fixup commit for branch 'FIREFOX_0_9_1_BRANCH' FIREFOX_0_9_1_BRANCH
authorcvs2hg
Mon, 07 Jun 2004 17:23:40 +0000
branchFIREFOX_0_9_1_BRANCH
changeset 5226 b1a3060544bc1d40b7a3f33edb49c6d7e69fad91
parent 5026 4a8557f385db2656069d013804b9d9b8c7b9dcc7
child 13771 3e8333f010541aebb10cbe93dedfa44919f8561b
push idunknown
push userunknown
push dateunknown
fixup commit for branch 'FIREFOX_0_9_1_BRANCH'
security/coreconf/AIX.mk
security/coreconf/AIX3.2.mk
security/coreconf/AIX4.1.mk
security/coreconf/AIX4.2.mk
security/coreconf/AIX4.3.mk
security/coreconf/AIX5.1.mk
security/coreconf/AIX5.2.mk
security/coreconf/Linux.mk
security/coreconf/OS2.mk
security/coreconf/config.mk
security/coreconf/nsinstall/Makefile
security/coreconf/rules.mk
security/dbm/Makefile
security/dbm/config/config.mk
security/dbm/include/Makefile
security/dbm/include/manifest.mn
security/dbm/manifest.mn
security/dbm/src/Makefile
security/dbm/src/config.mk
security/dbm/src/dirent.c
security/dbm/src/dirent.h
security/dbm/src/manifest.mn
security/dbm/tests/Makefile
security/nss/cmd/certcgi/HOWTO.txt
security/nss/cmd/certutil/certutil.c
security/nss/cmd/crlutil/crlutil.c
security/nss/cmd/lib/secutil.c
security/nss/cmd/pk11util/Makefile
security/nss/cmd/pk11util/manifest.mn
security/nss/cmd/pk11util/pk11table.c
security/nss/cmd/pk11util/pk11util.c
security/nss/cmd/pk11util/pk11util.h
security/nss/cmd/symkeyutil/symkeyutil.c
security/nss/lib/certdb/alg1485.c
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/polcyxtn.c
security/nss/lib/cryptohi/seckey.c
security/nss/lib/fortcrypt/swfort/pkcs11/Makefile
security/nss/lib/freebl/sparcfix.c
security/nss/lib/nss/nss.h
security/nss/lib/pk11wrap/pk11cert.c
security/nss/lib/pk11wrap/pk11skey.c
security/nss/lib/pkcs7/certread.c
security/nss/lib/softoken/pk11db.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/pkcs11u.c
security/nss/lib/ssl/ssl3con.c
security/nss/lib/util/nsslocks.c
security/nss/lib/util/nssrwlk.c
security/nss/tests/ssl/ecssl.sh
security/nss/tests/ssl/ssl.sh
--- a/security/coreconf/AIX.mk
+++ b/security/coreconf/AIX.mk
@@ -60,21 +60,35 @@ DEFAULT_COMPILER = xlc_r
 CC		= xlc_r
 CCC		= xlC_r
 
 CPU_ARCH	= rs6000
 
 RANLIB		= ranlib
 
 OS_CFLAGS	= -DAIX -DSYSV
+OS_LIBS 	+= -blibpath:/usr/lib:/lib -lc -lm
+
+DSO_LDOPTS	= -brtl -bnortllib -bM:SRE -bnoentry
+MKSHLIB 	= $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm
 
 AIX_WRAP	= $(DIST)/lib/aixwrap.o
 AIX_TMP		= $(OBJDIR)/_aix_tmp.o
+
 ifdef MAPFILE
-EXPORT_RULES = -bexport:$(MAPFILE)
+DSO_LDOPTS	+= -bexport:$(MAPFILE)
+else
+DSO_LDOPTS	+= -bexpall
 endif
+
 PROCESS_MAP_FILE = grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \
                 sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' > $@
 
 ifdef BUILD_OPT
-        OPTIMIZER += -qmaxmem=-1
+	OPTIMIZER += -qmaxmem=-1
 endif
 
+ifeq ($(USE_64), 1)
+	OS_CFLAGS	+= -DAIX_64BIT
+	OBJECT_MODE=64
+	export OBJECT_MODE
+endif
+
deleted file mode 100644
--- a/security/coreconf/AIX3.2.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX3.2.5
-#
-include $(CORE_DEPTH)/coreconf/AIX.mk
deleted file mode 100644
--- a/security/coreconf/AIX4.1.mk
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX4.1
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-
-AIX_LINK_OPTS  += -bnso -berok
-#AIX_LINK_OPTS += -bnso -berok -brename:.select,.wrap_select -brename:.poll,.wrap_poll -bI:/usr/lib/syscalls.exp
-
-# The AIX4.1 linker had a bug which always looked for a dynamic library
-# with an extension of .a.  AIX4.2 fixed this problem
-DLL_SUFFIX = a
-
-OS_LIBS		+= -lsvld
-
-# override default value set in suffix.mk, for AIX 4.1 only
-DYNAMIC_LIB_EXTENSION = _shr
-
-# override default value in ruleset.mk
-ifdef LIBRARY_NAME
-    SHARED_LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)_shr$(JDK_DEBUG_SUFFIX).a
-endif
-
deleted file mode 100644
--- a/security/coreconf/AIX4.2.mk
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-#
-# Config stuff for AIX4.2
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-OS_CFLAGS	+= -DAIX4_2
-DSO_LDOPTS	= -brtl -bM:SRE -bnoentry
-MKSHLIB		= $(LD) $(DSO_LDOPTS) -L/usr/lpp/xlC/lib -lc -lm
-
-OS_LIBS		+= -L/usr/lpp/xlC/lib -lc -lm
-ifdef MAPFILE
-DSO_LDOPTS	+= -bexport:$(MAPFILE)
-else
-DSO_LDOPTS	+= -bexpall
-endif
-
-
deleted file mode 100644
--- a/security/coreconf/AIX4.3.mk
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX4.3
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-
-ifeq ($(USE_64), 1)
-# Next line replaced by generic name handling in arch.mk
-#	COMPILER_TAG    = _64
-	OS_CFLAGS	+= -DAIX_64BIT
-	OBJECT_MODE=64
-	export OBJECT_MODE
-endif
-OS_CFLAGS	+= -DAIX4_3
-DSO_LDOPTS	= -brtl -bM:SRE -bnoentry
-MKSHLIB		= $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm
-
-OS_LIBS		+= -blibpath:/usr/lib:/lib -lc -lm
-ifdef MAPFILE
-DSO_LDOPTS      += -bexport:$(MAPFILE)
-else
-DSO_LDOPTS      += -bexpall
-endif
deleted file mode 100644
--- a/security/coreconf/AIX5.1.mk
+++ /dev/null
@@ -1,54 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX5.1
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-
-ifeq ($(USE_64), 1)
-# Next line replaced by generic name handling in arch.mk
-#	COMPILER_TAG    = _64
-	OS_CFLAGS	+= -DAIX_64BIT
-	OBJECT_MODE=64
-	export OBJECT_MODE
-endif
-DSO_LDOPTS	= -brtl -bM:SRE -bnoentry
-MKSHLIB		= $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm
-
-OS_LIBS		+= -blibpath:/usr/lib:/lib -lc -lm
-ifdef MAPFILE
-DSO_LDOPTS      += -bexport:$(MAPFILE)
-else
-DSO_LDOPTS      += -bexpall
-endif
deleted file mode 100644
--- a/security/coreconf/AIX5.2.mk
+++ /dev/null
@@ -1,54 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX5.2
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-
-ifeq ($(USE_64), 1)
-# Next line replaced by generic name handling in arch.mk
-#	COMPILER_TAG    = _64
-	OS_CFLAGS	+= -DAIX_64BIT
-	OBJECT_MODE=64
-	export OBJECT_MODE
-endif
-DSO_LDOPTS	= -brtl -bM:SRE -bnoentry
-MKSHLIB		= $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm
-
-OS_LIBS		+= -blibpath:/usr/lib:/lib -lc -lm
-ifdef MAPFILE
-DSO_LDOPTS      += -bexport:$(MAPFILE)
-else
-DSO_LDOPTS      += -bexpall
-endif
--- a/security/coreconf/Linux.mk
+++ b/security/coreconf/Linux.mk
@@ -61,16 +61,20 @@ else
 ifeq ($(OS_TEST),alpha)
         OS_REL_CFLAGS   = -D_ALPHA_ -DLINUX1_2 -D_XOPEN_SOURCE
 	CPU_ARCH	= alpha
 else
 ifeq ($(OS_TEST),ia64)
 	OS_REL_CFLAGS	= -DLINUX1_2 -D_XOPEN_SOURCE
 	CPU_ARCH	= ia64
 else
+ifeq ($(OS_TEST),x86_64)
+	OS_REL_CFLAGS	= -DLINUX1_2 -D_XOPEN_SOURCE
+	CPU_ARCH	= x86_64
+else
 ifeq ($(OS_TEST),sparc)
 	OS_REL_CFLAGS   = -DLINUX1_2 -D_XOPEN_SOURCE
 	CPU_ARCH        = sparc
 else
 ifeq ($(OS_TEST),sparc64)
 	OS_REL_CFLAGS   = -DLINUX1_2 -D_XOPEN_SOURCE
 	CPU_ARCH        = sparc
 else
@@ -107,16 +111,17 @@ endif
 endif
 endif
 endif
 endif
 endif
 endif
 endif
 endif
+endif
 
 
 LIBC_TAG		= _glibc
 
 ifeq ($(OS_RELEASE),2.0)
 	OS_REL_CFLAGS	+= -DLINUX2_0
 	MKSHLIB		= $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
 	ifdef BUILD_OPT
--- a/security/coreconf/OS2.mk
+++ b/security/coreconf/OS2.mk
@@ -49,17 +49,18 @@ endif
 # XP_OS2 is strictly for OS2 only
 XP_DEFINE  += -DXP_PC=1  -DXP_OS2=1
 
 # Override prefix
 LIB_PREFIX  = $(NULL)
 
 # Override suffix in suffix.mk
 LIB_SUFFIX  = lib
-DLL_SUFFIX  = dll
+# the DLL_SUFFIX must be uppercase for FIPS mode to work. bugzilla 240784
+DLL_SUFFIX  = DLL
 PROG_SUFFIX = .exe
 
 
 ifdef XP_OS2_EMX
 
 CCC			= gcc
 LINK			= gcc
 AR                      = emxomfar r $@
--- a/security/coreconf/config.mk
+++ b/security/coreconf/config.mk
@@ -54,17 +54,17 @@ endif
 #       (dependent upon <architecture> tags)                          #
 #                                                                     #
 #       We are moving towards just having a $(OS_TARGET).mk file      #
 #       as opposed to multiple $(OS_TARGET)$(OS_RELEASE).mk files,    #
 #       one for each OS release.                                      #
 #######################################################################
 
 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
-              OpenVMS
+              OpenVMS AIX
 
 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
 else
 include $(CORE_DEPTH)/coreconf/$(OS_TARGET)$(OS_RELEASE).mk
 endif
 
 #######################################################################
--- a/security/coreconf/nsinstall/Makefile
+++ b/security/coreconf/nsinstall/Makefile
@@ -47,16 +47,17 @@ INTERNAL_TOOLS  = 1
 
 
 include $(DEPTH)/coreconf/config.mk
 
 ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET)))
 PROGRAM		=
 else
 TARGETS		= $(PROGRAM) $(PLSRCS:.pl=)
+INSTALL		= true
 endif
 
 ifdef NATIVE_CC
 CC=$(NATIVE_CC)
 endif
 
 ifdef NATIVE_FLAGS
 OS_CFLAGS=$(NATIVE_FLAGS)
--- a/security/coreconf/rules.mk
+++ b/security/coreconf/rules.mk
@@ -296,17 +296,17 @@ endif
 endif
 
 get_objs:
 	@echo $(OBJS)
 
 $(LIBRARY): $(OBJS)
 	@$(MAKE_OBJDIR)
 	rm -f $@
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
 	$(AR) $(subst /,\\,$(OBJS))
 else
 	$(AR) $(OBJS)
 endif
 	$(RANLIB) $@
 
 
 ifeq ($(OS_TARGET),OS2)
deleted file mode 100644
--- a/security/dbm/Makefile
+++ /dev/null
@@ -1,80 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-coreconf_hack:
-	cd ../coreconf; gmake
-	gmake import
-
-RelEng_bld: coreconf_hack
-	gmake
deleted file mode 100644
--- a/security/dbm/config/config.mk
+++ /dev/null
@@ -1,67 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# These macros are defined by mozilla's configure script.
-# We define them manually here.
-#
-
-DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR
-
-#
-# Most platforms have snprintf, so it's simpler to list the exceptions.
-#
-HAVE_SNPRINTF = 1
-#
-# OSF1 V4.0D doesn't have snprintf but V5.0A does.
-#
-ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D)
-HAVE_SNPRINTF =
-endif
-ifdef HAVE_SNPRINTF
-DEFINES += -DHAVE_SNPRINTF
-endif
-
-ifeq (,$(filter-out IRIX Linux,$(OS_TARGET)))
-DEFINES += -DHAVE_SYS_CDEFS_H
-endif
-
-ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET)))
-DEFINES += -DHAVE_SYS_BYTEORDER_H
-endif
-
-#
-# None of the platforms that we are interested in need to
-# define HAVE_MEMORY_H.
-#
deleted file mode 100644
--- a/security/dbm/include/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-
deleted file mode 100644
--- a/security/dbm/include/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH  = $(CORE_DEPTH)/../dbm/include
-
-MODULE = dbm
-
-EXPORTS =	nsres.h   \
-		cdefs.h   \
-		mcom_db.h \
-		ncompat.h \
-		winfile.h \
-		$(NULL)
-
-PRIVATE_EXPORTS =	hsearch.h \
-			page.h    \
-			extern.h  \
-			ndbm.h    \
-			queue.h   \
-			hash.h    \
-			mpool.h   \
-			search.h  \
-			$(NULL)
-
deleted file mode 100644
--- a/security/dbm/manifest.mn
+++ /dev/null
@@ -1,45 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ..
-
-MODULE = dbm
-
-IMPORTS = nspr20/v4.1.2
-
-RELEASE = dbm
-
-DIRS =  include \
-        src     \
-	$(NULL)
deleted file mode 100644
--- a/security/dbm/src/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-include $(CORE_DEPTH)/dbm/config/config.mk
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-
deleted file mode 100644
--- a/security/dbm/src/config.mk
+++ /dev/null
@@ -1,63 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG)
-
-INCLUDES += -I$(CORE_DEPTH)/../dbm/include
-
-#
-#  Currently, override TARGETS variable so that only static libraries
-#  are specifed as dependencies within rules.mk.
-#
-
-TARGETS        = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY   =
-PROGRAM        =
-
-ifdef SHARED_LIBRARY
-	ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16
-		DLLBASE=/BASE:0x30000000
-		RES=$(OBJDIR)/dbm.res
-		RESNAME=../include/dbm.rc
-	endif
-	ifeq ($(DLL_SUFFIX),dll)
-		DEFINES += -D_DLL
-	endif
-endif
-
-ifeq ($(OS_TARGET),AIX)
-	OS_LIBS += -lc_r
-endif
deleted file mode 100644
--- a/security/dbm/src/dirent.c
+++ /dev/null
@@ -1,348 +0,0 @@
-#ifdef OS2
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-#include <dirent.h>
-#include <errno.h>
-
-/*#ifndef __EMX__ 
-#include <libx.h>
-#endif */
-
-#define INCL_DOSFILEMGR
-#define INCL_DOSERRORS
-#include <os2.h>
-
-#if OS2 >= 2
-# define FFBUF	FILEFINDBUF3
-# define Word	ULONG
-  /*
-   * LS20 recommends a request count of 100, but according to the
-   * APAR text it does not lead to missing files, just to funny
-   * numbers of returned entries.
-   *
-   * LS30 HPFS386 requires a count greater than 2, or some files
-   * are missing (those starting with a character less that '.').
-   *
-   * Novell looses entries which overflow the buffer. In previous
-   * versions of dirent2, this could have lead to missing files
-   * when the average length of 100 directory entries was 40 bytes
-   * or more (quite unlikely for files on a Novell server).
-   *
-   * Conclusion: Make sure that the entries all fit into the buffer
-   * and that the buffer is large enough for more than 2 entries
-   * (each entry is at most 300 bytes long). And ignore the LS20
-   * effect.
-   */
-# define Count	25
-# define BufSz	(25 * (sizeof(FILEFINDBUF3)+1))
-#else
-# define FFBUF	FILEFINDBUF
-# define Word	USHORT
-# define BufSz	1024
-# define Count	3
-#endif
-
-#if defined(__IBMC__) || defined(__IBMCPP__)
-  #define error(rc) _doserrno = rc, errno = EOS2ERR
-#elif defined(MICROSOFT)
-  #define error(rc) _doserrno = rc, errno = 255
-#else
-  #define error(rc) errno = 255
-#endif
-
-struct _dirdescr {
-	HDIR		handle;		/* DosFindFirst handle */
-	char		fstype;		/* filesystem type */
-	Word		count;		/* valid entries in <ffbuf> */
-	long		number;		/* absolute number of next entry */
-	int		index;		/* relative number of next entry */
-	FFBUF *		next;		/* pointer to next entry */
-	char		name[MAXPATHLEN+3]; /* directory name */
-	unsigned	attrmask;	/* attribute mask for seekdir */
-	struct dirent	entry;		/* buffer for directory entry */
-	BYTE		ffbuf[BufSz];
-};
-
-/*
- * Return first char of filesystem type, or 0 if unknown.
- */
-static char
-getFSType(const char *path)
-{
-	static char cache[1+26];
-	char drive[3], info[512];
-	Word unit, infolen;
-	char r;
-
-	if (isalpha(path[0]) && path[1] == ':') {
-		unit = toupper(path[0]) - '@';
-		path += 2;
-	} else {
-		ULONG driveMap;
-#if OS2 >= 2
-		if (DosQueryCurrentDisk(&unit, &driveMap))
-#else
-		if (DosQCurDisk(&unit, &driveMap))
-#endif
-			return 0;
-	}
-
-	if ((path[0] == '\\' || path[0] == '/')
-	 && (path[1] == '\\' || path[1] == '/'))
-		return 0;
-
-	if (cache [unit])
-		return cache [unit];
-
-	drive[0] = '@' + unit;
-	drive[1] = ':';
-	drive[2] = '\0';
-	infolen = sizeof info;
-#if OS2 >= 2
-	if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen))
-		return 0;
-	if (infolen >= sizeof(FSQBUFFER2)) {
-		FSQBUFFER2 *p = (FSQBUFFER2 *)info;
-		r = p->szFSDName[p->cbName];
-	} else
-#else
-	if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0))
-		return 0;
-	if (infolen >= 9) {
-		char *p = info + sizeof(USHORT);
-		p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT);
-		r = *p;
-	} else
-#endif
-		r = 0;
-	return cache [unit] = r;
-}
-
-char *
-abs_path(const char *name, char *buffer, int len)
-{
-	char buf[4];
-	if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') {
-		buf[0] = name[0];
-		buf[1] = name[1];
-		buf[2] = '.';
-		buf[3] = '\0';
-		name = buf;
-	}
-#if OS2 >= 2
-	if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len))
-#else
-	if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L))
-#endif
-		return NULL;
-	return buffer;
-}
-
-DIR *
-openxdir(const char *path, unsigned att_mask)
-{
-	DIR *dir;
-	char name[MAXPATHLEN+3];
-	Word rc;
-
-	dir = malloc(sizeof(DIR));
-	if (dir == NULL) {
-		errno = ENOMEM;
-		return NULL;
-	}
-
-	strncpy(name, path, MAXPATHLEN);
-	name[MAXPATHLEN] = '\0';
-	switch (name[strlen(name)-1]) {
-	default:
-		strcat(name, "\\");
-	case '\\':
-	case '/':
-	case ':':
-		;
-	}
-	strcat(name, ".");
-	if (!abs_path(name, dir->name, MAXPATHLEN+1))
-		strcpy(dir->name, name);
-	if (dir->name[strlen(dir->name)-1] == '\\')
-		strcat(dir->name, "*");
-	else
-		strcat(dir->name, "\\*");
-
-	dir->fstype = getFSType(dir->name);
-	dir->attrmask = att_mask | A_DIR;
-
-	dir->handle = HDIR_CREATE;
-	dir->count = 100;
-#if OS2 >= 2
-	rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask,
-		dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
-#else
-	rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask,
-		(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
-#endif
-	switch (rc) {
-	default:
-		free(dir);
-		error(rc);
-		return NULL;
-	case NO_ERROR:
-	case ERROR_NO_MORE_FILES:
-		;
-	}
-
-	dir->number = 0;
-	dir->index = 0;
-	dir->next = (FFBUF *)dir->ffbuf;
-
-	return (DIR *)dir;
-}
-
-DIR *
-opendir(const char *pathname)
-{
-	return openxdir(pathname, 0);
-}
-
-struct dirent *
-readdir(DIR *dir)
-{
-	static int dummy_ino = 2;
-
-	if (dir->index == dir->count) {
-		Word rc;
-		dir->count = 100;
-#if OS2 >= 2
-		rc = DosFindNext(dir->handle, dir->ffbuf,
-			sizeof dir->ffbuf, &dir->count);
-#else
-		rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf,
-			sizeof dir->ffbuf, &dir->count);
-#endif
-		if (rc) {
-			error(rc);
-			return NULL;
-		}
-
-		dir->index = 0;
-		dir->next = (FFBUF *)dir->ffbuf;
-	}
-
-	if (dir->index == dir->count)
-		return NULL;
-
-	memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName);
-	dir->entry.d_name[dir->next->cchName] = '\0';
-	dir->entry.d_ino = dummy_ino++;
-	dir->entry.d_reclen = dir->next->cchName;
-	dir->entry.d_namlen = dir->next->cchName;
-	dir->entry.d_size = dir->next->cbFile;
-	dir->entry.d_attribute = dir->next->attrFile;
-	dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite;
-	dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite;
-
-	switch (dir->fstype) {
-	case 'F': /* FAT */
-	case 'C': /* CDFS */
-		if (dir->next->attrFile & FILE_DIRECTORY)
-			strupr(dir->entry.d_name);
-		else
-			strlwr(dir->entry.d_name);
-	}
-
-#if OS2 >= 2
-	dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset);
-#else
-	dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1);
-#endif
-	++dir->number;
-	++dir->index;
-
-	return &dir->entry;
-}
-
-long
-telldir(DIR *dir)
-{
-	return dir->number;
-}
-
-void
-seekdir(DIR *dir, long off)
-{
-	if (dir->number > off) {
-		char name[MAXPATHLEN+2];
-		Word rc;
-
-		DosFindClose(dir->handle);
-
-		strcpy(name, dir->name);
-		strcat(name, "*");
-
-		dir->handle = HDIR_CREATE;
-		dir->count = 32767;
-#if OS2 >= 2
-		rc = DosFindFirst(name, &dir->handle, dir->attrmask,
-			dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
-#else
-		rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask,
-			(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
-#endif
-		switch (rc) {
-		default:
-			error(rc);
-			return;
-		case NO_ERROR:
-		case ERROR_NO_MORE_FILES:
-			;
-		}
-
-		dir->number = 0;
-		dir->index = 0;
-		dir->next = (FFBUF *)dir->ffbuf;
-	}
-
-	while (dir->number < off && readdir(dir))
-		;
-}
-
-void
-closedir(DIR *dir)
-{
-	DosFindClose(dir->handle);
-	free(dir);
-}
-
-/*****************************************************************************/
-
-#ifdef TEST
-
-main(int argc, char **argv)
-{
-	int i;
-	DIR *dir;
-	struct dirent *ep;
-
-	for (i = 1; i < argc; ++i) {
-		dir = opendir(argv[i]);
-		if (!dir)
-			continue;
-		while (ep = readdir(dir))
-			if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1]))
-				printf("%s%s\n", argv[i], ep->d_name);
-			else
-				printf("%s/%s\n", argv[i], ep->d_name);
-		closedir(dir);
-	}
-
-	return 0;
-}
-
-#endif
-
-#endif /* OS2 */
-
deleted file mode 100644
--- a/security/dbm/src/dirent.h
+++ /dev/null
@@ -1,97 +0,0 @@
-#ifndef __DIRENT_H__
-#define __DIRENT_H__
-/*
- * @(#)msd_dir.h 1.4 87/11/06   Public Domain.
- *
- *  A public domain implementation of BSD directory routines for
- *  MS-DOS.  Written by Michael Rendell ({uunet,utai}michael@garfield),
- *  August 1897
- *
- *  Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks
- *  and returns 2 more pieces of information - file size & attribute.
- *  Plus a little reshuffling of some #define's positions    December 1987
- *
- *  Some modifications by Martin Junius                      02-14-89
- *
- *	AK900712
- *	AK910410	abs_path - make absolute path
- *
- */
-
-#ifdef __EMX__
-#include <sys/param.h>
-#else
-#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC)
-#include <stdio.h>
-#ifdef MAXPATHLEN
-	#undef MAXPATHLEN
-#endif
-#define MAXPATHLEN (FILENAME_MAX*4)
-#define MAXNAMLEN FILENAME_MAX
-
-#else
-#include <param.h>
-#endif
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* attribute stuff */
-#ifndef A_RONLY
-# define A_RONLY   0x01
-# define A_HIDDEN  0x02
-# define A_SYSTEM  0x04
-# define A_LABEL   0x08
-# define A_DIR     0x10
-# define A_ARCHIVE 0x20
-#endif
-
-struct dirent {
-#if defined(OS2) || defined(WIN32)        /* use the layout of EMX to avoid trouble */
-    int            d_ino;                 /* Dummy */
-    int            d_reclen;		  /* Dummy, same as d_namlen */
-    int            d_namlen;              /* length of name */
-    char           d_name[MAXNAMLEN + 1];
-    unsigned long  d_size;
-    unsigned short d_attribute;           /* attributes (see above) */
-    unsigned short d_time;                /* modification time */
-    unsigned short d_date;                /* modification date */
-#else
-    char	   d_name[MAXNAMLEN + 1]; /* garentee null termination */
-    char	   d_attribute;		  /* .. extension .. */
-    unsigned long  d_size;		  /* .. extension .. */
-#endif
-};
-
-typedef struct _dirdescr DIR;
-/* the structs do not have to be defined here */
-
-extern DIR		*opendir(const char *);
-extern DIR		*openxdir(const char *, unsigned);
-extern struct dirent	*readdir(DIR *);
-extern void		seekdir(DIR *, long);
-extern long		telldir(DIR *);
-extern void 		closedir(DIR *);
-#define			rewinddir(dirp) seekdir(dirp, 0L)
-
-extern char *		abs_path(const char *name, char *buffer, int len);
-
-#ifndef S_IFMT
-#define S_IFMT ( S_IFDIR | S_IFREG )
-#endif
-
-#ifndef S_ISDIR
-#define S_ISDIR( m )                    (((m) & S_IFMT) == S_IFDIR)
-#endif
-
-#ifndef S_ISREG
-#define S_ISREG( m )                    (((m) & S_IFMT) == S_IFREG)
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
deleted file mode 100644
--- a/security/dbm/src/manifest.mn
+++ /dev/null
@@ -1,61 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH  = $(CORE_DEPTH)/../dbm/src
-
-MODULE = dbm
-
-#
-# memmove.c, snprintf.c, and strerror.c are not in CSRCS because
-# the Standard C Library has memmove and strerror and DBM is not
-# using snprintf.
-#
-
-CSRCS = db.c	   \
-	h_bigkey.c \
-	h_func.c   \
-	h_log2.c   \
-	h_page.c   \
-	hash.c	   \
-	hash_buf.c \
-	hsearch.c  \
-	mktemp.c   \
-	ndbm.c	   \
-	nsres.c	   \
-	dirent.c	   \
-	$(NULL)
-
-LIBRARY_NAME = dbm
deleted file mode 100644
--- a/security/dbm/tests/Makefile
+++ /dev/null
@@ -1,69 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-DEPTH		= ../..
-CORE_DEPTH	= ../..
-
-VPATH		= $(CORE_DEPTH)/../dbm/tests
-
-MODULE		= dbm
-
-CSRCS		= lots.c
-
-PROGRAM		= lots
-
-include $(DEPTH)/coreconf/config.mk
-
-include $(DEPTH)/dbm/config/config.mk
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET))) 
-LIBDBM		= ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX)
-else
-LIBDBM		= ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX)
-endif
-
-INCLUDES	+= -I$(CORE_DEPTH)/../dbm/include
-
-LDFLAGS		= $(LDOPTS) $(LIBDBM)
-
-include $(DEPTH)/coreconf/rules.mk
-
-lots.pure: lots
-	purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS)
-
-crash: crash.o $(MYLIBS)
-	$(CC) -o crash $(CFLAGS) $^
-
-crash.pure: crash.o $(MYLIBS)
-	purify $(CC) -o crash.pure $(CFLAGS) $^
-
--- a/security/nss/cmd/certcgi/HOWTO.txt
+++ b/security/nss/cmd/certcgi/HOWTO.txt
@@ -73,38 +73,38 @@ Instructions:
 - Create directory $DOCROOT/certomatic
 - Copy the following files from nss/cmd/certcgi to $DOCROOT/certomatic
         ca.html index.html main.html nscp_ext_form.html stnd_ext_form.html
 - Edit the html files, substituting the name of your own server for the
   server named in those files.
 - In some web page (e.g. your server's home page), provide an html link to
   $DOCROOT/certomatic/index.html. This is where users start to get their
   own certs from certomatic.
-- give these files and directories appropriate permissions.
+- Give these files and directories appropriate permissions.
 
 - Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin
   make sure that $CGIBIN/certomatic is writable by "nobody"
 
 - Create a new set of NSS db files there with the following command:
 
         certutil -N -d $CGIBIN/certomatic
 
-- when certutil prompts you for the password, enter the word foo
+- When certutil prompts you for the password, enter the word foo
   because that is compiled into the certcgi program.
 
 - Create the new Root CA cert with this command
 
         certutil -S -x -d $CGIBIN/certomatic -n "Cert-O-Matic II" \
         -s "CN=Cert-O-Matic II, O=Cert-O-Matic II" -t TCu,cu,cu -k rsa \
         -g 1024 -m 10001 -v 60
 
   (adjust the -g, -m and -v parameters to taste.  -s and -x must be as
 shown.)
 
-- dump out the new root CA cert in base64 encoding:
+- Dump out the new root CA cert in base64 encoding:
 
         certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \
           $CGIBIN/certomatic/root.cacert
 
 - In $CGIBIN/certomatic/bin add two shell scripts - one to download the
   root CA cert on demand, and one to run the certcgi program.
 
 download.cgi, the script to install the root CA cert into a browser on
@@ -151,17 +151,17 @@ number file) are not required to live in
 required to live in $CWD/.. when certcgi starts.
 
 Known bugs:
 
 1. Because multiple of these CAs exist simultaneously, it would be best if 
 they didn't all have to be called "Cert-O-Matic II", but that string is 
 presently hard coded into certcgi.c.
 
-2. the html files in this directory contain numerous extraneous <FORM> tags
+2. The html files in this directory contain numerous extraneous <FORM> tags
 which appear to use the post method and have action URLS that are never
 actually used.  burp.cgi and echoform.cgi are never actually used.  This
 should be cleaned up.
 
 3. The html files use <layer> tags which are supported only in Netscape 
 Navigator and Netscape Communication 4.x browsers.  The html files do 
 not work as intended with Netscape 6.x, Mozilla or Microsoft IE browsers.
 The html files should be fixed to work with all those named browsers.
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -2947,16 +2947,17 @@ secuCommandFlag certutil_options[] =
 	if (!inFile) {
 	    PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n",
                        certfile, PR_GetError(), PR_GetOSError());
 	    rv = SECFailure;
 	    goto shutdown;
 	}
     }
 
+    /* -A -E or -S    Add the cert to the DB */
     if (certutil.commands[cmd_CreateAndAddCert].activated ||
          certutil.commands[cmd_AddCert].activated ||
 	 certutil.commands[cmd_AddEmailCert].activated) {
 	rv = AddCert(slot, certHandle, name, 
 	             certutil.options[opt_Trust].arg,
 	             inFile, 
 	             certutil.options[opt_ASCIIForIO].activated,
 	             certutil.commands[cmd_AddEmailCert].activated,&pwdata);
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -139,16 +139,17 @@ static void ListCRLNames (CERTCertDBHand
 	    }
             if ( PR_TRUE == deletecrls) {
                 CERTSignedCrl* acrl = NULL;
                 SECItem* issuer = &crlNode->crl->crl.derName;
                 acrl = SEC_FindCrlByName(certHandle, issuer, crlType);
                 if (acrl)
                 {
                     SEC_DeletePermCRL(acrl);
+                    SEC_DestroyCrl(acrl);
                 }
             }
             crlNode = crlNode->next;
 	} 
 	
     } while (0);
     if (crlList)
 	PORT_FreeArena (crlList->arena, PR_FALSE);
@@ -172,16 +173,17 @@ static SECStatus DeleteCRL (CERTCertDBHa
 
     crl = FindCRL (certHandle, name, type);
     if (!crl) {
 	SECU_PrintError
 		(progName, "could not find the issuer %s's CRL", name);
 	return SECFailure;
     }
     rv = SEC_DeletePermCRL (crl);
+    SEC_DestroyCrl(crl);
     if (rv != SECSuccess) {
 	SECU_PrintError
 		(progName, "fail to delete the issuer %s's CRL from the perm database (reason: %s)",
 		 name, SECU_Strerror(PORT_GetError()));
 	return SECFailure;
     }
     return (rv);
 }
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -627,33 +627,38 @@ loser:
     PORT_Free(buf);
     return SECFailure;
 }
 
 SECStatus
 SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
 {
     SECStatus rv;
-    char *asc, *body, *trailer;
     if (ascii) {
 	/* First convert ascii to binary */
 	SECItem filedata;
+	char *asc, *body;
 
 	/* Read in ascii data */
 	rv = SECU_FileToItem(&filedata, inFile);
 	asc = (char *)filedata.data;
 	if (!asc) {
 	    fprintf(stderr, "unable to read data from input file\n");
 	    return SECFailure;
 	}
 
 	/* check for headers and trailers and remove them */
 	if ((body = strstr(asc, "-----BEGIN")) != NULL) {
-	    body = PORT_Strchr(body, '\n') + 1;
-	    trailer = strstr(body, "-----END");
+	    char *trailer = NULL;
+	    asc = body;
+	    body = PORT_Strchr(body, '\n');
+	    if (!body)
+		body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
+	    if (body)
+		trailer = strstr(++body, "-----END");
 	    if (trailer != NULL) {
 		*trailer = '\0';
 	    } else {
 		fprintf(stderr, "input has header but no trailer\n");
 		PORT_Free(filedata.data);
 		return SECFailure;
 	    }
 	} else {
@@ -1500,17 +1505,17 @@ secu_PrintPolicyQualifier(FILE *out,CERT
 static SECStatus
 secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level)
 {
    CERTPolicyQualifier **policyQualifiers;
 
    policyQualifiers = policyInfo->policyQualifiers;
    SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level);
    
-   while (*policyQualifiers != NULL) {
+   while (policyQualifiers != NULL && *policyQualifiers != NULL) {
 	secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1);
 	policyQualifiers++;
    }
    return SECSuccess;
 
 }
 
 static SECStatus
deleted file mode 100644
--- a/security/nss/cmd/pk11util/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-# 
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-include ../platrules.mk
- 
deleted file mode 100644
--- a/security/nss/cmd/pk11util/manifest.mn
+++ /dev/null
@@ -1,51 +0,0 @@
-# 
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20
-
-# MODULE public and private header  directories are implicitly REQUIRED.
-MODULE = nss 
-
-CSRCS = pk11util.c pk11table.c
-#CSRCS = symkeytest.c 
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd
-
-PROGRAM = pk11util
-#PROGRAM = symkeytest
-
-#USE_STATIC_LIBS = 1
deleted file mode 100644
--- a/security/nss/cmd/pk11util/pk11table.c
+++ /dev/null
@@ -1,818 +0,0 @@
-#include <pkcs11.h>
-#include "pk11util.h"
-
-const char *_valueString[] = {
-    "None",
-    "Variable",
-    "CK_ULONG",
-    "Data",
-    "UTF8",
-    "CK_INFO",
-    "CK_SLOT_INFO",
-    "CK_TOKEN_INFO",
-    "CK_SESSION_INFO",
-    "CK_ATTRIBUTE",
-    "CK_MECHANISM",
-    "CK_MECHANISM_INFO",
-    "CK_C_INITIALIZE_ARGS",
-    "CK_FUNCTION_LIST"
-};
-
-const char **valueString = &_valueString[0];
-const int valueCount = sizeof(_valueString)/sizeof(_valueString[0]);
-
-const char *_constTypeString[] = {
-    "None",
-    "Bool",
-    "InfoFlags",
-    "SlotFlags",
-    "TokenFlags",
-    "SessionFlags",
-    "MechanismFlags",
-    "InitializeFlags",
-    "Users",
-    "SessionState",
-    "Object",
-    "Hardware",
-    "KeyType",
-    "CertificateType",
-    "Attribute",
-    "Mechanism",
-    "Result",
-    "Trust"
-};
-
-const char **constTypeString = &_constTypeString[0];
-const int constTypeCount = sizeof(_constTypeString)/sizeof(_constTypeString[0]);
-
-#define mkEntry(x,t) { #x, x, Const##t, ConstNone }
-#define mkEntry2(x,t,t2) { #x, x, Const##t, Const##t2 }
-
-const Constant _consts[] = {
-	mkEntry(CK_FALSE, Bool),
-	mkEntry(CK_TRUE, Bool),
-
-	mkEntry(CKF_TOKEN_PRESENT, SlotFlags),
-	mkEntry(CKF_REMOVABLE_DEVICE, SlotFlags),
-	mkEntry(CKF_HW_SLOT, SlotFlags),
-
-	mkEntry(CKF_RNG, TokenFlags),
-	mkEntry(CKF_WRITE_PROTECTED, TokenFlags),
-	mkEntry(CKF_LOGIN_REQUIRED, TokenFlags),
-	mkEntry(CKF_USER_PIN_INITIALIZED, TokenFlags),
-	mkEntry(CKF_RESTORE_KEY_NOT_NEEDED, TokenFlags),
-	mkEntry(CKF_CLOCK_ON_TOKEN, TokenFlags),
-	mkEntry(CKF_PROTECTED_AUTHENTICATION_PATH, TokenFlags),
-	mkEntry(CKF_DUAL_CRYPTO_OPERATIONS, TokenFlags),
-	mkEntry(CKF_TOKEN_INITIALIZED, TokenFlags),
-	mkEntry(CKF_SECONDARY_AUTHENTICATION, TokenFlags),
-	mkEntry(CKF_USER_PIN_COUNT_LOW, TokenFlags),
-	mkEntry(CKF_USER_PIN_FINAL_TRY, TokenFlags),
-	mkEntry(CKF_USER_PIN_LOCKED, TokenFlags),
-	mkEntry(CKF_USER_PIN_TO_BE_CHANGED, TokenFlags),
-	mkEntry(CKF_SO_PIN_COUNT_LOW, TokenFlags),
-	mkEntry(CKF_SO_PIN_FINAL_TRY, TokenFlags),
-	mkEntry(CKF_SO_PIN_LOCKED, TokenFlags),
-	mkEntry(CKF_SO_PIN_TO_BE_CHANGED, TokenFlags),
-
-	mkEntry(CKF_RW_SESSION, SessionFlags),
-	mkEntry(CKF_SERIAL_SESSION, SessionFlags),
-
-	mkEntry(CKF_HW, MechanismFlags),
-	mkEntry(CKF_ENCRYPT, MechanismFlags),
-	mkEntry(CKF_DECRYPT, MechanismFlags),
-	mkEntry(CKF_DIGEST, MechanismFlags),
-	mkEntry(CKF_SIGN, MechanismFlags),
-	mkEntry(CKF_SIGN_RECOVER, MechanismFlags),
-	mkEntry(CKF_VERIFY, MechanismFlags),
-	mkEntry(CKF_VERIFY_RECOVER, MechanismFlags),
-	mkEntry(CKF_GENERATE, MechanismFlags),
-	mkEntry(CKF_GENERATE_KEY_PAIR, MechanismFlags),
-	mkEntry(CKF_WRAP, MechanismFlags),
-	mkEntry(CKF_UNWRAP, MechanismFlags),
-	mkEntry(CKF_DERIVE, MechanismFlags),
-	mkEntry(CKF_EC_FP, MechanismFlags),
-	mkEntry(CKF_EC_F_2M, MechanismFlags),
-	mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags),
-	mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags),
-	mkEntry(CKF_EC_UNCOMPRESS, MechanismFlags),
-	mkEntry(CKF_EC_COMPRESS, MechanismFlags),
-
-	mkEntry(CKF_LIBRARY_CANT_CREATE_OS_THREADS, InitializeFlags),
-	mkEntry(CKF_OS_LOCKING_OK, InitializeFlags),
-
-	mkEntry(CKU_SO, Users),
-	mkEntry(CKU_USER, Users),
-
-	mkEntry(CKS_RO_PUBLIC_SESSION, SessionState),
-	mkEntry(CKS_RO_USER_FUNCTIONS, SessionState),
-	mkEntry(CKS_RW_PUBLIC_SESSION, SessionState),
-	mkEntry(CKS_RW_USER_FUNCTIONS, SessionState),
-	mkEntry(CKS_RW_SO_FUNCTIONS, SessionState),
-
-	mkEntry(CKO_DATA, Object),
-	mkEntry(CKO_CERTIFICATE, Object),
-	mkEntry(CKO_PUBLIC_KEY, Object),
-	mkEntry(CKO_PRIVATE_KEY, Object),
-	mkEntry(CKO_SECRET_KEY, Object),
-	mkEntry(CKO_HW_FEATURE, Object),
-	mkEntry(CKO_DOMAIN_PARAMETERS, Object),
-	mkEntry(CKO_KG_PARAMETERS, Object),
-	mkEntry(CKO_NETSCAPE_CRL, Object),
-	mkEntry(CKO_NETSCAPE_SMIME, Object),
-	mkEntry(CKO_NETSCAPE_TRUST, Object),
-	mkEntry(CKO_NETSCAPE_BUILTIN_ROOT_LIST, Object),
-
-	mkEntry(CKH_MONOTONIC_COUNTER, Hardware),
-	mkEntry(CKH_CLOCK, Hardware),
-
-	mkEntry(CKK_RSA, KeyType),
-	mkEntry(CKK_DSA, KeyType),
-	mkEntry(CKK_DH, KeyType),
-	mkEntry(CKK_ECDSA, KeyType),
-	mkEntry(CKK_EC, KeyType),
-	mkEntry(CKK_X9_42_DH, KeyType),
-	mkEntry(CKK_KEA, KeyType),
-	mkEntry(CKK_GENERIC_SECRET, KeyType),
-	mkEntry(CKK_RC2, KeyType),
-	mkEntry(CKK_RC4, KeyType),
-	mkEntry(CKK_DES, KeyType),
-	mkEntry(CKK_DES2, KeyType),
-	mkEntry(CKK_DES3, KeyType),
-	mkEntry(CKK_CAST, KeyType),
-	mkEntry(CKK_CAST3, KeyType),
-	mkEntry(CKK_CAST5, KeyType),
-	mkEntry(CKK_CAST128, KeyType),
-	mkEntry(CKK_RC5, KeyType),
-	mkEntry(CKK_IDEA, KeyType),
-	mkEntry(CKK_SKIPJACK, KeyType),
-	mkEntry(CKK_BATON, KeyType),
-	mkEntry(CKK_JUNIPER, KeyType),
-	mkEntry(CKK_CDMF, KeyType),
-	mkEntry(CKK_AES, KeyType),
-	mkEntry(CKK_NETSCAPE_PKCS8, KeyType),
-
-	mkEntry(CKC_X_509, CertType),
-	mkEntry(CKC_X_509_ATTR_CERT, CertType),
-
-	mkEntry2(CKA_CLASS, Attribute, Object),
-	mkEntry2(CKA_TOKEN, Attribute, Bool),
-	mkEntry2(CKA_PRIVATE, Attribute, Bool),
-	mkEntry2(CKA_LABEL, Attribute, None),
-	mkEntry2(CKA_APPLICATION, Attribute, None),
-	mkEntry2(CKA_VALUE, Attribute, None),
-	mkEntry2(CKA_OBJECT_ID, Attribute, None),
-	mkEntry2(CKA_CERTIFICATE_TYPE, Attribute, CertType),
-	mkEntry2(CKA_ISSUER, Attribute, None),
-	mkEntry2(CKA_SERIAL_NUMBER, Attribute, None),
-	mkEntry2(CKA_AC_ISSUER, Attribute, None),
-	mkEntry2(CKA_OWNER, Attribute, None),
-	mkEntry2(CKA_ATTR_TYPES, Attribute, None),
-	mkEntry2(CKA_TRUSTED, Attribute, Bool),
-	mkEntry2(CKA_KEY_TYPE, Attribute, KeyType),
-	mkEntry2(CKA_SUBJECT, Attribute, None),
-	mkEntry2(CKA_ID, Attribute, None),
-	mkEntry2(CKA_SENSITIVE, Attribute, Bool),
-	mkEntry2(CKA_ENCRYPT, Attribute, Bool),
-	mkEntry2(CKA_DECRYPT, Attribute, Bool),
-	mkEntry2(CKA_WRAP, Attribute, Bool),
-	mkEntry2(CKA_UNWRAP, Attribute, Bool),
-	mkEntry2(CKA_SIGN, Attribute, Bool),
-	mkEntry2(CKA_SIGN_RECOVER, Attribute, Bool),
-	mkEntry2(CKA_VERIFY, Attribute, Bool),
-	mkEntry2(CKA_VERIFY_RECOVER, Attribute, Bool),
-	mkEntry2(CKA_DERIVE, Attribute, Bool),
-	mkEntry2(CKA_START_DATE, Attribute, None),
-	mkEntry2(CKA_END_DATE, Attribute, None),
-	mkEntry2(CKA_MODULUS, Attribute, None),
-	mkEntry2(CKA_MODULUS_BITS, Attribute, None),
-	mkEntry2(CKA_PUBLIC_EXPONENT, Attribute, None),
-	mkEntry2(CKA_PRIVATE_EXPONENT, Attribute, None),
-	mkEntry2(CKA_PRIME_1, Attribute, None),
-	mkEntry2(CKA_PRIME_2, Attribute, None),
-	mkEntry2(CKA_EXPONENT_1, Attribute, None),
-	mkEntry2(CKA_EXPONENT_2, Attribute, None),
-	mkEntry2(CKA_COEFFICIENT, Attribute, None),
-	mkEntry2(CKA_PRIME, Attribute, None),
-	mkEntry2(CKA_SUBPRIME, Attribute, None),
-	mkEntry2(CKA_BASE, Attribute, None),
-	mkEntry2(CKA_PRIME_BITS, Attribute, None),
-	mkEntry2(CKA_SUB_PRIME_BITS, Attribute, None),
-	mkEntry2(CKA_VALUE_BITS, Attribute, None),
-	mkEntry2(CKA_VALUE_LEN, Attribute, None),
-	mkEntry2(CKA_EXTRACTABLE, Attribute, Bool),
-	mkEntry2(CKA_LOCAL, Attribute, Bool),
-	mkEntry2(CKA_NEVER_EXTRACTABLE, Attribute, Bool),
-	mkEntry2(CKA_ALWAYS_SENSITIVE, Attribute, Bool),
-	mkEntry2(CKA_KEY_GEN_MECHANISM, Attribute, Mechanism),
-	mkEntry2(CKA_MODIFIABLE, Attribute, Bool),
-	mkEntry2(CKA_ECDSA_PARAMS, Attribute, None),
-	mkEntry2(CKA_EC_PARAMS, Attribute, None),
-	mkEntry2(CKA_EC_POINT, Attribute, None),
-	mkEntry2(CKA_SECONDARY_AUTH, Attribute, None),
-	mkEntry2(CKA_AUTH_PIN_FLAGS, Attribute, None),
-	mkEntry2(CKA_HW_FEATURE_TYPE, Attribute, Hardware),
-	mkEntry2(CKA_RESET_ON_INIT, Attribute, Bool),
-	mkEntry2(CKA_HAS_RESET, Attribute, Bool),
-	mkEntry2(CKA_NETSCAPE_URL, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_EMAIL, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_SMIME_INFO, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_SMIME_TIMESTAMP, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_PKCS8_SALT, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_PASSWORD_CHECK, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_EXPIRES, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_KRL, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_PQG_COUNTER, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_PQG_SEED, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_PQG_H, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_PQG_SEED_BITS, Attribute, None),
-	mkEntry2(CKA_TRUST_DIGITAL_SIGNATURE, Attribute, Trust),
-	mkEntry2(CKA_TRUST_NON_REPUDIATION, Attribute, Trust),
-	mkEntry2(CKA_TRUST_KEY_ENCIPHERMENT, Attribute, Trust),
-	mkEntry2(CKA_TRUST_DATA_ENCIPHERMENT, Attribute, Trust),
-	mkEntry2(CKA_TRUST_KEY_AGREEMENT, Attribute, Trust),
-	mkEntry2(CKA_TRUST_KEY_CERT_SIGN, Attribute, Trust),
-	mkEntry2(CKA_TRUST_CRL_SIGN, Attribute, Trust),
-	mkEntry2(CKA_TRUST_SERVER_AUTH, Attribute, Trust),
-	mkEntry2(CKA_TRUST_CLIENT_AUTH, Attribute, Trust),
-	mkEntry2(CKA_TRUST_CODE_SIGNING, Attribute, Trust),
-	mkEntry2(CKA_TRUST_EMAIL_PROTECTION, Attribute, Trust),
-	mkEntry2(CKA_TRUST_IPSEC_END_SYSTEM, Attribute, Trust),
-	mkEntry2(CKA_TRUST_IPSEC_TUNNEL, Attribute, Trust),
-	mkEntry2(CKA_TRUST_IPSEC_USER, Attribute, Trust),
-	mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust),
-	mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None),
-	mkEntry2(CKA_CERT_MD5_HASH, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_DB, Attribute, None),
-	mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust),
-
-	mkEntry(CKM_RSA_PKCS_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_RSA_PKCS, Mechanism),
-	mkEntry(CKM_RSA_9796, Mechanism),
-	mkEntry(CKM_RSA_X_509, Mechanism),
-	mkEntry(CKM_MD2_RSA_PKCS, Mechanism),
-	mkEntry(CKM_MD5_RSA_PKCS, Mechanism),
-	mkEntry(CKM_SHA1_RSA_PKCS, Mechanism),
-	mkEntry(CKM_RIPEMD128_RSA_PKCS, Mechanism),
-	mkEntry(CKM_RIPEMD160_RSA_PKCS, Mechanism),
-	mkEntry(CKM_RSA_PKCS_OAEP, Mechanism),
-	mkEntry(CKM_RSA_X9_31_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_RSA_X9_31, Mechanism),
-	mkEntry(CKM_SHA1_RSA_X9_31, Mechanism),
-	mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_DSA, Mechanism),
-	mkEntry(CKM_DSA_SHA1, Mechanism),
-	mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
-	mkEntry(CKM_X9_42_DH_PKCS_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
-	mkEntry(CKM_X9_42_DH_HYBRID_DERIVE, Mechanism),
-	mkEntry(CKM_X9_42_MQV_DERIVE, Mechanism),
-	mkEntry(CKM_SHA256_RSA_PKCS, Mechanism),
-	mkEntry(CKM_SHA384_RSA_PKCS, Mechanism),
-	mkEntry(CKM_SHA512_RSA_PKCS, Mechanism),
-	mkEntry(CKM_RC2_KEY_GEN, Mechanism),
-	mkEntry(CKM_RC2_ECB, Mechanism),
-	mkEntry(CKM_RC2_CBC, Mechanism),
-	mkEntry(CKM_RC2_MAC, Mechanism),
-	mkEntry(CKM_RC2_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_RC2_CBC_PAD, Mechanism),
-	mkEntry(CKM_RC4_KEY_GEN, Mechanism),
-	mkEntry(CKM_RC4, Mechanism),
-	mkEntry(CKM_DES_KEY_GEN, Mechanism),
-	mkEntry(CKM_DES_ECB, Mechanism),
-	mkEntry(CKM_DES_CBC, Mechanism),
-	mkEntry(CKM_DES_MAC, Mechanism),
-	mkEntry(CKM_DES_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_DES_CBC_PAD, Mechanism),
-	mkEntry(CKM_DES2_KEY_GEN, Mechanism),
-	mkEntry(CKM_DES3_KEY_GEN, Mechanism),
-	mkEntry(CKM_DES3_ECB, Mechanism),
-	mkEntry(CKM_DES3_CBC, Mechanism),
-	mkEntry(CKM_DES3_MAC, Mechanism),
-	mkEntry(CKM_DES3_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_DES3_CBC_PAD, Mechanism),
-	mkEntry(CKM_CDMF_KEY_GEN, Mechanism),
-	mkEntry(CKM_CDMF_ECB, Mechanism),
-	mkEntry(CKM_CDMF_CBC, Mechanism),
-	mkEntry(CKM_CDMF_MAC, Mechanism),
-	mkEntry(CKM_CDMF_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_CDMF_CBC_PAD, Mechanism),
-	mkEntry(CKM_MD2, Mechanism),
-	mkEntry(CKM_MD2_HMAC, Mechanism),
-	mkEntry(CKM_MD2_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_MD5, Mechanism),
-	mkEntry(CKM_MD5_HMAC, Mechanism),
-	mkEntry(CKM_MD5_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_SHA_1, Mechanism),
-	mkEntry(CKM_SHA_1_HMAC, Mechanism),
-	mkEntry(CKM_SHA_1_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_RIPEMD128, Mechanism),
-	mkEntry(CKM_RIPEMD128_HMAC, Mechanism),
-	mkEntry(CKM_RIPEMD128_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_RIPEMD160, Mechanism),
-	mkEntry(CKM_RIPEMD160_HMAC, Mechanism),
-	mkEntry(CKM_RIPEMD160_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_SHA256, Mechanism),
-	mkEntry(CKM_SHA256_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_SHA256_HMAC, Mechanism),
-	mkEntry(CKM_SHA384, Mechanism),
-	mkEntry(CKM_SHA384_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_SHA384_HMAC, Mechanism),
-	mkEntry(CKM_SHA512, Mechanism),
-	mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism),
-	mkEntry(CKM_SHA512_HMAC, Mechanism),
-	mkEntry(CKM_CAST_KEY_GEN, Mechanism),
-	mkEntry(CKM_CAST_ECB, Mechanism),
-	mkEntry(CKM_CAST_CBC, Mechanism),
-	mkEntry(CKM_CAST_MAC, Mechanism),
-	mkEntry(CKM_CAST_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_CAST_CBC_PAD, Mechanism),
-	mkEntry(CKM_CAST3_KEY_GEN, Mechanism),
-	mkEntry(CKM_CAST3_ECB, Mechanism),
-	mkEntry(CKM_CAST3_CBC, Mechanism),
-	mkEntry(CKM_CAST3_MAC, Mechanism),
-	mkEntry(CKM_CAST3_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_CAST3_CBC_PAD, Mechanism),
-	mkEntry(CKM_CAST5_KEY_GEN, Mechanism),
-	mkEntry(CKM_CAST128_KEY_GEN, Mechanism),
-	mkEntry(CKM_CAST5_ECB, Mechanism),
-	mkEntry(CKM_CAST128_ECB, Mechanism),
-	mkEntry(CKM_CAST5_CBC, Mechanism),
-	mkEntry(CKM_CAST128_CBC, Mechanism),
-	mkEntry(CKM_CAST5_MAC, Mechanism),
-	mkEntry(CKM_CAST128_MAC, Mechanism),
-	mkEntry(CKM_CAST5_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_CAST128_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_CAST5_CBC_PAD, Mechanism),
-	mkEntry(CKM_CAST128_CBC_PAD, Mechanism),
-	mkEntry(CKM_RC5_KEY_GEN, Mechanism),
-	mkEntry(CKM_RC5_ECB, Mechanism),
-	mkEntry(CKM_RC5_CBC, Mechanism),
-	mkEntry(CKM_RC5_MAC, Mechanism),
-	mkEntry(CKM_RC5_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_RC5_CBC_PAD, Mechanism),
-	mkEntry(CKM_IDEA_KEY_GEN, Mechanism),
-	mkEntry(CKM_IDEA_ECB, Mechanism),
-	mkEntry(CKM_IDEA_CBC, Mechanism),
-	mkEntry(CKM_IDEA_MAC, Mechanism),
-	mkEntry(CKM_IDEA_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_IDEA_CBC_PAD, Mechanism),
-	mkEntry(CKM_GENERIC_SECRET_KEY_GEN, Mechanism),
-	mkEntry(CKM_CONCATENATE_BASE_AND_KEY, Mechanism),
-	mkEntry(CKM_CONCATENATE_BASE_AND_DATA, Mechanism),
-	mkEntry(CKM_CONCATENATE_DATA_AND_BASE, Mechanism),
-	mkEntry(CKM_XOR_BASE_AND_DATA, Mechanism),
-	mkEntry(CKM_EXTRACT_KEY_FROM_KEY, Mechanism),
-	mkEntry(CKM_SSL3_PRE_MASTER_KEY_GEN, Mechanism),
-	mkEntry(CKM_SSL3_MASTER_KEY_DERIVE, Mechanism),
-	mkEntry(CKM_SSL3_KEY_AND_MAC_DERIVE, Mechanism),
-	mkEntry(CKM_SSL3_MASTER_KEY_DERIVE_DH, Mechanism),
-	mkEntry(CKM_TLS_PRE_MASTER_KEY_GEN, Mechanism),
-	mkEntry(CKM_TLS_MASTER_KEY_DERIVE, Mechanism),
-	mkEntry(CKM_TLS_KEY_AND_MAC_DERIVE, Mechanism),
-	mkEntry(CKM_TLS_MASTER_KEY_DERIVE_DH, Mechanism),
-	mkEntry(CKM_SSL3_MD5_MAC, Mechanism),
-	mkEntry(CKM_SSL3_SHA1_MAC, Mechanism),
-	mkEntry(CKM_MD5_KEY_DERIVATION, Mechanism),
-	mkEntry(CKM_MD2_KEY_DERIVATION, Mechanism),
-	mkEntry(CKM_SHA1_KEY_DERIVATION, Mechanism),
-	mkEntry(CKM_SHA256_KEY_DERIVATION, Mechanism),
-	mkEntry(CKM_SHA384_KEY_DERIVATION, Mechanism),
-	mkEntry(CKM_SHA512_KEY_DERIVATION, Mechanism),
-	mkEntry(CKM_PBE_MD2_DES_CBC, Mechanism),
-	mkEntry(CKM_PBE_MD5_DES_CBC, Mechanism),
-	mkEntry(CKM_PBE_MD5_CAST_CBC, Mechanism),
-	mkEntry(CKM_PBE_MD5_CAST3_CBC, Mechanism),
-	mkEntry(CKM_PBE_MD5_CAST5_CBC, Mechanism),
-	mkEntry(CKM_PBE_MD5_CAST128_CBC, Mechanism),
-	mkEntry(CKM_PBE_SHA1_CAST5_CBC, Mechanism),
-	mkEntry(CKM_PBE_SHA1_CAST128_CBC, Mechanism),
-	mkEntry(CKM_PBE_SHA1_RC4_128, Mechanism),
-	mkEntry(CKM_PBE_SHA1_RC4_40, Mechanism),
-	mkEntry(CKM_PBE_SHA1_DES3_EDE_CBC, Mechanism),
-	mkEntry(CKM_PBE_SHA1_DES2_EDE_CBC, Mechanism),
-	mkEntry(CKM_PBE_SHA1_RC2_128_CBC, Mechanism),
-	mkEntry(CKM_PBE_SHA1_RC2_40_CBC, Mechanism),
-	mkEntry(CKM_PKCS5_PBKD2, Mechanism),
-	mkEntry(CKM_PBA_SHA1_WITH_SHA1_HMAC, Mechanism),
-	mkEntry(CKM_KEY_WRAP_LYNKS, Mechanism),
-	mkEntry(CKM_KEY_WRAP_SET_OAEP, Mechanism),
-	mkEntry(CKM_SKIPJACK_KEY_GEN, Mechanism),
-	mkEntry(CKM_SKIPJACK_ECB64, Mechanism),
-	mkEntry(CKM_SKIPJACK_CBC64, Mechanism),
-	mkEntry(CKM_SKIPJACK_OFB64, Mechanism),
-	mkEntry(CKM_SKIPJACK_CFB64, Mechanism),
-	mkEntry(CKM_SKIPJACK_CFB32, Mechanism),
-	mkEntry(CKM_SKIPJACK_CFB16, Mechanism),
-	mkEntry(CKM_SKIPJACK_CFB8, Mechanism),
-	mkEntry(CKM_SKIPJACK_WRAP, Mechanism),
-	mkEntry(CKM_SKIPJACK_PRIVATE_WRAP, Mechanism),
-	mkEntry(CKM_SKIPJACK_RELAYX, Mechanism),
-	mkEntry(CKM_KEA_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_KEA_KEY_DERIVE, Mechanism),
-	mkEntry(CKM_FORTEZZA_TIMESTAMP, Mechanism),
-	mkEntry(CKM_BATON_KEY_GEN, Mechanism),
-	mkEntry(CKM_BATON_ECB128, Mechanism),
-	mkEntry(CKM_BATON_ECB96, Mechanism),
-	mkEntry(CKM_BATON_CBC128, Mechanism),
-	mkEntry(CKM_BATON_COUNTER, Mechanism),
-	mkEntry(CKM_BATON_SHUFFLE, Mechanism),
-	mkEntry(CKM_BATON_WRAP, Mechanism),
-	mkEntry(CKM_ECDSA_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
-	mkEntry(CKM_ECDSA, Mechanism),
-	mkEntry(CKM_ECDSA_SHA1, Mechanism),
-	mkEntry(CKM_ECDH1_DERIVE, Mechanism),
-	mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism),
-	mkEntry(CKM_ECMQV_DERIVE, Mechanism),
-	mkEntry(CKM_JUNIPER_KEY_GEN, Mechanism),
-	mkEntry(CKM_JUNIPER_ECB128, Mechanism),
-	mkEntry(CKM_JUNIPER_CBC128, Mechanism),
-	mkEntry(CKM_JUNIPER_COUNTER, Mechanism),
-	mkEntry(CKM_JUNIPER_SHUFFLE, Mechanism),
-	mkEntry(CKM_JUNIPER_WRAP, Mechanism),
-	mkEntry(CKM_FASTHASH, Mechanism),
-	mkEntry(CKM_AES_KEY_GEN, Mechanism),
-	mkEntry(CKM_AES_ECB, Mechanism),
-	mkEntry(CKM_AES_CBC, Mechanism),
-	mkEntry(CKM_AES_MAC, Mechanism),
-	mkEntry(CKM_AES_MAC_GENERAL, Mechanism),
-	mkEntry(CKM_AES_CBC_PAD, Mechanism),
-	mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism),
-	mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
-	mkEntry(CKM_DH_X9_42_PARAMETER_GEN, Mechanism),
-	mkEntry(CKM_NETSCAPE_AES_KEY_WRAP, Mechanism),
-	mkEntry(CKM_NETSCAPE_AES_KEY_WRAP_PAD, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism),
-	mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism),
-	mkEntry(CKM_TLS_PRF_GENERAL, Mechanism),
-
-	mkEntry(CKR_OK, Result),
-	mkEntry(CKR_CANCEL, Result),
-	mkEntry(CKR_HOST_MEMORY, Result),
-	mkEntry(CKR_SLOT_ID_INVALID, Result),
-	mkEntry(CKR_GENERAL_ERROR, Result),
-	mkEntry(CKR_FUNCTION_FAILED, Result),
-	mkEntry(CKR_ARGUMENTS_BAD, Result),
-	mkEntry(CKR_NO_EVENT, Result),
-	mkEntry(CKR_NEED_TO_CREATE_THREADS, Result),
-	mkEntry(CKR_CANT_LOCK, Result),
-	mkEntry(CKR_ATTRIBUTE_READ_ONLY, Result),
-	mkEntry(CKR_ATTRIBUTE_SENSITIVE, Result),
-	mkEntry(CKR_ATTRIBUTE_TYPE_INVALID, Result),
-	mkEntry(CKR_ATTRIBUTE_VALUE_INVALID, Result),
-	mkEntry(CKR_DATA_INVALID, Result),
-	mkEntry(CKR_DATA_LEN_RANGE, Result),
-	mkEntry(CKR_DEVICE_ERROR, Result),
-	mkEntry(CKR_DEVICE_MEMORY, Result),
-	mkEntry(CKR_DEVICE_REMOVED, Result),
-	mkEntry(CKR_ENCRYPTED_DATA_INVALID, Result),
-	mkEntry(CKR_ENCRYPTED_DATA_LEN_RANGE, Result),
-	mkEntry(CKR_FUNCTION_CANCELED, Result),
-	mkEntry(CKR_FUNCTION_NOT_PARALLEL, Result),
-	mkEntry(CKR_FUNCTION_NOT_SUPPORTED, Result),
-	mkEntry(CKR_KEY_HANDLE_INVALID, Result),
-	mkEntry(CKR_KEY_SIZE_RANGE, Result),
-	mkEntry(CKR_KEY_TYPE_INCONSISTENT, Result),
-	mkEntry(CKR_KEY_NOT_NEEDED, Result),
-	mkEntry(CKR_KEY_CHANGED, Result),
-	mkEntry(CKR_KEY_NEEDED, Result),
-	mkEntry(CKR_KEY_INDIGESTIBLE, Result),
-	mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result),
-	mkEntry(CKR_KEY_NOT_WRAPPABLE, Result),
-	mkEntry(CKR_KEY_UNEXTRACTABLE, Result),
-	mkEntry(CKR_KEY_PARAMS_INVALID, Result),
-	mkEntry(CKR_MECHANISM_INVALID, Result),
-	mkEntry(CKR_MECHANISM_PARAM_INVALID, Result),
-	mkEntry(CKR_OBJECT_HANDLE_INVALID, Result),
-	mkEntry(CKR_OPERATION_ACTIVE, Result),
-	mkEntry(CKR_OPERATION_NOT_INITIALIZED, Result),
-	mkEntry(CKR_PIN_INCORRECT, Result),
-	mkEntry(CKR_PIN_INVALID, Result),
-	mkEntry(CKR_PIN_LEN_RANGE, Result),
-	mkEntry(CKR_PIN_EXPIRED, Result),
-	mkEntry(CKR_PIN_LOCKED, Result),
-	mkEntry(CKR_SESSION_CLOSED, Result),
-	mkEntry(CKR_SESSION_COUNT, Result),
-	mkEntry(CKR_SESSION_HANDLE_INVALID, Result),
-	mkEntry(CKR_SESSION_PARALLEL_NOT_SUPPORTED, Result),
-	mkEntry(CKR_SESSION_READ_ONLY, Result),
-	mkEntry(CKR_SESSION_EXISTS, Result),
-	mkEntry(CKR_SESSION_READ_ONLY_EXISTS, Result),
-	mkEntry(CKR_SESSION_READ_WRITE_SO_EXISTS, Result),
-	mkEntry(CKR_SIGNATURE_INVALID, Result),
-	mkEntry(CKR_SIGNATURE_LEN_RANGE, Result),
-	mkEntry(CKR_TEMPLATE_INCOMPLETE, Result),
-	mkEntry(CKR_TEMPLATE_INCONSISTENT, Result),
-	mkEntry(CKR_TOKEN_NOT_PRESENT, Result),
-	mkEntry(CKR_TOKEN_NOT_RECOGNIZED, Result),
-	mkEntry(CKR_TOKEN_WRITE_PROTECTED, Result),
-	mkEntry(CKR_UNWRAPPING_KEY_HANDLE_INVALID, Result),
-	mkEntry(CKR_UNWRAPPING_KEY_SIZE_RANGE, Result),
-	mkEntry(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, Result),
-	mkEntry(CKR_USER_ALREADY_LOGGED_IN, Result),
-	mkEntry(CKR_USER_NOT_LOGGED_IN, Result),
-	mkEntry(CKR_USER_PIN_NOT_INITIALIZED, Result),
-	mkEntry(CKR_USER_TYPE_INVALID, Result),
-	mkEntry(CKR_USER_ANOTHER_ALREADY_LOGGED_IN, Result),
-	mkEntry(CKR_USER_TOO_MANY_TYPES, Result),
-	mkEntry(CKR_WRAPPED_KEY_INVALID, Result),
-	mkEntry(CKR_WRAPPED_KEY_LEN_RANGE, Result),
-	mkEntry(CKR_WRAPPING_KEY_HANDLE_INVALID, Result),
-	mkEntry(CKR_WRAPPING_KEY_SIZE_RANGE, Result),
-	mkEntry(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, Result),
-	mkEntry(CKR_RANDOM_SEED_NOT_SUPPORTED, Result),
-	mkEntry(CKR_RANDOM_NO_RNG, Result),
-	mkEntry(CKR_DOMAIN_PARAMS_INVALID, Result),
-	mkEntry(CKR_BUFFER_TOO_SMALL, Result),
-	mkEntry(CKR_SAVED_STATE_INVALID, Result),
-	mkEntry(CKR_INFORMATION_SENSITIVE, Result),
-	mkEntry(CKR_STATE_UNSAVEABLE, Result),
-	mkEntry(CKR_CRYPTOKI_NOT_INITIALIZED, Result),
-	mkEntry(CKR_CRYPTOKI_ALREADY_INITIALIZED, Result),
-	mkEntry(CKR_MUTEX_BAD, Result),
-	mkEntry(CKR_MUTEX_NOT_LOCKED, Result),
-	mkEntry(CKR_VENDOR_DEFINED, Result),
-
-	mkEntry(CKT_NETSCAPE_TRUSTED, Trust),
-	mkEntry(CKT_NETSCAPE_TRUSTED_DELEGATOR, Trust),
-	mkEntry(CKT_NETSCAPE_UNTRUSTED, Trust),
-	mkEntry(CKT_NETSCAPE_MUST_VERIFY, Trust),
-	mkEntry(CKT_NETSCAPE_TRUST_UNKNOWN, Trust),
-	mkEntry(CKT_NETSCAPE_VALID, Trust),
-	mkEntry(CKT_NETSCAPE_VALID_DELEGATOR, Trust),
-};
-
-const Constant *consts = &_consts[0];
-const int constCount = sizeof(_consts)/sizeof(_consts[0]);
-
-const Commands _commands[] = {
-    {"C_Initialize", F_C_Initialize,
-	{ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Finalize", F_C_Finalize,
-	{ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetInfo", F_C_GetInfo,
-	{ArgInfo|ArgOut,   ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetFunctionList", F_C_GetFunctionList,
-	{ArgFunctionList|ArgOut,   ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetSlotList", F_C_GetSlotList,
-	{ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetSlotInfo", F_C_GetSlotInfo,
-	{ArgULong, ArgSlotInfo|ArgOut, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetTokenInfo", F_C_GetTokenInfo,
-	{ArgULong, ArgTokenInfo|ArgOut, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetMechanismList", F_C_GetMechanismList,
-	{ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetMechanismInfo", F_C_GetMechanismInfo,
-	{ArgULong, ArgULong, ArgMechanismInfo|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_InitToken", F_C_InitToken,
-	{ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_InitPIN", F_C_InitPIN,
-	{ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SetPIN", F_C_SetPIN,
-	{ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgULong,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_OpenSession", F_C_OpenSession,
-	{ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_CloseSession", F_C_CloseSession,
-	{ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_CloseAllSessions", F_C_CloseAllSessions,
-	{ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetSessionInfo", F_C_GetSessionInfo,
-	{ArgULong, ArgSessionInfo|ArgOut, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetOperationState", F_C_GetOperationState,
-	{ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SetOperationState", F_C_SetOperationState,
-	{ArgULong, ArgChar|ArgOut, ArgULong, ArgULong, ArgULong,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Login", F_C_Login,
-	{ArgULong, ArgULong, ArgVar, ArgULong, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Logout", F_C_Logout,
-	{ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_CreateObject", F_C_CreateObject,
-	{ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_CopyObject", F_C_CopyObject,
-	{ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DestroyObject", F_C_DestroyObject,
-	{ArgULong, ArgULong, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetObjectSize", F_C_GetObjectSize,
-	{ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetAttributeValue", F_C_GetAttributeValue,
-	{ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SetAttributeValue", F_C_SetAttributeValue,
-	{ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_FindObjectsInit", F_C_FindObjectsInit,
-	{ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_FindObjectsFinal", F_C_FindObjectsFinal,
-	{ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_FindObjects", F_C_FindObjects,
-	{ArgULong, ArgULong|ArgOut, ArgULong, ArgULong|ArgOut, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_EncryptInit", F_C_EncryptInit,
-	{ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_EncryptUpdate", F_C_EncryptUpdate,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_EncryptFinal", F_C_EncryptFinal,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Encrypt", F_C_Encrypt,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DecryptInit", F_C_DecryptInit,
-	{ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DecryptUpdate", F_C_DecryptUpdate,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DecryptFinal", F_C_DecryptFinal,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Decrypt", F_C_Decrypt,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DigestInit", F_C_DigestInit,
-	{ArgULong, ArgMechanism, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DigestUpdate", F_C_DigestUpdate,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DigestKey", F_C_DigestKey,
-	{ArgULong, ArgULong, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DigestFinal", F_C_DigestFinal,
-	{ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Digest", F_C_Digest,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SignInit", F_C_SignInit,
-	{ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SignUpdate", F_C_SignUpdate,
-	{ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SignFinal", F_C_SignFinal,
-	{ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SignRecoverInit", F_C_SignRecoverInit,
-	{ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SignRecover", F_C_SignRecover,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Sign", F_C_Sign,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_VerifyInit", F_C_VerifyInit,
-	{ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_VerifyUpdate", F_C_VerifyUpdate,
-	{ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_VerifyFinal", F_C_VerifyFinal,
-	{ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_VerifyRecoverInit", F_C_VerifyRecoverInit,
-	{ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_VerifyRecover", F_C_VerifyRecover,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_Verify", F_C_Verify,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DigestEncryptUpdate", F_C_DigestEncryptUpdate,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DecryptDigestUpdate", F_C_DecryptDigestUpdate,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SignEncryptUpdate", F_C_SignEncryptUpdate,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_DecryptVerifyUpdate", F_C_DecryptVerifyUpdate,
-	{ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GenerateKeyPair", F_C_GenerateKeyPair,
-	{ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong, 
-						ArgAttribute|ArgArray,
-	 ArgULong, ArgULong|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone }},
-    {"C_GenerateKey", F_C_GenerateKey,
-	{ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong, 
-	 					ArgULong|ArgOut,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_WrapKey", F_C_WrapKey,
-	{ArgULong, ArgMechanism, ArgULong, ArgULong, ArgULong,
-	 ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, ArgNone }},
-    {"C_UnwrapKey", F_C_UnwrapKey,
-	{ArgULong, ArgMechanism, ArgULong, ArgChar, ArgULong,
-	 ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone }},
-    {"C_DeriveKey", F_C_DeriveKey,
-	{ArgULong, ArgMechanism, ArgULong, ArgAttribute|ArgArray,  ArgULong,
-	 ArgULong|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_SeedRandom", F_C_SeedRandom,
-	{ArgULong, ArgChar, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GenerateRandom", F_C_GenerateRandom,
-	{ArgULong, ArgChar, ArgULong, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_GetFunctionStatus", F_C_GetFunctionStatus,
-	{ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_CancelFunction", F_C_CancelFunction,
-	{ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"C_WaitForSlotEvent", F_C_WaitForSlotEvent,
-	{ArgULong, ArgULong|ArgArray, ArgVar, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"NewArray", F_NewArray,
-	{ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone, 
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"NewTemplate", F_NewTemplate,
-	{ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, 
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"NewMechanism", F_NewMechanism,
-	{ArgMechanism|ArgOut, ArgULong, ArgNone, ArgNone, ArgNone, 
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"BuildTemplate", F_BuildTemplate,
-	{ArgAttribute, ArgNone, ArgNone, ArgNone, ArgNone, 
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"SetTemplate", F_SetTemplate,
-	{ArgAttribute, ArgULong, ArgULong, ArgNone, ArgNone, 
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Set", F_SetVar,
-	{ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, 
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Print", F_Print,
-	{ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Delete", F_Delete,
-	{ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Load", F_Load,
-	{ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Save", F_SaveVar,
-	{ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Restore", F_RestoreVar,
-	{ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"List", F_List,
-	{ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Unload", F_Unload,
-	{ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Run", F_Run,
-	{ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"System", F_System,
-	{ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-    {"Quit", F_Quit,
-	{ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
-	 ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-};
-
-const Commands  *commands= &_commands[0];
-const int commandCount = sizeof(_commands) / sizeof(_commands[0]);
-
-
deleted file mode 100644
--- a/security/nss/cmd/pk11util/pk11util.c
+++ /dev/null
@@ -1,1677 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL", in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(WIN32)
-#undef __STDC__
-#include "fcntl.h"
-#include "io.h"
-#else
-#include <unistd.h>
-#include <sys/fcntl.h>
-#endif
-
-#include "secutil.h"
-
-
-#include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-
-#include "pkcs11.h"
-
-#include "pk11util.h"
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-CK_ULONG systemFlags;
-#define FLAG_NEGATE 0x80000000
-#define FLAG_Verify 0x00000001
-#define FLAG_VerifyFile 0x00000002
-
-int ArgSize(ArgType type);
-char *constLookup(char *bp, CK_ULONG *value, ConstType *type);
- 
-void printConst(CK_ULONG value, ConstType type, int newLine)
-{
-    int i;
-
-    for (i=0; i < constCount; i++) {
-	if (consts[i].type == type && consts[i].value == value) {
-	    printf("%s",consts[i].name);
-	    break;
-	}
-	if (type == ConstNone && consts[i].value == value) {
-	    printf("%s",consts[i].name);
-	    break;
-	}
-    }
-    if (i == constCount) {
-	printf("Unknown %s (%lu:0x%lx)",constTypeString[type],value,value);
-    }
-    if (newLine) {
-	printf("\n");
-    }
-}
-
-ConstType getConstFromAttribute(CK_ATTRIBUTE_TYPE type)
-{
-    int i;
-
-    for (i=0; i < constCount; i++) {
-	if (consts[i].type == ConstAttribute && consts[i].value == type) {
-	    return consts[i].attrType;
-	}
-    }
-    return ConstNone;
-}
-
-void printChars(char *name, CK_ULONG size)
-{
-    CK_ULONG i;
-    for (i=0; i < size; i++) {
-	if (name[i] == 0) {
-		break;
-	}
-	printf("%c",name[i]);
-    }
-    printf("\n");
-}
-
-#define DUMP_LEN 16
-void printDump(unsigned char *buf, int size)
-{
-    int i,j;
-
-    for(i=0; i < size; i+= DUMP_LEN) {
-	printf(" ");
-	for (j=0; j< DUMP_LEN; j++) {
-	    if (i+j < size) {
-		printf("%02x ",buf[i+j]);
-	    } else {
-		printf("   ");
-	    }
-	} 
-	for (j=0; j< DUMP_LEN; j++) {
-	    if (i+j < size) {
-		if (buf[i+j] < ' ' || buf[i+j] >= 0x7f) {
-		    printf(".");
-		} else {
-		    printf("%c",buf[i+j]);
-		}
-	    } else {
-		printf(" ");
-	    }
-	} 
-	printf("\n");
-    }
-}
-
-/*
- * free an argument structure
- */
-void argFree(Value *arg)
-{
-    if (arg == NULL) return;
-
-    arg->reference--;
-    if (arg->reference == 0) {
-	if (arg->type & ArgFile) {
-	    free(arg->filename);
-	}
-	if (arg->data) {
-	    if ((arg->type & ArgMask) == ArgAttribute) {
-		int i;
-		CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)arg->data;
-
-		for (i=0; i < arg->arraySize; i++) {
-		    free(template[i].pValue);
-		}
-	    }
-	    free(arg->data);
-	}
-	free (arg);
-    }
-}
-
-/*
- * free and argument list
- */
-void parseFree(Value **ap)
-{
-    int i;
-    for (i=0 ; i < MAX_ARGS; i++) {
-	argFree(ap[i]);
-    }
-}
-
-/*
- * getEnd: how for to the end of this argmument list?
- */
-int getEnd(char *bp)
-{
-    int count = 0;
-
-    while (*bp) {
-        if (*bp == ' ' || *bp == '\t' || *bp == '\n') return count;
-	count++;
-	bp++;
-    }
-    return (count);
-}
-
-
-/*
- * strip: return the first none white space character
- */
-char *strip(char *bp)
-{
-    while (*bp && (*bp == ' ' || *bp == '\t' || *bp == '\n')) bp++;
-    return bp;
-}
-
-/*
- * read in the next argument into dp ... don't overflow
- */
-char *readChars(char *bp, char *dp, int max )
-{
-    int count = 0;
-    while (*bp) {
-        if (*bp == ' ' || *bp == '\t' || *bp == '\n' ) {
-	    *dp = 0;
-	    return bp;
-	}
-	*dp++ = *bp++;
-	if (++count == max) break;
-    }
-    while (*bp && (*bp != ' ' && *bp != '\t' && *bp != '\n')) bp++;
-    *dp = 0;
-    return (bp);
-}
-
-/*
- * look up a variable from the variable chain
- */
-static Variable *varHead = NULL;
-Value * varLookup(char *bp, char *vname, int max) {
-    Variable *current;
-    bp = readChars(bp, vname, max);
-
-    for (current = varHead; current; current = current->next) {
-	if (PL_strcasecmp(current->vname, vname) == 0) {
-		return current->value;
-	}
-    }
-    return NULL;
-}
-
-static CK_RV list(void)
-{
-    Variable *current;
-
-    if (varHead) {
-    	printf(" %10s\t%16s\t%8s\tSize\tElements\n","Name","Type","Const");
-    } else {
-    	printf(" no variables set\n");
-    }
-
-    for (current = varHead; current; current = current->next) {
-    	printf(" %10s\t%16s\t%8s\t%d\t%d\n", current->vname,
-	    valueString[current->value->type&ArgMask],
-	    constTypeString[current->value->constType],
-	    current->value->size, current->value->arraySize);
-    }
-    return CKR_OK;
-}
-
-CK_RV printFlags(char *s, CK_ULONG flags, ConstType type)
-{
-    CK_ULONG i;
-    int needComma = 0;
-
-    printf("%s",s);
-    for (i=1; i ; i=i << 1) {
-	if (flags & i) {
-	   printf("%s",needComma?",":"");
-	   printConst(i, type, 0);
-	   needComma=1;
-	}
-    }
-    if (!needComma) {
-	printf("Empty");
-    }
-    printf("\n");
-    return CKR_OK;
-}
-
-Value *NewValue(ArgType type, CK_ULONG arraySize)
-{
-    Value *value;
-
-    value = (Value *)malloc(sizeof(Value));
-    if (!value) return NULL;
-    value->size = ArgSize(type)*arraySize;
-    value->type = type;
-    value->filename = NULL;
-    value->constType = ConstNone;
-    value->data = (void *)malloc(value->size);
-    if (!value->data) {
-	free(value);
-	return NULL;
-    }
-    value->reference = 1;
-    value->arraySize = arraySize;
-
-    memset(value->data, 0, value->size);
-    return value;
-}
-
-/*
- * add a new variable to the chain
- */
-char *AddVariable(char *bp, Value **ptr)
-{
-    char vname[512];
-    Variable *current;
-    int size;
-
-    bp = readChars(bp,vname,sizeof(vname));
-
-    for (current = varHead; current; current = current->next) {
-	if (PL_strcasecmp(current->vname,vname) == 0) {
-	        argFree(*ptr);
-		*ptr = current->value;
-		return bp;
-	}
-    }
-
-    current = (Variable *)malloc(sizeof(Variable));
-    size = strlen(vname);
-    current->vname = (char *)malloc(size+1);
-    strcpy(current->vname,vname);
-    current->value = *ptr;
-    (*ptr)->reference++;
-
-    current->next = varHead;
-    varHead = current;
-    return bp;
-}
-
-ArgType FindTypeByName(char *typeName)
-{
-    int i;
-
-    for (i=0; i < valueCount; i++) {
-	if (PL_strcasecmp(typeName,valueString[i]) == 0) {
-	    return (ArgType) i;
-	}
-	if (valueString[i][0] == 'C' && valueString[i][1] == 'K' &&
-	   valueString[i][2] == '_' && 
-			(PL_strcasecmp(typeName,&valueString[i][3]) == 0)) {
-	    return (ArgType) i;
-	}
-    }
-    return ArgNone;
-}
-
-CK_RV ArrayVariable(char *bp, char *typeName, CK_ULONG count)
-{
-    ArgType type;
-    Value *value; /* new Value */
-
-    type = FindTypeByName(typeName);
-    if (type == ArgNone) {
-	fprintf(stderr,"Invalid type (%s)\n", typeName);
-	return CKR_FUNCTION_FAILED;
-    }
-    value = NewValue(type, count);
-    (void) AddVariable(bp, &value);
-    return CKR_OK;
-}
-
-#define MAX_TEMPLATE 25
-
-CK_RV ArrayTemplate(char *bp, char *attributes)
-{
-    char aname[512];
-    CK_ULONG attributeTypes[MAX_TEMPLATE];
-    CK_ATTRIBUTE *template;
-    Value *value; /* new Value */
-    char *ap;
-    int i, count = 0;
-
-    memcpy(aname,attributes,strlen(attributes)+1);
-
-    for (ap = aname, count = 0; ap && *ap && count < MAX_TEMPLATE; count++) {
-	char *cur = ap;
-	ConstType type;
-
-	ap = strchr(ap,',');
-	if (ap) {
-	    *ap++ = 0;
-	}
-
-	(void)constLookup(cur, &attributeTypes[count], &type);
-	if ((type != ConstAttribute) && (type != ConstNone)) {
-	   printf("Unknown Attribute %s\n", cur);
-	   return CKR_FUNCTION_FAILED;
-	}
-    }
-
-    value = NewValue(ArgAttribute, count);
-
-    template = (CK_ATTRIBUTE *)value->data;
-    for (i=0; i < count ; i++) {
-	template[i].type = attributeTypes[i];
-    }
-    (void) AddVariable(bp, &value);
-    return CKR_OK;
-}
-
-CK_RV BuildTemplate(Value *vp)
-{
-    CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)vp->data;
-    int i;
-
-    for (i=0; i < vp->arraySize; i++) {
-	if (((signed long)template[i].ulValueLen) > 0) {
-	    if (template[i].pValue) free(template[i].pValue);
-	    template[i].pValue = malloc(template[i].ulValueLen);
-	}
-    }
-    return CKR_OK;
-}
-
-CK_RV SetTemplate(Value *vp, CK_ULONG index, CK_ULONG value)
-{
-    CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)vp->data;
-    int isbool = 0;
-    CK_ULONG len;
-    ConstType attrType;
-
-    if (index >= vp->arraySize) {
-	fprintf(stderr,"index (%lu) greater than array (%d)\n", 
-						index, vp->arraySize);
-	return CKR_ARGUMENTS_BAD;
-    }
-    attrType =  getConstFromAttribute(template[index].type);
-
-    if (attrType == ConstNone) {
-	fprintf(stderr,"can't set index (%lu) because ", index);
-	printConst(template[index].type,ConstAttribute, 0);
-	printf(" is not a CK_BBOOL or CK_ULONG\n");
-	return CKR_ARGUMENTS_BAD;
-    }
-    isbool = (attrType == ConstBool);
-    len = isbool ? sizeof (CK_BBOOL) : sizeof(CK_ULONG);
-    if ((template[index].ulValueLen != len) || (template[index].pValue)) {
-	free(template[index].pValue);
-	template[index].pValue = malloc(len);
-	template[index].ulValueLen = len;
-    }
-    if (isbool) {
-	*(CK_BBOOL *)template[index].pValue = (CK_BBOOL) value;
-    } else {
-	*(CK_ULONG *)template[index].pValue = (CK_ULONG) value;
-    }
-    return CKR_OK;
-
-}
-
-CK_RV NewMechanism(char *bp, CK_ULONG mechType)
-{
-    Value *value; /* new Value */
-    CK_MECHANISM *mechanism;
-
-    value = NewValue(ArgMechanism, 1);
-    mechanism = (CK_MECHANISM *)value->data;
-    mechanism->mechanism = mechType;
-    mechanism->pParameter = NULL;
-    mechanism->ulParameterLen = 0;
-    (void) AddVariable(bp, &value);
-    return CKR_OK;
-}
-
-/*
- * add a new variable to the chain
- */
-CK_RV DeleteVariable(char *bp)
-{
-    char vname[512];
-    Variable **current;
-
-    bp = readChars(bp,vname,sizeof(vname));
-
-    for (current = &varHead; *current; current = &(*current)->next) {
-	if (PL_strcasecmp((*current)->vname,vname) == 0) {
-	        argFree((*current)->value);
-		*current = (*current)->next;
-	}
-    }
-    return CKR_OK;
-}
-
-/*
- * convert an octal value to integer
- */   
-CK_ULONG otoi(char *o)
-{
-    CK_ULONG value = 0;
-
-    while (*o) {
-	if ((*o >= '0') && (*o <= '7')) {
-	    value = (value << 3) | (unsigned)(*o - '0');
-	} else {
-	    break;
-	}
-    }
-    return value;
-}
-
-/*
- * convert a hex value to integer
- */   
-CK_ULONG  htoi(char *x)
-{
-    CK_ULONG value = 0;
-
-    while (*x) {
-	if ((*x >= '0') && (*x <= '9')) {
-	    value = (value << 4) | (unsigned)(*x - '0');
-	} else if ((*x >= 'a') && (*x <= 'f')) {
-	    value = (value << 4) | (unsigned)(*x - 'a');
-	} else if ((*x >= 'A') && (*x <= 'F')) {
-	    value = (value << 4) | (unsigned)(*x - 'A');
-	} else {
-	    break;
-	}
-    }
-    return value;
-}
-
-
-/*
- * look up or decode a constant value
- */
-char *constLookup(char *bp, CK_ULONG *value, ConstType *type)
-{
-    char vname[512];
-    int i;
-
-    bp = readChars(bp,vname,sizeof(vname));
-
-    for (i=0; i < constCount; i++) {
-	if ((PL_strcasecmp(consts[i].name,vname) == 0) ||
-		PL_strcasecmp(consts[i].name+5,vname) == 0) {
-	    *value = consts[i].value;
-	    *type = consts[i].type;
-	    return bp;
-	}
-    }
-
-    *type = ConstNone;
-    if (vname[0] == '0' && vname[1] == 'X') {
-	*value = htoi(&vname[2]);
-    } else if (vname[0] == '0') {
-	*value = otoi(&vname[1]);
-    } else {
-    	*value = atoi(vname);
-    }
-    return bp;
-}
-
-int ArgSize(ArgType type)
-{
-	int size=0;
-	type &= ArgMask;
-
-	switch (type) {
-    	case ArgNone:
-	    size = 0;
-	    break;
-    	case ArgULong:
-	    size = sizeof(CK_ULONG);
-	    break;
-    	case ArgVar:
-	    size = 1; /* get's changed later */
-	    break;
-    	case ArgChar:
-    	case ArgUTF8:
-	    size = 1;
-	    break;
-    	case ArgInfo:
-	    size = sizeof(CK_INFO);
-	    break;
-    	case ArgSlotInfo:
-	    size = sizeof(CK_SLOT_INFO);
-	    break;
-    	case ArgTokenInfo:
-	    size = sizeof(CK_TOKEN_INFO);
-	    break;
-    	case ArgSessionInfo:
-	    size = sizeof(CK_SESSION_INFO);
-	    break;
-    	case ArgAttribute:
-	    size = sizeof(CK_ATTRIBUTE);
-	    break;
-    	case ArgMechanism:
-	    size = sizeof(CK_MECHANISM);
-	    break;
-    	case ArgMechanismInfo:
-	    size = sizeof(CK_MECHANISM_INFO);
-	    break;
-	case ArgInitializeArgs:
-	    size = sizeof(CK_C_INITIALIZE_ARGS);
-	    break;
-	case ArgFunctionList:
-	    size = sizeof(CK_FUNCTION_LIST);
-	    break;
-	default:
-	    break;
-	}
-
-	return (size);
-}
-
-CK_RV
-restore(char *filename,Value *ptr)
-{
-    int fd,size;
-
-    fd = open(filename,O_RDONLY|O_BINARY);
-    if (fd < 0) {
-	perror(filename);
-	return CKR_FUNCTION_FAILED;
-    }
-
-    size = read(fd,ptr->data,ptr->size);
-    if (systemFlags & FLAG_VerifyFile) {
-	printDump(ptr->data,ptr->size);
-    }
-    if (size < 0) {
-	perror(filename);
-	return CKR_FUNCTION_FAILED;
-    } else if (size != ptr->size) {
-	fprintf(stderr,"%s: only read %d bytes, needed to read %d bytes\n",
-			filename,size,ptr->size);
-	return CKR_FUNCTION_FAILED;
-    }
-    close(fd);
-    return CKR_OK;
-}
-
-CK_RV
-save(char *filename,Value *ptr)
-{
-    int fd,size;
-
-    fd = open(filename,O_WRONLY|O_BINARY|O_CREAT,0666);
-    if (fd < 0) {
-	perror(filename);
-	return CKR_FUNCTION_FAILED;
-    }
-
-    size = write(fd,ptr->data,ptr->size);
-    if (size < 0) {
-	perror(filename);
-	return CKR_FUNCTION_FAILED;
-    } else if (size != ptr->size) {
-	fprintf(stderr,"%s: only wrote %d bytes, need to write %d bytes\n",
-			filename,size,ptr->size);
-	return CKR_FUNCTION_FAILED;
-    }
-    close(fd);
-    return CKR_OK;
-}
-
-CK_RV printArg(Value *ptr,int arg_number)
-{
-    ArgType type = ptr->type & ArgMask;
-    CK_INFO *info;
-    CK_SLOT_INFO    *slotInfo;
-    CK_TOKEN_INFO   *tokenInfo;
-    CK_SESSION_INFO *sessionInfo;
-    CK_ATTRIBUTE    *attribute;
-    CK_MECHANISM    *mechanism;
-    CK_MECHANISM_INFO    *mechanismInfo;
-    CK_C_INITIALIZE_ARGS *initArgs;
-    CK_FUNCTION_LIST *functionList;
-    CK_RV ckrv = CKR_OK;
-    ConstType constType;
-
-    if (arg_number) {
-	printf("Arg %d: \n",arg_number);
-    }
-    if (ptr->arraySize > 1) {
-	Value element;
-	int i;
-	int elementSize = ptr->size/ptr->arraySize;
-	char *dp = (char *)ptr->data;
-
-	/* build a temporary Value to hold a single element */
-	element.type = type;
-	element.constType = ptr->constType;
-	element.size = elementSize;
-	element.filename = ptr->filename;
-	element.reference = 1;
-	element.arraySize = 1;
-	for (i=0; i < ptr->arraySize; i++) {
-	    printf(" -----[ %d ] -----\n", i);
-	    element.data = (void *) &dp[i*elementSize];
-	    (void) printArg(&element, 0);
-	}
-	return ckrv;
-    }
-    if (ptr->data == NULL) {
-	printf(" NULL ptr to a %s\n", valueString[type]);
-	return ckrv;
-    }
-    switch (type) {
-    case ArgNone:
-	printf(" None\n");
-	break;
-    case ArgULong:
-	printf(" %lu (0x%lx)\n", *((CK_ULONG *)ptr->data),
-			*((CK_ULONG *)ptr->data));
-	if (ptr->constType != ConstNone) {
-	    printf(" ");
-	    printConst(*(CK_ULONG *)ptr->data,ptr->constType,1);
-	}
-	break;
-    case ArgVar:
-	printf(" Variable.....error\n");
-	ckrv = CKR_ARGUMENTS_BAD;
-	break;
-    case ArgUTF8:
-	printf(" %s\n",(char *)ptr->data);
-	break;
-    case ArgChar:
-	printDump(ptr->data,ptr->size);
-	break;
-    case ArgInfo:
-#define VERSION(x) (x).major, (x).minor
-	info = (CK_INFO *)ptr->data;
-	printf(" Cryptoki Version: %d.%02d\n",
-		VERSION(info->cryptokiVersion));
-	printf(" Manufacturer ID: ");
-	printChars(info->manufacturerID,sizeof(info->manufacturerID));
-	printFlags(" Flags: ", info->flags, ConstInfoFlags);
-	printf(" Library Description: ");
-	printChars(info->libraryDescription,sizeof(info->libraryDescription));
-	printf(" Library Version: %d.%02d\n",
-		VERSION(info->libraryVersion));
-	break;
-    case ArgSlotInfo:
-	slotInfo = (CK_SLOT_INFO *)ptr->data;
-	printf(" Slot Description: ");
-	printChars(slotInfo->slotDescription,sizeof(slotInfo->slotDescription));
-	printf(" Manufacturer ID: ");
-	printChars(slotInfo->manufacturerID,sizeof(slotInfo->manufacturerID));
-	printFlags(" Flags: ", slotInfo->flags, ConstSlotFlags);
-	printf(" Hardware Version: %d.%02d\n",
-		VERSION(slotInfo->hardwareVersion));
-	printf(" Firmware Version: %d.%02d\n",
-		VERSION(slotInfo->firmwareVersion));
-	break;
-    case ArgTokenInfo:
-	tokenInfo = (CK_TOKEN_INFO *)ptr->data;
-	printf(" Label: %s\n",tokenInfo->label);
-	printf(" Manufacturer ID: ");
-	printChars(tokenInfo->manufacturerID,sizeof(tokenInfo->manufacturerID));
-	printf(" Model: ");
-	printChars(tokenInfo->model,sizeof(tokenInfo->model));
-	printf(" Serial Number: ");
-	printChars(tokenInfo->serialNumber,sizeof(tokenInfo->serialNumber));
-	printFlags(" Flags: ", tokenInfo->flags, ConstTokenFlags);
-	printf(" Max Session Count: %lu\n",tokenInfo->ulMaxSessionCount);
-	printf(" Session Count: %lu\n",tokenInfo->ulSessionCount);
-	printf(" RW Session Count: %lu\n",tokenInfo->ulMaxRwSessionCount);
-	printf(" Max Pin Length : %lu\n",tokenInfo->ulMaxPinLen);
-	printf(" Min Pin Length : %lu\n",tokenInfo->ulMinPinLen);
-	printf(" Total Public Memory: %lu\n",
-		tokenInfo->ulTotalPublicMemory);
-	printf(" Free Public Memory: %lu\n",
-		tokenInfo->ulFreePublicMemory);
-	printf(" Total Private Memory: %lu\n",
-		tokenInfo->ulTotalPrivateMemory);
-	printf(" Free Private Memory: %lu\n",
-		tokenInfo->ulFreePrivateMemory);
-	printf(" Hardware Version: %d.%02d\n",
-		VERSION(tokenInfo->hardwareVersion));
-	printf(" Firmware Version: %d.%02d\n",
-		VERSION(tokenInfo->firmwareVersion));
-	printf(" UTC Time: %s\n",tokenInfo->utcTime);
-	break;
-    case ArgSessionInfo:
-	sessionInfo = (CK_SESSION_INFO *)ptr->data;
-	printf(" SlotID: 0x%08lx\n", sessionInfo->slotID);
-	printf(" State: ");
-	printConst(sessionInfo->state, ConstSessionState, 1);
-	printFlags(" Flags: ", sessionInfo->flags, ConstSessionFlags);
-	printf(" Device error: %lu 0x%08lx\n",sessionInfo->ulDeviceError,
-			sessionInfo->ulDeviceError);
-	break;
-    case ArgAttribute:
-	attribute = (CK_ATTRIBUTE *)ptr->data;
-	printf(" Attribute Type: ");
-	printConst(attribute->type, ConstAttribute, 1);
-	printf(" Attribute Data: ");
-	if (attribute->pValue == NULL) {
-	    printf("NULL\n");
-	    printf("Attribute Len: %lu\n",attribute->ulValueLen);
-	} else {
-	    constType = getConstFromAttribute(attribute->type);
-	    if (constType != ConstNone) {
-		CK_ULONG value = (constType == ConstBool) ?
-		    *(CK_BBOOL *)attribute->pValue :
-		    *(CK_ULONG *)attribute->pValue;
-		printConst(value, constType, 1);
-	    } else {
-		printf("\n");
-		printDump(attribute->pValue, attribute->ulValueLen);
-	    }
-	}
-	break;
-    case ArgMechanism:
-	mechanism = (CK_MECHANISM *)ptr->data;
-	printf(" Mechanism Type: ");
-	printConst(mechanism->mechanism, ConstMechanism, 1);
-	printf(" Mechanism Data:\n");
-	printDump(mechanism->pParameter, mechanism->ulParameterLen);
-	break;
-    case ArgMechanismInfo:
-	mechanismInfo = (CK_MECHANISM_INFO *)ptr->data;
-	printf(" Minimum Key Size: %ld\n",mechanismInfo->ulMinKeySize);
-	printf(" Maximum Key Size: %ld\n",mechanismInfo->ulMaxKeySize);
-	printFlags(" Flags: ", mechanismInfo->flags, ConstMechanismFlags);
-	break;
-    case ArgInitializeArgs:
-	initArgs = (CK_C_INITIALIZE_ARGS *)ptr->data;
-	printFlags(" Flags: ", initArgs->flags, ConstInitializeFlags);
-    case ArgFunctionList:
-	functionList = (CK_FUNCTION_LIST *)ptr->data;
-	printf(" Version: %d.%02d\n", VERSION(functionList->version));
-#ifdef notdef
-#undef CK_NEED_ARG_LIST
-#define CK_PKCS11_FUNCTION_INFO(func) \
-	printf(" %s: 0x%08lx\n", #func, (unsigned long) functionList->func );
-#include "pkcs11f.h"
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-#endif
-    default:
-	ckrv = CKR_ARGUMENTS_BAD;
-	break;
-    }
-
-    return ckrv;
-}
-
-
-/*
- * Feeling ambitious? turn this whole thing into lexx yacc parser
- * with full expressions.
- */
-Value **
-parseArgs(int index, char * bp)
-{
-    const Commands *cp = &commands[index];
-    int size = strlen(cp->fname);
-    int i;
-    CK_ULONG value;
-    char vname[512];
-    Value **argList,*possible;
-    ConstType constType;
-
-    /*
-     * skip pass the command
-     */
-    if ((cp->fname[0] == 'C') && (cp->fname[1] == '_') && (bp[1] != '_')) {
-	size -= 2;
-    }
-    bp += size;
-
-    /*
-     * Initialize our argument list
-     */
-    argList = (Value **)malloc(sizeof(Value*)*MAX_ARGS);
-    for (i=0; i < MAX_ARGS; i++) { argList[i] = NULL; }
-
-    /*
-     * Walk the argument list parsing it...
-     */
-    for (i=0 ;i < MAX_ARGS; i++) {
-	ArgType type = cp->args[i] & ArgMask;
-
-        /* strip blanks */
-        bp = strip(bp);
-
-	/* if we hit ArgNone, we've nabbed all the arguments we need */
-	if (type == ArgNone) {
-		break;
-	}
-
-	/* if we run out of space in the line, we weren't given enough
-	 * arguments... */
-	if (*bp == '\0') {
-	    fprintf(stderr,"%s: only %d args found,\n",cp->fname,i);
-	    parseFree(argList);
-	    return NULL;
-	}
-
-	/*
-	 * look up the argument in our variable list first... only 
-	 * exception is the new argument type for set...
-	 */
-	if ((cp->args[i] != (ArgVar|ArgNew)) && 
-			(possible = varLookup(bp,vname,sizeof(vname)))) {
-	   /* ints are only compatible with other ints... all other types
-	    * are interchangeable... */
-	   if (type != ArgVar) { /* ArgVar's match anyone */
-		if ((type == ArgULong) ^ 
-				((possible->type & ArgMask) == ArgULong)) {
-		    fprintf(stderr,"%s: Arg %d incompatible type with <%s>\n",
-				cp->fname,i+1,vname);
-		    parseFree(argList);
-		    return NULL;
-		}
-		/*
-		 * ... that is as long as they are big enough...
-		 */
-		if (ArgSize(type) > possible->size) {
-		    fprintf(stderr,
-	        "%s: Arg %d %s is too small (%d bytes needs to be %d bytes)\n",
-	    		cp->fname,i+1,vname,possible->size,ArgSize(type));
-		    parseFree(argList);
-		    return NULL;
-		}
-	   }
-	
-	   /* everything looks kosher here, use it */	
-	   argList[i] = possible;
-	   possible->reference++;
-
-	   bp = readChars(bp,vname,sizeof(vname));
-	   if (cp->args[i] & ArgOut) {
-		possible->type |= ArgOut;
-	   }
-	   continue;
-	}
-
-	/* create space for our argument */
-	argList[i] = NewValue(type, 1);
-
-        if ((PL_strncasecmp(bp, "null", 4) == 0)  && ((bp[4] == 0) 
-		|| (bp[4] == ' ') || (bp[4] =='\t') || (bp[4] =='\n'))) {
-	    if (cp->args[i] == ArgULong) {
-		fprintf(stderr, "%s: Arg %d CK_ULONG can't be NULL\n",
-	    							cp->fname,i+1);
-		parseFree(argList);
-		return NULL;
-	    }
-	    free(argList[i]->data);
-	    argList[i]->data = NULL;
-	    argList[i]->size = 0;
-	    bp += 4;
-	    if (*bp) bp++;
-	    continue;
-        }
-
-	/* if we're an output variable, we need to add it */
-	if (cp->args[i] & ArgOut) {
-            if (PL_strncasecmp(bp,"file(",5) == 0) {
-	        char filename[512];
-		bp = readChars(bp+5,filename,sizeof(filename));
-		size = strlen(filename);
-	    	if ((size > 0) && (filename[size-1] == ')')) {
-		    filename[size-1] = 0; 
-		}
-		filename[size] = 0; 
-		argList[i]->filename = (char *)malloc(size+1);
-
-		strcpy(argList[i]->filename,filename);
-
-	    	argList[i]->type |= ArgOut|ArgFile;
-		break;
-	    }
-	    bp = AddVariable(bp,&argList[i]);
-	    argList[i]->type |= ArgOut;
-	    continue;
-	} 
-
-        if (PL_strncasecmp(bp, "file(", 5) == 0) {
-	    char filename[512];
-
-	    bp = readChars(bp+5,filename,sizeof(filename));
-	    size = strlen(filename);
-	    if ((size > 0) && (filename[size-1] == ')')) filename[size-1] = 0; 
-
-	    if (restore(filename,argList[i]) != CKR_OK) {
-		parseFree(argList);
-		return NULL;
-	    }
-	    continue;
-	}
-
-	if (PL_strncasecmp(bp, "size(", 5) == 0) {
-	    CK_ULONG *ulong = (CK_ULONG *)argList[i]->data;
-	    char tmpname[512];
-
-	    bp = readChars(bp+5,tmpname,sizeof(tmpname));
-	    size = strlen(tmpname);
-	    if ((size > 0) && (tmpname[size-1] == ')')) tmpname[size-1] = 0; 
-
-	    if (argList[i]->size == sizeof(CK_ULONG) || ulong == NULL) {
-		fprintf(stderr,
-			"%s: size used for non-int argument,\n",cp->fname);
-		parseFree(argList);
-		return NULL;
-	    }
-	    *ulong = 0;
-   	    varLookup(tmpname, vname,sizeof(vname));
-	    if (!possible) {
-		fprintf(stderr,
-			"%s: %s was not found\n",cp->fname, vname);
-		parseFree(argList);
-		return NULL;
-	    }
-	    *ulong = possible->arraySize;
-	    continue;
-	}
-
-	switch (type) {
-    	case ArgULong:
-	     bp = constLookup(bp, &value, &constType);
-	     *(int *)argList[i]->data = value;
-	     argList[i]->constType = constType;
-	     break;
-    	case ArgVar:
-	     free(argList[i]->data);
-	     size = getEnd(bp);
-	     argList[i]->data = (void *)malloc(size);
-	     argList[i]->size = size;
-	     /* fall through */
-    	case ArgInfo:
-    	case ArgSlotInfo:
-    	case ArgTokenInfo:
-    	case ArgSessionInfo:
-    	case ArgAttribute:
-    	case ArgMechanism:
-    	case ArgMechanismInfo:
-    	case ArgInitializeArgs:
-	case ArgUTF8:
-	case ArgChar:
-	     bp = readChars(bp,(char *)argList[i]->data,argList[i]->size);
-    	case ArgNone:
-	default:
-	     break;
-	}
-    }
-
-    return argList;
-}
-
-/* lookup the command in the array */
-int lookup(char *buf)
-{
-    int size,i;
-    int buflen;
-
-    buflen = strlen(buf);
-
-    for ( i = 0; i < commandCount; i++) {
-	size = strlen(commands[i].fname);
-
-	if (size > buflen) {
-	    continue;
-	}
-	if (PL_strncasecmp(buf,commands[i].fname,size) == 0) {
-	    return i;
-	}
-	if (size-2 > buflen) {
-	    continue;
-	}
-	if (commands[i].fname[0] == 'C' && commands[i].fname[1] == '_' &&
-		(PL_strncasecmp(buf,&commands[i].fname[2],size-2) == 0)) {
-	    return i;
-	}
-    }
-    fprintf(stderr,"Can't find command %s\n",buf);
-    return -1;
-}
-
-void
-putOutput(Value **ptr)
-{
-    int i;
-
-    for (i=0; i < MAX_ARGS; i++) {
-	ArgType type;
-
-	if (ptr[i] == NULL) break;
-
-	type  = ptr[i]->type;
-
-	ptr[i]->type &= ArgMask;
-	if (type == ArgNone) {
-	    break;
-	}
-	if (type & ArgOut) {
-	    (void) printArg(ptr[i],i+1);
-	}
-	if (type & ArgFile) {
-	    save(ptr[i]->filename,ptr[i]);
-	    free(ptr[i]->filename);
-	    ptr[i]->filename= NULL; /* paranoia */
-	}
-    }
-}
-	   
-CK_RV unloadModule(Module *module) {
-   
-   if (module->library) {
-	PR_UnloadLibrary(module->library);
-   }
-
-   module->library = NULL;
-   module->functionList = NULL;
-
-   return CKR_OK;
-}
-
-CK_RV loadModule(Module *module, char *library) {
-   PRLibrary *newLibrary;
-   CK_C_GetFunctionList getFunctionList;
-   CK_FUNCTION_LIST *functionList;
-   CK_RV ckrv;
-
-   newLibrary = PR_LoadLibrary(library);
-   if (!newLibrary) {
-	fprintf(stderr,"Couldn't load library %s\n",library);
-	return CKR_FUNCTION_FAILED;
-   }
-   getFunctionList = (CK_C_GetFunctionList) 
-			PR_FindSymbol(newLibrary,"C_GetFunctionList");
-   if (!getFunctionList) {
-	fprintf(stderr,"Couldn't find \"C_GetFunctionList\" in %s\n",library);
-	return CKR_FUNCTION_FAILED;
-   }
-
-   ckrv = (*getFunctionList)(&functionList);
-   if (ckrv != CKR_OK) {
-	return ckrv;
-   }
-   
-   if (module->library) {
-	PR_UnloadLibrary(module->library);
-   }
-
-   module->library = newLibrary;
-   module->functionList = functionList;
-
-   return CKR_OK;
-}
-
-CK_RV run(char *); 
-
-/*
- * Actually dispatch the function... Bad things happen
- * if these don't match the commands array.
- */
-CK_RV do_func(int index, Value **a)
-{
-    int value;
-    static Module module = { NULL, NULL} ;
-    CK_FUNCTION_LIST *func = module.functionList;
-
-    switch (commands[index].fType) {
-    case F_C_Initialize:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Initialize((void *)a[0]->data);
-    case F_C_Finalize:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Finalize((void *)a[0]->data);
-    case F_C_GetInfo:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetInfo((CK_INFO *)a[0]->data);
-    case F_C_GetFunctionList:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetFunctionList((CK_FUNCTION_LIST **)a[0]->data);
-    case F_C_GetSlotList:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetSlotList(*(CK_ULONG *)a[0]->data,
-					(CK_SLOT_ID *)a[1]->data,
-					(CK_LONG *)a[2]->data);
-    case F_C_GetSlotInfo:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetSlotInfo(*(CK_ULONG *)a[0]->data,
-					(CK_SLOT_INFO *)a[1]->data);
-    case F_C_GetTokenInfo:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetTokenInfo(*(CK_ULONG *)a[0]->data,
-					(CK_TOKEN_INFO *)a[1]->data);
-    case F_C_GetMechanismList:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	if (a[1]->data) {
-	    a[1]->constType = ConstMechanism;
-	}
-	return func->C_GetMechanismList(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM_TYPE*)a[1]->data,
-					(CK_ULONG *)a[2]->data);
-    case F_C_GetMechanismInfo:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetMechanismInfo(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data,
-					(CK_MECHANISM_INFO *)a[2]->data);
-    case F_C_InitToken:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_InitToken(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data);
-    case F_C_InitPIN:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_InitPIN(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_SetPIN:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SetPIN(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					*(CK_ULONG *)a[4]->data);
-    case F_C_OpenSession:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_OpenSession(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data,
-					(void *)NULL,
-					(CK_NOTIFY) NULL,
-					(CK_ULONG *)a[2]->data);
-    case F_C_CloseSession:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_CloseSession(*(CK_ULONG *)a[0]->data);
-    case F_C_CloseAllSessions:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_CloseAllSessions(*(CK_ULONG *)a[0]->data);
-    case F_C_GetSessionInfo:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetSessionInfo(*(CK_ULONG *)a[0]->data,
-					(CK_SESSION_INFO *)a[1]->data);
-    case F_C_GetOperationState:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetOperationState(*(CK_ULONG *)a[0]->data,
-					(CK_BYTE *)a[1]->data,
-					(CK_ULONG *)a[2]->data);
-    case F_C_SetOperationState:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SetOperationState(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					*(CK_ULONG *)a[3]->data,
-					*(CK_ULONG *)a[4]->data);
-    case F_C_Login:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Login(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data,
-					(CK_CHAR *)a[2]->data,
-					*(CK_ULONG *)a[3]->data);
-    case F_C_Logout:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Logout(*(CK_ULONG *)a[0]->data);
-    case F_C_CreateObject:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_CreateObject(*(CK_ULONG *)a[0]->data,
-					(CK_ATTRIBUTE *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_ULONG *)a[3]->data);
-    case F_C_CopyObject:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_CopyObject(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[0]->data,
-					(CK_ATTRIBUTE *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_ULONG *)a[3]->data);
-    case F_C_DestroyObject:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DestroyObject(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data);
-    case F_C_GetObjectSize:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetObjectSize(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data,
-					(CK_ULONG *)a[2]->data);
-    case F_C_GetAttributeValue:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetAttributeValue(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data,
-					(CK_ATTRIBUTE *)a[2]->data,
-					*(CK_ULONG *)a[3]->data);
-    case F_C_SetAttributeValue:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SetAttributeValue(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data,
-					(CK_ATTRIBUTE *)a[2]->data,
-					*(CK_ULONG *)a[3]->data);
-    case F_C_FindObjectsInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_FindObjectsInit(*(CK_ULONG *)a[0]->data,
-					(CK_ATTRIBUTE *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_FindObjects:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_FindObjects(*(CK_ULONG *)a[0]->data,
-					(CK_ULONG *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_ULONG *)a[3]->data);
-    case F_C_FindObjectsFinal:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_FindObjectsFinal(*(CK_ULONG *)a[0]->data);
-    case F_C_EncryptInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_EncryptInit(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_Encrypt:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Encrypt(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_EncryptUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_EncryptUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_EncryptFinal:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_EncryptFinal(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					(CK_ULONG *)a[2]->data);
-    case F_C_DecryptInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DecryptInit(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_Decrypt:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Decrypt(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_DecryptUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DecryptUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_DecryptFinal:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DecryptFinal(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					(CK_ULONG *)a[2]->data);
-    case F_C_DigestInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DigestInit(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data);
-    case F_C_Digest:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Digest(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_DigestUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DigestUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_DigestKey:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DigestKey(*(CK_ULONG *)a[0]->data,
-					*(CK_ULONG *)a[1]->data);
-    case F_C_DigestFinal:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DigestFinal(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					(CK_ULONG *)a[2]->data);
-    case F_C_SignInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SignInit(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_Sign:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Sign(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_SignUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SignUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_SignFinal:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SignFinal(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					(CK_ULONG *)a[2]->data);
-
-    case F_C_SignRecoverInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SignRecoverInit(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_SignRecover:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SignRecover(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_VerifyInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_VerifyInit(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_Verify:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_Verify(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					*(CK_ULONG *)a[4]->data);
-    case F_C_VerifyUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_VerifyUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_VerifyFinal:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_VerifyFinal(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-
-    case F_C_VerifyRecoverInit:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_VerifyRecoverInit(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_VerifyRecover:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_VerifyRecover(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_DigestEncryptUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DigestEncryptUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_DecryptDigestUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DecryptDigestUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_SignEncryptUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SignEncryptUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_DecryptVerifyUpdate:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DecryptVerifyUpdate(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_GenerateKey:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GenerateKey(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					(CK_ATTRIBUTE *)a[2]->data,
-					*(CK_ULONG *)a[3]->data,
-					(CK_ULONG *)a[4]->data);
-    case F_C_GenerateKeyPair:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GenerateKeyPair(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					(CK_ATTRIBUTE *)a[2]->data,
-					*(CK_ULONG *)a[3]->data,
-					(CK_ATTRIBUTE *)a[4]->data,
-					*(CK_ULONG *)a[5]->data,
-					(CK_ULONG *)a[6]->data,
-					(CK_ULONG *)a[7]->data);
-    case F_C_WrapKey:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_WrapKey(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					*(CK_ULONG *)a[3]->data,
-					(CK_CHAR *)a[5]->data,
-					(CK_ULONG *)a[6]->data);
-    case F_C_UnwrapKey:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_UnwrapKey(*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_CHAR *)a[3]->data,
-					*(CK_ULONG *)a[4]->data,
-					(CK_ATTRIBUTE *)a[5]->data,
-					*(CK_ULONG *)a[6]->data,
-					(CK_ULONG *)a[7]->data);
-    case F_C_DeriveKey:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_DeriveKey (*(CK_ULONG *)a[0]->data,
-					(CK_MECHANISM *)a[1]->data,
-					*(CK_ULONG *)a[2]->data,
-					(CK_ATTRIBUTE *)a[3]->data,
-					*(CK_ULONG *)a[4]->data,
-					(CK_ULONG *)a[5]->data);
-    case F_C_SeedRandom:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_SeedRandom(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_GenerateRandom:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GenerateRandom(*(CK_ULONG *)a[0]->data,
-					(CK_CHAR *)a[1]->data,
-					*(CK_ULONG *)a[2]->data);
-    case F_C_GetFunctionStatus:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_GetFunctionStatus(*(CK_ULONG *)a[0]->data);
-    case F_C_CancelFunction:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_CancelFunction(*(CK_ULONG *)a[0]->data);
-    case F_C_WaitForSlotEvent:
-	if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	return func->C_WaitForSlotEvent(*(CK_ULONG *)a[0]->data,
-					(CK_ULONG *)a[1]->data,
-					(void *)a[2]->data);
-    /* set a variable */
-    case F_SetVar:	
-	(void) DeleteVariable(a[0]->data);
-	(void) AddVariable(a[0]->data,&a[1]);
-	return CKR_OK;
-    /* print a value */
-    case F_Print:
-	return printArg(a[0],0);
-    case F_SaveVar:
-	return save(a[0]->data,a[1]);
-    case F_RestoreVar:
-	return restore(a[0]->data,a[1]);
-    case F_Delete:
-	return DeleteVariable(a[0]->data);
-    case F_List:
-	return list();
-    case F_Run:
-	return run(a[0]->data);
-    case F_Load:
-	return loadModule(&module,a[0]->data);
-    case F_Unload:
-	return unloadModule(&module);
-    case F_NewArray:
-	(void) DeleteVariable(a[0]->data);
-	return ArrayVariable(a[0]->data,a[1]->data,*(CK_ULONG *)a[2]->data);
-    case F_NewTemplate:
-	(void) DeleteVariable(a[0]->data);
-	return ArrayTemplate(a[0]->data,a[1]->data);
-    case F_BuildTemplate:
-	return BuildTemplate(a[0]);
-    case F_SetTemplate:
-	return SetTemplate(a[0],
-		*(CK_ULONG *)a[1]->data,
-		*(CK_ULONG *)a[2]->data);
-    case F_NewMechanism:
-	(void) DeleteVariable(a[0]->data);
-	return NewMechanism(a[0]->data,*(CK_ULONG *)a[1]->data);
-    case F_System:
-        value = *(int *)a[0]->data;
-	if (value & 0x80000000) {
-	    systemFlags &= ~value;
-	} else {
-	    systemFlags |= value;
-	}
-	return CKR_OK;
-    case F_Quit:
-	return 0x80000000;
-    default:
-	fprintf(stderr,
-		"Function %s not yet supported\n",commands[index].fname );
-	return CKR_OK;
-    }
-    /* Not Reached */
-    return CKR_OK;
-}
-
-
-CK_RV process(FILE *inFile,int user)
-{
-    char buf[2048];
-    Value **arglist;
-    CK_RV error;
-    CK_RV ckrv = CKR_OK;
-
-    if (user) { printf("pkcs11> "); fflush(stdout); }
-
-    while (fgets(buf,2048,inFile) != NULL) {
-	int index;
-	char *bp;
-
-	if (!user) printf("* %s",buf);
-	bp = strip(buf);
-	/* allow comments in scripts */
-	if (*bp == '#') {
-	    if (user) { printf("pkcs11> "); fflush(stdout); }
-	    continue;
-	}
-
-
-	index = lookup(bp);
-
-	if (index < 0) {
-	    if (user) { printf("pkcs11> "); fflush(stdout); }
-	    continue;
-	}
-
-	arglist = parseArgs(index,bp);
-	if (arglist == NULL) {
-	    if (user) { printf("pkcs11> "); fflush(stdout); }
-	    continue;
-	}
-
-	error = do_func(index,arglist);
-	if (error == 0x80000000) {
-	    parseFree(arglist);
-	    break;
-	}
-	if (error) {
-	    ckrv = error;
-	    printf(">> Error : ");
-		printConst(error, ConstResult, 1);
-	}
-
-	putOutput(arglist);
-
-	parseFree(arglist);
-
-	if (user) { printf("pkcs11> "); fflush(stdout); }
-    }
-    return ckrv;
-}
-
-CK_RV  run(char *filename) 
-{
-    FILE *infile;
-    CK_RV ckrv;
-
-    infile = fopen(filename,"r");
-
-    if (infile == NULL) {
-	perror(filename);
-	return CKR_FUNCTION_FAILED;
-    }
-
-    ckrv = process(infile, 0);
-
-    fclose(infile);
-    return ckrv;
-}
-
-int
-main(int argc, char **argv)
-{
-    /* I suppose that some day we could parse some arguments */
-    (void) process(stdin, 1);
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/cmd/pk11util/pk11util.h
+++ /dev/null
@@ -1,144 +0,0 @@
-
-/*
- * Supported functions..
- */
-#include <pkcs11.h>
-#include "nspr.h"
-#include "prtypes.h"
-
-typedef enum {
-    F_No_Function,
-#undef CK_NEED_ARG_LIST
-#define CK_PKCS11_FUNCTION_INFO(func) F_##func,
-#include "pkcs11f.h"
-#undef CK_NEED_ARG_LISt
-#undef CK_PKCS11_FUNCTION_INFO
-    F_SetVar,
-    F_NewArray,
-    F_NewTemplate,
-    F_NewMechanism,
-    F_BuildTemplate,
-    F_SetTemplate,
-    F_Print,
-    F_SaveVar,
-    F_RestoreVar,
-    F_Delete,
-    F_List,
-    F_Run,
-    F_Load,
-    F_Unload,
-    F_System,
-    F_Quit,
-} FunctionType;
-
-/*
- * Supported Argument Types
- */
-typedef enum {
-    ArgNone,
-    ArgVar,
-    ArgULong,
-    ArgChar,
-    ArgUTF8,
-    ArgInfo,
-    ArgSlotInfo,
-    ArgTokenInfo,
-    ArgSessionInfo,
-    ArgAttribute,
-    ArgMechanism,
-    ArgMechanismInfo,
-    ArgInitializeArgs,
-    ArgFunctionList,
-/* Modifier Flags */
-    ArgMask = 0xff,
-    ArgOut = 0x100,
-    ArgArray = 0x200,
-    ArgNew = 0x400,
-    ArgFile = 0x800,
-} ArgType;
-
-typedef enum _constType
-{
-    ConstNone,
-    ConstBool,
-    ConstInfoFlags,
-    ConstSlotFlags,
-    ConstTokenFlags,
-    ConstSessionFlags,
-    ConstMechanismFlags,
-    ConstInitializeFlags,
-    ConstUsers,
-    ConstSessionState,
-    ConstObject,
-    ConstHardware,
-    ConstKeyType,
-    ConstCertType,
-    ConstAttribute,
-    ConstMechanism,
-    ConstResult,
-    ConstTrust
-} ConstType;
-
-typedef struct _constant {
-    const char *name;
-    CK_ULONG value;
-    ConstType type;
-    ConstType attrType;
-} Constant ;
-
-/*
- * Values structures.
- */
-typedef struct _values {
-    ArgType	type;
-    ConstType	constType;
-    int		size;
-    char	*filename;
-    void	*data;
-    int 	reference;
-    int		arraySize;
-} Value;
-
-/*
- * Variables
- */
-typedef struct _variable Variable;
-struct _variable {
-    Variable *next;
-    char *vname;
-    Value *value;
-};
-
-/* NOTE: if you change MAX_ARGS, you need to change the commands array
- * below as well.
- */
-
-#define MAX_ARGS 10
-/*
- * structure for master command array
- */
-typedef struct _commands {
-    char	*fname;
-    FunctionType	fType;
-    ArgType	args[MAX_ARGS];
-} Commands;
-
-typedef struct _module {
-    PRLibrary *library;
-    CK_FUNCTION_LIST *functionList;
-} Module;
-
-
-/*
- * the command array itself. Make name to function and it's arguments
- */
-
-extern const char **valueString;
-extern const int valueCount;
-extern const char **constTypeString;
-extern const int constTypeCount;
-extern const Constant *consts;
-extern const int constCount;
-extern const Commands *commands;
-extern const int commandCount;
-
--- a/security/nss/cmd/symkeyutil/symkeyutil.c
+++ b/security/nss/cmd/symkeyutil/symkeyutil.c
@@ -49,41 +49,27 @@
  *  7) Use asymetric keys to wrap and unwrap keys.
  *  8) Derive.
  *  9) PBE keys.
  */
 
 #include <stdio.h>
 #include <string.h>
 
-#if defined(WIN32)
-#include "io.h"
-#endif
-
 #include "secutil.h"
 
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
 #include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
 
 #include "pk11func.h"
 #include "secasn1.h"
 #include "cert.h"
 #include "cryptohi.h"
 #include "secoid.h"
 #include "certdb.h"
 #include "nss.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
 
 typedef struct _KeyTypes {
     CK_KEY_TYPE	keyType;
     CK_MECHANISM_TYPE mechType;
     CK_MECHANISM_TYPE wrapMech;
     char *label;
 } KeyTypes;
 
@@ -114,81 +100,77 @@ static KeyTypes keyArray[] = {
     { CKK_JUNIPER, CKM_JUNIPER_CBC128, CKM_JUNIPER_WRAP, "juniper" },
     { CKK_CDMF, CKM_CDMF_CBC, CKM_CDMF_ECB, "cdmf" },
     { CKK_AES, CKM_AES_CBC, CKM_AES_ECB, "aes" },
 };
 
 static int keyArraySize = sizeof(keyArray)/sizeof(keyArray[0]);
 
 int
-GetLen(int fd)
+GetLen(PRFileDesc* fd)
 {
-    struct stat buf;
-    int ret;
+    PRFileInfo info;
 
-    ret = fstat(fd,&buf);
-    if (ret < 0) return ret;
+    if (PR_SUCCESS != PR_GetOpenFileInfo(fd, &info)) {
+        return -1;
+    }
 
-    return buf.st_size;
+    return info.size;
 }
 
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
 int
 ReadBuf(char *inFile, SECItem *item)
 {
     int len;
     int ret;
-    int fd = open(inFile, O_RDONLY|O_BINARY);
-    if (fd < 0) {
-	perror(inFile);
+    PRFileDesc* fd = PR_Open(inFile, PR_RDONLY, 0);
+    if (NULL == fd) {
+        SECU_PrintError("symkeyutil", "PR_Open failed");
 	return -1;
     }
 
     len = GetLen(fd);
     if (len < 0) {
-	perror(inFile);
+	SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed");
 	return -1;
     }
     item->data = (unsigned char *)PORT_Alloc(len);
     if (item->data == NULL) {
 	fprintf(stderr,"Failed to allocate %d to read file %s\n",len,inFile);
 	return -1;
     }
 
-    ret = read(fd,item->data,item->len);
+    ret = PR_Read(fd,item->data,item->len);
     if (ret < 0) {
+	SECU_PrintError("symkeyutil", "PR_Read failed");
 	PORT_Free(item->data);
 	item->data = NULL;
-	perror(inFile);
 	return -1;
     }
-    close(fd);
+    PR_Close(fd);
     item->len = len;
     return 0;
 }
 
 int
 WriteBuf(char *inFile, SECItem *item)
 {
     int ret;
-    int fd = open(inFile, O_WRONLY|O_CREAT|O_BINARY);
-    if (fd < 0) {
-	perror(inFile);
+    PRFileDesc* fd = PR_Open(inFile, PR_WRONLY|PR_CREATE_FILE, 0x200);
+    if (NULL == fd) {
+        SECU_PrintError("symkeyutil", "PR_Open failed");
 	return -1;
     }
 
-    ret = write(fd,item->data,item->len);
+    ret = PR_Write(fd,item->data,item->len);
     if (ret < 0) {
-	perror(inFile);
+	SECU_PrintError("symkeyutil", "PR_Write failed");
 	return -1;
     }
-    close(fd);
+    PR_Close(fd);
     return 0;
 }
 
 CK_KEY_TYPE
 GetKeyTypeFromString(const char *keyString)
 {
     int i;
     for (i=0; i < keyArraySize; i++) {
@@ -1007,17 +989,17 @@ main(int argc, char **argv)
 	rv = PK11_WrapSymKey(mechanism, NULL,  wrapKey, symKey, &data);
 	PK11_FreeSymKey(symKey);
 	PK11_FreeSymKey(wrapKey);
 	if (rv != SECSuccess) {
 	    PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n",progName);
 	    goto shutdown;
 	}
 
-	/* WriteBuf outputs it's own error using Perror */
+	/* WriteBuf outputs it's own error using SECU_PrintError */
 	ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data);
 	if (ret < 0) {
 	    goto shutdown;
 	}
     }
 
     if (symKeyUtil.commands[cmd_ImportKey].activated) {
 	PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType,
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -702,16 +702,17 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava)
 	*/
 	while (((avaValue->data[maxLen] & 0xc0) == 0x80) && maxLen > 0) {
 	   maxLen--;
 	}
 	/* add elipsis to signify truncation. */
 	avaValue->data[maxLen++] = '.'; 
 	avaValue->data[maxLen++] = '.';
 	avaValue->data[maxLen++] = '.';
+	avaValue->data[maxLen]   = 0;
 	avaValue->len = maxLen;
     }
 
     len = PORT_Strlen(tagName);
     if (len+1 > sizeof(tmpBuf)) {
 	if (unknownTag) PR_smprintf_free(unknownTag);
 	SECITEM_FreeItem(avaValue, PR_TRUE);
 	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -723,17 +724,17 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava)
     
     /* escape and quote as necessary - don't quote hex strings */
     if (hexValue) {
         /* appent avaValue to tmpBuf */
 	if (avaValue->len + len + 1 > sizeof tmpBuf) {
 	    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	    rv = SECFailure;
     	} else {
-	    PORT_Strcpy(tmpBuf+len, (char *)avaValue->data);
+	    PORT_Strncpy(tmpBuf+len, (char *)avaValue->data, avaValue->len + 1);
 	    rv = SECSuccess;
 	}
     } else 
 	rv = CERT_RFC1485_EscapeAndQuote(tmpBuf+len, sizeof(tmpBuf)-len, 
 		    		     (char *)avaValue->data, avaValue->len);
     SECITEM_FreeItem(avaValue, PR_TRUE);
     if (rv) return SECFailure;
     
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1331,30 +1331,17 @@ CERT_AddOKDomainName(CERTCertificate *ce
 ** returns SECFailure with SSL_ERROR_BAD_CERT_DOMAIN if no match,
 ** returns SECFailure with some other error code if another error occurs.
 **
 ** may modify cn, so caller must pass a modifiable copy.
 */
 static SECStatus
 cert_TestHostName(char * cn, const char * hn)
 {
-    char * hndomain;
-    int    regvalid;
-
-    if ((hndomain = PORT_Strchr(hn, '.')) == NULL) {
-	/* No domain in URI host name */
-	char * cndomain;
-	if ((cndomain = PORT_Strchr(cn, '.')) != NULL &&
-	    (cndomain - cn) > 0) {
-	    /* there is a domain in the cn string, so chop it off */
-	    *cndomain = '\0';
-	}
-    }
-
-    regvalid = PORT_RegExpValid(cn);
+    int regvalid = PORT_RegExpValid(cn);
     if (regvalid != NON_SXP) {
 	SECStatus rv;
 	/* cn is a regular expression, try to match the shexp */
 	int match = PORT_RegExpCaseSearch(hn, cn);
 
 	if ( match == 0 ) {
 	    rv = SECSuccess;
 	} else {
@@ -1365,23 +1352,16 @@ cert_TestHostName(char * cn, const char 
     } 
     /* cn is not a regular expression */
 
     /* compare entire hn with cert name */
     if (PORT_Strcasecmp(hn, cn) == 0) {
 	return SECSuccess;
     }
 	    
-    if ( hndomain ) {
-	/* compare just domain name with cert name */
-	if ( PORT_Strcasecmp(hndomain+1, cn) == 0 ) {
-	    return SECSuccess;
-	}
-    }
-
     PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
     return SECFailure;
 }
 
 
 SECStatus
 cert_VerifySubjectAltName(CERTCertificate *cert, const char *hn)
 {
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -70,34 +70,36 @@ const SEC_ASN1Template CERT_NameConstrai
 const SEC_ASN1Template CERT_NameConstraintSubtreeExcludedTemplate[] = {
     { SEC_ASN1_CONTEXT_SPECIFIC | 1, 0, CERT_NameConstraintSubtreeSubTemplate }
 };
 
 
 static const SEC_ASN1Template CERTNameConstraintsTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraints) },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, 
-          offsetof(CERTNameConstraints, DERPermited), CERT_NameConstraintSubtreeSubTemplate},
+          offsetof(CERTNameConstraints, DERPermited), 
+	  CERT_NameConstraintSubtreeSubTemplate},
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, 
-          offsetof(CERTNameConstraints, DERExcluded), CERT_NameConstraintSubtreeSubTemplate},
+          offsetof(CERTNameConstraints, DERExcluded), 
+	  CERT_NameConstraintSubtreeSubTemplate},
     { 0, }
 };
 
 
 static const SEC_ASN1Template CERTOthNameTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(OtherName) },
     { SEC_ASN1_OBJECT_ID, 
 	  offsetof(OtherName, oid) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
           offsetof(OtherName, name), SEC_AnyTemplate },
     { 0, } 
 };
 
 static const SEC_ASN1Template CERTOtherNameTemplate[] = {
-    { SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0 ,
       offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate, 
       sizeof(CERTGeneralName) }
 };
 
 static const SEC_ASN1Template CERTOtherName2Template[] = {
     { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
       0, NULL, sizeof(CERTGeneralName) },
     { SEC_ASN1_OBJECT_ID,
@@ -115,30 +117,30 @@ static const SEC_ASN1Template CERT_RFC82
 
 static const SEC_ASN1Template CERT_DNSNameTemplate[] = {
     { SEC_ASN1_CONTEXT_SPECIFIC | 2 ,
           offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
           sizeof (CERTGeneralName)}
 };
 
 static const SEC_ASN1Template CERT_X400AddressTemplate[] = {
-    { SEC_ASN1_CONTEXT_SPECIFIC | 3,
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 3,
           offsetof(CERTGeneralName, name.other), SEC_AnyTemplate,
           sizeof (CERTGeneralName)}
 };
 
 static const SEC_ASN1Template CERT_DirectoryNameTemplate[] = {
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 4,
           offsetof(CERTGeneralName, derDirectoryName), SEC_AnyTemplate,
           sizeof (CERTGeneralName)}
 };
 
 
 static const SEC_ASN1Template CERT_EDIPartyNameTemplate[] = {
-    { SEC_ASN1_CONTEXT_SPECIFIC | 5,
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 5,
           offsetof(CERTGeneralName, name.other), SEC_AnyTemplate,
           sizeof (CERTGeneralName)}
 };
 
 static const SEC_ASN1Template CERT_URITemplate[] = {
     { SEC_ASN1_CONTEXT_SPECIFIC | 6 ,
           offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
           sizeof (CERTGeneralName)}
--- a/security/nss/lib/certdb/polcyxtn.c
+++ b/security/nss/lib/certdb/polcyxtn.c
@@ -173,17 +173,17 @@ CERT_DecodeCertificatePoliciesExtension(
     }
 
     /* initialize the oid tags */
     policyInfos = policies->policyInfos;
     while (*policyInfos != NULL ) {
 	policyInfo = *policyInfos;
 	policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
 	policyQualifiers = policyInfo->policyQualifiers;
-	while ( *policyQualifiers != NULL ) {
+	while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
 	    policyQualifier = *policyQualifiers;
 	    policyQualifier->oid =
 		SECOID_FindOIDTag(&policyQualifier->qualifierID);
 	    policyQualifiers++;
 	}
 	policyInfos++;
     }
 
@@ -411,17 +411,17 @@ CERT_GetCertCommentString(CERTCertificat
     }
 
     policyInfos = policies->policyInfos;
     /* search through policyInfos looking for the verisign policy */
     while (*policyInfos != NULL ) {
 	if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) {
 	    policyQualifiers = (*policyInfos)->policyQualifiers;
 	    /* search through the policy qualifiers looking for user notice */
-	    while ( *policyQualifiers != NULL ) {
+	    while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
 		qualifier = *policyQualifiers;
 		if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) {
 		    retstring =
 			stringFromUserNotice(&qualifier->qualifierValue);
 		    break;
 		}
 
 		policyQualifiers++;
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -509,29 +509,34 @@ seckey_UpdateCertPQGChain(CERTCertificat
 	     (tag != SEC_OID_MISSI_DSS_OLD) &&
              (tag != SEC_OID_MISSI_KEA_DSS) &&
              (tag != SEC_OID_MISSI_DSS) &&               
              (tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
              (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
              (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
              (tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
              (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) {            
-            return SECFailure;
+            rv = SECFailure;
+            goto loser;
         }
     } else {
-        return SECFailure;  /* return failure if oid is NULL */  
+        rv = SECFailure;  /* return failure if oid is NULL */  
+        goto loser;
     }
 
 
     /* at this point the subject cert has no pqg parameters and the
      * issuer cert has a DSA or fortezza public key.  Update the issuer's
      * pqg parameters with a recursive call to this same function. */
 
     rv = seckey_UpdateCertPQGChain(issuerCert, count);
-    if (rv != SECSuccess) return rv;
+    if (rv != SECSuccess) {
+        rv = SECFailure;
+        goto loser;
+    }
 
     /* ensure issuer has pqg parameters */
 
     issuerSpki=&issuerCert->subjectPublicKeyInfo;
     if (issuerSpki->algorithm.parameters.len == 0) {
         rv = SECFailure; 
     }
 
@@ -539,16 +544,20 @@ seckey_UpdateCertPQGChain(CERTCertificat
      * parameters to the subject cert's key. */
 
     if (rv == SECSuccess) {
         rv = SECITEM_CopyItem(subjectCert->arena,
                               &subjectSpki->algorithm.parameters, 
 	   		      &issuerSpki->algorithm.parameters);
     }
 
+loser:
+    if (issuerCert) {
+        CERT_DestroyCertificate(issuerCert);
+    }
     return rv;
 
 }
  
 
 SECStatus
 SECKEY_UpdateCertPQG(CERTCertificate * subjectCert)
 {
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile
+++ b/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile
@@ -58,17 +58,17 @@ EXTRA_LIBS = \
 	$(DIST)/lib/$(LIB_PREFIX)swfci.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
 	$(CRYPTO_LIB) \
 	$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
 	-L$(DIST)/lib \
 	-lplc4 \
 	-lplds4 \
 	-lnspr4 \
-	-lws2_32 \
+	-lwsock32 \
 	-lwinmm \
 	$(NULL)
 else # ! NS_USE_GCC
 EXTRA_LIBS = \
 	$(DIST)/lib/swfci.lib \
 	$(DIST)/lib/softokn.lib \
 	$(CRYPTO_LIB) \
 	$(DIST)/lib/secutil.lib \
deleted file mode 100644
--- a/security/nss/lib/freebl/sparcfix.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is a program to modify v8+vis objects for linking.
- *
- * The Initial Developer of the Original Code is Sun Microsystems Inc.
- * Portions created by Sun Microsystems Inc. are 
- * Copyright (C) 1999-2000 Sun Microsystems Inc. All Rights Reserved.
- * 
- * Contributor(s):
- *	Netscape Communications Corporation
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.	If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *  $Id$
- */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#if defined(SOLARIS2_6) || defined(SOLARIS2_7) || defined(SOLARIS2_8)
-#define NEW_SYSV_SPARC 1
-#include <gelf.h>
-#endif
-#include <libelf.h>
-#include <sys/elf_SPARC.h>
-
-int
-main(int argc, char *argv[])
-{
-	Elf *     elf;
-	off_t     size;
-	int       fd;
-	int       count;
-#if defined(NEW_SYSV_SPARC)
-	GElf_Ehdr  hdr;
-	GElf_Ehdr *ehdr = &hdr;
-#else
-	Elf32_Ehdr *ehdr;
-#endif
-
-
-	elf_version(EV_CURRENT);
-	fd = open(argv[1], O_RDWR);
-	if (fd < 0)
-	    goto loser;
-	elf = elf_begin(fd, ELF_C_RDWR, (Elf *)0);
-	if (!elf)
-	    goto loser;
-
-#if defined(NEW_SYSV_SPARC)
-	gelf_getehdr(elf, ehdr);
-#else
-        ehdr = elf32_getehdr(elf);
-	if (!ehdr)
-	    goto loser;
-#endif
-
-	if (ehdr->e_machine == EM_SPARC32PLUS) {
-	    ehdr->e_machine = EM_SPARC;
-	    ehdr->e_flags &= ~(EF_SPARC_32PLUS | EF_SPARC_SUN_US1);
-#if defined(NEW_SYSV_SPARC)
-	    count = gelf_update_ehdr(elf, ehdr);
-	    if (count < 0)
-		goto loser;
-#endif
-	    size = elf_update(elf, ELF_C_WRITE);
-	    if (size < 0)
-		goto loser;
-	}
-
-	do {
-	    count = elf_end(elf);
-	} while (count > 0);
-	return count;
-
-loser:
-	return 1;
-}
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -44,21 +44,21 @@ SEC_BEGIN_PROTOS
 
 /*
  * NSS's major version, minor version, patch level, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
  */
-#define NSS_VERSION  "3.10 Beta"
+#define NSS_VERSION  "3.9.1"
 #define NSS_VMAJOR   3
-#define NSS_VMINOR   10
-#define NSS_VPATCH   0
-#define NSS_BETA     PR_TRUE
+#define NSS_VMINOR   9
+#define NSS_VPATCH   1
+#define NSS_BETA     PR_FALSE
 
 
 /*
  * Return a boolean that indicates whether the underlying library
  * will perform as the caller expects.
  *
  * The only argument is a string, which should be the verson
  * identifier of the NSS library. That string will be compared
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -4161,16 +4161,17 @@ CERTSignedCrl * crl_storeCRL (PK11SlotIn
 /* import the CRL into the token */
 
 CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url,
     int type, void *wincx, PRInt32 importOptions, PRArenaPool* arena,
     PRInt32 decodeoptions)
 {
     CERTSignedCrl *newCrl, *crl;
     SECStatus rv;
+    CERTCertificate *caCert = NULL;
 
     newCrl = crl = NULL;
 
     do {
         newCrl = CERT_DecodeDERCrlWithFlags(arena, derCRL, type,
                                             decodeoptions);
         if (newCrl == NULL) {
             if (type == SEC_CRL_TYPE) {
@@ -4179,17 +4180,16 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotIn
                     PORT_SetError(SEC_ERROR_CRL_INVALID);
 	        } else {
                 PORT_SetError(SEC_ERROR_KRL_INVALID);
             }
             break;		
         }
 
         if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)){
-            CERTCertificate *caCert;
             CERTCertDBHandle* handle = CERT_GetDefaultCertDB();
             PR_ASSERT(handle != NULL);
             caCert = CERT_FindCertByName (handle,
                                           &newCrl->crl.derName);
             if (caCert == NULL) {
                 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);	    
                 break;
             }
@@ -4215,10 +4215,13 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotIn
 
 	crl = crl_storeCRL(slot, url, newCrl, derCRL, type);
 
     } while (0);
 
     if (crl == NULL) {
 	SEC_DestroyCrl (newCrl);
     }
+    if (caCert) {
+        CERT_DestroyCertificate(caCert);
+    }
     return (crl);
 }
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -4471,16 +4471,21 @@ PK11_DigestOp(PK11Context *context, cons
  */
 SECStatus
 PK11_DigestKey(PK11Context *context, PK11SymKey *key)
 {
     CK_RV crv = CKR_OK;
     SECStatus rv = SECSuccess;
     PK11SymKey *newKey = NULL;
 
+    if (!context || !key) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
     /* if we ran out of session, we need to restore our previously stored
      * state.
      */
     if (context->slot != key->slot) {
 	newKey = pk11_CopyToSlot(context->slot,CKM_SSL3_SHA1_MAC,CKA_SIGN,key);
     } else {
 	newKey = PK11_ReferenceSymKey(key);
     }
@@ -5360,27 +5365,34 @@ PK11_UnwrapPrivKey(PK11SlotInfo *slot, P
     if (wrappingKey->slot != slot) {
 	newKey = pk11_CopyToSlot(slot,wrapType,CKA_WRAP,wrappingKey);
     } else {
 	newKey = PK11_ReferenceSymKey(wrappingKey);
     }
 
     if (newKey) {
 	if (perm) {
+	    /* Get RW Session will either lock the monitor if necessary, 
+	     *  or return a thread safe session handle. */ 
 	    rwsession = PK11_GetRWSession(slot);
 	} else {
 	    rwsession = slot->session;
+	    PK11_EnterSlotMonitor(slot);
 	}
 	crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession, &mechanism, 
 					 newKey->objectID,
 					 wrappedKey->data, 
 					 wrappedKey->len, keyTemplate, 
 					 templateCount, &privKeyID);
 
-	if (perm) PK11_RestoreROSession(slot, rwsession);
+	if (perm) {
+	    PK11_RestoreROSession(slot, rwsession);
+	} else {
+	    PK11_ExitSlotMonitor(slot);
+	}
 	PK11_FreeSymKey(newKey);
     } else {
 	crv = CKR_FUNCTION_NOT_SUPPORTED;
     }
 
     if(ck_id) {
 	SECITEM_FreeItem(ck_id, PR_TRUE);
 	ck_id = NULL;
--- a/security/nss/lib/pkcs7/certread.c
+++ b/security/nss/lib/pkcs7/certread.c
@@ -289,37 +289,32 @@ CERT_CertPackageType(SECItem *package, S
  */
 SECStatus
 CERT_DecodeCertPackage(char *certbuf,
 		       int certlen,
 		       CERTImportCertificateFunc f,
 		       void *arg)
 {
     unsigned char *cp;
-    int seqLen, seqLenLen;
-    int cl;
-    unsigned char *bincert = NULL, *certbegin = NULL, *certend = NULL;
-    unsigned int binLen;
-    char *ascCert = NULL;
-    int asciilen;
-    CERTCertificate *cert;
-    SECItem certitem, oiditem;
-    SECStatus rv;
-    SECOidData *oiddata;
-    SECItem *pcertitem = &certitem;
+    unsigned char *bincert = NULL;
+    char *         ascCert = NULL;
+    SECStatus      rv;
     
     if ( certbuf == NULL ) {
 	return(SECFailure);
     }
     
-    cert = 0;
     cp = (unsigned char *)certbuf;
 
     /* is a DER encoded certificate of some type? */
     if ( ( *cp  & 0x1f ) == SEC_ASN1_SEQUENCE ) {
+	SECItem certitem;
+	SECItem *pcertitem = &certitem;
+	int seqLen, seqLenLen;
+
 	cp++;
 	
 	if ( *cp & 0x80) {
 	    /* Multibyte length */
 	    seqLenLen = cp[0] & 0x7f;
 	    
 	    switch (seqLenLen) {
 	      case 4:
@@ -365,16 +360,18 @@ CERT_DecodeCertPackage(char *certbuf,
 	    /* it had better be a certificate by now!! */
 	    certitem.data = cp;
 	    certitem.len = certlen - ( cp - (unsigned char *)certbuf );
 	    
 	    rv = (* f)(arg, &pcertitem, 1);
 	    
 	    return(rv);
 	} else if ( cp[0] == SEC_ASN1_OBJECT_ID ) {
+	    SECOidData *oiddata;
+	    SECItem oiditem;
 	    /* XXX - assume DER encoding of OID len!! */
 	    oiditem.len = cp[1];
 	    oiditem.data = (unsigned char *)&cp[2];
 	    oiddata = SECOID_FindOID(&oiditem);
 	    if ( oiddata == NULL ) {
 		return(SECFailure);
 	    }
 
@@ -399,20 +396,42 @@ CERT_DecodeCertPackage(char *certbuf,
 	    
 	    rv = (* f)(arg, &pcertitem, 1);
 	    return(rv);
 	}
     }
 
     /* now look for a netscape base64 ascii encoded cert */
 notder:
-    cp = (unsigned char *)certbuf;
+  {
+    unsigned char *certbegin = NULL; 
+    unsigned char *certend   = NULL;
+    char          *pc;
+    int cl;
+
+    /* Convert the ASCII data into a nul-terminated string */
+    ascCert = (char *)PORT_Alloc(certlen + 1);
+    if (!ascCert) {
+        rv = SECFailure;
+	goto loser;
+    }
+
+    PORT_Memcpy(ascCert, certbuf, certlen);
+    ascCert[certlen] = '\0';
+
+    pc = PORT_Strchr(ascCert, '\n');  /* find an EOL */
+    if (!pc) { /* maybe this is a MAC file */
+	pc = ascCert;
+	while (*pc && NULL != (pc = PORT_Strchr(pc, '\r'))) {
+	    *pc++ = '\n';
+	}
+    }
+
+    cp = (unsigned char *)ascCert;
     cl = certlen;
-    certbegin = 0;
-    certend = 0;
 
     /* find the beginning marker */
     while ( cl > sizeof(NS_CERT_HEADER) ) {
 	if ( !PORT_Strncasecmp((char *)cp, NS_CERT_HEADER,
 			     sizeof(NS_CERT_HEADER)-1) ) {
 	    cp = cp + sizeof(NS_CERT_HEADER);
 	    certbegin = cp;
 	    break;
@@ -427,17 +446,16 @@ notder:
 	/* skip all blank lines */
 	while ( ( *cp == '\n') && cl ) {
 	    cp++;
 	    cl--;
 	}
     }
 
     if ( certbegin ) {
-
 	/* find the ending marker */
 	while ( cl > sizeof(NS_CERT_TRAILER) ) {
 	    if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
 				 sizeof(NS_CERT_TRAILER)-1) ) {
 		certend = (unsigned char *)cp;
 		break;
 	    }
 
@@ -451,41 +469,33 @@ notder:
 	    while ( ( *cp == '\n') && cl ) {
 		cp++;
 		cl--;
 	    }
 	}
     }
 
     if ( certbegin && certend ) {
+	unsigned int binLen;
 
-	/* Convert the ASCII data into a nul-terminated string */
-	asciilen = certend - certbegin;
-	ascCert = (char *)PORT_Alloc(asciilen+1);
-	if (!ascCert) {
-	    rv = SECFailure;
-	    goto loser;
-	}
-
-	PORT_Memcpy(ascCert, certbegin, asciilen);
-	ascCert[asciilen] = '\0';
-	
+	*certend = 0;
 	/* convert to binary */
-	bincert = ATOB_AsciiToData(ascCert, &binLen);
+	bincert = ATOB_AsciiToData(certbegin, &binLen);
 	if (!bincert) {
 	    rv = SECFailure;
 	    goto loser;
 	}
 
 	/* now recurse to decode the binary */
 	rv = CERT_DecodeCertPackage((char *)bincert, binLen, f, arg);
 	
     } else {
 	rv = SECFailure;
     }
+  }
 
 loser:
 
     if ( bincert ) {
 	PORT_Free(bincert);
     }
 
     if ( ascCert ) {
--- a/security/nss/lib/softoken/pk11db.c
+++ b/security/nss/lib/softoken/pk11db.c
@@ -35,16 +35,17 @@
  * NSS. This file is written to abstract away how the modules are
  * stored so we can deside that later.
  */
 
 #include "pk11pars.h"
 #include "pkcs11i.h"
 #include "mcom_db.h"
 #include "cdbhdl.h"
+#include "secerr.h"
 
 #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; }
 
 static void
 secmod_parseTokenFlags(char *tmp, pk11_token_parameters *parsed) { 
     parsed->readOnly = pk11_argHasFlag("flags","readOnly",tmp);
     parsed->noCertDB = pk11_argHasFlag("flags","noCertDB",tmp);
     parsed->noKeyDB = pk11_argHasFlag("flags","noKeyDB",tmp);
@@ -505,146 +506,260 @@ loser:
 static void 
 secmod_FreeData(DBT *data)
 {
     if (data->data) {
 	PORT_Free(data->data);
     }
 }
 
+static void
+secmod_FreeSlotStrings(char **slotStrings, int count)
+{
+    int i;
+
+    for (i=0; i < count; i++) {
+	if (slotStrings[i]) {
+	    PR_smprintf_free(slotStrings[i]);
+	    slotStrings[i] = NULL;
+	}
+    }
+}
+
 /*
  * build a module from the data base entry.
  */
 static char *
 secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
 {
     secmodData *encoded;
     secmodSlotData *slots;
-    char *commonName = NULL,*dllName = NULL,*parameters = NULL;
+    PLArenaPool *arena;
+    char *commonName 		= NULL;
+    char *dllName    		= NULL;
+    char *parameters 		= NULL;
+    char *nss;
+    char *moduleSpec;
+    char **slotStrings 		= NULL;
     unsigned char *names;
-    unsigned short len;
     unsigned long slotCount;
-    unsigned short offset;
-    PRBool isOldVersion  = PR_FALSE;
-    PRBool internal, isFIPS, isModuleDB=PR_FALSE, isModuleDBOnly=PR_FALSE;
-    PRBool extended=PR_FALSE;
-    PRBool hasRootCerts=PR_FALSE,hasRootTrust=PR_FALSE;
-    unsigned long trustOrder=PK11_DEFAULT_TRUST_ORDER, 
-				cipherOrder=PK11_DEFAULT_CIPHER_ORDER;
-    unsigned long ssl0=0, ssl1=0;
-    char **slotStrings = NULL;
-    unsigned long slotID,defaultFlags,timeout;
-    char *nss,*moduleSpec;
+    unsigned long ssl0		=0;
+    unsigned long ssl1		=0;
+    unsigned long slotID;
+    unsigned long defaultFlags;
+    unsigned long timeout;
+    unsigned long trustOrder	=PK11_DEFAULT_TRUST_ORDER;
+    unsigned long cipherOrder	=PK11_DEFAULT_CIPHER_ORDER;
+    unsigned short len;
+    unsigned short namesOffset  = 0;	/* start of the names block */
+    unsigned long namesRunningOffset;	/* offset to name we are 
+					 * currently processing */
+    unsigned short slotOffset;
+    PRBool isOldVersion  	= PR_FALSE;
+    PRBool internal;
+    PRBool isFIPS;
+    PRBool isModuleDB    	=PR_FALSE;
+    PRBool isModuleDBOnly	=PR_FALSE;
+    PRBool extended      	=PR_FALSE;
     int i;
 
-    PLArenaPool *arena;
 
     arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
-    if (arena == NULL) return NULL;
+    if (arena == NULL) 
+    	return NULL;
+
+#define CHECK_SIZE(x) \
+    if ((unsigned int) data->size < (unsigned int)(x)) goto db_loser
+
+    /* -------------------------------------------------------------
+    ** Process the buffer header, which is the secmodData struct. 
+    ** It may be an old or new version.  Check the length for each. 
+    */
+
+    CHECK_SIZE( offsetof(secmodData, trustOrder[0]) );
 
     encoded = (secmodData *)data->data;
-    names = (unsigned char *)data->data;
-    offset = SECMOD_GETSHORT(encoded->slotOffset);
-    slots = (secmodSlotData *) (names + offset + 2);
-    slotCount = SECMOD_GETSHORT(names + offset);
-    names += SECMOD_GETSHORT(encoded->nameStart);
+
+    internal = (encoded->internal != 0) ? PR_TRUE: PR_FALSE;
+    isFIPS   = (encoded->fips     != 0) ? PR_TRUE: PR_FALSE;
 
-    * retInternal = internal = (encoded->internal != 0) ? PR_TRUE: PR_FALSE;
-    isFIPS = (encoded->fips != 0) ? PR_TRUE: PR_FALSE;
-    len = SECMOD_GETSHORT(names);
-
+    if (retInternal)
+	*retInternal = internal;
+    if (internal) {
+	parameters = PORT_ArenaStrdup(arena,defParams);
+	if (parameters == NULL) 
+	    goto loser;
+    }
     if (internal && (encoded->major == SECMOD_DB_NOUI_VERSION_MAJOR) &&
  	(encoded->minor <= SECMOD_DB_NOUI_VERSION_MINOR)) {
 	isOldVersion = PR_TRUE;
     }
-
     if ((encoded->major == SECMOD_DB_EXT1_VERSION_MAJOR) &&
 	(encoded->minor >= SECMOD_DB_EXT1_VERSION_MINOR)) {
-	trustOrder = SECMOD_GETLONG(encoded->trustOrder);
-	cipherOrder = SECMOD_GETLONG(encoded->cipherOrder);
-	isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE;
+	CHECK_SIZE( sizeof(secmodData));
+	trustOrder     = SECMOD_GETLONG(encoded->trustOrder);
+	cipherOrder    = SECMOD_GETLONG(encoded->cipherOrder);
+	isModuleDB     = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE;
 	isModuleDBOnly = (encoded->isModuleDBOnly != 0) ? PR_TRUE: PR_FALSE;
-	extended = PR_TRUE;
+	extended       = PR_TRUE;
     } 
-
     if (internal && !extended) {
 	trustOrder = 0;
 	cipherOrder = 100;
     }
+    /* decode SSL cipher enable flags */
+    ssl0 = SECMOD_GETLONG(encoded->ssl);
+    ssl1 = SECMOD_GETLONG(encoded->ssl + 4);
 
-    /* decode the common name */
-    commonName = (char*)PORT_ArenaAlloc(arena,len+1);
-    if (commonName == NULL) {
-	PORT_FreeArena(arena,PR_TRUE);
-	return NULL;
-    }
-    PORT_Memcpy(commonName,&names[2],len);
-    commonName[len] = 0;
+    slotOffset  = SECMOD_GETSHORT(encoded->slotOffset);
+    namesOffset = SECMOD_GETSHORT(encoded->nameStart);
+
+
+    /*--------------------------------------------------------------
+    ** Now process the variable length set of names.                
+    ** The names have this structure:
+    ** struct {
+    **     BYTE  commonNameLen[ 2 ];
+    **     BYTE  commonName   [ commonNameLen ];
+    **     BTTE  libNameLen   [ 2 ];
+    **     BYTE  libName      [ libNameLen ];
+    ** If it is "extended" it also has these members:
+    **     BYTE  initStringLen[ 2 ];
+    **     BYTE  initString   [ initStringLen ];
+    ** }
+    */
 
-    /* decode the DLL name */
-    names += len+2;
-    len = SECMOD_GETSHORT(names);
+    namesRunningOffset = namesOffset;
+    /* copy the module's common name */
+    CHECK_SIZE( namesRunningOffset + 2);
+    names = (unsigned char *)data->data;
+    len   = SECMOD_GETSHORT(names+namesRunningOffset);
+
+    CHECK_SIZE( namesRunningOffset + 2 + len);
+    commonName = (char*)PORT_ArenaAlloc(arena,len+1);
+    if (commonName == NULL) 
+	goto loser;
+    PORT_Memcpy(commonName, names + namesRunningOffset + 2, len);
+    commonName[len] = 0;
+    namesRunningOffset += len + 2;
+
+    /* copy the module's shared library file name. */
+    CHECK_SIZE( namesRunningOffset + 2);
+    len = SECMOD_GETSHORT(names + namesRunningOffset);
     if (len) {
+	CHECK_SIZE( namesRunningOffset + 2 + len);
 	dllName = (char*)PORT_ArenaAlloc(arena,len + 1);
-	if (dllName == NULL) {
-	    PORT_FreeArena(arena,PR_TRUE);
-	    return NULL;
-	}
-	PORT_Memcpy(dllName,&names[2],len);
+	if (dllName == NULL) 
+	    goto loser;
+	PORT_Memcpy(dllName, names + namesRunningOffset + 2, len);
 	dllName[len] = 0;
     }
+    namesRunningOffset += len + 2;
+
+    /* copy the module's initialization string, if present. */
     if (!internal && extended) {
-	names += len+2;
-	len = SECMOD_GETSHORT(names);
+	CHECK_SIZE( namesRunningOffset + 2);
+	len = SECMOD_GETSHORT(names+namesRunningOffset);
 	if (len) {
+	    CHECK_SIZE( namesRunningOffset + 2 + len );
 	    parameters = (char*)PORT_ArenaAlloc(arena,len + 1);
-	    if (parameters == NULL) {
-		PORT_FreeArena(arena,PR_TRUE);
-		return NULL;
-	    }
-	    PORT_Memcpy(parameters,&names[2],len);
+	    if (parameters == NULL) 
+		goto loser;
+	    PORT_Memcpy(parameters,names + namesRunningOffset + 2, len);
 	    parameters[len] = 0;
 	}
+	namesRunningOffset += len + 2;
+    }
+
+    /* 
+     * Consistency check: Make sure the slot and names blocks don't
+     * overlap. These blocks can occur in any order, so this check is made 
+     * in 2 parts. First we check the case where the slot block starts 
+     * after the name block. Later, when we have the slot block length,
+     * we check the case where slot block starts before the name block.
+     * NOTE: in most cases any overlap will likely be detected by invalid 
+     * data read from the blocks, but it's better to find out sooner 
+     * than later.
+     */
+    if (slotOffset >= namesOffset) { /* slot block starts after name block */
+	if (slotOffset < namesRunningOffset) {
+	    goto db_loser;
+	}
     }
-    if (internal) {
-	parameters = PORT_ArenaStrdup(arena,defParams);
+
+    /* ------------------------------------------------------------------
+    ** Part 3, process the slot table.
+    ** This part has this structure:
+    ** struct {
+    **     BYTE slotCount [ 2 ];
+    **     secmodSlotData [ slotCount ];
+    ** {
+    */
+
+    CHECK_SIZE( slotOffset + 2 );
+    slotCount = SECMOD_GETSHORT((unsigned char *)data->data + slotOffset);
+
+    /* 
+     * Consistency check: Part 2. We now have the slot block length, we can 
+     * check the case where the slotblock procedes the name block.
+     */
+    if (slotOffset < namesOffset) { /* slot block starts before name block */
+	if (namesOffset < slotOffset + 2 + slotCount*sizeof(secmodSlotData)) {
+	    goto db_loser;
+	}
     }
 
-    /* decode SSL cipher enable flags */
-    ssl0 = SECMOD_GETLONG(encoded->ssl);
-    ssl1 = SECMOD_GETLONG(&encoded->ssl[4]);
+    CHECK_SIZE( (slotOffset + 2 + slotCount * sizeof(secmodSlotData)));
+    slots = (secmodSlotData *) ((unsigned char *)data->data + slotOffset + 2);
 
     /*  slotCount; */
-    slotStrings = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *));
-    for (i=0; i < (int) slotCount; i++) {
-	slotID = SECMOD_GETLONG(slots[i].slotID);
-	defaultFlags = SECMOD_GETLONG(slots[i].defaultFlags);
+    slotStrings = (char **)PORT_ArenaZAlloc(arena, slotCount * sizeof(char *));
+    if (slotStrings == NULL)
+	goto loser;
+    for (i=0; i < (int) slotCount; i++, slots++) {
+	PRBool hasRootCerts	=PR_FALSE;
+	PRBool hasRootTrust	=PR_FALSE;
+	slotID       = SECMOD_GETLONG(slots->slotID);
+	defaultFlags = SECMOD_GETLONG(slots->defaultFlags);
+	timeout      = SECMOD_GETLONG(slots->timeout);
+	hasRootCerts = slots->hasRootCerts;
 	if (isOldVersion && internal && (slotID != 2)) {
 		unsigned long internalFlags=
 			pk11_argSlotFlags("slotFlags",SECMOD_SLOT_FLAGS);
 		defaultFlags |= internalFlags;
 	}
-	timeout = SECMOD_GETLONG(slots[i].timeout);
-	hasRootCerts = slots[i].hasRootCerts;
 	if (hasRootCerts && !extended) {
 	    trustOrder = 100;
 	}
 
 	slotStrings[i] = pk11_mkSlotString(slotID, defaultFlags, timeout, 
-	                                   (unsigned char)slots[i].askpw, 
+	                                   (unsigned char)slots->askpw, 
 	                                   hasRootCerts, hasRootTrust);
+	if (slotStrings[i] == NULL) {
+	    secmod_FreeSlotStrings(slotStrings,i);
+	    goto loser;
+	}
     }
 
     nss = pk11_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB, 
-	isModuleDBOnly, internal, trustOrder, cipherOrder, ssl0, ssl1);
+		     isModuleDBOnly, internal, trustOrder, cipherOrder, 
+		     ssl0, ssl1);
+    secmod_FreeSlotStrings(slotStrings,slotCount);
+    /* it's permissible (and normal) for nss to be NULL. it simply means
+     * there are no NSS specific parameters in the database */
     moduleSpec = pk11_mkNewModuleSpec(dllName,commonName,parameters,nss);
     PR_smprintf_free(nss);
     PORT_FreeArena(arena,PR_TRUE);
+    return moduleSpec;
 
-    return (moduleSpec);
+db_loser:
+    PORT_SetError(SEC_ERROR_BAD_DATABASE);
+loser:
+    PORT_FreeArena(arena,PR_TRUE);
+    return NULL;
 }
 
 
 
 static DB *
 secmod_OpenDB(const char *appName, const char *filename, const char *dbName, 
 				PRBool readOnly, PRBool update)
 {
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -2155,16 +2155,17 @@ pk11_IsWeakKey(unsigned char *key,CK_KEY
 
 /* make a fake private key representing a symmetric key */
 static NSSLOWKEYPrivateKey *
 pk11_mkSecretKeyRep(PK11Object *object)
 {
     NSSLOWKEYPrivateKey *privKey = 0;
     PLArenaPool *arena = 0;
     CK_KEY_TYPE keyType;
+    PRUint32 keyTypeStorage;
     SECItem keyTypeItem;
     CK_RV crv;
     SECStatus rv;
     static unsigned char derZero[1] = { 0 };
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) { crv = CKR_HOST_MEMORY; goto loser; }
 
@@ -2207,20 +2208,23 @@ pk11_mkSecretKeyRep(PK11Object *object)
     privKey->u.rsa.exponent1.len = sizeof derZero;
     privKey->u.rsa.exponent1.data = derZero;
 
     privKey->u.rsa.exponent2.len = sizeof derZero;
     privKey->u.rsa.exponent2.data = derZero;
 
     /* Coeficient set to KEY_TYPE */
     crv = pk11_GetULongAttribute(object, CKA_KEY_TYPE, &keyType);
-    if (crv != CKR_OK) goto loser;
-    keyType = PR_htonl(keyType);
-    keyTypeItem.data = (unsigned char *)&keyType;
-    keyTypeItem.len = sizeof (keyType);
+    if (crv != CKR_OK) goto loser; 
+    /* on 64 bit platforms, we still want to store 32 bits of keyType (This is
+     * safe since the PKCS #11 defines for all types are 32 bits or less). */
+    keyTypeStorage = (PRUint32) keyType;
+    keyTypeStorage = PR_htonl(keyTypeStorage);
+    keyTypeItem.data = (unsigned char *)&keyTypeStorage;
+    keyTypeItem.len = sizeof (keyTypeStorage);
     rv = SECITEM_CopyItem(arena, &privKey->u.rsa.coefficient, &keyTypeItem);
     if (rv != SECSuccess) {
 	crv = CKR_HOST_MEMORY;
 	goto loser;
     }
     
     /* Private key version field set normally for compatibility */
     rv = DER_SetUInteger(privKey->arena, 
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -358,40 +358,27 @@ pk11_InitGeneric(PK11Session *session,PK
 	/* make sure it's a valid  key for this operation */
 	if (((key->objclass != CKO_SECRET_KEY) && (key->objclass != pubKeyType))
 					|| !pk11_isTrue(key,operation)) {
 	    pk11_FreeObject(key);
 	    return CKR_KEY_TYPE_INCONSISTENT;
 	}
 	/* get the key type */
 	att = pk11_FindAttribute(key,CKA_KEY_TYPE);
-	PORT_Assert(att != NULL);
-	size = sizeof(CK_KEY_TYPE);
-	if (att->attrib.ulValueLen < size) {
-	    CK_KEY_TYPE kt;
-	    int i;
-	    int shift;
-#ifdef IS_LITTLE_ENDIAN
-	    shift = 0;
-#else
-	    shift = (att->attrib.ulValueLen - 1) * 8;
-#endif
-	    kt = 0;
-	    for (i=att->attrib.ulValueLen - 1; i>=0; i--) {
-		kt |= ((unsigned char *)att->attrib.pValue)[i] << shift;
-#ifdef IS_LITTLE_ENDIAN
-		shift += 8;
-#else
-		shift -= 8;
-#endif
-	    }
-	    *keyTypePtr = kt;
-	} else {
- 	    *keyTypePtr = *((CK_KEY_TYPE *)att->attrib.pValue);
+	if (att == NULL) {
+	    pk11_FreeObject(key);
+	    return CKR_KEY_TYPE_INCONSISTENT;
 	}
+	PORT_Assert(att->attrib.ulValueLen == sizeof(CK_KEY_TYPE));
+	if (att->attrib.ulValueLen != sizeof(CK_KEY_TYPE)) {
+	    pk11_FreeAttribute(att);
+	    pk11_FreeObject(key);
+	    return CKR_ATTRIBUTE_VALUE_INVALID;
+	}
+	PORT_Memcpy(keyTypePtr, att->attrib.pValue, sizeof(CK_KEY_TYPE));
 	pk11_FreeAttribute(att);
 	*keyPtr = key;
     }
 
     /* allocate the context structure */
     context = (PK11SessionContext *)PORT_Alloc(sizeof(PK11SessionContext));
     if (context == NULL) {
 	if (key) pk11_FreeObject(key);
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -683,16 +683,17 @@ pk11_FindSecretKeyAttribute(PK11TokenObj
 {
     NSSLOWKEYPrivateKey *key;
     char *label;
     unsigned char *keyString;
     PK11Attribute *att;
     int keyTypeLen;
     CK_ULONG keyLen;
     CK_KEY_TYPE keyType;
+    PRUint32 keyTypeStorage;
 
     switch (type) {
     case CKA_PRIVATE:
     case CKA_SENSITIVE:
     case CKA_ALWAYS_SENSITIVE:
     case CKA_EXTRACTABLE:
     case CKA_DERIVE:
     case CKA_ENCRYPT:
@@ -727,35 +728,82 @@ pk11_FindSecretKeyAttribute(PK11TokenObj
 	return NULL;
     }
     switch (type) {
     case CKA_KEY_TYPE:
 	/* handle legacy databases. In legacy databases key_type was stored
 	 * in host order, with any leading zeros stripped off. Only key types
 	 * under 0x1f (AES) were stored. We assume that any values which are
 	 * either 1 byte long (big endian), or have byte[0] between 0 and 
-	 * 0x1f and bytes[1]-bytes[3] equal to '0' (little endian). All other
+	 * 0x7f and bytes[1]-bytes[3] equal to '0' (little endian). All other
 	 * values are assumed to be from the new database, which is always 4
-	 * bytes in host order */
+	 * bytes in network order */
 	keyType=0;
 	keyString = key->u.rsa.coefficient.data;
 	keyTypeLen = key->u.rsa.coefficient.len;
-	/* only length of 1 or 4 are valid */
-	if ((keyTypeLen != sizeof(keyType)) && (keyTypeLen != 1)) {
-	    PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	    return NULL;
+
+
+	/*
+ 	 * Because of various endian and word lengths, the database may have
+	 * stored the keyType value in one of the following formats:
+	 *   (kt) <= 0x1f 
+	 *                                   length data
+	 * Big Endian,     pre-3.9, all lengths: 1  (kt)
+	 * Little Endian,  pre-3.9, 32 bits:     4  (kt) 0  0  0
+	 * Little Endian,  pre-3.9, 64 bits:     8  (kt) 0  0  0   0  0  0  0
+	 * All platforms,      3.9, 32 bits:     4    0  0  0 (kt)
+	 * Big Endian,         3.9, 64 bits:     8    0  0  0 (kt) 0  0  0  0
+	 * Little  Endian,     3.9, 64 bits:     8    0  0  0  0   0  0  0 (kt)
+	 * All platforms, >= 3.9.1, all lengths: 4   (a) k1 k2 k3
+	 * where (a) is 0 or >= 0x80. currently (a) can only be 0.
+	 */
+	/*
+ 	 * This key was written on a 64 bit platform with a using NSS 3.9
+	 * or earlier. Reduce the 64 bit possibilities above. When  through,
+	 * we will only have:
+	 * 
+	 * Big Endian,     pre-3.9, all lengths: 1  (kt)
+	 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+	 * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
+	 * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
+	 */
+	if (keyTypeLen == 8) {
+	    keyTypeStorage = *(PRUint32 *) keyString;
+	    if (keyTypeStorage == 0) {
+		keyString += sizeof(PRUint32);
+	    }
+	    keyTypeLen = 4;
 	}
-	if ((keyTypeLen == 1)  ||
-	    ((keyString[0] <= 0x1f) && (keyString[1] == 0) && 
-	     (keyString[2] == 0)    && (keyString[3] == 0))) {
+	/*
+	 * Now Handle:
+	 *
+	 * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
+	 * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
+	 *
+	 * NOTE: if  kt == 0 or ak1k2k3 == 0, the test fails and
+	 * we handle it as:
+	 *
+	 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+	 */
+	if (keyTypeLen == sizeof(keyTypeStorage) &&
+	     (((keyString[0] & 0x80) == 0x80) ||
+		!((keyString[1] == 0) && (keyString[2] == 0)
+	   				    && (keyString[3] == 0))) ) {
+	    PORT_Memcpy(&keyTypeStorage, keyString, sizeof(keyTypeStorage));
+	    keyType = (CK_KEY_TYPE) PR_ntohl(keyTypeStorage);
+	} else {
+	/*
+	 * Now Handle:
+	 *
+	 * Big Endian,     pre-3.9, all lengths: 1  (kt)
+	 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+	 *  -- KeyType == 0 all other cases ---: 4    0  0  0  0
+	 */
 	    keyType = (CK_KEY_TYPE) keyString[0] ;
-	} else {
-	    keyType = *(CK_KEY_TYPE *) keyString;
-	    keyType = PR_ntohl(keyType);
-	}
+        }
 	return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType),PR_TRUE);
     case CKA_VALUE:
 	return pk11_NewTokenAttribute(type,key->u.rsa.privateExponent.data,
 				key->u.rsa.privateExponent.len, PR_FALSE);
     case CKA_VALUE_LEN:
 	keyLen=key->u.rsa.privateExponent.len;
 	return pk11_NewTokenAttribute(type, &keyLen, sizeof(CK_ULONG), PR_TRUE);
     }
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -2771,16 +2771,20 @@ ssl3_ComputeHandshakeHashes(sslSocket * 
     unsigned char shaStackBuf[512];
     unsigned char *md5StateBuf = NULL;
     unsigned char *shaStateBuf = NULL;
     unsigned int  md5StateLen, shaStateLen;
 
     PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
 
     isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0);
+    if (!spec->master_secret) {
+    	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+	return SECFailure;
+    }
 
     md5StateBuf = PK11_SaveContextAlloc(ssl3->hs.md5, md5StackBuf,
                                         sizeof md5StackBuf, &md5StateLen);
     if (md5StateBuf == NULL) {
 	ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
 	goto loser;
     }
     md5 = ssl3->hs.md5;
--- a/security/nss/lib/util/nsslocks.c
+++ b/security/nss/lib/util/nsslocks.c
@@ -55,17 +55,19 @@ SECStatus
     static PRInt32  initializers;
 
     PORT_Assert( ppLock != NULL);
 
     /* atomically initialize the lock */
     while (!*ppLock) {
         PRInt32 myAttempt = PR_AtomicIncrement(&initializers);
         if (myAttempt == 1) {
-	    *ppLock = PZ_NewLock(ltype);
+            if (!*ppLock) {
+                *ppLock = PZ_NewLock(ltype);
+            }
             (void) PR_AtomicDecrement(&initializers);
             break;
         }
         PR_Sleep(PR_INTERVAL_NO_WAIT);          /* PR_Yield() */
         (void) PR_AtomicDecrement(&initializers);
     }
 
     return (*ppLock != NULL) ? SECSuccess : SECFailure;
@@ -88,17 +90,19 @@ nss_InitMonitor(PZMonitor **ppMonitor, n
     static PRInt32  initializers;
 
     PORT_Assert( ppMonitor != NULL);
 
     /* atomically initialize the lock */
     while (!*ppMonitor) {
         PRInt32 myAttempt = PR_AtomicIncrement(&initializers);
         if (myAttempt == 1) {
-	    *ppMonitor = PZ_NewMonitor(ltype);
+            if (!*ppMonitor) {
+                *ppMonitor = PZ_NewMonitor(ltype);
+            }
             (void) PR_AtomicDecrement(&initializers);
             break;
         }
         PR_Sleep(PR_INTERVAL_NO_WAIT);          /* PR_Yield() */
         (void) PR_AtomicDecrement(&initializers);
     }
 
     return (*ppMonitor != NULL) ? SECSuccess : SECFailure;
--- a/security/nss/lib/util/nssrwlk.c
+++ b/security/nss/lib/util/nssrwlk.c
@@ -180,17 +180,19 @@ nssRWLock_AtomicCreate( NSSRWLock  ** pr
     static PRInt32  initializers;
 
     PR_ASSERT(prwlock != NULL);
 
     /* atomically initialize the lock */
     while (NULL == (rwlock = *prwlock)) {
         PRInt32 myAttempt = PR_AtomicIncrement(&initializers);
         if (myAttempt == 1) {
-	    *prwlock = rwlock = NSSRWLock_New(lock_rank, lock_name);
+            if (NULL == (rwlock = *prwlock)) {
+                *prwlock = rwlock = NSSRWLock_New(lock_rank, lock_name);
+            }
             (void) PR_AtomicDecrement(&initializers);
             break;
         }
         PR_Sleep(PR_INTERVAL_NO_WAIT);          /* PR_Yield() */
         (void) PR_AtomicDecrement(&initializers);
     }
 
     return rwlock;
--- a/security/nss/tests/ssl/ecssl.sh
+++ b/security/nss/tests/ssl/ecssl.sh
@@ -126,25 +126,25 @@ is_selfserv_alive()
   #fi
 }
 
 ########################### wait_for_selfserv ##########################
 # local shell function to wait until selfserver is running and initialized
 ########################################################################
 wait_for_selfserv()
 {
-  echo "tstclnt -p ${PORT} -h ${HOST} -q "
+  echo "tstclnt -p ${PORT} -h ${HOSTADDR} -q "
   echo "        -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \\"
   #echo "tstclnt -q started at `date`"
-  tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
+  tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
   if [ $? -ne 0 ]; then
       html_failed "<TR><TD> Wait for Server "
-      echo "RETRY: tstclnt -p ${PORT} -h ${HOST} -q \\"
+      echo "RETRY: tstclnt -p ${PORT} -h ${HOSTADDR} -q \\"
       echo "               -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
-      tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
+      tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
   elif [ sparam = "-c ABCDEFGHIJKLMNOPQRSTabcdefghijklmnvy" ] ; then # "$1" = "cov" ] ; then
       html_passed "<TR><TD> Wait for Server"
   fi
   is_selfserv_alive
 }
 
 ########################### kill_selfserv ##############################
 # local shell function to kill the selfserver after the tests are done
@@ -216,21 +216,21 @@ ssl_cov()
       elif [ "$tls" != "#" ] ; then
           echo "$SCRIPTNAME: running $testname ----------------------------"
           TLS_FLAG=-T
           if [ $tls = "TLS" ]; then
               TLS_FLAG=""
           fi
 
           is_selfserv_alive
-          echo "tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} \\"
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} \\"
           echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f \
+          tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} -f \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
           html_msg $ret 0 "${testname}"
       fi
   done < ${SSLCOV}
@@ -247,20 +247,20 @@ ssl_auth()
   html_head "SSL Client Authentication $NORM_EXT"
 
   while read value sparam cparam testname
   do
       if [ $value != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
           start_selfserv
 
-          echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${P_R_CLIENTDIR} \\"
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOST} -f ${cparam} \
+          tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
 
           html_msg $ret $value "${testname}" \
                    "produced a returncode of $ret, expected is $value"
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@@ -122,25 +122,25 @@ is_selfserv_alive()
   #fi
 }
 
 ########################### wait_for_selfserv ##########################
 # local shell function to wait until selfserver is running and initialized
 ########################################################################
 wait_for_selfserv()
 {
-  echo "tstclnt -p ${PORT} -h ${HOST} -q "
+  echo "tstclnt -p ${PORT} -h ${HOSTADDR} -q "
   echo "        -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \\"
   #echo "tstclnt -q started at `date`"
-  tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
+  tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
   if [ $? -ne 0 ]; then
       html_failed "<TR><TD> Wait for Server "
-      echo "RETRY: tstclnt -p ${PORT} -h ${HOST} -q \\"
+      echo "RETRY: tstclnt -p ${PORT} -h ${HOSTADDR} -q \\"
       echo "               -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
-      tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
+      tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
   elif [ sparam = "-c ABCDEFabcdefghijklmnvy" ] ; then # "$1" = "cov" ] ; then
       html_passed "<TR><TD> Wait for Server"
   fi
   is_selfserv_alive
 }
 
 ########################### kill_selfserv ##############################
 # local shell function to kill the selfserver after the tests are done
@@ -209,21 +209,21 @@ ssl_cov()
       elif [ "$tls" != "#" ] ; then
           echo "$SCRIPTNAME: running $testname ----------------------------"
           TLS_FLAG=-T
           if [ $tls = "TLS" ]; then
               TLS_FLAG=""
           fi
 
           is_selfserv_alive
-          echo "tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} \\"
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} \\"
           echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f \
+          tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} -f \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
           html_msg $ret 0 "${testname}"
       fi
   done < ${SSLCOV}
@@ -240,20 +240,20 @@ ssl_auth()
   html_head "SSL Client Authentication $NORM_EXT"
 
   while read value sparam cparam testname
   do
       if [ $value != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
           start_selfserv
 
-          echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${P_R_CLIENTDIR} \\"
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          tstclnt -p ${PORT} -h ${HOST} -f ${cparam} \
+          tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
           cat ${TMP}/$HOST.tmp.$$ 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
 
           html_msg $ret $value "${testname}" \
                    "produced a returncode of $ret, expected is $value"