Update nss to 3.13.1 to build on kernel 3.x.
Stop splitting nss into several subpackages at build time.
Now everything of nss will build at the same time and shipped
with the following different packages.
* nss
* nss-libs
* nss-softokn
* nss-softokn-freebl
* nss-util
Fixes #10010
###############################################################################
name = nss
-version = 3.12.8
-release = 4
+version = 3.13.1
+release = 1
groups = System/Libraries
url = http://www.mozilla.org/projects/security/pki/nss/
v3 certificates, and other security standards.
end
-source_dl =
-sources
- %{thisapp}-stripped.tar.bz2
+sources += \
%{name}-pem-20100809.tar.bz2
-end
build
requires
chrpath
nspr-devel
- nss-softokn-devel
- nss-util-devel
perl
pkg-config
psmisc
export BUILD_OPT=1
export XCFLAGS=%{CFLAGS}
+ # Allow the usage of system libraries.
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+ # Define where to find nspr header files and libraries.
export NSPR_INCLUDE_DIR=/usr/include/nspr4
export NSPR_LIB_DIR=%{libdir}
- export NSS_INCLUDE_DIR=/usr/include/nss3
- export NSS_LIB_DIR=%{libdir}
+ # Disable support for SHA224.
+ export NO_SHA224_AVAILABLE=1
+ # Use sqlite from system.
export NSS_USE_SYSTEM_SQLITE=1
if "%{DISTRO_ARCH}" == "x86_64"
end
prepare
- # Extract tarball
- cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}-stripped.tar.bz2
+ # Extract tarball.
+ cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
- # Extract tarball into nss directory.
+ # Extract pem tarball into nss directory.
cd %{DIR_APP} && %{MACRO_EXTRACT} %{DIR_DL}/%{name}-pem-20100809.tar.bz2
# Apply all patches
%{MACRO_PATCHES}
-
- cp -vf %{DIR_SOURCE}/PayPalEE.cert \
- %{DIR_APP}/mozilla/security/nss/tests/libpkix/certs
end
build
end
install
+ # We have to do the complete install stuff self.
+
+ # Create directory layout.
mkdir -pv %{BUILDROOT}/usr/include/nss3
mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}}
mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig
mkdir -pv %{BUILDROOT}%{libdir}/nss/unsupported-tools
+ # Install all libraries.
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnss3.so \
%{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssckbi.so \
%{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnsssysinit.so \
%{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssutil3.so \
+ %{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsmime3.so \
%{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libssl3.so \
%{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsoftokn3.so \
+ %{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssdbm3.so \
+ %{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libfreebl3.so \
+ %{BUILDROOT}/%{libdir}
# Install the empty NSS db files
mkdir -pv %{BUILDROOT}/etc/pki/nssdb
install -p -v -m 755 mozilla/dist/*.OBJ/bin/ocspclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/pp %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/selfserv %{BUILDROOT}%{libdir}/nss/unsupported-tools
+ install -p -v -m 755 mozilla/dist/*.OBJ/bin/shlibsign %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/strsclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/symkeyutil %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/tstclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfyserv %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfychain %{BUILDROOT}%{libdir}/nss/unsupported-tools
+ chrpath --delete %{BUILDROOT}%{libdir}/nss/unsupported-tools/*
sed -e "s,@libdir@,%{libdir},g" \
-e "s,@prefix@,/usr,g" \
install -p -v -m 755 %{DIR_SOURCE}/setup-nsssysinit.sh %{BUILDROOT}/usr/bin
- # Set up our package file
- # The nspr_version and nss_{util|softokn}_version globals used
- # here match the ones nss has for its Requires.
-
- # XXX need to fix this
+ # Generate file for pkg-config.
sed \
-e "s,%libdir%,%{libdir},g" \
-e "s,%prefix%,/usr,g" \
-e "s,%includedir%,/usr/include/nss3,g" \
-e "s,%NSS_VERSION%,%{version},g" \
-e "s,%NSPR_VERSION%,$(nspr-config --version),g" \
- -e "s,%NSSUTIL_VERSION%,$(nss-util-config --version),g" \
- -e "s,%SOFTOKEN_VERSION%,$(nss-softokn-config --version),g" \
< %{DIR_SOURCE}/nss.pc.in \
> %{BUILDROOT}%{libdir}/pkgconfig/nss.pc
# Copy the include files we want
cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3
+ cp -vf mozilla/dist/private/nss/blapi.h %{BUILDROOT}/usr/include/nss3
chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h
-
- # remove the nss-util-devel headers
- cd %{BUILDROOT}/usr/include/nss3 && rm -vf \
- base64.h \
- ciferfam.h \
- nssb64.h \
- nssb64t.h \
- nsslocks.h \
- nssilock.h \
- nssilckt.h \
- nssrwlk.h \
- nssrwlkt.h \
- nssutil.h \
- pkcs11{,f,n,p,t,u}.h \
- portreg.h \
- secasn1.h \
- secasn1t.h \
- seccomon.h \
- secder.h \
- secdert.h \
- secdig.h \
- secdigt.h \
- secerr.h \
- secitem.h \
- secoid.h \
- secoidt.h \
- secport.h \
- utilrename.h
-
- # remove header shipped in nss-softokn-devel
- cd %{BUILDROOT}/usr/include/nss3 && rm -vf \
- blapit.h \
- ecl-exp.h \
- hasht.h \
- sechash.h \
- secmodt.h \
- shsign.h \
- nsslowhash.h
end
end
requires
nspr-devel
- %{name}
- nss-softokn-devel
- nss-util-devel
+ nss=%{thisver}
end
# Mozilla does no versioning :(
end
end
+ package %{name}-softokn
+ summary = Network Security Services Softoken Module.
+ description
+ Network Security Services Softoken Cryptographic Module.
+ end
+
+ requires = nss=%{thisver}
+
+ files
+ %{libdir}/libnssdbm3.so
+ %{libdir}/libsoftokn3.so
+ %{libdir}/nss/unsupported-tools/shlibsign
+ end
+ end
+
+ package %{name}-softokn-freebl
+ summary = Freebl library for the Network Security Services.
+ description
+ NSS Softoken Cryptographic Module Freelb Library.
+ end
+
+ requires
+ nss=%{thisver}
+ nss-softokn=%{thisver}
+ end
+
+ files = %{libdir}/libfreebl3.so
+ end
+
+ package %{name}-util
+ summary = Network Security Services Utilities Library.
+ description
+ Utilities for Network Security Services and the Softoken module.
+ end
+
+ requires = nss=%{thisver}
+
+ files = %{libdir}/libnssutil3.so
+ end
+
package %{name}-debuginfo
template DEBUGINFO
end
+++ /dev/null
-From 8bd0a0427e034262ff982fed98ca5e8c623165db Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 12 Jul 2010 16:31:01 -0600
-Subject: [PATCH] Add support for PKCS#8 encoded private keys
-
-The code supports PKCS#1 encoded RSA private keys that begin with the
-BEGIN RSA PRIVATE KEY header in PEM files. This patch adds support for
-RSA private keys encoded in PEM files that begin with the header
-BEGIN PRIVATE KEY which are in PKCS#8 format.
----
- prsa.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++------------------
- util.c | 3 +-
- 2 files changed, 110 insertions(+), 43 deletions(-)
-
-diff --git a/prsa.c b/prsa.c
-index 5b2f379..8d4fb92 100644
---- a/mozilla/security/nss/lib/ckfw/pem/prsa.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/prsa.c
-@@ -63,6 +63,35 @@ const SEC_ASN1Template pem_RSAPrivateKeyTemplate[] = {
- {0}
- };
-
-+static const SEC_ASN1Template pem_AttributeTemplate[] = {
-+ { SEC_ASN1_SEQUENCE,
-+ 0, NULL, sizeof(NSSLOWKEYAttribute) },
-+ { SEC_ASN1_OBJECT_ID, offsetof(NSSLOWKEYAttribute, attrType) },
-+ { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(NSSLOWKEYAttribute, attrValue),
-+ SEC_ASN1_SUB(SEC_AnyTemplate) },
-+ { 0 }
-+};
-+
-+static const SEC_ASN1Template pem_SetOfAttributeTemplate[] = {
-+ { SEC_ASN1_SET_OF, 0, pem_AttributeTemplate },
-+};
-+
-+const SEC_ASN1Template pem_PrivateKeyInfoTemplate[] = {
-+ { SEC_ASN1_SEQUENCE,
-+ 0, NULL, sizeof(NSSLOWKEYPrivateKeyInfo) },
-+ { SEC_ASN1_INTEGER,
-+ offsetof(NSSLOWKEYPrivateKeyInfo,version) },
-+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
-+ offsetof(NSSLOWKEYPrivateKeyInfo,algorithm),
-+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
-+ { SEC_ASN1_OCTET_STRING,
-+ offsetof(NSSLOWKEYPrivateKeyInfo,privateKey) },
-+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
-+ offsetof(NSSLOWKEYPrivateKeyInfo, attributes),
-+ pem_SetOfAttributeTemplate },
-+ { 0 }
-+};
-+
- /* Declarations */
- SECStatus pem_RSA_Sign(pemLOWKEYPrivateKey * key, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
-@@ -116,6 +145,79 @@ pem_DestroyPrivateKey(pemLOWKEYPrivateKey * privk)
- nss_ZFreeIf(privk);
- }
-
-+/* decode and parse the rawkey into the lpk structure */
-+static pemLOWKEYPrivateKey *
-+pem_getPrivateKey(PLArenaPool *arena, SECItem *rawkey, CK_RV * pError, NSSItem *modulus)
-+{
-+ pemLOWKEYPrivateKey *lpk = NULL;
-+ SECStatus rv = SECFailure;
-+ NSSLOWKEYPrivateKeyInfo *pki = NULL;
-+ SECItem *keysrc = NULL;
-+
-+ /* make sure SECOID is initialized - not sure why we have to do this outside of nss_Init */
-+ if (SECSuccess != (rv = SECOID_Init())) {
-+ *pError = CKR_GENERAL_ERROR;
-+ return NULL; /* wha???? */
-+ }
-+
-+ pki = (NSSLOWKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena,
-+ sizeof(NSSLOWKEYPrivateKeyInfo));
-+ if(!pki) {
-+ *pError = CKR_HOST_MEMORY;
-+ goto done;
-+ }
-+
-+ /* let's first see if this is a "raw" RSA private key or an RSA private key in PKCS#8 format */
-+ rv = SEC_ASN1DecodeItem(arena, pki, pem_PrivateKeyInfoTemplate, rawkey);
-+ if (rv != SECSuccess) {
-+ /* not PKCS#8 - assume it's a "raw" RSA private key */
-+ keysrc = rawkey;
-+ } else if (SECOID_GetAlgorithmTag(&pki->algorithm) == SEC_OID_PKCS1_RSA_ENCRYPTION) {
-+ keysrc = &pki->privateKey;
-+ } else { /* unsupported */
-+ *pError = CKR_FUNCTION_NOT_SUPPORTED;
-+ goto done;
-+ }
-+
-+ lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL,
-+ sizeof(pemLOWKEYPrivateKey));
-+ if (lpk == NULL) {
-+ *pError = CKR_HOST_MEMORY;
-+ goto done;
-+ }
-+
-+ lpk->arena = arena;
-+ lpk->keyType = pemLOWKEYRSAKey;
-+ prepare_low_rsa_priv_key_for_asn1(lpk);
-+
-+ /* I don't know what this is supposed to accomplish. We free the old
-+ modulus data and set it again, making a copy of the new data.
-+ But we just allocated a new empty key structure above with
-+ nss_ZAlloc. So lpk->u.rsa.modulus.data is NULL and
-+ lpk->u.rsa.modulus.len. If the intention is to free the old
-+ modulus data, why not just set it to NULL after freeing? Why
-+ go through this unnecessary and confusing copying code?
-+ */
-+ if (modulus) {
-+ nss_ZFreeIf(modulus->data);
-+ modulus->data = (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len);
-+ modulus->size = lpk->u.rsa.modulus.len;
-+ nsslibc_memcpy(modulus->data, lpk->u.rsa.modulus.data,
-+ lpk->u.rsa.modulus.len);
-+ }
-+
-+ /* decode the private key and any algorithm parameters */
-+ rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
-+ keysrc);
-+
-+ if (rv != SECSuccess) {
-+ goto done;
-+ }
-+
-+done:
-+ return lpk;
-+}
-+
- void
- pem_PopulateModulusExponent(pemInternalObject * io)
- {
-@@ -123,7 +225,7 @@ pem_PopulateModulusExponent(pemInternalObject * io)
- const NSSItem *keyType = pem_FetchAttribute(io, CKA_KEY_TYPE);
- pemLOWKEYPrivateKey *lpk = NULL;
- PLArenaPool *arena;
-- SECStatus rv;
-+ CK_RV pError = 0;
-
- /* make sure we have the right objects */
- if (((const NSSItem *) NULL == classItem) ||
-@@ -140,26 +242,12 @@ pem_PopulateModulusExponent(pemInternalObject * io)
- return;
- }
-
-- lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL,
-- sizeof(pemLOWKEYPrivateKey));
-+ lpk = pem_getPrivateKey(arena, io->u.key.key.privateKey, &pError, NULL);
- if (lpk == NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- return;
- }
-
-- lpk->arena = arena;
-- lpk->keyType = pemLOWKEYRSAKey;
-- prepare_low_rsa_priv_key_for_asn1(lpk);
--
-- /* decode the private key and any algorithm parameters */
-- rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
-- io->u.key.key.privateKey);
--
-- if (rv != SECSuccess) {
-- PORT_FreeArena(arena, PR_FALSE);
-- return;
-- }
--
- nss_ZFreeIf(io->u.key.key.modulus.data);
- io->u.key.key.modulus.data =
- (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len);
-@@ -252,13 +340,6 @@ pem_mdCryptoOperationRSAPriv_Create
- pemInternalCryptoOperationRSAPriv *iOperation;
- pemLOWKEYPrivateKey *lpk = NULL;
- PLArenaPool *arena;
-- SECStatus rv;
--
-- arena = PORT_NewArena(2048);
-- if (!arena) {
-- *pError = CKR_HOST_MEMORY;
-- return (NSSCKMDCryptoOperation *) NULL;
-- }
-
- /* make sure we have the right objects */
- if (((const NSSItem *) NULL == classItem) ||
-@@ -271,30 +352,15 @@ pem_mdCryptoOperationRSAPriv_Create
- return (NSSCKMDCryptoOperation *) NULL;
- }
-
-- lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL,
-- sizeof (pemLOWKEYPrivateKey));
-- if (lpk == NULL) {
-+ arena = PORT_NewArena(2048);
-+ if (!arena) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDCryptoOperation *) NULL;
- }
-- lpk->arena = arena;
-- lpk->keyType = pemLOWKEYRSAKey;
-- prepare_low_rsa_priv_key_for_asn1(lpk);
-
-- nss_ZFreeIf(iKey->u.key.key.modulus.data);
-- iKey->u.key.key.modulus.data =
-- (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len);
-- iKey->u.key.key.modulus.size = lpk->u.rsa.modulus.len;
-- nsslibc_memcpy(iKey->u.key.key.modulus.data, lpk->u.rsa.modulus.data,
-- lpk->u.rsa.modulus.len);
--
-- /* decode the private key and any algorithm parameters */
-- rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
-- iKey->u.key.key.privateKey);
--
-- if (rv != SECSuccess) {
-+ lpk = pem_getPrivateKey(arena, iKey->u.key.key.privateKey, pError, &iKey->u.key.key.modulus);
-+ if (lpk == NULL) {
- PORT_FreeArena(arena, PR_FALSE);
-- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDCryptoOperation *) NULL;
- }
-
-diff --git a/util.c b/util.c
-index a6ca094..d02ee87 100644
---- a/mozilla/security/nss/lib/ckfw/pem/util.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/util.c
-@@ -164,7 +164,8 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
- int key = 0;
- while ((asc) && ((body = strstr(asc, "-----BEGIN")) != NULL)) {
- key = 0;
-- if (strncmp(body, "-----BEGIN RSA PRIVATE KEY", 25) == 0) {
-+ if ((strncmp(body, "-----BEGIN RSA PRIVATE KEY", 25) == 0) ||
-+ (strncmp(body, "-----BEGIN PRIVATE KEY", 21) == 0)) {
- key = 1;
- c = body;
- body = strchr(body, '\n');
---
-1.5.5.6
-
--- /dev/null
+From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001
+From: Elio Maldonado <emaldona@redhat.com>
+Date: Tue, 12 Apr 2011 09:31:48 -0700
+Subject: [PATCH] Bug 695011 PEM logging
+
+Use NSPR logging facilities for PEM logging to fix a segmenation violation
+caused when user cannot for write a log file created by root
+---
+ mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++-
+ mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------
+ 2 files changed, 22 insertions(+), 15 deletions(-)
+
+diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
+index 839d40b..720525e 100644
+--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h
++++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
+@@ -1,3 +1,6 @@
++#ifndef CKPEM_H
++#define CKPEM_H
++
+ #include "nssckmdt.h"
+ #include "nssckfw.h"
+ #include "ckfwtm.h"
+@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
+ /* ptoken.c */
+ NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
+
++/* util.c */
+ void open_log();
+-void close_log();
+ void plog(const char *fmt, ...);
+
+-#define PEM_H 1
++#endif /* CKPEM_H */
+diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c
+index 853f418..fafb924 100644
+--- a/mozilla/security/nss/lib/ckfw/pem/util.c
++++ b/mozilla/security/nss/lib/ckfw/pem/util.c
+@@ -41,6 +41,7 @@
+ #include "prtime.h"
+ #include "prlong.h"
+ #include "prerror.h"
++#include "prlog.h"
+ #include "prprf.h"
+ #include "plgetopt.h"
+ #include "prenv.h"
+@@ -51,6 +52,9 @@
+ #include "cryptohi.h"
+ #include "secpkcs7.h"
+ #include "secerr.h"
++
++#include "ckpem.h"
++
+ #include <stdarg.h>
+
+ #define CHUNK_SIZE 512
+@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
+ return -1;
+ }
+
+-FILE *plogfile;
++#ifdef DEBUG
++#define LOGGING_BUFFER_SIZE 400
++#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log"
++static const char *pemLogModuleName = "PEM";
++static PRLogModuleInfo* pemLogModule;
++#endif
+
+ void open_log()
+ {
+ #ifdef DEBUG
+- plogfile = fopen("/tmp/pkcs11.log", "a");
+-#endif
++ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE");
+
+- return;
+-}
++ pemLogModule = PR_NewLogModule(pemLogModuleName);
+
+-void close_log()
+-{
+-#ifdef DEBUG
+- fclose(plogfile);
++ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE);
++ /* If false, the log file will remain what it was before */
+ #endif
+- return;
+ }
+
+ void plog(const char *fmt, ...)
+ {
+ #ifdef DEBUG
++ char buf[LOGGING_BUFFER_SIZE];
+ va_list ap;
+
+ va_start(ap, fmt);
+- vfprintf(plogfile, fmt, ap);
++ PR_vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+-
+- fflush(plogfile);
++ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf));
+ #endif
+ }
+--
+1.7.4.2
+
+++ /dev/null
-From 9b7334b61cf3277e5eb48b716f6719b4636e2572 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 12 Jul 2010 17:21:01 -0600
-Subject: [PATCH] Do not define SEC_SkipTemplate
-
-Building NSS with PEM support gives an error in pbobject due to multiple
-definitions of SEC_SkipTemplate. This is already defined in libnssutil
----
- pobject.c | 3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/pobject.c b/pobject.c
-index 81b9028..48f5e78 100644
---- a/mozilla/security/nss/lib/ckfw/pem/pobject.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/pobject.c
-@@ -172,6 +172,8 @@ static const NSSItem pem_trusted = {
- (void *) &ckt_netscape_trusted, (PRUint32) sizeof(CK_TRUST)
- };
-
-+/* SEC_SkipTemplate is already defined and exported by libnssutil */
-+#ifdef SEC_SKIP_TEMPLATE
- /*
- * Template for skipping a subitem.
- *
-@@ -182,6 +184,7 @@ static const NSSItem pem_trusted = {
- const SEC_ASN1Template SEC_SkipTemplate[] = {
- {SEC_ASN1_SKIP}
- };
-+#endif
-
- /*
- * Find the subjectName in a DER encoded certificate
---
-1.5.5.6
-
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 2011-09-10 10:21:38.819248564 -0700
++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:28:47.970083785 -0700
+@@ -1117,7 +1117,7 @@ pem_CreateObject
+
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs < 1)
+- return (NSSCKMDObject *) NULL;
++ goto loser;
+
+ objid = -1;
+ /* Brute force: find the id of the key, if any, in this slot */
+@@ -1176,7 +1176,7 @@ pem_CreateObject
+
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
+ if (nobjs < 1)
+- return (NSSCKMDObject *) NULL;
++ goto loser;
+
+ certDER.len = 0; /* in case there is no equivalent cert */
+ certDER.data = NULL;
--- /dev/null
+diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
+--- mozilla/security/nss/lib/nss/nssinit.c.784672 2012-01-26 14:43:46.232357231 -0800
++++ mozilla/security/nss/lib/nss/nssinit.c 2012-01-26 14:50:55.830512565 -0800
+@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
+ {
+ int i;
+
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
++
+ PZ_Lock(nssInitLock);
+ if (!NSS_IsInitialized()) {
+ PZ_Unlock(nssInitLock);
+@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
+ {
+ int i;
+
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
+ PZ_Lock(nssInitLock);
+ if (!NSS_IsInitialized()) {
+ PZ_Unlock(nssInitLock);
+@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
+ {
+ SECStatus rv = SECSuccess;
+
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
+ PZ_Lock(nssInitLock);
+ /* If one or more threads are in the middle of init, wait for them
+ * to complete */
--- /dev/null
+diff -up nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h
+--- nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo 2011-11-10 12:44:17.683967574 -0600
++++ nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h 2011-11-10 12:44:24.146886778 -0600
+@@ -362,7 +362,7 @@ typedef CK_ULONG CK_TRUST;
+ * cast the resulting value to the deprecated type in the #define, thus
+ * producting the warning when the #define is used.
+ */
+-#if (__GNUC__ == 4) && (__GNUC_MINOR < 5)
++#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
+ /* The mac doesn't like the friendlier deprecate messages. I'm assuming this
+ * is a gcc version issue rather than mac or ppc specific */
+ typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
--- /dev/null
+diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
+--- ./mozilla/security/nss/cmd/manifest.mn.nofipstest 2011-12-03 22:54:40.969914919 -0800
++++ ./mozilla/security/nss/cmd/manifest.mn 2011-12-03 22:55:12.348505822 -0800
+@@ -54,7 +54,6 @@ DIRS = lib \
+ dbtest \
+ derdump \
+ digest \
+- fipstest \
+ makepqg \
+ multinit \
+ ocspclnt \
+@@ -84,6 +83,7 @@ DIRS = lib \
+ $(NULL)
+
+ TEMPORARILY_DONT_BUILD = \
++ fipstest \
+ $(NULL)
+
+ # rsaperf \
--- /dev/null
+diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk
+--- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800
++++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800
+@@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3
+ USE_SYSTEM_FREEBL = 1
+ FREEBL_LIBS = -lfreebl3
+
++#
++# Don't compile code that requires SHA224 if it isn't avilable
++# Such is the case when system freebl/softokn is the 3.12 one
++#
++ifdef NO_SHA224_AVAILABLE
++CFLAGS+=-DNO_SHA224_AVAILABLE
++endif
++
+ # The -rpath '$$ORIGIN' linker option instructs this library to search for its
+ # dependencies in the same directory where it resides.
+ ifeq ($(BUILD_SUN_PKG), 1)
+diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c
+--- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700
++++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800
+@@ -686,7 +686,9 @@ typedef enum {
+ bltestMD2, /* Hash algorithms */
+ bltestMD5, /* . */
+ bltestSHA1, /* . */
++#ifndef NO_SHA224_AVAILABLE
+ bltestSHA224, /* . */
++#endif
+ bltestSHA256, /* . */
+ bltestSHA384, /* . */
+ bltestSHA512, /* . */
+@@ -721,7 +723,9 @@ static char *mode_strings[] =
+ "md2",
+ "md5",
+ "sha1",
++#ifndef NO_SHA224_AVAILABLE
+ "sha224",
++#endif
+ "sha256",
+ "sha384",
+ "sha512",
+@@ -1761,6 +1765,7 @@ finish:
+ return rv;
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ SECStatus
+ SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+ {
+@@ -1800,6 +1805,7 @@ finish:
+ SHA224_DestroyContext(cx, PR_TRUE);
+ return rv;
+ }
++#endif
+
+ SECStatus
+ SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
+ cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
+ return SECSuccess;
+ break;
++#ifndef NO_SHA224_AVAILABLE
+ case bltestSHA224:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
+ cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
+ : SHA224_HashBuf;
+ return SECSuccess;
++#endif
+ break;
+ case bltestSHA256:
+ restart = cipherInfo->params.hash.restart;
+@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf
+ case bltestMD2: /* hash contexts are ephemeral */
+ case bltestMD5:
+ case bltestSHA1:
++#ifndef NO_SHA224_AVAILABLE
+ case bltestSHA224:
++#endif
+ case bltestSHA256:
+ case bltestSHA384:
+ case bltestSHA512:
+@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar
+ case bltestMD2:
+ case bltestMD5:
+ case bltestSHA1:
++#ifndef NO_SHA224_AVAILABLE
+ case bltestSHA224:
++#endif
+ case bltestSHA256:
+ case bltestSHA384:
+ case bltestSHA512:
+diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c
+--- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800
++++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800
+@@ -41,6 +41,10 @@
+ #include "blapi.h"
+ #include "secutil.h"
+
++#ifdef NO_SHA224_AVAILABLE
++PRBool BLAPI_SHVerifyFile(const char *shName);
++#endif
++
+ static int Usage()
+ {
+ fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
+diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c
+--- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700
++++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800
+@@ -86,6 +86,14 @@ static char consoleName[] = {
+ #include "nssutil.h"
+ #include "ssl.h"
+
++/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
++ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
++ * but invisible here for some reason
++ */
++#ifndef CERTDB_TERMINAL_RECORD
++#define CERTDB_TERMINAL_RECORD (1<<0)
++#endif
++
+
+ void
+ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
+@@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[]
+ { 0 }
+ };
+
++/* if no sha224 then no psapss either */
++#ifndef NO_SHA224_AVAILABLE
+ void
+ secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
+ {
+@@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
+ }
+ PORT_FreeArena(pool, PR_FALSE);
+ }
++#endif
+
+ void
+ secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
+@@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo
+ return;
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
+ secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
+ return;
+ }
++#endif
+
+ if (a->parameters.len == 0
+ || (a->parameters.len == 2
+@@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char
+ hashAlgTag = SEC_OID_MD5;
+ } else if (!PL_strcmp(alg, "SHA1")) {
+ hashAlgTag = SEC_OID_SHA1;
++#ifndef NO_SHA224_AVAILABLE
+ } else if (!PL_strcmp(alg, "SHA224")) {
+ hashAlgTag = SEC_OID_SHA224;
++#endif
+ } else if (!PL_strcmp(alg, "SHA256")) {
+ hashAlgTag = SEC_OID_SHA256;
+ } else if (!PL_strcmp(alg, "SHA384")) {
+diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c
+--- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800
++++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800
+@@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR
+
+ mech_str digestMechs[] = {
+ {CKM_SHA_1, "CKM_SHA_1 "},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224, "CKM_SHA224"},
++#endif
+ {CKM_SHA256, "CKM_SHA256"},
+ {CKM_SHA384, "CKM_SHA384"},
+ {CKM_SHA512, "CKM_SHA512"}
+ };
+ mech_str hmacMechs[] = {
+ {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
++#endif
+ {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
+ {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
+ {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
+ };
+ mech_str sigRSAMechs[] = {
+ {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
++#endif
+ {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
+ {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
+ {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
+diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c
+--- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700
++++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800
+@@ -91,10 +91,12 @@ sha1_NewContext(void) {
+ return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ static void *
+ sha224_NewContext(void) {
+ return (void *) PK11_CreateDigestContext(SEC_OID_SHA224);
+ }
++#endif
+
+ static void *
+ sha256_NewContext(void) {
+@@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = {
+ SHA512_BLOCK_LENGTH,
+ HASH_AlgSHA512
+ },
++#ifndef NO_SHA224_AVAILABLE
+ { SHA224_LENGTH,
+ (void * (*)(void)) sha224_NewContext,
+ (void * (*)(void *)) PK11_CloneContext,
+@@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = {
+ SHA224_BLOCK_LENGTH,
+ HASH_AlgSHA224
+ },
++#endif
+ };
+
+ const SECHashObject *
+@@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO
+ case SEC_OID_MD2: ht = HASH_AlgMD2; break;
+ case SEC_OID_MD5: ht = HASH_AlgMD5; break;
+ case SEC_OID_SHA1: ht = HASH_AlgSHA1; break;
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_SHA224: ht = HASH_AlgSHA224; break;
++#endif
+ case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
+ case SEC_OID_SHA384: ht = HASH_AlgSHA384; break;
+ case SEC_OID_SHA512: ht = HASH_AlgSHA512; break;
+@@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
+ /* no oid exists for HMAC_MD2 */
+ /* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break;
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break;
++#endif
+ case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break;
+ case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break;
+ case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break;
+@@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag
+ /* no oid exists for HMAC_MD2 */
+ /* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break;
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break;
++#endif
+ case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break;
+ case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break;
+ case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break;
+diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c
+--- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700
++++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800
+@@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) {
+ * should be handing us a cipher type */
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
++#endif
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c
+--- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700
++++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800
+@@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+ *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
+ break;
+-
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_SHA224;
+ break;
++#endif
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_SHA256;
+@@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ len = SECKEY_PublicKeyStrength(key);
+ if (len < 28) { /* 28 bytes == 224 bits */
+ *hashalg = SEC_OID_SHA1;
++#ifndef NO_SHA224_AVAILABLE
+ } else if (len < 32) { /* 32 bytes == 256 bits */
+ *hashalg = SEC_OID_SHA224;
++#endif
+ } else if (len < 48) { /* 48 bytes == 384 bits */
+ *hashalg = SEC_OID_SHA256;
+ } else if (len < 64) { /* 48 bytes == 512 bits */
+@@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+ case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
++#endif
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+@@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ *encalg = SEC_OID_MISSI_DSS;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
++#endif
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h
+--- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800
+@@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi
+ extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
+
+ /******************************************/
+-
++#ifndef NO_SHA224_AVAILABLE
+ extern SHA224Context *SHA224_NewContext(void);
+ extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
+ extern void SHA224_Begin(SHA224Context *cx);
+@@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S
+ extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
+ extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
+ extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
++#endif
+
+ /******************************************/
+
+diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c
+--- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800
+@@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect
+ JPAKE_Verify,
+ JPAKE_Round2,
+ JPAKE_Final,
+-
++#ifndef NO_SHA224_AVAILABLE
+ /* End of Version 3.012 */
+
+ TLS_P_hash,
+@@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect
+ SHA224_Resurrect,
+ SHA224_Clone,
+ BLAPI_SHVerifyFile
+-
++#endif
+ /* End of Version 3.013 */
+ };
+
+diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c
+--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800
+@@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void )
+ 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
+ 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
+ 0xe0,0x68,0x47,0x7a};
+-
++#ifndef NO_SHA224_AVAILABLE
+ /* SHA-224 Known Digest Message (224-bits). */
+ static const PRUint8 sha224_known_digest[] = {
+ 0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb,
+ 0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8,
+ 0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64,
+ 0x9a,0xb8,0x98,0x4e};
+-
++#endif
+ /* SHA-256 Known Digest Message (256-bits). */
+ static const PRUint8 sha256_known_digest[] = {
+ 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
+@@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
+ ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
+ SHA1_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
+-
++#ifndef NO_SHA224_AVAILABLE
+ /***************************************************/
+ /* SHA-224 Single-Round Known Answer Hashing Test. */
+ /***************************************************/
+@@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
+ ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
+ SHA224_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
+-
++#endif
+ /***************************************************/
+ /* SHA-256 Single-Round Known Answer Hashing Test. */
+ /***************************************************/
+diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c
+--- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800
+@@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[]
+ SHA512_BLOCK_LENGTH,
+ HASH_AlgSHA512
+ },
++#ifndef NO_SHA224_AVAILABLE
+ { SHA224_LENGTH,
+ (void * (*)(void)) SHA224_NewContext,
+ (void * (*)(void *)) null_hash_clone_context,
+@@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[]
+ SHA224_BLOCK_LENGTH,
+ HASH_AlgSHA224
+ },
++#endif
+ };
+
+ const SECHashObject *
+diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c
+--- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800
+@@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S
+ memcpy(dest, src, sizeof *dest);
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ /* ============= SHA224 implementation ================================== */
+
+ /* SHA-224 initial hash values */
+@@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S
+ {
+ SHA256_Clone(dest, src);
+ }
+-
++#endif
+
+ /* ======= SHA512 and SHA384 common constants and defines ================= */
+
+diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c
+--- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700
++++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800
+@@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
+ 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
+ 0x5d, 0x0e, 0x1e, 0x11};
+
++#ifndef NO_SHA224_AVAILABLE
+ /* known SHA224 hmac (28 bytes) */
+ static const PRUint8 known_SHA224_hmac[] = {
+ 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
+ 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
+ 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
+ 0x9a, 0xb8, 0x98, 0x4e};
++#endif
+
+ /* known SHA256 hmac (32 bytes) */
+ static const PRUint8 known_SHA256_hmac[] = {
+@@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
+ /* HMAC SHA-224 Single-Round Known Answer Test. */
+ /***************************************************/
+
++#ifndef NO_SHA224_AVAILABLE
+ hmac_status = sftk_fips_HMAC(hmac_computed,
+ HMAC_known_secret_key,
+ HMAC_known_secret_key_length,
+@@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
+ ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
+ SHA224_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
++#endif
+
+ /***************************************************/
+ /* HMAC SHA-256 Single-Round Known Answer Test. */
+@@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void )
+ 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
+ 0xe0,0x68,0x47,0x7a};
+
++#ifndef NO_SHA224_AVAILABLE
+ /* SHA-224 Known Digest Message (224-bits). */
+ static const PRUint8 sha224_known_digest[] = {
+ 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
+ 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
+ 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
+ 0x8e,0x08,0xe5,0xcb};
++#endif
+
+ /* SHA-256 Known Digest Message (256-bits). */
+ static const PRUint8 sha256_known_digest[] = {
+@@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
+ /* SHA-224 Single-Round Known Answer Hashing Test. */
+ /***************************************************/
+
++#ifndef NO_SHA224_AVAILABLE
+ sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH );
+
+@@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
+ ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
+ SHA224_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
++#endif
+
+ /***************************************************/
+ /* SHA-256 Single-Round Known Answer Hashing Test. */
+diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c
+--- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700
++++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800
+@@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h
+ INIT_MECH(CKM_MD2, MD2)
+ INIT_MECH(CKM_MD5, MD5)
+ INIT_MECH(CKM_SHA_1, SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_MECH(CKM_SHA224, SHA224)
++#endif
+ INIT_MECH(CKM_SHA256, SHA256)
+ INIT_MECH(CKM_SHA384, SHA384)
+ INIT_MECH(CKM_SHA512, SHA512)
+@@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co
+ DOSUB(MD2)
+ DOSUB(MD5)
+ DOSUB(SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ DOSUB(SHA224)
++#endif
+ DOSUB(SHA256)
+ DOSUB(SHA384)
+ DOSUB(SHA512)
+@@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
+ INIT_RSA_SIGN_MECH(MD5)
+ INIT_RSA_SIGN_MECH(MD2)
+ INIT_RSA_SIGN_MECH(SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_RSA_SIGN_MECH(SHA224)
++#endif
+ INIT_RSA_SIGN_MECH(SHA256)
+ INIT_RSA_SIGN_MECH(SHA384)
+ INIT_RSA_SIGN_MECH(SHA512)
+@@ -2131,7 +2137,9 @@ finish_rsa:
+
+ INIT_HMAC_MECH(MD2)
+ INIT_HMAC_MECH(MD5)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_HMAC_MECH(SHA224)
++#endif
+ INIT_HMAC_MECH(SHA256)
+ INIT_HMAC_MECH(SHA384)
+ INIT_HMAC_MECH(SHA512)
+@@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
+ INIT_RSA_VFY_MECH(MD5)
+ INIT_RSA_VFY_MECH(MD2)
+ INIT_RSA_VFY_MECH(SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_RSA_VFY_MECH(SHA224)
++#endif
+ INIT_RSA_VFY_MECH(SHA256)
+ INIT_RSA_VFY_MECH(SHA384)
+ INIT_RSA_VFY_MECH(SHA512)
+@@ -2626,7 +2636,9 @@ finish_rsa:
+
+ INIT_HMAC_MECH(MD2)
+ INIT_HMAC_MECH(MD5)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_HMAC_MECH(SHA224)
++#endif
+ INIT_HMAC_MECH(SHA256)
+ INIT_HMAC_MECH(SHA384)
+ INIT_HMAC_MECH(SHA512)
+diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c
+--- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800
++++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800
+@@ -311,8 +311,10 @@ static const struct mechanismList mechan
+ CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+ CKF_SN_VR}, PR_TRUE},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+ CKF_SN_VR}, PR_TRUE},
++#endif
+ {CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+ CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+@@ -401,9 +403,11 @@ static const struct mechanismList mechan
+ {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE},
+ {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE},
+ {CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
++#endif
+ {CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE},
+ {CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
+diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c
+--- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700
++++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800
+@@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY
+ case CKM_SHA_1:
+ case CKG_MGF1_SHA1:
+ return HASH_AlgSHA1;
++#ifndef NO_SHA224_AVAILABLE
+ case CKM_SHA224:
+ case CKG_MGF1_SHA224:
+ return HASH_AlgSHA224;
++#endif
+ case CKM_SHA256:
+ case CKG_MGF1_SHA256:
+ return HASH_AlgSHA256;
+diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt
+--- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700
++++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800
+@@ -73,7 +73,6 @@
+ 0 md2_-H MD2_Hash
+ 0 md5_-H MD5_Hash
+ 0 sha1_-H SHA1_Hash
+- 0 sha224_-H SHA224_Hash
+ 0 sha256_-H SHA256_Hash
+ 0 sha384_-H SHA384_Hash
+ 0 sha512_-H SHA512_Hash
--- /dev/null
+diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh
+--- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot 2011-04-06 09:56:07.207701000 -0700
++++ ./mozilla/security/nss/tests/dbtests/dbtests.sh 2011-04-06 10:19:54.159552000 -0700
+@@ -201,6 +201,9 @@ dbtest_main()
+ cat $RONLY_DIR/* > /dev/null
+ fi
+
++ # skipping the next two tests when user is root,
++ # otherwise they would fail due to rooty powers
++ if [[ $EUID -ne 0 ]] then
+ ${BINDIR}/dbtest -d $RONLY_DIR
+ ret=$?
+ if [ $ret -ne 46 ]; then
+@@ -208,6 +211,10 @@ dbtest_main()
+ else
+ html_passed "Dbtest r/w didn't work in an readonly dir $ret"
+ fi
++ else
++ html_passed "Skipping Dbtest r/w in a readonly dir because user is root"
++ fi
++ if [[ $EUID -ne 0 ]] then
+ ${BINDIR}/certutil -D -n "TestUser" -d .
+ ret=$?
+ if [ $ret -ne 255 ]; then
+@@ -215,6 +222,9 @@ dbtest_main()
+ else
+ html_passed "Certutil didn't work in an readonly dir $ret"
+ fi
++ else
++ html_passed "Skipping Certutil delete cert in an readonly directory test because user is root"
++ fi
+
+ Echo "test opening the database ronly in a readonly directory"
+
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c
+--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 2011-11-03 16:29:17.081000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c 2011-11-03 08:11:57.000000000 -0700
+@@ -35,7 +35,7 @@
+ *
+ * ***** END LICENSE BLOCK ***** */
+ #ifdef DEBUG
+-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $";
++static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $";
+ #endif /* DEBUG */
+
+ #ifndef BUILTINS_H
+@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built
+ static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ };
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
++};
+ #ifdef DEBUG
+ static const NSSItem nss_builtins_items_0 [] = {
+ { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"CVS ID", (PRUint32)7 },
+ { (void *)"NSS", (PRUint32)4 },
+- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $", (PRUint32)160 }
++ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $", (PRUint32)160 }
+ };
+ #endif /* DEBUG */
+ static const NSSItem nss_builtins_items_1 [] = {
+@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+ };
++static const NSSItem nss_builtins_items_340 [] = {
++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
++ { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
++"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151"
++"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156"
++"\162\151\143\150\051"
++, (PRUint32)101 },
++ { (void *)"0", (PRUint32)2 },
++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
++"\141\154\040\122\157\157\164"
++, (PRUint32)119 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007"
++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
++"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023"
++"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124"
++"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060"
++"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145"
++"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163"
++"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023"
++"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
++"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060"
++"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062"
++"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060"
++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
++"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003"
++"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145"
++"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051"
++"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
++"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144"
++"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376"
++"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312"
++"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225"
++"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152"
++"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173"
++"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335"
++"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177"
++"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001"
++"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035"
++"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134"
++"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001"
++"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005"
++"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142"
++"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164"
++"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056"
++"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003"
++"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006"
++"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061"
++"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026"
++"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157"
++"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023"
++"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
++"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061"
++"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171"
++"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040"
++"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004"
++"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072"
++"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165"
++"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103"
++"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060"
++"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027"
++"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015"
++"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
++"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005"
++"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325"
++"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377"
++"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222"
++"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113"
++"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362"
++"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305"
++"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143"
++"\131"
++, (PRUint32)977 }
++};
++static const NSSItem nss_builtins_items_341 [] = {
++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
++ { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025"
++"\214\071\131\117"
++, (PRUint32)20 },
++ { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152"
++, (PRUint32)16 },
++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
++"\141\154\040\122\157\157\164"
++, (PRUint32)119 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
++};
++static const NSSItem nss_builtins_items_342 [] = {
++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
++ { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
++"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151"
++"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050"
++"\105\156\162\151\143\150\051"
++, (PRUint32)103 },
++ { (void *)"0", (PRUint32)2 },
++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
++"\040\050\062\060\064\070\051"
++, (PRUint32)183 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007"
++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
++"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012"
++"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060"
++"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162"
++"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070"
++"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056"
++"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061"
++"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071"
++"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114"
++"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023"
++"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162"
++"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157"
++"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061"
++"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065"
++"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060"
++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
++"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003"
++"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145"
++"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143"
++"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015"
++"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202"
++"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065"
++"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140"
++"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026"
++"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313"
++"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336"
++"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245"
++"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044"
++"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167"
++"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026"
++"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166"
++"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063"
++"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312"
++"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364"
++"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046"
++"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150"
++"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205"
++"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060"
++"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006"
++"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001"
++"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006"
++"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005"
++"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006"
++"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006"
++"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072"
++"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156"
++"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006"
++"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005"
++"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167"
++"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171"
++"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004"
++"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072"
++"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145"
++"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003"
++"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060"
++"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321"
++"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160"
++"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003"
++"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153"
++"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003"
++"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001"
++"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014"
++"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063"
++"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142"
++"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264"
++"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251"
++"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330"
++"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327"
++"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013"
++"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113"
++"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227"
++"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100"
++"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247"
++"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011"
++"\355\020\342\305"
++, (PRUint32)1236 }
++};
++static const NSSItem nss_builtins_items_343 [] = {
++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
++ { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151"
++"\005\155\061\046"
++, (PRUint32)20 },
++ { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362"
++, (PRUint32)16 },
++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
++"\040\050\062\060\064\070\051"
++, (PRUint32)183 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
++};
+
+ builtinsInternalObject
+ nss_builtins_data[] = {
+@@ -22944,11 +23216,15 @@ nss_builtins_data[] = {
+ { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
+ { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
+ { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
+- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
++ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
++ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
++ { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} },
++ { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} },
++ { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} }
+ };
+ const PRUint32
+ #ifdef DEBUG
+- nss_builtins_nObjects = 339+1;
++ nss_builtins_nObjects = 343+1;
+ #else
+- nss_builtins_nObjects = 339;
++ nss_builtins_nObjects = 343;
+ #endif /* DEBUG */
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 2011-11-03 16:29:42.293000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2011-11-03 08:11:58.000000000 -0700
+@@ -34,7 +34,7 @@
+ # the terms of any one of the MPL, the GPL or the LGPL.
+ #
+ # ***** END LICENSE BLOCK *****
+-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.79 $ $Date: 2011/09/02 19:40:56 $"
++CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $"
+
+ #
+ # certdata.txt
+@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_N
+ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
++#
++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++#
++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
++CKA_SUBJECT MULTILINE_OCTAL
++\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
++\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
++\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
++\162\151\143\150\051
++END
++CKA_ID UTF8 "0"
++CKA_ISSUER MULTILINE_OCTAL
++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
++\141\154\040\122\157\157\164
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_VALUE MULTILINE_OCTAL
++\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
++\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
++\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
++\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
++\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
++\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
++\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
++\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
++\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
++\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
++\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
++\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
++\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
++\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
++\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
++\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
++\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
++\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
++\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
++\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
++\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
++\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
++\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
++\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
++\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
++\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
++\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
++\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
++\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
++\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
++\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
++\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
++\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
++\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
++\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
++\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
++\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
++\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
++\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
++\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
++\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
++\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
++\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
++\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
++\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
++\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
++\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
++\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
++\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
++\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
++\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
++\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
++\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
++\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
++\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
++\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
++\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
++\131
++END
++
++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CERT_SHA1_HASH MULTILINE_OCTAL
++\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
++\214\071\131\117
++END
++CKA_CERT_MD5_HASH MULTILINE_OCTAL
++\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
++END
++CKA_ISSUER MULTILINE_OCTAL
++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
++\141\154\040\122\157\157\164
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
++#
++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++#
++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
++CKA_SUBJECT MULTILINE_OCTAL
++\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
++\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
++\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
++\105\156\162\151\143\150\051
++END
++CKA_ID UTF8 "0"
++CKA_ISSUER MULTILINE_OCTAL
++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
++\040\050\062\060\064\070\051
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_VALUE MULTILINE_OCTAL
++\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
++\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
++\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
++\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
++\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
++\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
++\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
++\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
++\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
++\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
++\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
++\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
++\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
++\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
++\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
++\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
++\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
++\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
++\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
++\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
++\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
++\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
++\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
++\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
++\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
++\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
++\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
++\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
++\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
++\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
++\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
++\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
++\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
++\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
++\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
++\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
++\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
++\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
++\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
++\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
++\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
++\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
++\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
++\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
++\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
++\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
++\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
++\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
++\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
++\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
++\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
++\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
++\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
++\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
++\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
++\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
++\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
++\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
++\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
++\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
++\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
++\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
++\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
++\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
++\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
++\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
++\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
++\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
++\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
++\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
++\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
++\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
++\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
++\355\020\342\305
++END
++
++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CERT_SHA1_HASH MULTILINE_OCTAL
++\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
++\005\155\061\046
++END
++CKA_CERT_MD5_HASH MULTILINE_OCTAL
++\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
++END
++CKA_ISSUER MULTILINE_OCTAL
++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
++\040\050\062\060\064\070\051
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
+--- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 16:30:05.063000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 08:11:58.000000000 -0700
+@@ -77,8 +77,8 @@
+ * of the comment in the CK_VERSION type definition.
+ */
+ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
+-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87
+-#define NSS_BUILTINS_LIBRARY_VERSION "1.87"
++#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88
++#define NSS_BUILTINS_LIBRARY_VERSION "1.88"
+
+ /* These version numbers detail the semantic changes to the ckfw engine. */
+ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
---- a/mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
-+++ b/mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
+--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
CORE_DEPTH = ../../..
--- /dev/null
+diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
+--- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-01-30 16:14:41.179494528 -0500
++++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-01-30 16:14:48.287424482 -0500
+@@ -338,7 +338,7 @@ typedef PRUint32 PK11AttrFlags;
+ #define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
+
+ #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
+-"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
++"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
+
+ #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
+ #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800
++++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800
+@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
+ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ PR_FALSE, /* enableFalseStart */
+- PR_TRUE /* cbcRandomIV */
++ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
+ };
+
+ sslSessionIDLookupFunc ssl_sid_lookup;
+@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
+ PR_TRUE));
+ }
+ ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+- if (ev && ev[0] == '0') {
+- ssl_defaults.cbcRandomIV = PR_FALSE;
+- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
++ if (ev && ev[0] == '1') {
++ ssl_defaults.cbcRandomIV = PR_TRUE;
++ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+ }
+ }
+ #endif /* NSS_HAVE_GETENV */
+++ /dev/null
-diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c
---- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig 2010-06-17 09:17:30.732643399 -0700
-+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-06-17 09:20:22.691642397 -0700
-@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_
- sysdb = getSystemDB();
- userdb = getUserDB();
-
-- /* Don't open root's user DB */
-+ /* return a list of databases to open. First the system database. */
-+ if (sysdb) {
-+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-+ module_list[next++] = PR_smprintf(
-+ "library= "
-+ "module=\"NSS system database\" "
-+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-+ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
-+ }
-+
-+ /* Next the user database, but not for root. */
- if (userdb != NULL && !userIsRoot()) {
-- /* return a list of databases to open. First the user Database */
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS User database\" "
-@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_
- userdb, stripped_parameters);
- }
-
--#if 0
-- /* This doesn't actually work. If we register
-- both this and the sysdb (in either order)
-- then only one of them actually shows up */
--
-- /* Using a NULL filename as a Boolean flag to
-- * prevent registering both an application-defined
-- * db and the system db. rhbz #546211.
-- */
-- PORT_Assert(filename);
-- if (sysdb && PL_CompareStrings(filename, sysdb))
-- filename = NULL;
-- else if (userdb && PL_CompareStrings(filename, userdb))
-- filename = NULL;
--
-- if (filename && !userIsRoot()) {
-- module_list[next++] = PR_smprintf(
-- "library= "
-- "module=\"NSS database\" "
-- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
-- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
-- }
--#endif
--
-- /* now the system database (always read only unless it's root) */
-- if (sysdb) {
-- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-- module_list[next++] = PR_smprintf(
-- "library= "
-- "module=\"NSS system database\" "
-- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
-- }
--
- /* that was the last module */
- module_list[next] = 0;
-
+++ /dev/null
-diff -up a/mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 b/mozilla/security/nss/lib/ckfw/pem/pinst.c
---- a/mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 2010-06-06 18:27:27.256318318 -0700
-+++ b/mozilla/security/nss/lib/ckfw/pem/pinst.c 2010-06-06 20:45:28.158442982 -0700
-@@ -151,7 +151,7 @@ GetCertFields(unsigned char *cert, int c
- buf = issuer->data + issuer->len;
-
- /* only wanted issuer/SN */
-- if (valid == NULL) {
-+ if (subject == NULL || valid == NULL || subjkey == NULL) {
- return SECSuccess;
- }
- /* validity */
-@@ -219,53 +219,93 @@ CreateObject(CK_OBJECT_CLASS objClass,
- memset(&o->u.trust, 0, sizeof(o->u.trust));
- break;
- }
-+
-+ o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
-+ if (o->nickname == NULL)
-+ goto fail;
-+ strcpy(o->nickname, nickname);
-+
-+ sprintf(id, "%d", objid);
-+ len = strlen(id) + 1; /* zero terminate */
-+ o->id.data = (void *) nss_ZAlloc(NULL, len);
-+ if (o->id.data == NULL)
-+ goto fail;
-+ (void) nsslibc_memcpy(o->id.data, id, len);
-+ o->id.size = len;
-+
- o->objClass = objClass;
- o->type = type;
- o->slotID = slotID;
-+
- o->derCert = nss_ZNEW(NULL, SECItem);
-+ if (o->derCert == NULL)
-+ goto fail;
- o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len);
-+ if (o->derCert->data == NULL)
-+ goto fail;
- o->derCert->len = certDER->len;
- nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len);
-
- switch (objClass) {
- case CKO_CERTIFICATE:
- case CKO_NETSCAPE_TRUST:
-- GetCertFields(o->derCert->data,
-- o->derCert->len, &issuer, &serial,
-- &derSN, &subject, &valid, &subjkey);
-+ if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len,
-+ &issuer, &serial, &derSN, &subject,
-+ &valid, &subjkey))
-+ goto fail;
-
- o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len);
-+ if (o->u.cert.subject.data == NULL)
-+ goto fail;
- o->u.cert.subject.size = subject.len;
- nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len);
-
- o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len);
-+ if (o->u.cert.issuer.data == NULL) {
-+ nss_ZFreeIf(o->u.cert.subject.data);
-+ goto fail;
-+ }
- o->u.cert.issuer.size = issuer.len;
- nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len);
-
- o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len);
-+ if (o->u.cert.serial.data == NULL) {
-+ nss_ZFreeIf(o->u.cert.issuer.data);
-+ nss_ZFreeIf(o->u.cert.subject.data);
-+ goto fail;
-+ }
- o->u.cert.serial.size = serial.len;
- nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len);
- break;
- case CKO_PRIVATE_KEY:
- o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem);
-+ if (o->u.key.key.privateKey == NULL)
-+ goto fail;
- o->u.key.key.privateKey->data =
- (void *) nss_ZAlloc(NULL, keyDER->len);
-+ if (o->u.key.key.privateKey->data == NULL) {
-+ nss_ZFreeIf(o->u.key.key.privateKey);
-+ goto fail;
-+ }
- o->u.key.key.privateKey->len = keyDER->len;
- nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data,
- keyDER->len);
- }
-
-- o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
-- strcpy(o->nickname, nickname);
--
-- sprintf(id, "%d", objid);
--
-- len = strlen(id) + 1; /* zero terminate */
-- o->id.data = (void *) nss_ZAlloc(NULL, len);
-- (void) nsslibc_memcpy(o->id.data, id, len);
-- o->id.size = len;
-
- return o;
-+
-+fail:
-+ if (o) {
-+ if (o->derCert) {
-+ nss_ZFreeIf(o->derCert->data);
-+ nss_ZFreeIf(o->derCert);
-+ }
-+ nss_ZFreeIf(o->id.data);
-+ nss_ZFreeIf(o->nickname);
-+ nss_ZFreeIf(o);
-+ }
-+ return NULL;
- }
-
- pemInternalObject *
-@@ -306,6 +346,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
- /* object not found, we need to create it */
- pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER,
- filename, objid, slotID);
-+ if (io == NULL)
-+ return NULL;
-
- io->gobjIndex = count;
-
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 ./mozilla/security/nss/lib/ckfw/pem/pinst.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 2011-12-12 09:38:51.839104295 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-12-12 09:44:40.437096761 -0800
+@@ -350,6 +350,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
+ if (io == NULL)
+ return NULL;
+
++ /* initialize pointers to functions */
++ pem_CreateMDObject(NULL, io, NULL);
++
+ io->gobjIndex = count;
+
+ /* add object to global array */
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 2010-11-25 10:49:27.000000000 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:16:58.752726964 -0700
+@@ -1179,6 +1179,7 @@ pem_CreateObject
+ return (NSSCKMDObject *) NULL;
+
+ certDER.len = 0; /* in case there is no equivalent cert */
++ certDER.data = NULL;
+
+ objid = -1;
+ for (i = 0; i < pem_nobjs; i++) {
--- /dev/null
+--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800
++++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700
+@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
+ size += PEM_ITEM_CHUNK;
+ }
+ gobj[count] = io;
+ count++;
+ pem_nobjs++;
+
+ io->refCount ++;
+ return io;
+ }
+
+ CK_RV
+ AddCertificate(char *certfile, char *keyfile, PRBool cacert,
+ CK_SLOT_ID slotID)
+ {
+ pemInternalObject *o;
+- SECItem certDER;
+ CK_RV error = 0;
+ int objid, i;
+ int nobjs = 0;
+ SECItem **objs = NULL;
+ char *ivstring = NULL;
+ int cipher;
+
+- certDER.data = NULL;
+ nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs <= 0) {
+ nss_ZFreeIf(objs);
+ return CKR_GENERAL_ERROR;
+ }
+
+ /* For now load as many certs as are in the file for CAs only */
+ if (cacert) {
+ for (i = 0; i < nobjs; i++) {
+ char nickname[1024];
+ objid = pem_nobjs + 1;
+
+ snprintf(nickname, 1024, "%s - %d", certfile, i);
+
+ o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
+@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
+ loser:
+ nss_ZFreeIf(objs);
+ nss_ZFreeIf(o);
+ return error;
+ }
+
+ CK_RV
+ pem_Initialize
+ (
+ NSSCKMDInstance * mdInstance,
+ NSSCKFWInstance * fwInstance,
+ NSSUTF8 * configurationData
+ )
+ {
+ CK_RV rv;
+- /* parse the initialization string and initialize CRLInstances */
++ /* parse the initialization string */
+ char **certstrings = NULL;
++ char *modparms = NULL;
+ PRInt32 numcerts = 0;
+ PRBool status, error = PR_FALSE;
+ int i;
++ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
++
++ if (!fwInstance) return CKR_ARGUMENTS_BAD;
++
++ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
++ if (modArgs &&
++ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
++ return CKR_CANT_LOCK;
++ }
+
+ if (pemInitialized) {
+ return CKR_OK;
+ }
++
+ RNG_RNGInit();
+
+ open_log();
+
+ plog("pem_Initialize\n");
+
+- unsigned char *modparms = NULL;
+- if (!fwInstance) {
+- return CKR_ARGUMENTS_BAD;
+- }
+-
+- CK_C_INITIALIZE_ARGS_PTR modArgs =
+- NSSCKFWInstance_GetInitArgs(fwInstance);
+ if (!modArgs || !modArgs->LibraryParameters) {
+ goto done;
+ }
+- modparms = (unsigned char *) modArgs->LibraryParameters;
++ modparms = (char *) modArgs->LibraryParameters;
+ plog("Initialized with %s\n", modparms);
+
+ /*
+ * The initialization string format is a space-delimited file of
+ * pairs of paths which are delimited by a semi-colon. The first
+ * entry of the pair is the path to the certificate file. The
+ * second is the path to the key file.
+ *
+ * CA certificates do not need the semi-colon.
+ *
+ * Example:
+ * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
+ *
+ */
+ status =
+- pem_ParseString((const char *) modparms, ' ', &numcerts,
++ pem_ParseString(modparms, ' ', &numcerts,
+ &certstrings);
+ if (status == PR_FALSE) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ for (i = 0; i < numcerts && error != PR_TRUE; i++) {
+ char *cert = certstrings[i];
+ PRInt32 attrcount = 0;
+ char **certattrs = NULL;
+ status = pem_ParseString(cert, ';', &attrcount, &certattrs);
+ if (status == PR_FALSE) {
+ error = PR_TRUE;
+ break;
+ }
+
+++ /dev/null
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
---- a/mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700
-+++ b/mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700
-@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
- PR_FALSE, /* noLocks */
- PR_FALSE, /* enableSessionTickets */
- PR_FALSE, /* enableDeflate */
-- 2, /* enableRenegotiation (default: requires extension) */
-+ 3, /* enableRenegotiation (default: transitional) */
- PR_FALSE, /* requireSafeNegotiation */
- PR_FALSE, /* enableFalseStart */
- };
--- /dev/null
+diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c
+--- mozilla/security/nss/lib/ssl/sslsock.c.transitional 2011-10-06 10:37:47.156659000 -0700
++++ mozilla/security/nss/lib/ssl/sslsock.c 2011-10-06 10:38:32.276704000 -0700
+@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = {
+ PR_FALSE, /* noLocks */
+ PR_FALSE, /* enableSessionTickets */
+ PR_FALSE, /* enableDeflate */
+- 2, /* enableRenegotiation (default: requires extension) */
++ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ PR_FALSE, /* enableFalseStart */
+ PR_TRUE /* cbcRandomIV */
projects / people / amarx / ipfire-3.x.git / commitdiff
