    uint64_t s)
-{
-    {
-        FStar_UInt128_t xi = output[0U];
-        uint64_t yi = input[0U];
-        output[0U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[1U];
-        uint64_t yi = input[1U];
-        output[1U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[2U];
-        uint64_t yi = input[2U];
-        output[2U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[3U];
-        uint64_t yi = input[3U];
-        output[3U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[4U];
-        uint64_t yi = input[4U];
-        output[4U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_t *tmp)
-{
-    {
-        uint32_t ctr = (uint32_t)0U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)1U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)2U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)3U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
-{
-    uint64_t tmp = output[4U];
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)0U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)1U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)2U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)3U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    output[0U] = tmp;
-    uint64_t b0 = output[0U];
-    output[0U] = (uint64_t)19U * b0;
-}
-
-static void
-Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input21)
-{
-    {
-        uint64_t input2i = input21[0U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint64_t input2i = input21[1U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint64_t input2i = input21[2U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint64_t input2i = input21[3U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    uint32_t i = (uint32_t)4U;
-    uint64_t input2i = input21[i];
-    Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-}
-
-inline static void
-Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21)
-{
-    uint64_t tmp[5U] = { 0U };
-    memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]);
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t t[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input21);
-    Hacl_Bignum_Fproduct_carry_wide_(t);
-    FStar_UInt128_t b4 = t[4U];
-    FStar_UInt128_t b0 = t[0U];
-    FStar_UInt128_t
-        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19U,
-                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-    t[4U] = b4_;
-    t[0U] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
-    uint64_t i0 = output[0U];
-    uint64_t i1 = output[1U];
-    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
-    output[0U] = i0_;
-    output[1U] = i1_;
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_t *tmp, uint64_t *output)
-{
-    uint64_t r0 = output[0U];
-    uint64_t r1 = output[1U];
-    uint64_t r2 = output[2U];
-    uint64_t r3 = output[3U];
-    uint64_t r4 = output[4U];
-    uint64_t d0 = r0 * (uint64_t)2U;
-    uint64_t d1 = r1 * (uint64_t)2U;
-    uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U;
-    uint64_t d419 = r4 * (uint64_t)19U;
-    uint64_t d4 = d419 * (uint64_t)2U;
-    FStar_UInt128_t
-        s0 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0),
-                                                FStar_UInt128_mul_wide(d4, r1)),
-                              FStar_UInt128_mul_wide(d2, r3));
-    FStar_UInt128_t
-        s1 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1),
-                                                FStar_UInt128_mul_wide(d4, r2)),
-                              FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3));
-    FStar_UInt128_t
-        s2 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2),
-                                                FStar_UInt128_mul_wide(r1, r1)),
-                              FStar_UInt128_mul_wide(d4, r3));
-    FStar_UInt128_t
-        s3 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3),
-                                                FStar_UInt128_mul_wide(d1, r2)),
-                              FStar_UInt128_mul_wide(r4, d419));
-    FStar_UInt128_t
-        s4 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4),
-                                                FStar_UInt128_mul_wide(d1, r3)),
-                              FStar_UInt128_mul_wide(r2, r2));
-    tmp[0U] = s0;
-    tmp[1U] = s1;
-    tmp[2U] = s2;
-    tmp[3U] = s3;
-    tmp[4U] = s4;
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output)
-{
-    Hacl_Bignum_Fsquare_fsquare__(tmp, output);
-    Hacl_Bignum_Fproduct_carry_wide_(tmp);
-    FStar_UInt128_t b4 = tmp[4U];
-    FStar_UInt128_t b0 = tmp[0U];
-    FStar_UInt128_t
-        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19U,
-                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-    tmp[4U] = b4_;
-    tmp[0U] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-    uint64_t i0 = output[0U];
-    uint64_t i1 = output[1U];
-    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
-    output[0U] = i0_;
-    output[1U] = i1_;
-}
-
-static void
-Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, FStar_UInt128_t *tmp, uint32_t count1)
-{
-    Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-    for (uint32_t i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U)
-        Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
-{
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t t[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
-{
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t t[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-}
-
-inline static void
-Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
-{
-    uint64_t buf[20U] = { 0U };
-    uint64_t *a = buf;
-    uint64_t *t00 = buf + (uint32_t)5U;
-    uint64_t *b0 = buf + (uint32_t)10U;
-    Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1U);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2U);
-    Hacl_Bignum_Fmul_fmul(b0, t00, z);
-    Hacl_Bignum_Fmul_fmul(a, b0, a);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1U);
-    Hacl_Bignum_Fmul_fmul(b0, t00, b0);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U);
-    uint64_t *t01 = buf + (uint32_t)5U;
-    uint64_t *b1 = buf + (uint32_t)10U;
-    uint64_t *c0 = buf + (uint32_t)15U;
-    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U);
-    Hacl_Bignum_Fmul_fmul(c0, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U);
-    Hacl_Bignum_Fmul_fmul(t01, t01, c0);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U);
-    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U);
-    uint64_t *a0 = buf;
-    uint64_t *t0 = buf + (uint32_t)5U;
-    uint64_t *b = buf + (uint32_t)10U;
-    uint64_t *c = buf + (uint32_t)15U;
-    Hacl_Bignum_Fmul_fmul(c, t0, b);
-    Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U);
-    Hacl_Bignum_Fmul_fmul(t0, t0, c);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U);
-    Hacl_Bignum_Fmul_fmul(t0, t0, b);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U);
-    Hacl_Bignum_Fmul_fmul(out, t0, a0);
-}
-
-inline static void
-Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
-{
-    {
-        uint64_t xi = a[0U];
-        uint64_t yi = b[0U];
-        a[0U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[1U];
-        uint64_t yi = b[1U];
-        a[1U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[2U];
-        uint64_t yi = b[2U];
-        a[2U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[3U];
-        uint64_t yi = b[3U];
-        a[3U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[4U];
-        uint64_t yi = b[4U];
-        a[4U] = xi + yi;
-    }
-}
-
-inline static void
-Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
-{
-    uint64_t tmp[5U] = { 0U };
-    memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]);
-    uint64_t b0 = tmp[0U];
-    uint64_t b1 = tmp[1U];
-    uint64_t b2 = tmp[2U];
-    uint64_t b3 = tmp[3U];
-    uint64_t b4 = tmp[4U];
-    tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U;
-    tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U;
-    tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U;
-    tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U;
-    tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U;
-    {
-        uint64_t xi = a[0U];
-        uint64_t yi = tmp[0U];
-        a[0U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[1U];
-        uint64_t yi = tmp[1U];
-        a[1U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[2U];
-        uint64_t yi = tmp[2U];
-        a[2U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[3U];
-        uint64_t yi = tmp[3U];
-        a[3U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[4U];
-        uint64_t yi = tmp[4U];
-        a[4U] = yi - xi;
-    }
-}
-
-inline static void
-Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
-{
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t tmp[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    {
-        uint64_t xi = b[0U];
-        tmp[0U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[1U];
-        tmp[1U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[2U];
-        tmp[2U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[3U];
-        tmp[3U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[4U];
-        tmp[4U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    Hacl_Bignum_Fproduct_carry_wide_(tmp);
-    FStar_UInt128_t b4 = tmp[4U];
-    FStar_UInt128_t b0 = tmp[0U];
-    FStar_UInt128_t
-        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19U,
-                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-    tmp[4U] = b4_;
-    tmp[0U] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-}
-
-inline static void
-Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
-{
-    Hacl_Bignum_Fmul_fmul(output, a, b);
-}
-
-inline static void
-Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
-{
-    Hacl_Bignum_Crecip_crecip(output, input);
-}
-
-static void
-Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-    uint32_t i = ctr - (uint32_t)1U;
-    uint64_t ai = a[i];
-    uint64_t bi = b[i];
-    uint64_t x = swap1 & (ai ^ bi);
-    uint64_t ai1 = ai ^ x;
-    uint64_t bi1 = bi ^ x;
-    a[i] = ai1;
-    b[i] = bi1;
-}
-
-static void
-Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-    if (!(ctr == (uint32_t)0U)) {
-        Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
-        uint32_t i = ctr - (uint32_t)1U;
-        Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
-    }
-}
-
-static void
-Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
-{
-    uint64_t swap1 = (uint64_t)0U - iswap;
-    Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U);
-    Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U);
-}
-
-static void
-Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
-{
-    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-    memcpy(output + (uint32_t)5U,
-           input + (uint32_t)5U,
-           (uint32_t)5U * sizeof(input + (uint32_t)5U)[0U]);
-}
-
-static void
-Hacl_EC_AddAndDouble_fmonty(
-    uint64_t *pp,
-    uint64_t *ppq,
-    uint64_t *p,
-    uint64_t *pq,
-    uint64_t *qmqp)
-{
-    uint64_t *qx = qmqp;
-    uint64_t *x2 = pp;
-    uint64_t *z2 = pp + (uint32_t)5U;
-    uint64_t *x3 = ppq;
-    uint64_t *z3 = ppq + (uint32_t)5U;
-    uint64_t *x = p;
-    uint64_t *z = p + (uint32_t)5U;
-    uint64_t *xprime = pq;
-    uint64_t *zprime = pq + (uint32_t)5U;
-    uint64_t buf[40U] = { 0U };
-    uint64_t *origx = buf;
-    uint64_t *origxprime = buf + (uint32_t)5U;
-    uint64_t *xxprime0 = buf + (uint32_t)25U;
-    uint64_t *zzprime0 = buf + (uint32_t)30U;
-    memcpy(origx, x, (uint32_t)5U * sizeof x[0U]);
-    Hacl_Bignum_fsum(x, z);
-    Hacl_Bignum_fdifference(z, origx);
-    memcpy(origxprime, xprime, (uint32_t)5U * sizeof xprime[0U]);
-    Hacl_Bignum_fsum(xprime, zprime);
-    Hacl_Bignum_fdifference(zprime, origxprime);
-    Hacl_Bignum_fmul(xxprime0, xprime, z);
-    Hacl_Bignum_fmul(zzprime0, x, zprime);
-    uint64_t *origxprime0 = buf + (uint32_t)5U;
-    uint64_t *xx0 = buf + (uint32_t)15U;
-    uint64_t *zz0 = buf + (uint32_t)20U;
-    uint64_t *xxprime = buf + (uint32_t)25U;
-    uint64_t *zzprime = buf + (uint32_t)30U;
-    uint64_t *zzzprime = buf + (uint32_t)35U;
-    memcpy(origxprime0, xxprime, (uint32_t)5U * sizeof xxprime[0U]);
-    Hacl_Bignum_fsum(xxprime, zzprime);
-    Hacl_Bignum_fdifference(zzprime, origxprime0);
-    Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U);
-    Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U);
-    Hacl_Bignum_fmul(z3, zzzprime, qx);
-    Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U);
-    Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U);
-    uint64_t *zzz = buf + (uint32_t)10U;
-    uint64_t *xx = buf + (uint32_t)15U;
-    uint64_t *zz = buf + (uint32_t)20U;
-    Hacl_Bignum_fmul(x2, xx, zz);
-    Hacl_Bignum_fdifference(zz, xx);
-    uint64_t scalar = (uint64_t)121665U;
-    Hacl_Bignum_fscalar(zzz, zz, scalar);
-    Hacl_Bignum_fsum(zzz, xx);
-    Hacl_Bignum_fmul(z2, zzz, zz);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    uint64_t bit = (uint64_t)(byt >> (uint32_t)7U);
-    Hacl_EC_Point_swap_conditional(nq, nqpq, bit);
-    Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
-    uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U);
-    Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit0);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
-    uint8_t byt1 = byt << (uint32_t)1U;
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt,
-    uint32_t i)
-{
-    if (!(i == (uint32_t)0U)) {
-        uint32_t i_ = i - (uint32_t)1U;
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
-        uint8_t byt_ = byt << (uint32_t)2U;
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
-    }
-}
-
-static void
-Hacl_EC_Ladder_BigLoop_cmult_big_loop(
-    uint8_t *n1,
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint32_t i)
-{
-    if (!(i == (uint32_t)0U)) {
-        uint32_t i1 = i - (uint32_t)1U;
-        uint8_t byte = n1[i1];
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U);
-        Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
-    }
-}
-
-static void
-Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
-{
-    uint64_t point_buf[40U] = { 0U };
-    uint64_t *nq = point_buf;
-    uint64_t *nqpq = point_buf + (uint32_t)10U;
-    uint64_t *nq2 = point_buf + (uint32_t)20U;
-    uint64_t *nqpq2 = point_buf + (uint32_t)30U;
-    Hacl_EC_Point_copy(nqpq, q);
-    nq[0U] = (uint64_t)1U;
-    Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U);
-    Hacl_EC_Point_copy(result, nq);
-}
-
-static void
-Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
-{
-    uint64_t i0 = load64_le(input);
-    uint8_t *x00 = input + (uint32_t)6U;
-    uint64_t i1 = load64_le(x00);
-    uint8_t *x01 = input + (uint32_t)12U;
-    uint64_t i2 = load64_le(x01);
-    uint8_t *x02 = input + (uint32_t)19U;
-    uint64_t i3 = load64_le(x02);
-    uint8_t *x0 = input + (uint32_t)24U;
-    uint64_t i4 = load64_le(x0);
-    uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU;
-    uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU;
-    uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU;
-    uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU;
-    output[0U] = output0;
-    output[1U] = output1;
-    output[2U] = output2;
-    output[3U] = output3;
-    output[4U] = output4;
-}
-
-static void
-Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
-{
-    uint64_t t0 = input[0U];
-    uint64_t t1 = input[1U];
-    uint64_t t2 = input[2U];
-    uint64_t t3 = input[3U];
-    uint64_t t4 = input[4U];
-    uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-    input[0U] = t0_;
-    input[1U] = t1__;
-    input[2U] = t2__;
-    input[3U] = t3__;
-    input[4U] = t4_;
-}
-
-static void
-Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_first_carry_pass(input);
-    Hacl_Bignum_Modulo_carry_top(input);
-}
-
-static void
-Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
-{
-    uint64_t t0 = input[0U];
-    uint64_t t1 = input[1U];
-    uint64_t t2 = input[2U];
-    uint64_t t3 = input[3U];
-    uint64_t t4 = input[4U];
-    uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-    input[0U] = t0_;
-    input[1U] = t1__;
-    input[2U] = t2__;
-    input[3U] = t3__;
-    input[4U] = t4_;
-}
-
-static void
-Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_second_carry_pass(input);
-    Hacl_Bignum_Modulo_carry_top(input);
-    uint64_t i0 = input[0U];
-    uint64_t i1 = input[1U];
-    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
-    input[0U] = i0_;
-    input[1U] = i1_;
-}
-
-static void
-Hacl_EC_Format_fcontract_trim(uint64_t *input)
-{
-    uint64_t a0 = input[0U];
-    uint64_t a1 = input[1U];
-    uint64_t a2 = input[2U];
-    uint64_t a3 = input[3U];
-    uint64_t a4 = input[4U];
-    uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU);
-    uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4;
-    uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask);
-    uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask);
-    uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask);
-    uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask);
-    uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask);
-    input[0U] = a0_;
-    input[1U] = a1_;
-    input[2U] = a2_;
-    input[3U] = a3_;
-    input[4U] = a4_;
-}
-
-static void
-Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
-{
-    uint64_t t0 = input[0U];
-    uint64_t t1 = input[1U];
-    uint64_t t2 = input[2U];
-    uint64_t t3 = input[3U];
-    uint64_t t4 = input[4U];
-    uint64_t o0 = t1 << (uint32_t)51U | t0;
-    uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U;
-    uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U;
-    uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U;
-    uint8_t *b0 = output;
-    uint8_t *b1 = output + (uint32_t)8U;
-    uint8_t *b2 = output + (uint32_t)16U;
-    uint8_t *b3 = output + (uint32_t)24U;
-    store64_le(b0, o0);
-    store64_le(b1, o1);
-    store64_le(b2, o2);
-    store64_le(b3, o3);
-}
-
-static void
-Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_first_carry_full(input);
-    Hacl_EC_Format_fcontract_second_carry_full(input);
-    Hacl_EC_Format_fcontract_trim(input);
-    Hacl_EC_Format_fcontract_store(output, input);
-}
-
-static void
-Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
-{
-    uint64_t *x = point;
-    uint64_t *z = point + (uint32_t)5U;
-    uint64_t buf[10U] = { 0U };
-    uint64_t *zmone = buf;
-    uint64_t *sc = buf + (uint32_t)5U;
-    Hacl_Bignum_crecip(zmone, z);
-    Hacl_Bignum_fmul(sc, x, zmone);
-    Hacl_EC_Format_fcontract(scalar, sc);
-}
-
-void
-Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-    uint64_t buf0[10U] = { 0U };
-    uint64_t *x0 = buf0;
-    uint64_t *z = buf0 + (uint32_t)5U;
-    Hacl_EC_Format_fexpand(x0, basepoint);
-    z[0U] = (uint64_t)1U;
-    uint64_t *q = buf0;
-    uint8_t e[32U] = { 0U };
-    memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]);
-    uint8_t e0 = e[0U];
-    uint8_t e31 = e[31U];
-    uint8_t e01 = e0 & (uint8_t)248U;
-    uint8_t e311 = e31 & (uint8_t)127U;
-    uint8_t e312 = e311 | (uint8_t)64U;
-    e[0U] = e01;
-    e[31U] = e312;
-    uint8_t *scalar = e;
-    uint64_t buf[15U] = { 0U };
-    uint64_t *nq = buf;
-    uint64_t *x = nq;
-    x[0U] = (uint64_t)1U;
-    Hacl_EC_Ladder_cmult(nq, scalar, q);
-    Hacl_EC_Format_scalar_of_point(mypublic, nq);
-}
-
-void
-Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-    Hacl_EC_crypto_scalarmult(mypublic, secret, basepoint);
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/verified/Hacl_Curve25519.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "kremlib.h"
-#ifndef __Hacl_Curve25519_H
-#define __Hacl_Curve25519_H
-
-typedef uint64_t Hacl_Bignum_Constants_limb;
-
-typedef FStar_UInt128_t Hacl_Bignum_Constants_wide;
-
-typedef uint64_t Hacl_Bignum_Parameters_limb;
-
-typedef FStar_UInt128_t Hacl_Bignum_Parameters_wide;
-
-typedef uint32_t Hacl_Bignum_Parameters_ctr;
-
-typedef uint64_t *Hacl_Bignum_Parameters_felem;
-
-typedef FStar_UInt128_t *Hacl_Bignum_Parameters_felem_wide;
-
-typedef void *Hacl_Bignum_Parameters_seqelem;
-
-typedef void *Hacl_Bignum_Parameters_seqelem_wide;
-
-typedef FStar_UInt128_t Hacl_Bignum_Wide_t;
-
-typedef uint64_t Hacl_Bignum_Limb_t;
-
-extern void Hacl_Bignum_lemma_diff(Prims_int x0, Prims_int x1, Prims_pos x2);
-
-typedef uint64_t *Hacl_EC_Point_point;
-
-typedef uint8_t *Hacl_EC_Ladder_SmallLoop_uint8_p;
-
-typedef uint8_t *Hacl_EC_Ladder_uint8_p;
-
-typedef uint8_t *Hacl_EC_Format_uint8_p;
-
-void Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
-
-typedef uint8_t *Hacl_Curve25519_uint8_p;
-
-void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
-#endif
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/verified/fstar_uint128.h
@@ -0,0 +1,291 @@
+// Copyright 2016-2017 Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/* This file was auto-generated by KreMLin! */
+
+#ifndef __FStar_UInt128_H
+#define __FStar_UInt128_H
+
+typedef struct
+{
+    uint64_t low;
+    uint64_t high;
+} FStar_UInt128_uint128;
+
+typedef FStar_UInt128_uint128 FStar_UInt128_t;
+
+typedef struct
+{
+    uint64_t fst;
+    uint64_t snd;
+    uint64_t thd;
+    uint64_t f3;
+} K___uint64_t_uint64_t_uint64_t_uint64_t;
+
+static inline uint64_t
+FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
+{
+    return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63;
+}
+
+static inline uint64_t
+FStar_UInt128_carry(uint64_t a, uint64_t b)
+{
+    return FStar_UInt128_constant_time_carry(a, b);
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return (
+        (FStar_UInt128_uint128){
+            .low = a.low + b.low,
+            .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return (
+        (FStar_UInt128_uint128){
+            .low = a.low + b.low,
+            .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return (
+        (FStar_UInt128_uint128){
+            .low = a.low - b.low,
+            .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return (
+        (FStar_UInt128_uint128){
+            .low = a.low - b.low,
+            .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return FStar_UInt128_sub_mod_impl(a, b);
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return ((FStar_UInt128_uint128){.low = a.low & b.low, .high = a.high & b.high });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return ((FStar_UInt128_uint128){.low = a.low ^ b.low, .high = a.high ^ b.high });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return ((FStar_UInt128_uint128){.low = a.low | b.low, .high = a.high | b.high });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_lognot(FStar_UInt128_uint128 a)
+{
+    return ((FStar_UInt128_uint128){.low = ~a.low, .high = ~a.high });
+}
+
+static uint32_t FStar_UInt128_u32_64 = (uint32_t)64;
+
+static inline uint64_t
+FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
+{
+    return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
+}
+
+static inline uint64_t
+FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
+{
+    return FStar_UInt128_add_u64_shift_left(hi, lo, s);
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
+{
+    if (s == (uint32_t)0)
+        return a;
+    else
+        return (
+            (FStar_UInt128_uint128){
+                .low = a.low << s,
+                .high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
+{
+    return ((FStar_UInt128_uint128){.low = (uint64_t)0, .high = a.low << (s - FStar_UInt128_u32_64) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
+{
+    if (s < FStar_UInt128_u32_64)
+        return FStar_UInt128_shift_left_small(a, s);
+    else
+        return FStar_UInt128_shift_left_large(a, s);
+}
+
+static inline uint64_t
+FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
+{
+    return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
+}
+
+static inline uint64_t
+FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
+{
+    return FStar_UInt128_add_u64_shift_right(hi, lo, s);
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
+{
+    if (s == (uint32_t)0)
+        return a;
+    else
+        return (
+            (FStar_UInt128_uint128){
+                .low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s),
+                .high = a.high >> s });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
+{
+    return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0 });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
+{
+    if (s < FStar_UInt128_u32_64)
+        return FStar_UInt128_shift_right_small(a, s);
+    else
+        return FStar_UInt128_shift_right_large(a, s);
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return (
+        (FStar_UInt128_uint128){
+            .low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high),
+            .high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
+{
+    return (
+        (FStar_UInt128_uint128){
+            .low = (FStar_UInt64_gte_mask(a.high,
+                                          b.high) &
+                    ~FStar_UInt64_eq_mask(a.high, b.high)) |
+                   (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
+            .high = (FStar_UInt64_gte_mask(a.high,
+                                           b.high) &
+                     ~FStar_UInt64_eq_mask(a.high, b.high)) |
+                    (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_uint64_to_uint128(uint64_t a)
+{
+    return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0 });
+}
+
+static inline uint64_t
+FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
+{
+    return a.low;
+}
+
+static uint64_t FStar_UInt128_u64_l32_mask = (uint64_t)0xffffffff;
+
+static inline uint64_t
+FStar_UInt128_u64_mod_32(uint64_t a)
+{
+    return a & FStar_UInt128_u64_l32_mask;
+}
+
+static uint32_t FStar_UInt128_u32_32 = (uint32_t)32;
+
+static inline K___uint64_t_uint64_t_uint64_t_uint64_t
+FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
+{
+    return (
+        (K___uint64_t_uint64_t_uint64_t_uint64_t){
+            .fst = FStar_UInt128_u64_mod_32(x),
+            .snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)),
+            .thd = x >> FStar_UInt128_u32_32,
+            .f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) });
+}
+
+static inline uint64_t
+FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo)
+{
+    return lo + (hi << FStar_UInt128_u32_32);
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
+{
+    K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y);
+    uint64_t u1 = scrut.fst;
+    uint64_t w3 = scrut.snd;
+    uint64_t x_ = scrut.thd;
+    uint64_t t_ = scrut.f3;
+    return (
+        (FStar_UInt128_uint128){
+            .low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_),
+                                              w3),
+            .high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) +
+                    ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) });
+}
+
+static inline FStar_UInt128_uint128
+FStar_UInt128_mul_wide(uint64_t x, uint64_t y)
+{
+    return FStar_UInt128_mul_wide_impl(x, y);
+}
+
+static inline FStar_UInt128_uint128
+FStar_Int_Cast_Full_uint64_to_uint128(uint64_t a)
+{
+    return FStar_UInt128_uint64_to_uint128(a);
+}
+
+static inline uint64_t
+FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_uint128 a)
+{
+    return FStar_UInt128_uint128_to_uint64(a);
+}
+
+#endif
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/verified/hacl_curve25519_64.c
@@ -0,0 +1,1044 @@
+// Copyright 2016-2017 INRIA and Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "hacl_curve25519_64.h"
+
+static void
+Hacl_Bignum_Modulo_carry_top(uint64_t *b)
+{
+    uint64_t b4 = b[4];
+    uint64_t b0 = b[0];
+    uint64_t mask = ((uint64_t)1 << (uint32_t)51) - (uint64_t)1;
+    uint64_t b4_ = b4 & mask;
+    uint64_t b0_ = b0 + (uint64_t)19 * (b4 >> (uint32_t)51);
+    b[4] = b4_;
+    b[0] = b0_;
+}
+
+inline static void
+Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_t *input)
+{
+    {
+        FStar_UInt128_t uu____429 = input[0];
+        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
+        output[0] = uu____428;
+    }
+    {
+        FStar_UInt128_t uu____429 = input[1];
+        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
+        output[1] = uu____428;
+    }
+    {
+        FStar_UInt128_t uu____429 = input[2];
+        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
+        output[2] = uu____428;
+    }
+    {
+        FStar_UInt128_t uu____429 = input[3];
+        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
+        output[3] = uu____428;
+    }
+    {
+        FStar_UInt128_t uu____429 = input[4];
+        uint64_t uu____428 = FStar_Int_Cast_Full_uint128_to_uint64(uu____429);
+        output[4] = uu____428;
+    }
+}
+
+inline static void
+Hacl_Bignum_Fproduct_shift(uint64_t *output)
+{
+    uint64_t tmp = output[4];
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)0 - (uint32_t)1;
+        uint64_t z = output[ctr - (uint32_t)1];
+        output[ctr] = z;
+    }
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)1 - (uint32_t)1;
+        uint64_t z = output[ctr - (uint32_t)1];
+        output[ctr] = z;
+    }
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)2 - (uint32_t)1;
+        uint64_t z = output[ctr - (uint32_t)1];
+        output[ctr] = z;
+    }
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)3 - (uint32_t)1;
+        uint64_t z = output[ctr - (uint32_t)1];
+        output[ctr] = z;
+    }
+    output[0] = tmp;
+}
+
+inline static void
+Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
+    FStar_UInt128_t *output,
+    uint64_t *input,
+    uint64_t s)
+{
+    {
+        FStar_UInt128_t uu____871 = output[0];
+        uint64_t uu____874 = input[0];
+        FStar_UInt128_t
+            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
+        output[0] = uu____870;
+    }
+    {
+        FStar_UInt128_t uu____871 = output[1];
+        uint64_t uu____874 = input[1];
+        FStar_UInt128_t
+            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
+        output[1] = uu____870;
+    }
+    {
+        FStar_UInt128_t uu____871 = output[2];
+        uint64_t uu____874 = input[2];
+        FStar_UInt128_t
+            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
+        output[2] = uu____870;
+    }
+    {
+        FStar_UInt128_t uu____871 = output[3];
+        uint64_t uu____874 = input[3];
+        FStar_UInt128_t
+            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
+        output[3] = uu____870;
+    }
+    {
+        FStar_UInt128_t uu____871 = output[4];
+        uint64_t uu____874 = input[4];
+        FStar_UInt128_t
+            uu____870 = FStar_UInt128_add_mod(uu____871, FStar_UInt128_mul_wide(uu____874, s));
+        output[4] = uu____870;
+    }
+}
+
+inline static void
+Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_t *tmp)
+{
+    {
+        uint32_t ctr = (uint32_t)0;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
+        uint64_t
+            r0 =
+                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
+        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
+    }
+    {
+        uint32_t ctr = (uint32_t)1;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
+        uint64_t
+            r0 =
+                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
+        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
+    }
+    {
+        uint32_t ctr = (uint32_t)2;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
+        uint64_t
+            r0 =
+                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
+        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
+    }
+    {
+        uint32_t ctr = (uint32_t)3;
+        FStar_UInt128_t tctr = tmp[ctr];
+        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1];
+        uint64_t
+            r0 =
+                FStar_Int_Cast_Full_uint128_to_uint64(tctr) & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
+        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51);
+        tmp[ctr] = FStar_Int_Cast_Full_uint64_to_uint128(r0);
+        tmp[ctr + (uint32_t)1] = FStar_UInt128_add(tctrp1, c);
+    }
+}
+
+inline static void
+Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
+{
+    Hacl_Bignum_Fproduct_shift(output);
+    uint64_t b0 = output[0];
+    output[0] = (uint64_t)19 * b0;
+}
+
+static void
+Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input21)
+{
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)0 - (uint32_t)1;
+        uint32_t i1 = ctr;
+        uint32_t j = (uint32_t)4 - i1;
+        uint64_t input2i = input21[j];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        if (ctr > (uint32_t)0)
+            Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)1 - (uint32_t)1;
+        uint32_t i1 = ctr;
+        uint32_t j = (uint32_t)4 - i1;
+        uint64_t input2i = input21[j];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        if (ctr > (uint32_t)0)
+            Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)2 - (uint32_t)1;
+        uint32_t i1 = ctr;
+        uint32_t j = (uint32_t)4 - i1;
+        uint64_t input2i = input21[j];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        if (ctr > (uint32_t)0)
+            Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)3 - (uint32_t)1;
+        uint32_t i1 = ctr;
+        uint32_t j = (uint32_t)4 - i1;
+        uint64_t input2i = input21[j];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        if (ctr > (uint32_t)0)
+            Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+    {
+        uint32_t ctr = (uint32_t)5 - (uint32_t)4 - (uint32_t)1;
+        uint32_t i1 = ctr;
+        uint32_t j = (uint32_t)4 - i1;
+        uint64_t input2i = input21[j];
+        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
+        if (ctr > (uint32_t)0)
+            Hacl_Bignum_Fmul_shift_reduce(input);
+    }
+}
+
+inline static void
+Hacl_Bignum_Fmul_fmul_(uint64_t *output, uint64_t *input, uint64_t *input21)
+{
+    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
+    FStar_UInt128_t t[5];
+    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
+        t[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
+    Hacl_Bignum_Fmul_mul_shift_reduce_(t, input, input21);
+    Hacl_Bignum_Fproduct_carry_wide_(t);
+    FStar_UInt128_t b4 = t[4];
+    FStar_UInt128_t b0 = t[0];
+    FStar_UInt128_t
+        mask =
+            FStar_UInt128_sub(FStar_UInt128_shift_left(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1),
+                                                       (uint32_t)51),
+                              FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1));
+    FStar_UInt128_t b4_ = FStar_UInt128_logand(b4, mask);
+    FStar_UInt128_t
+        b0_ =
+            FStar_UInt128_add(b0,
+                              FStar_UInt128_mul_wide((uint64_t)19,
+                                                     FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51))));
+    t[4] = b4_;
+    t[0] = b0_;
+    Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
+    uint64_t i0 = output[0];
+    uint64_t i1 = output[1];
+    uint64_t i0_ = i0 & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
+    uint64_t i1_ = i1 + (i0 >> (uint32_t)51);
+    output[0] = i0_;
+    output[1] = i1_;
+}
+
+inline static void
+Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21)
+{
+    uint64_t tmp[5] = { 0 };
+    memcpy(tmp, input, (uint32_t)5 * sizeof input[0]);
+    Hacl_Bignum_Fmul_fmul_(output, tmp, input21);
+}
+
+inline static void
+Hacl_Bignum_Fsquare_upd_5(
+    FStar_UInt128_t *tmp,
+    FStar_UInt128_t s0,
+    FStar_UInt128_t s1,
+    FStar_UInt128_t s2,
+    FStar_UInt128_t s3,
+    FStar_UInt128_t s4)
+{
+    tmp[0] = s0;
+    tmp[1] = s1;
+    tmp[2] = s2;
+    tmp[3] = s3;
+    tmp[4] = s4;
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_t *tmp, uint64_t *output)
+{
+    uint64_t r0 = output[0];
+    uint64_t r1 = output[1];
+    uint64_t r2 = output[2];
+    uint64_t r3 = output[3];
+    uint64_t r4 = output[4];
+    uint64_t d0 = r0 * (uint64_t)2;
+    uint64_t d1 = r1 * (uint64_t)2;
+    uint64_t d2 = r2 * (uint64_t)2 * (uint64_t)19;
+    uint64_t d419 = r4 * (uint64_t)19;
+    uint64_t d4 = d419 * (uint64_t)2;
+    FStar_UInt128_t
+        s0 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0),
+                                                FStar_UInt128_mul_wide(d4, r1)),
+                              FStar_UInt128_mul_wide(d2, r3));
+    FStar_UInt128_t
+        s1 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1),
+                                                FStar_UInt128_mul_wide(d4, r2)),
+                              FStar_UInt128_mul_wide(r3 * (uint64_t)19, r3));
+    FStar_UInt128_t
+        s2 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2),
+                                                FStar_UInt128_mul_wide(r1, r1)),
+                              FStar_UInt128_mul_wide(d4, r3));
+    FStar_UInt128_t
+        s3 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3),
+                                                FStar_UInt128_mul_wide(d1, r2)),
+                              FStar_UInt128_mul_wide(r4, d419));
+    FStar_UInt128_t
+        s4 =
+            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4),
+                                                FStar_UInt128_mul_wide(d1, r3)),
+                              FStar_UInt128_mul_wide(r2, r2));
+    Hacl_Bignum_Fsquare_upd_5(tmp, s0, s1, s2, s3, s4);
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output)
+{
+    Hacl_Bignum_Fsquare_fsquare__(tmp, output);
+    Hacl_Bignum_Fproduct_carry_wide_(tmp);
+    FStar_UInt128_t b4 = tmp[4];
+    FStar_UInt128_t b0 = tmp[0];
+    FStar_UInt128_t
+        mask =
+            FStar_UInt128_sub(FStar_UInt128_shift_left(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1),
+                                                       (uint32_t)51),
+                              FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1));
+    FStar_UInt128_t b4_ = FStar_UInt128_logand(b4, mask);
+    FStar_UInt128_t
+        b0_ =
+            FStar_UInt128_add(b0,
+                              FStar_UInt128_mul_wide((uint64_t)19,
+                                                     FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51))));
+    tmp[4] = b4_;
+    tmp[0] = b0_;
+    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+    uint64_t i0 = output[0];
+    uint64_t i1 = output[1];
+    uint64_t i0_ = i0 & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
+    uint64_t i1_ = i1 + (i0 >> (uint32_t)51);
+    output[0] = i0_;
+    output[1] = i1_;
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *output, FStar_UInt128_t *tmp, uint32_t count1)
+{
+    if (count1 == (uint32_t)1)
+        Hacl_Bignum_Fsquare_fsquare_(tmp, output);
+    else {
+        uint32_t i = count1 - (uint32_t)1;
+        Hacl_Bignum_Fsquare_fsquare_(tmp, output);
+        Hacl_Bignum_Fsquare_fsquare_times_(output, tmp, i);
+    }
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
+{
+    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
+    FStar_UInt128_t t[5];
+    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
+        t[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
+    memcpy(output, input, (uint32_t)5 * sizeof input[0]);
+    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+}
+
+inline static void
+Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
+{
+    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
+    FStar_UInt128_t t[5];
+    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
+        t[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
+    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
+}
+
+inline static void
+Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
+{
+    uint64_t buf[20] = { 0 };
+    uint64_t *a = buf;
+    uint64_t *t00 = buf + (uint32_t)5;
+    uint64_t *b0 = buf + (uint32_t)10;
+    (void)(buf + (uint32_t)15);
+    Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1);
+    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2);
+    Hacl_Bignum_Fmul_fmul(b0, t00, z);
+    Hacl_Bignum_Fmul_fmul(a, b0, a);
+    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1);
+    Hacl_Bignum_Fmul_fmul(b0, t00, b0);
+    Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5);
+    uint64_t *t01 = buf + (uint32_t)5;
+    uint64_t *b1 = buf + (uint32_t)10;
+    uint64_t *c0 = buf + (uint32_t)15;
+    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10);
+    Hacl_Bignum_Fmul_fmul(c0, t01, b1);
+    Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20);
+    Hacl_Bignum_Fmul_fmul(t01, t01, c0);
+    Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10);
+    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
+    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50);
+    uint64_t *a0 = buf;
+    uint64_t *t0 = buf + (uint32_t)5;
+    uint64_t *b = buf + (uint32_t)10;
+    uint64_t *c = buf + (uint32_t)15;
+    Hacl_Bignum_Fmul_fmul(c, t0, b);
+    Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100);
+    Hacl_Bignum_Fmul_fmul(t0, t0, c);
+    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50);
+    Hacl_Bignum_Fmul_fmul(t0, t0, b);
+    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5);
+    Hacl_Bignum_Fmul_fmul(out, t0, a0);
+}
+
+inline static void
+Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
+{
+    {
+        uint64_t uu____871 = a[0];
+        uint64_t uu____874 = b[0];
+        uint64_t uu____870 = uu____871 + uu____874;
+        a[0] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[1];
+        uint64_t uu____874 = b[1];
+        uint64_t uu____870 = uu____871 + uu____874;
+        a[1] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[2];
+        uint64_t uu____874 = b[2];
+        uint64_t uu____870 = uu____871 + uu____874;
+        a[2] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[3];
+        uint64_t uu____874 = b[3];
+        uint64_t uu____870 = uu____871 + uu____874;
+        a[3] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[4];
+        uint64_t uu____874 = b[4];
+        uint64_t uu____870 = uu____871 + uu____874;
+        a[4] = uu____870;
+    }
+}
+
+inline static void
+Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
+{
+    uint64_t tmp[5] = { 0 };
+    memcpy(tmp, b, (uint32_t)5 * sizeof b[0]);
+    uint64_t b0 = tmp[0];
+    uint64_t b1 = tmp[1];
+    uint64_t b2 = tmp[2];
+    uint64_t b3 = tmp[3];
+    uint64_t b4 = tmp[4];
+    tmp[0] = b0 + (uint64_t)0x3fffffffffff68;
+    tmp[1] = b1 + (uint64_t)0x3ffffffffffff8;
+    tmp[2] = b2 + (uint64_t)0x3ffffffffffff8;
+    tmp[3] = b3 + (uint64_t)0x3ffffffffffff8;
+    tmp[4] = b4 + (uint64_t)0x3ffffffffffff8;
+    {
+        uint64_t uu____871 = a[0];
+        uint64_t uu____874 = tmp[0];
+        uint64_t uu____870 = uu____874 - uu____871;
+        a[0] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[1];
+        uint64_t uu____874 = tmp[1];
+        uint64_t uu____870 = uu____874 - uu____871;
+        a[1] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[2];
+        uint64_t uu____874 = tmp[2];
+        uint64_t uu____870 = uu____874 - uu____871;
+        a[2] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[3];
+        uint64_t uu____874 = tmp[3];
+        uint64_t uu____870 = uu____874 - uu____871;
+        a[3] = uu____870;
+    }
+    {
+        uint64_t uu____871 = a[4];
+        uint64_t uu____874 = tmp[4];
+        uint64_t uu____870 = uu____874 - uu____871;
+        a[4] = uu____870;
+    }
+}
+
+inline static void
+Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
+{
+    KRML_CHECK_SIZE(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0), (uint32_t)5);
+    FStar_UInt128_t tmp[5];
+    for (uintmax_t _i = 0; _i < (uint32_t)5; ++_i)
+        tmp[_i] = FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)0);
+    {
+        uint64_t uu____429 = b[0];
+        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
+        tmp[0] = uu____428;
+    }
+    {
+        uint64_t uu____429 = b[1];
+        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
+        tmp[1] = uu____428;
+    }
+    {
+        uint64_t uu____429 = b[2];
+        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
+        tmp[2] = uu____428;
+    }
+    {
+        uint64_t uu____429 = b[3];
+        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
+        tmp[3] = uu____428;
+    }
+    {
+        uint64_t uu____429 = b[4];
+        FStar_UInt128_t uu____428 = FStar_UInt128_mul_wide(uu____429, s);
+        tmp[4] = uu____428;
+    }
+    Hacl_Bignum_Fproduct_carry_wide_(tmp);
+    FStar_UInt128_t b4 = tmp[4];
+    FStar_UInt128_t b0 = tmp[0];
+    FStar_UInt128_t
+        mask =
+            FStar_UInt128_sub(FStar_UInt128_shift_left(FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1),
+                                                       (uint32_t)51),
+                              FStar_Int_Cast_Full_uint64_to_uint128((uint64_t)1));
+    FStar_UInt128_t b4_ = FStar_UInt128_logand(b4, mask);
+    FStar_UInt128_t
+        b0_ =
+            FStar_UInt128_add(b0,
+                              FStar_UInt128_mul_wide((uint64_t)19,
+                                                     FStar_Int_Cast_Full_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51))));
+    tmp[4] = b4_;
+    tmp[0] = b0_;
+    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
+}
+
+inline static void
+Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
+{
+    Hacl_Bignum_Fmul_fmul(output, a, b);
+}
+
+inline static void
+Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
+{
+    Hacl_Bignum_Crecip_crecip(output, input);
+}
+
+static void
+Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+    uint32_t i = ctr - (uint32_t)1;
+    uint64_t ai = a[i];
+    uint64_t bi = b[i];
+    uint64_t x = swap1 & (ai ^ bi);
+    uint64_t ai1 = ai ^ x;
+    uint64_t bi1 = bi ^ x;
+    a[i] = ai1;
+    b[i] = bi1;
+}
+
+static void
+Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
+{
+    if (ctr == (uint32_t)0) {
+
+    } else {
+        Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
+        uint32_t i = ctr - (uint32_t)1;
+        Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
+    }
+}
+
+static void
+Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
+{
+    uint64_t swap1 = (uint64_t)0 - iswap;
+    Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5);
+    Hacl_EC_Point_swap_conditional_(a + (uint32_t)5, b + (uint32_t)5, swap1, (uint32_t)5);
+}
+
+static void
+Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
+{
+    memcpy(output, input, (uint32_t)5 * sizeof input[0]);
+    memcpy(output + (uint32_t)5,
+           input + (uint32_t)5,
+           (uint32_t)5 * sizeof(input + (uint32_t)5)[0]);
+}
+
+static void
+Hacl_EC_AddAndDouble_fmonty(
+    uint64_t *pp,
+    uint64_t *ppq,
+    uint64_t *p,
+    uint64_t *pq,
+    uint64_t *qmqp)
+{
+    uint64_t *qx = qmqp;
+    uint64_t *x2 = pp;
+    uint64_t *z2 = pp + (uint32_t)5;
+    uint64_t *x3 = ppq;
+    uint64_t *z3 = ppq + (uint32_t)5;
+    uint64_t *x = p;
+    uint64_t *z = p + (uint32_t)5;
+    uint64_t *xprime = pq;
+    uint64_t *zprime = pq + (uint32_t)5;
+    uint64_t buf[40] = { 0 };
+    (void)(buf + (uint32_t)5);
+    (void)(buf + (uint32_t)10);
+    (void)(buf + (uint32_t)15);
+    (void)(buf + (uint32_t)20);
+    (void)(buf + (uint32_t)25);
+    (void)(buf + (uint32_t)30);
+    (void)(buf + (uint32_t)35);
+    uint64_t *origx = buf;
+    uint64_t *origxprime = buf + (uint32_t)5;
+    (void)(buf + (uint32_t)10);
+    (void)(buf + (uint32_t)15);
+    (void)(buf + (uint32_t)20);
+    uint64_t *xxprime0 = buf + (uint32_t)25;
+    uint64_t *zzprime0 = buf + (uint32_t)30;
+    (void)(buf + (uint32_t)35);
+    memcpy(origx, x, (uint32_t)5 * sizeof x[0]);
+    Hacl_Bignum_fsum(x, z);
+    Hacl_Bignum_fdifference(z, origx);
+    memcpy(origxprime, xprime, (uint32_t)5 * sizeof xprime[0]);
+    Hacl_Bignum_fsum(xprime, zprime);
+    Hacl_Bignum_fdifference(zprime, origxprime);
+    Hacl_Bignum_fmul(xxprime0, xprime, z);
+    Hacl_Bignum_fmul(zzprime0, x, zprime);
+    uint64_t *origxprime0 = buf + (uint32_t)5;
+    (void)(buf + (uint32_t)10);
+    uint64_t *xx0 = buf + (uint32_t)15;
+    uint64_t *zz0 = buf + (uint32_t)20;
+    uint64_t *xxprime = buf + (uint32_t)25;
+    uint64_t *zzprime = buf + (uint32_t)30;
+    uint64_t *zzzprime = buf + (uint32_t)35;
+    memcpy(origxprime0, xxprime, (uint32_t)5 * sizeof xxprime[0]);
+    Hacl_Bignum_fsum(xxprime, zzprime);
+    Hacl_Bignum_fdifference(zzprime, origxprime0);
+    Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1);
+    Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1);
+    Hacl_Bignum_fmul(z3, zzzprime, qx);
+    Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1);
+    Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1);
+    (void)(buf + (uint32_t)5);
+    uint64_t *zzz = buf + (uint32_t)10;
+    uint64_t *xx = buf + (uint32_t)15;
+    uint64_t *zz = buf + (uint32_t)20;
+    (void)(buf + (uint32_t)25);
+    (void)(buf + (uint32_t)30);
+    (void)(buf + (uint32_t)35);
+    Hacl_Bignum_fmul(x2, xx, zz);
+    Hacl_Bignum_fdifference(zz, xx);
+    uint64_t scalar = (uint64_t)121665;
+    Hacl_Bignum_fscalar(zzz, zz, scalar);
+    Hacl_Bignum_fsum(zzz, xx);
+    Hacl_Bignum_fmul(z2, zzz, zz);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_1(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt)
+{
+    uint64_t bit = (uint64_t)(byt >> (uint32_t)7);
+    Hacl_EC_Point_swap_conditional(nq, nqpq, bit);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_2(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt)
+{
+    Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt)
+{
+    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_1(nq, nqpq, nq2, nqpq2, q, byt);
+    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_2(nq, nqpq, nq2, nqpq2, q, byt);
+    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step_1(nq2, nqpq2, nq, nqpq, q, byt);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt)
+{
+    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
+    uint8_t byt1 = byt << (uint32_t)1;
+    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
+}
+
+static void
+Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint8_t byt,
+    uint32_t i)
+{
+    if (i == (uint32_t)0) {
+
+    } else {
+        uint32_t i_ = i - (uint32_t)1;
+        Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
+        uint8_t byt_ = byt << (uint32_t)2;
+        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
+    }
+}
+
+static void
+Hacl_EC_Ladder_BigLoop_cmult_big_loop(
+    uint8_t *n1,
+    uint64_t *nq,
+    uint64_t *nqpq,
+    uint64_t *nq2,
+    uint64_t *nqpq2,
+    uint64_t *q,
+    uint32_t i)
+{
+    if (i == (uint32_t)0) {
+
+    } else {
+        uint32_t i1 = i - (uint32_t)1;
+        uint8_t byte = n1[i1];
+        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4);
+        Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
+    }
+}
+
+static void
+Hacl_EC_Ladder_cmult_(uint64_t *result, uint64_t *point_buf, uint8_t *n1, uint64_t *q)
+{
+    uint64_t *nq = point_buf;
+    uint64_t *nqpq = point_buf + (uint32_t)10;
+    uint64_t *nq2 = point_buf + (uint32_t)20;
+    uint64_t *nqpq2 = point_buf + (uint32_t)30;
+    Hacl_EC_Point_copy(nqpq, q);
+    nq[0] = (uint64_t)1;
+    Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32);
+    Hacl_EC_Point_copy(result, nq);
+}
+
+static void
+Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
+{
+    uint64_t point_buf[40] = { 0 };
+    Hacl_EC_Ladder_cmult_(result, point_buf, n1, q);
+}
+
+static void
+Hacl_EC_Format_upd_5(
+    uint64_t *output,
+    uint64_t output0,
+    uint64_t output1,
+    uint64_t output2,
+    uint64_t output3,
+    uint64_t output4)
+{
+    output[0] = output0;
+    output[1] = output1;
+    output[2] = output2;
+    output[3] = output3;
+    output[4] = output4;
+}
+
+static void
+Hacl_EC_Format_upd_5_(
+    uint64_t *output,
+    uint64_t output0,
+    uint64_t output1,
+    uint64_t output2,
+    uint64_t output3,
+    uint64_t output4)
+{
+    output[0] = output0;
+    output[1] = output1;
+    output[2] = output2;
+    output[3] = output3;
+    output[4] = output4;
+}
+
+static void
+Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
+{
+    uint64_t mask_511 = (uint64_t)0x7ffffffffffff;
+    uint64_t i0 = load64_le(input);
+    uint8_t *x00 = input + (uint32_t)6;
+    uint64_t i1 = load64_le(x00);
+    uint8_t *x01 = input + (uint32_t)12;
+    uint64_t i2 = load64_le(x01);
+    uint8_t *x02 = input + (uint32_t)19;
+    uint64_t i3 = load64_le(x02);
+    uint8_t *x0 = input + (uint32_t)24;
+    uint64_t i4 = load64_le(x0);
+    uint64_t output0 = i0 & mask_511;
+    uint64_t output1 = i1 >> (uint32_t)3 & mask_511;
+    uint64_t output2 = i2 >> (uint32_t)6 & mask_511;
+    uint64_t output3 = i3 >> (uint32_t)1 & mask_511;
+    uint64_t output4 = i4 >> (uint32_t)12 & mask_511;
+    Hacl_EC_Format_upd_5(output, output0, output1, output2, output3, output4);
+}
+
+static void
+Hacl_EC_Format_store_4(uint8_t *output, uint64_t v0, uint64_t v1, uint64_t v2, uint64_t v3)
+{
+    uint8_t *b0 = output;
+    uint8_t *b1 = output + (uint32_t)8;
+    uint8_t *b2 = output + (uint32_t)16;
+    uint8_t *b3 = output + (uint32_t)24;
+    store64_le(b0, v0);
+    store64_le(b1, v1);
+    store64_le(b2, v2);
+    store64_le(b3, v3);
+}
+
+static void
+Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
+{
+    uint64_t t0 = input[0];
+    uint64_t t1 = input[1];
+    uint64_t t2 = input[2];
+    uint64_t t3 = input[3];
+    uint64_t t4 = input[4];
+    uint64_t t1_ = t1 + (t0 >> (uint32_t)51);
+    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffff;
+    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51);
+    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffff;
+    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51);
+    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffff;
+    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51);
+    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffff;
+    Hacl_EC_Format_upd_5_(input, t0_, t1__, t2__, t3__, t4_);
+}
+
+static void
+Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
+{
+    Hacl_EC_Format_fcontract_first_carry_pass(input);
+    Hacl_Bignum_Modulo_carry_top(input);
+}
+
+static void
+Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
+{
+    uint64_t t0 = input[0];
+    uint64_t t1 = input[1];
+    uint64_t t2 = input[2];
+    uint64_t t3 = input[3];
+    uint64_t t4 = input[4];
+    uint64_t t1_ = t1 + (t0 >> (uint32_t)51);
+    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffff;
+    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51);
+    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffff;
+    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51);
+    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffff;
+    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51);
+    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffff;
+    Hacl_EC_Format_upd_5_(input, t0_, t1__, t2__, t3__, t4_);
+}
+
+static void
+Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
+{
+    Hacl_EC_Format_fcontract_second_carry_pass(input);
+    Hacl_Bignum_Modulo_carry_top(input);
+    uint64_t i0 = input[0];
+    uint64_t i1 = input[1];
+    uint64_t i0_ = i0 & (((uint64_t)1 << (uint32_t)51) - (uint64_t)1);
+    uint64_t i1_ = i1 + (i0 >> (uint32_t)51);
+    input[0] = i0_;
+    input[1] = i1_;
+}
+
+static void
+Hacl_EC_Format_fcontract_trim(uint64_t *input)
+{
+    uint64_t a0 = input[0];
+    uint64_t a1 = input[1];
+    uint64_t a2 = input[2];
+    uint64_t a3 = input[3];
+    uint64_t a4 = input[4];
+    uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffed);
+    uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffff);
+    uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffff);
+    uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffff);
+    uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffff);
+    uint64_t mask = mask0 & mask1 & mask2 & mask3 & mask4;
+    uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffed & mask);
+    uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffff & mask);
+    uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffff & mask);
+    uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffff & mask);
+    uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffff & mask);
+    Hacl_EC_Format_upd_5_(input, a0_, a1_, a2_, a3_, a4_);
+}
+
+static void
+Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
+{
+    uint64_t t0 = input[0];
+    uint64_t t1 = input[1];
+    uint64_t t2 = input[2];
+    uint64_t t3 = input[3];
+    uint64_t t4 = input[4];
+    uint64_t o0 = t1 << (uint32_t)51 | t0;
+    uint64_t o1 = t2 << (uint32_t)38 | t1 >> (uint32_t)13;
+    uint64_t o2 = t3 << (uint32_t)25 | t2 >> (uint32_t)26;
+    uint64_t o3 = t4 << (uint32_t)12 | t3 >> (uint32_t)39;
+    Hacl_EC_Format_store_4(output, o0, o1, o2, o3);
+}
+
+static void
+Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
+{
+    Hacl_EC_Format_fcontract_first_carry_full(input);
+    Hacl_EC_Format_fcontract_second_carry_full(input);
+    Hacl_EC_Format_fcontract_trim(input);
+    Hacl_EC_Format_fcontract_store(output, input);
+}
+
+static void
+Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
+{
+    uint64_t *x = point;
+    uint64_t *z = point + (uint32_t)5;
+    uint64_t buf[10] = { 0 };
+    uint64_t *zmone = buf;
+    uint64_t *sc = buf + (uint32_t)5;
+    Hacl_Bignum_crecip(zmone, z);
+    Hacl_Bignum_fmul(sc, x, zmone);
+    Hacl_EC_Format_fcontract(scalar, sc);
+}
+
+static void
+Hacl_EC_crypto_scalarmult__(
+    uint8_t *mypublic,
+    uint8_t *scalar,
+    uint8_t *basepoint,
+    uint64_t *q)
+{
+    uint64_t buf[15] = { 0 };
+    uint64_t *nq = buf;
+    uint64_t *x = nq;
+    (void)(nq + (uint32_t)5);
+    (void)(buf + (uint32_t)5);
+    x[0] = (uint64_t)1;
+    Hacl_EC_Ladder_cmult(nq, scalar, q);
+    Hacl_EC_Format_scalar_of_point(mypublic, nq);
+}
+
+static void
+Hacl_EC_crypto_scalarmult_(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint, uint64_t *q)
+{
+    uint8_t e[32] = { 0 };
+    memcpy(e, secret, (uint32_t)32 * sizeof secret[0]);
+    uint8_t e0 = e[0];
+    uint8_t e31 = e[31];
+    uint8_t e01 = e0 & (uint8_t)248;
+    uint8_t e311 = e31 & (uint8_t)127;
+    uint8_t e312 = e311 | (uint8_t)64;
+    e[0] = e01;
+    e[31] = e312;
+    uint8_t *scalar = e;
+    Hacl_EC_crypto_scalarmult__(mypublic, scalar, basepoint, q);
+}
+
+void
+Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
+{
+    uint64_t buf[10] = { 0 };
+    uint64_t *x = buf;
+    uint64_t *z = buf + (uint32_t)5;
+    Hacl_EC_Format_fexpand(x, basepoint);
+    z[0] = (uint64_t)1;
+    uint64_t *q = buf;
+    Hacl_EC_crypto_scalarmult_(mypublic, secret, basepoint, q);
+}
+
+void *
+Curve25519_op_String_Access(FStar_Monotonic_HyperStack_mem h, uint8_t *b)
+{
+    return (void *)(uint8_t)0;
+}
+
+void
+Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
+{
+    Hacl_EC_crypto_scalarmult(mypublic, secret, basepoint);
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/verified/hacl_curve25519_64.h
@@ -0,0 +1,60 @@
+// Copyright 2016-2017 INRIA and Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/* This file was auto-generated by KreMLin! */
+
+#include "kremlib.h"
+#ifndef __Hacl_Curve25519_64_H
+#define __Hacl_Curve25519_64_H
+
+typedef uint64_t Hacl_Bignum_Constants_limb;
+
+typedef FStar_UInt128_t Hacl_Bignum_Constants_wide;
+
+typedef uint64_t Hacl_Bignum_Parameters_limb;
+
+typedef FStar_UInt128_t Hacl_Bignum_Parameters_wide;
+
+typedef uint32_t Hacl_Bignum_Parameters_ctr;
+
+typedef uint64_t *Hacl_Bignum_Parameters_felem;
+
+typedef FStar_UInt128_t *Hacl_Bignum_Parameters_felem_wide;
+
+typedef void *Hacl_Bignum_Parameters_seqelem;
+
+typedef void *Hacl_Bignum_Parameters_seqelem_wide;
+
+typedef FStar_UInt128_t Hacl_Bignum_Wide_t;
+
+typedef uint64_t Hacl_Bignum_Limb_t;
+
+extern void Hacl_Bignum_lemma_diff(Prims_int x0, Prims_int x1, Prims_pos x2);
+
+typedef uint64_t *Hacl_EC_Point_point;
+
+typedef uint8_t *Hacl_EC_Ladder_SmallLoop_uint8_p;
+
+typedef uint8_t *Hacl_EC_Ladder_uint8_p;
+
+typedef uint8_t *Hacl_EC_Format_uint8_p;
+
+void Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
+
+typedef uint8_t *Curve25519_uint8_p;
+
+void *Curve25519_op_String_Access(FStar_Monotonic_HyperStack_mem h, uint8_t *b);
+
+void Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
+#endif
--- a/security/nss/lib/freebl/verified/kremlib.h
+++ b/security/nss/lib/freebl/verified/kremlib.h
@@ -1,196 +1,93 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// Copyright 2016-2017 Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 #ifndef __KREMLIB_H
 #define __KREMLIB_H
 
-#include "kremlib_base.h"
+#include <inttypes.h>
+#include <stdlib.h>
 
-/* For tests only: we might need this function to be forward-declared, because
- * the dependency on WasmSupport appears very late, after SimplifyWasm, and
- * sadly, after the topological order has been done. */
-void WasmSupport_check_buffer_size(uint32_t s);
-
-/******************************************************************************/
-/* Stubs to ease compilation of non-Low* code                                 */
-/******************************************************************************/
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
 
-/* Some types that KreMLin has no special knowledge of; many of them appear in
- * signatures of ghost functions, meaning that it suffices to give them (any)
- * definition. */
-typedef void *FStar_Seq_Base_seq, *Prims_prop, *FStar_HyperStack_mem,
-    *FStar_Set_set, *Prims_st_pre_h, *FStar_Heap_heap, *Prims_all_pre_h,
-    *FStar_TSet_set, *Prims_list, *FStar_Map_t, *FStar_UInt63_t_,
-    *FStar_Int63_t_, *FStar_UInt63_t, *FStar_Int63_t, *FStar_UInt_uint_t,
-    *FStar_Int_int_t, *FStar_HyperStack_stackref, *FStar_Bytes_bytes,
-    *FStar_HyperHeap_rid, *FStar_Heap_aref, *FStar_Monotonic_Heap_heap,
-    *FStar_Monotonic_Heap_aref, *FStar_Monotonic_HyperHeap_rid,
-    *FStar_Monotonic_HyperStack_mem, *FStar_Char_char_;
-
-typedef const char *Prims_string;
-
-/* For "bare" targets that do not have a C stdlib, the user might want to use
- * [-add-include '"mydefinitions.h"'] and override these. */
-#ifndef KRML_HOST_PRINTF
-#define KRML_HOST_PRINTF printf
+// Define __cdecl and friends when using GCC, so that we can safely compile code
+// that contains __cdecl on all platforms.
+#ifndef _MSC_VER
+// Use the gcc predefined macros if on a platform/architectures that set them.
+// Otherwise define them to be empty.
+#ifndef __cdecl
+#define __cdecl
+#endif
+#ifndef __stdcall
+#define __stdcall
+#endif
+#ifndef __fastcall
+#define __fastcall
+#endif
 #endif
 
-#ifndef KRML_HOST_EXIT
-#define KRML_HOST_EXIT exit
+// GCC-specific attribute syntax; everyone else gets the standard C inline
+// attribute.
+#ifdef __GNU_C__
+#ifndef __clang__
+#define force_inline inline __attribute__((always_inline))
+#else
+#define force_inline inline
 #endif
-
-#ifndef KRML_HOST_MALLOC
-#define KRML_HOST_MALLOC malloc
+#else
+#define force_inline inline
 #endif
 
-/* In statement position, exiting is easy. */
-#define KRML_EXIT                                                                  \
-    do {                                                                           \
-        KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \
-        KRML_HOST_EXIT(254);                                                       \
-    } while (0)
+// Uppercase issue; we have to define lowercase version of the C macros (as we
+// have no way to refer to an uppercase *variable* in F*).
+extern int exit_success;
+extern int exit_failure;
 
-/* In expression position, use the comma-operator and a malloc to return an
- * expression of the right size. KreMLin passes t as the parameter to the macro.
- */
-#define KRML_EABORT(t, msg)                                                     \
-    (KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \
-     KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
+// Some types that KreMLin has no special knowledge of; many of them appear in
+// signatures of ghost functions, meaning that it suffices to give them (any)
+// definition.
+typedef void *Prims_pos, *Prims_nat, *Prims_nonzero, *FStar_Seq_Base_seq,
+    *Prims_int, *Prims_prop, *FStar_HyperStack_mem, *FStar_Set_set,
+    *Prims_st_pre_h, *FStar_Heap_heap, *Prims_all_pre_h, *FStar_TSet_set,
+    *Prims_string, *Prims_list, *FStar_Map_t, *FStar_UInt63_t_, *FStar_Int63_t_,
+    *FStar_UInt63_t, *FStar_Int63_t, *FStar_UInt_uint_t, *FStar_Int_int_t,
+    *FStar_HyperStack_stackref, *FStar_Bytes_bytes, *FStar_HyperHeap_rid,
+    *FStar_Heap_aref, *FStar_Monotonic_Heap_heap,
+    *FStar_Monotonic_HyperHeap_rid, *FStar_Monotonic_HyperStack_mem;
 
-/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
- * *elements*. Do an ugly, run-time check (some of which KreMLin can eliminate).
- */
-#define KRML_CHECK_SIZE(elt, size)                                            \
-    if (((size_t)size) > SIZE_MAX / sizeof(elt)) {                            \
-        KRML_HOST_PRINTF(                                                     \
-            "Maximum allocatable size exceeded, aborting before overflow at " \
-            "%s:%d\n",                                                        \
-            __FILE__, __LINE__);                                              \
-        KRML_HOST_EXIT(253);                                                  \
+#define KRML_CHECK_SIZE(elt, size)                                               \
+    if (((size_t)size) > SIZE_MAX / sizeof(elt)) {                               \
+        printf("Maximum allocatable size exceeded, aborting before overflow at " \
+               "%s:%d\n",                                                        \
+               __FILE__, __LINE__);                                              \
+        exit(253);                                                               \
     }
 
-/* A series of GCC atrocities to trace function calls (kremlin's [-d c-calls]
- * option). Useful when trying to debug, say, Wasm, to compare traces. */
-/* clang-format off */
-#ifdef __GNUC__
-#define KRML_FORMAT(X) _Generic((X),                                           \
-  uint8_t : "0x%08" PRIx8,                                                     \
-  uint16_t: "0x%08" PRIx16,                                                    \
-  uint32_t: "0x%08" PRIx32,                                                    \
-  uint64_t: "0x%08" PRIx64,                                                    \
-  int8_t  : "0x%08" PRIx8,                                                     \
-  int16_t : "0x%08" PRIx16,                                                    \
-  int32_t : "0x%08" PRIx32,                                                    \
-  int64_t : "0x%08" PRIx64,                                                    \
-  default : "%s")
-
-#define KRML_FORMAT_ARG(X) _Generic((X),                                       \
-  uint8_t : X,                                                                 \
-  uint16_t: X,                                                                 \
-  uint32_t: X,                                                                 \
-  uint64_t: X,                                                                 \
-  int8_t  : X,                                                                 \
-  int16_t : X,                                                                 \
-  int32_t : X,                                                                 \
-  int64_t : X,                                                                 \
-  default : "unknown")
-/* clang-format on */
-
-#define KRML_DEBUG_RETURN(X)                                        \
-    ({                                                              \
-        __auto_type _ret = (X);                                     \
-        KRML_HOST_PRINTF("returning: ");                            \
-        KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \
-        KRML_HOST_PRINTF(" \n");                                    \
-        _ret;                                                       \
-    })
-#endif
-
-#define FStar_Buffer_eqb(b1, b2, n) \
-    (memcmp((b1), (b2), (n) * sizeof((b1)[0])) == 0)
+// Endian-ness
 
-/* Stubs to make ST happy. Important note: you must generate a use of the macro
- * argument, otherwise, you may have FStar_ST_recall(f) as the only use of f;
- * KreMLin will think that this is a valid use, but then the C compiler, after
- * macro expansion, will error out. */
-#define FStar_HyperHeap_root 0
-#define FStar_Pervasives_Native_fst(x) (x).fst
-#define FStar_Pervasives_Native_snd(x) (x).snd
-#define FStar_Seq_Base_createEmpty(x) 0
-#define FStar_Seq_Base_create(len, init) 0
-#define FStar_Seq_Base_upd(s, i, e) 0
-#define FStar_Seq_Base_eq(l1, l2) 0
-#define FStar_Seq_Base_length(l1) 0
-#define FStar_Seq_Base_append(x, y) 0
-#define FStar_Seq_Base_slice(x, y, z) 0
-#define FStar_Seq_Properties_snoc(x, y) 0
-#define FStar_Seq_Properties_cons(x, y) 0
-#define FStar_Seq_Base_index(x, y) 0
-#define FStar_HyperStack_is_eternal_color(x) 0
-#define FStar_Monotonic_HyperHeap_root 0
-#define FStar_Buffer_to_seq_full(x) 0
-#define FStar_Buffer_recall(x)
-#define FStar_HyperStack_ST_op_Colon_Equals(x, v) KRML_EXIT
-#define FStar_HyperStack_ST_op_Bang(x) 0
-#define FStar_HyperStack_ST_salloc(x) 0
-#define FStar_HyperStack_ST_ralloc(x, y) 0
-#define FStar_HyperStack_ST_new_region(x) (0)
-#define FStar_Monotonic_RRef_m_alloc(x) \
-    {                                   \
-        0                               \
-    }
-
-#define FStar_HyperStack_ST_recall(x) \
-    do {                              \
-        (void)(x);                    \
-    } while (0)
-
-#define FStar_HyperStack_ST_recall_region(x) \
-    do {                                     \
-        (void)(x);                           \
-    } while (0)
-
-#define FStar_Monotonic_RRef_m_recall(x1, x2) \
-    do {                                      \
-        (void)(x1);                           \
-        (void)(x2);                           \
-    } while (0)
-
-#define FStar_Monotonic_RRef_m_write(x1, x2, x3, x4, x5) \
-    do {                                                 \
-        (void)(x1);                                      \
-        (void)(x2);                                      \
-        (void)(x3);                                      \
-        (void)(x4);                                      \
-        (void)(x5);                                      \
-    } while (0)
-
-/******************************************************************************/
-/* Endian-ness macros that can only be implemented in C                       */
-/******************************************************************************/
-
-/* ... for Linux */
+// ... for Linux
 #if defined(__linux__) || defined(__CYGWIN__)
 #include <endian.h>
 
-/* ... for OSX */
+// ... for OSX
 #elif defined(__APPLE__)
 #include <libkern/OSByteOrder.h>
 #define htole64(x) OSSwapHostToLittleInt64(x)
 #define le64toh(x) OSSwapLittleToHostInt64(x)
 #define htobe64(x) OSSwapHostToBigInt64(x)
 #define be64toh(x) OSSwapBigToHostInt64(x)
 
 #define htole16(x) OSSwapHostToLittleInt16(x)
@@ -198,138 +95,64 @@ typedef const char *Prims_string;
 #define htobe16(x) OSSwapHostToBigInt16(x)
 #define be16toh(x) OSSwapBigToHostInt16(x)
 
 #define htole32(x) OSSwapHostToLittleInt32(x)
 #define le32toh(x) OSSwapLittleToHostInt32(x)
 #define htobe32(x) OSSwapHostToBigInt32(x)
 #define be32toh(x) OSSwapBigToHostInt32(x)
 
-/* ... for Solaris */
-#elif defined(__sun__)
-#include <sys/byteorder.h>
-#define htole64(x) LE_64(x)
-#define le64toh(x) LE_IN64(x)
-#define htobe64(x) BE_64(x)
-#define be64toh(x) BE_IN64(x)
-
-#define htole16(x) LE_16(x)
-#define le16toh(x) LE_IN16(x)
-#define htobe16(x) BE_16(x)
-#define be16toh(x) BE_IN16(x)
+// ... for Windows
+#elif (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) && \
+    !defined(__WINDOWS__)
+#include <windows.h>
 
-#define htole32(x) LE_32(x)
-#define le32toh(x) LE_IN32(x)
-#define htobe32(x) BE_32(x)
-#define be32toh(x) BE_IN32(x)
+#if BYTE_ORDER == LITTLE_ENDIAN
 
-/* ... for the BSDs */
-#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
-#include <sys/endian.h>
-#elif defined(__OpenBSD__)
-#include <endian.h>
-
-/* ... for Windows (MSVC)... not targeting XBOX 360! */
-#elif defined(_MSC_VER)
-
+#if defined(_MSC_VER)
 #include <stdlib.h>
 #define htobe16(x) _byteswap_ushort(x)
 #define htole16(x) (x)
 #define be16toh(x) _byteswap_ushort(x)
 #define le16toh(x) (x)
 
 #define htobe32(x) _byteswap_ulong(x)
 #define htole32(x) (x)
 #define be32toh(x) _byteswap_ulong(x)
 #define le32toh(x) (x)
 
 #define htobe64(x) _byteswap_uint64(x)
 #define htole64(x) (x)
 #define be64toh(x) _byteswap_uint64(x)
 #define le64toh(x) (x)
 
-/* ... for Windows (GCC-like, e.g. mingw or clang) */
-#elif (defined(_WIN32) || defined(_WIN64)) && \
-    (defined(__GNUC__) || defined(__clang__))
+#elif defined(__GNUC__) || defined(__clang__)
 
 #define htobe16(x) __builtin_bswap16(x)
 #define htole16(x) (x)
 #define be16toh(x) __builtin_bswap16(x)
 #define le16toh(x) (x)
 
 #define htobe32(x) __builtin_bswap32(x)
 #define htole32(x) (x)
 #define be32toh(x) __builtin_bswap32(x)
 #define le32toh(x) (x)
 
 #define htobe64(x) __builtin_bswap64(x)
 #define htole64(x) (x)
 #define be64toh(x) __builtin_bswap64(x)
 #define le64toh(x) (x)
-
-/* ... generic big-endian fallback code */
-#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-
-/* byte swapping code inspired by:
- * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
- * */
+#endif
 
-#define htobe32(x) (x)
-#define be32toh(x) (x)
-#define htole32(x)                                                      \
-    (__extension__({                                                    \
-        uint32_t _temp = (x);                                           \
-        ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
-            ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
-    }))
-#define le32toh(x) (htole32((x)))
-
-#define htobe64(x) (x)
-#define be64toh(x) (x)
-#define htole64(x)                                           \
-    (__extension__({                                         \
-        uint64_t __temp = (x);                               \
-        uint32_t __low = htobe32((uint32_t)__temp);          \
-        uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
-        (((uint64_t)__low) << 32) | __high;                  \
-    }))
-#define le64toh(x) (htole64((x)))
+#endif
 
-/* ... generic little-endian fallback code */
-#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-
-#define htole32(x) (x)
-#define le32toh(x) (x)
-#define htobe32(x)                                                      \
-    (__extension__({                                                    \
-        uint32_t _temp = (x);                                           \
-        ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
-            ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
-    }))
-#define be32toh(x) (htobe32((x)))
+#endif
 
-#define htole64(x) (x)
-#define le64toh(x) (x)
-#define htobe64(x)                                           \
-    (__extension__({                                         \
-        uint64_t __temp = (x);                               \
-        uint32_t __low = htobe32((uint32_t)__temp);          \
-        uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
-        (((uint64_t)__low) << 32) | __high;                  \
-    }))
-#define be64toh(x) (htobe64((x)))
-
-/* ... couldn't determine endian-ness of the target platform */
-#else
-#error "Please define __BYTE_ORDER__!"
-
-#endif /* defined(__linux__) || ... */
-
-/* Loads and stores. These avoid undefined behavior due to unaligned memory
- * accesses, via memcpy. */
+// Loads and stores. These avoid undefined behavior due to unaligned memory
+// accesses, via memcpy.
 
 inline static uint16_t
 load16(uint8_t *b)
 {
     uint16_t x;
     memcpy(&x, b, 2);
     return x;
 }
@@ -378,148 +201,110 @@ store64(uint8_t *b, uint64_t i)
 #define load32_be(b) (be32toh(load32(b)))
 #define store32_be(b, i) (store32(b, htobe32(i)))
 
 #define load64_le(b) (le64toh(load64(b)))
 #define store64_le(b, i) (store64(b, htole64(i)))
 #define load64_be(b) (be64toh(load64(b)))
 #define store64_be(b, i) (store64(b, htobe64(i)))
 
-/******************************************************************************/
-/* Checked integers to ease the compilation of non-Low* code                  */
-/******************************************************************************/
-
-typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int,
-    krml_checked_int_t;
-
-inline static bool
-Prims_op_GreaterThanOrEqual(int32_t x, int32_t y)
-{
-    return x >= y;
-}
+// Integer types
+typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_;
+typedef int64_t FStar_Int64_t, FStar_Int64_t_;
+typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_;
+typedef int32_t FStar_Int32_t, FStar_Int32_t_;
+typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_;
+typedef int16_t FStar_Int16_t, FStar_Int16_t_;
+typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_;
+typedef int8_t FStar_Int8_t, FStar_Int8_t_;
 
-inline static bool
-Prims_op_LessThanOrEqual(int32_t x, int32_t y)
+// Constant time comparisons
+static inline uint8_t
+FStar_UInt8_eq_mask(uint8_t x, uint8_t y)
 {
-    return x <= y;
-}
-
-inline static bool
-Prims_op_GreaterThan(int32_t x, int32_t y)
-{
-    return x > y;
-}
-
-inline static bool
-Prims_op_LessThan(int32_t x, int32_t y)
-{
-    return x < y;
+    x = ~(x ^ y);
+    x &= x << 4;
+    x &= x << 2;
+    x &= x << 1;
+    return (int8_t)x >> 7;
 }
 
-#define RETURN_OR(x)                                                            \
-    do {                                                                        \
-        int64_t __ret = x;                                                      \
-        if (__ret < INT32_MIN || INT32_MAX < __ret) {                           \
-            KRML_HOST_PRINTF("Prims.{int,nat,pos} integer overflow at %s:%d\n", \
-                             __FILE__, __LINE__);                               \
-            KRML_HOST_EXIT(252);                                                \
-        }                                                                       \
-        return (int32_t)__ret;                                                  \
-    } while (0)
-
-inline static int32_t
-Prims_pow2(int32_t x)
+static inline uint8_t
+FStar_UInt8_gte_mask(uint8_t x, uint8_t y)
 {
-    RETURN_OR((int64_t)1 << (int64_t)x);
+    return ~(uint8_t)(((int32_t)x - y) >> 31);
 }
 
-inline static int32_t
-Prims_op_Multiply(int32_t x, int32_t y)
+static inline uint16_t
+FStar_UInt16_eq_mask(uint16_t x, uint16_t y)
 {
-    RETURN_OR((int64_t)x * (int64_t)y);
+    x = ~(x ^ y);
+    x &= x << 8;
+    x &= x << 4;
+    x &= x << 2;
+    x &= x << 1;
+    return (int16_t)x >> 15;
 }
 
-inline static int32_t
-Prims_op_Addition(int32_t x, int32_t y)
+static inline uint16_t
+FStar_UInt16_gte_mask(uint16_t x, uint16_t y)
 {
-    RETURN_OR((int64_t)x + (int64_t)y);
-}
-
-inline static int32_t
-Prims_op_Subtraction(int32_t x, int32_t y)
-{
-    RETURN_OR((int64_t)x - (int64_t)y);
+    return ~(uint16_t)(((int32_t)x - y) >> 31);
 }
 
-inline static int32_t
-Prims_op_Division(int32_t x, int32_t y)
+static inline uint32_t
+FStar_UInt32_eq_mask(uint32_t x, uint32_t y)
 {
-    RETURN_OR((int64_t)x / (int64_t)y);
-}
-
-inline static int32_t
-Prims_op_Modulus(int32_t x, int32_t y)
-{
-    RETURN_OR((int64_t)x % (int64_t)y);
+    x = ~(x ^ y);
+    x &= x << 16;
+    x &= x << 8;
+    x &= x << 4;
+    x &= x << 2;
+    x &= x << 1;
+    return ((int32_t)x) >> 31;
 }
 
-inline static int8_t
-FStar_UInt8_uint_to_t(int8_t x)