fixup commit for branch 'REDFIVE_MEMBUF_20060320_BRANCH' REDFIVE_MEMBUF_20060320_BRANCH
authorcvs2hg
Tue, 28 Feb 2006 21:45:18 +0000
branchREDFIVE_MEMBUF_20060320_BRANCH
changeset 6637 ac509f21b9779fea99d0f1ea056aff1ce5f61607
parent 6632 1f69ac5343938f65343b647ecd31275e8c176440
child 13742 1b8017f547d79cee11ced97ed8b5ec49d89538f4
push idunknown
push userunknown
push dateunknown
fixup commit for branch 'REDFIVE_MEMBUF_20060320_BRANCH'
security/nss/cmd/cmdlib/Makefile
security/nss/cmd/cmdlib/cmdline.c
security/nss/cmd/cmdlib/cmdutil.h
security/nss/cmd/cmdlib/config.mk
security/nss/cmd/cmdlib/manifest.mn
security/nss/cmd/ilock/Makefile
security/nss/cmd/ilock/ilock.c
security/nss/cmd/ilock/manifest.mn
security/nss/cmd/include/secnew.h
security/nss/cmd/keyutil/Makefile
security/nss/cmd/keyutil/keyutil.c
security/nss/cmd/keyutil/manifest.mn
security/nss/cmd/pkiutil/Makefile
security/nss/cmd/pkiutil/manifest.mn
security/nss/cmd/pkiutil/pkiutil.c
security/nss/cmd/pkiutil/platlibs.mk
security/nss/cmd/sslstrength/Makefile
security/nss/cmd/sslstrength/manifest.mn
security/nss/cmd/sslstrength/sslstr.cgi
security/nss/cmd/sslstrength/sslstrength.c
security/nss/cmd/sslstrength/sslwrap
security/nss/cmd/swfort/Makefile
security/nss/cmd/swfort/instinit/Makefile
security/nss/cmd/swfort/instinit/instinit.c
security/nss/cmd/swfort/instinit/manifest.mn
security/nss/cmd/swfort/manifest.mn
security/nss/cmd/swfort/newuser/Makefile
security/nss/cmd/swfort/newuser/manifest.mn
security/nss/cmd/swfort/newuser/mktst.c
security/nss/cmd/swfort/newuser/newuser.c
security/nss/cmd/ttformat/Makefile
security/nss/cmd/ttformat/manifest.mn
security/nss/cmd/ttformat/nClient
security/nss/cmd/ttformat/nServ
security/nss/cmd/ttformat/redux.pl
security/nss/cmd/ttformat/reduxhwm.pl
security/nss/cmd/ttformat/ttformat.c
security/nss/lib/fortcrypt/Makefile
security/nss/lib/fortcrypt/config.mk
security/nss/lib/fortcrypt/cryptint.h
security/nss/lib/fortcrypt/fmutex.c
security/nss/lib/fortcrypt/fmutex.h
security/nss/lib/fortcrypt/forsock.c
security/nss/lib/fortcrypt/fortinst.htm
security/nss/lib/fortcrypt/fortpk11.c
security/nss/lib/fortcrypt/fortsock.h
security/nss/lib/fortcrypt/fpkcs11.h
security/nss/lib/fortcrypt/fpkcs11f.h
security/nss/lib/fortcrypt/fpkcs11i.h
security/nss/lib/fortcrypt/fpkcs11t.h
security/nss/lib/fortcrypt/fpkmem.h
security/nss/lib/fortcrypt/fpkstrs.h
security/nss/lib/fortcrypt/genci.h
security/nss/lib/fortcrypt/globinst.htm
security/nss/lib/fortcrypt/handinst.htm
security/nss/lib/fortcrypt/homeinst.htm
security/nss/lib/fortcrypt/inst.js
security/nss/lib/fortcrypt/inst_PPC.js
security/nss/lib/fortcrypt/install.js
security/nss/lib/fortcrypt/maci.c
security/nss/lib/fortcrypt/maci.h
security/nss/lib/fortcrypt/macinst.htm
security/nss/lib/fortcrypt/manifest.mn
security/nss/lib/fortcrypt/replace.c
security/nss/lib/fortcrypt/secmodjar.html
security/nss/lib/fortcrypt/swfort/Makefile
security/nss/lib/fortcrypt/swfort/config.mk
security/nss/lib/fortcrypt/swfort/manifest.mn
security/nss/lib/fortcrypt/swfort/nsmap.h
security/nss/lib/fortcrypt/swfort/pkcs11/.cvsignore
security/nss/lib/fortcrypt/swfort/pkcs11/Makefile
security/nss/lib/fortcrypt/swfort/pkcs11/config.mk
security/nss/lib/fortcrypt/swfort/pkcs11/inst.js
security/nss/lib/fortcrypt/swfort/pkcs11/manifest.mn
security/nss/lib/fortcrypt/swfort/pkcs11/pk11inst
security/nss/lib/fortcrypt/swfort/pkcs11/stub.c
security/nss/lib/fortcrypt/swfort/swfalg.c
security/nss/lib/fortcrypt/swfort/swflib.c
security/nss/lib/fortcrypt/swfort/swfort.h
security/nss/lib/fortcrypt/swfort/swforti.h
security/nss/lib/fortcrypt/swfort/swfortt.h
security/nss/lib/fortcrypt/swfort/swfortti.h
security/nss/lib/fortcrypt/swfort/swfparse.c
security/nss/lib/fortcrypt/swfort/swfutl.c
deleted file mode 100644
--- a/security/nss/cmd/cmdlib/Makefile
+++ /dev/null
@@ -1,79 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
deleted file mode 100644
--- a/security/nss/cmd/cmdlib/cmdline.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include <string.h>
-#include <ctype.h>
-
-#include "cmdutil.h"
-
-static int s_indent_size = 4;
-
-void
-CMD_SetIndentSize(int size) 
-{
-    s_indent_size = size;
-}
-
-#if 0
-static void
-indent(PRFileDesc *out, int level)
-{
-    int i, j;
-    for (i=0; i<level; i++)
-	for (j=0; j<s_indent_size; j++)	
-	    PR_fprintf(out, " ");
-}
-#endif
-
-struct cmdPrintStateStr {
-    PRFileDesc *file;
-    int width;
-    int indent;
-    int linepos;
-};
-
-static void
-init_print_ps(cmdPrintState *ps, PRFileDesc *outfile, int width, int indent)
-{
-    ps->file = (outfile) ? outfile : PR_STDOUT;
-    ps->width = (width > 0) ? width : 80;
-    ps->indent = (indent > 0) ? indent : 0;
-    ps->linepos = 0;
-}
-
-static void
-print_ps_indent(cmdPrintState *ps)
-{
-    int j;
-    if (ps->linepos != 0) {
-	PR_fprintf(ps->file, "\n");
-	ps->linepos = 0;
-    }
-    for (j=0; j<=ps->indent; j++) PR_fprintf(ps->file, " ");
-    ps->linepos = ps->indent;
-}
-
-static void
-print_ps_to_indent(cmdPrintState *ps)
-{
-    if (ps->linepos > ps->indent)
-	PR_fprintf(ps->file, "\n");
-    while (ps->linepos <= ps->indent) {
-	PR_fprintf(ps->file, " ");
-	ps->linepos++;
-    }
-}
-
-static void
-nprintbuf(cmdPrintState *ps, char *buf, int start, int len)
-{
-    int j;
-    for (j=start; j<start + len; j++) {
-	if (buf[j] == '\n') {
-	    PR_fprintf(ps->file, "\n");
-	    ps->linepos = 0;
-	    print_ps_indent(ps);
-	} else {
-	    PR_fprintf(ps->file, "%c", buf[j]);
-	    ps->linepos++;
-	}
-    }
-}
-
-static void 
-nprintf(cmdPrintState *ps, char *msg, ...)
-{
-    char buf[256];
-    int i, len, grouplen;
-    PRBool openquote, openbracket, openparen, openangle, itsaword;
-    va_list args;
-    va_start(args, msg);
-    vsprintf(buf, msg, args);
-    len = strlen(buf);
-    /* print_ps_indent(ps); */
-    if (len < ps->width - ps->linepos) {
-	nprintbuf(ps, buf, 0, len + 1);
-	return;
-    }
-    /* group in this order: " [ ( < word > ) ] " */
-    i=0;
-    openquote=openbracket=openparen=openangle=itsaword=PR_FALSE;
-    while (i<len) {
-	grouplen = 0;
-	if (buf[i] == '\"') { openquote = PR_TRUE; grouplen = 1; }
-	else if (buf[i] == '[') { openbracket = PR_TRUE; grouplen = 1; }
-	else if (buf[i] == '(') { openparen = PR_TRUE; grouplen = 1; }
-	else if (buf[i] == '<') { openangle = PR_TRUE; grouplen = 1; }
-	else itsaword = PR_TRUE;
-	while (grouplen < len && buf[i+grouplen] != '\0' &&
-	       ((openquote && buf[i+grouplen] != '\"') ||
-	        (openbracket && buf[i+grouplen] != ']') ||
-	        (openparen && buf[i+grouplen] != ')') ||
-	        (openangle && buf[i+grouplen] != '>') ||
-	        (itsaword && !isspace(buf[i+grouplen]))))
-	    grouplen++;
-	grouplen++; /* grab the terminator (whitespace for word) */
-	if (!itsaword && isspace(buf[i+grouplen])) grouplen++;
-	if (grouplen < ps->width - ps->linepos) {
-	    nprintbuf(ps, buf, i, grouplen);
-	} else if (grouplen < ps->width - ps->indent) {
-	    print_ps_indent(ps);
-	    nprintbuf(ps, buf, i, grouplen);
-	} else {
-	    /* it's just too darn long.  what to do? */
-	}
-	i += grouplen;
-	openquote=openbracket=openparen=openangle=itsaword=PR_FALSE;
-    }
-    va_end(args);
-}
-
-void 
-CMD_PrintUsageString(cmdPrintState *ps, char *str)
-{
-    nprintf(ps, "%s", str);
-}
-
-/* void because it exits with Usage() if failure */
-static void
-command_line_okay(cmdCommand *cmd, char *progName)
-{
-    int i, c = -1;
-    /* user asked for help.  hope somebody gives it to them. */
-    if (cmd->opt[0].on) return;
-    /* check that the command got all of its needed options */
-    for (i=0; i<cmd->ncmd; i++) {
-	if (cmd->cmd[i].on) {
-	    if (c > 0) {
-		fprintf(stderr, 
-		        "%s: only one command can be given at a time.\n",
-		        progName);
-		CMD_Usage(progName, cmd);
-	    } else {
-		c = i;
-	    }
-	}
-    }
-    if (cmd->cmd[c].argUse == CMDArgReq && cmd->cmd[c].arg == NULL) {
-	/* where's the arg when you need it... */
-	fprintf(stderr, "%s: command --%s requires an argument.\n",
-	                 progName, cmd->cmd[c].s);
-	fprintf(stderr, "type \"%s --%s --help\" for help.\n",
-	                 progName, cmd->cmd[c].s);
-	CMD_Usage(progName, cmd);
-    }
-    for (i=0; i<cmd->nopt; i++) {
-	if (cmd->cmd[c].req & CMDBIT(i)) {
-	    /* command requires this option */
-	    if (!cmd->opt[i].on) {
-		/* but it ain't there */
-		fprintf(stderr, "%s: command --%s requires option --%s.\n",
-		                 progName, cmd->cmd[c].s, cmd->opt[i].s);
-	    } else {
-		/* okay, its there, but does it have an arg? */
-		if (cmd->opt[i].argUse == CMDArgReq && !cmd->opt[i].arg) {
-		    fprintf(stderr, "%s: option --%s requires an argument.\n",
-		                     progName, cmd->opt[i].s);
-		}
-	    }
-	} else if (cmd->cmd[c].opt & CMDBIT(i)) {
-	   /* this option is optional */
-	    if (cmd->opt[i].on) {
-		/* okay, its there, but does it have an arg? */
-		if (cmd->opt[i].argUse == CMDArgReq && !cmd->opt[i].arg) {
-		    fprintf(stderr, "%s: option --%s requires an argument.\n",
-		                     progName, cmd->opt[i].s);
-		}
-	    }
-	} else {
-	   /* command knows nothing about it */
-	   if (cmd->opt[i].on) {
-		/* so why the h--- is it on? */
-		fprintf(stderr, "%s: option --%s not used with command --%s.\n",
-		                 progName, cmd->opt[i].s, cmd->cmd[c].s);
-	   }
-	}
-    }
-}
-
-static char *
-get_arg(char *curopt, char **nextopt, int argc, int *index)
-{
-    char *str;
-    if (curopt) {
-	str = curopt;
-    } else {
-	if (*index + 1 >= argc) return NULL;
-	/* not really an argument but another flag */
-	if (nextopt[*index+1][0] == '-') return NULL;
-	str = nextopt[++(*index)];
-    }
-    /* parse the option */
-    return strdup(str);
-}
-
-int
-CMD_ParseCommandLine(int argc, char **argv, char *progName, cmdCommand *cmd)
-{
-    int i, j, k;
-    int cmdToRun = -1;
-    char *flag;
-    i=1;
-    if (argc <= 1) return -2; /* gross hack for cmdless things like atob */
-    do {
-	flag = argv[i];
-	if (strlen(flag) < 2) /* huh? */
-	    return -1;
-	if (flag[0] != '-')
-	    return -1;
-	/* ignore everything after lone "--" (app-specific weirdness there) */
-	if (strcmp(flag, "--") == 0)
-	    return cmdToRun;
-	/* single hyphen means short alias (single-char) */
-	if (flag[1] != '-') {
-	    j=1;
-	    /* collect a set of opts, ex. -abc */
-	    while (flag[j] != '\0') {
-		PRBool found = PR_FALSE;
-		/* walk the command set looking for match */
-		for (k=0; k<cmd->ncmd; k++) {
-		    if (flag[j] == cmd->cmd[k].c) {
-			/* done - only take one command at a time */
-			if (j > 1) return -1;
-			cmd->cmd[k].on = found = PR_TRUE;
-			cmdToRun = k;
-			if (cmd->cmd[k].argUse != CMDNoArg)
-			    cmd->cmd[k].arg = get_arg(NULL, argv, argc, &i);
-			goto next_flag;
-		    }
-		}
-		/* wasn't found in commands, try options */
-		for (k=0; k<cmd->nopt; k++) {
-		    if (flag[j] == cmd->opt[k].c) {
-			/* collect this option and keep going */
-			cmd->opt[k].on = found = PR_TRUE;
-			if (flag[j+1] == '\0') {
-			    if (cmd->opt[k].argUse != CMDNoArg)
-				cmd->opt[k].arg = get_arg(NULL, argv, argc, &i);
-			    goto next_flag;
-			}
-		    }
-		}
-		j++;
-		if (!found) return -1;
-	    }
-	} else { /* long alias, ex. --list */
-	    char *fl = NULL, *arg = NULL;
-	    PRBool hyphened = PR_FALSE;
-	    fl = &flag[2];
-	    arg = strchr(fl, '=');
-	    if (arg) {
-		*arg++ = '\0';
-	    } else {
-		arg = strchr(fl, '-');
-		if (arg) {
-		    hyphened = PR_TRUE; /* watch this, see below */
-		    *arg++ = '\0';
-		}
-	    }
-	    for (k=0; k<cmd->ncmd; k++) {
-		if (strcmp(fl, cmd->cmd[k].s) == 0) {
-		    cmd->cmd[k].on = PR_TRUE;
-		    cmdToRun = k;
-		    if (cmd->cmd[k].argUse != CMDNoArg || hyphened) {
-			cmd->cmd[k].arg = get_arg(arg, argv, argc, &i);
-		    }
-		    if (arg) arg[-1] = '=';
-		    goto next_flag;
-		}
-	    }
-	    for (k=0; k<cmd->nopt; k++) {
-		if (strcmp(fl, cmd->opt[k].s) == 0) {
-		    cmd->opt[k].on = PR_TRUE;
-		    if (cmd->opt[k].argUse != CMDNoArg || hyphened) {
-			cmd->opt[k].arg = get_arg(arg, argv, argc, &i);
-		    }
-		    if (arg) arg[-1] = '=';
-		    goto next_flag;
-		}
-	    }
-	    return -1;
-	}
-next_flag:
-	i++;
-    } while (i < argc);
-    command_line_okay(cmd, progName);
-    return cmdToRun;
-}
-
-void
-CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage)
-{
-    int i, j;
-    PRBool oneCommand = PR_FALSE;
-    cmdPrintState ps;
-    init_print_ps(&ps, PR_STDERR, 80, 0);
-    nprintf(&ps, "\n%s:   ", progName);
-    /* prints app-specific header */
-    ps.indent = strlen(progName) + 4;
-    usage(&ps, 0, PR_FALSE, PR_TRUE, PR_FALSE);
-    for (i=0; i<cmd->ncmd; i++) if (cmd->cmd[i].on) oneCommand = PR_TRUE;
-    for (i=0; i<cmd->ncmd; i++) {
-	if ((oneCommand  && cmd->cmd[i].on) || !oneCommand) {
-	    ps.indent = 0;
-	    print_ps_indent(&ps);
-	    if (cmd->cmd[i].c != 0) {
-		nprintf(&ps, "-%c, ", cmd->cmd[i].c);
-		nprintf(&ps, "--%-16s ", cmd->cmd[i].s);
-	    } else {
-		nprintf(&ps, "--%-20s ", cmd->cmd[i].s);
-	    }
-	    ps.indent += 20;
-	    usage(&ps, i, PR_TRUE, PR_FALSE, PR_FALSE);
-	    for (j=0; j<cmd->nopt; j++) {
-		if (cmd->cmd[i].req & CMDBIT(j)) {
-		    ps.indent = 0;
-		    print_ps_indent(&ps);
-		    nprintf(&ps, "%3s* ", "");
-		    if (cmd->opt[j].c != 0) {
-			nprintf(&ps, "-%c, ", cmd->opt[j].c);
-			nprintf(&ps, "--%-16s  ", cmd->opt[j].s);
-		    } else {
-			nprintf(&ps, "--%-20s  ", cmd->opt[j].s);
-		    }
-		    ps.indent += 29;
-		    usage(&ps, j, PR_FALSE, PR_FALSE, PR_FALSE);
-		}
-	    }
-	    for (j=0; j<cmd->nopt; j++) {
-		if (cmd->cmd[i].opt & CMDBIT(j)) {
-		    ps.indent = 0;
-		    print_ps_indent(&ps);
-		    nprintf(&ps, "%5s", "");
-		    if (cmd->opt[j].c != 0) {
-			nprintf(&ps, "-%c, ", cmd->opt[j].c);
-			nprintf(&ps, "--%-16s  ", cmd->opt[j].s);
-		    } else {
-			nprintf(&ps, "--%-20s  ", cmd->opt[j].s);
-		    }
-		    ps.indent += 29;
-		    usage(&ps, j, PR_FALSE, PR_FALSE, PR_FALSE);
-		}
-	    }
-	}
-	nprintf(&ps, "\n");
-    }
-    ps.indent = 0;
-    nprintf(&ps, "\n* - required flag for command\n\n");
-    /* prints app-specific footer */
-    usage(&ps, 0, PR_FALSE, PR_FALSE, PR_TRUE);
-    /*nprintf(&ps, "\n\n");*/
-    exit(1);
-}
-
-void
-CMD_Usage(char *progName, cmdCommand *cmd)
-{
-    int i, j, inc;
-    PRBool first;
-    cmdPrintState ps;
-    init_print_ps(&ps, PR_STDERR, 80, 0);
-    nprintf(&ps, "%s", progName);
-    ps.indent = strlen(progName) + 1;
-    print_ps_to_indent(&ps);
-    for (i=0; i<cmd->ncmd; i++) {
-	if (cmd->cmd[i].c != 0) {
-	    nprintf(&ps, "-%c", cmd->cmd[i].c);
-	    inc = 4;
-	} else {
-	    nprintf(&ps, "--%s", cmd->cmd[i].s);
-	    inc = 4 + strlen(cmd->cmd[i].s);
-	}
-	first = PR_TRUE;
-	ps.indent += inc;
-	print_ps_to_indent(&ps);
-	for (j=0; j<cmd->nopt; j++) {
-	    if (cmd->cmd[i].req & CMDBIT(j)) {
-		if (cmd->opt[j].c != 0 && cmd->opt[j].argUse == CMDNoArg) {
-		    if (first) {
-			nprintf(&ps, "-");
-			first = !first;
-		    }
-		    nprintf(&ps, "%c", cmd->opt[j].c);
-		}
-	    }
-	}
-	for (j=0; j<cmd->nopt; j++) {
-	    if (cmd->cmd[i].req & CMDBIT(j)) {
-		if (cmd->opt[j].c != 0)
-		    nprintf(&ps, "-%c ", cmd->opt[j].c);
-		else
-		    nprintf(&ps, "--%s ", cmd->opt[j].s);
-		if (cmd->opt[j].argUse != CMDNoArg)
-		    nprintf(&ps, "%s ", cmd->opt[j].s);
-	    }
-	}
-	first = PR_TRUE;
-	for (j=0; j<cmd->nopt; j++) {
-	    if (cmd->cmd[i].opt & CMDBIT(j)) {
-		if (cmd->opt[j].c != 0 && cmd->opt[j].argUse == CMDNoArg) {
-		    if (first) {
-			nprintf(&ps, "[-");
-			first = !first;
-		    }
-		    nprintf(&ps, "%c", cmd->opt[j].c);
-		}
-	    }
-	}
-	if (!first) nprintf(&ps, "] ");
-	for (j=0; j<cmd->nopt; j++) {
-	    if (cmd->cmd[i].opt & CMDBIT(j) && 
-	         cmd->opt[j].argUse != CMDNoArg) {
-		if (cmd->opt[j].c != 0)
-		    nprintf(&ps, "[-%c %s] ", cmd->opt[j].c, cmd->opt[j].s);
-		else
-		    nprintf(&ps, "[--%s %s] ", cmd->opt[j].s, cmd->opt[j].s);
-	    }
-	}
-	ps.indent -= inc;
-	print_ps_indent(&ps);
-    }
-    ps.indent = 0;
-    nprintf(&ps, "\n");
-    exit(1);
-}
deleted file mode 100644
--- a/security/nss/cmd/cmdlib/cmdutil.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _CMDUTIL_H_
-#define _CMDUTIL_H_
-
-#include <stdio.h>
-#include "nspr.h"
-#include "nssbase.h"
-
-typedef int 
-(* CMD_PPFunc)(PRFileDesc *out, NSSItem *item, char *msg, int level);
-
-
-/*
- * Command Line Parsing routines
- *
- * The attempt here is to provide common functionality for command line
- * parsing across an array of tools.  The tools should obey the historical
- * rules of:
- *
- * (1) one command per line,
- * (2) the command should be uppercase,
- * (3) options should be lowercase,
- * (4) a short usage statement is presented in case of error,
- * (5) a long usage statement is given by -? or --help
- */
-
-/* To aid in formatting usage output.  XXX Uh, why exposed? */
-typedef struct cmdPrintStateStr cmdPrintState;
-
-typedef enum {
-    CMDArgReq = 0,
-    CMDArgOpt,
-    CMDNoArg
-} CMDArg;
-
-struct cmdCommandLineArgStr {
-    char     c;      /* one-character alias for flag    */
-    char    *s;      /* string alias for flag           */
-    CMDArg   argUse; /* flag takes an argument          */
-    char    *arg;    /* argument given for flag         */
-    PRBool   on;     /* flag was issued at command-line */
-    int      req;    /* required arguments for commands */
-    int      opt;    /* optional arguments for commands */
-};
-
-struct cmdCommandLineOptStr {
-    char     c;      /* one-character alias for flag    */
-    char    *s;      /* string alias for flag           */
-    CMDArg   argUse; /* flag takes an argument          */
-    char    *arg;    /* argument given for flag         */
-    PRBool   on;     /* flag was issued at command-line */
-};
-
-typedef struct cmdCommandLineArgStr cmdCommandLineArg;
-typedef struct cmdCommandLineOptStr cmdCommandLineOpt;
-
-struct cmdCommandStr {
-    int ncmd;
-    int nopt;
-    cmdCommandLineArg *cmd;
-    cmdCommandLineOpt *opt;
-};
-
-typedef struct cmdCommandStr cmdCommand;
-
-int 
-CMD_ParseCommandLine(int argc, char **argv, char *progName, cmdCommand *cmd);
-
-typedef void 
-(* cmdUsageCallback)(cmdPrintState *, int, PRBool, PRBool, PRBool);
-
-#define CMDBIT(n) (1<<n)
-
-void 
-CMD_Usage(char *progName, cmdCommand *cmd);
-
-void 
-CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback use);
-
-void 
-CMD_PrintUsageString(cmdPrintState *ps, char *str);
-
-#endif /* _CMDUTIL_H_ */
deleted file mode 100644
--- a/security/nss/cmd/cmdlib/config.mk
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-#  Override TARGETS variable so that only static libraries
-#  are specifed as dependencies within rules.mk.
-#
-
-TARGETS        = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM        =
-
deleted file mode 100644
--- a/security/nss/cmd/cmdlib/manifest.mn
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH	= ../../..
-
-LIBRARY_NAME	= cmdutil
-
-# MODULE public and private header  directories are implicitly REQUIRED.
-MODULE		= seccmd
-
-DEFINES		= -DNSPR20
-
-EXPORTS		= cmdutil.h \
-		  $(NULL)
-
-CSRCS		= cmdline.c \
-		$(NULL)
-
-REQUIRES	= nss nspr dbm
-
deleted file mode 100644
--- a/security/nss/cmd/ilock/Makefile
+++ /dev/null
@@ -1,79 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-include ../platrules.mk
-
deleted file mode 100644
--- a/security/nss/cmd/ilock/ilock.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape Portable Runtime (NSPR).
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
-** File: ilock.c
-** Description:  ilock.c is a unit test for nssilock. ilock.c
-** tests the basic operation of nssilock. It should not be
-** considered a complete test suite.
-**
-** To check that logging works, before running this test,
-** define the following environment variables:
-** 
-**
-**
-**
-**
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <plgetopt.h> 
-#include <nspr.h>
-#include <nssilock.h>
-
-
-/*
-** Test harness infrastructure
-*/
-PRLogModuleInfo *lm;
-PRLogModuleLevel msgLevel = PR_LOG_NONE;
-PRIntn  debug = 0;
-PRUint32  failed_already = 0;
-/* end Test harness infrastructure */
-
-PRIntn optIterations = 1; /* default iterations  */
-
-PRIntn main(PRIntn argc, char *argv[])
-{
-    PRIntn i;
-    {
-        /*
-        ** Get command line options
-        */
-        PLOptStatus os;
-        PLOptState *opt = PL_CreateOptState(argc, argv, "hdvi:");
-
-	    while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
-        {
-		    if (PL_OPT_BAD == os) continue;
-            switch (opt->option)
-            {
-            case 'd':  /* debug */
-                debug = 1;
-			    msgLevel = PR_LOG_ERROR;
-                break;
-            case 'v':  /* verbose mode */
-			    msgLevel = PR_LOG_DEBUG;
-                break;
-            case 'i':  /* number of iterations */
-			    optIterations = atol( opt->value );
-                if ( 0 == optIterations ) optIterations = 1; /* coerce default on zero */
-                break;
-             default:
-                break;
-            }
-        }
-	    PL_DestroyOptState(opt);
-    }
-
-    for ( i = 0 ; i < optIterations ; i++ ) {
-        /* First, test Lock */ 
-        {
-            PZLock *pl;
-            PZMonitor *pm;
-            PZCondVar *cv;
-            PRStatus rc;
-
-            pl = PZ_NewLock( nssILockOther );
-            if ( NULL == pl )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-            PZ_Lock( pl );
-        
-            rc = PZ_Unlock( pl );
-            if ( PR_FAILURE == rc )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-            PZ_DestroyLock( pl );
-
-        /* now, test CVar */
-            /* re-create the lock we just destroyed */
-            pl = PZ_NewLock( nssILockOther );
-            if ( NULL == pl )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-
-            cv = PZ_NewCondVar( pl );
-            if ( NULL == cv ) {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-
-            PZ_Lock( pl );
-            rc = PZ_NotifyCondVar( cv );
-            if ( PR_FAILURE == rc ) {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-
-            rc = PZ_NotifyAllCondVar( cv );
-            if ( PR_FAILURE == rc ) {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-
-            rc = PZ_WaitCondVar( cv, PR_SecondsToInterval(1));
-            if ( PR_FAILURE == rc ) {
-                if ( PR_UNKNOWN_ERROR != PR_GetError())  {
-                    failed_already = PR_TRUE;
-                    goto Finished;
-                }
-            }
-            PZ_Unlock( pl );
-            PZ_DestroyCondVar( cv );
-
-        /* Now, test Monitor */
-            pm = PZ_NewMonitor( nssILockOther );
-            if ( NULL == pm )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-        
-            PZ_EnterMonitor( pm );
-
-            rc = PZ_Notify( pm );
-            if ( PR_FAILURE == rc )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-            rc = PZ_NotifyAll( pm );
-            if ( PR_FAILURE == rc )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-            rc = PZ_Wait( pm, PR_INTERVAL_NO_WAIT );
-            if ( PR_FAILURE == rc )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-            rc = PZ_ExitMonitor( pm );
-            if ( PR_FAILURE == rc )  {
-                failed_already = PR_TRUE;
-                goto Finished;
-            }
-            PZ_DestroyMonitor( pm );
-        }
-    } /* --- end for() --- */
-
-
-Finished:
-    if (debug) printf("%s\n", (failed_already)? "FAIL" : "PASS");
-    return( (failed_already == PR_TRUE )? 1 : 0 );
-}  /* main() */
-/* end ilock.c */
-
deleted file mode 100644
--- a/security/nss/cmd/ilock/manifest.mn
+++ /dev/null
@@ -1,48 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20
-
-# MODULE public and private header  directories are implicitly REQUIRED.
-MODULE = nss
-
-CSRCS = ilock.c
-
-PROGRAM = ilock 
-# PROGRAM = ./$(OBJDIR)/ilock.exe
-
deleted file mode 100644
--- a/security/nss/cmd/include/secnew.h
+++ /dev/null
@@ -1,166 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#ifndef __secnew_h_
-#define __secnew_h_
-
-#include <stdio.h>
-
-typedef struct BERTemplateStr BERTemplate;
-typedef struct BERParseStr BERParse;
-typedef struct SECArbStr SECArb;
-
-/*
- * An array of these structures define an encoding for an object using
- * DER. The array is terminated with an entry where kind == 0.
- */
-struct BERTemplateStr {
-    /* Kind of item to decode/encode */
-    unsigned long kind;
-
-    /*
-     * Offset from base of structure to SECItem that will hold
-     * decoded/encoded value.
-     */
-    unsigned short offset;
-
-    /*
-     * Used with DER_SET or DER_SEQUENCE. If not zero then points to a
-     * sub-template. The sub-template is filled in and completed before
-     * continuing on.
-     */
-    BERTemplate *sub;
-
-    /*
-     * Argument value, dependent on kind.  Size of structure to allocate
-     * when kind==DER_POINTER For Context-Specific Implicit types its the
-     * underlying type to use.
-     */
-    unsigned long arg;
-};
-
-/*
- * an arbitrary object
- */
-struct SECArbStr {
-    unsigned long tag;		/* NOTE: does not support high tag form */
-    unsigned long length;	/* as reported in stream */
-    union {
-	SECItem item;
-	struct {
-	   int numSubs;
-	   SECArb **subs;
-	} cons;
-    } body;
-};
-
-/*
- * Decode a piece of der encoded data.
- *      "dest" points to a structure that will be filled in with the
- *         decoding results.
- *      "t" is a template structure which defines the shape of the
- *         expected data.
- *      "src" is the ber encoded data.
- */
-
-extern SECStatus BER_Decode(PRArenaPool * arena, void *dest, BERTemplate *t,
-                           SECArb *arb);
-
-
-/*
- * Encode a data structure into DER.
- * 	"dest" will be filled in (and memory allocated) to hold the der
- * 	   encoded structure in "src"
- * 	"t" is a template structure which defines the shape of the
- * 	   stored data
- * 	"src" is a pointer to the structure that will be encoded
- */
-
-extern SECStatus BER_Encode(PRArenaPool *arena, SECItem *dest, BERTemplate *t,
-			   void *src);
-
-/*
- * Client provided function that will get called with all the bytes
- * passing through the parser
- */
-typedef void (*BERFilterProc)(void *instance, unsigned char *buf, int length);
-
-/*
- * Client provided function that can will be called after the tag and
- * length information has been collected. It can be set up to be called
- * either before or after the data has been colleced.
- */
-typedef void (*BERNotifyProc)(
-    void *instance, SECArb *arb, int depth, PRBool before);
-
-extern BERParse *BER_ParseInit(PRArenaPool *arena, PRBool forceDER);
-extern SECArb *BER_ParseFini(BERParse *h);
-extern SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len);
-
-extern void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance);
-extern void BER_SetLeafStorage(BERParse *h, PRBool keep);
-extern void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
-			      PRBool beforeData);
-
-/*
- * A BERUnparseProc is used as a callback to put the encoded SECArb tree
- * tree to some stream. It returns PR_TRUE if the unparsing is to be
- * aborted.
- */
-typedef SECStatus (*BERUnparseProc)(
-    void *instance, unsigned char *data, int length, SECArb* arb);
-
-/*
- * BER_Unparse walks the SECArb tree calling the BERUnparseProc with
- * various pieces. It returns SECFailure if there was an error during that
- * tree walk.
- */
-extern SECStatus BER_Unparse(SECArb *arb, BERUnparseProc proc, void *instance);
-
-/*
- * BER_ResolveLengths does a recursive walk through the tree generating
- * non-zero entries for the length field of each node. It will fail if it
- * discoveres a non-constructed node with a unknown length data field.
- * Leaves are supposed to be of known length.
- */
-extern SECStatus BER_ResolveLengths(SECArb *arb);
-
-/*
- * BER_PRettyPrintArb will write an ASCII version of the tree to the FILE
- * out.
- */
-extern SECStatus BER_PrettyPrintArb(FILE *out, SECArb* a);
-
-#endif /* __secnew_h_ */
deleted file mode 100644
--- a/security/nss/cmd/keyutil/Makefile
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-include ../platrules.mk
deleted file mode 100644
--- a/security/nss/cmd/keyutil/keyutil.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include <stdio.h>
-#include <string.h>
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#include <sys/time.h>
-#include <termios.h>
-#endif
-
-#include "secopt.h"
-
-#if defined(XP_WIN)
-#include <time.h>
-#include <conio.h>
-#endif
-
-#if defined(__sun) && !defined(SVR4)
-extern int fclose(FILE*);
-extern int fprintf(FILE *, char *, ...);
-extern int getopt(int, char**, char*);
-extern int isatty(int);
-extern char *optarg;
-extern char *sys_errlist[];
-#define strerror(errno) sys_errlist[errno]
-#endif
-
-#include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-
-static char *progName;
-
-static SECStatus
-ListKeys(SECKEYKeyDBHandle *handle, FILE *out)
-{
-    int rt;
-
-    rt = SECU_PrintKeyNames(handle, out);
-    if (rt) {
-	SECU_PrintError(progName, "unable to list nicknames");
-	return SECFailure;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-DumpPublicKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out)
-{
-    SECKEYLowPrivateKey *privKey;
-    SECKEYLowPublicKey *publicKey;
-
-    /* check if key actually exists */
-    if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
-	SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
-	return SECFailure;
-    }
-
-    /* Read in key */
-    privKey = SECU_GetPrivateKey(handle, nickname);
-    if (!privKey) {
-	return SECFailure;
-    }
-
-    publicKey = SECKEY_LowConvertToPublicKey(privKey);
-
-    /* Output public key (in the clear) */
-    switch(publicKey->keyType) {
-      case rsaKey:
-	fprintf(out, "RSA Public-Key:\n");
-	SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1);
-	SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent,
-			  "publicExponent", 1);
-	break;
-      case dsaKey:
-	fprintf(out, "DSA Public-Key:\n");
-	SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1);
-	SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime,
-			  "subPrime", 1);
-	SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1);
-	SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1);
-	break;
-      default:
-	fprintf(out, "unknown key type\n");
-	break;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-DumpPrivateKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out)
-{
-    SECKEYLowPrivateKey *key;
-
-    /* check if key actually exists */
-    if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
-	SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
-	return SECFailure;
-    }
-
-    /* Read in key */
-    key = SECU_GetPrivateKey(handle, nickname);
-    if (!key) {
-	SECU_PrintError(progName, "error retrieving key");
-	return SECFailure;
-    }
-
-    switch(key->keyType) {
-      case rsaKey:
-	fprintf(out, "RSA Private-Key:\n");
-	SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1);
-	SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1);
-	SECU_PrintInteger(out, &key->u.rsa.privateExponent,
-			  "privateExponent", 1);
-	SECU_PrintInteger(out, &key->u.rsa.prime1, "prime1", 1);
-	SECU_PrintInteger(out, &key->u.rsa.prime2, "prime2", 1);
-	SECU_PrintInteger(out, &key->u.rsa.exponent1, "exponent1", 1);
-	SECU_PrintInteger(out, &key->u.rsa.exponent2, "exponent2", 1);
-	SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1);
-	break;
-      case dsaKey:
-	fprintf(out, "DSA Private-Key:\n");
-	SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1);
-	SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1);
-	SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1);
-	SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1);
-	SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1);
-	break;
-      default:
-	fprintf(out, "unknown key type\n");
-	break;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-ChangePassword(SECKEYKeyDBHandle *handle)
-{
-    SECStatus rv;
-
-    /* Write out database with a new password */
-    rv = SECU_ChangeKeyDBPassword(handle, NULL);
-    if (rv) {
-	SECU_PrintError(progName, "unable to change key password");
-    }
-    return rv;
-}
-
-static SECStatus
-DeletePrivateKey (SECKEYKeyDBHandle *keyHandle, char *nickName)
-{
-    SECStatus rv;
-
-    rv = SECU_DeleteKeyByName (keyHandle, nickName);
-    if (rv != SECSuccess)
-	fprintf(stderr, "%s: problem deleting private key (%s)\n",
-		progName, SECU_Strerror(PR_GetError()));
-    return (rv);
-
-}
-
-
-static void
-Usage(const char *progName)
-{
-    fprintf(stderr,
-	    "Usage:  %s -p name [-d keydir]\n", progName);
-    fprintf(stderr,
-	    "        %s -P name [-d keydir]\n", progName);
-    fprintf(stderr,
-	    "        %s -D name [-d keydir]\n", progName);
-    fprintf(stderr,
-	    "        %s -l [-d keydir]\n", progName);
-    fprintf(stderr,
-	    "        %s -c [-d keydir]\n", progName);
-
-    fprintf(stderr, "%-20s Pretty print public key info for named key\n",
-	    "-p nickname");
-    fprintf(stderr, "%-20s Pretty print private key info for named key\n",
-	    "-P nickname");
-    fprintf(stderr, "%-20s Delete named private key from the key database\n",
-	    "-D nickname");
-    fprintf(stderr, "%-20s List the nicknames for the keys in a database\n",
-	    "-l");
-    fprintf(stderr, "%-20s Change the key database password\n",
-	    "-c");
-    fprintf(stderr, "\n");
-    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
-	    "-d keydir");
-
-    exit(-1);
-}
-
-int main(int argc, char **argv)
-{
-    int o, changePassword, deleteKey, dumpPublicKey, dumpPrivateKey, list;
-    char *nickname;
-    SECStatus rv;
-    SECKEYKeyDBHandle *keyHandle;
-
-    progName = strrchr(argv[0], '/');
-    progName = progName ? progName+1 : argv[0];
-
-    /* Parse command line arguments */
-    changePassword = deleteKey = dumpPublicKey = dumpPrivateKey = list = 0;
-    nickname = NULL;
-
-    while ((o = getopt(argc, argv, "ADP:cd:glp:")) != -1) {
-	switch (o) {
-	  case '?':
-	    Usage(progName);
-	    break;
-
-	  case 'A':
-	    fprintf(stderr, "%s: Can no longer add a key.", progName);
-	    fprintf(stderr, " Use pkcs12 to import a key.\n\n");
-	    Usage(progName);
-	    break;
-
-	  case 'D':
-	    deleteKey = 1;
-	    nickname = optarg;
-	    break;
-
-	  case 'P':
-	    dumpPrivateKey = 1;
-	    nickname = optarg;
-	    break;
-
-	  case 'c':
-	    changePassword = 1;
-	    break;
-
-	  case 'd':
-	    SECU_ConfigDirectory(optarg);
-	    break;
-
-	  case 'g':
-	    fprintf(stderr, "%s: Can no longer generate a key.", progName);
-	    fprintf(stderr, " Use certutil to generate a cert request.\n\n");
-	    Usage(progName);
-	    break;
-
-	  case 'l':
-	    list = 1;
-	    break;
-
-	  case 'p':
-	    dumpPublicKey = 1;
-	    nickname = optarg;
-	    break;
-	}
-    }
-
-    if (dumpPublicKey+changePassword+dumpPrivateKey+list+deleteKey != 1)
-	Usage(progName);
-
-    if ((list || changePassword) && nickname)
-	Usage(progName);
-
-    if ((dumpPublicKey || dumpPrivateKey || deleteKey) && !nickname)
-	Usage(progName);
-
-
-    /* Call the libsec initialization routines */
-    PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    SEC_Init();
-
-    /*
-     * XXX Note that the following opens the key database writable.
-     * If dumpPublicKey or dumpPrivateKey or list, though, we only want
-     * to open it read-only.  There needs to be a better interface
-     * to the initialization routines so that we can specify which way
-     * to open it.
-     */
-    rv = SECU_PKCS11Init();
-    if (rv != SECSuccess) {
-        SECU_PrintError(progName, "SECU_PKCS11Init failed");
-	return -1;
-    }
-
-    keyHandle = SECKEY_GetDefaultKeyDB();
-    if (keyHandle == NULL) {
-        SECU_PrintError(progName, "could not open key database");
-	return -1;
-    }
-
-    SECU_RegisterDynamicOids();
-    if (dumpPublicKey) {
-	rv = DumpPublicKey(keyHandle, nickname, stdout);
-    } else
-    if (changePassword) {
-	rv = ChangePassword(keyHandle);
-    } else
-    if (dumpPrivateKey) {
-	rv = DumpPrivateKey(keyHandle, nickname, stdout);
-    } else
-    if (list) {
-	rv = ListKeys(keyHandle, stdout);
-    } else
-    if (deleteKey) {
-	rv = DeletePrivateKey(keyHandle, nickname);
-    }
-
-    
-    return rv ? -1 : 0;
-}
deleted file mode 100644
--- a/security/nss/cmd/keyutil/manifest.mn
+++ /dev/null
@@ -1,54 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20
-
-# MODULE public and private header  directories are implicitly REQUIRED.
-MODULE = nss
-
-CSRCS = \
-	keyutil.c \
-	$(NULL)
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-
-PROGRAM = keyutil
deleted file mode 100644
--- a/security/nss/cmd/pkiutil/Makefile
+++ /dev/null
@@ -1,80 +0,0 @@
-#! gmake
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-include ../platrules.mk
- 
deleted file mode 100644
--- a/security/nss/cmd/pkiutil/manifest.mn
+++ /dev/null
@@ -1,51 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header  directories are implicitly REQUIRED.
-MODULE = nss 
-
-CSRCS = \
-	pkiutil.c \
-	$(NULL)
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = dbm seccmd
-
-PROGRAM = pkiutil
deleted file mode 100644
--- a/security/nss/cmd/pkiutil/pkiutil.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-#include "nss.h"
-#include "cmdutil.h"
-#include "nsspki.h"
-/* hmmm...*/
-#include "pki.h"
-
-#define PKIUTIL_VERSION_STRING "pkiutil version 0.1"
-
-char *progName = NULL;
-
-typedef struct {
-    PRBool      raw;
-    PRBool      ascii;
-    char       *name;
-    PRFileDesc *file;
-} objOutputMode;
-
-typedef enum {
-    PKIUnknown = -1,
-    PKICertificate,
-    PKIPublicKey,
-    PKIPrivateKey,
-    PKIAny
-} PKIObjectType;
-
-static PKIObjectType
-get_object_class(char *type)
-{
-    if (strcmp(type, "certificate") == 0 || strcmp(type, "cert") == 0 ||
-        strcmp(type, "Certificate") == 0 || strcmp(type, "Cert") == 0) {
-	return PKICertificate;
-    } else if (strcmp(type, "public_key") == 0 || 
-               strcmp(type, "PublicKey") == 0) {
-	return PKIPublicKey;
-    } else if (strcmp(type, "private_key") == 0 || 
-               strcmp(type, "PrivateKey") == 0) {
-	return PKIPrivateKey;
-    } else if (strcmp(type, "all") == 0 || strcmp(type, "any") == 0) {
-	return PKIAny;
-    }
-    fprintf(stderr, "%s: \"%s\" is not a valid PKCS#11 object type.\n",
-                     progName, type);
-    return PKIUnknown;
-}
-
-static PRStatus
-print_cert_callback(NSSCertificate *c, void *arg)
-{
-    int i;
-    NSSUTF8 *label;
-    NSSItem *id;
-    label = NSSCertificate_GetLabel(c);
-    printf("%s\n", label);
-    nss_ZFreeIf((void*)label);
-#if 0
-    id = NSSCertificate_GetID(c);
-    for (i=0; i<id->size; i++) {
-	printf("%c", ((char *)id->data)[i]);
-    }
-    printf("\n");
-#endif
-    return PR_SUCCESS;
-}
-
-/*  pkiutil commands  */
-enum {
-    cmd_Add = 0,
-    cmd_Dump,
-    cmd_List,
-    cmd_Version,
-    pkiutil_num_commands
-};
-
-/*  pkiutil options */
-enum {
-    opt_Help = 0,
-    opt_Ascii,
-    opt_ProfileDir,
-    opt_TokenName,
-    opt_InputFile,
-    opt_Nickname,
-    opt_OutputFile,
-    opt_Binary,
-    opt_Trust,
-    opt_Type,
-    pkiutil_num_options
-};
-
-static cmdCommandLineArg pkiutil_commands[] =
-{
- { /* cmd_Add         */  'A', "add", CMDNoArg, 0, PR_FALSE, 
-                           CMDBIT(opt_Nickname) | CMDBIT(opt_Trust), 
-                           CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) 
-                           | CMDBIT(opt_TokenName) | CMDBIT(opt_InputFile) 
-                           | CMDBIT(opt_Binary) | CMDBIT(opt_Type) },
- { /* cmd_Dump        */   0 , "dump", CMDNoArg, 0, PR_FALSE,
-                           CMDBIT(opt_Nickname),
-                           CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) 
-                           | CMDBIT(opt_TokenName) | CMDBIT(opt_Binary)
-                           | CMDBIT(opt_Type) },
- { /* cmd_List        */  'L', "list", CMDNoArg, 0, PR_FALSE, 0, 
-                           CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) 
-                           | CMDBIT(opt_TokenName) | CMDBIT(opt_Binary)
-                           | CMDBIT(opt_Nickname) | CMDBIT(opt_Type) },
- { /* cmd_Version     */  'Y', "version", CMDNoArg, 0, PR_FALSE, 0, 0 }
-};
-
-static cmdCommandLineOpt pkiutil_options[] =
-{
- { /* opt_Help        */  '?', "help",     CMDNoArg,   0, PR_FALSE },
- { /* opt_Ascii       */  'a', "ascii",    CMDNoArg,   0, PR_FALSE },
- { /* opt_ProfileDir  */  'd', "dbdir",    CMDArgReq,  0, PR_FALSE },
- { /* opt_TokenName   */  'h', "token",    CMDArgReq,  0, PR_FALSE },
- { /* opt_InputFile   */  'i', "infile",   CMDArgReq,  0, PR_FALSE },
- { /* opt_Nickname    */  'n', "nickname", CMDArgReq,  0, PR_FALSE },
- { /* opt_OutputFile  */  'o', "outfile",  CMDArgReq,  0, PR_FALSE },
- { /* opt_Binary      */  'r', "raw",      CMDNoArg,   0, PR_FALSE },
- { /* opt_Trust       */  't', "trust",    CMDArgReq,  0, PR_FALSE },
- { /* opt_Type        */   0 , "type",     CMDArgReq,  0, PR_FALSE }
-};
-
-void pkiutil_usage(cmdPrintState *ps, 
-                   int num, PRBool cmd, PRBool header, PRBool footer)
-{
-#define pusg CMD_PrintUsageString
-    if (header) {
-	pusg(ps, "utility for managing PKCS#11 objects (certs and keys)\n");
-    } else if (footer) {
-	/*
-	printf("certificate trust can be:\n");
-	printf(" p - valid peer, P - trusted peer (implies p)\n");
-	printf(" c - valid CA\n");
-	printf("  T - trusted CA to issue client certs (implies c)\n");
-	printf("  C - trusted CA to issue server certs (implies c)\n");
-	printf(" u - user cert\n");
-	printf(" w - send warning\n");
-	*/
-    } else if (cmd) {
-	switch(num) {
-	case cmd_Add:     
-	    pusg(ps, "Add an object to the token"); break;
-	case cmd_Dump:
-	    pusg(ps, "Dump a single object"); break;
-	case cmd_List:    
-	    pusg(ps, "List objects on the token (-n for single object)"); break;
-	case cmd_Version: 
-	    pusg(ps, "Report version"); break;
-	default:
-	    pusg(ps, "Unrecognized command"); break;
-	}
-    } else {
-	switch(num) {
-	case opt_Ascii:      
-	    pusg(ps, "Use ascii (base-64 encoded) mode for I/O"); break;
-	case opt_ProfileDir:    
-	    pusg(ps, "Directory containing security databases (def: \".\")"); 
-	    break;
-	case opt_TokenName:  
-	    pusg(ps, "Name of PKCS#11 token to use (def: internal)"); break;
-	case opt_InputFile:  
-	    pusg(ps, "File for input (def: stdin)"); break;
-	case opt_Nickname:   
-	    pusg(ps, "Nickname of object"); break;
-	case opt_OutputFile: 
-	    pusg(ps, "File for output (def: stdout)"); break;
-	case opt_Binary:    
-	    pusg(ps, "Use raw (binary der-encoded) mode for I/O"); break;
-	case opt_Trust:      
-	    pusg(ps, "Trust level for certificate"); break;
-	case opt_Help: break;
-	default:
-	    pusg(ps, "Unrecognized option");
-	}
-    }
-}
-
-int 
-main(int argc, char **argv)
-{
-    PRFileDesc     *infile        = NULL;
-    PRFileDesc     *outfile       = NULL;
-    char           *profiledir       = "./";
-#if 0
-    secuPWData      pwdata        = { PW_NONE, 0 };
-#endif
-    int             objclass      = 3; /* ANY */
-    NSSTrustDomain *root_cert_td  = NULL;
-    char           *rootpath      = NULL;
-    char            builtin_name[]= "libnssckbi.so"; /* temporary hardcode */
-    PRStatus        rv            = PR_SUCCESS;
-
-    int cmdToRun;
-    cmdCommand pkiutil;
-    pkiutil.ncmd = pkiutil_num_commands;
-    pkiutil.nopt = pkiutil_num_options;
-    pkiutil.cmd = pkiutil_commands;
-    pkiutil.opt = pkiutil_options;
-
-    progName = strrchr(argv[0], '/');
-    progName = progName ? progName+1 : argv[0];
-
-    cmdToRun = CMD_ParseCommandLine(argc, argv, progName, &pkiutil);
-
-#if 0
-    { int i, nc;
-    for (i=0; i<pkiutil.ncmd; i++)
-	printf("%s: %s <%s>\n", pkiutil.cmd[i].s, 
-	                        (pkiutil.cmd[i].on) ? "on" : "off",
-				pkiutil.cmd[i].arg);
-    for (i=0; i<pkiutil.nopt; i++)
-	printf("%s: %s <%s>\n", pkiutil.opt[i].s, 
-	                        (pkiutil.opt[i].on) ? "on" : "off",
-				pkiutil.opt[i].arg);
-    }
-#endif
-
-    if (pkiutil.opt[opt_Help].on)
-	CMD_LongUsage(progName, &pkiutil, pkiutil_usage);
-
-    if (cmdToRun < 0)
-	CMD_Usage(progName, &pkiutil);
-
-    /* -d */
-    if (pkiutil.opt[opt_ProfileDir].on) {
-	profiledir = strdup(pkiutil.opt[opt_ProfileDir].arg);
-    }
-
-    /* -i */
-    if (pkiutil.opt[opt_InputFile].on) {
-	char *fn = pkiutil.opt[opt_InputFile].arg;
-	infile = PR_Open(fn, PR_RDONLY, 0660);
-    } else {
-	infile = PR_STDIN;
-    }
-
-    /* -o */
-    if (pkiutil.opt[opt_OutputFile].on) {
-	char *fn = pkiutil.opt[opt_OutputFile].arg;
-	outfile = PR_Open(fn, PR_WRONLY | PR_CREATE_FILE, 0660);
-    } else {
-	outfile = PR_STDOUT;
-    }
-
-    /* --type can be found on many options */
-    if (pkiutil.opt[opt_Type].on)
-	objclass = get_object_class(pkiutil.opt[opt_Type].arg);
-    else if (cmdToRun == cmd_Dump && pkiutil.cmd[cmd_Dump].arg)
-	objclass = get_object_class(pkiutil.cmd[cmd_Dump].arg);
-    else if (cmdToRun == cmd_List && pkiutil.cmd[cmd_List].arg)
-	objclass = get_object_class(pkiutil.cmd[cmd_List].arg);
-    else if (cmdToRun == cmd_Add && pkiutil.cmd[cmd_Add].arg)
-	objclass = get_object_class(pkiutil.cmd[cmd_Add].arg);
-    if (objclass < 0)
-	goto done;
-
-    /* --print is an alias for --list --nickname */
-    if (cmdToRun == cmd_Dump) cmdToRun = cmd_List;
-
-    /* if list has raw | ascii must have -n.  can't have both raw and ascii */
-    if (pkiutil.opt[opt_Binary].on || pkiutil.opt[opt_Ascii].on) {
-	if (cmdToRun == cmd_List && !pkiutil.opt[opt_Nickname].on) {
-	    fprintf(stderr, "%s: specify a object to output with -n\n", 
-	                     progName);
-	    CMD_LongUsage(progName, &pkiutil, pkiutil_usage);
-	}
-    }
-
-    /* initialize */
-    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    /* NSS_InitReadWrite(profiledir); */
-    NSS_NoDB_Init(NULL);
-
-    /* Display version info and exit */
-    if (cmdToRun == cmd_Version) {
-	printf("%s\nNSS Version %s\n", PKIUTIL_VERSION_STRING, NSS_VERSION);
-	goto done;
-    }
-
-    /* XXX okay - bootstrap stan by loading the root cert module for testing */
-    root_cert_td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL);
-    {
-	int rootpathlen = strlen(profiledir) + strlen(builtin_name) + 1;
-	rootpath = (char *)malloc(rootpathlen);
-	memcpy(rootpath, profiledir, strlen(profiledir));
-	memcpy(rootpath + strlen(profiledir), 
-               builtin_name, strlen(builtin_name));
-	rootpath[rootpathlen - 1] = '\0';
-    }
-    NSSTrustDomain_LoadModule(root_cert_td, "Builtin Root Module", rootpath, 
-                              NULL, NULL);
-
-    printf("\n");
-    if (pkiutil.opt[opt_Nickname].on) {
-	int i;
-	NSSCertificate **certs;
-	NSSCertificate *cert;
-	certs = NSSTrustDomain_FindCertificatesByNickname(root_cert_td,
-			pkiutil.opt[opt_Nickname].arg, NULL, 0, NULL);
-	i = 0;
-	while ((cert = certs[i++]) != NULL) {
-	    printf("Found cert:\n");
-	    print_cert_callback(cert, NULL);
-	}
-    } else {
-        NSSTrustDomain_TraverseCertificates(root_cert_td, print_cert_callback, 0);
-    }
-
-    NSSTrustDomain_Destroy(root_cert_td);
-
-    /* List token objects */
-    if (cmdToRun == cmd_List)  {
-#if 0
-	rv = list_token_objects(slot, objclass, 
-	                        pkiutil.opt[opt_Nickname].arg,
-	                        pkiutil.opt[opt_Binary].on,
-	                        pkiutil.opt[opt_Ascii].on,
-	                        outfile, &pwdata);
-#endif
-	goto done;
-    }
-
-#if 0
-    /* Import an object into the token. */
-    if (cmdToRun == cmd_Add) {
-	rv = add_object_to_token(slot, object);
-	goto done;
-    }
-#endif
-
-done:
-    if (NSS_Shutdown() != SECSuccess) {
-	exit(1);
-    }
-
-    return rv;
-}
deleted file mode 100644
--- a/security/nss/cmd/pkiutil/platlibs.mk
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-EXTRA_LIBS += \
-	$(DIST)/lib/libcmdutil.$(LIB_SUFFIX) \
-	$(NULL)
-
-ifeq ($(OS_ARCH), AIX) 
-EXTRA_SHARED_LIBS += -brtl 
-endif
-
-# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
-# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib/ \
-	-lnsspki3 \
-	-lnss3 \
-	-lplc4 \
-	-lplds4 \
-	-lnspr4 \
-	$(NULL)
-
deleted file mode 100644
--- a/security/nss/cmd/sslstrength/Makefile
+++ /dev/null
@@ -1,86 +0,0 @@
-#! gmake
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../platlibs.mk
-
-ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET)))  # omits WINCE
-ifndef BUILD_OPT
-LDFLAGS   +=  /subsystem:console /profile /debug /machine:I386 /incremental:no
-OS_CFLAGS += -D_CONSOLE
-endif
-endif
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-#include ../platlibs.mk
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-include ../platrules.mk
-
deleted file mode 100644
--- a/security/nss/cmd/sslstrength/manifest.mn
+++ /dev/null
@@ -1,54 +0,0 @@
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-CORE_DEPTH = ../../..
-
-MODULE = nss
-
-EXPORTS = 
-
-CSRCS = sslstrength.c	\
-	$(NULL)
-
-PROGRAM =  sslstrength
-
-REQUIRES = dbm seccmd
-
-DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
-
-PACKAGE_FILES = sslstrength
-
-ARCHIVE_NAME = sslstrength
deleted file mode 100644
--- a/security/nss/cmd/sslstrength/sslstr.cgi
+++ /dev/null
@@ -1,300 +0,0 @@
-#!/usr/bin/perl
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-
-use CGI qw(:standard);
-
-
-
-# Replace this will the full path to the sslstrength executable.
-$sslstrength = "./sslstrength";
-
-
-# Replace this with the name of this CGI.
-
-$sslcgi = "sslstr.cgi";
-
-
-$query = new CGI;
-
-print header;
-
-print "<HTML><HEAD>
-<SCRIPT language='javascript'>
-
-function doexport(form) {
-    form.ssl2ciphers.options[0].selected=0;
-    form.ssl2ciphers.options[1].selected=0;
-    form.ssl2ciphers.options[2].selected=0;
-    form.ssl2ciphers.options[3].selected=0;
-    form.ssl2ciphers.options[4].selected=1;
-    form.ssl2ciphers.options[5].selected=1;
-
-    form.ssl3ciphers.options[0].selected=1;
-    form.ssl3ciphers.options[1].selected=1;
-    form.ssl3ciphers.options[2].selected=0;
-    form.ssl3ciphers.options[3].selected=1;
-    form.ssl3ciphers.options[4].selected=1;
-    form.ssl3ciphers.options[5].selected=1;
-    form.ssl3ciphers.options[6].selected=0;
-    form.ssl3ciphers.options[7].selected=0;
-
-
-}
-
-function dodomestic(form) {
-    form.ssl2ciphers.options[0].selected=1;
-    form.ssl2ciphers.options[1].selected=1;
-    form.ssl2ciphers.options[2].selected=1;
-    form.ssl2ciphers.options[3].selected=1;
-    form.ssl2ciphers.options[4].selected=1;
-    form.ssl2ciphers.options[5].selected=1;
-
-    form.ssl3ciphers.options[0].selected=1;
-    form.ssl3ciphers.options[1].selected=1;
-    form.ssl3ciphers.options[2].selected=1;
-    form.ssl3ciphers.options[3].selected=1;
-    form.ssl3ciphers.options[4].selected=1;
-    form.ssl3ciphers.options[5].selected=1;
-    form.ssl3ciphers.options[6].selected=1;
-    form.ssl3ciphers.options[7].selected=1;
-
-}
-
-function doclearssl2(form) {
-    form.ssl2ciphers.options[0].selected=0;
-    form.ssl2ciphers.options[1].selected=0;
-    form.ssl2ciphers.options[2].selected=0;
-    form.ssl2ciphers.options[3].selected=0;
-    form.ssl2ciphers.options[4].selected=0;
-    form.ssl2ciphers.options[5].selected=0;
-}
-
-
-function doclearssl3(form) {
-    form.ssl3ciphers.options[0].selected=0;
-    form.ssl3ciphers.options[1].selected=0;
-    form.ssl3ciphers.options[2].selected=0;
-    form.ssl3ciphers.options[3].selected=0;
-    form.ssl3ciphers.options[4].selected=0;
-    form.ssl3ciphers.options[5].selected=0;
-    form.ssl3ciphers.options[6].selected=0;
-    form.ssl3ciphers.options[7].selected=0;
-
-}
-
-function dohost(form,hostname) {
-    form.host.value=hostname;
-    }
-
-
-
-</SCRIPT>
-<TITLE>\n";
-print "SSLStrength\n";
-print "</TITLE></HEAD>\n";
-
-print "<h1>SSLStrength</h1>\n";
-
-if ($query->param('dotest')) {
-    print "Output from sslstrength: \n";
-    print "<pre>\n";
-
-    $cs = "";
-    
-    @ssl2ciphers = $query->param('ssl2ciphers');
-    for $cipher (@ssl2ciphers) {
-	if ($cipher eq "SSL_EN_RC2_128_WITH_MD5")              { $cs .= "a"; }
-	if ($cipher eq "SSL_EN_RC2_128_CBC_WITH_MD5")          { $cs .= "b"; }
-	if ($cipher eq "SSL_EN_DES_192_EDE3_CBC_WITH_MD5")     { $cs .= "c"; }
-	if ($cipher eq "SSL_EN_DES_64_CBC_WITH_MD5")           { $cs .= "d"; }
-	if ($cipher eq "SSL_EN_RC4_128_EXPORT40_WITH_MD5")     { $cs .= "e"; }
-	if ($cipher eq "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5") { $cs .= "f"; }
-    }
-
-    @ssl3ciphers = $query->param('ssl3ciphers');
-    for $cipher (@ssl3ciphers) {
-	if ($cipher eq "SSL_RSA_WITH_RC4_128_MD5")           { $cs .= "i"; }
-	if ($cipher eq "SSL_RSA_WITH_3DES_EDE_CBC_SHA")      { $cs .= "j"; }
-	if ($cipher eq "SSL_RSA_WITH_DES_CBC_SHA")           { $cs .= "k"; }
-	if ($cipher eq "SSL_RSA_EXPORT_WITH_RC4_40_MD5")     { $cs .= "l"; }
-	if ($cipher eq "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5") { $cs .= "m"; }
-	if ($cipher eq "SSL_RSA_WITH_NULL_MD5")              { $cs .= "o"; }
-	if ($cipher eq "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA") { $cs .= "p"; }
-	if ($cipher eq "SSL_RSA_FIPS_WITH_DES_CBC_SHA")      { $cs .= "q"; }
-    }
-
-    $hs = $query->param('host');
-    if ($hs eq "") {
-	print "</pre>You must specify a host to connect to.<br><br>\n";
-	exit(0);
-    }
-
-    $ps = $query->param('policy');
-    
-    $cmdstring = "$sslstrength $hs policy=$ps ciphers=$cs";
-
-    print "running sslstrength:\n";
-    print "$cmdstring\n";
-
-    $r = open(SSLS, "$cmdstring |");
-    if ($r == 0) {
-	print "<pre>There was a problem starting $cmdstring<br><br>\n";
-	exit(0);
-    }
-    while (<SSLS>) {
-	print "$_";
-    }
-    close(SSLS);
-
-
-    print "</pre>\n";
-   
-}
-
-else {
-print "<FORM method=post action=$sslcgi>\n";
-print "<hr>
-<h2>Host Name</h2>
-<TABLE BORDER=0 CELLPADDING=20>
-<TR>
-<TD>
-Type hostname here:<br>
-<input type=text name=host size=30>&nbsp;<br><br>
-<TD>
- <b>Or click these buttons to test some well-known servers</b><br>
- <TABLE BORDER=0>
- <TR>
- <TD>
- Export servers:
- <TD>
- <input type=button value='F-Tech' onclick=dohost(this.form,'strongbox.ftech.net')>
- </TR>
- <TR>
- <TD>
- Domestic servers:
- <TD>
- <input type=button value='Wells Fargo' onclick=dohost(this.form,'banking.wellsfargo.com')>
- </TR>
- <TR>
- <TD>
- Step-Up Servers
- <TD>
- <input type=button value='Barclaycard' onclick=dohost(this.form,'enigma.barclaycard.co.uk')>
- <input type=button value='BBVnet' onclick=dohost(this.form,'www.bbvnet.com')>&nbsp;
- <input type=button value='BHIF' onclick=dohost(this.form,'empresas.bhif.cl')>&nbsp;
- </TR>
- </TABLE>
-</TR>
-</TABLE>
-<br>
-<hr>
-<br>
-<h2>Encryption policy</h2>
-<input type=radio name=policy VALUE=export            onclick=doexport(this.form)>&nbsp;
-Export<br>
-<input type=radio name=policy VALUE=domestic CHECKED  onclick=dodomestic(this.form)>&nbsp;
-Domestic<br>
-<br>
-<hr>
-<br>
-<h2>Cipher Selection</h2>
-(use ctrl to multi-select)<br>
-<table>
-<tr>
-<td>SSL 2 Ciphers
-<td>
-<SELECT NAME=ssl2ciphers SIZE=6 MULTIPLE align=bottom>
-<OPTION SELECTED>SSL_EN_RC4_128_WITH_MD5
-<OPTION SELECTED>SSL_EN_RC2_128_CBC_WITH_MD5
-<OPTION SELECTED>SSL_EN_DES_192_EDE3_CBC_WITH_MD5
-<OPTION SELECTED>SSL_EN_DES_64_CBC_WITH_MD5
-<OPTION SELECTED>SSL_EN_RC4_128_EXPORT40_WITH_MD5
-<OPTION SELECTED>SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5
-</SELECT>
-<input type=button Value='Clear all' onclick = 'doclearssl2(this.form)'>
-</tr>
-<tr>
-<td>SSL3 Ciphers
-<td>
-<SELECT NAME=ssl3ciphers SIZE=8 MULTIPLE>
-<OPTION SELECTED>SSL_RSA_WITH_RC4_128_MD5
-<OPTION SELECTED>SSL_RSA_WITH_3DES_EDE_CBC_SHA
-<OPTION SELECTED>SSL_RSA_WITH_DES_CBC_SHA
-<OPTION SELECTED>SSL_RSA_EXPORT_WITH_RC4_40_MD5
-<OPTION SELECTED>SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
-<OPTION SELECTED>SSL_RSA_WITH_NULL_MD5
-<OPTION SELECTED>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
-<OPTION SELECTED>SSL_RSA_FIPS_WITH_DES_CBC_SHA
-</SELECT>
-<input type=button value='Clear all' onclick = 'doclearssl3(this.form)'>
-
-<TD>
-<input type=submit name=dotest value='Run SSLStrength'>
-</tr>
-</table>
-<input type=hidden name=dotest>
-<br>
-<br>
-</form>
-\n";
-
-}
-
-
-exit(0);
-
-
-__END__
-
- id    CipherName                                     Domestic     Export      
- a     SSL_EN_RC4_128_WITH_MD5              (ssl2)    Yes          No          
- b     SSL_EN_RC2_128_CBC_WITH_MD5          (ssl2)    Yes          No          
- c     SSL_EN_DES_192_EDE3_CBC_WITH_MD5     (ssl2)    Yes          No          
- d     SSL_EN_DES_64_CBC_WITH_MD5           (ssl2)    Yes          No          
- e     SSL_EN_RC4_128_EXPORT40_WITH_MD5     (ssl2)    Yes          Yes         
- f     SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2)    Yes          Yes         
- i     SSL_RSA_WITH_RC4_128_MD5             (ssl3)    Yes          Step-up only
- j     SSL_RSA_WITH_3DES_EDE_CBC_SHA        (ssl3)    Yes          Step-up only
- k     SSL_RSA_WITH_DES_CBC_SHA             (ssl3)    Yes          No          
- l     SSL_RSA_EXPORT_WITH_RC4_40_MD5       (ssl3)    Yes          Yes         
- m     SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5   (ssl3)    Yes          Yes         
- o     SSL_RSA_WITH_NULL_MD5                (ssl3)    Yes          Yes         
-
-
-
deleted file mode 100644
--- a/security/nss/cmd/sslstrength/sslstrength.c
+++ /dev/null
@@ -1,625 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifdef SSLTELNET
-#include <termios.h>
-#endif
-
-/* Portable layer header files */
-#include "prinit.h"
-#include "prprf.h"
-#include "prsystem.h"
-#include "prmem.h"
-#include "plstr.h"
-#include "prnetdb.h"
-#include "prinrval.h"
-
-#include "secutil.h"
-
-/* Security library files */
-#include "cert.h"
-#include "ssl.h"
-#include "sslproto.h"
-#include "secmod.h"
-#include "nss.h"
-
-/* define this if you want telnet capability! */
-
-/* #define SSLTELNET 1 */
-
-PRInt32 debug;
-
-#ifdef DEBUG_stevep
-#define dbmsg(x) if (verbose) PR_fprintf(PR_STDOUT,x);
-#else
-#define dbmsg(x) ;
-#endif
-
-
-/* Set SSL Policy to Domestic (strong=1) or Export (strong=0) */
-
-#define ALLOW(x) SSL_CipherPolicySet(x,SSL_ALLOWED); SSL_CipherPrefSetDefault(x,1);
-#define DISALLOW(x) SSL_CipherPolicySet(x,SSL_NOT_ALLOWED); SSL_CipherPrefSetDefault(x,0);
-#define MAYBEALLOW(x) SSL_CipherPolicySet(x,SSL_RESTRICTED); SSL_CipherPrefSetDefault(x,1);
-
-struct CipherPolicy {
-  char number;
-  long id;
-  char *name;
-  PRInt32 pref;
-  PRInt32 domestic;
-  PRInt32 export;
-};
-
-struct CipherPolicy ciphers[] = {
-  { 'a',SSL_EN_RC4_128_WITH_MD5,              "SSL_EN_RC4_128_WITH_MD5              (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-  { 'b',SSL_EN_RC2_128_CBC_WITH_MD5,          "SSL_EN_RC2_128_CBC_WITH_MD5          (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },  
-  { 'c',SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     "SSL_EN_DES_192_EDE3_CBC_WITH_MD5     (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-  { 'd',SSL_EN_DES_64_CBC_WITH_MD5,           "SSL_EN_DES_64_CBC_WITH_MD5           (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-  { 'e',SSL_EN_RC4_128_EXPORT40_WITH_MD5,     "SSL_EN_RC4_128_EXPORT40_WITH_MD5     (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
-  { 'f',SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
-#ifdef FORTEZZA
-  { 'g',SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",1,SSL_ALLOWED,SSL_NOT_ALLOWED },
-  { 'h',SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, "SSL_FORTEZZA_DMS_WITH_RC4_128_SHA",1,          SSL_ALLOWED,SSL_NOT_ALLOWED },
-#endif
-  { 'i',SSL_RSA_WITH_RC4_128_MD5,             "SSL_RSA_WITH_RC4_128_MD5             (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
-  { 'j',SSL_RSA_WITH_3DES_EDE_CBC_SHA,        "SSL_RSA_WITH_3DES_EDE_CBC_SHA        (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
-  { 'k',SSL_RSA_WITH_DES_CBC_SHA,             "SSL_RSA_WITH_DES_CBC_SHA             (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-  { 'l',SSL_RSA_EXPORT_WITH_RC4_40_MD5,       "SSL_RSA_EXPORT_WITH_RC4_40_MD5       (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
-  { 'm',SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,   "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5   (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
-#ifdef FORTEZZA
-  { 'n',SSL_FORTEZZA_DMS_WITH_NULL_SHA, "SSL_FORTEZZA_DMS_WITH_NULL_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-#endif
-  { 'o',SSL_RSA_WITH_NULL_MD5,                "SSL_RSA_WITH_NULL_MD5                (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
-  { 'p',SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,   "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA   (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-  { 'q',SSL_RSA_FIPS_WITH_DES_CBC_SHA,        "SSL_RSA_FIPS_WITH_DES_CBC_SHA        (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }
-
-};
-
-void PrintErrString(char *progName,char *msg) {
-  
-  PRErrorCode e = PORT_GetError();
-  char *s=NULL;
-
-
-  if ((e >= PR_NSPR_ERROR_BASE) && (e < PR_MAX_ERROR)) {
-    
-    if (e == PR_DIRECTORY_LOOKUP_ERROR) 
-      s = PL_strdup("Hostname Lookup Failed");
-    else if (e == PR_NETWORK_UNREACHABLE_ERROR)
-      s = PL_strdup("Network Unreachable");
-    else if (e == PR_CONNECT_TIMEOUT_ERROR)
-      s = PL_strdup("Connection Timed Out");
-    else s = PR_smprintf("%d",e);
-
-    if (!s) return;
-  }
-  else {
-    s = PL_strdup(SECU_ErrorString(e));
-  }
-    
-  PR_fprintf(PR_STDOUT,"%s: ",progName);
-  if (s) {
-    if (*s) 
-      PR_fprintf(PR_STDOUT, "%s\n", s);
-    else
-      PR_fprintf(PR_STDOUT, "\n");
-    
-    PR_Free(s);
-  }
-  
-}
-
-void PrintCiphers(int onlyenabled) {
-  int ciphercount,i;
-  
-  if (onlyenabled) {
-    PR_fprintf(PR_STDOUT,"Your Cipher preference:\n");
-  }
-
-  ciphercount = sizeof(ciphers)/sizeof(struct CipherPolicy);
-    PR_fprintf(PR_STDOUT,
-	       " %s    %-45s  %-12s %-12s\n","id","CipherName","Domestic","Export");
-
-  for (i=0;i<ciphercount;i++) {
-    if ( (onlyenabled ==0) || ((onlyenabled==1)&&(ciphers[i].pref))) {
-      PR_fprintf(PR_STDOUT,
-		 " %c     %-45s  %-12s %-12s\n",ciphers[i].number,ciphers[i].name,
-		 (ciphers[i].domestic==SSL_ALLOWED)?"Yes":
-		 ( (ciphers[i].domestic==SSL_NOT_ALLOWED)?"No":"Step-up only"),
-		 (ciphers[i].export==SSL_ALLOWED)?"Yes":
-		 ( (ciphers[i].export==SSL_NOT_ALLOWED)?"No":"Step-up only"));
-	}
-  }
-}
-
-
-void SetPolicy(char *c,int policy) {  /* policy==1 : domestic,   policy==0, export */
-  int i,j,cpolicy;
-  /* first, enable all relevant ciphers according to policy */
-  for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) {
-    SSL_CipherPolicySet(ciphers[j].id,policy?ciphers[j].domestic:ciphers[j].export);
-    SSL_CipherPrefSetDefault(ciphers[j].id, PR_FALSE);
-    ciphers[j].pref =0;
-  }
-  
-
-  for (i=0;i<(int)PL_strlen(c);i++) {
-    for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) {
-      if (ciphers[j].number == c[i]) {
-	cpolicy = policy?ciphers[j].domestic:ciphers[j].export;
-	if (cpolicy == SSL_NOT_ALLOWED) {
-	  PR_fprintf(PR_STDOUT, "You're trying to enable a cipher (%c:%s) outside of your policy. ignored\n",
-		     c[i],ciphers[j].name);
-	}
-	else {
-	  ciphers[j].pref=1;
-	  SSL_CipherPrefSetDefault(ciphers[j].id, PR_TRUE);
-	}
-      }
-    }
-  }
-}
-
-
-int MyAuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checksig, PRBool isserver) {
-  return SECSuccess;
-}
-
-
-void Usage() {
-#ifdef SSLTELNET
-    PR_fprintf(PR_STDOUT,"SSLTelnet ");
-#else
-    PR_fprintf(PR_STDOUT,"SSLStrength (No telnet functionality) ");
-#endif
-    PR_fprintf(PR_STDOUT,"Version 1.5\n");
- 
-    PR_fprintf(PR_STDOUT,"Usage:\n   sslstrength hostname[:port] [ciphers=xyz] [certdir=x] [debug] [verbose] "
-#ifdef SSLTELNET
-"[telnet]|[servertype]|[querystring=<string>] "
-#endif
-"[policy=export|domestic]\n   sslstrength ciphers\n");
-}
-
-
-PRInt32 debug = 0;
-PRInt32 verbose = 0;
-
-PRInt32 main(PRInt32 argc,char **argv, char **envp)
-{
-
-  
-  /* defaults for command line arguments */
-  char *hostnamearg=NULL;
-  char *portnumarg=NULL;
-  char *sslversionarg=NULL;
-  char *keylenarg=NULL;
-  char *certdir=NULL;
-  char *hostname;
-  char *nickname=NULL;
-  char *progname=NULL;
-  /*  struct sockaddr_in addr; */
-  PRNetAddr addr;
-
-  int ss_on;
-  char *ss_cipher;
-  int ss_keysize;
-  int ss_secretsize;
-  char *ss_issuer;
-  char *ss_subject;
-  int policy=1;
-  char *set_ssl_policy=NULL;
-  int print_ciphers=0;
-  
-  char buf[10];
-  char netdbbuf[PR_NETDB_BUF_SIZE];
-  PRHostEnt hp;
-  PRStatus r;
-  PRNetAddr na;
-  SECStatus rv;
-  int portnum=443;   /* default https: port */
-  PRFileDesc *s,*fd;
-  
-  CERTCertDBHandle *handle;
-  CERTCertificate *c;
-  PRInt32 i;
-#ifdef SSLTELNET
-  struct termios tmp_tc;
-  char cb;
-  int prev_lflag,prev_oflag,prev_iflag;
-  int t_fin,t_fout;
-  int servertype=0, telnet=0;
-  char *querystring=NULL;
-#endif
-
-  debug = 0;
-
-  progname = (char *)PL_strrchr(argv[0], '/');
-  progname = progname ? progname+1 : argv[0];
-
-  /* Read in command line args */
-  if (argc == 1) {
-    Usage();
-    return(0);
-  }
-  
-  if (! PL_strcmp("ciphers",argv[1])) {
-    PrintCiphers(0);
-    exit(0);
-  }
-
-  hostname = argv[1];
-
-  if (!PL_strcmp(hostname , "usage") || !PL_strcmp(hostname, "-help") ) {
-    Usage();
-    exit(0);
-    }
-
-  if ((portnumarg = PL_strchr(hostname,':'))) {
-    *portnumarg = 0;
-    portnumarg = &portnumarg[1];
-  }
-  
-  if (portnumarg) {
-    if (*portnumarg == 0) {
-      PR_fprintf(PR_STDOUT,"malformed port number supplied\n");
-      return(1);
-    }
-    portnum = atoi(portnumarg);
-  }
-  
-  for (i = 2  ; i < argc; i++)
-    {
-      if (!PL_strncmp(argv[i] , "sslversion=",11) )
-	sslversionarg=&(argv[i][11]);
-      else if (!PL_strncmp(argv[i], "certdir=",8) )
-	certdir = &(argv[i][8]);
-      else if (!PL_strncmp(argv[i], "ciphers=",8) )
-	{
-	  set_ssl_policy=&(argv[i][8]);
-	}
-      else if (!PL_strncmp(argv[i], "policy=",7) ) {
-	if (!PL_strcmp(&(argv[i][7]),"domestic")) policy=1;
-	else if (!PL_strcmp(&(argv[i][7]),"export")) policy=0;
-	else {
-	  PR_fprintf(PR_STDOUT,"sslstrength: invalid argument. policy must be one of (domestic,export)\n");
-	}
-      }
-      else if (!PL_strcmp(argv[i] , "debug") )
-	debug = 1;
-#ifdef SSLTELNET
-      else if (!PL_strcmp(argv[i] , "telnet") )
-	telnet = 1;
-      else if (!PL_strcmp(argv[i] , "servertype") )
-	servertype = 1;
-      else if (!PL_strncmp(argv[i] , "querystring=",11) )
-	querystring = &argv[i][12];
-#endif
-      else if (!PL_strcmp(argv[i] , "verbose") )
-	verbose = 1;
-    }
-  
-#ifdef SSLTELNET
-  if (telnet && (servertype || querystring)) {
-    PR_fprintf(PR_STDOUT,"You can't use telnet and (server or querystring) options at the same time\n");
-    exit(1);
-  }
-#endif
-
-  PR_fprintf(PR_STDOUT,"Using %s policy\n",policy?"domestic":"export");
-  
-  /* allow you to set env var SSLDIR to set the cert directory */
-  if (! certdir) certdir = SECU_DefaultSSLDir();  
-
-  /* if we don't have one still, initialize with no databases */
-  if (!certdir) {
-    rv = NSS_NoDB_Init(NULL);
-
-    (void) SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX,0,0);
-  } else {
-    rv = NSS_Init(certdir);
-    SECU_ConfigDirectory(certdir);
-  }
-  
-  /* Lookup host */
-  r = PR_GetHostByName(hostname,netdbbuf,PR_NETDB_BUF_SIZE,&hp);
-  
-  if (r) {
-    PrintErrString(progname,"Host Name lookup failed");
-    return(1);
-  }
-  
-  /* should the third field really be 0? */
-
-  PR_EnumerateHostEnt(0,&hp,0,&na);
-  PR_InitializeNetAddr(PR_IpAddrNull,portnum,&na);
-
-  PR_fprintf(PR_STDOUT,"Connecting to %s:%d\n",hostname, portnum);
-  
-  /* Create socket */
-
-  fd = PR_NewTCPSocket();
-  if (fd == NULL) {
-    PrintErrString(progname, "error creating socket");
-    return -1;
-  }
-
-  s = SSL_ImportFD(NULL,fd);
-  if (s == NULL) {
-    PrintErrString(progname, "error creating socket");
-    return -1;
-  }
-  
-  dbmsg("10: About to enable security\n");
-  
-  rv = SSL_OptionSet(s, SSL_SECURITY, PR_TRUE);
-  if (rv < 0) {
-    PrintErrString(progname, "error enabling socket");
-    return -1;
-  }
-  
-  if (set_ssl_policy) {
-    SetPolicy(set_ssl_policy,policy);
-  }
-  else {
-    PR_fprintf(PR_STDOUT,"Using all ciphersuites usually found in client\n");
-    if (policy) {
-      SetPolicy("abcdefghijklmnopqrst",policy);
-    }
-    else {
-      SetPolicy("efghijlmo",policy);
-    }
-  }
-
-  PrintCiphers(1);
-
-  rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
-  if (rv < 0) {
-    PrintErrString(progname, "error enabling client handshake");
-    return -1;
-  }
-  
-  dbmsg("30: About to set AuthCertificateHook\n");
-  
-  
-  SSL_AuthCertificateHook(s, MyAuthCertificateHook, (void *)handle);
-  /* SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); */
-  /* SSL_GetClientAuthDataHook(s, GetClientAuthDataHook, (void *)nickname);*/
-  
-  
-  dbmsg("40: About to SSLConnect\n");
-  
-  /* Try to connect to the server */
-  /* now SSL_Connect takes new arguments. */
-  
-  
-  r = PR_Connect(s, &na, PR_TicksPerSecond()*5);
-  if (r < 0) {
-    PrintErrString(progname, "unable to connect");
-    return -1;
-  }
-  
-  rv = SSL_ForceHandshake(s);
-  
-  if (rv) {
-    PrintErrString(progname,"SSL Handshake failed. ");
-    exit(1);
-  }
-
-  rv = SSL_SecurityStatus(s, &ss_on, &ss_cipher,
-			  &ss_keysize, &ss_secretsize,
-			  &ss_issuer, &ss_subject);
-
-  
-  dbmsg("60:  done with security status, about to print\n");
-  
-  c = SSL_PeerCertificate(s);
-  if (!c) PR_fprintf(PR_STDOUT,"Couldn't retrieve peers Certificate\n");
-  PR_fprintf(PR_STDOUT,"SSL Connection Status\n",rv);
-  
-  PR_fprintf(PR_STDOUT,"   Cipher:          %s\n",ss_cipher);
-  PR_fprintf(PR_STDOUT,"   Key Size:        %d\n",ss_keysize);
-  PR_fprintf(PR_STDOUT,"   Secret Key Size: %d\n",ss_secretsize);
-  PR_fprintf(PR_STDOUT,"   Issuer:          %s\n",ss_issuer);
-  PR_fprintf(PR_STDOUT,"   Subject:         %s\n",ss_subject);
-
-  PR_fprintf(PR_STDOUT,"   Valid:           from %s to %s\n",
-	     c==NULL?"???":DER_TimeChoiceDayToAscii(&c->validity.notBefore),
-	     c==NULL?"???":DER_TimeChoiceDayToAscii(&c->validity.notAfter));
-
-#ifdef SSLTELNET
-
- 
-
-
-  if (servertype || querystring) {
-    char buffer[1024];
-    char ch;
-    char qs[] = "HEAD / HTTP/1.0";
-
-
-
-
-    if (!querystring) querystring = qs;
-    PR_fprintf(PR_STDOUT,"\nServer query mode\n>>Sending:\n%s\n",querystring);
-
-    PR_fprintf(PR_STDOUT,"\n*** Server said:\n");
-    ch = querystring[PL_strlen(querystring)-1];
-    if (ch == '"' || ch == '\'') {
-      PR_fprintf(PR_STDOUT,"Warning: I'm not smart enough to cope with quotes mid-string like that\n");
-    }
-    
-    rv = PR_Write(s,querystring,PL_strlen(querystring));
-    if ((rv < 1) ) {
-      PR_fprintf(PR_STDOUT,"Oh dear - couldn't send servertype query\n");
-      goto closedown;
-    }
-
-    rv = PR_Write(s,"\r\n\r\n",4);
-    rv = PR_Read(s,buffer,1024);
-    if ((rv < 1) ) {
-      PR_fprintf(PR_STDOUT,"Oh dear - couldn't read server repsonse\n");
-      goto closedown;
-    }
-      PR_Write(PR_STDOUT,buffer,rv);
-  }
-
-    
-  if (telnet) {
-
-    PR_fprintf(PR_STDOUT,"---------------------------\n"
-	       "telnet mode. CTRL-C to exit\n"
-	       "---------------------------\n");
-    
-
-
-    /* fudge terminal attributes */
-    t_fin = PR_FileDesc2NativeHandle(PR_STDIN);
-    t_fout = PR_FileDesc2NativeHandle(PR_STDOUT);
-    
-    tcgetattr(t_fin,&tmp_tc);
-    prev_lflag = tmp_tc.c_lflag;
-    prev_oflag = tmp_tc.c_oflag;
-    prev_iflag = tmp_tc.c_iflag;
-    tmp_tc.c_lflag &= ~ECHO;
-    /*    tmp_tc.c_oflag &= ~ONLCR; */
-    tmp_tc.c_lflag &= ~ICANON;
-    tmp_tc.c_iflag &= ~ICRNL;
-    tmp_tc.c_cflag |= CS8;
-    tmp_tc.c_cc[VMIN] = 1;
-    tmp_tc.c_cc[VTIME] = 0;
-    
-    tcsetattr(t_fin, TCSANOW, &tmp_tc);
-    /*   ioctl(tin, FIONBIO, (char *)&onoff); 
-	 ioctl(tout, FIONBIO, (char *)&onoff);*/
-    
-    
-    {
-      PRPollDesc pds[2];
-      char buffer[1024];
-      int amt,amtwritten;
-      char *x;
-      
-      /* STDIN */
-      pds[0].fd = PR_STDIN;
-      pds[0].in_flags = PR_POLL_READ;
-      pds[1].fd = s;
-      pds[1].in_flags = PR_POLL_READ | PR_POLL_EXCEPT;
-      
-      while (1) {
-	int nfds;
-
-	nfds = PR_Poll(pds,2,PR_SecondsToInterval(2));
-	if (nfds == 0) continue;
-
-	/** read input from keyboard*/
-	/*  note: this is very inefficient if reading from a file */
-	
-	if (pds[0].out_flags & PR_POLL_READ) {
-	  amt = PR_Read(PR_STDIN,&buffer,1);
-	  /*	PR_fprintf(PR_STDOUT,"fd[0]:%d=%d\r\n",amt,buffer[0]); */
-	  if (amt == 0) {
-	    PR_fprintf(PR_STDOUT,"\n");
-	    goto loser;
-	  }
-	  
-	  if (buffer[0] == '\r') {
-	    buffer[0] = '\r';
-	    buffer[1] = '\n';
-	    amt = 2;
-	  }
-	  rv = PR_Write(PR_STDOUT,buffer,amt);
-	  
-	  
-	  rv = PR_Write(s,buffer,amt);
-	  if (rv == -1) {
-	    PR_fprintf(PR_STDOUT,"Error writing to socket: %d\n",PR_GetError());
-	  }
-	}
-	
-	/***/
-	
-	
-	/***/
-	if (pds[1].out_flags & PR_POLL_EXCEPT) {
-	  PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
-	  goto loser;
-	}
-	if (pds[1].out_flags & PR_POLL_READ) {
-	  amt = PR_Read(s,&buffer,1024);
-	  
-	  if (amt == 0) {
-	    PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
-	    goto loser;
-	  }
-	  rv = PR_Write(PR_STDOUT,buffer,amt);
-	}
-	/***/
-	
-      }
-    }
-  loser:
-    
-    /* set terminal back to normal */
-    tcgetattr(t_fin,&tmp_tc);
-    
-    tmp_tc.c_lflag = prev_lflag;
-    tmp_tc.c_oflag = prev_oflag;
-    tmp_tc.c_iflag = prev_iflag;
-    tcsetattr(t_fin, TCSANOW, &tmp_tc);
-    
-    /*   ioctl(tin, FIONBIO, (char *)&onoff);
-	 ioctl(tout, FIONBIO, (char *)&onoff); */
-  }
-
-#endif
-  /* SSLTELNET */
-
- closedown:
-
-  PR_Close(s);
-
-  if (NSS_Shutdown() != SECSuccess) {
-    exit(1);
-  }
-
-  return(0);
-
-} /* main */
-
-/*EOF*/
-
deleted file mode 100755
--- a/security/nss/cmd/sslstrength/sslwrap
+++ /dev/null
@@ -1,185 +0,0 @@
-#!/usr/bin/perl
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-
-@profiles = (
-#            "host:port"	"policy"	"ciphers"  	"exp-cipher"	"expkeysize"
-
-	     [ "cfu:443",	"export",	"efijlmo",	"RC4-40",	"40" ],
-	     [ "hbombsgi:448",	"export",	"efijlmo",	"RC4-40",	"40" ],
-	     [ "hbombsgi:448",	"domestic",	"abcdefijklmo",	"RC4",	        "128" ],
-	     [ "gandalf:5666",	"domestic",	"abcdefijklmo",	"RC4",	        "128" ],
-	     [ "gandalf:5666",	"export",	"efijlmo",	"RC4",	        "128" ],
-	     [ "gandalf:5666",	"domestic",	"j",	        "3DES-EDE-CBC", "168" ],
-	     [ "gandalf:5666",	"domestic",	"k",	        "DES-CBC",      "56" ],
-	     [ "gandalf:5666",	"export",	"l",	        "RC4-40",       "40" ],
-	     [ "gandalf:5666",	"export",	"efijlmo",	"RC4",	        "128" ],
-	     [ "hbombcfu:443",	"export",	"efijlmo",	"RC4",	        "128" ],
-	     
-	     );
-
-$file = &filename;
-
-open(HTML, ">$file.htm") || die"Cannot open html output file\n";
-
-$mutversion = "";
-$platform = $ARGV[0];
-
-
-print HTML 
-"<HTML><HEAD>
-<TITLE>ssl/sslstrength: Version: $mutversion Platform: $platform Run date mm/dd/yy</TITLE></HEAD><BODY>\n";
-
-print HTML 
-"<TABLE BORDER=1><TR>
-<TD><B>Test Case Number</B></TD>
-<TD><B>Program</B></TD>
-<TD><B>Description of Test Case</B></TD>
-<TD><B>Start date/time<B></TD>
-<TD><B>End date/time<B></TD>  
-<TD><B>PASS/FAIL</B></TD> 
-</TR>\n";
-
-$countpass =0;
-$countfail =0;
-
-
-$testnum =0;
-for $profile (@profiles) {
-    $testnum ++;
-    ($host, $policy, $ciphers, $expcipher, $expkeysize) = @$profile;
-    
-    $cmd = "./sslstrength $host policy=$policy ciphers=$ciphers";
-
-    $starttime = &datestring." ".&timestring;
-    print STDERR "$cmd\n";
-    open(PIPE, "$cmd|") || die "Cannot start sslstrength\n";
-
-    $cipher = "";
-    $keysize = "";
-    while (<PIPE>) {
-	chop;
-	if (/^   Cipher: *(.*)/) {
-	    $cipher = $1;
-	}
-	if (/^   Secret Key Size: (.*)/) {
-	    $keysize = $1;
-	}
-    }
-    close(PIPE);
-    $endtime = &datestring." ".&timestring;
-
-    if (( $? != 0) || ($cipher ne $expcipher) || ($keysize ne $expkeysize)) {
-	$countfail ++;	
-	$passed =0;	
-    }
-    else {
-	$countpass ++;
-	$passed =1;
-    }
-
-print HTML
-"<TR>
-<TD><B>$testnum</B></TD>
-<TD></TD>
-<TD>$cmd</TD>
-<TD>$starttime</TD>
-<TD>$endtime</TD>
-<TD><B>".($passed ? "PASS" : "<FONT COLOR=red>FAIL: return code = 
-c=$cipher, ec=$expcipher, s=$keysize, es=$expkeysize.</FONT>")."
-</B></TD>
-</TR>\n";
-   
-}
-
-print HTML "</table>\n";
-
-close(HTML);
-
-open (SUM, ">$file.sum") ||die "couldn't open summary file for writing\n";
-
-print SUM <<EOM;
-[Status]
-mut=SSL
-mutversion=1.0
-platform=$platform
-pass=$countpass
-fail=$countfail
-knownFail=0
-malformed=0
-EOM
-
-    close(SUM);
-
-
-
-sub timestring
-{
-
-    my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time);
-    my $string;
-
-    $string = sprintf "%2d:%02d:%02d",$hour, $min, $sec;
-    return $string;
-}
-
-sub datestring
-{
-
-    my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time);
-    my $string;
-
-    $string = sprintf "%d/%d/%2d",$mon+1, $mday+1, $year;
-    return $string;
-}
-
-sub filename
-{
-
-    my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time);
-    my $string;
-
-    $string = sprintf "%04d%02d%02d",$year+1900, $mon+1, $mday;
-    return $string;
-}
-
-
-
-
-
-
deleted file mode 100644
--- a/security/nss/cmd/swfort/Makefile
+++ /dev/null
@@ -1,113 +0,0 @@
-#! gmake
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-CORE_DEPTH = ../../..
-
-include manifest.mn
-include $(CORE_DEPTH)/coreconf/config.mk
-
-# 	$(NULL)
-
-
-INCLUDES += \
-	-I$(DIST)/../public/security \
-	-I$(DIST)/../private/security \
-	-I$(DEPTH)/security/lib/cert \
-	-I$(DEPTH)/security/lib/key \
-	-I$(DEPTH)/security/lib/util  \
-	-I./include \
-	$(NULL)
-
-
-# For the time being, sec stuff is export only
-# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION
-
-US_FLAGS = -DEXPORT_VERSION
-EXPORT_FLAGS = -DEXPORT_VERSION
-
-BASE_LIBS = \
-	$(DIST)/lib/libdbm.$(LIB_SUFFIX) \
-	$(DIST)/lib/libxp.$(LIB_SUFFIX) \
-	$(DIST)/lib/libnspr.$(LIB_SUFFIX) \
-	$(NULL)
-
-#	$(DIST)/lib/libpurenspr.$(LIB_SUFFIX) \
-
-#There are a circular dependancies in security/lib, and we deal with it by 
-# double linking some libraries
-SEC_LIBS = \
-	$(DIST)/lib/libsecnav.$(LIB_SUFFIX) \
-        $(DIST)/lib/libssl.$(LIB_SUFFIX) \
-        $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \
-        $(DIST)/lib/libcert.$(LIB_SUFFIX) \
-        $(DIST)/lib/libkey.$(LIB_SUFFIX) \
-	$(DIST)/lib/libsecmod.$(LIB_SUFFIX) \
-        $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \
-        $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \
-        $(DIST)/lib/libssl.$(LIB_SUFFIX) \
-        $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \
-        $(DIST)/lib/libcert.$(LIB_SUFFIX) \
-        $(DIST)/lib/libkey.$(LIB_SUFFIX) \
-	$(DIST)/lib/libsecmod.$(LIB_SUFFIX) \
-        $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \
-        $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \
-        $(DIST)/lib/libhash.$(LIB_SUFFIX) \
-	$(NULL)
-
-MYLIB	= lib/$(OBJDIR)/libsectool.$(LIB_SUFFIX)
-
-US_LIBS	= $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
-EX_LIBS	= $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) 
-
-REQUIRES = libxp nspr security
-
-CSRCS	= $(EXEC_SRCS) $(BI_SRCS)
-
-OBJS	= $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o)
-
-PROGS		= $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX)))
-US_PROGS 	= $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX)))
-EX_PROGS	= $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX)))
-
-
-NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS)
-TARGETS = $(NON_DIRS)
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-symbols::
-	@echo "TARGETS	= $(TARGETS)"
deleted file mode 100644
--- a/security/nss/cmd/swfort/instinit/Makefile
+++ /dev/null
@@ -1,79 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-include ../../platrules.mk
deleted file mode 100644
--- a/security/nss/cmd/swfort/instinit/instinit.c
+++ /dev/null
@@ -1,424 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include <stdio.h>
-
-#include "prio.h"
-#include "seccomon.h"
-#include "swforti.h"
-#include "cert.h"
-#include "pk11func.h"
-#include "nss.h"
-#include "secutil.h"
-
-#define CERTDB_VALID_CA        (1<<3)
-#define CERTDB_TRUSTED_CA      (1<<4) /* trusted for issuing server certs */
-
-void secmod_GetInternalModule(SECMODModule *module);
-void sec_SetCheckKRLState(int i);
-
-#define STEP 16
-void
-printItem(SECItem *key) {
- int i;
- unsigned char *block;
- int len;
- for (block=key->data,len=key->len; len > 0; len -= STEP,block += STEP) {
-     for(i=0; i < STEP && i < len; i++) printf(" %02x ",block[i]);
-     printf("\n");
- }
- printf("\n");
-}
-
-void
-dump(unsigned char *block, int len) {
- int i;
- for (; len > 0; len -= STEP,block += STEP) {
-     for(i=0; i < STEP && i < len; i++) printf(" %02x ",block[i]);
-     printf("\n");
- }
- printf("\n");
-}
-
-
-/*
- * We need to move this to security/cmd .. so we can use the password
- * prompting infrastructure.
- */
-char *GetUserInput(char * prompt) 
-{
-    char phrase[200];
-
-	    fprintf(stderr, "%s", prompt);
-            fflush (stderr);
-
-	fgets ((char*) phrase, sizeof(phrase), stdin);
-
-	/* stomp on newline */
-	phrase[PORT_Strlen((char*)phrase)-1] = 0;
-
-	/* Validate password */
-	return (char*) PORT_Strdup((char*)phrase);
-}
-
-void ClearPass(char *pass) {
-    PORT_Memset(pass,0,strlen(pass));
-    PORT_Free(pass);
-}
-
-char *
-formatDERIssuer(FORTSWFile *file,SECItem *derIssuer)
-{
-    CERTName name;
-    SECStatus rv;
-
-    PORT_Memset(&name,0,sizeof(name));;
-    rv = SEC_ASN1DecodeItem(file->arena,&name,CERT_NameTemplate,derIssuer);
-    if (rv != SECSuccess) {
-	return NULL;
-    }
-    return CERT_NameToAscii(&name);
-}
-
-#define NETSCAPE_INIT_FILE "nsswft.swf"
-
-char *getDefaultTarget(void)
-{
-    char *fname = NULL;
-    char *home = NULL;
-    static char unix_home[512];
-
-    /* first try to get it from the environment */
-    fname = getenv("SW_FORTEZZA_FILE");
-    if (fname != NULL) {
-	return PORT_Strdup(fname);
-    }
-
-#ifdef XP_UNIX
-    home = getenv("HOME");
-    if (home) {
-	strncpy(unix_home,home, sizeof(unix_home)-sizeof("/.netscape/"NETSCAPE_INIT_FILE));
-	strcat(unix_home,"/.netscape/"NETSCAPE_INIT_FILE);
-	return unix_home;
-    }
-#endif
-#ifdef XP_WIN
-    home = getenv("windir");
-    if (home) {
-	strncpy(unix_home,home, sizeof(unix_home)-sizeof("\\"NETSCAPE_INIT_FILE));
-	strcat(unix_home,"\\"NETSCAPE_INIT_FILE);
-	return unix_home;
-    }
-#endif
-    return (NETSCAPE_INIT_FILE);
-}
-
-void
-usage(char *prog) {
-   fprintf(stderr,"usage: %s [-v][-f][-t transport_pass][-u user_pass][-o output_file] source_file\n",prog);
-   exit(1);
-}
-	
-int main(int argc, char ** argv)
-{
-
-    FORTSignedSWFile * swfile;
-    int size;
-    SECItem file;
-    char *progname = *argv++;
-    char *filename = NULL;
-    char *outname = NULL;
-    char *cp;
-    int verbose = 0;
-    int force = 0;
-    CERTCertDBHandle *certhandle = NULL;
-    CERTCertificate *cert;
-    CERTCertTrust *trust;
-    char * pass;
-    SECStatus rv;
-    int i;
-    int64 now; /* XXXX */
-    char *issuer;
-    char *transport_pass = NULL;
-    char *user_pass = NULL;
-    SECItem *outItem = NULL;
-    PRFileDesc *fd;
-    PRFileInfo info;
-    PRStatus prv;
-
-
-
-   
-    /* put better argument parsing here */
-    while ((cp = *argv++) != NULL) {
-	if (*cp == '-') {
-	    while (*++cp) {
-		switch (*cp) {
-		/* verbose mode */
-		case 'v':
-		    verbose++;
-		    break;
-		/* explicitly set the target */
-		case 'o':
-		    outname = *argv++;
-		    break;
-		case 'f':
-		/* skip errors in signatures without prompts */
-		    force++;
-		    break;
-		case 't':
-		/* provide password on command line */
-		    transport_pass = *argv++;
-		    break;
-		case 'u':
-		/* provide user password on command line */
-		    user_pass = *argv++;
-		    break;
-		default:
-		    usage(progname);
-		    break;
-		}
-	    }
-	} else if (filename) {
-	    usage(progname);
-	} else {
-	    filename = cp;
-	}
-    }
-
-    if (filename == NULL) usage(progname);
-    if (outname == NULL) outname = getDefaultTarget();
-
-
-    now = PR_Now();
-    /* read the file in */ 
-    fd = PR_Open(filename,PR_RDONLY,0);
-    if (fd == NULL) { 
-	fprintf(stderr,"%s: couldn't open file \"%s\".\n",progname,filename); 
-	exit(1);
-    }
-
-    prv = PR_GetOpenFileInfo(fd,&info);
-    if (prv != PR_SUCCESS) {
-	fprintf(stderr,"%s: couldn't get info on file \"%s\".\n",
-							progname,filename); 
-	exit(1);
-    }
-
-    size = info.size;
-
-    file.data = malloc(size);
-    file.len = size;
-
-    file.len = PR_Read(fd,file.data,file.len);
-    if (file.len < 0) { 
-	fprintf(stderr,"%s: couldn't read file \"%s\".\n",progname, filename); 
-	exit(1);
-    }
-
-    PR_Close(fd);
-
-    /* Parse the file */
-    swfile = FORT_GetSWFile(&file);
-    if (swfile == NULL) {
-	fprintf(stderr,
-	   "%s: File \"%s\" not a valid FORTEZZA initialization file.\n",
-		progname,filename);
-	exit(1);
-    }
-
-    issuer = formatDERIssuer(&swfile->file,&swfile->file.derIssuer);
-    if (issuer == NULL) {
-	issuer = "<Invalid Issuer DER>";
-    }
-
-    if (verbose) {
-	printf("Processing file %s ....\n",filename);
-	printf("  Version %ld\n",DER_GetInteger(&swfile->file.version));
-	printf("  Issuer: %s\n",issuer);
-	printf("  Serial Number: ");
-	for (i=0; i < (int)swfile->file.serialID.len; i++) {
-	    printf(" %02x",swfile->file.serialID.data[i]);
-	}
-	printf("\n");
-    }
-
-
-    /* Check the Initalization phrase and save Kinit */
-    if (!transport_pass) {
-    	pass = SECU_GetPasswordString(NULL,"Enter the Initialization Memphrase:");
-	transport_pass = pass;
-    }
-    rv = FORT_CheckInitPhrase(swfile,transport_pass);
-    if (rv != SECSuccess) {
-	fprintf(stderr,
-		"%s: Invalid Initialization Memphrase for file \"%s\".\n",
-		progname,filename);
-	exit(1);
-    }
-
-    /* Check the user or init phrase and save Ks, use Kinit to unwrap the
-     * remaining data. */
-    if (!user_pass) {
-    	pass = SECU_GetPasswordString(NULL,"Enter the User Memphrase or the User PIN:");
-	user_pass = pass;
-    }
-    rv = FORT_CheckUserPhrase(swfile,user_pass);
-    if (rv != SECSuccess) {
-	fprintf(stderr,"%s: Invalid User Memphrase or PIN for file \"%s\".\n",
-		progname,filename);
-	exit(1);
-    }
-
-    NSS_NoDB_Init(NULL);
-    sec_SetCheckKRLState(1);
-    certhandle = CERT_GetDefaultCertDB();
-
-    /* now dump the certs into the temparary data base */
-    for (i=0; swfile->file.slotEntries[i]; i++) {
-	int trusted = 0;
-    	SECItem *derCert = FORT_GetDERCert(swfile,
-			swfile->file.slotEntries[i]->certIndex);
-
-	if (derCert == NULL) {
-	    if (verbose) {
-	       printf(" Cert %02d: %s \"%s\" \n",
-		swfile->file.slotEntries[i]->certIndex,
-			"untrusted", "Couldn't decrypt Cert");
-	    }
-	    continue;
-	}
-	cert = CERT_NewTempCertificate(certhandle, derCert, NULL,
-							PR_FALSE, PR_TRUE);
-	if (cert == NULL) {
-	    if (verbose) {
-	       printf(" Cert %02d: %s \"%s\" \n",
-		swfile->file.slotEntries[i]->certIndex,
-			"untrusted", "Couldn't decode Cert");
-	    }
-	    continue;
-	}
-	if (swfile->file.slotEntries[i]->trusted.data[0]) {
-	    /* Add TRUST */
-	    trust = PORT_ArenaAlloc(cert->arena,sizeof(CERTCertTrust));
-	    if (trust != NULL) {
-	        trust->sslFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA;
-	        trust->emailFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA;
-	        trust->objectSigningFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA;
-	        cert->trust = trust;
-		trusted++;
-	    }
-	}
-	if (verbose) {
-	    printf(" Cert %02d: %s \"%s\" \n",
-		swfile->file.slotEntries[i]->certIndex,
-		trusted?" trusted ":"untrusted",
-			CERT_NameToAscii(&cert->subject));
-	}
-    }
-
-    fflush(stdout);
-
-
-    cert = CERT_FindCertByName(certhandle,&swfile->file.derIssuer);
-    if (cert == NULL) {
-	fprintf(stderr,"%s: Couldn't find signer certificate \"%s\".\n",
-		progname,issuer);
-	rv = SECFailure;
-	goto noverify;
-    }
-    rv = CERT_VerifySignedData(&swfile->signatureWrap,cert, now, NULL);
-    if (rv != SECSuccess) {
-	fprintf(stderr,
-	  "%s: Couldn't verify the signature on file \"%s\" with certificate \"%s\".\n",
-		progname,filename,issuer);
-	goto noverify;
-    }
-    rv = CERT_VerifyCert(certhandle, cert, PR_TRUE, certUsageSSLServer,
-								now ,NULL,NULL);
-    /* not an normal cert, see if it's a CA? */
-    if (rv != SECSuccess) {
-	rv = CERT_VerifyCert(certhandle, cert, PR_TRUE, certUsageAnyCA,
-								now ,NULL,NULL);
-    }
-    if (rv != SECSuccess) {
-	fprintf(stderr,"%s: Couldn't verify the signer certificate \"%s\".\n",
-		progname,issuer);
-	goto noverify;
-    }
-
-noverify:
-    if (rv != SECSuccess) {
-	if (!force) {
-	    pass = GetUserInput(
-	       "Signature verify failed, continue without verification? ");
-	    if (!(pass && ((*pass == 'Y') || (*pass == 'y')))) {
-		exit(1);
-            }
-	}
-    }
-
-
-    /* now write out the modified init file for future use */
-    outItem = FORT_PutSWFile(swfile);
-    if (outItem == NULL) {
-	fprintf(stderr,"%s: Couldn't format target init file.\n",
-		progname);
-	goto noverify;
-    }
-
-    if (verbose) {
-	printf("writing modified file out to \"%s\".\n",outname);
-    }
-
-    /* now write it out */
-    fd = PR_Open(outname,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0700);
-    if (fd == NULL) { 
-	fprintf(stderr,"%s: couldn't open file \"%s\".\n",progname,outname); 
-	exit(1);
-    }
-
-    file.len = PR_Write(fd,outItem->data,outItem->len);
-    if (file.len < 0) { 
-	fprintf(stderr,"%s: couldn't read file \"%s\".\n",progname, filename); 
-	exit(1);
-    }
-
-    PR_Close(fd);
-    
-    exit(0);
-    return (0);
-}
-
deleted file mode 100644
--- a/security/nss/cmd/swfort/instinit/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../..
-
-DEFINES += -DNSPR20
-
-MODULE = nss
-
-CSRCS = instinit.c
-
-REQUIRES = nspr dbm seccmd
-
-PROGRAM = instinit
-# PROGRAM = ./$(OBJDIR)/selfserv.exe
-
-USE_STATIC_LIBS = 1
deleted file mode 100644
--- a/security/nss/cmd/swfort/manifest.mn
+++ /dev/null
@@ -1,42 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH	= ../../..
-
-REQUIRES = nss seccmd dbm
-
-
-DIRS = instinit newuser
deleted file mode 100644
--- a/security/nss/cmd/swfort/newuser/Makefile
+++ /dev/null
@@ -1,87 +0,0 @@
-#! gmake
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-ctmp := $(shell $(MAKE) -C ../../../lib/fortcrypt --no-print-directory cilib_name)
-ifeq ($(ctmp), $(patsubst /%,/,$(ctmp)))
-  CILIB := ../../../lib/fortcrypt/$(ctmp)
-else
-  CILIB := $(ctmp)
-endif
-
-EXTRA_LIBS += $(CILIB) 
-
-include ../../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-include ../../platrules.mk
-
deleted file mode 100644
--- a/security/nss/cmd/swfort/newuser/manifest.mn
+++ /dev/null
@@ -1,49 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../..
-
-DEFINES += -DNSPR20
-
-MODULE = nss
-
-CSRCS = newuser.c mktst.c
-
-REQUIRES = nspr dbm seccmd
-
-PROGRAM = newuser
-
-USE_STATIC_LIBS = 1
deleted file mode 100644
--- a/security/nss/cmd/swfort/newuser/mktst.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include <stdio.h>
-
-#include "prio.h"
-#include "swforti.h"
-#include "maci.h"
-#include "secder.h"
-#include "blapi.h"
-
-void
-printkey(char *s, unsigned char *block) {
- int i;
- printf("%s \n  0x",s);
- for(i=0; i < 10; i++) printf("%02x",block[i]);
- printf("\n");
-}
-
-void
-printblock(char *s, unsigned char *block) {
- int i;
- printf("%s \n  0x",s);
- for(i=0; i < 8; i++) printf("%02x",block[i]);
- printf("\n  0x");
- for(i=8; i < 16; i++) printf("%02x",block[i]);
- printf("\n");
-}
-
-
-static char *leafbits="THIS IS NOT LEAF";
-
-static void
-encryptCertEntry(fortProtectedData *pdata,FORTSkipjackKeyPtr Ks,
-						unsigned char *data,int len)
-{
-    unsigned char *dataout;
-    int enc_len;
-	/* XXX Make length */
-    pdata->dataIV.data = PORT_ZAlloc(24);
-    pdata->dataIV.len = 24;
-    PORT_Memcpy(pdata->dataIV.data,leafbits,SKIPJACK_LEAF_SIZE);
-    fort_GenerateRandom(&pdata->dataIV.data[SKIPJACK_LEAF_SIZE],
-						SKIPJACK_BLOCK_SIZE);
-    enc_len = (len + (SKIPJACK_BLOCK_SIZE-1)) & ~(SKIPJACK_BLOCK_SIZE-1);
-    dataout = pdata->dataEncryptedWithKs.data = PORT_ZAlloc(enc_len);
-    pdata->dataEncryptedWithKs.len = enc_len;
-    fort_skipjackEncrypt(Ks,&pdata->dataIV.data[SKIPJACK_LEAF_SIZE],
-					enc_len, data,dataout);
-    if (len > 255) {
-	pdata->length.data = PORT_ZAlloc(2);
-	pdata->length.data[0] = (len >> 8) & 0xff;
-	pdata->length.data[1] = len & 0xff;
-	pdata->length.len = 2;
-    } else {
-	pdata->length.data = PORT_ZAlloc(1);
-	pdata->length.data[0] = len & 0xff;
-	pdata->length.len = 1;
-    }
-
-}
-    
-unsigned char issuer[30] = { 0 };
-
-void
-makeCertSlot(fortSlotEntry *entry,int index,char *label,SECItem *cert,
- FORTSkipjackKeyPtr Ks, unsigned char *xKEA, unsigned char *xDSA, 
- unsigned char *pubKey, int pubKeyLen, unsigned char *p, unsigned char *q, 
-							unsigned char *g)
-{
-    unsigned char *key; /* private key */
-
-    entry->trusted.data = PORT_Alloc(1);
-    *entry->trusted.data = index == 0 ? 1 : 0;
-    entry->trusted.len = 1;
-    entry->certificateIndex.data = PORT_Alloc(1);
-    *entry->certificateIndex.data = index;
-    entry->certificateIndex.len = 1;
-    entry->certIndex = index;
-    encryptCertEntry(&entry->certificateLabel,Ks,
-		(unsigned char *)label, strlen(label));
-    encryptCertEntry(&entry->certificateData,Ks, cert->data, cert->len);
-    if (xKEA) {
-	entry->exchangeKeyInformation = PORT_ZNew(fortKeyInformation);
-	entry->exchangeKeyInformation->keyFlags.data = PORT_ZAlloc(1);
-	entry->exchangeKeyInformation->keyFlags.data[0] = 1;
-	entry->exchangeKeyInformation->keyFlags.len = 1;
-	key = PORT_Alloc(24);
-	fort_skipjackWrap(Ks,24,xKEA,key);
-	entry->exchangeKeyInformation->privateKeyWrappedWithKs.data = key;
-	entry->exchangeKeyInformation->privateKeyWrappedWithKs.len = 24;
-	entry->exchangeKeyInformation->derPublicKey.data = pubKey;
-	entry->exchangeKeyInformation->derPublicKey.len = pubKeyLen;
-	entry->exchangeKeyInformation->p.data = p;
-	entry->exchangeKeyInformation->p.len = 128;
-	entry->exchangeKeyInformation->q.data = q;
-	entry->exchangeKeyInformation->q.len = 20;
-	entry->exchangeKeyInformation->g.data = g;
-	entry->exchangeKeyInformation->g.len = 128;
-
-	entry->signatureKeyInformation = PORT_ZNew(fortKeyInformation);
-	entry->signatureKeyInformation->keyFlags.data = PORT_ZAlloc(1);
-	entry->signatureKeyInformation->keyFlags.data[0] = 1;
-	entry->signatureKeyInformation->keyFlags.len = 1;
-	key = PORT_Alloc(24);
-	fort_skipjackWrap(Ks,24,xDSA,key);
-	entry->signatureKeyInformation->privateKeyWrappedWithKs.data = key;
-	entry->signatureKeyInformation->privateKeyWrappedWithKs.len = 24;
-	entry->signatureKeyInformation->derPublicKey.data = pubKey;
-	entry->signatureKeyInformation->derPublicKey.len = pubKeyLen;
-	entry->signatureKeyInformation->p.data = p;
-	entry->signatureKeyInformation->p.len = 128;
-	entry->signatureKeyInformation->q.data = q;
-	entry->signatureKeyInformation->q.len = 20;
-	entry->signatureKeyInformation->g.data = g;
-	entry->signatureKeyInformation->g.len = 128;
-    } else {
-	entry->exchangeKeyInformation = NULL;
-        entry->signatureKeyInformation = NULL;
-    }
-    
-    return;
-}
-
-
-void
-makeProtectedPhrase(FORTSWFile *file, fortProtectedPhrase *prot_phrase,
-  	     FORTSkipjackKeyPtr Ks, FORTSkipjackKeyPtr Kinit, char *phrase)
-{
-    SHA1Context *sha;
-    unsigned char hashout[SHA1_LENGTH];
-    FORTSkipjackKey Kfek;
-    unsigned int len;
-    unsigned char cw[4];
-    unsigned char enc_version[2];
-    unsigned char *data = NULL;
-    int keySize;
-    int i,version;
-    char tmp_data[13];
-
-    if (strlen(phrase) < 12) {
-        PORT_Memset(tmp_data, ' ', sizeof(tmp_data));
-        PORT_Memcpy(tmp_data,phrase,strlen(phrase));
-        tmp_data[12] = 0;
-        phrase = tmp_data;
-    }
-
-    /* now calculate the PBE key for fortezza */
-    sha = SHA1_NewContext();
-    SHA1_Begin(sha);
-    version = DER_GetUInteger(&file->version);
-    enc_version[0] = (version >> 8) & 0xff;
-    enc_version[1] = version  & 0xff;
-    SHA1_Update(sha,enc_version,sizeof(enc_version));
-    SHA1_Update(sha,file->derIssuer.data, file->derIssuer.len);
-    SHA1_Update(sha,file->serialID.data, file->serialID.len);
-    SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
-    SHA1_End(sha,hashout,&len,SHA1_LENGTH);
-    PORT_Memcpy(Kfek,hashout,sizeof(FORTSkipjackKey));
-
-    keySize = sizeof(CI_KEY);
-    if (Kinit) keySize = SKIPJACK_BLOCK_SIZE*2;
-    data = PORT_ZAlloc(keySize);
-    prot_phrase->wrappedKValue.data = data;
-    prot_phrase->wrappedKValue.len = keySize;
-    fort_skipjackWrap(Kfek,sizeof(CI_KEY),Ks,data);
-
-    /* first, decrypt the hashed/Encrypted Memphrase */
-    data = (unsigned char *) PORT_ZAlloc(SHA1_LENGTH+sizeof(cw));
-
-    /* now build the hash for comparisons */
-    SHA1_Begin(sha);
-    SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
-    SHA1_End(sha,hashout,&len,SHA1_LENGTH);
-    SHA1_DestroyContext(sha,PR_TRUE);
-
-
-    /* now calcuate the checkword and compare it */
-    cw[0] = cw[1] = cw[2] = cw[3] = 0;
-    for (i=0; i <5 ; i++) {
-	cw[0] = cw[0] ^ hashout[i*4];
-	cw[1] = cw[1] ^ hashout[i*4+1];
-	cw[2] = cw[2] ^ hashout[i*4+2];
-	cw[3] = cw[3] ^ hashout[i*4+3];
-    }
-
-    PORT_Memcpy(data,hashout,len);
-    PORT_Memcpy(data+len,cw,sizeof(cw));
-
-    prot_phrase->memPhraseIV.data = PORT_ZAlloc(24);
-    prot_phrase->memPhraseIV.len = 24;
-    PORT_Memcpy(prot_phrase->memPhraseIV.data,leafbits,SKIPJACK_LEAF_SIZE);
-    fort_GenerateRandom(&prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE],
-						SKIPJACK_BLOCK_SIZE);
-    prot_phrase->kValueIV.data = PORT_ZAlloc(24);
-    prot_phrase->kValueIV.len = 24;
-    PORT_Memcpy(prot_phrase->kValueIV.data,leafbits,SKIPJACK_LEAF_SIZE);
-    fort_GenerateRandom(&prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE],
-						SKIPJACK_BLOCK_SIZE);
-    fort_skipjackEncrypt(Ks,&prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE],
-					len+sizeof(cw), data,data);
-
-    prot_phrase->hashedEncryptedMemPhrase.data = data;
-    prot_phrase->hashedEncryptedMemPhrase.len = len+sizeof(cw);
-
-    if (Kinit) {
-        fort_skipjackEncrypt(Kinit,
-		&prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE],
-                prot_phrase->wrappedKValue.len,
-                prot_phrase->wrappedKValue.data,
-                prot_phrase->wrappedKValue.data );
-    }
-
-    return;
-}
-
-
-void
-fill_in(SECItem *item,unsigned char *data, int len)
-{
-    item->data = PORT_Alloc(len);
-    PORT_Memcpy(item->data,data,len);
-    item->len = len;
-}
-
deleted file mode 100644
--- a/security/nss/cmd/swfort/newuser/newuser.c
+++ /dev/null
@@ -1,1134 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include <stdio.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#ifdef XP_UNIX
-#include <unistd.h>
-#endif
-#include "cryptint.h"
-#include "blapi.h"	/* program calls low level functions directly!*/
-#include "pk11func.h"
-#include "secmod.h"
-/*#include "secmodi.h"*/
-#include "cert.h"
-#include "key.h"
-#include "nss.h"
-#include "swforti.h"
-#include "secutil.h"
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#define MAX_PERSONALITIES 50
-typedef struct {
-    int index;
-    CI_CERT_STR label;
-    CERTCertificate *cert;
-} certlist;
-
-typedef struct {
-   int card;
-   int index;
-   CI_CERT_STR label;
-   certlist valid[MAX_PERSONALITIES];
-   int count;
-} Cert;
-
-
-#define EMAIL_OID_LEN 9
-#define EMAIL_OID 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01
-unsigned char emailAVA[127] = {
-	0x31, 6+EMAIL_OID_LEN, 	/* Set */
-	0x30, 4+EMAIL_OID_LEN,	/* Sequence */
-	0x06, EMAIL_OID_LEN, EMAIL_OID,
-	0x13, 0, /* printable String */
-};
-#define EMAIL_DATA_START 8+EMAIL_OID_LEN
-
-int emailOffset[] = { 1, 3, EMAIL_DATA_START-1 };
-int offsetCount = sizeof(emailOffset)/sizeof(emailOffset[0]);
-
-unsigned char hash[20] = { 'H', 'a', 's', 'h', ' ', 'F', 'a', 'i', 'l', 'e',
-		  'd', ' ', '*', '*', '*', '*', '*', '*', '*', '*' };
-unsigned char sig[40] = { 'H', 'a', 's', 'h', ' ', 'F', 'a', 'i', 'l', 'e',
-		 'd', ' ', '*', '*', '*', '*', '*', '*', '*', '*',
-		 '>', '>', '>', ' ', 'N', 'o', 't', ' ', 'S', 'i',
-		 'g', 'n', 'd', ' ', '<', '<', '<', ' ', ' ', ' ' };
-
-
-/*void *malloc(int); */
-
-unsigned char *data_start(unsigned char *buf, int length, int *data_length) 
-{
-    unsigned char tag;
-    int used_length= 0;
-
-    tag = buf[used_length++];
-
-    /* blow out when we come to the end */
-    if (tag == 0) {
-	return NULL;
-    }
-
-    *data_length = buf[used_length++];
-
-    if (*data_length&0x80) {
-	int  len_count = *data_length & 0x7f;
-
-	*data_length = 0;
-
-	while (len_count-- > 0) {
-	    *data_length = (*data_length << 8) | buf[used_length++];
-	} 
-    }
-
-    if (*data_length > (length-used_length) ) {
-	*data_length = length-used_length;
-	return NULL;
-    }
-
-    return (buf + used_length);	
-}
-
-unsigned char *
-GetAbove(unsigned char *cert,int cert_length,int *above_len)
-{
-	unsigned char *buf = cert;
-	int buf_length = cert_length;
-	unsigned char *tmp;
-	int len;
-
-	*above_len = 0;
-
-	/* optional serial number */
-	if ((buf[0] & 0xa0) == 0xa0) {
-	    tmp = data_start(buf,buf_length,&len);
-	    if (tmp == NULL) return NULL;
-	    buf_length -= (tmp-buf) + len;
-	    buf = tmp + len;
-	}
-        /* serial number */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-	/* skip the OID */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-	/* issuer */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-	/* skip the date */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-
-	*above_len = buf - cert;
-	return cert;
-}
-
-unsigned char *
-GetSubject(unsigned char *cert,int cert_length,int *subj_len) {
-	unsigned char *buf = cert;
-	int buf_length = cert_length;
-	unsigned char *tmp;
-	int len;
-
-	*subj_len = 0;
-
-	/* optional serial number */
-	if ((buf[0] & 0xa0) == 0xa0) {
-	    tmp = data_start(buf,buf_length,&len);
-	    if (tmp == NULL) return NULL;
-	    buf_length -= (tmp-buf) + len;
-	    buf = tmp + len;
-	}
-        /* serial number */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-	/* skip the OID */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-	/* issuer */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-	/* skip the date */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-
-	return data_start(buf,buf_length,subj_len);
-}
-
-unsigned char *
-GetBelow(unsigned char *cert,int cert_length,int *below_len) {
-	unsigned char *subj;
-	int subj_len;
-	unsigned char *below;
-
-	*below_len = 0;
-
-	subj = GetSubject(cert,cert_length,&subj_len);
-
-	below = subj + subj_len;
-	*below_len = cert_length - (below - cert);
-	return below;
-}
-
-unsigned char *
-GetSignature(unsigned char *sig,int sig_length,int *subj_len) {
-	unsigned char *buf = sig;
-	int buf_length = sig_length;
-	unsigned char *tmp;
-	int len;
-
-	*subj_len = 0;
-
-        /* signature oid */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-	buf_length -= (tmp-buf) + len;
-	buf = tmp + len;
-	/* signature data */
-	tmp = data_start(buf,buf_length,&len);
-	if (tmp == NULL) return NULL;
-
-	*subj_len = len -1;
-	return tmp+1;
-}
-
-int DER_Sequence(unsigned char *buf, int length) {
-    int next = 0;
-
-    buf[next++] = 0x30;
-    if (length < 0x80) {
-	buf[next++] = length;
-    } else {
-	buf[next++] = 0x82;
-	buf[next++] = (length >> 8) & 0xff;
-	buf[next++] = length & 0xff;
-    }
-    return next;
-}
-
-static
-int Cert_length(unsigned char *buf, int length) {
-    unsigned char tag;
-    int used_length= 0;
-    int data_length;
-
-    tag = buf[used_length++];
-
-    /* blow out when we come to the end */
-    if (tag == 0) {
-        return 0;
-    }
-
-    data_length = buf[used_length++];
-
-    if (data_length&0x80) {
-        int  len_count = data_length & 0x7f;
-
-        data_length = 0;
-
-        while (len_count-- > 0) {
-            data_length = (data_length << 8) | buf[used_length++];
-        }
-    }
-
-    if (data_length > (length-used_length) ) {
-        return length;
-    }
-
-    return (data_length + used_length);
-}
-
-int
-InitCard(int card, char *inpass) {
-    int cirv;
-    char buf[50];
-    char *pass;
-
-    cirv = CI_Open( 0 /* flags */, card);
-    if (cirv != CI_OK) return cirv;
-
-    if (inpass == NULL) {
-        sprintf(buf,"Enter PIN for card in socket %d: ",card);
-        pass = SECU_GetPasswordString(NULL, buf);
-
-        if (pass == NULL) {
-	    CI_Close(CI_POWER_DOWN_FLAG,card);
-	    return CI_FAIL;
-        }
-    } else pass=inpass;
-
-    cirv = CI_CheckPIN(CI_USER_PIN,(unsigned char *)pass);
-    if (cirv != CI_OK)  {
-	CI_Close(CI_POWER_DOWN_FLAG,card);
-    }
-    return cirv;
-}
-
-int
-isUser(CI_PERSON *person) {
-    return 1;
-}
-
-int
-isCA(CI_PERSON *person) {
-    return 0;
-}
-
-int FoundCert(int card, char *name, Cert *cert) {
-    CI_PERSON personalities[MAX_PERSONALITIES];
-    CI_PERSON *person;
-    int cirv;
-    int i;
-    int user_len = strlen(name);
-
-    PORT_Memset(personalities, 0, sizeof(CI_PERSON)*MAX_PERSONALITIES);
-
-    cirv = CI_GetPersonalityList(MAX_PERSONALITIES,personalities);
-    if (cirv != CI_OK) return 0;
-
-
-    cert->count = 1;
-    cert->valid[0].index = 0;
-    memcpy(cert->valid[0].label,"RRXX0000Root PAA Certificate        ",
-		sizeof(cert->valid[0].label));
-    cert->valid[0].cert = NULL;
-    for (i=0; i < MAX_PERSONALITIES; i++) {
-	person = &personalities[i];
-	if ( (PORT_Memcmp(person->CertLabel,"RRXX",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"RTXX",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"LAXX",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"INKS",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"INKX",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"ONKS",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"ONKX",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"KEAK",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"3IKX",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"DSA1",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"DSAI",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"DSAO",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"3IXS",4) == 0) ||
-	     (PORT_Memcmp(person->CertLabel,"3OXS",4) == 0) ){
-	    int index;
-
-	    cert->valid[cert->count].cert = NULL;
-	    memcpy(cert->valid[cert->count].label,
-				person->CertLabel,sizeof(person->CertLabel));
-	    for (index = sizeof(person->CertLabel)-1;
-		cert->valid[cert->count].label[index] == ' '; index--) {
-		cert->valid[cert->count].label[index] = 0;
-	    }
-	    cert->valid[cert->count++].index = person->CertificateIndex;
-	}
-    }
-    for (i=0; i < MAX_PERSONALITIES; i++) {
-	person = &personalities[i];
-	if (strncmp((char *)&person->CertLabel[8],name,user_len) == 0) {
-	    cert->card = card;
-	    cert->index = person->CertificateIndex;
-	    memcpy(&cert->label,person->CertLabel,sizeof(person->CertLabel));
-	    return 1;
-	}
-    }
-    return 0;
-}
-
-void
-Terminate(char *mess, int cirv, int card1, int card2)
-{
-    fprintf(stderr,"FAIL: %s error %d\n",mess,cirv);
-    if (card1 != -1) CI_Close(CI_POWER_DOWN_FLAG,card1);
-    if (card2 != -1) CI_Close(CI_POWER_DOWN_FLAG,card2);
-    CI_Terminate();
-    exit(1);
-}
-
-void
-usage(char *prog)
-{
-    fprintf(stderr,"usage: %s [-e email][-t transport][-u userpin][-U userpass][-s ssopin][-S ssopass][-o outfile] common_name ca_label\n",prog);
-    exit(1);
-}
-
-#define CERT_SIZE 2048	
-
-
-/* version and oid */
-unsigned char header[] = {
-    /* Cert OID */
-    0x02, 0x10,
-     0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00,
-    0x30, 0x0b, 0x06, 0x09,
-    0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13 };
-
-#define KEY_START 21
-#define KMID_OFFSET 4
-#define KEA_OFFSET 15
-#define DSA_OFFSET 148
-unsigned char key[] = {
-   /* Sequence(Constructed): 293 bytes (0x125) */
-   0x30, 0x82, 0x01, 0x25,
-   /*Sequence(Constructed): 11 bytes (0xb) */
-   0x30, 0x0b,
-   /* ObjectId(Universal): 9 bytes (0x9) */
-   0x06, 0x09,
-   0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x14,
-   /* BitString(Universal): 276 bytes (0x114) */
-   0x03, 0x82, 0x01, 0x14,
-   0x00, 0x00, 0x01, 0xef, 0x04, 0x01, 0x00, 0x01,
-   0x00, 0x00, 0x69, 0x60, 0x70, 0x00, 0x80, 0x02,
-   0x2e, 0x46, 0xb9, 0xcb, 0x22, 0x72, 0x0b, 0x1c,
-   0xe6, 0x25, 0x20, 0x16, 0x86, 0x05, 0x8e, 0x2b,
-   0x98, 0xd1, 0x46, 0x3d, 0x00, 0xb8, 0x69, 0xe1,
-   0x1a, 0x42, 0x7d, 0x7d, 0xb5, 0xbf, 0x9f, 0x26,
-   0xd3, 0x2c, 0xb1, 0x73, 0x01, 0xb6, 0xb2, 0x6f,
-   0x7b, 0xa5, 0x54, 0x85, 0x60, 0x77, 0x81, 0x8a,
-   0x87, 0x86, 0xe0, 0x2d, 0xbf, 0xdb, 0x28, 0xe8,
-   0xfa, 0x20, 0x35, 0xb4, 0xc0, 0x94, 0x10, 0x8e,
-   0x1c, 0x58, 0xaa, 0x02, 0x60, 0x97, 0xf5, 0xb3,
-   0x2f, 0xf8, 0x99, 0x29, 0x28, 0x73, 0x47, 0x36,
-   0xdd, 0x1d, 0x78, 0x95, 0xeb, 0xb8, 0xec, 0x45,
-   0x96, 0x69, 0x6f, 0x54, 0xc8, 0x1f, 0x2d, 0x3a,
-   0xd9, 0x0e, 0x8e, 0xaa, 0x59, 0x11, 0x8c, 0x3b,
-   0x8d, 0xa4, 0xed, 0xf2, 0x7d, 0xdc, 0x42, 0xaa,
-   0xa4, 0xd2, 0x1c, 0xb9, 0x87, 0xd0, 0xd9, 0x3d,
-   0x8e, 0x89, 0xbb, 0x06, 0x54, 0xcf, 0x32, 0x00,
-   0x02, 0x00, 0x00, 0x80, 0x0b, 0x80, 0x6c, 0x0f,
-   0x71, 0xd1, 0xa1, 0xa9, 0x26, 0xb4, 0xf1, 0xcd,
-   0x6a, 0x7a, 0x09, 0xaa, 0x58, 0x28, 0xd7, 0x35,
-   0x74, 0x8e, 0x7c, 0x83, 0xcb, 0xfe, 0x00, 0x3b,
-   0x62, 0x00, 0xfb, 0x90, 0x37, 0xcd, 0x93, 0xcf,
-   0xf3, 0xe4, 0x6d, 0x8d, 0xdd, 0xb8, 0x53, 0xe0,
-   0x5c, 0xda, 0x1a, 0x7e, 0x56, 0x03, 0x95, 0x03,
-   0x2f, 0x74, 0x86, 0xb1, 0xa0, 0xbb, 0x05, 0x91,
-   0xe4, 0x76, 0x83, 0xe6, 0x62, 0xf9, 0x12, 0x64,
-   0x5a, 0x62, 0xd8, 0x94, 0x04, 0x1f, 0x83, 0x02,
-   0x2e, 0xc5, 0xa7, 0x17, 0x46, 0x46, 0x21, 0x96,
-   0xc3, 0xa9, 0x8e, 0x92, 0x18, 0xd1, 0x52, 0x08,
-   0x1d, 0xff, 0x8e, 0x24, 0xdb, 0x6c, 0xd8, 0xfe,
-   0x80, 0x93, 0xe1, 0xa5, 0x4a, 0x0a, 0x37, 0x24,
-   0x18, 0x07, 0xbe, 0x0f, 0xaf, 0x73, 0xea, 0x50,
-   0x64, 0xa1, 0xb3, 0x77, 0xe5, 0x41, 0x02, 0x82,
-   0x39, 0xb9, 0xe3, 0x94 
-};
-
-unsigned char valitity[] = {
-   0x30, 0x1e,
-   0x17, 0x0d,
-   '2','0','0','0','0','1','0','1','0','0','0','0','Z',
-   0x17, 0x0d,
-   '2','0','0','5','1','2','0','1','0','0','0','0','Z'
-};
-
-
-unsigned char cnam_oid[] = { 0x06, 0x03, 0x55, 0x04, 0x03 };
-
-unsigned char signature[] = {
-    /* the OID */
-    0x30, 0x0b, 0x06, 0x09,
-    0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13,
-    /* signature wrap */
-    0x03, 0x29, 0x00,
-    /* 40 byte dsa signature */
-    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
-};
-
-unsigned char fortezza_oid [] = {
-    0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13
-};
-
-unsigned char software_ou[] = {
-    0x31, 26, 0x30, 24,
-    0x06, 0x03, 0x55, 0x04, 0x0b,
-    0x13, 17, 
-      'S','o','f','t','w',
-      'a','r','e',' ','F',
-      'O','R','T','E','Z','Z','A'
-};
-
-
-char letterarray[] = {
-	'a','b','c','d','e','f','g','h','i','j','k','l','m','n',
-	'o','p','q','r','s','t','u','v','w','x','y','z' };
-
-char constarray[] = {
-	'b','c','d','f','g','h','j','k','l','m','n',
-	'p','q','r','s','t','v','w','x','y','z' };
-
-char vowelarray[] = {
-	'a','e','i','o','u','y' };
-
-char digitarray[] = {
-	'0','1','2','3','4','5','6','7','8','9' };
-
-unsigned long
-getRandom(unsigned long max) {
-	unsigned short data;
-	unsigned long result;
-
-	fort_GenerateRandom((unsigned char *)&data,sizeof(data));
-
-	result = (unsigned long)data * max;
-	result = result >> 16;
-	return result;
-}
-
-
-char getLetter(void)
-{
-   return letterarray[getRandom(sizeof(letterarray))];
-}
-char getVowel(void)
-{
-   return vowelarray[getRandom(sizeof(vowelarray))];
-}
-char getDigit(void)
-{
-   return digitarray[getRandom(sizeof(digitarray))];
-}
-
-char getConst(void)
-{
-   return constarray[getRandom(sizeof(constarray))];
-}
-
-char *getPinPhrase(void)
-{
-    char * pass = PORT_ZAlloc(5);
-
-    pass[0] = getDigit();
-    pass[1] = getDigit();
-    pass[2] = getDigit();
-    pass[3] = getDigit();
-
-    return pass;
-}
-
-char *getPassPhrase(void)
-{
-    char * pass = PORT_ZAlloc(13);
-
-    pass[0] = getConst()+'A'-'a';
-    pass[1] = getVowel();
-    pass[2] = getConst();
-    pass[3] = getVowel();
-    pass[4] = getConst();
-    pass[5] = getVowel();
-    pass[6] = getConst();
-    pass[7] = getDigit();
-    pass[8] = getDigit();
-    pass[9] = getDigit();
-    pass[10] = getDigit();
-    pass[11] = getLetter()+'A'-'a';
-
-    return pass;
-}
-
-extern void
-makeCertSlot(fortSlotEntry *   entry,
-		int            index,
-		char *         label,
-		SECItem *      cert,
- 		FORTSkipjackKeyPtr Ks, 
-		unsigned char *xKEA, 
-		unsigned char *xDSA, 
- 		unsigned char *pubKey, 
-		int            pubKeyLen, 
-		unsigned char *p, 
-		unsigned char *q, 
-		unsigned char *g);
-
-extern void
-makeProtectedPhrase(FORTSWFile *     file, 
-		fortProtectedPhrase *prot_phrase,
-  	     	FORTSkipjackKeyPtr   Ks, 
-		FORTSkipjackKeyPtr   Kinit, 
-		char *               phrase);
-
-extern void
-fill_in(SECItem *item, unsigned char *data, int len);
-
-char *userLabel = "INKS0002                            ";
-int main(int argc, char **argv)
-{
-	char *progname = *argv++;
-	char *commonName = NULL;
-	char *caname = NULL;
-	char *email = NULL;
-	char *outname = NULL;
-	char *cp;
-	int arg_count = 0;
-	Cert caCert;
-        SECItem userCert;
-	int cirv,i;
-	int cards, start;
-	unsigned char *subject;
-	int            subject_len;
-	int            signature_len = sizeof(signature);
-	int            newSubject_len, newCertBody_len, len;
-	int            cname1_len, cname_len, pstring_len;
-	int            valitity_len = sizeof(valitity);
-	unsigned char origCert[CERT_SIZE];
-	unsigned char newSubject[CERT_SIZE];
-	unsigned char newCertBody[CERT_SIZE];
-	unsigned char newCert[CERT_SIZE];
-	unsigned char pstring[CERT_SIZE];
-	unsigned char cname1[CERT_SIZE];
-	unsigned char cname[CERT_SIZE];
-	CERTCertificate *myCACert = NULL;
-	CERTCertificate *cert;
-	CERTCertDBHandle *certhandle;
-	SECStatus rv;
-	unsigned char serial[16];
-	SECKEYPublicKey *pubKey;
-	DSAPrivateKey *keaPrivKey;
-	DSAPrivateKey *dsaPrivKey;
-	CI_RANDOM randomVal;
-	PQGParams *params;
-	int pca_index = -1;
-	unsigned char *p,*q,*g;
-	FORTSkipjackKey Ks;
-	FORTSkipjackKey Kinit;
-        FORTSWFile *file;
-        FORTSignedSWFile *signed_file;
-        FORTSignedSWFile *signed_file2;
-	unsigned char random[20];
-	unsigned char vers;
-	unsigned char *data;
-	char *transportPin=NULL;
-	char *ssoMemPhrase=NULL;
-	char *userMemPhrase=NULL;
-	char *ssoPin=NULL;
-	char *userPin=NULL;
-	char *pass=NULL;
-	SECItem *outItem;
-	int email_len = 0;
-	int emailAVA_len = 0;
-
-   
-    /* put better argument parsing here */
-    while ((cp = *argv++) != NULL) {
-	if (*cp == '-') {
-	    while (*++cp) {
-		switch (*cp) {
-		/* verbose mode */
-		case 'e':
-		    email = *argv++;
-		    break;
-		/* explicitly set the target */
-		case 'o':
-		    outname = *argv++;
-		    break;
-		case 't':
-		/* provide password on command line */
-		    transportPin = *argv++;
-		    break;
-		case 'u':
-		/* provide user password on command line */
-		    userPin = *argv++;
-		    break;
-		case 'U':
-		/* provide user password on command line */
-		    userMemPhrase = *argv++;
-		    break;
-		case 's':
-		/* provide user password on command line */
-		    ssoPin = *argv++;
-		    break;
-		case 'S':
-		/* provide user password on command line */
-		    ssoMemPhrase = *argv++;
-		    break;
-		case 'p':
-		/* provide card password on command line */
-		    pass = *argv++;
-		    break;
-		case 'd':
-		    transportPin="test1234567890";
-		    ssoMemPhrase="sso1234567890";
-		    userMemPhrase="user1234567890";
-		    ssoPin="9999";
-		    userPin="0000";
-		    break;
-		default:
-		    usage(progname);
-		    break;
-		}
-	    }
-	} else switch (arg_count++) {
-	    case 0:
-		commonName = cp;
-		break;
-	    case 1:
-		caname = cp;
-		break;
-	    default:
-		usage(progname);
-	} 
-    }
-
-    if (outname == NULL) outname = "swfort.sfi";
-    if (caname == NULL) usage(progname);
-
-
-
-	caCert.card = -1;
-	memset(newCert,0,CERT_SIZE);
-
-	if (commonName == NULL) usage(progname);
-	
-
-	cirv = CI_Initialize(&cards);
-
-        start = 0;
-	for (i=0; i < cards; i++) {
-	    cirv = InitCard(i+1,pass);
-	    if (cirv == CI_OK) {
-	      if (FoundCert(i+1,caname,&caCert)) {
-		break;
-	      }
-	    }
-	}
-	   
-	if (caCert.card == -1) {
-	   fprintf(stderr,
-	"WARNING: Couldn't find Signing CA...new cert will not be signed\n");
-	}
-
-
-	/*
-	 * initialize enough security to deal with certificates.
-	 */
-	NSS_NoDB_Init(NULL);
-	certhandle = CERT_GetDefaultCertDB();
-	if (certhandle == NULL) {
-	    Terminate("Couldn't build temparary Cert Database", 
-						1, -1, caCert.card);
-	    exit(1);
-	}
-
-	CI_GenerateRandom(random);
-	RNG_RandomUpdate(random,sizeof(random));
-	CI_GenerateRandom(random);
-	RNG_RandomUpdate(random,sizeof(random));
-
-
-    if (transportPin == NULL) transportPin = getPassPhrase();
-    if (ssoMemPhrase == NULL) ssoMemPhrase = getPassPhrase();
-    if (userMemPhrase == NULL) userMemPhrase = getPassPhrase();
-    if (ssoPin == NULL) ssoPin = getPinPhrase();
-    if (userPin == NULL) userPin = getPinPhrase();
-
-
-
-	/* now dump the certs into the temparary data base */
-	for (i=0; i < caCert.count; i++) {
-    	    SECItem derCert;
-
-	    cirv = CI_Select(caCert.card);
-	    if (cirv != CI_OK) {
-		Terminate("Couldn't select on CA card",cirv, 
-					-1, caCert.card);
-	    }
-	    cirv = CI_GetCertificate(caCert.valid[i].index,origCert);
-            if (cirv != CI_OK) {
-		continue;
-	    }
-	    derCert.data = origCert;
-	    derCert.len = Cert_length(origCert, sizeof(origCert));
-	    cert = 
-	(CERTCertificate *)CERT_NewTempCertificate(certhandle,&derCert, NULL, 
-							PR_FALSE, PR_TRUE);
-	    caCert.valid[i].cert = cert;
-	    if (cert == NULL) continue;
-            if (caCert.valid[i].index == caCert.index) myCACert=cert;
-	    if (caCert.valid[i].index == atoi((char *)&caCert.label[4]))
-				 pca_index = i;
-	}
-
-	if (myCACert == NULL) {
-	   Terminate("Couldn't find CA's Certificate", 1, -1, caCert.card);
-	   exit(1);
-	}
-
-	
-        /*
-	 * OK now build the user cert.
-	 */
-	/* first get the serial number and KMID */
-        cirv = CI_GenerateRandom(randomVal);
-	memcpy(&header[2],randomVal,sizeof(serial));
-	memcpy(serial,randomVal,sizeof(serial));
-	memcpy(&key[KEY_START+KMID_OFFSET],randomVal+sizeof(serial),7);
-							 /* KMID */
-
-	/* now generate the keys */
-	pubKey = CERT_ExtractPublicKey(myCACert);
-	if (pubKey == NULL) {
-	   Terminate("Couldn't extract CA's public key", 
-						1, -1, caCert.card);
-	   exit(1);
-	}
-
-
-	switch (pubKey->keyType) {
-	case fortezzaKey:
-	    params = (PQGParams *)&pubKey->u.fortezza.params;
-	    break;
-	case dsaKey:
-	    params = (PQGParams *)&pubKey->u.dsa.params;
-	    break;
-	default:
-	   Terminate("Certificate is not a fortezza or DSA Cert",
-					1, -1, caCert.card);
-	   exit(1);
-	}
-
-	rv = DSA_NewKey(params,&keaPrivKey);
-	if (rv != SECSuccess) {
-	   Terminate("Couldn't Generate KEA key", 
-					PORT_GetError(), -1, caCert.card);
-	   exit(1);
-	}
-	rv = DSA_NewKey(params,&dsaPrivKey);
-	if (rv != SECSuccess) {
-	   Terminate("Couldn't Generate DSA key", 
-					PORT_GetError(), -1, caCert.card);
-	   exit(1);
-	}
-
-	if (keaPrivKey->publicValue.len == 129) 
-					keaPrivKey->publicValue.data++;
-	if (dsaPrivKey->publicValue.len == 129) 
-					dsaPrivKey->publicValue.data++;
-	if (keaPrivKey->privateValue.len == 21) 
-					keaPrivKey->privateValue.data++;
-	if (dsaPrivKey->privateValue.len == 21) 
-					dsaPrivKey->privateValue.data++;
-
-	/* save the parameters */
-	p = params->prime.data;
-	if (params->prime.len == 129) p++;
-	q = params->subPrime.data;
-	if (params->subPrime.len == 21) q++;
-	g = params->base.data;
-	if (params->base.len == 129) g++;
-
-	memcpy(&key[KEY_START+KEA_OFFSET],
-			keaPrivKey->publicValue.data,
-			keaPrivKey->publicValue.len);
-	memcpy(&key[KEY_START+DSA_OFFSET],
-			dsaPrivKey->publicValue.data,
-			dsaPrivKey->publicValue.len);
-
-	/* build the der subject */
-	subject = data_start(myCACert->derSubject.data,myCACert->derSubject.len,
-		&subject_len);
-
-	/* build the new Common name AVA */
-	len = DER_Sequence(pstring,strlen(commonName));
-	memcpy(pstring+len,commonName,strlen(commonName));
-					 len += strlen(commonName);
-	pstring_len = len;
-	pstring[0] = 0x13;
-
-	len = DER_Sequence(cname1,sizeof(cnam_oid)+pstring_len);
-	memcpy(cname1+len,cnam_oid,sizeof(cnam_oid)); len += sizeof(cnam_oid);
-	memcpy(cname1+len,pstring,pstring_len); len += pstring_len;
-	cname1_len = len;
-
-	len = DER_Sequence(cname, cname1_len);
-	memcpy(cname+len,cname1,cname1_len); len += cname1_len;
-	cname_len = len;
-	cname[0] = 0x31; /* make it a set rather than a sequence */
-
-	if (email) {
-	    email_len = strlen(email);
-	    emailAVA_len = EMAIL_DATA_START + email_len;
-	}
-
-	/* now assemble it */
-	len = DER_Sequence(newSubject,subject_len + sizeof(software_ou) +
-				cname_len + emailAVA_len);
-	memcpy(newSubject+len,subject,subject_len);
-
-	for (i=0; i < subject_len; i++) {
-	   if (memcmp(newSubject+len+i,cnam_oid,sizeof(cnam_oid)) == 0) {
-		newSubject[i+len+4] = 0x0b; /* change CN to OU */
-		break;
-	   }
-	}
-	len += subject_len;
-	memcpy(newSubject+len,software_ou,sizeof(software_ou)); 
-						len += sizeof(software_ou);
-	memcpy(newSubject+len,cname,cname_len); len += cname_len;
-	newSubject_len = len;
-
-	/*
-	 * build the email AVA
-	 */
-	if (email) {
-	    memcpy(&emailAVA[EMAIL_DATA_START],email,email_len);
-	    for (i=0; i < offsetCount; i++) {
-		emailAVA[emailOffset[i]] += email_len;
-	    }
-	    memcpy(newSubject+len,emailAVA,emailAVA_len);
-	    newSubject_len += emailAVA_len;
-	}
-
-
-	/*
-	 * Assemble the Cert
-	 */
-
-	len = DER_Sequence(newCertBody,sizeof(header)+newSubject_len+
-	   valitity_len+myCACert->derSubject.len+sizeof(key));
-	memcpy(newCertBody+len,header,sizeof(header));len += sizeof(header);
-	memcpy(newCertBody+len,myCACert->derSubject.data,
-		myCACert->derSubject.len);len += myCACert->derSubject.len;
-	memcpy(newCertBody+len,valitity,valitity_len);len += valitity_len;
-	memcpy(newCertBody+len,newSubject,newSubject_len);
-						len += newSubject_len;
-	memcpy(newCertBody+len,key,sizeof(key));len += sizeof(key);
-	newCertBody_len = len;
-
-
-	/*
-	 * generate the hash
-	 */
-	cirv = CI_InitializeHash();
-	if (cirv == CI_OK) {
-	    int hash_left = newCertBody_len & 63;
-	    int hash_len = newCertBody_len - hash_left;
-	    cirv = CI_Hash(hash_len,newCertBody);
-	    if (cirv == CI_OK) {
-		cirv = CI_GetHash(hash_left,newCertBody+hash_len,hash);
-	    }
-	}
-
-	/*
-	 * now sign the hash
-	 */
-	if ((cirv == CI_OK) && (caCert.card != -1)) {
-	    cirv = CI_Select(caCert.card);
-	    if (cirv == CI_OK) {
-		cirv = CI_SetPersonality(caCert.index);
-		if (cirv == CI_OK) {
-		    cirv = CI_Sign(hash,sig);
-		}
-	    }
-	} else cirv = -1;
-
-	if (cirv != CI_OK) {
-	   memcpy(sig,hash,sizeof(hash));
-	}
-
-	/*
-	 * load in new signature
-	 */
-	{
-	    int sig_len;
-	    unsigned char *sig_start = 
-			GetSignature(signature,signature_len,&sig_len);
-	    memcpy(sig_start,sig,sizeof(sig));
-	}
-
-	/*
-	 * now do the final wrap
-	 */
-	len = DER_Sequence(newCert,newCertBody_len+signature_len);
-	memcpy(newCert+len,newCertBody,newCertBody_len); len += newCertBody_len;
-	memcpy(newCert+len, signature, signature_len); len +=signature_len;
-	userCert.data = newCert;
-	userCert.len = len;
-
-
-	/* OK, we now have our cert, let's go build our software file */
-	signed_file = PORT_ZNew(FORTSignedSWFile);
-	file = &signed_file->file;
-
-	signed_file->signatureWrap.signature.data  = PORT_ZAlloc(40);
-	signed_file->signatureWrap.signature.len  = 40;
-	signed_file->signatureWrap.signatureAlgorithm.algorithm.data  =
-                                       fortezza_oid;
-	signed_file->signatureWrap.signatureAlgorithm.algorithm.len = 
-					sizeof(fortezza_oid);
-
-        vers = 1;
-	fill_in(&file->version,&vers,1);
-	file->derIssuer.data = myCACert->derSubject.data;
-	file->derIssuer.len = myCACert->derSubject.len;
-	file->serialID.data = serial;
-	file->serialID.len =sizeof(serial);
-	/* generate out Ks value */
-	fort_GenerateRandom(Ks,sizeof(Ks));
-	makeProtectedPhrase(file,&file->initMemPhrase,Kinit,NULL,transportPin);
-	makeProtectedPhrase(file,&file->ssoMemPhrase,Ks,Kinit,ssoMemPhrase);
-	makeProtectedPhrase(file,&file->ssoPinPhrase,Ks,Kinit,ssoPin);
-	makeProtectedPhrase(file,&file->userMemPhrase,Ks,Kinit,userMemPhrase);
-	makeProtectedPhrase(file,&file->userPinPhrase,Ks,Kinit,userPin);
-	file->wrappedRandomSeed.data = PORT_ZAlloc(12);
-	file->wrappedRandomSeed.len = 12;
-        cirv = fort_GenerateRandom(file->wrappedRandomSeed.data,10);
-	if (cirv != CI_OK) {
-	   Terminate("Couldn't get Random Seed", 
-					cirv, -1, caCert.card);
-	}
-	fort_skipjackWrap(Ks,12,file->wrappedRandomSeed.data,
-                                file->wrappedRandomSeed.data);
-	file->slotEntries = PORT_ZAlloc(sizeof(fortSlotEntry *)*5);
-	/* paa */
-	file->slotEntries[0] = PORT_ZNew(fortSlotEntry);
-	makeCertSlot(file->slotEntries[0],0,
-				(char *)caCert.valid[0].label,
-				&caCert.valid[0].cert->derCert,
-						Ks,NULL,NULL,NULL,0,p,q,g);
-	/* pca */
-	file->slotEntries[1] = PORT_ZNew(fortSlotEntry);
-	makeCertSlot(file->slotEntries[1],1,
-				(char *)caCert.valid[pca_index].label,
-				&caCert.valid[pca_index].cert->derCert,
-						Ks,NULL,NULL,NULL,0,p,q,g);
-	/* ca */
-	file->slotEntries[2] = PORT_ZNew(fortSlotEntry);
-	/* make sure the caCert lable points to our new pca slot location */
-	caCert.label[4] = '0';
-	caCert.label[5] = '0';
-	caCert.label[6] = '0';
-	caCert.label[7] = '1';
-	makeCertSlot(file->slotEntries[2],2,(char *)caCert.label,
-				&myCACert->derCert,Ks,NULL,NULL,NULL,0,p,q,g);
-	/* user */
-	file->slotEntries[3] = PORT_ZNew(fortSlotEntry);
-	strncpy(&userLabel[8],commonName,sizeof(CI_PERSON)-8);
-	makeCertSlot(file->slotEntries[3],3,userLabel,&userCert,Ks,
-		keaPrivKey->privateValue.data,
-		dsaPrivKey->privateValue.data,
-		key, sizeof(key), p, q, g);
-	file->slotEntries[4] = 0;
-
-	/* encode the file so we can sign it */
-	outItem = FORT_PutSWFile(signed_file);
-
-	/* get the der encoded data to sign */
-	signed_file2 = FORT_GetSWFile(outItem);
-
-	/* now sign it */
-	len = signed_file2->signatureWrap.data.len;
-	data = signed_file2->signatureWrap.data.data;
-	/*
-	 * generate the hash
-	 */
-	cirv = CI_InitializeHash();
-	if (cirv == CI_OK) {
-	    int hash_left = len & 63;
-	    int hash_len = len - hash_left;
-	    cirv = CI_Hash(hash_len,data);
-	    if (cirv == CI_OK) {
-		cirv = CI_GetHash(hash_left,data+hash_len,hash);
-	    }
-	}
-
-	/*
-	 * now sign the hash
-	 */
-	if ((cirv == CI_OK) && (caCert.card != -1)) {
-	    cirv = CI_Select(caCert.card);
-	    if (cirv == CI_OK) {
-		cirv = CI_SetPersonality(caCert.index);
-		if (cirv == CI_OK) {
-		    cirv = CI_Sign(hash,sig);
-		}
-	    }
-	} else cirv = -1;
-
-	if (cirv != CI_OK) {
-	   memcpy(sig,hash,sizeof(hash));
-	}
-	memcpy( signed_file->signatureWrap.signature.data,sig,sizeof(sig));
-	signed_file->signatureWrap.signature.len = sizeof(sig)*8; 
-
-
-	/* encode it for the last time */
-	outItem = FORT_PutSWFile(signed_file);
-
-
-	/*
-	 * write it out to the .sfi file
-	 */
-	{
-	    int fd = open(outname,O_WRONLY|O_CREAT|O_BINARY,0777);
-
-	    write(fd,outItem->data,outItem->len);
-	    close(fd);
-	}
-	CI_Close(CI_POWER_DOWN_FLAG,caCert.card);
-	CI_Terminate();
-
-	printf("Wrote %s to file %s.\n",commonName,outname);
-	printf("Initialization Memphrase: %s\n",transportPin);
-	printf("SSO Memphrase: %s\n",ssoMemPhrase);
-	printf("User Memphrase: %s\n",userMemPhrase);
-	printf("SSO pin: %s\n",ssoPin);
-	printf("User pin: %s\n",userPin);
-
-	return 0;
-}
-
deleted file mode 100644
--- a/security/nss/cmd/ttformat/Makefile
+++ /dev/null
@@ -1,78 +0,0 @@
-#! gmake
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-include ../platrules.mk
-
deleted file mode 100644
--- a/security/nss/cmd/ttformat/manifest.mn
+++ /dev/null
@@ -1,52 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20
-
-# MODULE public and private header  directories are implicitly REQUIRED.
-MODULE = nss
-
-CSRCS = ttformat.c
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm 
-
-PROGRAM = ttformat 
-
deleted file mode 100755
--- a/security/nss/cmd/ttformat/nClient
+++ /dev/null
@@ -1,49 +0,0 @@
-# /bin/ksh 
-#
-# nClient -- run the nss test strsclnt for performance testing
-#
-# syntax: nClient [options]
-#
-# where: options are:
-#   any valid command line option for strsclnt
-#   Note that some options are set by this script!
-#
-# Description:
-# nClient runs the nss test program "strsclnt" for purposes of
-# gathering performance data.
-#
-# some shell variables are set at the top of the script
-# you may have to change these, depending on the host you
-# are running on and other "stuff". caveat emptor.
-#
-# You will have to tinker with this script to get it to
-# run for you.
-#
-# See also: nServ
-#
-# --- begin nClient -------------------------------------------------------
-baseDir=/home/lorenzo/nss-raw/mozilla
-#
-# shell variables for running strsclnt 
-#
-export HOST=`hostname -s`
-export DOMSUF=red.iplanet.com
-serverHost=dbldog
-nssDB=${baseDir}/tests_results/security/${HOST}.1/client
-nssHost=${HOST}.red.iplanet.com
-pushd ${baseDir}/security/nss/tests/common
-objDir=`gmake objdir_name`
-popd
-#
-#
-nssOptions="-p 12944 ${serverHost}.red.iplanet.com"
-export LD_LIBRARY_PATH=${baseDir}/dist/${objDir}/lib
-clientProg=${baseDir}/security/nss/cmd/strsclnt/${objDir}/strsclnt
-#
-# do the test
-#
-nssCommand="${clientProg} -d ${nssDB} ${nssOptions}" 
-echo $nssCommand $*
-${nssCommand} $* &
-# 
-# --- end nClient --------------------------------------------------------
deleted file mode 100755
--- a/security/nss/cmd/ttformat/nServ
+++ /dev/null
@@ -1,49 +0,0 @@
-# /bin/ksh 
-#
-# nServ -- run the nss test selfserv for performance testing
-#
-# syntax: nServ [options]
-#
-# where: options are:
-#   Valid arguments to the selfserv program
-#   Note that this script sets some options
-#
-# Description:
-# nServ runs the nss test program "selfserv" for purposes of
-# gathering performance data.
-#
-# some shell variables are set at the top of the script
-# you may have to change these, depending on the host you
-# are running on and other "stuff". caveat emptor.
-#
-# See also: nClinet
-#
-# --- begin nServ -------------------------------------------------------
-#
-baseDir=/home/lorenzo/nss-server/mozilla
-#
-# shell variables for running selfserv
-#
-export HOST=`hostname -s`
-export DOMSUF=red.iplanet.com
-nssDB=${baseDir}/tests_results/security/${HOST}.1/server
-nssHost=${HOST}.red.iplanet.com
-nssOptions="-p 12944 -w nss"
-pushd ${baseDir}/security/nss/tests/common
-objDir=`gmake objdir_name`
-popd
-export LD_LIBRARY_PATH=${baseDir}/dist/${objDir}/lib
-#
-# shell variables for capturing instrumentation data
-#
-export NSPR_LOG_MODULES=TestCase:6
-export NSPR_LOG_FILE=xxxLogfile
-#
-# do the test
-#
-nssCommand="${baseDir}/dist/${objDir}/bin/selfserv -d ${nssDB} -n ${nssHost} ${nssOptions}" 
-echo $nssCommand
-${nssCommand} $* & 
-# xxgdb ${baseDir}/dist/${objDir}/bin/selfserv
-# 
-# --- end nServ -------------------------------------------------------
deleted file mode 100755
--- a/security/nss/cmd/ttformat/redux.pl
+++ /dev/null
@@ -1,77 +0,0 @@
-#
-# redux.pl -- general nss trace data extraction
-#
-# syntax: redux.pl 
-#
-# redux.pl reads a file of formatted trace table records from stdin
-# The trace records are formatted by nssilock.c 
-# redux.pl parses the lines and accumulates data in a hash
-# When finished with stdin, redux.pl traverses the hash and emits
-# the accumulated data.
-# 
-# Operation:
-# read stdin, accumulate in a hash by file, line, type.
-# traverse the hash, reporting data.
-#
-# raw data format:
-#   thredid op ltype callTime heldTime lock line file
-#
-# Notes:
-# After running redux.pl, sort the report on column 4 in decending sequence
-# to see where the lock contention is.
-#
-#
-# -----------------------------------------------------------------------
-use Getopt::Std;
-
-getopts("h") || die "redux.pl: unrecognized command option";
-
-
-# -----------------------------------------------------------------------
-# read stdin to exhaustion
-while ( <STDIN> ) {
-   $recordCount++;
-#   next if ($recordCount < 36000 ); # skip initialization records
-   chomp;
-   ($thredid, $op, $ltype, $callTime, $heldTime, $lock, $line, $file) = split;
-
-# select out un-interesting lines
-#   next if (( $callTime < $opt_c ) && ( $heldTime < $opt_h ));
-#   print $_, "\n";
-
-# count general stats
-   $interesting++;
-
-# format the key
-   $hashKey = $file ." ". $line ." ". $ltype;
-
-# Update the data in the hash entry 
-   $theData = $theHash{$hashKey}; # read it if it already exists
-   ( $hCount, $hcallTime, $hheldTime, $hcallMax, $hheldMax ) = split(/\s+/, $theData );
-   $hCount++;
-   $hcallTime += $callTime;
-   $hheldTime += $heldTime;
-   $hcallMax  =  ( $hcallMax > $callTime )? $hcallMax : $callTime;
-   $hheldMax  =  ( $hheldMax > $heldTime )? $hheldMax : $heldTime;
-
-# Write theData back to the hash
-   $theData = $hCount." ".$hcallTime." ".$hheldTime." ".$hcallMax." ".$hheldMax;
-   $theHash{$hashKey} = $theData;
-} # end while()
-
-# -----------------------------------------------------------------------
-# traverse theHash
-   printf("%-16s %6s %-16s %8s %8s %8s %8s %8s\n", 
-      "File","line","ltype","hits","calltim","heldtim","callmax","heldmax" );
-while (($hashKey,$theData) = each(%theHash)) {
-   $hashElements++;
-   ($file, $line, $ltype) = split(/\s+/, $hashKey );
-   ( $hCount, $hcallTime, $hheldTime, $hcallMax, $hheldMax ) = split(/\s+/, $theData );
-   printf("%-16s %6d %-16s %8d %8d %8d %8d %8d\n", 
-       $file, $line, $ltype, $hCount, $hcallTime, $hheldTime, $hcallMax, $hheldMax );
-} # end while()
-
-# -----------------------------------------------------------------------
-# dump global statistics
-printf ("Record count: %d\n", $recordCount );
-printf("Interesting: %d, HashElements: %d\n", $interesting, $hashElements);
deleted file mode 100644
--- a/security/nss/cmd/ttformat/reduxhwm.pl
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# reduxhwm.pl -- analyze highwatermark data in xxxLogfile 
-#
-# example interesting line in xxxLogfile
-# 1026[8154da0]: selfserv: Launched thread in slot 37, highWaterMark: 63 
-#
-# 
-#
-while ( <STDIN> ) {
-   chomp;
-   ($proc, $who, $launched, $thread, $in, $slotx, $slot, $hwm, $highwatermark) = split;
-   if ( $launched == "Launched" ) {
-      next if ( $slot == 0 );
-      $notInteresting++;
-      if ( $hwmMax < $highwatermark ){
-         $hwmMax = $highwatermark;
-      }
-      $hwmArray[$slot] += 1;
-      $interesting++;
-   }
-} # end while()
-
-printf ("Interesteing:    %d\n", $interesting );
-printf ("Not Interesting: %d\n", $notInteresting - $interesting );
-
-foreach $element (@hwmArray) {
-    $percent = 100*($element / $interesting);
-    $percentTotal += $percent;
-    printf("Slot %2d: %d hits, %2.2f percent, %2.2f total percent\n", $i, $element, $percent, $percentTotal );
-    $i++;
-}
-printf("Sum of percentages: %3.2f\n", $percentTotal );
-# --- end ---
deleted file mode 100644
--- a/security/nss/cmd/ttformat/ttformat.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape Portable Runtime (NSPR).
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
-** File: ttformat.c
-** Description:  ttformat.c reads the file "xxxTTLog". xxxTTLog
-** contains fixed length binary data written by nssilock. 
-** ttformat formats the data to a human readable form (printf) 
-** usable for visual scanning and for processing via a perl script. 
-** Output is written to stdout
-**
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <nssilock.h>
-
-/*
-** struct maps enum nssILockType to character representation
-*/
-struct {
-    nssILockType ltype;
-    char *name;
-} ltypeNameT[] = {
-    { nssILockArena, "Arena" },
-    { nssILockSession, "Session" },
-    { nssILockObject, "Object" },
-    { nssILockRefLock, "RefLock" },
-    { nssILockCert, "Cert", },
-    { nssILockCertDB, "CertDB" },
-    { nssILockDBM, "DBM" },
-    { nssILockCache, "Cache" },
-    { nssILockSSL, "SSL" },
-    { nssILockList, "List" },
-    { nssILockSlot, "Slot" },
-    { nssILockFreelist, "Freelist" },
-    { nssILockOID, "OID" },
-    { nssILockAttribute, "Attribute" },
-    { nssILockPK11cxt, "PK11Context" }, 
-    { nssILockRWLock, "RWLock" },
-    { nssILockOther, "Other" },
-    { nssILockSelfServ, "SelfServ" }
-}; /* end ltypeNameT */
-
-/*
-** struct maps enum nssILockOp to character representation
-*/
-struct {
-   nssILockOp op;
-   char *name;
-} opNameT[] = {
-    { FlushTT, "FlushTT" },
-    { NewLock, "NewLock" },
-    { Lock, "Lock" },
-    { Unlock, "Unlock" },
-    { DestroyLock, "DestroyLock" },
-    { NewCondVar, "NewCondVar" },
-    { WaitCondVar, "WaitCondVar" },
-    { NotifyCondVar, "NotifyCondVar" },
-    { NotifyAllCondVar, "NotifyAllCondVar" },
-    { DestroyCondVar, "DestroyCondVar" },
-    { NewMonitor, "NewMonitor" },
-    { EnterMonitor, "EnterMonitor" },
-    { ExitMonitor, "ExitMonitor" },
-    { Notify, "Notify" },
-    { NotifyAll, "NotifyAll" },
-    { Wait, "Wait" },
-    { DestroyMonitor, "DestroyMonitor" }
-}; /* end opNameT */
-
-
-int main(int argc, char *argv[])
-{
-   FILE	*filea;
-   struct pzTrace_s inBuf;
-   char   *opName;
-   char   *ltypeName;
-   int    rCount = 0;
-   int    oCount = 0;
-
-   filea = fopen( "xxxTTLog", "r" );
-   if ( NULL == filea ) {
-       fprintf( stderr, "ttformat: Oh drat! Can't open 'xxxTTLog'\n" );
-       exit(1);
-   }
-
-   while(1 == (fread( &inBuf, sizeof(inBuf), 1 , filea ))) {
-       ++rCount;
-       if ( inBuf.op > DestroyMonitor ) continue;
-       if ( inBuf.op < FlushTT ) continue;
-
-       opName = opNameT[inBuf.op].name;
-       ltypeName = ltypeNameT[inBuf.ltype].name;
-       
-       ++oCount;
-       printf("%8d %18s %18s %6d %6d %12p %6d %20s\n",
-          inBuf.threadID, opName, ltypeName, inBuf.callTime, inBuf.heldTime,
-          inBuf.lock, inBuf.line, inBuf.file );
-   } /* end while() */   
-  
-   fprintf( stderr, "Read: %d, Wrote: %d\n", rCount, oCount ); 
-   return 0;
-}  /* main() */
-/* end ttformat.c */
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/Makefile
+++ /dev/null
@@ -1,180 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-include manifest.mn
-include $(CORE_DEPTH)/coreconf/config.mk
-include config.mk
-
-CILIB                   = $(OBJDIR)/cilib.$(LIB_SUFFIX)
-ORIG_CILIB              = libci/$(OS_TARGET)$(OS_RELEASE).$(LIB_SUFFIX)
-
-ifeq (,$(filter-out WINNT WINCE,$(OS_TARGET)))  # omits WIN16 WIN95
-ORIG_CILIB              = libci/tssp32.lib
-endif
-
-ifeq ($(OS_TARGET), WIN16)
-ORIG_CILIB              = libci/tssp.lib
-endif
-
-ifeq ($(OS_TARGET), WIN95)
-ORIG_CILIB              = libci/tssp32.lib
-endif
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-STUBDLL                 = $(OBJDIR)/stub.$(DLL_SUFFIX)
-endif
-
-STUBLIB                 = $(OBJDIR)/stub.$(LIB_SUFFIX)
-
-ifeq ($(OS_TARGET), WIN16)
-W16LIBS         += $(CILIB)
-else
-EXTRA_LIBS      += $(CILIB)
-endif
-
-INST_JS                 = inst.js
-LIBCI_JAR               = $(OBJDIR)/libfort.jar
-LIBCI_JAR_SRC           = $(INST_JS) $(SHARED_LIBRARY)
-
-ifneq ($(OS_TARGET), WIN16)
-TARGETS : $(LIBCI_JAR) 
-endif
-
-ifeq ($(OS_TARGET), WIN16)
-# note that rules.mk is not included below for WIN16
-all:
-	@echo Skipping fortcrypt directory for 16-bit windows builds
-
-all_platforms alltags clean clobber clobber_all realclean: all
-
-boot export install libs program release: all
-
-endif
-
-$(SHARED_LIBRARY): $(CILIB) $(DIRS)
-
-cilib_name:
-	@echo $(CILIB)
-
-$(CILIB):
-	@$(MAKE_OBJDIR)
-	@if test -f $(ORIG_CILIB); then \
-		echo "Copying $(ORIG_CILIB) to $@"; \
-		cp $(ORIG_CILIB) $@; \
-	else \
-		echo "Making empty stub $@"; \
-		$(MAKE) $(STUBLIB); \
-	fi
-	@$(RANLIB) $@
-
-$(STUBLIB): $(OBJDIR)/maci$(OBJ_SUFFIX)
-	@$(MAKE_OBJDIR)
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-	$(MAKE) $(STUBDLL)
-else
-	$(AR) $<
-endif
-	cp $@ $(CILIB)
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-$(STUBDLL): $(OBJDIR)/maci.o
-ifdef NS_USE_GCC
-	$(LINK_DLL) -Wl,--out-implib,$(STUBLIB) $(OBJDIR)/maci.o $(OS_LIBS)
-else
-	$(LINK_DLL) -MAP $(DLLBASE) $(subst /,\\,$(OBJDIR)/maci.o $(OS_LIBS))
-endif
-
-$(OBJDIR)/maci.o: maci.c
-ifdef NS_USE_GCC
-	$(CC) -o $@ -c $(CFLAGS) $<
-else
-	$(CC) -Fo$@ -c $(CFLAGS) $<
-endif
-endif
-
-#
-# The following rules packages the shared library into a JAR,
-# ready to be signed
-#
-$(OBJDIR)/replace: replace.c
-	$(CC) -o $@ $<
-
-# ZIP options:
-# -5 means medium compression
-# -q means quiet
-# -j means do not store tree structure, all files go into one dir
-#
-$(LIBCI_JAR): $(DIRS) $(LIBCI_JAR_SRC)
-	@echo +++ building $@ from $(LIBCI_JAR_SRC)
-	@rm -f $@
-	zip -5qj $@ $(LIBCI_JAR_SRC) 
-
-force:
-	(cd swfort ; $(MAKE))
-
-
-MD_FILES += $(LIBCI_JAR)
-
-# coreconf doesn't build the AIX shared library for FORTEZZA,
-# so I'm going to override their shared library command and build the shared
-# library the way config used to.
-#
-ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1)
-DSO_LDOPTS              = -bM:SRE -bh:4 -bnoentry
-EXTRA_DSO_LDOPTS        = -lc
-MKSHLIB                 = svld $(DSO_LDOPTS)
-
-$(SHARED_LIBRARY): $(OBJS)
-	@$(MAKE_OBJDIR)
-	rm -f $@
-	$(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS)
-	chmod +x $@
-endif
-
-ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2)
-LD      += -G
-endif 
-
-
-ifneq ($(OS_TARGET), WIN16)
-include $(CORE_DEPTH)/coreconf/rules.mk
-endif
-
-export:: private_export
-
-
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/config.mk
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-#  Override TARGETS variable so that only shared libraries
-#  are specifed as dependencies within rules.mk.
-#
-
-TARGETS        = $(SHARED_LIBRARY)
-LIBRARY        =
-IMPORT_LIBRARY =
-PROGRAM        =
-
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/cryptint.h
+++ /dev/null
@@ -1,706 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* @(#)cryptint.h	1.26\t10 Nov 1995 */
-/*****************************************************************************
-  Definitive Fortezza header file.
-  Application Level Interface to Fortezza CI Library.
-
-  Version for CI Library 1.52
-    November 8, 1995
-
-
-  NOTICE: Fortezza Export Policy
-
-    The Fortezza Cryptologic Interface (CI) Library (both source and 
-    object) and Fortezza CI Library based applications are defense 
-    articles, as defined in the International Traffic In Arms 
-    Regulations (ITAR), and are subject to export controls under the 
-    ITAR and the Arms Export Control Act. Any export to any country 
-    of (a) the Fortezza CI Library, related documentation, and 
-    technical data, or (b) your cryptographic application, process, 
-    or service that is the direct product of, or contains the 
-    Fortezza CI Library must comply with the requirements of the ITAR. 
-    If you or your customer intends to engage in such export, contact 
-    the United States Department of State, Office of Defense Trade 
-    Controls for specific guidance.
-
-
- ****************************************************************************/
-#ifndef __CRYPTINT_H
-#define __CRYPTINT_H
-
-#if __cplusplus__ || __cplusplus
-extern "C"
-{
-#endif /* C++ */
-
-#ifndef PROTO_LIST
-#ifdef _K_AND_R_
-#define PROTO_LIST(list)  ()
-#else
-#define PROTO_LIST(list)  list
-#endif /*_K_AND_R_ */
-#endif /* PROTO_LIST */
-
-
-#ifndef RETURN_TYPE
-#if defined( _WIN32 ) || defined( __WIN32__ )
-#define RETURN_TYPE  __declspec(dllimport) int
-#elif defined( _WINDOWS ) || defined( _Windows )
-#define RETURN_TYPE  extern int _far _pascal
-#else
-#define RETURN_TYPE  extern int
-#endif /* Windows */
-#endif /* RETURN_TYPE */
-
-/* MS Visual C++ defines _MSDOS and _WINDOWS    */
-/* Borland C/C++ defines __MSDOS__ and _Windows */
-#if defined( _WIN32 ) ||  defined ( __WIN32__ )
-#define CI_FAR
-#elif defined( _WINDOWS ) || defined( _Windows )
-#define CI_FAR  _far
-#else
-#define CI_FAR
-#endif /* MS DOS or Windows */
-
-
-/*****************************************************************************
-  Constants
- ****************************************************************************/
-#define CI_LIB_VERSION_VAL        0x0152    /* Version 1.52 */
-
-#define CI_CERT_SIZE              2048
-#define CI_CERT_FLAGS_SIZE        16
-#define CI_CERT_NAME_SIZE         32
-#define CI_CHALLENGE_SIZE         20
-
-#define CI_G_SIZE                 128
-
-#define CI_HASHVALUE_SIZE         20
-
-#define CI_IV_SIZE                24
-
-#define CI_KEY_SIZE               12
-#define CI_KS_SIZE                10
-
-#define CI_NAME_SIZE              32
-
-#define CI_PASSWORD_SIZE          24
-#define CI_PIN_SIZE               12
-#define CI_P_SIZE                 128
-
-#define CI_Q_SIZE                 20
-
-#define CI_R_SIZE                 40
-#define CI_RANDOM_NO_SIZE         20
-#define CI_RANDOM_SEED_SIZE       8
-#define CI_RA_SIZE                128
-#define CI_RB_SIZE                128
-#define CI_REG_FLAGS_SIZE         4
-
-#define CI_S_SIZE                 40
-#define CI_SAVE_DATA_SIZE         28
-#define CI_SERIAL_NUMBER_SIZE     8
-#define CI_SIGNATURE_SIZE         40
-#define CI_STATUS_FLAGS_SIZE      4
-
-#define CI_TIME_SIZE              16
-#define CI_TIMESTAMP_SIZE         16
-
-#define CI_WRAPPED_X_SIZE         24
-
-#define CI_Y_SIZE                 128
-
-#define CI_X_SIZE                 20
-
-
-/* Miscellaneous */
-#define CI_NULL_FLAG              0 
-#define CI_POWER_DOWN_FLAG        2
-#define CI_NO_LOG_OFF_FLAG        4
-#define CI_INITIATOR_FLAG         0
-#define CI_RECIPIENT_FLAG         1
-
-#define CI_BLOCK_LOCK_FLAG        1
-#define CI_SSO_LOGGED_ON          0x40
-#define CI_USER_LOGGED_ON         0x00
-#define CI_FAST_MODE              0x10
-#define CI_SLOW_MODE              0x00
-#define CI_WORST_CASE_MODE        0x40
-#define CI_TYPICAL_CASE_MODE      0x00
-
-/* Card Public Key Algorithms Types */
-#define CI_DSA_TYPE               0xA
-#define CI_KEA_TYPE               0x5
-#define CI_DSA_KEA_TYPE           0xF
-
-/* Fortezza Pin Types */
-#define CI_SSO_PIN                0x25
-#define CI_USER_PIN               0x2A
-
-/* Crypto Types */
-#define CI_ENCRYPT_TYPE           0
-#define CI_DECRYPT_TYPE           1
-#define CI_HASH_TYPE              2
-
-/* Save and Restore Types */
-#define CI_ENCRYPT_INT_TYPE       0x00      /* Internal Encryption */
-#define CI_ENCRYPT_EXT_TYPE       0x10      /* External Encryption */
-#define CI_DECRYPT_INT_TYPE       0x01      /* Internal Decryption */
-#define CI_DECRYPT_EXT_TYPE       0x11      /* External Decryption */
-#define CI_HASH_INT_TYPE          0x02      /* Internal Hash */
-#define CI_HASH_EXT_TYPE          0x12      /* External Hash */
-#define CI_TYPE_EXT_FLAG          0x10      /* Used to differentiate */
-
-/* Configuration types */
-#define CI_SET_SPEED_TYPE         1
-#define CI_SET_TIMING_TYPE        2
-
-/* Lock States */
-#define CI_SOCKET_UNLOCKED        0
-#define CI_HOLD_LOCK              1
-#define CI_SOCKET_LOCKED          2
-
-/* Fortezza Crypto Types Modes */
-#define CI_ECB64_MODE             0
-#define CI_CBC64_MODE             1
-#define CI_OFB64_MODE             2
-#define CI_CFB64_MODE             3
-#define CI_CFB32_MODE             4
-#define CI_CFB16_MODE             5
-#define CI_CFB8_MODE              6
-
-/* Card States */
-#define CI_POWER_UP               0
-#define CI_UNINITIALIZED          1
-#define CI_INITIALIZED            2
-#define CI_SSO_INITIALIZED        3
-#define CI_LAW_INITIALIZED        4
-#define CI_USER_INITIALIZED       5
-#define CI_STANDBY                6
-#define CI_READY                  7
-#define CI_ZEROIZE                8
-#define CI_INTERNAL_FAILURE       (-1)
-
-/* Flags for Firmware Update. */
-#define CI_NOT_LAST_BLOCK_FLAG    0x00000000UL
-#define CI_LAST_BLOCK_FLAG        0x80000000UL
-#define CI_DESTRUCTIVE_FLAG       0x000000FFUL
-#define CI_NONDESTRUCTIVE_FLAG    0x0000FF00UL
-
-
-/****************************************************************************
-  Fortezza Library Return Codes
- ***************************************************************************/
-
-/* Card Responses */
-#define CI_OK                     0
-#define CI_FAIL                   1
-#define CI_CHECKWORD_FAIL         2
-#define CI_INV_TYPE               3
-#define CI_INV_MODE               4
-#define CI_INV_KEY_INDEX          5
-#define CI_INV_CERT_INDEX         6
-#define CI_INV_SIZE               7
-#define CI_INV_HEADER             8
-#define CI_INV_STATE              9
-#define CI_EXEC_FAIL              10
-#define CI_NO_KEY                 11
-#define CI_NO_IV                  12
-#define CI_NO_X                   13
-
-#define CI_NO_SAVE                15
-#define CI_REG_IN_USE             16
-#define CI_INV_COMMAND            17
-#define CI_INV_POINTER            18
-#define CI_BAD_CLOCK              19
-#define CI_NO_DSA_PARMS           20
-
-/* Library Errors */
-#define CI_ERROR                  (-1)
-#define CI_LIB_NOT_INIT           (-2)
-#define CI_CARD_NOT_READY         (-3)
-#define CI_CARD_IN_USE            (-4)
-#define CI_TIME_OUT               (-5)
-#define CI_OUT_OF_MEMORY          (-6)
-#define CI_NULL_PTR               (-7)
-#define CI_BAD_SIZE               (-8)
-#define CI_NO_DECRYPT             (-9)
-#define CI_NO_ENCRYPT             (-10)
-#define CI_NO_EXECUTE             (-11)
-#define CI_BAD_PARAMETER          (-12)
-#define CI_OUT_OF_RESOURCES       (-13)
-
-#define CI_NO_CARD                (-20)
-#define CI_NO_DRIVER              (-21)
-#define CI_NO_CRDSRV              (-22)
-#define CI_NO_SCTSRV              (-23)
-
-#define CI_BAD_CARD               (-30)
-#define CI_BAD_IOCTL              (-31)
-#define CI_BAD_READ               (-32)
-#define CI_BAD_SEEK               (-33)
-#define CI_BAD_WRITE              (-34)
-#define CI_BAD_FLUSH              (-35)
-#define CI_BAD_IOSEEK             (-36)
-#define CI_BAD_ADDR               (-37)
-
-#define CI_INV_SOCKET_INDEX       (-40)
-#define CI_SOCKET_IN_USE          (-41)
-#define CI_NO_SOCKET              (-42)
-#define CI_SOCKET_NOT_OPENED      (-43)
-#define CI_BAD_TUPLES             (-44)
-#define CI_NOT_A_CRYPTO_CARD      (-45)
-
-#define CI_INVALID_FUNCTION       (-50)
-#define CI_LIB_ALRDY_INIT         (-51)
-#define CI_SRVR_ERROR             (-52)
-
-
-/*****************************************************************************
-  Data Structures
- ****************************************************************************/
-
-typedef unsigned char   CI_CERTIFICATE[CI_CERT_SIZE];
-
-typedef unsigned char   CI_CERT_FLAGS[CI_CERT_FLAGS_SIZE];
-
-typedef unsigned char   CI_CERT_STR[CI_CERT_NAME_SIZE+4];
-
-typedef unsigned char   CI_FAR *CI_DATA;
-
-typedef unsigned char   CI_G[CI_G_SIZE];
-
-typedef unsigned char   CI_HASHVALUE[CI_HASHVALUE_SIZE];
-
-typedef unsigned char   CI_IV[CI_IV_SIZE];
-
-typedef unsigned char   CI_KEY[CI_KEY_SIZE];
-
-typedef unsigned char   CI_KS[CI_KS_SIZE];
-
-typedef unsigned char   CI_P[CI_P_SIZE];
-
-typedef unsigned char   CI_PASSWORD[CI_PASSWORD_SIZE + 4];
-
-typedef unsigned char   CI_PIN[CI_PIN_SIZE + 4];
-
-typedef unsigned char   CI_Q[CI_Q_SIZE];
-
-typedef unsigned char   CI_RA[CI_RA_SIZE];
-
-typedef unsigned char   CI_RB[CI_RB_SIZE];
-
-typedef unsigned char   CI_RANDOM[CI_RANDOM_NO_SIZE];
-
-typedef unsigned char   CI_RANDSEED[CI_RANDOM_SEED_SIZE];
-
-typedef unsigned char   CI_REG_FLAGS[CI_REG_FLAGS_SIZE];
-
-typedef unsigned char   CI_SIGNATURE[CI_SIGNATURE_SIZE];
-
-typedef unsigned char   CI_SAVE_DATA[CI_SAVE_DATA_SIZE];
-
-typedef unsigned char   CI_SERIAL_NUMBER[CI_SERIAL_NUMBER_SIZE];
-
-typedef unsigned int    CI_STATE, CI_FAR *CI_STATE_PTR;
-
-typedef unsigned char   CI_TIME[CI_TIME_SIZE];
-
-typedef unsigned char   CI_TIMESTAMP[CI_TIMESTAMP_SIZE];
-
-typedef unsigned char   CI_WRAPPED_X[CI_WRAPPED_X_SIZE];
-
-typedef unsigned char   CI_Y[CI_Y_SIZE];
-
-typedef unsigned char   CI_X[CI_X_SIZE];
-
-typedef struct {
-    int     LibraryVersion;                 /* CI Library version */
-    int     ManufacturerVersion;            /* Card's hardware version */
-    char    ManufacturerName[CI_NAME_SIZE+4]; /* Card manufacturer's name*/
-    char    ProductName[CI_NAME_SIZE+4];    /* Card's product name */
-    char    ProcessorType[CI_NAME_SIZE+4];  /* Card's processor type */
-    unsigned long  UserRAMSize;             /* Amount of User RAM in bytes */
-    unsigned long  LargestBlockSize;        /* Largest block of data to pass in */
-    int     KeyRegisterCount;               /* Number of key registers */
-    int     CertificateCount;               /* Maximum number of personalities (# certs-1) */
-    int     CryptoCardFlag;                 /* A flag that if non-zero indicates that there is
-                                               a Crypto-Card in the socket. If this value is
-                                               zero then there is NOT a Crypto-Card in the
-                                               sockets. */
-    int     ICDVersion;                     /* The ICD compliance level */
-    int     ManufacturerSWVer;              /* The Manufacturer's Software Version */
-    int     DriverVersion;                  /* Driver Version */
-} CI_CONFIG, CI_FAR *CI_CONFIG_PTR;
-
-typedef struct {
-    int          CertificateIndex;          /* Index from 1 to CertificateCount */
-    CI_CERT_STR  CertLabel;                 /* The certificate label */
-} CI_PERSON, CI_FAR *CI_PERSON_PTR;
-
-typedef struct {
-     int    CurrentSocket;                  /* The currently selected socket */
-     int    LockState;                      /* Lock status of the current socket */
-     CI_SERIAL_NUMBER  SerialNumber;        /* Serial number of the Crypto Engine chip */
-     CI_STATE  CurrentState;                /* State of The Card */
-     int    DecryptionMode;                 /* Decryption mode of The Card */
-     int    EncryptionMode;                 /* Encryption mode of The Card */
-     int    CurrentPersonality;             /* Index of the current personality */
-     int    KeyRegisterCount;               /* No. of Key Register on The Card */
-     CI_REG_FLAGS   KeyRegisterFlags;       /* Bit Masks indicating Key Register use */
-     int    CertificateCount;               /* No. of Certificates on The Card */
-     CI_CERT_FLAGS  CertificateFlags;       /* Bit Mask indicating certificate use */
-     unsigned char  Flags[CI_STATUS_FLAGS_SIZE];  
-                                            /* Flag[0] : bit 6 for Condition mode */
-                                            /*           bit 4 for Clock mode */
-} CI_STATUS, CI_FAR *CI_STATUS_PTR;
-
-
-/*****************************************************************************
-  Function Call Prototypes
- ****************************************************************************/
-
-RETURN_TYPE
-CI_ChangePIN PROTO_LIST( (
-    int            PINType,
-    CI_PIN CI_FAR  pOldPIN,
-    CI_PIN CI_FAR  pNewPIN ) );
-
-RETURN_TYPE
-CI_CheckPIN PROTO_LIST( (
-    int            PINType,
-    CI_PIN CI_FAR  pPIN ) );
-
-RETURN_TYPE
-CI_Close PROTO_LIST( (
-    unsigned int  Flags,
-    int           SocketIndex ) );
-
-RETURN_TYPE
-CI_Decrypt PROTO_LIST( (
-    unsigned int  CipherSize,
-    CI_DATA       pCipher,
-    CI_DATA       pPlain ) );
-
-RETURN_TYPE
-CI_DeleteCertificate PROTO_LIST( (
-    int  CertificateIndex ) );
-
-RETURN_TYPE
-CI_DeleteKey PROTO_LIST( (
-    int  RegisterIndex ) );
-
-RETURN_TYPE
-CI_Encrypt PROTO_LIST( (
-    unsigned int  PlainSize,
-    CI_DATA       pPlain,
-    CI_DATA       pCipher ) );
-
-RETURN_TYPE
-CI_ExtractX PROTO_LIST( (
-    int                  CertificateIndex,
-    int                  AlgorithmType,
-    CI_PASSWORD CI_FAR   pPassword,
-    unsigned int         YSize,
-    CI_Y CI_FAR          pY,
-    CI_WRAPPED_X CI_FAR  pX,
-    CI_RA CI_FAR         pRa,
-    unsigned int         PandGSize,
-    unsigned int         QSize,
-    CI_P CI_FAR          pP,
-    CI_Q CI_FAR          pQ,
-    CI_G CI_FAR          pG ) );
-
-RETURN_TYPE
-CI_FirmwareUpdate PROTO_LIST( (
-    unsigned long  Flags,
-    long           Cksum,
-    unsigned int   CksumLength,
-    unsigned int   DataSize,
-    CI_DATA        pData ) );
-
-RETURN_TYPE
-CI_GenerateIV PROTO_LIST( (
-    CI_IV CI_FAR  pIV ) );
-
-RETURN_TYPE
-CI_GenerateMEK PROTO_LIST( (
-    int  RegisterIndex,
-    int  Reserved ) );
-
-RETURN_TYPE
-CI_GenerateRa PROTO_LIST( (
-    CI_RA CI_FAR  pRa ) );
-
-RETURN_TYPE
-CI_GenerateRandom PROTO_LIST( (
-    CI_RANDOM CI_FAR  pRandom ) );
-
-RETURN_TYPE
-CI_GenerateTEK PROTO_LIST( (
-    int           Flags,
-    int           RegisterIndex,
-    CI_RA CI_FAR  pRa,
-    CI_RB CI_FAR  pRb,
-    unsigned int  YSize,
-    CI_Y CI_FAR   pY ) );
-
-RETURN_TYPE
-CI_GenerateX PROTO_LIST( (
-    int           CertificateIndex,
-    int           AlgorithmType,
-    unsigned int  PandGSize,
-    unsigned int  QSize,
-    CI_P CI_FAR   pP,
-    CI_Q CI_FAR   pQ,
-    CI_G CI_FAR   pG,
-    unsigned int  YSize,
-    CI_Y CI_FAR   pY ) );
-
-RETURN_TYPE
-CI_GetCertificate PROTO_LIST( (
-    int                    CertificateIndex,
-    CI_CERTIFICATE CI_FAR  pCertificate ) );
-
-RETURN_TYPE
-CI_GetConfiguration PROTO_LIST( (
-    CI_CONFIG_PTR  pConfiguration ) );
-
-RETURN_TYPE
-CI_GetHash PROTO_LIST( (
-    unsigned int         DataSize,
-    CI_DATA              pData,
-    CI_HASHVALUE CI_FAR  pHashValue ) );
-
-RETURN_TYPE
-CI_GetPersonalityList PROTO_LIST( (
-    int               EntryCount,
-    CI_PERSON CI_FAR  pPersonalityList[] ) );
-
-RETURN_TYPE
-CI_GetState PROTO_LIST( (
-    CI_STATE_PTR  pState ) );
-
-RETURN_TYPE
-CI_GetStatus PROTO_LIST( (
-    CI_STATUS_PTR  pStatus ) );
-
-RETURN_TYPE
-CI_GetTime PROTO_LIST( (
-    CI_TIME CI_FAR  pTime ) );
-
-RETURN_TYPE
-CI_Hash PROTO_LIST( (
-    unsigned int  DataSize,
-    CI_DATA       pData ) );
-
-RETURN_TYPE
-CI_Initialize PROTO_LIST( (
-    int CI_FAR  *SocketCount ) );
-
-RETURN_TYPE
-CI_InitializeHash PROTO_LIST( (
-    void ) );
-
-RETURN_TYPE
-CI_InstallX PROTO_LIST( (
-    int                  CertificateIndex,
-    int                  AlgorithmType,
-    CI_PASSWORD CI_FAR   pPassword,
-    unsigned int         YSize,
-    CI_Y CI_FAR          pY,
-    CI_WRAPPED_X CI_FAR  pWrappedX,
-    CI_RA CI_FAR         pRa,
-    unsigned int         PandGSize,
-    unsigned int         QSize,
-    CI_P CI_FAR          pP,
-    CI_Q CI_FAR          pQ,
-    CI_G CI_FAR          pG ) );
-
-RETURN_TYPE
-CI_LoadCertificate PROTO_LIST( (
-    int                    CertificateIndex,
-    CI_CERT_STR CI_FAR     pCertLabel,
-    CI_CERTIFICATE CI_FAR  pCertificate,
-    long                   Reserved ) );
-
-RETURN_TYPE
-CI_LoadDSAParameters PROTO_LIST( (
-    unsigned int  PandGSize,
-    unsigned int  QSize,
-    CI_P CI_FAR   pP,
-    CI_Q CI_FAR   pQ,
-    CI_G CI_FAR   pG ) );
-
-RETURN_TYPE
-CI_LoadInitValues PROTO_LIST( (
-    CI_RANDSEED CI_FAR  pRandSeed,
-    CI_KS CI_FAR        pKs ) );
-
-RETURN_TYPE
-CI_LoadIV PROTO_LIST( (
-    CI_IV CI_FAR  pIV ) );
-
-RETURN_TYPE
-CI_LoadX PROTO_LIST( (
-    int           CertificateIndex,
-    int           AlgorithmType,
-    unsigned int  PandGSize,
-    unsigned int  QSize,
-    CI_P CI_FAR   pP,
-    CI_Q CI_FAR   pQ,
-    CI_G CI_FAR   pG,
-    CI_X CI_FAR   pX,
-    unsigned int  YSize,
-    CI_Y CI_FAR   pY ) );
-
-RETURN_TYPE
-CI_Lock PROTO_LIST( (
-    int  Flags ) );
-
-RETURN_TYPE
-CI_Open PROTO_LIST( (
-    unsigned int  Flags,
-    int           SocketIndex ) );
-
-RETURN_TYPE
-CI_RelayX PROTO_LIST( (
-    CI_PASSWORD CI_FAR   pOldPassword,
-    unsigned int         OldYSize,
-    CI_Y CI_FAR          pOldY,
-    CI_RA CI_FAR         pOldRa,
-    CI_WRAPPED_X CI_FAR  pOldWrappedX,
-    CI_PASSWORD CI_FAR   pNewPassword,
-    unsigned int         NewYSize,
-    CI_Y CI_FAR          pNewY,
-    CI_RA CI_FAR         pNewRa,
-    CI_WRAPPED_X CI_FAR  pNewWrappedX ) );
-
-RETURN_TYPE
-CI_Reset PROTO_LIST( (
-    void ) );
-
-RETURN_TYPE
-CI_Restore PROTO_LIST( (
-    int                  CryptoType,
-    CI_SAVE_DATA CI_FAR  pData ) );
-
-RETURN_TYPE
-CI_Save PROTO_LIST( (
-    int                  CryptoType,
-    CI_SAVE_DATA CI_FAR  pData ) );
-
-RETURN_TYPE
-CI_Select PROTO_LIST( (
-    int  SocketIndex ) );
-
-RETURN_TYPE
-CI_SetConfiguration PROTO_LIST( (
-    int           Type,
-    unsigned int  DataSize,
-    CI_DATA       pData ) );
-
-RETURN_TYPE
-CI_SetKey PROTO_LIST( (
-    int  RegisterIndex ) );
-
-RETURN_TYPE
-CI_SetMode PROTO_LIST( (
-    int  CryptoType,
-    int  CryptoMode ) );
-
-RETURN_TYPE
-CI_SetPersonality PROTO_LIST( (
-    int  CertificateIndex ) );
-
-RETURN_TYPE
-CI_SetTime PROTO_LIST( (
-    CI_TIME CI_FAR  pTime ) );
-
-RETURN_TYPE
-CI_Sign PROTO_LIST( (
-    CI_HASHVALUE CI_FAR  pHashValue,
-    CI_SIGNATURE CI_FAR  pSignature ) );
-
-RETURN_TYPE
-CI_Terminate PROTO_LIST( (
-    void ) );
-
-RETURN_TYPE
-CI_TimeStamp PROTO_LIST( (
-    CI_HASHVALUE CI_FAR  pHashValue,
-    CI_SIGNATURE CI_FAR  pSignature,
-    CI_TIMESTAMP CI_FAR  pTimeStamp ) );
-
-RETURN_TYPE
-CI_Unlock PROTO_LIST( (
-    void ) );
-
-RETURN_TYPE
-CI_UnwrapKey PROTO_LIST( (
-    int            UnwrapIndex,
-    int            KeyIndex,
-    CI_KEY CI_FAR  pKey ) );
-
-RETURN_TYPE
-CI_VerifySignature PROTO_LIST( (
-    CI_HASHVALUE CI_FAR  pHashValue,
-    unsigned int         YSize,
-    CI_Y CI_FAR          pY,
-    CI_SIGNATURE CI_FAR  pSignature ) );
-
-RETURN_TYPE
-CI_VerifyTimeStamp PROTO_LIST( (
-    CI_HASHVALUE CI_FAR  pHashValue,
-    CI_SIGNATURE CI_FAR  pSignature,
-    CI_TIMESTAMP CI_FAR  pTimeStamp ) );
-
-RETURN_TYPE
-CI_WrapKey PROTO_LIST( (
-    int            WrapIndex,
-    int            KeyIndex,
-    CI_KEY CI_FAR  pKey ) );
-
-RETURN_TYPE
-CI_Zeroize PROTO_LIST( (
-    void ) );
-
-#if __cplusplus__ || __cplusplus
-}
-#endif /* C++ */
-
-#endif /* CRYPTINT_H */
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/fmutex.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "fmutex.h"
-#include "fpkmem.h"
-#include <stdio.h>
-
-typedef struct PKMutexFunctions {
-  CK_CREATEMUTEX  CreateMutex;
-  CK_DESTROYMUTEX DestroyMutex;
-  CK_LOCKMUTEX    LockMutex;
-  CK_UNLOCKMUTEX  UnlockMutex;
-  int  useMutex;
-} PKMutexFunctions;
-
-static PKMutexFunctions   gMutex = {NULL, NULL, NULL, NULL, 0};
-static int gInit = 0;
-
-#define FMUTEX_CHECKS()                            \
-    if (gInit == 0) {                              \
-        return CKR_GENERAL_ERROR;                  \
-    }                                              \
-    if (!gMutex.useMutex) {                        \
-        return CKR_GENERAL_ERROR;                  \
-    }			 
-
-CK_RV FMUTEX_Init(CK_C_INITIALIZE_ARGS_PTR pArgs) {
-    if (gInit != 0) {
-        return CKR_GENERAL_ERROR;
-    }
-
-    if (pArgs && pArgs->CreateMutex && pArgs->DestroyMutex &&
-	pArgs->LockMutex   && pArgs->UnlockMutex) {
-
-        gMutex.CreateMutex    = pArgs->CreateMutex;
-	gMutex.DestroyMutex   = pArgs->DestroyMutex;
-	gMutex.LockMutex      = pArgs->LockMutex;
-	gMutex.UnlockMutex    = pArgs->UnlockMutex;
-	gMutex.useMutex       = 1;
-	gInit                 = 1;
-    } else {
-        gInit = 0;
-	return CKR_GENERAL_ERROR;
-    }
-    
-    return CKR_OK;
-}
-
-
-CK_RV FMUTEX_Create(CK_VOID_PTR_PTR pMutex) {
-    CK_RV rv;
-    FMUTEX_CHECKS()
-
-    rv = gMutex.CreateMutex(pMutex);
-    return rv;
-}
-
-CK_RV FMUTEX_Destroy(CK_VOID_PTR pMutex) {
-    CK_RV rv;
-    FMUTEX_CHECKS()
-
-    rv = gMutex.DestroyMutex(pMutex);
-    return rv;
-}
-
-CK_RV FMUTEX_Lock(CK_VOID_PTR pMutex) {
-    CK_RV rv;
-    FMUTEX_CHECKS()
-
-    rv = gMutex.LockMutex(pMutex);
-    return rv;
-}
-
-CK_RV FMUTEX_Unlock(CK_VOID_PTR pMutex) {
-    CK_RV rv;
-    FMUTEX_CHECKS()
-
-    rv = gMutex.UnlockMutex(pMutex);
-    return rv;
-}
-
-int FMUTEX_MutexEnabled (void) {
-    return gMutex.useMutex;
-}
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/fmutex.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#ifndef _FMUTEX_H_
-#define _FMUTEX_H_ 1
-
-#include "fpkcs11t.h"
-
-/*
- * All of these functions will return CK_RV  values.
- */
-extern CK_RV FMUTEX_Init(CK_C_INITIALIZE_ARGS_PTR pArgs);
-
-
-extern CK_RV FMUTEX_Create(CK_VOID_PTR_PTR pMutex);
-
-extern CK_RV FMUTEX_Destroy(CK_VOID_PTR pMutex);
-
-extern CK_RV FMUTEX_Lock(CK_VOID_PTR pMutex);
-
-extern CK_RV FMUTEX_Unlock(CK_VOID_PTR pMutex);
-
-/* Returns 0 if mutexes have not been enabled.
- * Returns 1 if mutexes have been enabled.
- */
-extern int FMUTEX_MutexEnabled(void);
-
-#endif /*_FMUTEX_H_*/
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/forsock.c
+++ /dev/null
@@ -1,819 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "fortsock.h"
-#include "fpkmem.h"
-#include "fmutex.h"
-#include <string.h>
-#include <stdlib.h>
-
-#define DEF_ENCRYPT_SIZE 0x8000
-
-static unsigned char Fortezza_mail_Rb[128] = { 
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,1,
-};
-
-int InitSocket (FortezzaSocket *inSocket, int inSlotID) {
-    int        ci_rv;
-    CK_RV      mrv;
-
-    if (inSocket == NULL)
-        return SOCKET_FAILURE;
-
-    inSocket->isLoggedIn          = PR_FALSE;
-    inSocket->personalitiesLoaded = PR_FALSE;
-    inSocket->isOpen              = PR_FALSE;
-    inSocket->personalityList     = NULL;
-    inSocket->keyRegisters        = NULL;
-    inSocket->keys                = NULL;
-    inSocket->numPersonalities    = 0;
-    inSocket->numKeyRegisters     = 0;
-    inSocket->hitCount            = 0;
-
-    inSocket->slotID = inSlotID;
-    ci_rv = MACI_GetSessionID(&(inSocket->maciSession));
-    if (ci_rv != CI_OK)
-      return SOCKET_FAILURE;
-
-    ci_rv = MACI_Open (inSocket->maciSession, 0, inSlotID);
-    if (ci_rv == CI_OK) { 
-        inSocket->isOpen = PR_TRUE;
-    }  else {
-        MACI_Close (inSocket->maciSession, CI_NULL_FLAG, inSlotID);
-    }
-
-    if (FMUTEX_MutexEnabled()) {
-        mrv = FMUTEX_Create(&inSocket->registersLock);
-	if (mrv != CKR_OK) {
-	    inSocket->registersLock = NULL;
-	}
-    } else {
-        inSocket->registersLock = NULL;
-    }
-
-    return SOCKET_SUCCESS;
-}
-
-int FreeSocket (FortezzaSocket *inSocket) {
-    if (inSocket->registersLock) {
-        FMUTEX_Destroy(inSocket->registersLock);
-    }
-    MACI_Close(inSocket->maciSession, CI_NULL_FLAG, inSocket->slotID);
-    return SOCKET_SUCCESS;
-}
-
-int LoginToSocket (FortezzaSocket *inSocket, int inUserType, CI_PIN inPin) {
-    int ci_rv, i;
-    CI_STATUS ciStatus;
-    CI_CONFIG ciConfig;
-    FortezzaKey **oldRegisters, **newRegisters;
-    int oldCount;
-    HSESSION hs;
-
-    if (inSocket == NULL || inSocket->isLoggedIn)
-        return SOCKET_FAILURE;
-
-    hs = inSocket->maciSession;
-    ci_rv = MACI_Select (hs, inSocket->slotID);
-    if (ci_rv != CI_OK)
-        return ci_rv;
-    
-    ci_rv = MACI_CheckPIN(hs, inUserType, inPin);
-
-    if (ci_rv != CI_OK) {
-        return ci_rv;
-    }
-
-    ci_rv = MACI_GetStatus(hs, &ciStatus);
-
-    if (ci_rv != CI_OK) {
-        if (ci_rv == CI_FAIL) {
-	    ci_rv = CI_EXEC_FAIL;
-	}
-	return ci_rv;
-    }
-
-    ci_rv = MACI_GetConfiguration(hs, &ciConfig);
-    if (ci_rv != CI_OK) {
-      return ci_rv;
-    }
-
-    inSocket->isLoggedIn  = PR_TRUE;
-    inSocket->hasLoggedIn = PR_TRUE;
-    PORT_Memcpy (inSocket->openCardSerial, ciStatus.SerialNumber, 
-		 sizeof (CI_SERIAL_NUMBER));
-    inSocket->openCardState = ciStatus.CurrentState;
-    inSocket->numPersonalities = ciStatus.CertificateCount;
-    inSocket->numKeyRegisters  = ciConfig.KeyRegisterCount;
-    newRegisters     = 
-     (FortezzaKey**)PORT_Alloc (sizeof(FortezzaKey)*ciConfig.KeyRegisterCount);
-
-    FMUTEX_Lock(inSocket->registersLock);
-    oldRegisters = inSocket->keyRegisters;
-    oldCount = inSocket->numKeyRegisters;
-    inSocket->keyRegisters = newRegisters;
-    if (oldRegisters) {
-	for (i=0; i<oldCount; i++) {
-	    if (oldRegisters[i]) {
-		oldRegisters[i]->keyRegister = KeyNotLoaded;
-	    }
-            oldRegisters[i] = NULL;
-	}
-	PORT_Free(oldRegisters);
-    }
-
-    if (inSocket->keyRegisters == NULL) {
-        FMUTEX_Unlock(inSocket->registersLock);
-        return SOCKET_FAILURE;
-    }
-
-    for (i=0; i<ciConfig.KeyRegisterCount; i++) {
-        inSocket->keyRegisters[i] = NULL;
-    }
-    FMUTEX_Unlock(inSocket->registersLock);
-
-    return SOCKET_SUCCESS;
-}
-
-int LogoutFromSocket (FortezzaSocket *inSocket) {
-    if (inSocket == NULL)
-        return SOCKET_FAILURE;
-
-    inSocket->isLoggedIn  = PR_FALSE;
-    inSocket->hasLoggedIn = PR_FALSE;
-    if (UnloadPersonalityList(inSocket) != SOCKET_SUCCESS)
-        return SOCKET_FAILURE;
-    
-
-    return SOCKET_SUCCESS;
-}
-
-
-int FetchPersonalityList(FortezzaSocket *inSocket) {
-    int rv;
-
-    if (inSocket == NULL || inSocket->numPersonalities == 0) {
-        return SOCKET_FAILURE;
-    }
-
-    rv = MACI_Select (inSocket->maciSession, inSocket->slotID);
-
-    inSocket->personalityList = 
-        (CI_PERSON*)PORT_Alloc (sizeof(CI_PERSON)*inSocket->numPersonalities);
-
-    if (inSocket->personalityList == NULL) {
-        return SOCKET_FAILURE;
-    }
-
-    rv = MACI_GetPersonalityList(inSocket->maciSession, 
-				 inSocket->numPersonalities, 
-				 inSocket->personalityList);
-
-    if (rv != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-
-    inSocket->personalitiesLoaded = PR_TRUE;
-    return SOCKET_SUCCESS;
-}
-
-int UnloadPersonalityList(FortezzaSocket *inSocket) {
-    if (inSocket == NULL)
-        return SOCKET_FAILURE;
-
-    inSocket->personalitiesLoaded = PR_FALSE;
-    if (inSocket->personalityList) {
-        PORT_Free(inSocket->personalityList);
-    }
-    inSocket->numPersonalities = 0;
-    inSocket->personalityList = NULL;
-
-    return SOCKET_SUCCESS;
-}
-
-PRBool SocketIsLoggedIn(CI_STATE status) {
-	
-    return (PRBool)((status == CI_READY) || (status == CI_STANDBY));
-}
-
-PRBool SocketStateUnchanged(FortezzaSocket* inSocket) {
-    CI_STATUS ciStatus;
-    int       ciRV;
-
-    ciRV = MACI_Select (inSocket->maciSession, inSocket->slotID);
-    if (ciRV != CI_OK)
-        return PR_FALSE;
-
-    if (inSocket->hasLoggedIn && !inSocket->isLoggedIn) 
-        return PR_FALSE;  /* User Logged out from the socket */
-
-    /*
-     * Some vendor cards are slow. so if we think we are logged in, 
-     * and the card still thinks we're logged in, we must have the same
-     * card.
-     */
-    if (inSocket->isLoggedIn) {
-	CI_STATE state;
-	ciRV = MACI_GetState(inSocket->maciSession, &state);
-	if (ciRV != CI_OK) return PR_FALSE;
-
-	return SocketIsLoggedIn(state);
-    }
-	
-    ciRV = MACI_GetStatus(inSocket->maciSession, &ciStatus);
-    if(ciRV != CI_OK) {
-        return PR_FALSE;
-    }
-    if (inSocket->isLoggedIn) {
- 	if (PORT_Memcmp(ciStatus.SerialNumber, inSocket->openCardSerial, 
-			sizeof (CI_SERIAL_NUMBER)) != 0)
-	  return PR_FALSE;  /* Serial Number of card in slot has changed */
-	                    /* Probably means there is a new card        */
-    }
-    
-    if (inSocket->isLoggedIn  && !SocketIsLoggedIn(ciStatus.CurrentState))
-        return PR_FALSE;  /* State of card changed.         */
-                         /* Probably re-inserted same card */ 
-
-    return PR_TRUE;  /* No change in the state of the socket */
-}
-
-/*
- * can we regenerate this key on the fly?
- */
-static PRBool
-FortezzaIsRegenerating(FortezzaKey *key) {
-    /* TEK's are the only type of key that can't be regenerated */
-    if (key->keyType != TEK) return PR_TRUE;
-    /* Client TEK's can never be regenerated */
-    if (key->keyData.tek.flags == CI_INITIATOR_FLAG) return PR_FALSE; 
-    /* Only Server TEK's that use the Mail protocol can be regenerated */
-    return ((PRBool)(memcmp(key->keyData.tek.Rb,Fortezza_mail_Rb,
-			sizeof(key->keyData.tek.Rb)) == 0));
-}
-
-int GetBestKeyRegister(FortezzaSocket *inSocket) {
-    int i, candidate = -1, candidate2 = 1;
-    CK_ULONG minHitCount = 0xffffffff;
-    CK_ULONG minRegHitCount = 0xffffffff;  
-    FortezzaKey **registers;
-
-    registers = inSocket->keyRegisters;
-    for (i=1; i< inSocket->numKeyRegisters; i++) {
-        if (registers[i] == NULL)
-	    return i;
-    }
-
-    for (i=1; i < inSocket->numKeyRegisters; i++) {
-        if (registers[i]->hitCount < minHitCount) {
-	    minHitCount = registers[i]->hitCount;
-	    candidate2 = i;
-	}
-
-	if (FortezzaIsRegenerating(registers[i]) &&
-	    (registers[i]->hitCount < minRegHitCount)) {
-	    minRegHitCount = registers[i]->hitCount;
-	    candidate = i;
-	}
-    }
-
-    if (candidate == -1)
-        candidate = candidate2;
-
-    return candidate;
-}
-
-int  SetFortezzaKeyHandle (FortezzaKey *inKey, CK_OBJECT_HANDLE inHandle) {
-    inKey->keyHandle = inHandle;
-    return SOCKET_SUCCESS;
-}
-
-void
-RemoveKey (FortezzaKey *inKey) {
-    if (inKey != NULL && inKey->keySocket->keyRegisters != NULL) {
-	if (inKey->keyRegister != KeyNotLoaded) {
-	    FortezzaKey **registers = inKey->keySocket->keyRegisters;
-	    registers[inKey->keyRegister] = NULL;
-	    MACI_DeleteKey(inKey->keySocket->maciSession, inKey->keyRegister);
-	}
-	
-	PORT_Free(inKey);
-    }
-}
-
-FortezzaKey *NewFortezzaKey(FortezzaSocket  *inSocket, 
-			    FortezzaKeyType  inKeyType,
-			    CreateTEKInfo   *TEKinfo,
-			    int              inKeyRegister) {
-    FortezzaKey  *newKey, *oldKey;
-    FortezzaKey **registers;
-    HSESSION      hs = inSocket->maciSession;
-    int ciRV;
-
-    newKey = (FortezzaKey*)PORT_Alloc (sizeof(FortezzaKey));
-    if (newKey == NULL) {
-        return NULL;
-    }
-
-    newKey->keyHandle    = 0;
-    newKey->keyRegister  = KeyNotLoaded;
-    newKey->keyType      = inKeyType;
-    newKey->keySocket    = inSocket;
-    newKey->hitCount     = 0;
-    newKey->id           = TEKinfo ? TEKinfo->personality : 0;
-
-    if (inKeyType != Ks && inSocket->keyRegisters) {
-	registers = inSocket->keyRegisters;
-	oldKey    = registers[inKeyRegister];
-	if (oldKey != NULL) {
-	    oldKey->keyRegister = KeyNotLoaded;
-	}
-
-	registers[inKeyRegister] = newKey;
-	newKey->hitCount = inSocket->hitCount++;
-
-	MACI_DeleteKey (hs, inKeyRegister);
-    }
-    newKey->keyRegister = inKeyRegister;
-
-    MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
-    switch (inKeyType) {
-    case MEK:
-        ciRV = MACI_GenerateMEK (hs, inKeyRegister, 0);
-	if (ciRV != CI_OK) {
-	    RemoveKey(newKey);
-	    MACI_Unlock(hs);
-	    return NULL;
-        }
-	MACI_WrapKey(hs, 0, inKeyRegister, newKey->keyData.mek);
-	break;
-    case TEK:
-        PORT_Memcpy (newKey->keyData.tek.Rb, TEKinfo->Rb, TEKinfo->randomLen);
-	PORT_Memcpy (newKey->keyData.tek.Ra, TEKinfo->Ra, TEKinfo->randomLen);
-	PORT_Memcpy (newKey->keyData.tek.pY, TEKinfo->pY, TEKinfo->YSize);
-	newKey->keyData.tek.ySize = TEKinfo->YSize;
-	newKey->keyData.tek.randomLen = TEKinfo->randomLen;
-	newKey->keyData.tek.registerIndex = TEKinfo->personality;
-	newKey->keyData.tek.flags = TEKinfo->flag;
-
-	ciRV = MACI_SetPersonality(hs,TEKinfo->personality);
-	if (ciRV != CI_OK) {
-	    RemoveKey(newKey);
-	    MACI_Unlock(hs);
-	    return NULL;
-	}
-	ciRV = MACI_GenerateTEK(hs, TEKinfo->flag, inKeyRegister,
-			 newKey->keyData.tek.Ra, TEKinfo->Rb, 
-			 TEKinfo->YSize, TEKinfo->pY);
-	if (ciRV != CI_OK) {
-	    RemoveKey(newKey);
-	    MACI_Unlock(hs);
-	    return NULL;
-	}
-
-	
-        break;
-    case Ks:
-	break;
-    default:
-        RemoveKey(newKey);
-	MACI_Unlock(hs);
-	return NULL;
-    }
-    MACI_Unlock(hs);
-    return newKey;
-}
-
-FortezzaKey *NewUnwrappedKey(int inKeyRegister, int id,
-			     FortezzaSocket *inSocket) {
-    FortezzaKey *newKey;
-
-    newKey = (FortezzaKey*)PORT_Alloc (sizeof(FortezzaKey));
-    if (newKey == NULL) {
-        return NULL;
-    }
- 
-    newKey->keyRegister = inKeyRegister;
-    newKey->keyType     = UNWRAP;
-    newKey->keySocket   = inSocket;
-    newKey->id          = id;
-    newKey->hitCount    = inSocket->hitCount++; 
-    MACI_WrapKey(inSocket->maciSession,0 , inKeyRegister, newKey->keyData.mek);
-    inSocket->keyRegisters[inKeyRegister] = newKey;
-
-    return newKey;
-}
-
-int LoadKeyIntoRegister (FortezzaKey *inKey) {
-    int              registerIndex = GetBestKeyRegister(inKey->keySocket);
-    FortezzaSocket  *socket        = inKey->keySocket;
-    FortezzaKey    **registers     = socket->keyRegisters;
-    HSESSION         hs            = socket->maciSession;
-    FortezzaTEK     *tek           = &inKey->keyData.tek;
-    FortezzaKey     *oldKey;
-    int              rv = CI_FAIL;
-
-    if (inKey->keyRegister != KeyNotLoaded) {
-        return inKey->keyRegister;
-    }
-
-    oldKey = registers[registerIndex];
-
-    MACI_Select(hs, socket->slotID);
-    if (oldKey) {
-        oldKey->keyRegister = KeyNotLoaded;
-    }
-    MACI_DeleteKey (hs, registerIndex);
-
-    switch (inKey->keyType) {
-    case TEK:
-        if (!FortezzaIsRegenerating(inKey)) {
-	  return KeyNotLoaded;
-	}
-        if (MACI_SetPersonality(hs, tek->registerIndex) == CI_OK) {
-	    rv = MACI_GenerateTEK (hs, tek->flags, registerIndex, 
-				   tek->Ra, tek->Rb, tek->ySize, 
-				   tek->pY);   
-	} 
-	if (rv != CI_OK)
-	    return KeyNotLoaded;
-	break;
-    case MEK:
-    case UNWRAP:
-        rv = MACI_UnwrapKey (hs, 0, registerIndex, inKey->keyData.mek);
-	if (rv != CI_OK) 
-	    return KeyNotLoaded;
-	break;
-    default:
-        return KeyNotLoaded;
-    }
-    inKey->keyRegister = registerIndex;
-    registers[registerIndex] = inKey;
- 
-    return registerIndex;
-}
-
-int InitCryptoOperation (FortezzaContext *inContext, 
-			 CryptoType inCryptoOperation) {
-    inContext->cryptoOperation = inCryptoOperation;
-    return SOCKET_SUCCESS;
-}
-
-int EndCryptoOperation (FortezzaContext *inContext, 
-			CryptoType inCryptoOperation) {
-    if (inCryptoOperation != inContext->cryptoOperation) {
-      return SOCKET_FAILURE;
-    }
-    inContext->cryptoOperation = None;
-    return SOCKET_SUCCESS;
-}
-
-CryptoType GetCryptoOperation (FortezzaContext *inContext) {
-    return inContext->cryptoOperation;
-}
-
-void InitContext(FortezzaContext *inContext, FortezzaSocket *inSocket,
-		 CK_OBJECT_HANDLE hKey) {
-    inContext->fortezzaKey     = NULL;
-    inContext->fortezzaSocket  = inSocket;
-    inContext->session         = NULL;
-    inContext->mechanism       = NO_MECHANISM;
-    inContext->userRamSize     = 0;
-    inContext->cryptoOperation = None;
-    inContext->hKey            = hKey;
-}
-
-extern PRBool fort11_FortezzaIsUserCert(unsigned char *label);
-
-static int
-GetValidPersonality (FortezzaSocket *inSocket) {
-    int index = -1; /* return an invalid personalidyt if one isn't found */
-    int i;
-    PRBool unLoadList = PR_FALSE;
-    int numPersonalities = 0;
-
-    if (!inSocket->personalitiesLoaded) {
-        numPersonalities = inSocket->numPersonalities;
-        FetchPersonalityList (inSocket);
-	unLoadList = PR_TRUE;
-    }
-
-    for (i=0; i<inSocket->numPersonalities; i++) {
-        if (fort11_FortezzaIsUserCert(inSocket->personalityList[i].CertLabel)) {
-	    index = inSocket->personalityList[i].CertificateIndex;
-	    break;
-	}
-    }
-
-    if (unLoadList) {
-        UnloadPersonalityList(inSocket);
-	/* UnloadPersonality sets numPersonalities to zero,
-	 * so we set it back to what it was when this function
-	 * was called.
-	 */
-	inSocket->numPersonalities = numPersonalities;
-    }
-    return index;
-}
-
-int RestoreState (FortezzaContext *inContext, CryptoType inType) {
-    FortezzaKey    *key    = inContext->fortezzaKey;
-    FortezzaSocket *socket = inContext->fortezzaSocket;
-    HSESSION        hs     = socket->maciSession; 
-    CI_IV           bogus_iv;
-    int             rv, cryptoType = -1;
-    int             personality = inContext->fortezzaKey->id;
-
-    if (key == NULL)
-        return SOCKET_FAILURE;
-
-    if (personality == 0) {
-        personality = GetValidPersonality (socket);
-    }
-    rv = MACI_SetPersonality(hs, personality);
-    if (rv != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-    /*
-     * The cards need to have some state bits set because
-     * save and restore don't necessarily save all the state.
-     * Instead of fixing the cards, they decided to change the
-     * protocol :(.
-     */
-    switch (inType) {
-    case Encrypt:
-        rv = MACI_SetKey(hs, key->keyRegister);
-	if (rv != CI_OK)
-	    break;
-	rv = MACI_GenerateIV (hs, bogus_iv);
-	cryptoType = CI_ENCRYPT_EXT_TYPE;
-	break;
-    case Decrypt:
-	rv = MACI_SetKey(hs, key->keyRegister);
-        rv = MACI_LoadIV (hs, inContext->cardIV);
-	cryptoType = CI_DECRYPT_EXT_TYPE;
-	break;
-    default:
-      rv = CI_INV_POINTER;
-      break;
-    }
-
-    if (rv != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-    /*PORT_Assert(cryptoType != -1); */
-
-    rv = MACI_Restore(hs, cryptoType, inContext->cardState);
-    if (rv != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-
-    return SOCKET_SUCCESS;
-}
-
-int SaveState (FortezzaContext *inContext, CI_IV inIV, 
-	       PK11Session *inSession, FortezzaKey *inKey,
-	       int inCryptoType, CK_MECHANISM_TYPE inMechanism){
-    int             ciRV;
-    FortezzaSocket *socket = inContext->fortezzaSocket;
-    HSESSION        hs     = socket->maciSession;
-    CI_CONFIG       ciConfig;
-
-    ciRV = MACI_Select (hs, socket->slotID);
-    if (ciRV != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-    inContext->session     = inSession;
-    inContext->fortezzaKey = inKey;
-    inContext->mechanism   = inMechanism;
-    PORT_Memcpy (inContext->cardIV, inIV, sizeof (CI_IV));
-    ciRV = MACI_Save(hs, inCryptoType, inContext->cardState);
-    if (ciRV != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-    ciRV = MACI_GetConfiguration (hs, &ciConfig);
-    if (ciRV == CI_OK) {
-      inContext->userRamSize = ciConfig.LargestBlockSize;
-    }
-
-    if (inContext->userRamSize == 0) inContext->userRamSize = 0x4000;
-    
-    return SOCKET_SUCCESS;
-}
-
-int SocketSaveState (FortezzaContext *inContext, int inCryptoType) {
-    int ciRV;
-
-    ciRV = MACI_Save (inContext->fortezzaSocket->maciSession, inCryptoType, 
-		      inContext->cardState);
-    if (ciRV != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-    return SOCKET_SUCCESS;
-}
-
-int DecryptData (FortezzaContext *inContext, 
-		 CK_BYTE_PTR inData,
-		 CK_ULONG inDataLen, 
-		 CK_BYTE_PTR inDest, 
-		 CK_ULONG inDestLen) {
-    FortezzaSocket *socket = inContext->fortezzaSocket;
-    FortezzaKey    *key    = inContext->fortezzaKey;
-    HSESSION        hs     = socket->maciSession;
-    CK_ULONG        defaultEncryptSize;
-    CK_ULONG        left = inDataLen;
-    CK_BYTE_PTR    loopin, loopout;
-    int             rv = CI_OK;    
-    
-    MACI_Select (hs, socket->slotID);
-
-    defaultEncryptSize = (inContext->userRamSize > DEF_ENCRYPT_SIZE) 
-                          ? DEF_ENCRYPT_SIZE : inContext->userRamSize;
-
-    if (key->keyRegister == KeyNotLoaded) {
-        rv = LoadKeyIntoRegister(key);
-	if (rv == KeyNotLoaded) {
-	    return SOCKET_FAILURE;
-	}
-    }
-
-    key->hitCount = socket->hitCount++;
-    loopin  = inData; 
-    loopout = inDest;
-    left    = inDataLen;
-    rv = CI_OK;
-
-    MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
-    RestoreState (inContext, Decrypt);
-
-    while ((left > 0) && (rv  == CI_OK)) {
-        CK_ULONG current = (left > defaultEncryptSize) 
-	                         ? defaultEncryptSize : left;
-	rv = MACI_Decrypt(hs, current, loopin, loopout);
-	loopin  += current;
-	loopout += current;
-	left    -= current;
-    }
-
-    MACI_Unlock(hs);
-
-    if (rv != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-
-
-    rv = SocketSaveState (inContext, CI_DECRYPT_EXT_TYPE);
-    if (rv != SOCKET_SUCCESS) {
-      return rv;
-    }
-
-
-    return SOCKET_SUCCESS;
-}
-
-int EncryptData (FortezzaContext *inContext, 
-		 CK_BYTE_PTR inData,
-		 CK_ULONG inDataLen, 
-		 CK_BYTE_PTR inDest, 
-		 CK_ULONG inDestLen) {
-    FortezzaSocket *socket = inContext->fortezzaSocket;
-    FortezzaKey    *key    = inContext->fortezzaKey;
-    HSESSION        hs     = socket->maciSession;
-    CK_ULONG        defaultEncryptSize;
-    CK_ULONG        left = inDataLen;
-    CK_BYTE_PTR    loopin, loopout;
-    int             rv = CI_OK;
-    
-    MACI_Select (hs, socket->slotID);
-
-    defaultEncryptSize = (inContext->userRamSize > DEF_ENCRYPT_SIZE) 
-                          ? DEF_ENCRYPT_SIZE : inContext->userRamSize;
-    if (key->keyRegister == KeyNotLoaded) {
-        rv = LoadKeyIntoRegister(key);
-	if (rv == KeyNotLoaded) {
-	    return rv;
-	}
-    }
-
-    key->hitCount = socket->hitCount++;
-    loopin  = inData;
-    loopout = inDest;
-
-    RestoreState (inContext,Encrypt);
-
-    rv = CI_OK;
-    while ((left > 0) && (rv == CI_OK)) {
-      CK_ULONG current = (left > defaultEncryptSize) ? defaultEncryptSize : 
-	                                               left;
-      rv = MACI_Encrypt(hs, current, loopin, loopout);
-      loopin  += current;
-      loopout += current; 
-      left    -= current;
-    }
-
-    if (rv != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-
-    rv = SocketSaveState (inContext, CI_ENCRYPT_EXT_TYPE);
-    if (rv != SOCKET_SUCCESS) {
-      return rv;
-    }
-
-    return SOCKET_SUCCESS;
-}
-
-int WrapKey (FortezzaKey *wrappingKey, FortezzaKey *srcKey,
-	     CK_BYTE_PTR pDest, CK_ULONG ulDestLen) {
-    int ciRV;
-    HSESSION hs = wrappingKey->keySocket->maciSession;
-
-    if (wrappingKey->keyRegister == KeyNotLoaded) {
-      if (LoadKeyIntoRegister(wrappingKey) == KeyNotLoaded) {
-	  return SOCKET_FAILURE;
-      }
-    }
-
-    if (srcKey->id == 0) srcKey->id = wrappingKey->id;
-
-    ciRV = MACI_WrapKey (hs, wrappingKey->keyRegister, 
-			 srcKey->keyRegister, pDest);
-    if (ciRV != CI_OK) {
-        return SOCKET_FAILURE;
-    }
-
-    return SOCKET_SUCCESS;
-}
-
-int UnwrapKey (CK_BYTE_PTR inWrappedKey, FortezzaKey *inUnwrapKey) {
-    int newIndex;
-    int ciRV;
-    FortezzaSocket *socket = inUnwrapKey->keySocket;
-    HSESSION        hs     = socket->maciSession;
-    FortezzaKey    *oldKey;
-
-    if (inUnwrapKey->keyRegister == KeyNotLoaded) {
-        if (LoadKeyIntoRegister(inUnwrapKey) == KeyNotLoaded) {
-	    return KeyNotLoaded;
-	}
-    }
-
-    ciRV = MACI_Select(hs, socket->slotID);
-    if (ciRV != CI_OK) {
-        return KeyNotLoaded;
-    }
-
-    newIndex = GetBestKeyRegister(inUnwrapKey->keySocket);
-    oldKey = socket->keyRegisters[newIndex];
-
-    MACI_Select(hs, socket->slotID);
-    if (oldKey) {
-        oldKey->keyRegister = KeyNotLoaded;
-        socket->keyRegisters[newIndex] = NULL;
-    }
-    MACI_DeleteKey (hs, newIndex);
-    ciRV = MACI_UnwrapKey(hs,inUnwrapKey->keyRegister, newIndex, inWrappedKey);
-    if (ciRV != CI_OK) {
-        inUnwrapKey->keyRegister = KeyNotLoaded;
-	socket->keyRegisters[newIndex] = NULL;
-        return KeyNotLoaded;
-    }
-    
-    return newIndex;
-}
-
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/fortinst.htm
+++ /dev/null
@@ -1,165 +0,0 @@
-<HTML>
-<TITLE>Generic PKCS #11 Installer</TITLE>
-<--
-   - ***** BEGIN LICENSE BLOCK *****
-   - Version: MPL 1.1/GPL 2.0/LGPL 2.1
-   -
-   - The contents of this file are subject to the Mozilla Public License Version
-   - 1.1 (the "License"); you may not use this file except in compliance with
-   - the License. You may obtain a copy of the License at
-   - http://www.mozilla.org/MPL/
-   -
-   - Software distributed under the License is distributed on an "AS IS" basis,
-   - WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-   - for the specific language governing rights and limitations under the
-   - License.
-   -
-   - The Original Code is the Netscape security libraries.
-   -
-   - The Initial Developer of the Original Code is
-   - Netscape Communications Corporation.
-   - Portions created by the Initial Developer are Copyright (C) 1994-2000
-   - the Initial Developer. All Rights Reserved.
-   -
-   - Contributor(s):
-   -
-   - Alternatively, the contents of this file may be used under the terms of
-   - either the GNU General Public License Version 2 or later (the "GPL"), or
-   - the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-   - in which case the provisions of the GPL or the LGPL are applicable instead
-   - of those above. If you wish to allow use of your version of this file only
-   - under the terms of either the GPL or the LGPL, and not to allow others to
-   - use your version of this file under the terms of the MPL, indicate your
-   - decision by deleting the provisions above and replace them with the notice
-   - and other provisions required by the GPL or the LGPL. If you do not delete
-   - the provisions above, a recipient may use your version of this file under
-   - the terms of any one of the MPL, the GPL or the LGPL.
-   -
-   - ***** END LICENSE BLOCK ***** -->
-
-<SCRIPT>
-// Crypto Mechanism Flags 
-PKCS11_MECH_RSA_FLAG           =  0x1<<0; 
-PKCS11_MECH_DSA_FLAG           =  0x1<<1; 
-PKCS11_MECH_RC2_FLAG           =  0x1<<2; 
-PKCS11_MECH_RC4_FLAG           =  0x1<<3; 
-PKCS11_MECH_DES_FLAG           =  0x1<<4; 
-PKCS11_MECH_DH_FLAG            =  0x1<<5; //Diffie-Hellman 
-PKCS11_MECH_SKIPJACK_FLAG      =  0x1<<6; //SKIPJACK algorithm as in Fortezza cards 
-PKCS11_MECH_RC5_FLAG           =  0x1<<7; 
-PKCS11_MECH_SHA1_FLAG          =  0x1<<8; 
-PKCS11_MECH_MD5_FLAG           =  0x1<<9; 
-PKCS11_MECH_MD2_FLAG           =  0x1<<10; 
-PKCS11_MECH_RANDOM_FLAG        =  0x1<<27; //Random number generator 
-PKCS11_PUB_READABLE_CERT_FLAG  =  0x1<<28; //Stored certs can be read off the token w/o logging in 
-PKCS11_DISABLE_FLAG            =  0x1<<30; //tell Navigator to disable this slot by default 
-
-// Important: 
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved 
-// for internal use in Navigator. 
-// Therefore, these bits should always be set to 0; otherwise, 
-// Navigator might exhibit unpredictable behavior. 
-
-// These flags indicate which mechanisms should be turned on by 
-pkcs11MechanismFlags = 0;
-  
-
-// Ciphers that support SSL or S/MIME 
-PKCS11_CIPHER_FORTEZZA_FLAG    = 0x1<<0; 
-
-// Important: 
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved 
-// for internal use in Navigator. 
-// Therefore, these bits should ALWAYS be set to 0; otherwise, 
-// Navigator might exhibit unpredictable behavior. 
-
-// These flags indicate which SSL ciphers are supported 
-pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG; 
-  
-
-// Return values of pkcs11.addmodule() & pkcs11.delmodule() 
-// success codes 
-JS_OK_ADD_MODULE                 = 3 // Successfully added a module 
-JS_OK_DEL_EXTERNAL_MODULE        = 2 // Successfully deleted ext. module 
-JS_OK_DEL_INTERNAL_MODULE        = 1 // Successfully deleted int. module 
-
-// failure codes 
-JS_ERR_OTHER                     = -1 // Other errors than the followings 
-JS_ERR_USER_CANCEL_ACTION        = -2 // User abort an action 
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect # of arguments 
-JS_ERR_DEL_MODULE                = -4 // Error deleting a module 
-JS_ERR_ADD_MODULE                = -5 // Error adding a module 
-JS_ERR_BAD_MODULE_NAME           = -6 // The module name is invalid 
-JS_ERR_BAD_DLL_NAME              = -7 // The DLL name is bad 
-JS_ERR_BAD_MECHANISM_FLAGS       = -8 // The mechanism flags are invalid 
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS   = -9 // The SSL, S/MIME cipher flags are invalid 
-
-var new_window;
-var has_new_window = 0;
-
-function HandleCipher(checkBox) {
-	if (checkBox.checked) {
-		pkcs11MechanismFlags |= checkBox.value;
-	} else {
-		pkcs11MechanismFlags &= ~checkBox.value;
-	}
-}
-
-function HandleSSL(checkBox) {
-	if (checkBox.checked) {
-		pkcs11CipherFlags |= checkBox.value;
-	} else {
-		pkcs11CipherFlags &= ~checkBox.value;
-	}
-}
-
-function colonize(string) {
-	len = string.length;
-	end = len -1;
-
-	if (len == 0) return string;
-
-
-	for (i=0; i < len; i++) {
-	   if (string.charAt(i) == "/") {
-		if (i == 0) {
-		    new_string = ":" + string.substring(1,len);
-		} else if (i == end) {
-		    new_string = string.substring(0,i)+':';
-		} else {
-		    new_string = string.substring(0,i)+':'+
-						string.substring(i+1,len);
-		}
-		string = new_string;
-	   }
-	}
-
-	if (string.charAt(0) == ":") string = string.substring(1,len);
-	return string;
-}
-
-function DoInstall(name,module) {
-	if ((navigator.platform == "MacPPC") 
-			|| (navigator.platform == "Mac68K")) {
-	    module = colonize(module);
-	}
-	result = pkcs11.addmodule(name, module, 
-			pkcs11MechanismFlags, pkcs11CipherFlags); 
-	if ( result < 0) { 
-	  window.alert("New module setup failed.  Error code: " + result); 
-	}
-	if (has_new_window) new_window.close();
-}
-
-default_name = "Netscape FORTEZZA Module"
-
-default_module = "D:/dogbert/ns/dist/WIN32_D.OBJ/bin/fort32.dll"
-document.writeln("<FORM name=instform target=_self> <H2>FORTEZZA PKCS #11 Installer version 1.5</H2>");
-document.writeln(" Module name: <Input Type=Text Name=modName value=\""+default_name+"\" size=50 required><br>");
-document.writeln(" Module Library: <Input Type=FILE required Name=module><br>");
-document.writeln("<i>Note: If you use the browse button, be sure to change the filter to show all the files (*), not just the HTML files (*.html).</i><p>");
-document.writeln("<hr>");
-document.write("<Input type=submit Name=Install Value=Install onclick=DoInstall(");
-document.writeln(  "document.instform.modName.value,document.instform.module.value) >");
-document.writeln("</FORM>");
-</SCRIPT>
deleted file mode 100644
--- a/security/nss/lib/fortcrypt/fortpk11.c
+++ /dev/null
@@ -1,4540 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "fpkmem.h"
-#include "seccomon.h"
-#include "fpkcs11.h"
-#include "fpkcs11i.h"
-#include "cryptint.h"
-#include "pk11func.h"
-#include "fortsock.h"
-#include "fmutex.h"
-#ifdef notdef
-#include <ctype.h>
-#include <stdio.h>
-#endif
-
-/* sigh */
-#ifndef EOF
-/* stdio was not included */
-extern int sprintf(char *out, char *fmt, ...);
-#endif
-
-#ifdef XP_MAC 
-#ifndef __POWERPC__
-#include <A4Stuff.h>
-#endif
-
-
-/* This is not a 4.0 project, so I can't depend on
- * 4.0 defines, so instead I depend on CodeWarrior 
- * defines.  I define XP_MAC in fpkmem.h
- */
-#if __POWERPC__
-#elif __CFM68K__
-#else
-/* These include are taken fromn npmac.cpp which are used
- * by the plugin group to properly set-up a plug-in for 
- * dynamic loading on 68K.
- */
-
-#include <Quickdraw.h>
-
-/*
-** The Mixed Mode procInfos defined in npupp.h assume Think C-
-** style calling conventions.  These conventions are used by
-** Metrowerks with the exception of pointer return types, which
-** in Metrowerks 68K are returned in A0, instead of the standard
-** D0. Thus, since NPN_MemAlloc and NPN_UserAgent return pointers,
-** Mixed Mode will return the values to a 68K plugin in D0, but 
-** a 68K plugin compiled by Metrowerks will expect the result in
-** A0.  The following pragma forces Metrowerks to use D0 instead.
-*/
-#ifdef __MWERKS__
-#ifndef powerc
-#pragma pointers_in_D0
-#endif
-#endif
-
-#ifdef __MWERKS__
-#ifndef powerc
-#pragma pointers_in_A0
-#endif
-#endif
-
-/* The following fix for static initializers fixes a previous
-** incompatibility with some parts of PowerPlant.
-*/
-#ifdef __MWERKS__
-#ifdef __cplusplus
-    extern "C" {
-#endif
-#ifndef powerc
-    extern void	__InitCode__(void);
-#else
-    extern void __sinit(void);
-#endif
-    extern void	__destroy_global_chain(void);
-#ifdef __cplusplus
-    }
-#endif /* __cplusplus */
-#endif /* __MWERKS__ */
-
-#endif
-#endif
-
-
-typedef struct {
-   unsigned char *data;
-   int len;
-} CertItem;
-
-
-/*
- * ******************** Static data *******************************
- */
-
-/* The next three strings must be exactly 32 characters long */
-static char *manufacturerID      = "Netscape Communications Corp    ";
-static char *libraryDescription  = "Communicator Fortezza Crypto Svc";
-
-typedef enum {DSA_KEY, KEA_KEY, V1_KEY, INVALID_KEY } PrivKeyType;
-
-static PK11Slot           fort11_slot[NUM_SLOTS];
-static FortezzaSocket     fortezzaSockets[NUM_SLOTS];
-static PRBool             init = PR_FALSE;
-static CK_ULONG           kNumSockets    = 0;
-
-#define __PASTE(x,y)    x##y
- 
- 
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef CK_NEED_ARG_LIST
-#undef _CK_RV
-
-#define fort11_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
-#define fort11_SlotFromSession  pk11_SlotFromSession
-#define fort11_isToken          pk11_isToken
-
-static CK_FUNCTION_LIST fort11_funcList = {
-    { 2, 1 },
- 
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef CK_NEED_ARG_LIST
-#undef _CK_RV
- 
-#define CK_EXTERN
-#define CK_FUNC(name) name,
-#define _CK_RV
- 
-#include "fpkcs11f.h"
- 
-};
- 
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef _CK_RV
- 
- 
-#undef __PASTE
-#undef pk11_SlotFromSessionHandle
-#undef pk11_SlotFromID
-
-#define MAJOR_VERSION_MASK 0xFF00
-#define MINOR_VERSION_MASK 0x00FF
-
-/* Mechanisms */
-struct mechanismList {
-    CK_MECHANISM_TYPE	type;
-    CK_MECHANISM_INFO	domestic;
-    PRBool              privkey; 
-};
-
-static struct mechanismList mechanisms[] = {
-     {CKM_DSA,              {512,1024,CKF_SIGN},                 PR_TRUE},
-     {CKM_SKIPJACK_KEY_GEN, {92, 92, CKF_GENERATE},              PR_TRUE},
-     {CKM_SKIPJACK_CBC64,   {92, 92, CKF_ENCRYPT | CKF_DECRYPT}, PR_TRUE},
-     {CKM_SKIPJACK_WRAP,    {92, 92, CKF_WRAP},                  PR_TRUE},
-     {CKM_KEA_KEY_DERIVE,   {128, 128, CKF_DERIVE},              PR_TRUE},
-};
-static CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
-
-/*************Static function prototypes********************************/
-static PRBool          fort11_isTrue(PK11Object *object,CK_ATTRIBUTE_TYPE type);
-static void            fort11_FreeAttribute(PK11Attribute *attribute);
-static void            fort11_DestroyAttribute(PK11Attribute *attribute);
-static PK11Object*     fort11_NewObject(PK11Slot *slot);
-static PK11FreeStatus  fort11_FreeObject(PK11Object *object);
-static CK_RV           fort11_AddAttributeType(PK11Object *object,
-					     CK_ATTRIBUTE_TYPE type,
-					     void *valPtr,
-					     CK_ULONG length);
-static void            fort11_AddSlotObject(PK11Slot *slot, PK11Object *object);
-static PK11Attribute*  fort11_FindAttribute(PK11Object *object,
-					  CK_ATTRIBUTE_TYPE type);
-static PK11Attribute*  fort11_NewAttribute(CK_ATTRIBUTE_TYPE type, 
-					 CK_VOID_PTR value, CK_ULONG len);
-static void            fort11_DeleteAttributeType(PK11Object *object,
-						CK_ATTRIBUTE_TYPE type);
-static void            fort11_AddAttribute(PK11Object *object,
-					 PK11Attribute *attribute);
-static void            fort11_AddObject(PK11Session *session, 
-				      PK11Object *object);
-static PK11Object *    fort11_ObjectFromHandle(CK_OBJECT_HANDLE handle, 
-					     PK11Session *session);
-static void            fort11_DeleteObject(PK11Session *session,PK11Object *object);
-static CK_RV           fort11_DestroyObject(PK11Object *object);
-void   fort11_FreeSession(PK11Session *session);
-
-#define FIRST_SLOT_SESS_ID   0x00000100L
-#define ADD_NEXT_SESS_ID     0x00000100L
-#define SLOT_MASK            0x000000FFL
-
-#define FAILED CKR_FUNCTION_FAILED
-
-static void
-fort11_FreeFortezzaKey (void *inFortezzaKey) {
-    RemoveKey ((FortezzaKey*) inFortezzaKey);
-}
-
-static void
-fort11_DestroySlotObjects (PK11Slot *slot, PK11Session *session) {
-    PK11Object *currObject, *nextObject = NULL, *oldObject;
-    int i;
-
-    for (i=0; i<HASH_SIZE; i++) {
-      currObject = slot->tokObjects[i];
-      slot->tokObjects[i] = NULL;
-      do {
-	  FMUTEX_Lock(slot->sessionLock);
-
-	  if (currObject) {
-	      nextObject = currObject->next;
-	      FMUTEX_Lock(currObject->refLock);
-	      currObject->refCount++;
-	      FMUTEX_Unlock(currObject->refLock);
-	      fort11_DeleteObject(session, currObject);
-	  }
-	  FMUTEX_Unlock(slot->sessionLock);
-	  if (currObject) {
-	      oldObject = currObject;
-	      currObject = nextObject;
-	      fort11_FreeObject(oldObject);
-	  }
-      } while (currObject != NULL);
-    }
-}
-
-static void
-fort11_TokenRemoved(PK11Slot *slot, PK11Session *session) {
-    FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
-
-    LogoutFromSocket (socket);
-    slot->isLoggedIn = PR_FALSE;
-    if (session && session->notify) { 
-        /*If no session pointer exists, lots of leaked memory*/
-        session->notify (session->handle, CKN_SURRENDER,
-			 session->appData);
-	fort11_FreeSession(session); /* Release the reference held
-				      * by the slot with the session
-				      */
-    }
-
-    fort11_DestroySlotObjects(slot, session);
-    fort11_FreeSession(session); /* Release the reference held
-				  * by the slot with the session
-				  */
-
-    /* All keys will have been freed at this point so we can
-     * NULL out this pointer
-     */
-    socket->keys = NULL;
-
-}
-
-PRBool
-fort11_FortezzaIsUserCert(unsigned char * label) {
-
-    if ( (!PORT_Memcmp(label, "KEAK", 4)) ||   /* v3 user certs */
-         (!PORT_Memcmp(label, "DSA1", 4)) ||
-	 (!PORT_Memcmp(label, "DSAI", 4)) ||
-         (!PORT_Memcmp(label, "DSAO", 4)) ||
-         (!PORT_Memcmp(label, "INKS", 4)) ||   /* v1 user certs */ 
-         (!PORT_Memcmp(label, "INKX", 4)) ||
-         (!PORT_Memcmp(label, "ONKS", 4)) ||
-         (!PORT_Memcmp(label, "ONKX", 4)) ||
-         (!PORT_Memcmp(label, "3IXS", 4)) ||   /* old v3 user certs */
-         (!PORT_Memcmp(label, "3OXS", 4)) ||
-         (!PORT_Memcmp(label, "3IKX", 4)) ) {  
-
-         return PR_TRUE;
-
-    } else { return PR_FALSE; }
-    
-}
-
-static PRBool
-fort11_FortezzaIsACert(unsigned char * label) {
-    if (label == NULL) return PR_FALSE;
-
-    if ( (!PORT_Memcmp(label, "DSA1", 4)) ||   /* v3 certs */
-         (!PORT_Memcmp(label, "DSAI", 4)) ||
-	 (!PORT_Memcmp(label, "DSAO", 4)) || 
-         (!PORT_Memcmp(label, "DSAX", 4)) ||
-         (!PORT_Memcmp(label, "KEAK", 4)) ||
-         (!PORT_Memcmp(label, "KEAX", 4)) ||
-         (!PORT_Memcmp(label, "CAX1", 4)) ||
-         (!PORT_Memcmp(label, "PCA1", 4)) ||
-         (!PORT_Memcmp(label, "PAA1", 4)) ||
-         (!PORT_Memcmp(label, "ICA1", 4)) ||
-
-         (!PORT_Memcmp(label, "3IXS", 4)) ||   /* old v3 certs */    
-         (!PORT_Memcmp(label, "3OXS", 4)) ||    
-         (!PORT_Memcmp(label, "3CAX", 4)) ||
-         (!PORT_Memcmp(label, "3IKX", 4)) ||
-         (!PORT_Memcmp(label, "3PCA", 4)) ||
-         (!PORT_Memcmp(label, "3PAA", 4)) ||
-         (!PORT_Memcmp(label, "3ICA", 4)) ||
-
-         (!PORT_Memcmp(label, "INKS", 4)) ||   /* v1 certs */    
-         (!PORT_Memcmp(label, "INKX", 4)) ||
-         (!PORT_Memcmp(label, "ONKS", 4)) ||
-         (!PORT_Memcmp(label, "ONKX", 4)) ||
-         (!PORT_Memcmp(label, "RRXX", 4)) ||
-         (!PORT_Memcmp(label, "RTXX", 4)) ||
-         (!PORT_Memcmp(label, "LAXX", 4)) ) {  
-
-         return PR_TRUE;
-
-    } 
-
-    return PR_FALSE; 
-}
- 
-static 
-int fort11_cert_length(unsigned char *buf, int length) {
-    unsigned char tag;
-    int used_length= 0;
-    int data_length;
-
-    tag = buf[used_length++];
-
-    /* blow out when we come to the end */
-    if (tag == 0) {
-	return 0;
-    }
-
-    data_length = buf[used_length++];
-
-    if (data_length&0x80) {
-	int  len_count = data_length & 0x7f;
-
-	data_length = 0;
-
-	while (len_count-- > 0) {
-	    data_length = (data_length << 8) | buf[used_length++];
-	} 
-    }
-
-    if (data_length > (length-used_length) ) {
-	return length;
-    }
-
-    return (data_length + used_length);	
-}
-
-unsigned char *fort11_data_start(unsigned char *buf, int length, 
-				 int *data_length, PRBool includeTag) {
-    unsigned char tag;
-    int used_length= 0;
-
-    tag = buf[used_length++];
-
-    /* blow out when we come to the end */
-    if (tag == 0) {
-	return NULL;
-    }
-
-    *data_length = buf[used_length++];
-
-    if (*data_length&0x80) {
-	int  len_count = *data_length & 0x7f;
-
-	*data_length = 0;
-
-	while (len_count-- > 0) {
-	    *data_length = (*data_length << 8) | buf[used_length++];
-	} 
-    }
-
-    if (*data_length > (length-used_length) ) {
-	*data_length = length-used_length;
-	return NULL;
-    }
-    if (includeTag) *data_length += used_length;
-
-    return (buf + (includeTag ? 0 : used_length));	
-}
-
-int
-fort11_GetCertFields(unsigned char *cert,int cert_length,CertItem *issuer,
-		     CertItem *serial,CertItem *subject)
-{
-	unsigned char *buf;
-	int buf_length;
-	unsigned char *date;
-	int datelen;
-
-	/* get past the signature wrap */
-	buf = fort11_data_start(cert,cert_length,&buf_length,PR_FALSE);
-	if (buf == NULL) return FAILED;
-	/* get into the raw cert data */
-	buf = fort11_data_start(buf,buf_length,&buf_length,PR_FALSE);
-	if (buf == NULL) return FAILED;
-	/* skip past any optional version number */
-        if ((buf[0] & 0xa0) == 0xa0) {
-            date = fort11_data_start(buf,buf_length,&datelen,PR_FALSE);
-            if (date == NULL) return FAILED;
-            buf_length -= (date-buf) + datelen;
-            buf = date + datelen;
-        }
-        /* serial number */
-	serial->data = fort11_data_start(buf,buf_length,&serial->len,PR_FALSE);
-	if (serial->data == NULL) return FAILED;
-	buf_length -= (serial->data-buf) + serial->len;
-	buf = serial->data + serial->len;
-	/* skip the OID */
-	date = fort11_data_start(buf,buf_length,&datelen,PR_FALSE);
-	if (date == NULL) return FAILED;
-	buf_length -= (date-buf) + datelen;
-	buf = date + datelen;
-	/* issuer */
-	issuer->data = fort11_data_start(buf,buf_length,&issuer->len,PR_TRUE);
-	if (issuer->data == NULL) return FAILED;
-	buf_length -= (issuer->data-buf) + issuer->len;
-	buf = issuer->data + issuer->len;
-	/* skip the date */
-	date = fort11_data_start(buf,buf_length,&datelen,PR_FALSE);
-	if (date == NULL) return FAILED;
-	buf_length -= (date-buf) + datelen;
-	buf = date + datelen;
-	/*subject */
-	subject->data=fort11_data_start(buf,buf_length,&subject->len,PR_TRUE);
-	if (subject->data == NULL) return FAILED;
-	buf_length -= (subject->data-buf) + subject->len;
-	buf = subject->data +subject->len;
-	/*subject */
-	return CKR_OK;
-}
-
-/* quick tohex function to get rid of scanf */
-static
-int fort11_tohex(char *s) {
-    int val = 0;
-
-    for(;*s;s++) {
-	if ((*s >= '0') && (*s <= '9')) {
-	    val = (val << 4) + (*s - '0');
-	    continue;
-	} else if ((*s >= 'a') && (*s <= 'f')) {
-	    val = (val << 4) + (*s - 'a') + 10;
-	    continue;
-	} else if ((*s >= 'A') && (*s <= 'F')) {
-	    val = (val << 4) + (*s - 'A') + 10;
-	    continue;
-	}
-	break;
-    }
-    return val;
-}
-
-/* only should be called for V3 KEA cert labels. */
-
-static int
-fort11_GetSibling(CI_CERT_STR label)  {
-
-	int value = 0;
-        char s[3];
-
-        label +=4;
-
-        strcpy(s,"00");
-        memcpy(s, label, 2);
-	value = fort11_tohex(s);
-        
-	/*  sibling of 255 means no sibling */
-        if (value == 255) {
-	    value = -1;
-	}
-
-	return value;
-}
-
-
-static PrivKeyType
-fort11_GetKeyType(CI_CERT_STR label) { 
-    if (label == NULL) return INVALID_KEY;
-
-    if ( (!PORT_Memcmp(label, "DSA1", 4)) ||   /* v3 certs */ 
-         (!PORT_Memcmp(label, "DSAI", 4)) ||
-	 (!PORT_Memcmp(label, "DSAO", 4)) ||
-         (!PORT_Memcmp(label, "3IXS", 4)) ||   /* old v3 certs */ 
-         (!PORT_Memcmp(label, "3OXS", 4)) ) {
-
-        return DSA_KEY;
-    }
-
-
-    if ( (!PORT_Memcmp(label, "KEAK", 4)) || 
-         (!PORT_Memcmp(label, "3IKX", 4)) ) {
-        return KEA_KEY;
-    }
- 
-    if ( (!PORT_Memcmp(label, "INKS", 4)) ||  /* V1 Certs*/
-         (!PORT_Memcmp(label, "INKX", 4)) ||
-         (!PORT_Memcmp(label, "ONKS", 4)) ||
-         (!PORT_Memcmp(label, "ONKX", 4)) ||  
-         (!PORT_Memcmp(label, "RRXX", 4)) ||
-         (!PORT_Memcmp(label, "RTXX", 4)) ||
-         (!PORT_Memcmp(label, "LAXX", 4)) ) { 
-
-         return V1_KEY;
-    }
-
-    return INVALID_KEY;
-} 
-
-static CK_RV
-fort11_ConvertToDSAKey(PK11Object *privateKey, PK11Slot *slot) {
-    CK_KEY_TYPE     key_type  = CKK_DSA;
-    CK_BBOOL        cktrue    = TRUE;
-    CK_BBOOL        ckfalse   = FALSE;
-    CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
-    CK_CHAR         label[]   = "A DSA Private Key";
-
-
-    /* Fill in the common Default values */
-    if (fort11_AddAttributeType(privateKey,CKA_START_DATE, NULL, 0) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey,CKA_END_DATE, NULL, 0) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey,CKA_SUBJECT, NULL, 0) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_CLASS, &privClass, 
-			      sizeof (CK_OBJECT_CLASS)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_KEY_TYPE, &key_type, 
-			      sizeof(CK_KEY_TYPE)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType (privateKey, CKA_TOKEN, &cktrue, 
-			      sizeof (CK_BBOOL)) != CKR_OK) {
-       return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType (privateKey, CKA_LABEL, label,
-			       PORT_Strlen((char*)label)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_SENSITIVE, &cktrue, 
-			      sizeof (CK_BBOOL)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_SIGN, &cktrue, 
-			      sizeof (CK_BBOOL)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_AddAttributeType(privateKey, CKA_DERIVE, &cktrue,
-			      sizeof(cktrue)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_LOCAL, &ckfalse,
-			      sizeof(ckfalse)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_DECRYPT, &ckfalse,
-			      sizeof(ckfalse)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_SIGN_RECOVER, &ckfalse,
-			      sizeof(ckfalse)) != CKR_OK) {
- 	return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_UNWRAP, &ckfalse,
-			      sizeof(ckfalse)) != CKR_OK) {
- 	return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_EXTRACTABLE, &ckfalse,
-			      sizeof(ckfalse))  != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_ALWAYS_SENSITIVE, &cktrue,
-			      sizeof(cktrue)) != CKR_OK) {
-       return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_NEVER_EXTRACTABLE, &cktrue,
-			      sizeof(ckfalse)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_PRIME, NULL, 0) != CKR_OK){
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_SUBPRIME, NULL, 0) != CKR_OK){
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_BASE, NULL, 0) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_VALUE, NULL, 0) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_PRIVATE, &cktrue,
-			      sizeof(cktrue)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_MODIFIABLE,&ckfalse,
-			      sizeof(ckfalse)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-
-    FMUTEX_Lock(slot->objectLock);
-    privateKey->handle = slot->tokenIDCount++;
-    privateKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
-    FMUTEX_Unlock(slot->objectLock);
-    privateKey->objclass = privClass;
-    privateKey->slot = slot;
-    privateKey->inDB = PR_TRUE;
-
-
-    return CKR_OK;
-}
-
-static int
-fort11_LoadRootPAAKey(PK11Slot *slot, PK11Session *session) {
-    CK_OBJECT_CLASS theClass   = CKO_SECRET_KEY;
-    int              id      = 0;
-    CK_BBOOL         True    = TRUE;
-    CK_BBOOL          False   = FALSE;
-    CK_CHAR          label[] = "Trusted Root PAA Key";
-    PK11Object      *rootKey;
-    FortezzaKey     *newKey;
-    FortezzaSocket *socket  = &fortezzaSockets[slot->slotID-1];
-    
-    /*Don't know the key type.  Does is matter?*/
-
-    rootKey = fort11_NewObject(slot);
-
-    if (rootKey == NULL) {
-        return CKR_HOST_MEMORY;
-    }
-
-    if (fort11_AddAttributeType(rootKey, CKA_CLASS, &theClass,
-			      sizeof(theClass)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_AddAttributeType(rootKey, CKA_TOKEN, &True,
-			      sizeof(True)) != CKR_OK) {        
-	return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_AddAttributeType(rootKey, CKA_LABEL, label,
-			      sizeof(label)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_AddAttributeType(rootKey, CKA_PRIVATE, &True,
-			      sizeof (True)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_AddAttributeType(rootKey,CKA_MODIFIABLE, &False, 
-			      sizeof(False)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-    
-    if (fort11_AddAttributeType(rootKey, CKA_ID, &id,
-			      sizeof(int)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_AddAttributeType(rootKey, CKA_DERIVE, &True,
-			      sizeof(True)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_AddAttributeType(rootKey, CKA_SENSITIVE, &True,
-			      sizeof(True)) != CKR_OK) {
-	return CKR_GENERAL_ERROR;
-    }
-
-    FMUTEX_Lock(slot->objectLock);
-    rootKey->handle = slot->tokenIDCount++;
-    rootKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
-    FMUTEX_Unlock(slot->objectLock);
-
-    rootKey->objclass = theClass;
-    rootKey->slot = slot;
-    rootKey->inDB = PR_TRUE;
-
-    newKey = NewFortezzaKey(socket, Ks, NULL, 0);
-    if (newKey == NULL) {
-        fort11_FreeObject(rootKey);
-        return CKR_HOST_MEMORY;
-    }
-
-    rootKey->objectInfo = (void*)newKey;
-    rootKey->infoFree   = fort11_FreeFortezzaKey;
-    fort11_AddObject(session, rootKey);
-
-    return CKR_OK;
-}
-
-static CK_RV
-fort11_ConvertToKEAKey (PK11Object *privateKey, PK11Slot *slot) {
-    CK_OBJECT_CLASS theClass   = CKO_PRIVATE_KEY;
-    CK_KEY_TYPE     keyType = CKK_KEA;
-    CK_CHAR         label[] = "A KEA private key Object";
-    CK_BBOOL        True    = TRUE;
-    CK_BBOOL        False   = FALSE;
-
-    if (fort11_AddAttributeType(privateKey, CKA_CLASS, &theClass,
-			      sizeof (CK_OBJECT_CLASS)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_KEY_TYPE, &keyType,
-			      sizeof (CK_KEY_TYPE)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_TOKEN, &True, 
-			      sizeof(CK_BBOOL)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType (privateKey, CKA_LABEL, label,
-			       PORT_Strlen((char*)label)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType (privateKey, CKA_SENSITIVE, 
-			       &True, sizeof(CK_BBOOL)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }    
-    if (fort11_AddAttributeType (privateKey, CKA_DERIVE, 
-			       &True, sizeof(CK_BBOOL)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_PRIVATE, &True,
-			      sizeof(True)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_START_DATE, NULL, 0) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    } 
-    if (fort11_AddAttributeType(privateKey, CKA_END_DATE, NULL, 0) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-    if (fort11_AddAttributeType(privateKey, CKA_LOCAL, &False,
-			      sizeof(False)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-
-    FMUTEX_Lock(slot->objectLock);
-    privateKey->handle = slot->tokenIDCount++;
-    privateKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
-    FMUTEX_Unlock(slot->objectLock);
-    privateKey->objclass = theClass;
-    privateKey->slot = slot;
-    privateKey->inDB = PR_TRUE;
-
-    return CKR_OK;
-}
-
-static CK_RV
-fort11_ConvertToV1Key (PK11Object* privateKey, PK11Slot *slot) {
-    CK_RV    rv;
-    CK_BBOOL True = TRUE;
-
-    rv = fort11_ConvertToDSAKey(privateKey, slot);
-    if (rv != CKR_OK) {
-        return rv;
-    }
-
-    if (fort11_AddAttributeType(privateKey, CKA_DERIVE, &True, 
-			      sizeof (CK_BBOOL)) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-
-    return CKR_OK;
-}
-
-static CK_RV
-fort11_NewPrivateKey(PK11Object *privKeyObject, PK11Slot *slot,CI_PERSON currPerson) {
-  PrivKeyType keyType = fort11_GetKeyType(currPerson.CertLabel);
-  CK_RV       rv;
-
-  switch (keyType) {
-  case DSA_KEY:
-    rv = fort11_ConvertToDSAKey(privKeyObject, slot);
-    break;
-  case KEA_KEY:
-    rv = fort11_ConvertToKEAKey(privKeyObject, slot);
-    break;
-  case V1_KEY:
-    rv = fort11_ConvertToV1Key(privKeyObject, slot);
-    break;
-  default:
-    rv = CKR_GENERAL_ERROR;
-    break;
-  }
-  return rv;
-}
-
-
-PRBool
-fort11_LoadCertObjectForSearch(CI_PERSON currPerson, PK11Slot *slot, 
-			PK11Session *session, CI_PERSON *pers_array) {
-    PK11Object          *certObject, *privKeyObject;
-    PK11Attribute       *attribute, *newAttribute;
-    int                  ci_rv;
-    CI_CERTIFICATE       cert;
-    CK_OBJECT_CLASS      certClass = CKO_CERTIFICATE;
-    CK_CERTIFICATE_TYPE  certType  = CKC_X_509;
-    CK_BBOOL             cktrue    = TRUE;
-    CK_BBOOL             ckfalse   = FALSE;
-    CertItem             issuer, serial, subject;
-    int			 certSize;
-    char                 nickname[50];
-    char                *cursor; 
-    PrivKeyType		 priv_key;
-    int			 sibling;
-  
-
-    certObject = fort11_NewObject(slot);
-    if (certObject == NULL)
-        return PR_FALSE;
-
-    ci_rv = MACI_GetCertificate (fortezzaSockets[slot->slotID-1].maciSession,
-				 currPerson.CertificateIndex, cert);
-    if (ci_rv != CI_OK){
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-
-    ci_rv = fort11_GetCertFields(cert,CI_CERT_SIZE,&issuer,&serial,&subject);
-
-    if (ci_rv != CKR_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-
-    if (fort11_AddAttributeType(certObject, CKA_CLASS, &certClass,
-			      sizeof (CK_OBJECT_CLASS)) != CKR_OK) {
-        fort11_FreeObject (certObject);
-	return PR_FALSE;
-    }
-    if (fort11_AddAttributeType(certObject, CKA_TOKEN, &cktrue,
-			      sizeof (CK_BBOOL)) != CKR_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-    if (fort11_AddAttributeType(certObject, CKA_PRIVATE, &ckfalse,
-			      sizeof (CK_BBOOL)) != CKR_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-
-    
-    /* check if the label represents a KEA key. if so, the
-       nickname should be made the same as the corresponding DSA
-       sibling cert. */
-        
-    priv_key = fort11_GetKeyType(currPerson.CertLabel);
-
-    if (priv_key == KEA_KEY) {
-	sibling = fort11_GetSibling(currPerson.CertLabel);
-
-	/* check for failure of fort11_GetSibling.  also check that
-	   the sibling is not zero.  */
-
-	if (sibling > 0) {
-	    /* assign the KEA cert label to be the same as the
-	       sibling DSA label */
-
-	    sprintf (nickname, "%s", &pers_array[sibling-1].CertLabel[8] );
-	} else {
-	    sprintf (nickname, "%s", &currPerson.CertLabel[8]);
-	}
-    } else {
-        sprintf (nickname, "%s", &currPerson.CertLabel[8]);
-    }
-
-    cursor = nickname+PORT_Strlen(nickname)-1;
-    while ((*cursor) == ' ') {
-        cursor--;
-    }
-    cursor[1] = '\0';
-    if (fort11_AddAttributeType(certObject, CKA_LABEL, nickname,
-			      PORT_Strlen(nickname)) != CKR_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-
- 
-
-    if (fort11_AddAttributeType(certObject, CKA_CERTIFICATE_TYPE, &certType,
-			      sizeof(CK_CERTIFICATE_TYPE)) != CKR_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-    certSize = fort11_cert_length(cert,CI_CERT_SIZE);
-    if (fort11_AddAttributeType (certObject, CKA_VALUE, cert, certSize)
-	                                                        != CI_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-    if (fort11_AddAttributeType(certObject, CKA_ISSUER, issuer.data,
-			  issuer.len) != CKR_OK) {
-        fort11_FreeObject (certObject);
-	return PR_FALSE;
-    }
-    if (fort11_AddAttributeType(certObject, CKA_SUBJECT, subject.data,
-			      subject.len) != CKR_OK) {
-        fort11_FreeObject (certObject);
-	return PR_FALSE;
-    }
-    if (fort11_AddAttributeType(certObject, CKA_SERIAL_NUMBER,
-			      serial.data, serial.len) != CKR_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-    /*Change this to a byte array later*/
-    if (fort11_AddAttributeType(certObject, CKA_ID, 
-				&currPerson.CertificateIndex,
-				sizeof(int)) != CKR_OK) {
-        fort11_FreeObject(certObject);
-	return PR_FALSE;
-    }
-    certObject->objectInfo = NULL;
-    certObject->infoFree   = NULL;
-
-    certObject->objclass = certClass;
-    certObject->slot  = slot;
-    certObject->inDB  = PR_TRUE;
-
-    FMUTEX_Lock(slot->objectLock);
-      
-    certObject->handle  = slot->tokenIDCount++;
-    certObject->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_CERT);
-
-    FMUTEX_Unlock(slot->objectLock);
-
-    if (fort11_FortezzaIsUserCert (currPerson.CertLabel)) {
-        privKeyObject = fort11_NewObject(slot);
-        if (fort11_NewPrivateKey(privKeyObject, slot, currPerson) != CKR_OK) {
-	    fort11_FreeObject(privKeyObject);
-	    fort11_FreeObject(certObject);
-	    return PR_FALSE;
-	}
-	if(fort11_AddAttributeType(privKeyObject,CKA_ID,
-				 &currPerson.CertificateIndex,
-				 sizeof(int)) != CKR_OK) {
-	    fort11_FreeObject(privKeyObject);
-	    fort11_FreeObject(certObject);
-	    return PR_FALSE;
-	}	    
-	attribute = fort11_FindAttribute(certObject,CKA_SUBJECT);
-	newAttribute=
-	  fort11_NewAttribute(pk11_attr_expand(&attribute->attrib));
-	fort11_FreeAttribute(attribute);
-	if (newAttribute != NULL) {
-	    fort11_DeleteAttributeType(privKeyObject,
-				     CKA_SUBJECT);
-	    fort11_AddAttribute(privKeyObject,
-			      newAttribute);
-	}
-	fort11_AddObject (session, privKeyObject);
-    }
-
-
-    fort11_AddObject (session, certObject);
-
-    
-    return PR_TRUE;
-}
-
-#define TRUSTED_PAA "00000000Trusted Root PAA"
-
-static int
-fort11_BuildCertObjects(FortezzaSocket *currSocket, PK11Slot *slot, 
-		       PK11Session *session) {
-		       
-    int i;
-    CI_PERSON rootPAA;
-
-    PORT_Memcpy (rootPAA.CertLabel, TRUSTED_PAA, 1+PORT_Strlen (TRUSTED_PAA));
-    rootPAA.CertificateIndex = 0;
-
-    if (!fort11_LoadCertObjectForSearch(rootPAA, slot, session, 
-				 currSocket->personalityList)) {
-        return CKR_GENERAL_ERROR;
-    }
-
-    if (fort11_LoadRootPAAKey(slot, session) != CKR_OK) {
-        return CKR_GENERAL_ERROR;
-    }
-
-    for (i=0 ; i < currSocket->numPersonalities; i++) {
-        if (fort11_FortezzaIsACert (currSocket->personalityList[i].CertLabel)){
-	    if (!fort11_LoadCertObjectForSearch(currSocket->personalityList[i],
-						slot, session, 
-						currSocket->personalityList)){
-	        return CKR_GENERAL_ERROR;
-	}
-      }
-    }
-
-    return CKR_OK;
-}
-
-PK11Slot*