Bug 801218: Upgrade NSS from NSS_3_14_BETA1 to NSS_3_14_RC1.
authorWan-Teh Chang <wtc@google.com>
Thu, 18 Oct 2012 11:41:08 -0700
changeset 110686 783cece761300125a18fe62da5d0174f7a24a2c6
parent 110685 f1bdc236456d6e1c0b53628641cb4a88c7ab4c34
child 110687 e796f2c1121a7f4318a7ecb7ba5fbadd10c36dfe
push id16680
push userwtc@google.com
push dateThu, 18 Oct 2012 18:41:15 +0000
treeherdermozilla-inbound@783cece76130 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs801218
milestone19.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 801218: Upgrade NSS from NSS_3_14_BETA1 to NSS_3_14_RC1.
security/coreconf/coreconf.dep
security/nss/COPYING
security/nss/TAG-INFO
security/nss/TAG-INFO-CKBI
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
security/nss/cmd/bltest/tests/aes_cts/ciphertext0
security/nss/cmd/bltest/tests/aes_cts/ciphertext1
security/nss/cmd/bltest/tests/aes_cts/ciphertext2
security/nss/cmd/bltest/tests/aes_cts/ciphertext3
security/nss/cmd/bltest/tests/aes_cts/ciphertext4
security/nss/cmd/bltest/tests/aes_cts/ciphertext5
security/nss/cmd/bltest/tests/aes_cts/iv0
security/nss/cmd/bltest/tests/aes_cts/iv1
security/nss/cmd/bltest/tests/aes_cts/iv2
security/nss/cmd/bltest/tests/aes_cts/iv3
security/nss/cmd/bltest/tests/aes_cts/iv4
security/nss/cmd/bltest/tests/aes_cts/iv5
security/nss/cmd/bltest/tests/aes_cts/key0
security/nss/cmd/bltest/tests/aes_cts/key1
security/nss/cmd/bltest/tests/aes_cts/key2
security/nss/cmd/bltest/tests/aes_cts/key3
security/nss/cmd/bltest/tests/aes_cts/key4
security/nss/cmd/bltest/tests/aes_cts/key5
security/nss/cmd/bltest/tests/aes_cts/mktst.sh
security/nss/cmd/bltest/tests/aes_cts/numtests
security/nss/cmd/bltest/tests/aes_cts/plaintext0
security/nss/cmd/bltest/tests/aes_cts/plaintext1
security/nss/cmd/bltest/tests/aes_cts/plaintext2
security/nss/cmd/bltest/tests/aes_cts/plaintext3
security/nss/cmd/bltest/tests/aes_cts/plaintext4
security/nss/cmd/bltest/tests/aes_cts/plaintext5
security/nss/lib/ckfw/builtins/certdata.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/cts.c
security/nss/lib/freebl/gcm.c
security/nss/lib/freebl/pqg.c
security/nss/lib/nss/nss.h
security/nss/lib/nss/nssinit.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/pkcs11i.h
security/nss/lib/softoken/softkver.h
security/nss/lib/util/nssutil.h
security/nss/lib/util/pkcs11t.h
security/nss/lib/util/utilmod.c
security/nss/tests/cipher/performance.sh
security/nss/tests/lowhash/lowhash.sh
security/patches/README
security/patches/bug-797572
--- a/security/coreconf/coreconf.dep
+++ b/security/coreconf/coreconf.dep
@@ -1,12 +1,13 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * A dummy header file that is a dependency for all the object files.
- * Used to force a full recompilation of NSS in Mozilla's Tinderbox
- * depend builds.  See comments in rules.mk.
- */
-
-#error "Do not include this header file."
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * A dummy header file that is a dependency for all the object files.
+ * Used to force a full recompilation of NSS in Mozilla's Tinderbox
+ * depend builds.  See comments in rules.mk.
+ */
+
+#error "Do not include this header file."
+
new file mode 100644
--- /dev/null
+++ b/security/nss/COPYING
@@ -0,0 +1,403 @@
+NSS is available under the Mozilla Public License, version 2, a copy of which
+is below.
+
+Note on GPL Compatibility
+-------------------------
+
+The MPL 2, section 3.3, permits you to combine NSS with code under the GNU
+General Public License (GPL) version 2, or any later version of that
+license, to make a Larger Work, and distribute the result under the GPL.
+The only condition is that you must also make NSS, and any changes you
+have made to it, available to recipients under the terms of the MPL 2 also.
+
+Anyone who receives the combined code from you does not have to continue
+to dual licence in this way, and may, if they wish, distribute under the
+terms of either of the two licences - either the MPL alone or the GPL
+alone. However, we discourage people from distributing copies of NSS under
+the GPL alone, because it means that any improvements they make cannot be
+reincorporated into the main version of NSS. There is never a need to do
+this for license compatibility reasons.
+
+Note on LGPL Compatibility
+--------------------------
+
+The above also applies to combining MPLed code in a single library with
+code under the GNU Lesser General Public License (LGPL) version 2.1, or
+any later version of that license. If the LGPLed code and the MPLed code
+are not in the same library, then the copyleft coverage of the two
+licences does not overlap, so no issues arise.
+
+
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in 
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_14_BETA1
+NSS_3_14_RC1
--- a/security/nss/TAG-INFO-CKBI
+++ b/security/nss/TAG-INFO-CKBI
@@ -1,1 +1,1 @@
-NSS_3_14_BETA1
+NSS_3_14_RC1
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -2180,16 +2180,17 @@ dsaOp(bltestCipherInfo *cipherInfo)
                                             &cipherInfo->input.pBuf);
                         CHECKERROR(rv, __LINE__);
                     }
                     cipherInfo->repetitions += j;
                 }
             }
             TIMEFINISH(cipherInfo->optime, 1.0);
         }
+	cipherInfo->output.buf.len = cipherInfo->output.pBuf.len;
         bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, 
                      &cipherInfo->output);
     } else {
         TIMESTART();
         rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
                               &cipherInfo->params.dsa.sig.buf,
                               &cipherInfo->input.pBuf);
         TIMEFINISH(cipherInfo->optime, 1.0);
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
@@ -0,0 +1,47 @@
+# Raeburn                     Standards Track                    [Page 12]
+# 
+# RFC 3962             AES Encryption for Kerberos 5         February 2005
+# 
+# Some test vectors for CBC with ciphertext stealing, using an initial
+# vector of all-zero.
+#
+# Original Test vectors were for AES CTS-3 (Kerberos). These test vectors have been modified for AES CTS-1 (NIST)
+#
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext0
@@ -0,0 +1,1 @@
+l8Y1NWjyv4y02KWANi2n/38=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext1
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/l/AB4Pg79ssHURdTI7/ftIg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext2
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9ag=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext3
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9bP//ZQMFqGMG1VJ0vg4Ap4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext4
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext5
@@ -0,0 +1,2 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
+SAfv6DbuiaUmcw28L3vIQA==
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4bdfab8333086af48b9ece6d1f9db9aa9a07cdff
GIT binary patch
literal 34
dc${NkKm~jZ$4pH#KJD+>a${+OneOuc^#Dwl2^|0c
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..3e8c8e9e6b97306f58059d6807b665465bc3bc64
GIT binary patch
literal 34
ec${NkKm~jZe;6w4`2KD>c*XU~iTB^%DggjZ*a_(X
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..b4bbc2e76fb0ee149bce3609e147cae594ccf0d4
GIT binary patch
literal 34
dc${NkKm~jZmWHaz%iEH!?yEn2X2$EUD*!$l2^jzY
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c065e8362dc47e875113249f9a575f490363087a
GIT binary patch
literal 34
dc${NkKm~jZoB#iv!Xvh@M>^E=(hm!!c>qgx2mAm4
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..ba11a0ec02ff240e50a83121b4c2b60eed06e3a3
GIT binary patch
literal 34
ec${NkKm~jZbJuq7o_6Hy0qcXz4;N0^eFFeigbFSI
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..213a4bd3c7541d93cdc6bd0427ca28cc3cb2c062
GIT binary patch
literal 34
dc${NkKm~jZ9_;U5n7!*<s#eUqN5A@n0{}x72b%x@
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key0
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key1
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key2
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key3
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key4
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key5
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/mktst.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+for i in 0 1 2 3 4 5
+do
+    file="aes_cts_$i.txt"
+    grep "Key" $file | sed -e 's;Key:;;' | hex > key$i
+    grep "IV"  $file | sed -e 's;IV:;;' | hex > iv$i
+    grep "Input"  $file | sed -e 's;Input:;;' | hex  > plaintext$i
+    grep "Output"  $file | sed -e 's;Output:;;' | hex | btoa > ciphertext$i
+done
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/numtests
@@ -0,0 +1,1 @@
+6
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext0
@@ -0,0 +1,1 @@
+I would like the 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext1
@@ -0,0 +1,1 @@
+I would like the General Gau's 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext2
@@ -0,0 +1,1 @@
+I would like the General Gau's C
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext3
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please,
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext4
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please, 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext5
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please, and wonton soup.
\ No newline at end of file
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -1,14 +1,14 @@
 /* THIS IS A GENERATED FILE */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $";
 #endif /* DEBUG */
 
 #ifndef BUILTINS_H
 #include "builtins.h"
 #endif /* BUILTINS_H */
 
 static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_BBOOL ck_true = CK_TRUE;
@@ -1079,25 +1079,43 @@ static const CK_ATTRIBUTE_TYPE nss_built
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_352 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_353 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 };
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_354 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_355 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_356 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_357 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_358 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_359 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CVS ID", (PRUint32)7 },
   { (void *)"NSS", (PRUint32)4 },
-  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $", (PRUint32)160 }
+  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $", (PRUint32)160 }
 };
 #endif /* DEBUG */
 static const NSSItem nss_builtins_items_1 [] = {
   { (void *)&cko_nss_builtin_root_list, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Mozilla Builtin Roots", (PRUint32)22 }
@@ -23602,16 +23620,402 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)80 },
   { (void *)"\002\001\002"
 , (PRUint32)3 },
   { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
 };
+static const NSSItem nss_builtins_items_354 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", (PRUint32)55 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)"\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001"
+"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060"
+"\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234"
+"\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156"
+"\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172"
+"\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261"
+"\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122"
+"\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162"
+"\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122"
+"\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154"
+"\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305"
+"\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040"
+"\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056"
+"\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060"
+"\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061"
+"\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071"
+"\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124"
+"\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162"
+"\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110"
+"\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143"
+"\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002"
+"\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153"
+"\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303"
+"\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304"
+"\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154"
+"\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237"
+"\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305"
+"\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062"
+"\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367"
+"\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002"
+"\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357"
+"\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077"
+"\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130"
+"\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352"
+"\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132"
+"\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006"
+"\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217"
+"\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302"
+"\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206"
+"\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177"
+"\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044"
+"\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217"
+"\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050"
+"\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371"
+"\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114"
+"\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252"
+"\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006"
+"\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344"
+"\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003"
+"\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003"
+"\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006"
+"\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001"
+"\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121"
+"\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026"
+"\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050"
+"\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017"
+"\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210"
+"\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153"
+"\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374"
+"\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271"
+"\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330"
+"\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265"
+"\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032"
+"\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325"
+"\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277"
+"\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031"
+"\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146"
+"\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071"
+"\175"
+, (PRUint32)1089 }
+};
+static const NSSItem nss_builtins_items_355 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", (PRUint32)55 },
+  { (void *)"\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020"
+"\210\331\140\063"
+, (PRUint32)20 },
+  { (void *)"\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162"
+, (PRUint32)16 },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_356 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"T-TeleSec GlobalRoot Class 3", (PRUint32)29 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)"\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001"
+"\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060"
+"\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061"
+"\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164"
+"\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123"
+"\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035"
+"\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163"
+"\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060"
+"\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145"
+"\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141"
+"\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060"
+"\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065"
+"\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006"
+"\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124"
+"\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162"
+"\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142"
+"\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171"
+"\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164"
+"\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124"
+"\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157"
+"\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006"
+"\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017"
+"\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042"
+"\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315"
+"\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366"
+"\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053"
+"\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077"
+"\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104"
+"\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373"
+"\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270"
+"\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042"
+"\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206"
+"\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271"
+"\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221"
+"\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223"
+"\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114"
+"\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067"
+"\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137"
+"\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243"
+"\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060"
+"\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004"
+"\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265"
+"\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277"
+"\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013"
+"\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262"
+"\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115"
+"\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035"
+"\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131"
+"\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262"
+"\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312"
+"\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364"
+"\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223"
+"\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076"
+"\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323"
+"\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157"
+"\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011"
+"\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245"
+"\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032"
+"\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202"
+"\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051"
+"\116\223\303\244\124\024\133"
+, (PRUint32)967 }
+};
+static const NSSItem nss_builtins_items_357 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"T-TeleSec GlobalRoot Class 3", (PRUint32)29 },
+  { (void *)"\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276"
+"\021\343\201\321"
+, (PRUint32)20 },
+  { (void *)"\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357"
+, (PRUint32)16 },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_358 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"EE Certification Centre Root CA", (PRUint32)32 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161"
+"\346\112"
+, (PRUint32)18 },
+  { (void *)"\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124"
+"\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060"
+"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165"
+"\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060"
+"\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151"
+"\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165"
+"\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103"
+"\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156"
+"\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006"
+"\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100"
+"\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063"
+"\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062"
+"\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006"
+"\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004"
+"\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145"
+"\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046"
+"\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146"
+"\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122"
+"\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206"
+"\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145"
+"\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001"
+"\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001"
+"\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373"
+"\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062"
+"\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114"
+"\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303"
+"\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316"
+"\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123"
+"\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174"
+"\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060"
+"\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247"
+"\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125"
+"\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335"
+"\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176"
+"\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352"
+"\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104"
+"\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203"
+"\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241"
+"\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003"
+"\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006"
+"\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006"
+"\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277"
+"\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003"
+"\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003"
+"\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001"
+"\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006"
+"\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005"
+"\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005"
+"\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267"
+"\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216"
+"\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225"
+"\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257"
+"\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120"
+"\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006"
+"\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274"
+"\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032"
+"\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156"
+"\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134"
+"\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072"
+"\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026"
+"\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123"
+"\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356"
+"\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357"
+"\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220"
+"\307\314\165\301\226\305\235"
+, (PRUint32)1031 }
+};
+static const NSSItem nss_builtins_items_359 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"EE Certification Centre Root CA", (PRUint32)32 },
+  { (void *)"\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303"
+"\173\047\314\327"
+, (PRUint32)20 },
+  { (void *)"\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157"
+, (PRUint32)16 },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161"
+"\346\112"
+, (PRUint32)18 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
 
 builtinsInternalObject
 nss_builtins_data[] = {
 #ifdef DEBUG
   { 7, nss_builtins_types_0, nss_builtins_items_0, {NULL} },
 #endif /* DEBUG */
   { 5, nss_builtins_types_1, nss_builtins_items_1, {NULL} },
   { 11, nss_builtins_types_2, nss_builtins_items_2, {NULL} },
@@ -23960,16 +24364,22 @@ nss_builtins_data[] = {
   { 13, nss_builtins_types_345, nss_builtins_items_345, {NULL} },
   { 11, nss_builtins_types_346, nss_builtins_items_346, {NULL} },
   { 13, nss_builtins_types_347, nss_builtins_items_347, {NULL} },
   { 11, nss_builtins_types_348, nss_builtins_items_348, {NULL} },
   { 13, nss_builtins_types_349, nss_builtins_items_349, {NULL} },
   { 11, nss_builtins_types_350, nss_builtins_items_350, {NULL} },
   { 13, nss_builtins_types_351, nss_builtins_items_351, {NULL} },
   { 11, nss_builtins_types_352, nss_builtins_items_352, {NULL} },
-  { 13, nss_builtins_types_353, nss_builtins_items_353, {NULL} }
+  { 13, nss_builtins_types_353, nss_builtins_items_353, {NULL} },
+  { 11, nss_builtins_types_354, nss_builtins_items_354, {NULL} },
+  { 13, nss_builtins_types_355, nss_builtins_items_355, {NULL} },
+  { 11, nss_builtins_types_356, nss_builtins_items_356, {NULL} },
+  { 13, nss_builtins_types_357, nss_builtins_items_357, {NULL} },
+  { 11, nss_builtins_types_358, nss_builtins_items_358, {NULL} },
+  { 13, nss_builtins_types_359, nss_builtins_items_359, {NULL} }
 };
 const PRUint32
 #ifdef DEBUG
-  nss_builtins_nObjects = 353+1;
+  nss_builtins_nObjects = 359+1;
 #else
-  nss_builtins_nObjects = 353;
+  nss_builtins_nObjects = 359;
 #endif /* DEBUG */
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -1,13 +1,13 @@
 # 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.85 $ $Date: 2012/06/28 13:50:18 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.86 $ $Date: 2012/10/18 16:26:52 $"
 
 #
 # certdata.txt
 #
 # This file contains the object definitions for the certs and other
 # information "built into" NSS.
 #
 # Object definitions:
@@ -24417,8 +24417,466 @@ CKA_ISSUER MULTILINE_OCTAL
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\002
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+#
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234
+\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156
+\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060
+\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061
+\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071
+\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124
+\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162
+\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110
+\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143
+\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002
+\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153
+\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303
+\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304
+\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154
+\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237
+\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305
+\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062
+\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357
+\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077
+\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130
+\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352
+\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132
+\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006
+\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217
+\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302
+\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206
+\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177
+\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044
+\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217
+\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050
+\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371
+\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114
+\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252
+\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344
+\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121
+\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026
+\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050
+\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017
+\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210
+\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153
+\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374
+\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271
+\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330
+\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265
+\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032
+\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325
+\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277
+\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031
+\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146
+\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071
+\175
+END
+
+# Trust for "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020
+\210\331\140\063
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "T-TeleSec GlobalRoot Class 3"
+#
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164
+\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123
+\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
+\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060
+\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145
+\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141
+\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060
+\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065
+\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124
+\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162
+\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142
+\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171
+\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164
+\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124
+\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157
+\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042
+\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315
+\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366
+\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053
+\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077
+\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104
+\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373
+\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270
+\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042
+\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206
+\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271
+\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221
+\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223
+\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114
+\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067
+\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137
+\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265
+\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277
+\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262
+\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115
+\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035
+\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131
+\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262
+\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312
+\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364
+\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223
+\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076
+\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323
+\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157
+\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011
+\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245
+\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032
+\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202
+\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051
+\116\223\303\244\124\024\133
+END
+
+# Trust for "T-TeleSec GlobalRoot Class 3"
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276
+\021\343\201\321
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "EE Certification Centre Root CA"
+#
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124
+\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165
+\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060
+\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151
+\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165
+\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156
+\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006
+\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100
+\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063
+\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062
+\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006
+\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004
+\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145
+\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046
+\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122
+\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206
+\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373
+\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062
+\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114
+\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303
+\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316
+\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123
+\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174
+\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060
+\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247
+\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125
+\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335
+\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176
+\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352
+\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104
+\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203
+\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241
+\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277
+\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003
+\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003
+\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006
+\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005
+\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267
+\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216
+\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225
+\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257
+\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120
+\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006
+\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274
+\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032
+\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156
+\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134
+\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072
+\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026
+\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123
+\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356
+\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357
+\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220
+\307\314\165\301\226\305\235
+END
+
+# Trust for "EE Certification Centre Root CA"
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303
+\173\047\314\327
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -40,18 +40,18 @@
  *     ...
  *   - NSS 3.29 branch: 250-255
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 91
-#define NSS_BUILTINS_LIBRARY_VERSION "1.91"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 92
+#define NSS_BUILTINS_LIBRARY_VERSION "1.92"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1,15 +1,15 @@
 /*
  * crypto.h - public data structures and prototypes for the crypto library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: blapi.h,v 1.48 2012/06/28 17:55:05 rrelyea%redhat.com Exp $ */
+/* $Id: blapi.h,v 1.49 2012/10/11 00:10:26 rrelyea%redhat.com Exp $ */
 
 #ifndef _BLAPI_H_
 #define _BLAPI_H_
 
 #include "blapit.h"
 #include "hasht.h"
 #include "alghmac.h"
 
@@ -1267,16 +1267,20 @@ PQG_ParamGenSeedLen(
  * match the table below or an error will result:
  *
  *  L            N
  * 1024         160
  * 2048         224
  * 2048         256
  * 3072         256
  *
+ * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
+ * pick a default value (typically the smallest secure value for these
+ * variables).
+ *
  * The verify parameters will conform to FIPS186-3 using the smallest 
  * permissible hash for the key strength.
  */
 extern SECStatus
 PQG_ParamGenV2(
              unsigned int L, 	     /* input : determines length of P. */
              unsigned int N, 	     /* input : determines length of Q. */
 	     unsigned int seedBytes, /* input : length of seed in bytes.*/
--- a/security/nss/lib/freebl/cts.c
+++ b/security/nss/lib/freebl/cts.c
@@ -110,17 +110,17 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
 	return SECFailure;
     }
     fullblocks = (inlen/blocksize)*blocksize;
     rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
 	 fullblocks, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(*outlen == fullblocks);
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
     inbuf += fullblocks;
     inlen -= fullblocks;
     if (inlen == 0) {
 	return SECSuccess;
     }
     written = *outlen - (blocksize - inlen);
     outbuf += written;
     maxout -= written;
@@ -135,17 +135,16 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
      * we decrypt (at the cost of some complexity as you can see in decrypt
      * below */
     PORT_Memcpy(lastBlock, inbuf, inlen);
     PORT_Memset(lastBlock + inlen, 0, blocksize - inlen);
     rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock,
 			blocksize, blocksize);
     PORT_Memset(lastBlock, 0, blocksize);
     if (rv == SECSuccess) {
-	PORT_Assert(tmp == blocksize);
 	*outlen = written + blocksize;
     }
     return rv;
 }
 
 
 #define XOR_BLOCK(x,y,count) for(i=0; i < count; i++) x[i] = x[i] ^ y[i]
 
@@ -203,42 +202,42 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
 
     fullblocks = (inlen/blocksize)*blocksize;
 
     /* even though we expect the input to be CS-1, CS-2 is easier to parse,
      * so convert to CS-2 immediately. NOTE: this is the same code as in
      * the comment for encrypt. NOTE2: since we can't modify inbuf unless
      * inbuf and outbuf overlap, just copy inbuf to outbuf and modify it there
      */
-    pad = blocksize + (inlen - fullblocks);
-    if (pad != blocksize) {
+    pad = inlen - fullblocks;
+    if (pad != 0) {
 	if (inbuf != outbuf) {
 	    memcpy(outbuf, inbuf, inlen);
 	    /* keep the names so we logically know how we are using the
 	     * buffers */
 	    inbuf = outbuf;
 	}
-	memcpy(lastBlock,        inbuf+inlen-blocksize-pad, blocksize);
+	memcpy(lastBlock, inbuf+inlen-blocksize, blocksize);
 	/* we know inbuf == outbuf now, inbuf is declared const and can't
 	 * be the target, so use outbuf for the target here */
-	memcpy(outbuf+inlen-blocksize-pad, inbuf+inlen-pad, pad);
-	memcpy(outbuf+inlen-blocksize,     lastBlock,       blocksize);
+	memcpy(outbuf+inlen-pad, inbuf+inlen-blocksize-pad, pad);
+	memcpy(outbuf+inlen-blocksize-pad, lastBlock, blocksize);
     }
     /* save the previous to last block so we can undo the misordered
      * chaining */
     tmp =  (fullblocks < blocksize*2) ? cts->iv :
 			inbuf+fullblocks-blocksize*2;
     PORT_Memcpy(Cn_2, tmp, blocksize);
     PORT_Memcpy(Cn, inbuf+fullblocks-blocksize, blocksize);
     rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
 	 fullblocks, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(*outlen == fullblocks);
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
     inbuf += fullblocks;
     inlen -= fullblocks;
     if (inlen == 0) {
 	return SECSuccess;
     }
     outbuf += fullblocks;
     maxout -= fullblocks;
 
@@ -270,26 +269,25 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
 
     /* make up for the out of order CBC decryption */
     XOR_BLOCK(lastBlock, Cn_2, blocksize);
     XOR_BLOCK(lastBlock, Pn, blocksize);
     /* last buf now has Pn || Cn-1**, copy out Pn */
     PORT_Memcpy(outbuf, lastBlock, inlen);
     *outlen += inlen;
     /* copy Cn-1* into last buf to recover Cn-1 */
-    PORT_Memcpy(lastBlock, Cn-1, inlen);
+    PORT_Memcpy(lastBlock, Cn_1, inlen);
     /* note: because Cn and Cn-1 were out of order, our pointer to Pn also
      * points to where Pn-1 needs to reside. From here on out read Pn in
      * the code as really Pn-1. */
     rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock,
 	 blocksize, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(tmpLen == blocksize);
     /* make up for the out of order CBC decryption */
     XOR_BLOCK(Pn, Cn_2, blocksize);
     XOR_BLOCK(Pn, Cn, blocksize);
     /* reset iv to Cn  */
     PORT_Memcpy(cts->iv, Cn, blocksize);
     /* This makes Cn the last block for the next decrypt operation, which
      * matches the encrypt. We don't care about the contexts of last block,
      * only the side effect of setting the internal IV */
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -128,18 +128,16 @@ struct gcmHashContextStr {
      unsigned int bufLen;
      int m; /* XXX what is m? */
      unsigned char counterBuf[2*GCM_HASH_LEN_LEN];
      PRUint64 cLen;
 };
 
 /* f = x^128 + x^7 + x^2 + x + 1 */
 static const unsigned int poly_128[] = { 128, 7, 2, 1, 0 };
-/* f = x^64 + x^4 + x^3 + x + 1 */
-static const unsigned int poly_64[] = { 64, 4, 3, 1, 0 };
 
 /* sigh, GCM defines the bit strings exactly backwards from everything else */
 static void
 gcm_reverse(unsigned char *target, const unsigned char *src,
 							unsigned int blocksize)
 {
     unsigned int i;
     for (i=0; i < blocksize; i++) {
@@ -162,24 +160,21 @@ gcmHash_InitContext(gcmHashContext *ghas
     CHECK_MPI_OK( mp_init(&ghash->X) );
     CHECK_MPI_OK( mp_init(&ghash->C_i) );
 
     mp_zero(&ghash->X);
     gcm_reverse(H_rev, H, blocksize);
     CHECK_MPI_OK( mp_read_unsigned_octets(&ghash->H, H_rev, blocksize) );
 
     /* set the irreducible polynomial. Each blocksize has its own polynomial.
-     * for now only blocksizes 16 (=128 bits) and 8 (=64 bits) are defined */
+     * for now only blocksize 16 (=128 bits) is defined */
     switch (blocksize) {
     case 16: /* 128 bits */
 	ghash->poly = poly_128;
 	break;
-    case 8: /* 64 bits */
-	ghash->poly = poly_64;
-	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	goto cleanup;
     }
     ghash->cLen = 0;
     ghash->bufLen = 0;
     ghash->m = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -342,25 +337,22 @@ gcm_longs_to_bytes(const unsigned long *
 static SECStatus
 gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
 		    unsigned int blocksize)
 {
     PORT_Memset(ghash->X, 0, sizeof(ghash->X));
     PORT_Memset(ghash->H, 0, sizeof(ghash->H));
     gcm_bytes_to_longs(ghash->H, H, blocksize);
 
-    /* set the irreducible polynomial. Each blocksize has it's own polynommial
-     * for now only blocksizes 16 (=128 bits) and 8 (=64 bits) are defined */
+    /* set the irreducible polynomial. Each blocksize has its own polynommial
+     * for now only blocksize 16 (=128 bits) is defined */
     switch (blocksize) {
     case 16: /* 128 bits */
 	ghash->R = (unsigned long) 0x87; /* x^7 + x^2 + x +1 */
 	break;
-    case 8: /* 64 bits */
-	ghash->R = (unsigned long) 0x1b; /* x^4 + x^3 + x + 1 */
-	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	goto cleanup;
     }
     ghash->cLen = 0;
     ghash->bufLen = 0;
     ghash->m = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -608,17 +600,17 @@ GCM_CreateContext(void *context, freeblC
 		  const unsigned char *params, unsigned int blocksize)
 {
     GCMContext *gcm = NULL;
     gcmHashContext *ghash;
     unsigned char H[MAX_BLOCK_SIZE];
     unsigned int tmp;
     PRBool freeCtr = PR_FALSE;
     PRBool freeHash = PR_FALSE;
-    const CK_AES_GCM_PARAMS *gcmParams = (const CK_AES_GCM_PARAMS *)params;
+    const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     CK_AES_CTR_PARAMS ctrParams;
     SECStatus rv;
 
     if (blocksize > MAX_BLOCK_SIZE || blocksize > sizeof(ctrParams.cb)) {
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	return NULL;
     }
     gcm = PORT_ZNew(GCMContext);
@@ -636,20 +628,17 @@ GCM_CreateContext(void *context, freeblC
     if (rv != SECSuccess) {
 	goto loser;
     }
     freeHash = PR_TRUE;
 
     /* fill in the Counter context */
     ctrParams.ulCounterBits = 32;
     PORT_Memset(ctrParams.cb, 0, sizeof(ctrParams.cb));
-    if ((blocksize == 8) && (gcmParams->ulIvLen == 4)) {
-	ctrParams.cb[3] = 1;
-	PORT_Memcpy(&ctrParams.cb[4], gcmParams->pIv, gcmParams->ulIvLen);
-    } else if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
+    if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
 	PORT_Memcpy(ctrParams.cb, gcmParams->pIv, gcmParams->ulIvLen);
 	ctrParams.cb[blocksize-1] = 1;
     } else {
 	rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen,
 			    blocksize);
 	if (rv != SECSuccess) {
 	    goto loser;
 	}
--- a/security/nss/lib/freebl/pqg.c
+++ b/security/nss/lib/freebl/pqg.c
@@ -1,16 +1,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * PQG parameter generation/verification.  Based on FIPS 186-3.
  *
- * $Id: pqg.c,v 1.23 2012/09/25 23:38:38 wtc%google.com Exp $
+ * $Id: pqg.c,v 1.25 2012/10/11 00:18:23 rrelyea%redhat.com Exp $
  */
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 
 #include "prerr.h"
 #include "secerr.h"
 
@@ -68,17 +68,17 @@ int prime_testcount_q(int L, int N)
     return prime_testcount_p(L,N);
 }
 
 /*
  * generic function to make sure our input matches DSA2 requirements 
  * this gives us one place to go if we need to bump the requirements in the
  * future.
  */
-SECStatus static
+static SECStatus
 pqg_validate_dsa2(unsigned int L, unsigned int N)
 {
 
     switch (L) {
     case 1024:
 	if (N != DSA1_Q_BITS) {
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    return SECFailure;
@@ -98,16 +98,37 @@ pqg_validate_dsa2(unsigned int L, unsign
 	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
     return SECSuccess;
 }
 
+static unsigned int
+pqg_get_default_N(unsigned int L)
+{
+    unsigned int N = 0;
+    switch (L) {
+    case 1024:
+	N = DSA1_Q_BITS;
+	break;
+    case 2048:
+	N = 224;
+	break;
+    case 3072:
+	N = 256;
+	break;
+    default:
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	break; /* N already set to zero */
+    }
+    return N;
+}
+
 /*
  * Select the lowest hash algorithm usable
  */
 static HASH_HashType
 getFirstHash(unsigned int L, unsigned int N)
 {
     if (N < 224) {
 	return HASH_AlgSHA1;
@@ -216,17 +237,17 @@ PQG_Check(const PQGParams *params)
 	int j;
 
 	/* handle DSA1 pqg parameters with less thatn 1024 bits*/
 	if ( N != DSA1_Q_BITS ) {
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    return SECFailure;
 	}
 	j = PQG_PBITS_TO_INDEX(L);
-	if ( j >= 0 && j <= 8 ) {
+	if ( j < 0 ) { 
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    rv = SECFailure;
 	}
     } else {
 	/* handle DSA2 parameters (includes DSA1, 1024 bits) */
 	rv = pqg_validate_dsa2(L, N);
     }
     return rv;
@@ -1218,17 +1239,20 @@ pqg_ParamGen(unsigned int L, unsigned in
     unsigned int  maxCount;
     HASH_HashType hashtype;
     SECItem      *seed;     /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
     PRArenaPool  *arena  = NULL;
     PQGParams    *params = NULL;
     PQGVerify    *verify = NULL;
     PRBool passed;
     SECItem hit = { 0, 0, 0 };
-    mp_int P, Q, G, H, l;
+    SECItem firstseed = { 0, 0, 0 };
+    SECItem qseed = { 0, 0, 0 };
+    SECItem pseed = { 0, 0, 0 };
+    mp_int P, Q, G, H, l, p0;
     mp_err    err = MP_OKAY;
     SECStatus rv  = SECFailure;
     int iterations = 0;
 
 
     /* Step 1. L and N already checked by caller*/
     /* Step 2. if (seedlen < N) return INVALID; */
     if (seedBytes < N/BITS_PER_BYTE || !pParams || !pVfy) {
@@ -1266,21 +1290,23 @@ pqg_ParamGen(unsigned int L, unsigned in
     seed = &verify->seed;
     arena = NULL;
     /* Initialize bignums */
     MP_DIGITS(&P) = 0;
     MP_DIGITS(&Q) = 0;
     MP_DIGITS(&G) = 0;
     MP_DIGITS(&H) = 0;
     MP_DIGITS(&l) = 0;
+    MP_DIGITS(&p0) = 0;
     CHECK_MPI_OK( mp_init(&P) );
     CHECK_MPI_OK( mp_init(&Q) );
     CHECK_MPI_OK( mp_init(&G) );
     CHECK_MPI_OK( mp_init(&H) );
     CHECK_MPI_OK( mp_init(&l) );
+    CHECK_MPI_OK( mp_init(&p0) );
 
     /* Select Hash and Compute lengths. */
     /* getFirstHash gives us the smallest acceptable hash for this key
      * strength */
     hashtype = getFirstHash(L,N);
     outlen = HASH_ResultLen(hashtype)*BITS_PER_BYTE;
 
     /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
@@ -1309,21 +1335,58 @@ step_5:
     ** Step 7. (Step 3 in 186-1)
     ** "Form Q from U by setting the most signficant bit (the 2**159 bit) 
     **  and the least signficant bit to 1.  In terms of boolean operations,
     **  Q = U OR 2**159 OR 1.  Note that 2**159 < Q < 2**160. (186-1)"
     **
     ** "q = 2**(N-1) + U + 1 - (U mod 2) (186-3)
     **
     ** Note: Both formulations are the same for U < 2**(N-1) and N=160
+    **
+    ** If using Shawe-Taylor, We do the entire A.1.2.1.2 setps in the block
+    ** FIPS186_3_ST_TYPE. 
     */
     if (type == FIPS186_1_TYPE) {
 	CHECK_SEC_OK( makeQfromSeed(seedlen, seed, &Q) );
+    } else if (type == FIPS186_3_TYPE) {
+	CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
     } else {
-	CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
+	/* FIPS186_3_ST_TYPE */
+	int qgen_counter, pgen_counter;
+
+        /* Step 1 (L,N) already checked for acceptability */
+
+	firstseed = *seed;
+	qgen_counter = 0;
+	/* Step 2. Use N and firstseed to  generate random prime q
+	 * using Apendix C.6 */
+	CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q,
+		&qseed, &qgen_counter) );
+	/* Step 3. Use floor(L/2+1) and qseed to generate random prime p0
+	 * using Appendix C.6 */
+	pgen_counter = 0;
+	CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, (L+1)/2+1,
+			&qseed, &p0, &pseed, &pgen_counter) );
+	/* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
+	CHECK_SEC_OK( makePrimefromPrimesShaweTaylor(hashtype, L, 
+		&p0, &Q, &P, &pseed, &pgen_counter) );
+
+	/* combine all the seeds */
+	seed->len = firstseed.len +qseed.len + pseed.len;
+	seed->data = PORT_ArenaZAlloc(verify->arena, seed->len);
+	if (seed->data == NULL) {
+	    goto cleanup;
+	}
+	PORT_Memcpy(seed->data, firstseed.data, firstseed.len);
+	PORT_Memcpy(seed->data+firstseed.len, pseed.data, pseed.len);
+	PORT_Memcpy(seed->data+firstseed.len+pseed.len, qseed.data, qseed.len);
+	counter = 0 ; /* (qgen_counter << 16) | pgen_counter; */
+
+	/* we've generated both P and Q now, skip to generating G */
+	goto generate_G;
     }
     /* ******************************************************************
     ** Step 8. (Step 4 in 186-1)
     ** "Use a robust primality testing algorithm to test whether q is prime."
     **
     ** Appendix 2.1 states that a Rabin test with at least 50 iterations
     ** "will give an acceptable probability of error."
     */
@@ -1398,16 +1461,18 @@ step_11_9:
     /* ******************************************************************
     ** Step 12.  "goto step 5."
     **
     ** NOTE: if counter <= maxCount, then we exited the loop at Step 11.8
     ** and now need to return p,q, seed, and counter.
     */
     if (counter > maxCount) 
 	     goto step_5;
+
+generate_G:
     /* ******************************************************************
     ** returning p, q, seed and counter
     */
     if (type == FIPS186_1_TYPE) {
 	/* Generate g, This is called the "Unverifiable Generation of g
 	 * in FIPA186-3 Appedix A.2.1. For compatibility we maintain
 	 * this version of the code */
 	SECITEM_AllocItem(NULL, &hit, L/8); /* h is no longer than p */
@@ -1430,21 +1495,28 @@ step_11_9:
     /* All generation is done.  Now, save the PQG params.  */
     MPINT_TO_SECITEM(&P, &params->prime,    params->arena);
     MPINT_TO_SECITEM(&Q, &params->subPrime, params->arena);
     MPINT_TO_SECITEM(&G, &params->base,     params->arena);
     verify->counter = counter;
     *pParams = params;
     *pVfy = verify;
 cleanup:
+    if (pseed.data) {
+	PORT_Free(pseed.data);
+    }
+    if (qseed.data) {
+	PORT_Free(qseed.data);
+    }
     mp_clear(&P);
     mp_clear(&Q);
     mp_clear(&G);
     mp_clear(&H);
     mp_clear(&l);
+    mp_clear(&p0);
     if (err) {
 	MP_TO_SEC_ERROR(err);
 	rv = SECFailure;
     }
     if (rv) {
 	PORT_FreeArena(params->arena, PR_TRUE);
 	PORT_FreeArena(verify->arena, PR_TRUE);
     }
@@ -1484,21 +1556,28 @@ PQG_ParamGenSeedLen(unsigned int j, unsi
     return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
                         pParams, pVfy);
 }
 
 SECStatus
 PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
                     PQGParams **pParams, PQGVerify **pVfy)
 {
+    if (N == 0) {
+	N = pqg_get_default_N(L);
+    }
+    if (seedBytes == 0) {
+	/* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
+	seedBytes = N/8;
+    }
     if (pqg_validate_dsa2(L,N) != SECSuccess) {
 	/* error code already set */
 	return SECFailure;
     }
-    return pqg_ParamGen(L, N, FIPS186_3_TYPE, seedBytes, pParams, pVfy);
+    return pqg_ParamGen(L, N, FIPS186_3_ST_TYPE, seedBytes, pParams, pVfy);
 }
 
 
 /*
  * verify can use vfy structures returned from either FIPS186-1 or
  * FIPS186-2, and can handle differences in selected Hash functions to
  * generate the parameters.
  */
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -1,15 +1,15 @@
 /*
  * NSS utility functions
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nss.h,v 1.97 2012/09/21 21:58:44 wtc%google.com Exp $ */
+/* $Id: nss.h,v 1.99 2012/10/18 16:54:44 kaie%kuix.de Exp $ */
 
 #ifndef __nss_h_
 #define __nss_h_
 
 /* The private macro _NSS_ECC_STRING is for NSS internal use only. */
 #ifdef NSS_ENABLE_ECC
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
 #define _NSS_ECC_STRING " Extended ECC"
@@ -29,22 +29,22 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.14.0.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION  "3.14.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   14
 #define NSS_VPATCH   0
-#define NSS_VBUILD   0
-#define NSS_BETA     PR_TRUE
+#define NSS_VBUILD   1
+#define NSS_BETA     PR_FALSE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
 
 /*
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@@ -1,15 +1,15 @@
 /*
  * NSS utility functions
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nssinit.c,v 1.118 2012/09/21 21:58:44 wtc%google.com Exp $ */
+/* $Id: nssinit.c,v 1.119 2012/10/09 18:22:46 emaldona%redhat.com Exp $ */
 
 #include <ctype.h>
 #include <string.h>
 #include "seccomon.h"
 #include "prerror.h"
 #include "prinit.h"
 #include "prprf.h"
 #include "prmem.h"
@@ -631,25 +631,29 @@ nss_Init(const char *configdir, const ch
 	    passwordRequired = initParams->passwordRequired;
 	}
     } else {
 	configStrings = pk11_config_strings;
 	configName = pk11_config_name;
 	passwordRequired = pk11_password_required;
     }
 
-    /* we always try to initialize the modules */
-    rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
+    /* Skip the module init if we are already initted and we are trying
+     * to init with not noCertDB and noModDB */
+    if (!(isReallyInitted && noCertDB && noModDB)) {
+	/* we always try to initialize the modules */
+	rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
 		updateDir, updCertPrefix, updKeyPrefix, updateID, 
 		updateName, configName, configStrings, passwordRequired,
 		readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, 
 		(initContextPtr != NULL));
 
-    if (rv != SECSuccess) {
-	goto loser;
+	if (rv != SECSuccess) {
+	    goto loser;
+	}
     }
 
 
     /* finish up initialization */
     if (!isReallyInitted) {
 	if (SECOID_Init() != SECSuccess) {
 	    goto loser;
 	}
@@ -912,16 +916,22 @@ nss_GetShutdownEntry(NSS_ShutdownFunc sF
 /*
  * register a callback to be called when NSS shuts down
  */
 SECStatus
 NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
 {
     int i;
 
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
+
     PZ_Lock(nssInitLock);
     if (!NSS_IsInitialized()) {
 	PZ_Unlock(nssInitLock);
 	PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
 	return SECFailure;
     }
     PZ_Unlock(nssInitLock);
     if (sFunc == NULL) {
@@ -970,16 +980,21 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
 /*
  * unregister a callback so it won't get called on shutdown.
  */
 SECStatus
 NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
 {
     int i;
 
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
     PZ_Lock(nssInitLock);
     if (!NSS_IsInitialized()) {
 	PZ_Unlock(nssInitLock);
 	PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
 	return SECFailure;
     }
     PZ_Unlock(nssInitLock);
 
@@ -1108,16 +1123,21 @@ nss_Shutdown(void)
     }
     return shutdownRV;
 }
 
 SECStatus
 NSS_Shutdown(void)
 {
     SECStatus rv;
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
     PZ_Lock(nssInitLock);
 
     if (!nssIsInitted) {
 	PZ_Unlock(nssInitLock);
 	PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
 	return SECFailure;
     }
 
@@ -1160,16 +1180,21 @@ nss_RemoveList(NSSInitContext *context) 
  * This is different than NSS_Shutdown, where calling it will shutdown NSS
  * irreguardless of who else may have NSS open.
  */
 SECStatus
 NSS_ShutdownContext(NSSInitContext *context)
 {
     SECStatus rv = SECSuccess;
 
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
     PZ_Lock(nssInitLock);
     /* If one or more threads are in the middle of init, wait for them
      * to complete */
     while (nssIsInInit) {
 	PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT);
     }
 
     /* OK, we are the only thread now either initializing or shutting down */
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -420,22 +420,24 @@ sftk_InitGeneric(SFTKSession *session,SF
     /* allocate the context structure */
     context = (SFTKSessionContext *)PORT_Alloc(sizeof(SFTKSessionContext));
     if (context == NULL) {
 	if (key) sftk_FreeObject(key);
 	return CKR_HOST_MEMORY;
     }
     context->type = ctype;
     context->multi = PR_TRUE;
+    context->rsa = PR_FALSE;
     context->cipherInfo = NULL;
     context->hashInfo = NULL;
     context->doPad = PR_FALSE;
     context->padDataLength = 0;
     context->key = key;
     context->blockSize = 0;
+    context->maxLen = 0;
 
     *contextPtr = context;
     return CKR_OK;
 }
 
 static int
 sftk_aes_mode(CK_MECHANISM_TYPE mechanism)
 {
@@ -502,16 +504,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
     switch(pMechanism->mechanism) {
     case CKM_RSA_PKCS:
     case CKM_RSA_X_509:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	context->multi = PR_FALSE;
+	context->rsa = PR_TRUE;
 	if (isEncrypt) {
 	    NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key,CKK_RSA,&crv);
 	    if (pubKey == NULL) {
 		break;
 	    }
 	    context->maxLen = nsslowkey_PublicModulusLen(pubKey);
 	    context->cipherInfo =  (void *)pubKey;
 	    context->update = (SFTKCipher) 
@@ -767,16 +770,19 @@ finish_des:
 	context->doPad = PR_TRUE;
 	/* fall thru */
     case CKM_AES_ECB:
     case CKM_AES_CBC:
 	context->blockSize = 16;
     case CKM_AES_CTS:
     case CKM_AES_CTR:
     case CKM_AES_GCM:
+	if (pMechanism->mechanism == CKM_AES_GCM) {
+	    context->multi = PR_FALSE;
+	}
 	if (key_type != CKK_AES) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	att = sftk_FindAttribute(key,CKA_VALUE);
 	if (att == NULL) {
 	    crv = CKR_KEY_HANDLE_INVALID;
 	    break;
@@ -997,18 +1003,18 @@ CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSe
 
     CHECK_FORK();
 
     /* make sure we're legal */
     crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_FALSE,&session);
     if (crv != CKR_OK) return crv;
 
     if (!pEncryptedData) {
-	*pulEncryptedDataLen = context->multi ? 
-		ulDataLen + 2 * context->blockSize : context->maxLen;
+	*pulEncryptedDataLen = context->rsa ? context->maxLen :
+		ulDataLen + 2 * context->blockSize;
 	goto finish;
     }
 
     if (context->doPad) {
 	if (context->multi) {
 	    CK_ULONG finalLen;
 	    /* padding is fairly complicated, have the update and final 
 	     * code deal with it */
@@ -2010,16 +2016,17 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
 	goto finish_rsa;
     case CKM_RSA_X_509:
 	context->update = (SFTKCipher)  RSA_SignRaw;
 finish_rsa:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
+	context->rsa = PR_TRUE;
 	privKey = sftk_GetPrivKey(key,CKK_RSA,&crv);
 	if (privKey == NULL) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	/* OK, info is allocated only if we're doing hash and sign mechanism.
 	 * It's necessary to be able to set the correct OID in the final 
 	 * signature.
@@ -2034,16 +2041,17 @@ finish_rsa:
 	}
 	context->maxLen = nsslowkey_PrivateModulusLen(privKey);
 	break;
     case CKM_RSA_PKCS_PSS:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	} 
+	context->rsa = PR_TRUE;
 	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) {
 	    crv = CKR_MECHANISM_PARAM_INVALID;
 	    break;
 	}
 	info = PORT_New(SFTKHashSignInfo);
 	if (info == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
@@ -2527,16 +2535,17 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
     case CKM_RSA_X_509:
 	context->verify = (SFTKVerify) RSA_CheckSignRaw;
 finish_rsa:
 	if (key_type != CKK_RSA) {
 	    if (info) PORT_Free(info);
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
+	context->rsa = PR_TRUE;
 	pubKey = sftk_GetPubKey(key,CKK_RSA,&crv);
 	if (pubKey == NULL) {
 	    if (info) PORT_Free(info);
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	if (info) {
 	    info->key = pubKey;
@@ -2547,16 +2556,17 @@ finish_rsa:
 	    context->destroy = sftk_Null;
 	}
 	break;
     case CKM_RSA_PKCS_PSS:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	} 
+	context->rsa = PR_TRUE;
 	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) {
 	    crv = CKR_MECHANISM_PARAM_INVALID;
 	    break;
 	}
 	info = PORT_New(SFTKHashVerifyInfo);
 	if (info == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
@@ -2776,16 +2786,17 @@ CK_RV NSC_VerifyRecoverInit(CK_SESSION_H
     switch(pMechanism->mechanism) {
     case CKM_RSA_PKCS:
     case CKM_RSA_X_509:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	context->multi = PR_FALSE;
+	context->rsa = PR_TRUE;
 	pubKey = sftk_GetPubKey(key,CKK_RSA,&crv);
 	if (pubKey == NULL) {
 	    break;
 	}
 	context->cipherInfo = pubKey;
 	context->update = (SFTKCipher) (pMechanism->mechanism == CKM_RSA_X_509
 			? RSA_CheckSignRecoverRaw : RSA_CheckSignRecover);
 	context->destroy = sftk_Null;
--- a/security/nss/lib/softoken/pkcs11i.h
+++ b/security/nss/lib/softoken/pkcs11i.h
@@ -244,16 +244,17 @@ typedef enum {
  *      multi=1 hashInfo=0   block (symmetric) cipher MACing
  *      multi=1 hashInfo=X   PKC S/V with prior hashing
  *      multi=0 hashInfo=0   PKC S/V one shot (w/o hashing)
  *      multi=0 hashInfo=X   *** shouldn't happen ***
  */
 struct SFTKSessionContextStr {
     SFTKContextType	type;
     PRBool		multi; 		/* is multipart */
+    PRBool		rsa; 		/* is rsa */
     PRBool		doPad; 		/* use PKCS padding for block ciphers */
     unsigned int	blockSize; 	/* blocksize for padding */
     unsigned int	padDataLength; 	/* length of the valid data in padbuf */
     /** latest incomplete block of data for block cipher */
     unsigned char	padBuf[SFTK_MAX_BLOCK_SIZE];
     /** result of MAC'ing of latest full block of data with block cipher */
     unsigned char	macBuf[SFTK_MAX_BLOCK_SIZE];
     CK_ULONG		macSize;	/* size of a general block cipher mac*/
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.14.0.0" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION  "3.14.0.1" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   14
 #define SOFTOKEN_VPATCH   0
-#define SOFTOKEN_VBUILD   0
-#define SOFTOKEN_BETA     PR_TRUE
+#define SOFTOKEN_VBUILD   1
+#define SOFTOKEN_BETA     PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,22 +14,22 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.14.0.0 Beta"
+#define NSSUTIL_VERSION  "3.14.0.1"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   14
 #define NSSUTIL_VPATCH   0
-#define NSSUTIL_VBUILD   0
-#define NSSUTIL_BETA     PR_TRUE
+#define NSSUTIL_VBUILD   1
+#define NSSUTIL_BETA     PR_FALSE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */
 extern const char *NSSUTIL_GetVersion(void);
 
--- a/security/nss/lib/util/pkcs11t.h
+++ b/security/nss/lib/util/pkcs11t.h
@@ -1490,43 +1490,46 @@ typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS C
 typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
   CK_BYTE      iv[16];
   CK_BYTE_PTR  pData;
   CK_ULONG     length;
 } CK_AES_CBC_ENCRYPT_DATA_PARAMS;
 
 typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
 
+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
 typedef struct CK_AES_CTR_PARAMS {
   CK_ULONG     ulCounterBits;
   CK_BYTE      cb[16];
 } CK_AES_CTR_PARAMS;
 
 typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
 
-typedef struct CK_AES_GCM_PARAMS {
+/* CK_GCM_PARAMS is new for version 2.30 */
+typedef struct CK_GCM_PARAMS {
   CK_BYTE_PTR  pIv;
   CK_ULONG     ulIvLen;
   CK_BYTE_PTR  pAAD;
   CK_ULONG     ulAADLen;
   CK_ULONG     ulTagBits;
-} CK_AES_GCM_PARAMS;
+} CK_GCM_PARAMS;
 
-typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR;
+typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
 
-typedef struct CK_AES_CCM_PARAMS {
+/* CK_CCM_PARAMS is new for version 2.30 */
+typedef struct CK_CCM_PARAMS {
   CK_ULONG     ulDataLen;
   CK_BYTE_PTR  pNonce;
   CK_ULONG     ulNonceLen;
   CK_BYTE_PTR  pAAD;
   CK_ULONG     ulAADLen;
   CK_ULONG     ulMACLen;
-} CK_AES_CCM_PARAMS;
+} CK_CCM_PARAMS;
 
-typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR;
+typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
 
 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
  * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
 typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
   CK_ULONG      ulPasswordLen;
   CK_BYTE_PTR   pPassword;
   CK_ULONG      ulPublicDataLen;
--- a/security/nss/lib/util/utilmod.c
+++ b/security/nss/lib/util/utilmod.c
@@ -13,17 +13,18 @@
  *
  * Each SFTKDBHandle points to a low level database handle (SDB). This handle
  * represents the underlying physical database. These objects are not 
  * reference counted, and are 'owned' by their respective SFTKDBHandles.
  */
 
 #include "prprf.h" 
 #include "prsystem.h"
-#include "lgglue.h"
+#include "pkcs11t.h"
+#include "secitem.h"
 #include "utilpars.h" 
 #include "secerr.h"
 #if defined (_WIN32)
 #include <io.h>
 #endif
 
 /****************************************************************
  *
--- a/security/nss/tests/cipher/performance.sh
+++ b/security/nss/tests/cipher/performance.sh
@@ -99,16 +99,17 @@ if [ $TESTSET = "all" -o $TESTSET = "dsa
 
 while read mode keysize bufsize reps cxreps
 do
     if [ $mode != "#" ]; then
 	echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
 	${BINDIR}/bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${DSAPERFOUT}
 	mv "tmp.in.0" "$mode.in"
 	mv tmp.key $mode.key
+	rm -f $mode.out
 	echo "bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
 	${BINDIR}/bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
 	echo "bltest -V -m $mode -f ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -i ${CIPHERDIR}/$mode.in -o ${CIPHERDIR}/$mode.out"
 	${BINDIR}/bltest -V -m $mode -f ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -i ${CIPHERDIR}/$mode.in -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
     fi
 done < ${DSATESTS} 
 
 echo "<TABLE BORDER=1><TR><TH COLSPAN=6>DSA Cipher Performance</TH></TR>" >> ${PERFRESULTS}
new file mode 100644
--- /dev/null
+++ b/security/nss/tests/lowhash/lowhash.sh
@@ -0,0 +1,92 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+# mozilla/security/nss/tests/lowhash/lowhash.sh
+#
+# Script to test basic functionallity of the NSSLoHash API
+#
+# included from 
+# --------------
+#   all.sh
+#
+# needs to work on all Linux platforms
+#
+# tests implemented:
+# lowash (verify encryption cert - bugzilla bug 119059)
+#
+# special strings
+# ---------------
+#
+########################################################################
+
+errors=0
+
+############################## lowhash_init ##############################
+# local shell function to initialize this script 
+########################################################################
+lowhash_init()
+{
+  SCRIPTNAME=lowhash.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  LOWHASHDIR=../lowhash
+  mkdir -p ${LOWHASHDIR}
+  html_head "Lowhash Tests"
+  cd ${LOWHASHDIR}
+}
+
+############################## lowhash_test ##############################
+# local shell function to test basic the NSS Low Hash API both in
+# FIPS 140 compliant mode and not
+########################################################################
+lowhash_test()
+{
+  if [ ! -f ${BINDIR}/lowhashtest -a  \
+       ! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then
+    echo "freebl lowhash not supported in this plaform."
+  else
+    TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+    OLD_MODE=`echo ${NSS_FIPS}`
+    for fips_mode in 0 1; do
+      echo "lowhashtest with fips mode=${mode}"
+      export NSS_FIPS=${fips_mode}
+      for TEST in ${TESTS}
+      do
+        echo "lowhashtest ${TEST}"
+        ${BINDIR}/lowhashtest ${TEST} 2>&1
+        RESULT=$?
+        html_msg ${RESULT} 0 "lowhashtest with fips mode=${mode} for ${TEST}"
+      done
+    done
+    export NSS_FIPS=${OLD_MODE}
+  fi
+}
+
+############################## lowhash_cleanup ############################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+lowhash_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+lowhash_init
+lowhash_test
+lowhash_cleanup
+echo "lowhash.sh done"
--- a/security/patches/README
+++ b/security/patches/README
@@ -1,5 +1,2 @@
 This directory contains patches that were added locally
 on top of the NSS release.
-
-bug-797572: Export SRTP functions from libssl, needed for WebRTC. This will be
-            included in the final NSS 3.14 release.
deleted file mode 100644
--- a/security/patches/bug-797572
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/security/nss/lib/ssl/ssl.def b/security/nss/lib/ssl/ssl.def
---- a/security/nss/lib/ssl/ssl.def
-+++ b/security/nss/lib/ssl/ssl.def
-@@ -146,11 +146,13 @@ SSL_AuthCertificateComplete;
- DTLS_GetHandshakeTimeout;
- DTLS_ImportFD;
- SSL_ExportKeyingMaterial;
- SSL_VersionRangeGet;
- SSL_VersionRangeGetDefault;
- SSL_VersionRangeGetSupported;
- SSL_VersionRangeSet;
- SSL_VersionRangeSetDefault;
-+SSL_GetSRTPCipher;
-+SSL_SetSRTPCiphers;
- ;+    local:
- ;+*;
- ;+};