fixup commit for branch 'MOZILLA_0_9_5_BRANCH' MOZILLA_0_9_5_BRANCH
authorcvs2hg
Tue, 25 Sep 2001 01:25:14 +0000
branchMOZILLA_0_9_5_BRANCH
changeset 2041 2c5ef66a9171f8be403caa8b5bdb158c1376dd3b
parent 1895 c1159073815c4ca5eecf088007836116efc08c22
child 13848 0e6ad866d6749bd60d5a621962a06ed2abc508c5
push idunknown
push userunknown
push dateunknown
fixup commit for branch 'MOZILLA_0_9_5_BRANCH'
dbm/include/Makefile.win
dbm/include/cdefs.h
dbm/include/mcom_db.h
dbm/tests/lots.c
security/nss/cmd/certutil/certutil.c
security/nss/lib/certhigh/certvfy.c
security/nss/lib/ckfw/builtins/certdata.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/pk11wrap/pk11db.c
security/nss/lib/pk11wrap/pk11kea.c
security/nss/lib/pk11wrap/pk11skey.c
security/nss/lib/pkcs12/p12d.c
security/nss/lib/softoken/keydb.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/private.h
security/nss/lib/util/secerr.h
security/nss/makefile.win
--- a/dbm/include/Makefile.win
+++ b/dbm/include/Makefile.win
@@ -42,22 +42,19 @@ DEPTH= ..\..
 MAKE_OBJ_TYPE=EXE
 !endif
 
 #//------------------------------------------------------------------------
 #//
 #// install headers
 #//
 #//------------------------------------------------------------------------
-INSTALL_DIR=$(XPDIST)\include
-INSTALL_FILE_LIST= nsres.h cdefs.h mcom_db.h ncompat.h winfile.h
+EXPORTS=nsres.h cdefs.h mcom_db.h ncompat.h winfile.h
 
 #//------------------------------------------------------------------------
 #//
 #// Include the common makefile rules
 #//
 #//------------------------------------------------------------------------
 include <$(DEPTH)/config/rules.mak>
 
 CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT
 
-export:: INSTALL_FILES
-
--- a/dbm/include/cdefs.h
+++ b/dbm/include/cdefs.h
@@ -1,29 +1,45 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: NPL 1.1/GPL 2.0/LGPL 2.1
  *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/NPL/
  *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
+ * The Initial Developer of the Original Code is 
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
  *
- * Contributor(s): 
- */
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the NPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the NPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
 
 /*
  * Copyright (c) 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
  * This code is derived from software contributed to Berkeley by
  * Berkeley Software Design, Inc.
  *
--- a/dbm/include/mcom_db.h
+++ b/dbm/include/mcom_db.h
@@ -1,29 +1,45 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: NPL 1.1/GPL 2.0/LGPL 2.1
  *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/NPL/
  *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
+ * The Initial Developer of the Original Code is 
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
  *
- * Contributor(s): 
- */
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the NPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the NPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
 
 /*- 
  * Copyright (c) 1990, 1993, 1994
  *	The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
--- a/dbm/tests/lots.c
+++ b/dbm/tests/lots.c
@@ -1,29 +1,45 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: NPL 1.1/GPL 2.0/LGPL 2.1
  *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/NPL/
  *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
+ * The Initial Developer of the Original Code is 
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
  *
- * Contributor(s): 
- */
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the NPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the NPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
 
 /* use sequental numbers printed to strings
  * to store lots and lots of entries in the
  * database.
  *
  * Start with 100 entries, put them and then
  * read them out.  Then delete the first
  * half and verify that all of the first half
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -964,16 +964,17 @@ ListModules(void)
 }
 
 static void 
 Usage(char *progName)
 {
 #define FPS fprintf(stderr, 
     FPS "Type %s -H for more detailed descriptions\n", progName);
     FPS "Usage:  %s -N [-d certdir] [-P dbprefix] [-f pwfile]\n", progName);
+    FPS "Usage:  %s -T [-d certdir] [-P dbprefix] [-h token-name] [-f pwfile]\n", progName);
     FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", 
     	progName);
     FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n"
 	"\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
         "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-1] [-2] [-3] [-4] [-5] [-6]\n",
 	progName);
     FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName);
     FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", 
@@ -1155,16 +1156,26 @@ static void LongUsage(char *progName)
     FPS "%-15s Create a new certificate database\n",
 	"-N");
     FPS "%-20s Cert database directory (default is ~/.netscape)\n",
 	"   -d certdir");
     FPS "%-20s Cert & Key database prefix\n",
 	"   -P dbprefix");
     FPS "\n");
 
+    FPS "%-15s Reset the Key database or token\n",
+	"-T");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+	"   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+	"   -P dbprefix");
+    FPS "%-20s Token to reset (default is internal)\n"
+	"   -h token-name");
+    FPS "\n");
+
     FPS "%-15s Generate a certificate request (stdout)\n",
 	"-R");
     FPS "%-20s Specify the subject name (using RFC1485)\n",
 	"   -s subject");
     FPS "%-20s Output the cert request to this file\n",
 	"   -o output-req");
     FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
 	"   -k key-type");
@@ -2031,25 +2042,27 @@ enum {
     cmd_GenKeyPair,
     cmd_PrintHelp,
     cmd_ListKeys,
     cmd_ListCerts,
     cmd_ModifyCertTrust,
     cmd_NewDBs,
     cmd_CertReq,
     cmd_CreateAndAddCert,
+    cmd_TokenReset,
     cmd_ListModules,
     cmd_CheckCertValidity,
     cmd_ChangePassword,
     cmd_Version
 };
 
 /*  Certutil options */
 enum {
-    opt_AddKeyUsageExt = 0,
+    opt_SSOPass = 0,
+    opt_AddKeyUsageExt,
     opt_AddBasicConstraintExt,
     opt_AddAuthorityKeyIDExt,
     opt_AddCRLDistPtsExt,
     opt_AddNSCertTypeExt,
     opt_AddExtKeyUsageExt,
     opt_ASCIIForIO,
     opt_ValidityTime,
     opt_IssuerName,
@@ -2089,24 +2102,26 @@ static secuCommandFlag certutil_commands
 	{ /* cmd_GenKeyPair          */  'G', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_PrintHelp           */  'H', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ListKeys            */  'K', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ListCerts           */  'L', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ModifyCertTrust     */  'M', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_NewDBs              */  'N', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CertReq             */  'R', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CreateAndAddCert    */  'S', PR_FALSE, 0, PR_FALSE },
+	{ /* cmd_TokenReset          */  'T', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ListModules         */  'U', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CheckCertValidity   */  'V', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ChangePassword      */  'W', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_Version             */  'Y', PR_FALSE, 0, PR_FALSE }
 };
 
 static secuCommandFlag certutil_options[] =
 {
+	{ /* opt_SSOPass             */  '0', PR_TRUE,  0, PR_FALSE },
 	{ /* opt_AddKeyUsageExt      */  '1', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddAuthorityKeyIDExt*/  '3', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddCRLDistPtsExt    */  '4', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddNSCertTypeExt    */  '5', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddExtKeyUsageExt   */  '6', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_ASCIIForIO          */  'a', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_ValidityTime        */  'b', PR_TRUE,  0, PR_FALSE },
@@ -2530,16 +2545,27 @@ main(int argc, char **argv)
 	                           certutil.options[opt_Trust].arg);
 	return !rv - 1;
     }
     /*  Change key db password (-W) (future - change pw to slot?)  */
     if (certutil.commands[cmd_ChangePassword].activated) {
 	rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
 	return !rv - 1;
     }
+    /*  Reset the a token */
+    if (certutil.commands[cmd_TokenReset].activated) {
+	char *sso_pass = "";
+
+	if (certutil.options[opt_SSOPass].activated) {
+	    sso_pass = certutil.options[opt_SSOPass].arg;
+ 	}
+	rv = PK11_ResetToken(slot,sso_pass);
+
+	return !rv - 1;
+    }
     /*  Check cert validity against current time (-V)  */
     if (certutil.commands[cmd_CheckCertValidity].activated) {
 	rv = ValidateCert(certHandle, name, 
 	                  certutil.options[opt_ValidityTime].arg,
 			  certutil.options[opt_Usage].arg,
 			  certutil.options[opt_VerifySig].activated,
 			  certutil.options[opt_DetailedInfo].activated);
 	return !rv - 1;
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -1551,25 +1551,46 @@ done:
 
 loser:
     return(NULL);
 }
 
 CERTCertList *
 CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage)
 {
-    CERTCertList *chain;
+    CERTCertList *chain = NULL;
+
+    if (NULL == cert) {
+        return NULL;
+    }
+    
+    cert = CERT_DupCertificate(cert);
+    if (NULL == cert) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    chain = CERT_NewCertList();
+    if (NULL == chain) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
 
-    if (cert != NULL) {
-	chain = CERT_NewCertList();
-	cert = CERT_DupCertificate(cert);
-	while (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) 
-	       != SECEqual) {
-	    CERT_AddCertToListTail(chain, cert);
-	    cert = CERT_FindCertIssuer(cert, time, usage);
+    while (cert != NULL) {
+	if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
+            /* return partial chain */
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return chain;
+        }
+
+	if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject)
+	    == SECEqual) {
+            /* return complete chain */
+	    return chain;
 	}
-	CERT_AddCertToListTail(chain, cert);
-	return chain;
+
+	cert = CERT_FindCertIssuer(cert, time, usage);
     }
-    return NULL;
+
+    /* return partial chain */
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+    return chain;
 }
-
-
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -585,16 +585,28 @@ static const CK_ATTRIBUTE_TYPE nss_built
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_178 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_179 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_180 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_181 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_182 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_183 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
+};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CVS ID", (PRUint32)7 },
   { (void *)"NSS", (PRUint32)4 },
@@ -9954,16 +9966,269 @@ static const NSSItem nss_builtins_items_
 "\066\332\335\131"
 , (PRUint32)20 },
   { (void *)"\245\273\012\243\320\307\124\025\130\336\153\122\020\121\272\050"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
+static const NSSItem nss_builtins_items_180 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
+"\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157"
+"\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155"
+"\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003"
+"\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156"
+"\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145"
+"\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162"
+"\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123"
+"\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171"
+, (PRUint32)189 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
+"\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157"
+"\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155"
+"\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003"
+"\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156"
+"\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145"
+"\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162"
+"\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123"
+"\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171"
+, (PRUint32)189 },
+  { (void *)"\070\233\021\074"
+, (PRUint32)4 },
+  { (void *)"\060\202\004\225\060\202\003\376\240\003\002\001\002\002\004\070"
+"\233\021\074\060\015\006\011\052\206\110\206\367\015\001\001\004"
+"\005\000\060\201\272\061\024\060\022\006\003\125\004\012\023\013"
+"\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075\006"
+"\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165\163"
+"\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151\156"
+"\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154"
+"\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043"
+"\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040"
+"\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151"
+"\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105\156"
+"\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162\145"
+"\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151\143"
+"\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060"
+"\036\027\015\060\060\060\062\060\064\061\067\062\060\060\060\132"
+"\027\015\062\060\060\062\060\064\061\067\065\060\060\060\132\060"
+"\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156\164"
+"\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125\004"
+"\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056\156"
+"\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157\162"
+"\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155\151"
+"\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003\125"
+"\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156\164"
+"\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145\144"
+"\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162\165"
+"\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123\145"
+"\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164\151"
+"\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060"
+"\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201"
+"\215\000\060\201\211\002\201\201\000\307\301\137\116\161\361\316"
+"\360\140\206\017\322\130\177\323\063\227\055\027\242\165\060\265"
+"\226\144\046\057\150\303\104\253\250\165\346\000\147\064\127\236"
+"\145\307\042\233\163\346\323\335\010\016\067\125\252\045\106\201"
+"\154\275\376\250\366\165\127\127\214\220\154\112\303\076\213\113"
+"\103\012\311\021\126\232\232\047\042\231\317\125\236\141\331\002"
+"\342\174\266\174\070\007\334\343\177\117\232\271\003\101\200\266"
+"\165\147\023\013\237\350\127\066\310\135\000\066\336\146\024\332"
+"\156\166\037\117\067\214\202\023\211\002\003\001\000\001\243\202"
+"\001\244\060\202\001\240\060\021\006\011\140\206\110\001\206\370"
+"\102\001\001\004\004\003\002\000\007\060\201\343\006\003\125\035"
+"\037\004\201\333\060\201\330\060\201\325\240\201\322\240\201\317"
+"\244\201\314\060\201\311\061\024\060\022\006\003\125\004\012\023"
+"\013\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075"
+"\006\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165"
+"\163\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151"
+"\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050"
+"\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060"
+"\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060"
+"\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155"
+"\151\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105"
+"\156\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162"
+"\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060"
+"\053\006\003\125\035\020\004\044\060\042\200\017\062\060\060\060"
+"\060\062\060\064\061\067\062\060\060\060\132\201\017\062\060\062"
+"\060\060\062\060\064\061\067\065\060\060\060\132\060\013\006\003"
+"\125\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043"
+"\004\030\060\026\200\024\313\154\300\153\343\273\076\313\374\042"
+"\234\376\373\213\222\234\260\362\156\042\060\035\006\003\125\035"
+"\016\004\026\004\024\313\154\300\153\343\273\076\313\374\042\234"
+"\376\373\213\222\234\260\362\156\042\060\014\006\003\125\035\023"
+"\004\005\060\003\001\001\377\060\035\006\011\052\206\110\206\366"
+"\175\007\101\000\004\020\060\016\033\010\126\065\056\060\072\064"
+"\056\060\003\002\004\220\060\015\006\011\052\206\110\206\367\015"
+"\001\001\004\005\000\003\201\201\000\142\333\201\221\316\310\232"
+"\167\102\057\354\275\047\243\123\017\120\033\352\116\222\360\251"
+"\257\251\240\272\110\141\313\357\311\006\357\037\325\364\356\337"
+"\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205"
+"\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021"
+"\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154"
+"\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124"
+"\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274"
+"\005\377\154\211\063\360\354\025\017"
+, (PRUint32)1177 }
+};
+static const NSSItem nss_builtins_items_181 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
+  { (void *)"\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366"
+"\045\072\110\223"
+, (PRUint32)20 },
+  { (void *)"\235\146\152\314\377\325\365\103\264\277\214\026\321\053\250\231"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
+static const NSSItem nss_builtins_items_182 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040"
+"\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165"
+"\164\150\157\162\151\164\171"
+, (PRUint32)183 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040"
+"\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165"
+"\164\150\157\162\151\164\171"
+, (PRUint32)183 },
+  { (void *)"\070\236\366\344"
+, (PRUint32)4 },
+  { (void *)"\060\202\004\203\060\202\003\354\240\003\002\001\002\002\004\070"
+"\236\366\344\060\015\006\011\052\206\110\206\367\015\001\001\004"
+"\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013"
+"\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006"
+"\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163"
+"\164\056\156\145\164\057\107\103\103\101\137\103\120\123\040\151"
+"\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050"
+"\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060"
+"\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060"
+"\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155"
+"\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105"
+"\156\164\162\165\163\164\056\156\145\164\040\103\154\151\145\156"
+"\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040"
+"\101\165\164\150\157\162\151\164\171\060\036\027\015\060\060\060"
+"\062\060\067\061\066\061\066\064\060\132\027\015\062\060\060\062"
+"\060\067\061\066\064\066\064\060\132\060\201\264\061\024\060\022"
+"\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156"
+"\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167"
+"\056\145\156\164\162\165\163\164\056\156\145\164\057\107\103\103"
+"\101\137\103\120\123\040\151\156\143\157\162\160\056\040\142\171"
+"\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151"
+"\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050"
+"\143\051\040\062\060\060\060\040\105\156\164\162\165\163\164\056"
+"\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006"
+"\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145"
+"\164\040\103\154\151\145\156\164\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
+"\005\000\003\201\215\000\060\201\211\002\201\201\000\223\164\264"
+"\266\344\305\113\326\241\150\177\142\325\354\367\121\127\263\162"
+"\112\230\365\320\211\311\255\143\315\115\065\121\152\204\324\255"
+"\311\150\171\157\270\353\021\333\207\256\134\044\121\023\361\124"
+"\045\204\257\051\053\237\343\200\342\331\313\335\306\105\111\064"
+"\210\220\136\001\227\357\352\123\246\335\374\301\336\113\052\045"
+"\344\351\065\372\125\005\006\345\211\172\352\244\021\127\073\374"
+"\174\075\066\315\147\065\155\244\251\045\131\275\146\365\371\047"
+"\344\225\147\326\077\222\200\136\362\064\175\053\205\002\003\001"
+"\000\001\243\202\001\236\060\202\001\232\060\021\006\011\140\206"
+"\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201\335"
+"\006\003\125\035\037\004\201\325\060\201\322\060\201\317\240\201"
+"\314\240\201\311\244\201\306\060\201\303\061\024\060\022\006\003"
+"\125\004\012\023\013\105\156\164\162\165\163\164\056\156\145\164"
+"\061\100\060\076\006\003\125\004\013\024\067\167\167\167\056\145"
+"\156\164\162\165\163\164\056\156\145\164\057\107\103\103\101\137"
+"\103\120\123\040\151\156\143\157\162\160\056\040\142\171\040\162"
+"\145\146\056\040\050\154\151\155\151\164\163\040\154\151\141\142"
+"\056\051\061\045\060\043\006\003\125\004\013\023\034\050\143\051"
+"\040\062\060\060\060\040\105\156\164\162\165\163\164\056\156\145"
+"\164\040\114\151\155\151\164\145\144\061\063\060\061\006\003\125"
+"\004\003\023\052\105\156\164\162\165\163\164\056\156\145\164\040"
+"\103\154\151\145\156\164\040\103\145\162\164\151\146\151\143\141"
+"\164\151\157\156\040\101\165\164\150\157\162\151\164\171\061\015"
+"\060\013\006\003\125\004\003\023\004\103\122\114\061\060\053\006"
+"\003\125\035\020\004\044\060\042\200\017\062\060\060\060\060\062"
+"\060\067\061\066\061\066\064\060\132\201\017\062\060\062\060\060"
+"\062\060\067\061\066\064\066\064\060\132\060\013\006\003\125\035"
+"\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030"
+"\060\026\200\024\204\213\164\375\305\215\300\377\047\155\040\067"
+"\105\174\376\055\316\272\323\175\060\035\006\003\125\035\016\004"
+"\026\004\024\204\213\164\375\305\215\300\377\047\155\040\067\105"
+"\174\376\055\316\272\323\175\060\014\006\003\125\035\023\004\005"
+"\060\003\001\001\377\060\035\006\011\052\206\110\206\366\175\007"
+"\101\000\004\020\060\016\033\010\126\065\056\060\072\064\056\060"
+"\003\002\004\220\060\015\006\011\052\206\110\206\367\015\001\001"
+"\004\005\000\003\201\201\000\116\157\065\200\073\321\212\365\016"
+"\247\040\313\055\145\125\320\222\364\347\204\265\006\046\203\022"
+"\204\013\254\073\262\104\356\275\317\100\333\040\016\272\156\024"
+"\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276"
+"\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277"
+"\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172"
+"\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103"
+"\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235"
+"\316\145\146\227\256\046\136"
+, (PRUint32)1159 }
+};
+static const NSSItem nss_builtins_items_183 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
+  { (void *)"\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266"
+"\266\360\277\163"
+, (PRUint32)20 },
+  { (void *)"\232\167\031\030\355\226\317\337\033\267\016\365\215\271\210\056"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
 
 PR_IMPLEMENT_DATA(const builtinsInternalObject)
 nss_builtins_data[] = {
 #ifdef DEBUG
   { 7, nss_builtins_types_0, nss_builtins_items_0 },
 #endif /* DEBUG */
   { 5, nss_builtins_types_1, nss_builtins_items_1 },
   { 11, nss_builtins_types_2, nss_builtins_items_2 },
@@ -10138,16 +10403,20 @@ nss_builtins_data[] = {
   { 10, nss_builtins_types_171, nss_builtins_items_171 },
   { 11, nss_builtins_types_172, nss_builtins_items_172 },
   { 10, nss_builtins_types_173, nss_builtins_items_173 },
   { 11, nss_builtins_types_174, nss_builtins_items_174 },
   { 10, nss_builtins_types_175, nss_builtins_items_175 },
   { 11, nss_builtins_types_176, nss_builtins_items_176 },
   { 10, nss_builtins_types_177, nss_builtins_items_177 },
   { 11, nss_builtins_types_178, nss_builtins_items_178 },
-  { 10, nss_builtins_types_179, nss_builtins_items_179 }
+  { 10, nss_builtins_types_179, nss_builtins_items_179 },
+  { 11, nss_builtins_types_180, nss_builtins_items_180 },
+  { 10, nss_builtins_types_181, nss_builtins_items_181 },
+  { 11, nss_builtins_types_182, nss_builtins_items_182 },
+  { 10, nss_builtins_types_183, nss_builtins_items_183 }
 };
 PR_IMPLEMENT_DATA(const PRUint32)
 #ifdef DEBUG
-  nss_builtins_nObjects = 179+1;
+  nss_builtins_nObjects = 183+1;
 #else
-  nss_builtins_nObjects = 179;
+  nss_builtins_nObjects = 183;
 #endif /* DEBUG */
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -10154,8 +10154,277 @@ CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \066\332\335\131
 END
 CKA_CERT_MD5_HASH MULTILINE_OCTAL
 \245\273\012\243\320\307\124\025\130\336\153\122\020\121\272\050
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "Entrust.net Global Secure Server CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Server CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125
+\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157
+\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155
+\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003
+\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156
+\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145
+\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162
+\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123
+\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125
+\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157
+\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155
+\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003
+\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156
+\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145
+\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162
+\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123
+\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\070\233\021\074
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\225\060\202\003\376\240\003\002\001\002\002\004\070
+\233\021\074\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\060\201\272\061\024\060\022\006\003\125\004\012\023\013
+\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075\006
+\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151\156
+\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154
+\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043
+\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040
+\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151
+\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105\156
+\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162\145
+\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060
+\036\027\015\060\060\060\062\060\064\061\067\062\060\060\060\132
+\027\015\062\060\060\062\060\064\061\067\065\060\060\060\132\060
+\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156\164
+\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125\004
+\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056\156
+\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157\162
+\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155\151
+\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003\125
+\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156\164
+\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145\144
+\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162\165
+\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123\145
+\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201
+\215\000\060\201\211\002\201\201\000\307\301\137\116\161\361\316
+\360\140\206\017\322\130\177\323\063\227\055\027\242\165\060\265
+\226\144\046\057\150\303\104\253\250\165\346\000\147\064\127\236
+\145\307\042\233\163\346\323\335\010\016\067\125\252\045\106\201
+\154\275\376\250\366\165\127\127\214\220\154\112\303\076\213\113
+\103\012\311\021\126\232\232\047\042\231\317\125\236\141\331\002
+\342\174\266\174\070\007\334\343\177\117\232\271\003\101\200\266
+\165\147\023\013\237\350\127\066\310\135\000\066\336\146\024\332
+\156\166\037\117\067\214\202\023\211\002\003\001\000\001\243\202
+\001\244\060\202\001\240\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\000\007\060\201\343\006\003\125\035
+\037\004\201\333\060\201\330\060\201\325\240\201\322\240\201\317
+\244\201\314\060\201\311\061\024\060\022\006\003\125\004\012\023
+\013\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075
+\006\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151
+\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050
+\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060
+\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060
+\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155
+\151\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105
+\156\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162
+\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060
+\053\006\003\125\035\020\004\044\060\042\200\017\062\060\060\060
+\060\062\060\064\061\067\062\060\060\060\132\201\017\062\060\062
+\060\060\062\060\064\061\067\065\060\060\060\132\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043
+\004\030\060\026\200\024\313\154\300\153\343\273\076\313\374\042
+\234\376\373\213\222\234\260\362\156\042\060\035\006\003\125\035
+\016\004\026\004\024\313\154\300\153\343\273\076\313\374\042\234
+\376\373\213\222\234\260\362\156\042\060\014\006\003\125\035\023
+\004\005\060\003\001\001\377\060\035\006\011\052\206\110\206\366
+\175\007\101\000\004\020\060\016\033\010\126\065\056\060\072\064
+\056\060\003\002\004\220\060\015\006\011\052\206\110\206\367\015
+\001\001\004\005\000\003\201\201\000\142\333\201\221\316\310\232
+\167\102\057\354\275\047\243\123\017\120\033\352\116\222\360\251
+\257\251\240\272\110\141\313\357\311\006\357\037\325\364\356\337
+\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205
+\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021
+\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154
+\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124
+\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274
+\005\377\154\211\063\360\354\025\017
+END
+
+# Trust for Certificate "Entrust.net Global Secure Server CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Server CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366
+\045\072\110\223
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\235\146\152\314\377\325\365\103\264\277\214\026\321\053\250\231
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "Entrust.net Global Secure Personal CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Personal CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\070\236\366\344
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\203\060\202\003\354\240\003\002\001\002\002\004\070
+\236\366\344\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013
+\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006
+\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\107\103\103\101\137\103\120\123\040\151
+\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050
+\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060
+\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060
+\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155
+\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105
+\156\164\162\165\163\164\056\156\145\164\040\103\154\151\145\156
+\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\036\027\015\060\060\060
+\062\060\067\061\066\061\066\064\060\132\027\015\062\060\060\062
+\060\067\061\066\064\066\064\060\132\060\201\264\061\024\060\022
+\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156
+\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167
+\056\145\156\164\162\165\163\164\056\156\145\164\057\107\103\103
+\101\137\103\120\123\040\151\156\143\157\162\160\056\040\142\171
+\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151
+\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050
+\143\051\040\062\060\060\060\040\105\156\164\162\165\163\164\056
+\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006
+\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145
+\164\040\103\154\151\145\156\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\223\164\264
+\266\344\305\113\326\241\150\177\142\325\354\367\121\127\263\162
+\112\230\365\320\211\311\255\143\315\115\065\121\152\204\324\255
+\311\150\171\157\270\353\021\333\207\256\134\044\121\023\361\124
+\045\204\257\051\053\237\343\200\342\331\313\335\306\105\111\064
+\210\220\136\001\227\357\352\123\246\335\374\301\336\113\052\045
+\344\351\065\372\125\005\006\345\211\172\352\244\021\127\073\374
+\174\075\066\315\147\065\155\244\251\045\131\275\146\365\371\047
+\344\225\147\326\077\222\200\136\362\064\175\053\205\002\003\001
+\000\001\243\202\001\236\060\202\001\232\060\021\006\011\140\206
+\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201\335
+\006\003\125\035\037\004\201\325\060\201\322\060\201\317\240\201
+\314\240\201\311\244\201\306\060\201\303\061\024\060\022\006\003
+\125\004\012\023\013\105\156\164\162\165\163\164\056\156\145\164
+\061\100\060\076\006\003\125\004\013\024\067\167\167\167\056\145
+\156\164\162\165\163\164\056\156\145\164\057\107\103\103\101\137
+\103\120\123\040\151\156\143\157\162\160\056\040\142\171\040\162
+\145\146\056\040\050\154\151\155\151\164\163\040\154\151\141\142
+\056\051\061\045\060\043\006\003\125\004\013\023\034\050\143\051
+\040\062\060\060\060\040\105\156\164\162\165\163\164\056\156\145
+\164\040\114\151\155\151\164\145\144\061\063\060\061\006\003\125
+\004\003\023\052\105\156\164\162\165\163\164\056\156\145\164\040
+\103\154\151\145\156\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\061\015
+\060\013\006\003\125\004\003\023\004\103\122\114\061\060\053\006
+\003\125\035\020\004\044\060\042\200\017\062\060\060\060\060\062
+\060\067\061\066\061\066\064\060\132\201\017\062\060\062\060\060
+\062\060\067\061\066\064\066\064\060\132\060\013\006\003\125\035
+\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030
+\060\026\200\024\204\213\164\375\305\215\300\377\047\155\040\067
+\105\174\376\055\316\272\323\175\060\035\006\003\125\035\016\004
+\026\004\024\204\213\164\375\305\215\300\377\047\155\040\067\105
+\174\376\055\316\272\323\175\060\014\006\003\125\035\023\004\005
+\060\003\001\001\377\060\035\006\011\052\206\110\206\366\175\007
+\101\000\004\020\060\016\033\010\126\065\056\060\072\064\056\060
+\003\002\004\220\060\015\006\011\052\206\110\206\367\015\001\001
+\004\005\000\003\201\201\000\116\157\065\200\073\321\212\365\016
+\247\040\313\055\145\125\320\222\364\347\204\265\006\046\203\022
+\204\013\254\073\262\104\356\275\317\100\333\040\016\272\156\024
+\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276
+\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277
+\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172
+\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103
+\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235
+\316\145\146\227\256\046\136
+END
+
+# Trust for Certificate "Entrust.net Global Secure Personal CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Personal CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266
+\266\360\277\163
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\232\167\031\030\355\226\317\337\033\267\016\365\215\271\210\056
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
--- a/security/nss/lib/pk11wrap/pk11db.c
+++ b/security/nss/lib/pk11wrap/pk11db.c
@@ -104,26 +104,27 @@ SECMODModuleList *SECMOD_NewModuleListEl
 	newModList->module = NULL;
     }
     return newModList;
 }
 
 static unsigned long internalFlags = SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|
 	SECMOD_RC2_FLAG| SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
 	SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|SECMOD_SSL_FLAG|
-	SECMOD_TLS_FLAG|SECMOD_AES_FLAG;
+	SECMOD_TLS_FLAG|SECMOD_AES_FLAG|SECMOD_DH_FLAG;
 
 /* create a Internal  module */
 SECMODModule *SECMOD_NewInternal(void) {
     SECMODModule *intern;
     static PK11PreSlotInfo internSlotInfo =
 	{ 1, SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|SECMOD_RC2_FLAG|
 	SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
 	SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|
-	SECMOD_SSL_FLAG|SECMOD_TLS_FLAG|SECMOD_AES_FLAG, -1, 30, 0 };
+	SECMOD_SSL_FLAG|SECMOD_TLS_FLAG|SECMOD_AES_FLAG|SECMOD_DH_FLAG,
+	-1, 30, 0 };
 
     intern = SECMOD_NewModule();
     if (intern == NULL) {
 	return NULL;
     }
 
     /*
      * make this module an internal module
@@ -310,19 +311,19 @@ struct secmodSlotDataStr {
     unsigned char defaultFlags[4];
     unsigned char timeout[4];
     unsigned char askpw;
     unsigned char hasRootCerts;
     unsigned char reserved[18]; /* this makes it a round 32 bytes */
 };
 
 #define SECMOD_DB_VERSION_MAJOR 0
-#define SECMOD_DB_VERSION_MINOR 4
+#define SECMOD_DB_VERSION_MINOR 5
 #define SECMOD_DB_NOUI_VERSION_MAJOR 0
-#define SECMOD_DB_NOUI_VERSION_MINOR 3
+#define SECMOD_DB_NOUI_VERSION_MINOR 4
 
 #define SECMOD_PUTSHORT(dest,src) \
 	(dest)[1] = (unsigned char) ((src)&0xff); \
 	(dest)[0] = (unsigned char) (((src) >> 8) & 0xff);
 #define SECMOD_PUTLONG(dest,src) \
 	(dest)[3] = (unsigned char) ((src)&0xff); \
 	(dest)[2] = (unsigned char) (((src) >> 8) & 0xff); \
 	(dest)[1] = (unsigned char) (((src) >> 16) & 0xff); \
--- a/security/nss/lib/pk11wrap/pk11kea.c
+++ b/security/nss/lib/pk11wrap/pk11kea.c
@@ -94,28 +94,35 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_M
 	wrapData.data = NULL;
 
 	/* find RSA Public Key on target */
 	pubKeyHandle = pk11_FindRSAPubKey(slot);
 	if (pubKeyHandle != CK_INVALID_KEY) {
 	    privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
 	}
 
-	/* if no key exits, generate a key pair */
+	/* if no key exists, generate a key pair */
 	if (privKeyHandle == CK_INVALID_KEY) {
-	    unsigned int     keyLength = PK11_GetKeyLength(symKey);
+	    unsigned int     symKeyLength = PK11_GetKeyLength(symKey);
 	    PK11RSAGenParams rsaParams;
 
+	    if (symKeyLength > 60) /* bytes */ {
+		/* we'd have to generate an RSA key pair > 512 bits long,
+		** and that's too costly.  Don't even try. 
+		*/
+		PORT_SetError( SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY );
+		goto rsa_failed;
+	    }
 	    rsaParams.keySizeInBits = 
-		((keyLength == 0) || (keyLength > 16)) ? 512 : 256;
+	        (symKeyLength > 28 || symKeyLength == 0) ? 512 : 256;
 	    rsaParams.pe  = 0x10001;
 	    privKey = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN, 
-		&rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
+			    &rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
 	} else {
-	    /* if key's exist, build SECKEY data structures for them */
+	    /* if keys exist, build SECKEY data structures for them */
 	    privKey = PK11_MakePrivKey(slot,nullKey, PR_TRUE, privKeyHandle,
 					symKey->cx);
 	    if (privKey != NULL) {
     		pubKey = PK11_ExtractPublicKey(slot, rsaKey, pubKeyHandle);
 		if (pubKey && pubKey->pkcs11Slot) {
 		    PK11_FreeSlot(pubKey->pkcs11Slot);
 		    pubKey->pkcs11Slot = NULL;
 		    pubKey->pkcs11ID = CK_INVALID_KEY;
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -166,17 +166,17 @@ pk11_getKeyFromList(PK11SlotInfo *slot) 
     if (slot->freeSymKeysHead) {
     	symKey = slot->freeSymKeysHead;
 	slot->freeSymKeysHead = symKey->next;
 	slot->keyCount--;
     }
     PK11_USE_THREADS(PZ_Unlock(slot->freeListLock);)
     if (symKey) {
 	symKey->next = NULL;
-	if (!symKey->sessionOwner)
+	if ((symKey->series != slot->series) || (!symKey->sessionOwner))
     	    symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner);
 	return symKey;
     }
 
     symKey = (PK11SymKey *)PORT_ZAlloc(sizeof(PK11SymKey));
     if (symKey == NULL) {
 	return NULL;
     }
--- a/security/nss/lib/pkcs12/p12d.c
+++ b/security/nss/lib/pkcs12/p12d.c
@@ -2137,18 +2137,16 @@ sec_pkcs12_validate_cert(sec_PKCS12SafeB
     if(!testCert && PK11_IsInternal(cert->slot)) {
 	testCert = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(),
 				 &cert->safeBagContent.certBag->value.x509Cert);
     }
 
     if(testCert) {
 	if(!testCert->nickname) {
 	    cert->removeExisting = PR_TRUE;
-	} else {
-	    cert->noInstall = PR_TRUE;
 	}
 	CERT_DestroyCertificate(testCert);
 	if(cert->noInstall && !cert->removeExisting) {
 	    return;
 	}
     }
 
     sec_pkcs12_validate_cert_nickname(cert, key, nicknameCb, wincx);
--- a/security/nss/lib/softoken/keydb.c
+++ b/security/nss/lib/softoken/keydb.c
@@ -582,16 +582,19 @@ SECKEY_OpenKeyDB(PRBool readOnly, SECKEY
     } else {
 	openflags = O_RDWR;
     }
 
     dbname = (*namecb)(cbarg, PRIVATE_KEY_DB_FILE_VERSION);
     if ( dbname == NULL ) {
 	goto loser;
     }
+
+    handle->dbname = PORT_Strdup(dbname);
+    handle->readOnly = readOnly;
     
     handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
 
     /* check for correct version number */
     if (handle->db != NULL) {
 	/* lookup version string in database */
 	ret = (* handle->db->get)( handle->db, &versionKey, &versionData, 0 );
 
@@ -715,16 +718,17 @@ SECKEY_CloseKeyDB(SECKEYKeyDBHandle *han
 {
     if (handle != NULL) {
 	if (handle == SECKEY_GetDefaultKeyDB()) {
 	    SECKEY_SetDefaultKeyDB(NULL);
 	}
 	if (handle->db != NULL) {
 	    (* handle->db->close)(handle->db);
 	}
+	if (handle->dbname) PORT_Free(handle->dbname);
 	PORT_Free(handle);
     }
 }
 
 /* Get the key database version */
 int
 SECKEY_GetKeyDBVersion(SECKEYKeyDBHandle *handle)
 {
@@ -2411,46 +2415,51 @@ done:
     
     if ( dbkey ) {
 	sec_destroy_dbkey(dbkey);
     }
 
     return(SECSuccess);
 }
 
+#define MAX_DB_SIZE 0xffff 
 /*
  * Clear out all the keys in the existing database
  */
 SECStatus
 SECKEY_ResetKeyDB(SECKEYKeyDBHandle *handle)
 {
     SECStatus rv;
     DBT key;
     DBT data;
     int ret;
     int errors = 0;
 
     if ( handle->db == NULL ) {
 	return(SECSuccess);
     }
 
-    
-    /* now traverse the database */
-    ret = (* handle->db->seq)(handle->db, &key, &data, R_FIRST);
-    if ( ret ) {
-	goto done;
+    if (handle->readOnly) {
+	/* set an error code */
+	return SECFailure;
+     }
+
+    PORT_Assert(handle->dbname != NULL);
+    if (handle->dbname == NULL) {
+	return SECFailure;
+    }
+
+    (* handle->db->close)(handle->db);
+    handle->db = dbopen( handle->dbname,
+			     O_RDWR | O_CREAT | O_TRUNC, 0600, DB_HASH, 0 );
+    if (handle->db == NULL) {
+	/* set an error code */
+	return SECFailure;
     }
     
-    do {
-        /* delete each entry */
-	ret = (* handle->db->del)(handle->db, &key, 0);
-	if ( ret ) errors++;
-
-    } while ( (* handle->db->seq)(handle->db, &key, &data,
-					R_NEXT) == 0 );
     rv = makeGlobalVersion(handle);
     if ( rv != SECSuccess ) {
 	errors++;
 	goto done;
     }
 
     rv = makeGlobalSalt(handle);
     if ( rv != SECSuccess ) {
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -662,18 +662,22 @@ pk11_handleCertObject(PK11Session *sessi
 	    PORT_Memcpy(cert->nickname, label, PORT_Strlen(label));
 	}
 
 	/* only add certs that have a private key */
 	if (SECKEY_KeyForCertExists(SECKEY_GetDefaultKeyDB(),cert) 
 							!= SECSuccess) {
 	    return CKR_ATTRIBUTE_VALUE_INVALID;
 	}
-	if (CERT_AddTempCertToPerm(cert, label, &trust) != SECSuccess) {
-	    return CKR_HOST_MEMORY;
+	if (!cert->isperm) {
+	    if (CERT_AddTempCertToPerm(cert, label, &trust) != SECSuccess) {
+		return CKR_HOST_MEMORY;
+	    }
+	} else {
+	    CERT_ChangeCertTrust(cert->dbhandle,cert,&trust);
 	}
 	if(certUsage) {
 	    if(CERT_ChangeCertTrustByUsage(CERT_GetDefaultCertDB(),
 				cert, *certUsage) != SECSuccess) {
 		return CKR_HOST_MEMORY;
 	    }
 	}
 	object->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_CERT);
@@ -2699,16 +2703,17 @@ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK
 		slot->tokObjects[i] = object->next;
 
 		if (object->next) object->next->prev = NULL;
 		object->next = object->prev = NULL;
 	    }
 	    if (object) pk11_FreeObject(object);
 	} while (object != NULL);
     }
+    slot->DB_loaded = PR_FALSE;
     PK11_USE_THREADS(PZ_Unlock(slot->objectLock);)
 
     /* then clear out the key database */
     handle = SECKEY_GetDefaultKeyDB();
     if (handle == NULL) {
 	return CKR_TOKEN_WRITE_PROTECTED;
     }
 
--- a/security/nss/lib/softoken/private.h
+++ b/security/nss/lib/softoken/private.h
@@ -45,16 +45,18 @@
 /*
  * Handle structure for open key databases
  */
 struct SECKEYKeyDBHandleStr {
     DB *db;
     DB *updatedb;		/* used when updating an old version */
     SECItem *global_salt;	/* password hashing salt for this db */
     int version;		/* version of the database */
+    char *dbname;		/* name of the openned DB */
+    PRBool readOnly;		/* is the DB read only */
 };
 
 /*
 ** Typedef for callback for traversing key database.
 **      "key" is the key used to index the data in the database (nickname)
 **      "data" is the key data
 **      "pdata" is the user's data 
 */
--- a/security/nss/lib/util/secerr.h
+++ b/security/nss/lib/util/secerr.h
@@ -144,17 +144,17 @@ SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY 	 
 SEC_ERROR_PKCS12_UNABLE_TO_WRITE 	    = 	(SEC_ERROR_BASE + 97),
 SEC_ERROR_PKCS12_UNABLE_TO_READ 	    =	(SEC_ERROR_BASE + 98),
 SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED 	 = (SEC_ERROR_BASE + 99),
 SEC_ERROR_KEYGEN_FAIL 			    =	(SEC_ERROR_BASE + 100),
 SEC_ERROR_INVALID_PASSWORD 		    =	(SEC_ERROR_BASE + 101),
 SEC_ERROR_RETRY_OLD_PASSWORD 		    =	(SEC_ERROR_BASE + 102),
 SEC_ERROR_BAD_NICKNAME 			    =	(SEC_ERROR_BASE + 103),
 SEC_ERROR_NOT_FORTEZZA_ISSUER 		    = 	(SEC_ERROR_BASE + 104),
-/* UNUSED                                       (SEC_ERROR_BASE + 105) */
+SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY         =   (SEC_ERROR_BASE + 105),
 SEC_ERROR_JS_INVALID_MODULE_NAME 	    =	(SEC_ERROR_BASE + 106),
 SEC_ERROR_JS_INVALID_DLL 		    =	(SEC_ERROR_BASE + 107),
 SEC_ERROR_JS_ADD_MOD_FAILURE 		    =	(SEC_ERROR_BASE + 108),
 SEC_ERROR_JS_DEL_MOD_FAILURE 		    =	(SEC_ERROR_BASE + 109),
 SEC_ERROR_OLD_KRL 			    =	(SEC_ERROR_BASE + 110),
 SEC_ERROR_CKL_CONFLICT 			    =	(SEC_ERROR_BASE + 111),
 SEC_ERROR_CERT_NOT_IN_NAME_SPACE 	    =	(SEC_ERROR_BASE + 112),
 SEC_ERROR_KRL_NOT_YET_VALID 		    =	(SEC_ERROR_BASE + 113),
--- a/security/nss/makefile.win
+++ b/security/nss/makefile.win
@@ -38,17 +38,17 @@
 #
 
 DEPTH = ..\..
 include <$(DEPTH)\config\config.mak>
 
 GMAKE = gmake.exe
 
 GMAKE_FLAGS = OBJDIR_NAME=$(OBJDIR) MOZILLA_CLIENT=1
-GMAKE_FLAGS = $(GMAKE_FLAGS) SOURCE_MDHEADERS_DIR=$(MOZ_SRC:\=/)/mozilla/dist/include/nspr
+GMAKE_FLAGS = $(GMAKE_FLAGS) MOZILLA_INCLUDES="-I$(MOZ_SRC:\=/)/mozilla/dist/include/nspr -I$(MOZ_SRC:\=/)/mozilla/dist/include/dbm"
 
 #
 # The Client's debug build uses MSVC's debug runtime library (/MDd).
 #
 
 !ifndef MOZ_DEBUG
 GMAKE_FLAGS = $(GMAKE_FLAGS) BUILD_OPT=1
 !endif