changes for PSM to compile against NSS shared libraries.
authorrelyea%netscape.com
Wed, 21 Nov 2001 18:00:28 +0000
changeset 2358 3ed192219a7aba0695b9cffcd748e473b330f29d
parent 2357 6c0b656f94b3bf44b46b4c5ab203d2f52df984b5
child 2359 5fd8acaefaab0a05fbf5c52091d6d7a36651242d
push idunknown
push userunknown
push dateunknown
changes for PSM to compile against NSS shared libraries. Move SSL and S/MIME to the new common MAPFILE usage
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/certt.h
security/nss/lib/certdb/secname.c
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/crmf/asn1cmn.c
security/nss/lib/crmf/cmmfi.h
security/nss/lib/crmf/crmfcont.c
security/nss/lib/crmf/crmftmpl.c
security/nss/lib/crmf/respcmn.c
security/nss/lib/cryptohi/seckey.c
security/nss/lib/nss/nss.def
security/nss/lib/pk11wrap/pk11func.h
security/nss/lib/pk11wrap/pk11skey.c
security/nss/lib/smime/config.mk
security/nss/lib/smime/manifest.mn
security/nss/lib/smime/smime.def
security/nss/lib/softoken/pcertt.h
security/nss/lib/ssl/config.mk
security/nss/lib/ssl/manifest.mn
security/nss/lib/util/secasn1.h
security/nss/lib/util/secasn1d.c
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -208,16 +208,17 @@ const SEC_ASN1Template CERT_CertKeyTempl
     { SEC_ASN1_SKIP },		/* signature algorithm */
     { SEC_ASN1_ANY,
 	  offsetof(CERTCertKey,derIssuer) },
     { SEC_ASN1_SKIP_REST },
     { 0 }
 };
 
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SignedCertificateTemplate)
 
 SECStatus
 CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn,
 			SECItem *key)
 {
     key->len = sn->len + issuer->len;
     
     key->data = (unsigned char*)PORT_ArenaAlloc(arena, key->len);
--- a/security/nss/lib/certdb/certt.h
+++ b/security/nss/lib/certdb/certt.h
@@ -816,14 +816,17 @@ extern const SEC_ASN1Template CERT_SetOf
 
 /* These functions simply return the address of the above-declared templates.
 ** This is necessary for Windows DLLs.  Sigh.
 */
 SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateRequestTemplate)
 SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateTemplate)
 SEC_ASN1_CHOOSER_DECLARE(CERT_CrlTemplate)
 SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_NameTemplate)
 SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate)
 SEC_ASN1_CHOOSER_DECLARE(CERT_SignedDataTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_SubjectPublicKeyInfoTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_SignedCertificateTemplate)
 
 SEC_END_PROTOS
 
 #endif /* _CERTT_H_ */
--- a/security/nss/lib/certdb/secname.c
+++ b/security/nss/lib/certdb/secname.c
@@ -367,16 +367,18 @@ CERT_CopyRDN(PRArenaPool *arena, CERTRDN
 
 /************************************************************************/
 
 const SEC_ASN1Template CERT_NameTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF,
 	  offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
 };
 
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
+
 CERTName *
 CERT_CreateName(CERTRDN *rdn0, ...)
 {
     CERTRDN *rdn;
     CERTName *name;
     va_list ap;
     unsigned count;
     CERTRDN **rdnp;
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -121,17 +121,17 @@ CERT_ChangeCertTrust(CERTCertDBHandle *h
 	rv = (ret == PR_SUCCESS) ? SECSuccess : SECFailure;
     }
 done:
     CERT_UnlockCertTrust(cert);
     return rv;
 }
 
 SECStatus
-CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
+__CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
 		       CERTCertTrust *trust)
 {
     NSSCertificate *c = STAN_GetNSSCertificate(cert);
 #ifdef notdef
     /* might as well keep these */
     /* actually we shouldn't keep these! rjr */
     PORT_Assert(cert->istemp);
     PORT_Assert(!cert->isperm);
@@ -151,16 +151,23 @@ CERT_AddTempCertToPerm(CERTCertificate *
     */
 	return STAN_ChangeCertTrust(c, trust);
 	/*
     }
     */
     return SECFailure;
 }
 
+SECStatus
+CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
+		       CERTCertTrust *trust)
+{
+    return __CERT_AddTempCertToPerm(cert, nickname, trust);
+}
+
 CERTCertificate *
 __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
 			  char *nickname, PRBool isperm, PRBool copyDER)
 {
     NSSCertificate *c;
     nssDecodedCert *dc;
     NSSArena *arena;
     CERTCertificate *cc;
--- a/security/nss/lib/crmf/asn1cmn.c
+++ b/security/nss/lib/crmf/asn1cmn.c
@@ -32,16 +32,17 @@
  */
 
 #include "cmmf.h"
 #include "cmmfi.h"
 
 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
 SEC_ASN1_MKSUB(SEC_AnyTemplate)
 SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate)
 
 static const SEC_ASN1Template CMMFCertResponseTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse)},
     { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId)},
     { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status), 
       CMMFPKIStatusInfoTemplate},
     { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER, 
       offsetof(CMMFCertResponse, certifiedKeyPair),
@@ -75,17 +76,18 @@ const SEC_ASN1Template CMMFPKIStatusInfo
     { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING, 
       offsetof(CMMFPKIStatusInfo, statusString)},
     { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING, 
       offsetof(CMMFPKIStatusInfo, failInfo)},
     { 0 }
 };
 
 const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = {
-    { SEC_ASN1_SEQUENCE_OF, 0, SEC_SignedCertificateTemplate}
+    { SEC_ASN1_SEQUENCE_OF| SEC_ASN1_XTRN, 0, 
+			SEC_ASN1_SUB(SEC_SignedCertificateTemplate)}
 };
 
 const SEC_ASN1Template CMMFRandTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand)},
     { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer)},
     { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash)},
     { 0 }
 };
@@ -101,19 +103,19 @@ const SEC_ASN1Template CMMFPOPODecKeyRes
 const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = {
     { SEC_ASN1_CONTEXT_SPECIFIC | 1,
       0,
       CRMFEncryptedValueTemplate},
     { 0 }
 };
 
 const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = {
-    { SEC_ASN1_CONTEXT_SPECIFIC | 0,
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
       0,
-      SEC_SignedCertificateTemplate},
+      SEC_ASN1_SUB(SEC_SignedCertificateTemplate)},
     { 0 }
 };
 
 const SEC_ASN1Template CMMFCertRepContentTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent)},
     { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
       SEC_ASN1_CONTEXT_SPECIFIC | 1,
       offsetof(CMMFCertRepContent, caPubs),
--- a/security/nss/lib/crmf/cmmfi.h
+++ b/security/nss/lib/crmf/cmmfi.h
@@ -36,16 +36,17 @@
  * These are the definitions needed by the library internally to implement
  * CMMF.  Most of these will be helper utilities for manipulating internal
  * data strucures.
  */
 #ifndef _CMMFI_H_
 #define _CMMFI_H_
 #include "cmmfit.h"
 #include "crmfi.h"
+#include "nssrenam.h"
 
 #define CMMF_MAX_CHALLENGES 10
 #define CMMF_MAX_KEY_PAIRS  50
 
 /*
  * Some templates that the code will need to implement CMMF.
  */
 extern const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[];
--- a/security/nss/lib/crmf/crmfcont.c
+++ b/security/nss/lib/crmf/crmfcont.c
@@ -356,17 +356,17 @@ crmf_create_arch_rem_gen_privkey(PRBool 
 
     value = (archiveRemGenPrivKey) ? hexTrue : hexFalse;
     newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
     if (newArchOptions == NULL) {
         goto loser;
     }
     dummy = SEC_ASN1EncodeItem(NULL, 
 			       &newArchOptions->option.archiveRemGenPrivKey,
-			       &value, SEC_BooleanTemplate);
+			       &value, SEC_ASN1_GET(SEC_BooleanTemplate));
     PORT_Assert (dummy == &newArchOptions->option.archiveRemGenPrivKey);
     if (dummy != &newArchOptions->option.archiveRemGenPrivKey) {
         SECITEM_FreeItem (dummy, PR_TRUE);
 	goto loser;
     }
     newArchOptions->archOption = crmfArchiveRemGenPrivKey;
     return newArchOptions;
  loser:
@@ -994,17 +994,17 @@ crmf_get_pkiarchive_subtemplate(CRMFCont
 const SEC_ASN1Template*
 crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl)
 {
     const SEC_ASN1Template *retTemplate;
 
     switch (inControl->tag) {
     case SEC_OID_PKIX_REGCTRL_REGTOKEN:
     case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
-        retTemplate = SEC_UTF8StringTemplate;
+        retTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
 	break;
     case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
         retTemplate = crmf_get_pkiarchive_subtemplate(inControl);
 	break;
     case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
     case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
     case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
         /* We don't support these controls, so we fail for now.*/
--- a/security/nss/lib/crmf/crmftmpl.c
+++ b/security/nss/lib/crmf/crmftmpl.c
@@ -34,20 +34,23 @@
 
 #include "crmf.h"
 #include "crmfi.h"
 #include "secoid.h"
 #include "secasn1.h"
 
 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
 SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_NullTemplate)
 SEC_ASN1_MKSUB(SEC_BitStringTemplate)
 SEC_ASN1_MKSUB(SEC_IntegerTemplate)
 SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
 SEC_ASN1_MKSUB(SEC_UTCTimeTemplate)
+SEC_ASN1_MKSUB(CERT_SubjectPublicKeyInfoTemplate)
+SEC_ASN1_MKSUB(CERT_NameTemplate)
 
 /* 
  * It's all implicit tagging.
  */
 
 const SEC_ASN1Template CRMFControlTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl)},
     { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag)},
@@ -80,17 +83,17 @@ static const SEC_ASN1Template CRMFOption
     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
       SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1, 
       offsetof (CRMFOptionalValidity, notAfter),
       SEC_ASN1_SUB(SEC_UTCTimeTemplate) },
     { 0 }
 };
 
 static const SEC_ASN1Template crmfPointerToNameTemplate[] = {
-    { SEC_ASN1_POINTER, 0, CERT_NameTemplate},
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(CERT_NameTemplate)},
     { 0 }
 };
 
 static const SEC_ASN1Template CRMFCertTemplateTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, 
      offsetof(CRMFCertTemplate, version), 
      SEC_ASN1_SUB(SEC_IntegerTemplate) },
@@ -105,19 +108,20 @@ static const SEC_ASN1Template CRMFCertTe
      SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3, 
      offsetof (CRMFCertTemplate, issuer), crmfPointerToNameTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4, 
      offsetof (CRMFCertTemplate, validity), 
      CRMFOptionalValidityTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 
      SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5, 
      offsetof (CRMFCertTemplate, subject), crmfPointerToNameTemplate },
-   { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 6, 
+   { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 
+     SEC_ASN1_XTRN | 6, 
      offsetof (CRMFCertTemplate, publicKey), 
-     CERT_SubjectPublicKeyInfoTemplate }, 
+     SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, 
    { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 
      SEC_ASN1_XTRN | 7,
      offsetof (CRMFCertTemplate, issuerUID), 
      SEC_ASN1_SUB(SEC_BitStringTemplate) },
    { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
      SEC_ASN1_XTRN | 8,
      offsetof (CRMFCertTemplate, subjectUID), 
      SEC_ASN1_SUB(SEC_BitStringTemplate) },
@@ -165,25 +169,26 @@ const SEC_ASN1Template CRMFCertReqMessag
 
 static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | 
       SEC_ASN1_CONTEXT_SPECIFIC | 0,
       offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) },
     { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1,
       offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) },
-    { SEC_ASN1_INLINE, offsetof(CRMFPOPOSigningKeyInput, publicKey), 
-      CERT_SubjectPublicKeyInfoTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, 
+      offsetof(CRMFPOPOSigningKeyInput, publicKey), 
+      SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) },
     { 0 }
 };
 
 const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
-    { SEC_ASN1_CONTEXT_SPECIFIC | 0, 
+    { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, 
       0,
-      SEC_NullTemplate },
+      SEC_ASN1_SUB(SEC_NullTemplate) },
     { 0 }
 };
 
 
 /* This template will need to add POPOSigningKeyInput eventually, maybe*/
 static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) },
     { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 
--- a/security/nss/lib/crmf/respcmn.c
+++ b/security/nss/lib/crmf/respcmn.c
@@ -142,17 +142,17 @@ crmf_copy_cert_extension(PRArenaPool *po
     SECITEM_FreeItem(data, PR_TRUE);
     return newExt;    
 }
 
 static SECItem*
 cmmf_encode_certificate(CERTCertificate *inCert)
 {
     return SEC_ASN1EncodeItem(NULL, NULL, inCert, 
-			      SEC_SignedCertificateTemplate);
+			      SEC_ASN1_GET(SEC_SignedCertificateTemplate));
 }
 
 CERTCertList*
 cmmf_MakeCertList(CERTCertificate **inCerts)
 {
     CERTCertList    *certList;
     CERTCertificate *currCert;
     SECItem         *derCert, *freeCert = NULL;
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -136,16 +136,17 @@ const SEC_ASN1Template SECKEY_KEAPublicK
 
 const SEC_ASN1Template SECKEY_KEAParamsTemplate[] = {
     { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPublicKey,u.kea.params.hash), }, 
     { 0, }
 };
 
 SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_DSAPublicKeyTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_RSAPublicKeyTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SubjectPublicKeyInfoTemplate)
 
 
 /* Create an RSA key pair is any slot able to do so.
 ** The created keys are "session" (temporary), not "token" (permanent), 
 ** and they are "sensitive", which makes them costly to move to another token.
 */
 SECKEYPrivateKey *
 SECKEY_CreateRSAPrivateKey(int keySizeInBits,SECKEYPublicKey **pubk, void *cx)
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -472,16 +472,17 @@ SECMOD_AddNewModule;
 CERT_DisableOCSPChecking;
 CERT_DisableOCSPDefaultResponder;
 CERT_EnableOCSPDefaultResponder;
 CERT_GetCertTimes;
 CERT_ImportCAChainTrusted;
 CERT_ImportCRL;
 CERT_IsCACert;
 CERT_IsCADERCert;
+CERT_KeyFromDERCrl;
 CERT_SetOCSPDefaultResponder;
 PBE_CreateContext;
 PBE_DestroyContext;
 PBE_GenerateBits;
 PK11_CheckSSOPassword;
 PK11_CopySymKeyForSigning;
 PK11_DeleteTokenCertAndKey;
 PK11_DEREncodePublicKey;
@@ -559,12 +560,71 @@ PK11_DestroyPBEParams;
 ;+       *;
 ;+};
 ;+NSS_3.4 { 	# NSS 3.4 release
 ;+    global:
 SECMOD_LoadModule;
 SECMOD_GetModuleSpecList;
 SECMOD_FreeModuleSpecList;
 SECMOD_UpdateModule;
+SECMOD_DeleteModule;
+;+# for PKCS #12
 PK11_RawPBEKeyGen;
+;+# for PSM
+__CERT_AddTempCertToPerm;
+CERT_AddOKDomainName;
+CERT_CopyName;
+CERT_DecodeAVAValue;
+;+#CERT_DecodeCertFromPackage;
+CERT_DecodeTrustString;
+CERT_DerNameToAscii;
+CERT_FilterCertListByCANames;
+CERT_FilterCertListByUsage;
+CERT_FindUserCertByUsage;
+CERT_FindUserCertsByUsage;
+CERT_GetCertChainFromCert;
+CERT_GetOCSPAuthorityInfoAccessLocation;
+CERT_NicknameStringsFromCertList;
+CERT_MakeCANickname;
+CERT_VerifySignedData;
+DER_Encode;
+HASH_Begin;
+HASH_Create;
+HASH_Destroy;
+HASH_End;
+HASH_ResultLen;
+HASH_Update;
+NSSBase64_DecodeBuffer;   # from Stan
+NSSBase64_EncodeItem;   # from Stan
+PK11_GetKeyGen;
+PK11_GetMinimumPwdLength;
+PK11_GetNextSafe;
+PK11_GetPadMechanism;
+PK11_GetSlotInfo;
+PK11_HasRootCerts;
+PK11_IsDisabled;
+PK11_LoadPrivKey;
+PK11_LogoutAll;
+PK11_MechanismToAlgtag;
+PK11_ResetToken;
+PK11_TraverseSlotCerts;
+SEC_ASN1Decode;
+SECKEY_CopySubjectPublicKeyInfo;
+SECMOD_CreateModule;
+SECMOD_FindModule;
+SECMOD_FindSlot;
+SECMOD_PubCipherFlagstoInternal;
+SECMOD_PubMechFlagstoInternal;
+;;CERT_NameTemplate DATA ;
+;;CERT_SubjectPublicKeyInfoTemplate DATA ;
+;;SEC_BooleanTemplate DATA ;
+;;SEC_NullTemplate DATA ;
+;;SEC_SignedCertificateTemplate DATA ;
+;;SEC_UTF8StringTemplate DATA ;
+NSS_Get_CERT_NameTemplate;
+NSS_Get_CERT_SubjectPublicKeyInfoTemplate;
+NSS_Get_SEC_BooleanTemplate;
+NSS_Get_SEC_NullTemplate;
+NSS_Get_SEC_SignedCertificateTemplate;
+NSS_Get_SEC_UTF8StringTemplate;
 ;+    local:
 ;+       *;
 ;+};
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@@ -269,16 +269,19 @@ PK11SymKey *PK11_UnwrapSymKeyWithFlags(P
 	CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, 
 	CK_FLAGS flags);
 PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
 	 CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
 PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, 
 						SECItem *keyID, void *wincx);
 SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey);
 SECStatus PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx);
+SECKEYPrivateKey * PK11_LoadPrivKey(PK11SlotInfo *slot,
+		SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, 
+					PRBool token, PRBool sensitive);
 
 /* size to hold key in bytes */
 unsigned int PK11_GetKeyLength(PK11SymKey *key);
 /* size of actual secret parts of key in bits */
 /* algid is because RC4 strength is determined by the effective bits as well
  * as the key bits */
 unsigned int PK11_GetKeyStrength(PK11SymKey *key,SECAlgorithmID *algid);
 SECStatus PK11_ExtractKeyValue(PK11SymKey *symKey);
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -1706,16 +1706,26 @@ pk11_loadPrivKey(PK11SlotInfo *slot,SECK
 	}
      }
 
      /* build new key structure */
      return PK11_MakePrivKey(slot, privKey->keyType, (PRBool)!token, 
 						objectID, privKey->wincx);
 }
 
+/*
+ * export this for PSM
+ */
+SECKEYPrivateKey *
+PK11_LoadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, 
+		SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) 
+{
+    return pk11_loadPrivKey(slot,privKey,pubKey,token,sensitive);
+}
+
 
 /*
  * Use the token to Generate a key. keySize must be 'zero' for fixed key
  * length algorithms. NOTE: this means we can never generate a DES2 key
  * from this interface!
  */
 SECKEYPrivateKey *
 PK11_GenerateKeyPair(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, 
--- a/security/nss/lib/smime/config.mk
+++ b/security/nss/lib/smime/config.mk
@@ -44,17 +44,16 @@
 RELEASE_LIBS = $(TARGETS)
 
 ifeq ($(OS_ARCH), WINNT)
 
 # don't want the 32 in the shared library name
 SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).dll
 IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).lib
 
-DLLFLAGS += -DEF:smime.def
 RES = $(OBJDIR)/smime.res
 RESNAME = smime.rc
 
 SHARED_LIBRARY_LIBS = \
 	$(DIST)/lib/pkcs12.lib \
 	$(DIST)/lib/pkcs7.lib \
 	$(NULL)
 
@@ -87,42 +86,8 @@ SHARED_LIBRARY_DIRS = \
 EXTRA_SHARED_LIBS += \
 	-L$(DIST)/lib/ \
 	-lnss3 \
 	-lplc4 \
 	-lplds4 \
 	-lnspr4 \
 	$(NULL)
 endif
-
-ifeq ($(OS_ARCH),SunOS)
-MAPFILE = $(OBJDIR)/smimemap.sun
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -M $(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),AIX)
-MAPFILE = $(OBJDIR)/smimemap.aix
-ALL_TRASH += $(MAPFILE)
-EXPORT_RULES = -bexport:$(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),HP-UX)
-MAPFILE = $(OBJDIR)/nssmap.hp
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -c $(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH), OSF1)
-MAPFILE = $(OBJDIR)/smimemap.osf
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -hidden -input $(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),Linux)
-MAPFILE = $(OBJDIR)/smimemap.linux
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -Wl,--version-script,$(MAPFILE)
-endif
-
-
-	
-
--- a/security/nss/lib/smime/manifest.mn
+++ b/security/nss/lib/smime/manifest.mn
@@ -40,16 +40,17 @@ EXPORTS = \
 	cmsreclist.h \
 	$(NULL)
 
 PRIVATE_EXPORTS = \
 	cmslocal.h \
 	$(NULL)
 
 MODULE = security
+MAPFILE = $(OBJDIR)/smime.def
 
 CSRCS = \
 	cmsarray.c \
 	cmsasn1.c \
 	cmsattr.c \
 	cmscinfo.c \
 	cmscipher.c \
 	cmsdecode.c \
--- a/security/nss/lib/smime/smime.def
+++ b/security/nss/lib/smime/smime.def
@@ -178,8 +178,21 @@ NSSSMIME_VersionCheck;
 ;+NSS_3.3 {     # NSS 3.3. release
 ;+    global:
 SEC_PKCS7AddCertificate;
 SEC_PKCS7CreateCertsOnly;
 SEC_PKCS7Encode;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.4 {     # NSS 3.4. release
+;+    global:
+;+# FOR PSM
+CERT_DecodeCertFromPackage;
+NSS_CMSSignedData_SetDigestValue;
+NSS_CMSMessage_IsSigned;
+NSS_SMIMESignerInfo_SaveSMIMEProfile;
+SEC_PKCS7CopyContentInfo;
+SEC_PKCS7VerifyDetachedSignature;
+SECMIME_DecryptionAllowed;
+;+    local:
+;+       *;
+;+};
--- a/security/nss/lib/softoken/pcertt.h
+++ b/security/nss/lib/softoken/pcertt.h
@@ -158,17 +158,16 @@ typedef char * (*NSSLOWCERTDBNameFunc)(v
 /* XXX Lisa thinks the template declarations belong in cert.h, not here? */
 
 #include "secasn1t.h"	/* way down here because I expect template stuff to
 			 * move out of here anyway */
 
 SEC_BEGIN_PROTOS
 
 extern const SEC_ASN1Template nsslowcert_CertificateTemplate[];
-extern const SEC_ASN1Template SEC_SignedCertificateTemplate[];
 extern const SEC_ASN1Template nsslowcert_SignedDataTemplate[];
 extern const SEC_ASN1Template NSSLOWKEY_PublicKeyTemplate[];
 extern const SEC_ASN1Template nsslowcert_SubjectPublicKeyInfoTemplate[];
 extern const SEC_ASN1Template nsslowcert_ValidityTemplate[];
 
 SEC_END_PROTOS
 
 /*
--- a/security/nss/lib/ssl/config.mk
+++ b/security/nss/lib/ssl/config.mk
@@ -42,17 +42,16 @@
 #PROGRAM        =
 
 ifeq ($(OS_ARCH), WINNT)
 
 # don't want the 32 in the shared library name
 SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).dll
 IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).lib
 
-DLLFLAGS += -DEF:ssl.def
 RES = $(OBJDIR)/ssl.res
 RESNAME = ssl.rc
 
 EXTRA_SHARED_LIBS += \
 	$(DIST)/lib/nss3.lib \
 	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.lib \
 	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.lib \
 	$(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib \
@@ -65,43 +64,8 @@ else
 EXTRA_SHARED_LIBS += \
 	-L$(DIST)/lib/ \
 	-lnss3 \
 	-lplc4 \
 	-lplds4 \
 	-lnspr4 \
 	$(NULL)
 endif
-
-
-ifeq ($(OS_ARCH),SunOS)
-MAPFILE = $(OBJDIR)/sslmap.sun
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -M $(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),AIX)
-MAPFILE = $(OBJDIR)/sslmap.aix
-ALL_TRASH += $(MAPFILE)
-EXPORT_RULES = -bexport:$(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),HP-UX)
-MAPFILE = $(OBJDIR)/sslmap.hp
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -c $(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH), OSF1)
-MAPFILE = $(OBJDIR)/sslmap.osf
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -hidden -input $(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),Linux)
-MAPFILE = $(OBJDIR)/sslmap.linux
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -Wl,--version-script,$(MAPFILE)
-endif
-
-
-	
-
--- a/security/nss/lib/ssl/manifest.mn
+++ b/security/nss/lib/ssl/manifest.mn
@@ -44,16 +44,17 @@ EXPORTS = \
 	ssl.h \
 	sslt.h \
 	sslerr.h \
 	sslproto.h \
 	preenc.h \
 	$(NULL)
 
 MODULE = security
+MAPFILE = $(OBJDIR)/ssl.def
 
 CSRCS = \
 	emulate.c \
 	prelib.c \
 	ssl3con.c \
 	ssl3gthr.c \
 	sslauth.c \
 	sslcon.c \
--- a/security/nss/lib/util/secasn1.h
+++ b/security/nss/lib/util/secasn1.h
@@ -259,23 +259,26 @@ extern const SEC_ASN1Template SEC_SetOfV
  */
 extern const SEC_ASN1Template SEC_SkipTemplate[];
 
 /* These functions simply return the address of the above-declared templates.
 ** This is necessary for Windows DLLs.  Sigh.
 */
 SEC_ASN1_CHOOSER_DECLARE(SEC_AnyTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_BMPStringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_BooleanTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_BitStringTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_GeneralizedTimeTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_IA5StringTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_IntegerTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_NullTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_ObjectIDTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_OctetStringTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_UTCTimeTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_UTF8StringTemplate)
 
 SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToAnyTemplate)
 SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToOctetStringTemplate)
 
 SEC_ASN1_CHOOSER_DECLARE(SEC_SetOfAnyTemplate)
 
 SEC_END_PROTOS
 #endif /* _SECASN1_H_ */
--- a/security/nss/lib/util/secasn1d.c
+++ b/security/nss/lib/util/secasn1d.c
@@ -2960,19 +2960,22 @@ const SEC_ASN1Template SEC_SkipTemplate[
 };
 
 
 /* These functions simply return the address of the above-declared templates.
 ** This is necessary for Windows DLLs.  Sigh.
 */
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_AnyTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BMPStringTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BooleanTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BitStringTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_IA5StringTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_GeneralizedTimeTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_IntegerTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_NullTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_ObjectIDTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_OctetStringTemplate)
-SEC_ASN1_CHOOSER_IMPLEMENT(SEC_UTCTimeTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToAnyTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToOctetStringTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SetOfAnyTemplate)
-
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_UTCTimeTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_UTF8StringTemplate)
+