fixup commit for branch 'ANGELON_MOZ12_N8_BRANCH' ANGELON_MOZ12_N8_BRANCH ANGELON_MOZ12_N8_BASE
authorcvs2hg
Fri, 13 Jun 2003 04:43:54 +0000
branchANGELON_MOZ12_N8_BRANCH
changeset 4528 e49f1c2fd8e5a488102a9be74b8e723d229bdf28
parent 3921 66928a952340e47619bb822b3de6899c7a96e295
child 4529 5b92a4b31b9ede8b05215fd31752b77188a4712e
child 4530 df0089a311c77302607210a96cf32f4893e3ae10
child 4531 ab29fd38870c85241458adb8af3f3b9bfaf8e84a
child 4532 b8906ccfd293ad7bf266d34365318326af4dc944
child 4616 352bd56fbf81abc68c52af450152bd4b767e3e30
child 10663 779a00d173971043bd2af7ca608472e36f2757f0
push idunknown
push userunknown
push dateunknown
fixup commit for branch 'ANGELON_MOZ12_N8_BRANCH'
dbm/src/nsres.c
security/coreconf/Darwin.mk
security/coreconf/OS2.mk
security/coreconf/platform.mk
security/coreconf/rules.mk
security/dbm/Makefile
security/dbm/config/config.mk
security/dbm/include/Makefile
security/dbm/include/manifest.mn
security/dbm/manifest.mn
security/dbm/src/Makefile
security/dbm/src/config.mk
security/dbm/src/dirent.c
security/dbm/src/dirent.h
security/dbm/src/manifest.mn
security/dbm/tests/Makefile
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/bltest/tests/sha256/ciphertext0
security/nss/cmd/bltest/tests/sha256/ciphertext1
security/nss/cmd/bltest/tests/sha256/numtests
security/nss/cmd/bltest/tests/sha256/plaintext0
security/nss/cmd/bltest/tests/sha256/plaintext1
security/nss/cmd/bltest/tests/sha384/ciphertext0
security/nss/cmd/bltest/tests/sha384/ciphertext1
security/nss/cmd/bltest/tests/sha384/numtests
security/nss/cmd/bltest/tests/sha384/plaintext0
security/nss/cmd/bltest/tests/sha384/plaintext1
security/nss/cmd/bltest/tests/sha512/ciphertext0
security/nss/cmd/bltest/tests/sha512/ciphertext1
security/nss/cmd/bltest/tests/sha512/numtests
security/nss/cmd/bltest/tests/sha512/plaintext0
security/nss/cmd/bltest/tests/sha512/plaintext1
security/nss/cmd/certutil/certutil.c
security/nss/cmd/lib/secutil.c
security/nss/cmd/selfserv/selfserv.c
security/nss/cmd/smimetools/cmsutil.c
security/nss/cmd/strsclnt/strsclnt.c
security/nss/cmd/vfychain/Makefile
security/nss/cmd/vfychain/manifest.mn
security/nss/cmd/vfychain/vfychain.c
security/nss/cmd/vfyserv/vfyutil.c
security/nss/lib/base/errorval.c
security/nss/lib/certdb/cert.h
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/certi.h
security/nss/lib/certdb/certv3.c
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/secname.c
security/nss/lib/certhigh/certvfy.c
security/nss/lib/ckfw/builtins/certdata.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/ckfw/nssck.api
security/nss/lib/crmf/respcmn.c
security/nss/lib/cryptohi/hasht.h
security/nss/lib/cryptohi/sechash.c
security/nss/lib/dev/dev.h
security/nss/lib/dev/devslot.c
security/nss/lib/dev/devt.h
security/nss/lib/dev/devtoken.c
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/ldvector.c
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/loader.h
security/nss/lib/freebl/manifest.mn
security/nss/lib/nss/nss.def
security/nss/lib/nss/nss.h
security/nss/lib/nss/nssinit.c
security/nss/lib/pk11wrap/debug_module.c
security/nss/lib/pk11wrap/dev3hack.c
security/nss/lib/pk11wrap/manifest.mn
security/nss/lib/pk11wrap/pk11cert.c
security/nss/lib/pk11wrap/pk11func.h
security/nss/lib/pk11wrap/pk11init.h
security/nss/lib/pk11wrap/pk11load.c
security/nss/lib/pk11wrap/pk11sdr.c
security/nss/lib/pk11wrap/pk11skey.c
security/nss/lib/pk11wrap/pk11slot.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/pk11wrap/secmodi.h
security/nss/lib/pkcs7/p7decode.c
security/nss/lib/pki/cryptocontext.c
security/nss/lib/pki/pki3hack.c
security/nss/lib/pki/pki3hack.h
security/nss/lib/pki/pkibase.c
security/nss/lib/pki/pkistore.c
security/nss/lib/pki/pkistore.h
security/nss/lib/pki/tdcache.c
security/nss/lib/pki/trustdomain.c
security/nss/lib/pki1/config.mk
security/nss/lib/pki1/manifest.mn
security/nss/lib/smime/cms.h
security/nss/lib/smime/cmsdecode.c
security/nss/lib/smime/cmsencdata.c
security/nss/lib/smime/cmslocal.h
security/nss/lib/smime/cmspubkey.c
security/nss/lib/smime/cmsrecinfo.c
security/nss/lib/smime/cmssigdata.c
security/nss/lib/smime/cmssiginfo.c
security/nss/lib/smime/cmst.h
security/nss/lib/smime/smime.def
security/nss/lib/softoken/alghmac.c
security/nss/lib/softoken/dbmshim.c
security/nss/lib/softoken/keydb.c
security/nss/lib/softoken/pcertdb.c
security/nss/lib/softoken/pk11db.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/pkcs11i.h
security/nss/lib/softoken/pkcs11n.h
security/nss/lib/softoken/rawhash.c
security/nss/lib/ssl/ssl.def
security/nss/lib/ssl/ssl.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslsnce.c
security/nss/lib/util/secasn1d.c
security/nss/lib/util/secerr.h
security/nss/lib/util/secoid.c
security/nss/lib/util/secoidt.h
security/nss/tests/cipher/cipher.txt
security/nss/tests/cmdtests/cmdtests.sh
security/nss/tests/dbtests/dbtests.sh
security/nss/tests/ssl/ssl.sh
--- a/dbm/src/nsres.c
+++ b/dbm/src/nsres.c
@@ -74,17 +74,18 @@ int GenKeyData(const char *library, int3
 
 NSRESHANDLE NSResCreateTable(const char *filename, NSRESTHREADINFO *threadinfo)
 {
 	RESHANDLE hres;
 	int flag;
 
 	flag = O_RDWR | O_CREAT;
 
-	hres = (RESHANDLE) calloc ( 1, sizeof(struct RESDATABASE) );
+	hres = (RESHANDLE) malloc ( sizeof(struct RESDATABASE) );
+	memset(hres, 0, sizeof(struct RESDATABASE));
 
 	if (threadinfo && threadinfo->lock && threadinfo->fn_lock 
 	  && threadinfo->fn_unlock)
 	{
 		hres->threadinfo = (NSRESTHREADINFO *) malloc( sizeof(NSRESTHREADINFO) );
 		hres->threadinfo->lock = threadinfo->lock;
 		hres->threadinfo->fn_lock = threadinfo->fn_lock;
 		hres->threadinfo->fn_unlock = threadinfo->fn_unlock;
@@ -105,17 +106,18 @@ NSRESHANDLE NSResCreateTable(const char 
 
 NSRESHANDLE NSResOpenTable(const char *filename, NSRESTHREADINFO *threadinfo)
 {
 	RESHANDLE hres;
 	int flag;
 
 	flag = O_RDONLY;  /* only open database for reading */
 
-	hres = (RESHANDLE) calloc ( 1, sizeof(struct RESDATABASE) );
+	hres = (RESHANDLE) malloc ( sizeof(struct RESDATABASE) );
+	memset(hres, 0, sizeof(struct RESDATABASE));
 
 	if (threadinfo && threadinfo->lock && threadinfo->fn_lock 
 	  && threadinfo->fn_unlock)
 	{
 		hres->threadinfo = (NSRESTHREADINFO *) malloc( sizeof(NSRESTHREADINFO) );
 		hres->threadinfo->lock = threadinfo->lock;
 		hres->threadinfo->fn_lock = threadinfo->fn_lock;
 		hres->threadinfo->fn_unlock = threadinfo->fn_unlock;
--- a/security/coreconf/Darwin.mk
+++ b/security/coreconf/Darwin.mk
@@ -30,16 +30,18 @@
 # may use your version of this file under either the MPL or the
 # GPL.
 #
 # Config stuff for Darwin.
 #
 
 include $(CORE_DEPTH)/coreconf/UNIX.mk
 
+DEFAULT_COMPILER = cc
+
 CC		= cc
 CCC		= c++
 RANLIB		= ranlib
 
 ifeq (86,$(findstring 86,$(OS_TEST)))
 OS_REL_CFLAGS	= -Di386
 CPU_ARCH	= i386
 else
--- a/security/coreconf/OS2.mk
+++ b/security/coreconf/OS2.mk
@@ -81,20 +81,26 @@ MKSHLIB                 = $(CXX) $(CXXFL
 MKCSHLIB                = $(CC) $(CFLAGS) $(DSO_LDOPTS) -o $@
 MKSHLIB_FORCE_ALL       = 
 MKSHLIB_UNFORCE_ALL     = 
 DSO_LDOPTS              = -Zomf -Zdll -Zmt -Zcrtdll -Zlinker /NOO
 # DLL_SUFFIX              = .dll
 SHLIB_LDSTARTFILE	= 
 SHLIB_LDENDFILE		= 
 ifdef MAPFILE
-# Add LD options to restrict exported symbols to those in the map file
+MKSHLIB += $(MAPFILE)
 endif
-# Change PROCESS to put the mapfile in the correct format for this platform
-PROCESS_MAP_FILE = copy $(LIBRARY_NAME).def $@
+PROCESS_MAP_FILE = \
+	echo LIBRARY $(LIBRARY_NAME)$(LIBRARY_VERSION) INITINSTANCE TERMINSTANCE > $@; \
+	echo PROTMODE >> $@; \
+	echo CODE    LOADONCALL MOVEABLE DISCARDABLE >> $@; \
+	echo DATA    PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \
+	echo EXPORTS >> $@; \
+	grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \
+	sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' >> $@
 
 endif   #NO_SHARED_LIB
 
 OS_CFLAGS          = -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Zmtd -Zomf -Zmt  -DDEBUG -DDEBUG_wintrinh -DTRACING -g
 
 # Where the libraries are
 MOZ_COMPONENT_NSPR_LIBS=-L$(DIST)/lib $(NSPR_LIBS)
 NSPR_LIBS	= -lplds4 -lplc4 -lnspr4 
@@ -142,42 +148,55 @@ DSO_PIC_CFLAGS          =
 MKSHLIB                 = $(LD) $(DSO_LDOPTS)
 MKCSHLIB                = $(LD) $(DSO_LDOPTS)
 MKSHLIB_FORCE_ALL       = 
 MKSHLIB_UNFORCE_ALL     = 
 DSO_LDOPTS              = 
 # DLL_SUFFIX              = .dll
 SHLIB_LDSTARTFILE	= 
 SHLIB_LDENDFILE		= 
+ifdef MAPFILE
+MKSHLIB += $(MAPFILE)
+endif
+PROCESS_MAP_FILE = \
+	echo LIBRARY $(LIBRARY_NAME)$(LIBRARY_VERSION) INITINSTANCE TERMINSTANCE > $@; \
+	echo PROTMODE >> $@; \
+	echo CODE    LOADONCALL MOVEABLE DISCARDABLE >> $@; \
+	echo DATA    PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \
+	echo EXPORTS >> $@; \
+	grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \
+	sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' >> $@
 endif   #NO_SHARED_LIB
 
 OS_CFLAGS          = /Q /qlibansi /Gd /Gm /Su4 /Mp /Tl-
 INCLUDES        += -I$(CORE_DEPTH)/../dist/include
 DEFINES         += -DXP_OS2_VACPP -DTCPV40HDRS
 
 # Where the libraries are
 NSPR_LIBS	= $(DIST)/lib/nspr4.lib $(DIST)/lib/plc4.lib $(DIST)/lib/plds4.lib
 MOZ_COMPONENT_NSPR_LIBS=-L$(DIST)/lib $(NSPR_LIBS)
 NSPR_INCLUDE_DIR =   
 
 
+DLLFLAGS    = /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map)
+EXEFLAGS    = -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE
+LDFLAGS     = /FREE /NOE /LINENUMBERS /nologo
+
 ifdef BUILD_OPT
-OPTIMIZER		= -Oi -G5
+OPTIMIZER		= /O+ /Gl+ /G5 /qarch=pentium
 DEFINES 		+= -UDEBUG -U_DEBUG -DNDEBUG
-DLLFLAGS		= /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map)
-EXEFLAGS    		= -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE
 OBJDIR_TAG 		= _OPT
-LDFLAGS     = /FREE /NODEBUG /NOE /LINENUMBERS /nologo
+LDFLAGS     += /NODEBUG /OPTFUNC /EXEPACK:2 /PACKCODE /PACKDATA
 else
 OS_CFLAGS   += /Ti+
 DEFINES 		+= -DDEBUG -D_DEBUG -DDEBUGPRINTS     #HCT Need += to avoid overidding manifest.mn 
-DLLFLAGS		= /DEBUG /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map)
-EXEFLAGS    		= -DEBUG -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE
+DLLFLAGS    += /DE
+EXEFLAGS    += /DE
 OBJDIR_TAG 		= _DBG
-LDFLAGS 		= /FREE /DE /NOE /LINENUMBERS /nologo 
+LDFLAGS     += /DE
 endif   # BUILD_OPT
 
 endif   # XP_OS2_VACPP
 
 # OS/2 use nsinstall that is included in the toolkit.
 # since we do not wish to support and maintain 3 version of nsinstall in mozilla, nspr and nss
 
 ifdef BUILD_TREE
new file mode 100644
--- /dev/null
+++ b/security/coreconf/platform.mk
@@ -0,0 +1,38 @@
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# Master "Core Components" <platform> tag                             #
+#######################################################################
+
+PLATFORM = $(OBJDIR_NAME)
--- a/security/coreconf/rules.mk
+++ b/security/coreconf/rules.mk
@@ -307,17 +307,17 @@ else
 	$(AR) $(OBJS)
 endif
 	$(RANLIB) $@
 
 
 ifeq ($(OS_TARGET),OS2)
 $(IMPORT_LIBRARY): $(SHARED_LIBRARY)
 	rm -f $@
-	$(IMPLIB) $@ $(patsubst %.lib,%.dll.def,$@)
+	$(IMPLIB) $@ $(SHARED_LIBRARY)
 	$(RANLIB) $@
 endif
 
 ifdef SHARED_LIBRARY_LIBS
 ifdef BUILD_TREE
 SUB_SHLOBJS = $(foreach dir,$(SHARED_LIBRARY_DIRS),$(shell $(MAKE) -C $(dir) --no-print-directory get_objs))
 else
 SUB_SHLOBJS = $(foreach dir,$(SHARED_LIBRARY_DIRS),$(addprefix $(dir)/,$(shell $(MAKE) -C $(dir) --no-print-directory get_objs)))
@@ -334,35 +334,18 @@ ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1)
 	| sed -e 's/^\.//' \
 	| sort -u >> $(OBJDIR)/lib$(LIBRARY_NAME)_syms
 	$(LD) $(XCFLAGS) -o $@ $(OBJS) -bE:$(OBJDIR)/lib$(LIBRARY_NAME)_syms \
 	-bM:SRE -bnoentry $(OS_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS)
 else
 ifeq (,$(filter-out WIN%,$(OS_TARGET)))
 	$(LINK_DLL) -MAP $(DLLBASE) $(subst /,\\,$(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES))
 else
-ifeq ($(OS_TARGET),OS2)
-	@cmd /C "echo LIBRARY $(notdir $(basename $(SHARED_LIBRARY))) INITINSTANCE TERMINSTANCE >$@.def"
-	@cmd /C "echo PROTMODE >>$@.def"
-	@cmd /C "echo CODE    LOADONCALL MOVEABLE DISCARDABLE >>$@.def"
-	@cmd /C "echo DATA    PRELOAD MOVEABLE MULTIPLE NONSHARED >>$@.def"	
-	@cmd /C "echo EXPORTS >>$@.def"
-	$(FILTER) $(OBJS) >>$@.def
-ifdef SUB_SHLOBJS
-	@echo Number of words in OBJ list = $(words $(SUB_SHLOBJS))
-	@echo If above number is over 100, need to reedit coreconf/rules.mk
-	-$(FILTER) $(wordlist 1,20,$(SUB_SHLOBJS)) >>$@.def
-	-$(FILTER) $(wordlist 21,40,$(SUB_SHLOBJS)) >>$@.def
-	-$(FILTER) $(wordlist 41,60,$(SUB_SHLOBJS)) >>$@.def
-	-$(FILTER) $(wordlist 61,80,$(SUB_SHLOBJS)) >>$@.def
-	-$(FILTER) $(wordlist 81,100,$(SUB_SHLOBJS)) >>$@.def
-endif
-endif #OS2
 ifdef XP_OS2_VACPP
-	$(MKSHLIB) $(DLLFLAGS) $(LDFLAGS) $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $@.def
+	$(MKSHLIB) $(DLLFLAGS) $(LDFLAGS) $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS)
 else
 	$(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS)
 endif
 	chmod +x $@
 ifeq ($(OS_TARGET),Darwin)
 ifdef MAPFILE
 	nmedit -s $(MAPFILE) $@
 endif
deleted file mode 100644
--- a/security/dbm/Makefile
+++ /dev/null
@@ -1,80 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-coreconf_hack:
-	cd ../coreconf; gmake
-	gmake import
-
-RelEng_bld: coreconf_hack
-	gmake
deleted file mode 100644
--- a/security/dbm/config/config.mk
+++ /dev/null
@@ -1,67 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# These macros are defined by mozilla's configure script.
-# We define them manually here.
-#
-
-DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR
-
-#
-# Most platforms have snprintf, so it's simpler to list the exceptions.
-#
-HAVE_SNPRINTF = 1
-#
-# OSF1 V4.0D doesn't have snprintf but V5.0A does.
-#
-ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D)
-HAVE_SNPRINTF =
-endif
-ifdef HAVE_SNPRINTF
-DEFINES += -DHAVE_SNPRINTF
-endif
-
-ifeq (,$(filter-out IRIX Linux,$(OS_TARGET)))
-DEFINES += -DHAVE_SYS_CDEFS_H
-endif
-
-ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET)))
-DEFINES += -DHAVE_SYS_BYTEORDER_H
-endif
-
-#
-# None of the platforms that we are interested in need to
-# define HAVE_MEMORY_H.
-#
deleted file mode 100644
--- a/security/dbm/include/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-
deleted file mode 100644
--- a/security/dbm/include/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH  = $(CORE_DEPTH)/../dbm/include
-
-MODULE = dbm
-
-EXPORTS =	nsres.h   \
-		cdefs.h   \
-		mcom_db.h \
-		ncompat.h \
-		winfile.h \
-		$(NULL)
-
-PRIVATE_EXPORTS =	hsearch.h \
-			page.h    \
-			extern.h  \
-			ndbm.h    \
-			queue.h   \
-			hash.h    \
-			mpool.h   \
-			search.h  \
-			$(NULL)
-
deleted file mode 100644
--- a/security/dbm/manifest.mn
+++ /dev/null
@@ -1,45 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ..
-
-MODULE = dbm
-
-IMPORTS = nspr20/v4.1.2
-
-RELEASE = dbm
-
-DIRS =  include \
-        src     \
-	$(NULL)
deleted file mode 100644
--- a/security/dbm/src/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-include $(CORE_DEPTH)/dbm/config/config.mk
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-
deleted file mode 100644
--- a/security/dbm/src/config.mk
+++ /dev/null
@@ -1,63 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG)
-
-INCLUDES += -I$(CORE_DEPTH)/../dbm/include
-
-#
-#  Currently, override TARGETS variable so that only static libraries
-#  are specifed as dependencies within rules.mk.
-#
-
-TARGETS        = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY   =
-PROGRAM        =
-
-ifdef SHARED_LIBRARY
-	ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16
-		DLLBASE=/BASE:0x30000000
-		RES=$(OBJDIR)/dbm.res
-		RESNAME=../include/dbm.rc
-	endif
-	ifeq ($(DLL_SUFFIX),dll)
-		DEFINES += -D_DLL
-	endif
-endif
-
-ifeq ($(OS_TARGET),AIX)
-	OS_LIBS += -lc_r
-endif
deleted file mode 100644
--- a/security/dbm/src/dirent.c
+++ /dev/null
@@ -1,348 +0,0 @@
-#ifdef OS2
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-#include <dirent.h>
-#include <errno.h>
-
-/*#ifndef __EMX__ 
-#include <libx.h>
-#endif */
-
-#define INCL_DOSFILEMGR
-#define INCL_DOSERRORS
-#include <os2.h>
-
-#if OS2 >= 2
-# define FFBUF	FILEFINDBUF3
-# define Word	ULONG
-  /*
-   * LS20 recommends a request count of 100, but according to the
-   * APAR text it does not lead to missing files, just to funny
-   * numbers of returned entries.
-   *
-   * LS30 HPFS386 requires a count greater than 2, or some files
-   * are missing (those starting with a character less that '.').
-   *
-   * Novell looses entries which overflow the buffer. In previous
-   * versions of dirent2, this could have lead to missing files
-   * when the average length of 100 directory entries was 40 bytes
-   * or more (quite unlikely for files on a Novell server).
-   *
-   * Conclusion: Make sure that the entries all fit into the buffer
-   * and that the buffer is large enough for more than 2 entries
-   * (each entry is at most 300 bytes long). And ignore the LS20
-   * effect.
-   */
-# define Count	25
-# define BufSz	(25 * (sizeof(FILEFINDBUF3)+1))
-#else
-# define FFBUF	FILEFINDBUF
-# define Word	USHORT
-# define BufSz	1024
-# define Count	3
-#endif
-
-#if defined(__IBMC__) || defined(__IBMCPP__)
-  #define error(rc) _doserrno = rc, errno = EOS2ERR
-#elif defined(MICROSOFT)
-  #define error(rc) _doserrno = rc, errno = 255
-#else
-  #define error(rc) errno = 255
-#endif
-
-struct _dirdescr {
-	HDIR		handle;		/* DosFindFirst handle */
-	char		fstype;		/* filesystem type */
-	Word		count;		/* valid entries in <ffbuf> */
-	long		number;		/* absolute number of next entry */
-	int		index;		/* relative number of next entry */
-	FFBUF *		next;		/* pointer to next entry */
-	char		name[MAXPATHLEN+3]; /* directory name */
-	unsigned	attrmask;	/* attribute mask for seekdir */
-	struct dirent	entry;		/* buffer for directory entry */
-	BYTE		ffbuf[BufSz];
-};
-
-/*
- * Return first char of filesystem type, or 0 if unknown.
- */
-static char
-getFSType(const char *path)
-{
-	static char cache[1+26];
-	char drive[3], info[512];
-	Word unit, infolen;
-	char r;
-
-	if (isalpha(path[0]) && path[1] == ':') {
-		unit = toupper(path[0]) - '@';
-		path += 2;
-	} else {
-		ULONG driveMap;
-#if OS2 >= 2
-		if (DosQueryCurrentDisk(&unit, &driveMap))
-#else
-		if (DosQCurDisk(&unit, &driveMap))
-#endif
-			return 0;
-	}
-
-	if ((path[0] == '\\' || path[0] == '/')
-	 && (path[1] == '\\' || path[1] == '/'))
-		return 0;
-
-	if (cache [unit])
-		return cache [unit];
-
-	drive[0] = '@' + unit;
-	drive[1] = ':';
-	drive[2] = '\0';
-	infolen = sizeof info;
-#if OS2 >= 2
-	if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen))
-		return 0;
-	if (infolen >= sizeof(FSQBUFFER2)) {
-		FSQBUFFER2 *p = (FSQBUFFER2 *)info;
-		r = p->szFSDName[p->cbName];
-	} else
-#else
-	if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0))
-		return 0;
-	if (infolen >= 9) {
-		char *p = info + sizeof(USHORT);
-		p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT);
-		r = *p;
-	} else
-#endif
-		r = 0;
-	return cache [unit] = r;
-}
-
-char *
-abs_path(const char *name, char *buffer, int len)
-{
-	char buf[4];
-	if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') {
-		buf[0] = name[0];
-		buf[1] = name[1];
-		buf[2] = '.';
-		buf[3] = '\0';
-		name = buf;
-	}
-#if OS2 >= 2
-	if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len))
-#else
-	if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L))
-#endif
-		return NULL;
-	return buffer;
-}
-
-DIR *
-openxdir(const char *path, unsigned att_mask)
-{
-	DIR *dir;
-	char name[MAXPATHLEN+3];
-	Word rc;
-
-	dir = malloc(sizeof(DIR));
-	if (dir == NULL) {
-		errno = ENOMEM;
-		return NULL;
-	}
-
-	strncpy(name, path, MAXPATHLEN);
-	name[MAXPATHLEN] = '\0';
-	switch (name[strlen(name)-1]) {
-	default:
-		strcat(name, "\\");
-	case '\\':
-	case '/':
-	case ':':
-		;
-	}
-	strcat(name, ".");
-	if (!abs_path(name, dir->name, MAXPATHLEN+1))
-		strcpy(dir->name, name);
-	if (dir->name[strlen(dir->name)-1] == '\\')
-		strcat(dir->name, "*");
-	else
-		strcat(dir->name, "\\*");
-
-	dir->fstype = getFSType(dir->name);
-	dir->attrmask = att_mask | A_DIR;
-
-	dir->handle = HDIR_CREATE;
-	dir->count = 100;
-#if OS2 >= 2
-	rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask,
-		dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
-#else
-	rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask,
-		(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
-#endif
-	switch (rc) {
-	default:
-		free(dir);
-		error(rc);
-		return NULL;
-	case NO_ERROR:
-	case ERROR_NO_MORE_FILES:
-		;
-	}
-
-	dir->number = 0;
-	dir->index = 0;
-	dir->next = (FFBUF *)dir->ffbuf;
-
-	return (DIR *)dir;
-}
-
-DIR *
-opendir(const char *pathname)
-{
-	return openxdir(pathname, 0);
-}
-
-struct dirent *
-readdir(DIR *dir)
-{
-	static int dummy_ino = 2;
-
-	if (dir->index == dir->count) {
-		Word rc;
-		dir->count = 100;
-#if OS2 >= 2
-		rc = DosFindNext(dir->handle, dir->ffbuf,
-			sizeof dir->ffbuf, &dir->count);
-#else
-		rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf,
-			sizeof dir->ffbuf, &dir->count);
-#endif
-		if (rc) {
-			error(rc);
-			return NULL;
-		}
-
-		dir->index = 0;
-		dir->next = (FFBUF *)dir->ffbuf;
-	}
-
-	if (dir->index == dir->count)
-		return NULL;
-
-	memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName);
-	dir->entry.d_name[dir->next->cchName] = '\0';
-	dir->entry.d_ino = dummy_ino++;
-	dir->entry.d_reclen = dir->next->cchName;
-	dir->entry.d_namlen = dir->next->cchName;
-	dir->entry.d_size = dir->next->cbFile;
-	dir->entry.d_attribute = dir->next->attrFile;
-	dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite;
-	dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite;
-
-	switch (dir->fstype) {
-	case 'F': /* FAT */
-	case 'C': /* CDFS */
-		if (dir->next->attrFile & FILE_DIRECTORY)
-			strupr(dir->entry.d_name);
-		else
-			strlwr(dir->entry.d_name);
-	}
-
-#if OS2 >= 2
-	dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset);
-#else
-	dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1);
-#endif
-	++dir->number;
-	++dir->index;
-
-	return &dir->entry;
-}
-
-long
-telldir(DIR *dir)
-{
-	return dir->number;
-}
-
-void
-seekdir(DIR *dir, long off)
-{
-	if (dir->number > off) {
-		char name[MAXPATHLEN+2];
-		Word rc;
-
-		DosFindClose(dir->handle);
-
-		strcpy(name, dir->name);
-		strcat(name, "*");
-
-		dir->handle = HDIR_CREATE;
-		dir->count = 32767;
-#if OS2 >= 2
-		rc = DosFindFirst(name, &dir->handle, dir->attrmask,
-			dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
-#else
-		rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask,
-			(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
-#endif
-		switch (rc) {
-		default:
-			error(rc);
-			return;
-		case NO_ERROR:
-		case ERROR_NO_MORE_FILES:
-			;
-		}
-
-		dir->number = 0;
-		dir->index = 0;
-		dir->next = (FFBUF *)dir->ffbuf;
-	}
-
-	while (dir->number < off && readdir(dir))
-		;
-}
-
-void
-closedir(DIR *dir)
-{
-	DosFindClose(dir->handle);
-	free(dir);
-}
-
-/*****************************************************************************/
-
-#ifdef TEST
-
-main(int argc, char **argv)
-{
-	int i;
-	DIR *dir;
-	struct dirent *ep;
-
-	for (i = 1; i < argc; ++i) {
-		dir = opendir(argv[i]);
-		if (!dir)
-			continue;
-		while (ep = readdir(dir))
-			if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1]))
-				printf("%s%s\n", argv[i], ep->d_name);
-			else
-				printf("%s/%s\n", argv[i], ep->d_name);
-		closedir(dir);
-	}
-
-	return 0;
-}
-
-#endif
-
-#endif /* OS2 */
-
deleted file mode 100644
--- a/security/dbm/src/dirent.h
+++ /dev/null
@@ -1,97 +0,0 @@
-#ifndef __DIRENT_H__
-#define __DIRENT_H__
-/*
- * @(#)msd_dir.h 1.4 87/11/06   Public Domain.
- *
- *  A public domain implementation of BSD directory routines for
- *  MS-DOS.  Written by Michael Rendell ({uunet,utai}michael@garfield),
- *  August 1897
- *
- *  Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks
- *  and returns 2 more pieces of information - file size & attribute.
- *  Plus a little reshuffling of some #define's positions    December 1987
- *
- *  Some modifications by Martin Junius                      02-14-89
- *
- *	AK900712
- *	AK910410	abs_path - make absolute path
- *
- */
-
-#ifdef __EMX__
-#include <sys/param.h>
-#else
-#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC)
-#include <stdio.h>
-#ifdef MAXPATHLEN
-	#undef MAXPATHLEN
-#endif
-#define MAXPATHLEN (FILENAME_MAX*4)
-#define MAXNAMLEN FILENAME_MAX
-
-#else
-#include <param.h>
-#endif
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* attribute stuff */
-#ifndef A_RONLY
-# define A_RONLY   0x01
-# define A_HIDDEN  0x02
-# define A_SYSTEM  0x04
-# define A_LABEL   0x08
-# define A_DIR     0x10
-# define A_ARCHIVE 0x20
-#endif
-
-struct dirent {
-#if defined(OS2) || defined(WIN32)        /* use the layout of EMX to avoid trouble */
-    int            d_ino;                 /* Dummy */
-    int            d_reclen;		  /* Dummy, same as d_namlen */
-    int            d_namlen;              /* length of name */
-    char           d_name[MAXNAMLEN + 1];
-    unsigned long  d_size;
-    unsigned short d_attribute;           /* attributes (see above) */
-    unsigned short d_time;                /* modification time */
-    unsigned short d_date;                /* modification date */
-#else
-    char	   d_name[MAXNAMLEN + 1]; /* garentee null termination */
-    char	   d_attribute;		  /* .. extension .. */
-    unsigned long  d_size;		  /* .. extension .. */
-#endif
-};
-
-typedef struct _dirdescr DIR;
-/* the structs do not have to be defined here */
-
-extern DIR		*opendir(const char *);
-extern DIR		*openxdir(const char *, unsigned);
-extern struct dirent	*readdir(DIR *);
-extern void		seekdir(DIR *, long);
-extern long		telldir(DIR *);
-extern void 		closedir(DIR *);
-#define			rewinddir(dirp) seekdir(dirp, 0L)
-
-extern char *		abs_path(const char *name, char *buffer, int len);
-
-#ifndef S_IFMT
-#define S_IFMT ( S_IFDIR | S_IFREG )
-#endif
-
-#ifndef S_ISDIR
-#define S_ISDIR( m )                    (((m) & S_IFMT) == S_IFDIR)
-#endif
-
-#ifndef S_ISREG
-#define S_ISREG( m )                    (((m) & S_IFMT) == S_IFREG)
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
deleted file mode 100644
--- a/security/dbm/src/manifest.mn
+++ /dev/null
@@ -1,61 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH  = $(CORE_DEPTH)/../dbm/src
-
-MODULE = dbm
-
-#
-# memmove.c, snprintf.c, and strerror.c are not in CSRCS because
-# the Standard C Library has memmove and strerror and DBM is not
-# using snprintf.
-#
-
-CSRCS = db.c	   \
-	h_bigkey.c \
-	h_func.c   \
-	h_log2.c   \
-	h_page.c   \
-	hash.c	   \
-	hash_buf.c \
-	hsearch.c  \
-	mktemp.c   \
-	ndbm.c	   \
-	nsres.c	   \
-	dirent.c	   \
-	$(NULL)
-
-LIBRARY_NAME = dbm
deleted file mode 100644
--- a/security/dbm/tests/Makefile
+++ /dev/null
@@ -1,69 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-DEPTH		= ../..
-CORE_DEPTH	= ../..
-
-VPATH		= $(CORE_DEPTH)/../dbm/tests
-
-MODULE		= dbm
-
-CSRCS		= lots.c
-
-PROGRAM		= lots
-
-include $(DEPTH)/coreconf/config.mk
-
-include $(DEPTH)/dbm/config/config.mk
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET))) 
-LIBDBM		= ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX)
-else
-LIBDBM		= ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX)
-endif
-
-INCLUDES	+= -I$(CORE_DEPTH)/../dbm/include
-
-LDFLAGS		= $(LDOPTS) $(LIBDBM)
-
-include $(DEPTH)/coreconf/rules.mk
-
-lots.pure: lots
-	purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS)
-
-crash: crash.o $(MYLIBS)
-	$(CC) -o crash $(CFLAGS) $^
-
-crash.pure: crash.o $(MYLIBS)
-	purify $(CC) -o crash.pure $(CFLAGS) $^
-
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -1251,133 +1251,16 @@ sha1_restart(unsigned char *dest, const 
     }
     SHA1_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA1_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-    SECStatus rv = SECSuccess;
-    SHA256Context *cx, *cx_cpy;
-    unsigned char *cxbytes;
-    unsigned int len;
-    unsigned int i, quarter;
-    cx = SHA256_NewContext();
-    SHA256_Begin(cx);
-    /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA256_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA256_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA256_Flatten(cx, cxbytes);
-	cx_cpy = SHA256_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA256_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName);
-	    goto finish;
-	}
-	SHA256_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
-    }
-    SHA256_End(cx, dest, &len, MD5_LENGTH);
-finish:
-    SHA256_DestroyContext(cx, PR_TRUE);
-    return rv;
-}
-
-SECStatus
-SHA384_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-    SECStatus rv = SECSuccess;
-    SHA384Context *cx, *cx_cpy;
-    unsigned char *cxbytes;
-    unsigned int len;
-    unsigned int i, quarter;
-    cx = SHA384_NewContext();
-    SHA384_Begin(cx);
-    /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA384_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA384_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA384_Flatten(cx, cxbytes);
-	cx_cpy = SHA384_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA384_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName);
-	    goto finish;
-	}
-	SHA384_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
-    }
-    SHA384_End(cx, dest, &len, MD5_LENGTH);
-finish:
-    SHA384_DestroyContext(cx, PR_TRUE);
-    return rv;
-}
-
-SECStatus
-SHA512_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-    SECStatus rv = SECSuccess;
-    SHA512Context *cx, *cx_cpy;
-    unsigned char *cxbytes;
-    unsigned int len;
-    unsigned int i, quarter;
-    cx = SHA512_NewContext();
-    SHA512_Begin(cx);
-    /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA512_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA512_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA512_Flatten(cx, cxbytes);
-	cx_cpy = SHA512_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA512_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName);
-	    goto finish;
-	}
-	SHA512_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
-    }
-    SHA512_End(cx, dest, &len, MD5_LENGTH);
-finish:
-    SHA512_DestroyContext(cx, PR_TRUE);
-    return rv;
-}
-
-SECStatus
 pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
 	      int keysize, int exponent)
 {
     int i;
     SECStatus rv = SECSuccess;
     bltestRSAParams *rsap;
     bltestDSAParams *dsap;
     switch (cipherInfo->mode) {
@@ -1483,39 +1366,18 @@ cipherInit(bltestCipherInfo *cipherInfo,
     case bltestSHA1:
 	restart = cipherInfo->params.hash.restart;
 	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
 			  SHA1_LENGTH);
 	cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
 	return SECSuccess;
 	break;
     case bltestSHA256:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA256_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart 
-	                                          : SHA256_HashBuf;
-	return SECSuccess;
-	break;
     case bltestSHA384:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA384_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart 
-	                                          : SHA384_HashBuf;
-	return SECSuccess;
-	break;
     case bltestSHA512:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA512_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart 
-	                                          : SHA512_HashBuf;
-	return SECSuccess;
-	break;
     default:
 	return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
 dsaOp(bltestCipherInfo *cipherInfo)
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha256/ciphertext0
+++ /dev/null
@@ -1,1 +0,0 @@
-ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha256/ciphertext1
+++ /dev/null
@@ -1,1 +0,0 @@
-JI1qYdIGOLjlwCaTDD5gOaM85Flk/yFn9uzt1BnbBsE=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha256/numtests
+++ /dev/null
@@ -1,1 +0,0 @@
-2
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha256/plaintext0
+++ /dev/null
@@ -1,1 +0,0 @@
-abc
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha256/plaintext1
+++ /dev/null
@@ -1,1 +0,0 @@
-abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha384/ciphertext0
+++ /dev/null
@@ -1,1 +0,0 @@
-ywB1P0WjXou1oD1pmsZQBycsMqsO3tFjGotgWkP/W+2AhgcroefMI1i67KE0yCWn
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha384/ciphertext1
+++ /dev/null
@@ -1,1 +0,0 @@
-CTMMM/cRR+g9GS/Hgs0bR1MRGxc7OwXSL6CAhuOw9xL8x8caVX4tuWbD6fqRdGA5
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha384/numtests
+++ /dev/null
@@ -1,1 +0,0 @@
-2
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha384/plaintext0
+++ /dev/null
@@ -1,1 +0,0 @@
-abc
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha384/plaintext1
+++ /dev/null
@@ -1,1 +0,0 @@
-abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha512/ciphertext0
+++ /dev/null
@@ -1,2 +0,0 @@
-3a81oZNherrMQXNJriBBMRLm+k6JqX6iCp7u5ktV05ohkpkqJ0/BqDa6PCOj/uu9
-RU1EI2Q86A4qmslPpUyknw==
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha512/ciphertext1
+++ /dev/null
@@ -1,2 +0,0 @@
-jpWbddrjE9qM9PcoFPwUP493ecbrn3+hcpmurbaIkBhQHSieSQD35DMbmd7EtUM6
-x9Mp7rbdJlReluVbh0vpCQ==
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha512/numtests
+++ /dev/null
@@ -1,1 +0,0 @@
-2
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha512/plaintext0
+++ /dev/null
@@ -1,1 +0,0 @@
-abc
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/sha512/plaintext1
+++ /dev/null
@@ -1,1 +0,0 @@
-abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -238,19 +238,18 @@ GetCertRequest(PRFileDesc *inFile, PRBoo
 	if (rv)
 	    break;
 	
         rv = SEC_ASN1DecodeItem(arena, certReq, 
 		SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
    } while (0);
 
    if (!rv) {
-   	rv = CERT_VerifySignedDataWithPubKeyInfo(&signedData, 
-					         &certReq->subjectPublicKeyInfo,
-					         NULL /* wincx */);
+   	rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, 
+		&certReq->subjectPublicKeyInfo, NULL /* wincx */);
    }
 
    if (rv) {
        PRErrorCode  perr = PR_GetError();
        fprintf(stderr, "%s: unable to decode DER cert request (%s)\n", progName,
                SECU_Strerror(perr));
    }
    return (certReq);
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -699,23 +699,23 @@ SECU_PrintAsHex(FILE *out, SECItem *data
     for (i = 0; i < data->len; i++) {
 	unsigned char val = data->data[i];
 
         if (isString && val && !isprint(val)) {
 	    isString = PR_FALSE;
 	}
 	if (i != data->len - 1) {
 	    fprintf(out, "%02x:", data->data[i]);
-	    column += 4;
+	    column += 3;
 	} else {
 	    fprintf(out, "%02x", data->data[i]);
-	    column += 3;
+	    column += 2;
 	    break;
 	}
-	if (column > 76) {
+	if (column > 76 || (i % 16 == 15)) {
 	    secu_Newline(out);
 	    SECU_Indent(out, level); column = level*INDENT_MULT;
 	}
     }
     if (isString) {
 	secu_Newline(out);
         SECU_Indent(out, level); column = level*INDENT_MULT;
 	for (i = 0; i < data->len; i++) {
@@ -793,17 +793,24 @@ SECU_PrintBuf(FILE *out, const char *msg
     }
 }
 
 void
 SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level)
 {
     int iv;
 
-    if (i->len > 4) {
+    if (!i || !i->len || !i->data) {
+	SECU_Indent(out, level); 
+	if (m) {
+	    fprintf(out, "%s: (null)\n", m);
+	} else {
+	    fprintf(out, "(null)\n");
+	}
+    } else if (i->len > 4) {
 	SECU_PrintAsHex(out, i, m, level);
     } else {
 	iv = DER_GetInteger(i);
 	SECU_Indent(out, level); 
 	if (m) {
 	    fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
 	} else {
 	    fprintf(out, "%d (0x%x)\n", iv, iv);
@@ -1206,46 +1213,43 @@ secu_PrintDSAPublicKey(FILE *out, SECKEY
     SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
 }
 
 static int
 secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
 		       CERTSubjectPublicKeyInfo *i,  char *msg, int level)
 {
     SECKEYPublicKey *pk;
-    int rv;
 
     SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
     SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
 
-    pk = (SECKEYPublicKey*) PORT_ZAlloc(sizeof(SECKEYPublicKey));
-    if (!pk)
-	return PORT_GetError();
+    pk = SECKEY_ExtractPublicKey(i);
+    if (pk) {
+	switch (pk->keyType) {
+	case rsaKey:
+	    secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1);
+	    break;
+
+	case dsaKey:
+	    secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
+	    break;
 
-    DER_ConvertBitString(&i->subjectPublicKey);
-    switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) {
-      case SEC_OID_PKCS1_RSA_ENCRYPTION:
-	rv = SEC_ASN1DecodeItem(arena, pk, 
-	                        SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate),
-				&i->subjectPublicKey);
-	if (rv)
-	    return rv;
-	secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1);
-	break;
-      case SEC_OID_ANSIX9_DSA_SIGNATURE:
-	rv = SEC_ASN1DecodeItem(arena, pk, 
-	                        SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate),
-				&i->subjectPublicKey);
-	if (rv)
-	    return rv;
-	secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
-	break;
-      default:
-	fprintf(out, "bad SPKI algorithm type\n");
-	return 0;
+	case dhKey:
+	case fortezzaKey:
+	case keaKey:
+    	    fprintf(out, "unable to format this SPKI algorithm type\n");
+	    break;
+	default:
+	    fprintf(out, "unknown SPKI algorithm type\n");
+	    break;
+	}
+	PORT_FreeArena(pk->arena, PR_FALSE);
+    } else {
+	SECU_PrintError("Error", "Parsing public key");
     }
 
     return 0;
 }
 
 static SECStatus
 secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
 {
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -1700,13 +1700,19 @@ main(int argc, char **argv)
 
     if (debugCache) {
 	nss_DumpCertificateCacheInfo();
     }
 
     free(nickName);
     free(passwd);
 
-    NSS_Shutdown();
+    SSL_ShutdownServerSessionIDCache();
+
+    if (NSS_Shutdown() != SECSuccess) {
+	SECU_PrintError(progName, "NSS_Shutdown");
+	PR_Cleanup();
+	exit(1);
+    }
     PR_Cleanup();
     printf("selfserv: normal termination\n");
     return 0;
 }
--- a/security/nss/cmd/smimetools/cmsutil.c
+++ b/security/nss/cmd/smimetools/cmsutil.c
@@ -110,17 +110,16 @@ Usage(char *progName)
     fprintf(stderr, "  -n           suppress output of content\n");
     fprintf(stderr, "  -h num       generate email headers with info about CMS message\n");
     fprintf(stderr, " -S            create a CMS signed message\n");
     fprintf(stderr, "  -N nick      use certificate named \"nick\" for signing\n");
     fprintf(stderr, "  -T           do not include content in CMS message\n");
     fprintf(stderr, "  -G           include a signing time attribute\n");
     fprintf(stderr, "  -P           include a SMIMECapabilities attribute\n");
     fprintf(stderr, "  -Y nick      include a EncryptionKeyPreference attribute with cert\n");
-    fprintf(stderr, "                 (use \"NONE\" to omit)\n");
     fprintf(stderr, " -E            create a CMS enveloped message (NYI)\n");
     fprintf(stderr, "  -r id,...    create envelope for these recipients,\n");
     fprintf(stderr, "               where id can be a certificate nickname or email address\n");
     fprintf(stderr, " -v            print debugging information\n");
     fprintf(stderr, "\nCert usage codes:\n");
     fprintf(stderr, "%-25s  0 - certUsageSSLClient\n", " ");
     fprintf(stderr, "%-25s  1 - certUsageSSLServer\n", " ");
     fprintf(stderr, "%-25s  2 - certUsageSSLServerWithStepUp\n", " ");
@@ -412,17 +411,17 @@ signed_data(struct signOptionsStr *signO
     }
     if (signOptions->nickname == NULL) {
 	fprintf(stderr, 
         "ERROR: please indicate the nickname of a certificate to sign with.\n");
 	return NULL;
     }
     if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle, 
                                          signOptions->nickname,
-                                         signOptions->options->certUsage,
+                                         certUsageEmailSigner,
                                          PR_FALSE,
                                          NULL)) == NULL) {
 	SECU_PrintError(progName, 
 	                "the corresponding cert for key \"%s\" does not exist",
 	                signOptions->nickname);
 	return NULL;
     }
     if (cms_verbose) {
@@ -488,17 +487,45 @@ signed_data(struct signOptionsStr *signO
     }
     if (signOptions->smimeProfile) {
 	if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
 	    fprintf(stderr, "ERROR: cannot add SMIMECaps attribute.\n");
 	    goto loser;
 	}
     }
 
-    if (!signOptions->encryptionKeyPreferenceNick) {
+    if (signOptions->encryptionKeyPreferenceNick) {
+	/* get the cert, add it to the message */
+	if ((ekpcert = CERT_FindUserCertByUsage(
+                                     signOptions->options->certHandle, 
+	                             signOptions->encryptionKeyPreferenceNick,
+                                     certUsageEmailRecipient, PR_FALSE, NULL))
+	      == NULL) {
+	    SECU_PrintError(progName, 
+	               "the corresponding cert for key \"%s\" does not exist",
+	                signOptions->encryptionKeyPreferenceNick);
+	    goto loser;
+	}
+	if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert, 
+	                                     signOptions->options->certHandle)
+	      != SECSuccess) {
+	    fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
+	    goto loser;
+	}
+	if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert, 
+	                                     signOptions->options->certHandle)
+	      != SECSuccess) {
+	    fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
+	    goto loser;
+	}
+	if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
+	    fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
+	    goto loser;
+	}
+    } else {
 	/* check signing cert for fitness as encryption cert */
         SECStatus FitForEncrypt = CERT_CheckCertUsage(cert,
                                                       certUsageEmailRecipient);
 
         if (SECSuccess == FitForEncrypt) {
             /* if yes, add signing cert as EncryptionKeyPreference */
             if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, cert, 
                                               signOptions->options->certHandle)
@@ -543,46 +570,16 @@ signed_data(struct signOptionsStr *signO
                         "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
                 goto loser;
             }
             if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
                 fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
                 goto loser;
             }
         }
-    } else if (PL_strcmp(signOptions->encryptionKeyPreferenceNick, "NONE") == 0) {
-        /* No action */
-    } else {
-	/* get the cert, add it to the message */
-	if ((ekpcert = CERT_FindUserCertByUsage(
-                                     signOptions->options->certHandle, 
-	                             signOptions->encryptionKeyPreferenceNick,
-                                     certUsageEmailRecipient, PR_FALSE, NULL))
-	      == NULL) {
-	    SECU_PrintError(progName, 
-	               "the corresponding cert for key \"%s\" does not exist",
-	                signOptions->encryptionKeyPreferenceNick);
-	    goto loser;
-	}
-	if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert, 
-	                                     signOptions->options->certHandle)
-	      != SECSuccess) {
-	    fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
-	    goto loser;
-	}
-	if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert, 
-	                                     signOptions->options->certHandle)
-	      != SECSuccess) {
-	    fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
-	    goto loser;
-	}
-	if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
-	    fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
-	    goto loser;
-	}
     }
 
     if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
 	fprintf(stderr, "ERROR: cannot add CMS signerInfo object.\n");
 	goto loser;
     }
     if (cms_verbose) {
 	fprintf(stderr, "created signed-date message\n");
@@ -957,16 +954,27 @@ loser:
 	NSS_CMSMessage_Destroy(cmsg);
     if (tmppoolp)
 	PORT_FreeArena(tmppoolp, PR_FALSE);
     return NULL;
 }
 
 typedef enum { UNKNOWN, DECODE, SIGN, ENCRYPT, ENVELOPE, CERTSONLY } Mode;
 
+#if 0
+void
+parse_message_for_recipients(PRFileDesc *inFile, 
+                             struct envelopeOptionsStr *envelopeOptions)
+{
+    SECItem filedata;
+    SECStatus rv;
+    rv = SECU_FileToItem(&filedata, inFile);
+}
+#endif
+
 int
 main(int argc, char **argv)
 {
     FILE *outFile;
     NSSCMSMessage *cmsg = NULL;
     PRFileDesc *inFile;
     PLOptState *optstate;
     PLOptStatus status;
@@ -1014,17 +1022,17 @@ main(int argc, char **argv)
     encryptOptions.bulkalgtag = SEC_OID_UNKNOWN;
     encryptOptions.bulkkey = NULL;
     encryptOptions.keysize = -1;
 
     /*
      * Parse command line arguments
      */
     optstate = PL_CreateOptState(argc, argv, 
-                                 "CDSEOnN:TGPY:vh:p:i:c:d:e:o:s:u:r:");
+                                 "CDSEOnN:TGPYv:h:p:i:c:d:e:o:s:u:r:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	case '?':
 	    Usage(progName);
 	    break;
 	
 	case 'C':
 	    mode = ENCRYPT;
@@ -1157,30 +1165,40 @@ main(int argc, char **argv)
 	          PR_Open(optstate->value, PR_RDONLY, 006600)) == NULL) {
 		fprintf(stderr, "%s: unable to open \"%s\" for reading.\n",
 			progName, optstate->value);
 		exit(1);
 	    }
 	    break;
 
 	case 'o':
+#if 0
+	    if (mode == DECODE) {
+		outFile = fopen(optstate->value, "w");
+	    } else {
+		outFile = fopen(optstate->value, "wb");
+	    }
+#endif
 	    outFile = fopen(optstate->value, "wb");
 	    if (outFile == NULL) {
 		fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
 			progName, optstate->value);
 		exit(1);
 	    }
 	    break;
 
 	case 'r':
 	    if (!optstate->value) {
 		fprintf(stderr, "%s: option -r must have a value.\n", progName);
 		Usage(progName);
 		exit(1);
 	    }
+#if 0
+	    fprintf(stderr, "recipient = %s\n", optstate->value);
+#endif
 	    envelopeOptions.recipients = ptrarray;
 	    str = (char *)optstate->value;
 	    do {
 		tok = strchr(str, ',');
 		if (tok) *tok = '\0';
 		envelopeOptions.recipients[nrecipients++] = strdup(str);
 		if (tok) str = tok + 1;
 	    } while (tok);
@@ -1237,16 +1255,17 @@ main(int argc, char **argv)
 	SECU_PrintError(progName, "No default cert DB");
 	exit(1);
     }
     if (cms_verbose) {
 	fprintf(stderr, "Got default certdb\n");
     }
 
 #if defined(_WIN32)
+    /*if (outFile == stdout && mode != DECODE) {*/
     if (outFile == stdout) {
 	/* If we're going to write binary data to stdout, we must put stdout
 	** into O_BINARY mode or else outgoing \n's will become \r\n's.
 	*/
 	int smrv = _setmode(_fileno(stdout), _O_BINARY);
 	if (smrv == -1) {
 	    fprintf(stderr,
 	    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
@@ -1332,16 +1351,20 @@ main(int argc, char **argv)
 	}
 	if (encryptOptions.bulkkey) {
 	    PK11_FreeSymKey(encryptOptions.bulkkey);
 	    encryptOptions.bulkkey = NULL;
 	}
 	break;
     case ENVELOPE:
 	envelopeOptions.options = &options;
+#if 0
+	if (!envelopeOptions.recipients)
+	    parse_message_for_recipients(myIn, &envelopeOptions);
+#endif
 	cmsg = enveloped_data(&envelopeOptions);
 	if (!cmsg) {
 	    SECU_PrintError(progName, "problem enveloping");
 	    exitstatus = 1;
 	}
 	break;
     case CERTSONLY:
 	certsonlyOptions.options = &options;
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -1139,13 +1139,14 @@ main(int argc, char **argv)
 	exitVal = (ssl3stats->hsh_sid_cache_misses > 1) ||
                 (ssl3stats->hsh_sid_cache_not_ok != 0) ||
                 (certsTested > 1);
     else
 	exitVal = (ssl3stats->hsh_sid_cache_misses != connections) ||
                 (certsTested != connections);
 
     exitVal = ( exitVal || failed_already );
+    SSL_ClearSessionCache();
     NSS_Shutdown();
     PR_Cleanup();
     return exitVal;
 }
 
deleted file mode 100644
--- a/security/nss/cmd/vfychain/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-# 
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../platlibs.mk
-
-ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET)))  # omits WINCE
-ifndef BUILD_OPT
-LDFLAGS   +=  /subsystem:console /profile /debug /machine:I386 /incremental:no
-OS_CFLAGS += -D_CONSOLE
-endif
-endif
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-#include ../platlibs.mk
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-include ../platrules.mk
-
deleted file mode 100644
--- a/security/nss/cmd/vfychain/manifest.mn
+++ /dev/null
@@ -1,51 +0,0 @@
-# 
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header  directories are implicitly REQUIRED.
-MODULE = nss
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd 
-
-# DIRS = 
-
-CSRCS	= vfychain.c  
-DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
-
-PROGRAM	= vfychain
-
deleted file mode 100644
--- a/security/nss/cmd/vfychain/vfychain.c
+++ /dev/null
@@ -1,435 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/****************************************************************************
- *  Read in a cert chain from one or more files, and verify the chain for
- *  some usage.
- *                                                                          *
- *  This code was modified from other code also kept in the NSS directory.
- ****************************************************************************/ 
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include "prerror.h"
-
-#include "nssrenam.h"
-#include "pk11func.h"
-#include "seccomon.h"
-#include "secutil.h"
-#include "secmod.h"
-#include "secitem.h"
-#include "cert.h"
-
-
-/* #include <stdlib.h> */
-/* #include <errno.h> */
-/* #include <fcntl.h> */
-/* #include <stdarg.h> */
-
-#include "nspr.h"
-#include "plgetopt.h"
-#include "prio.h"
-#include "nss.h"
-
-/* #include "vfyutil.h" */
-
-#define RD_BUF_SIZE (60 * 1024)
-
-int verbose;
-
-char *password = NULL;
-
-/* Function: char * myPasswd()
- * 
- * Purpose: This function is our custom password handler that is called by
- * SSL when retreiving private certs and keys from the database. Returns a
- * pointer to a string that with a password for the database. Password pointer
- * should point to dynamically allocated memory that will be freed later.
- */
-char *
-myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
-{
-    char * passwd = NULL;
-
-    if ( (!retry) && arg ) {
-	passwd = PORT_Strdup((char *)arg);
-    }
-    return passwd;
-}
-
-static void
-Usage(const char *progName)
-{
-    fprintf(stderr, 
-	    "Usage: %s [-d dbdir] certfile [certfile ...]\n",
-            progName);
-    exit(1);
-}
-
-/**************************************************************************
-** 
-** Error and information routines.
-**
-**************************************************************************/
-
-void
-errWarn(char *function)
-{
-    PRErrorCode  errorNumber = PR_GetError();
-    const char * errorString = SECU_Strerror(errorNumber);
-
-    fprintf(stderr, "Error in function %s: %d\n - %s\n",
-		    function, errorNumber, errorString);
-}
-
-void
-exitErr(char *function)
-{
-    errWarn(function);
-    /* Exit gracefully. */
-    NSS_Shutdown();
-    PR_Cleanup();
-    exit(1);
-}
-
-static char *
-bestCertName(CERTCertificate *cert) {
-    if (cert->nickname) {
-	return cert->nickname;
-    }
-    if (cert->emailAddr) {
-	return cert->emailAddr;
-    }
-    return cert->subjectName;
-}
-
-void
-printCertProblems(FILE *outfile, CERTCertDBHandle *handle, 
-	CERTCertificate *cert, PRBool checksig, 
-	SECCertUsage certUsage, void *pinArg)
-{
-    CERTVerifyLog      log;
-    CERTVerifyLogNode *node   = NULL;
-    unsigned int       depth  = (unsigned int)-1;
-    unsigned int       flags  = 0;
-    char *             errstr = NULL;
-    PRErrorCode	       err    = PORT_GetError();
-
-    log.arena = PORT_NewArena(512);
-    log.head = log.tail = NULL;
-    log.count = 0;
-    CERT_VerifyCert(handle, cert, checksig, certUsage,
-	            PR_Now(), pinArg, &log);
-
-    if (log.count > 0) {
-	fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n");
-	for (node = log.head; node; node = node->next) {
-	    if (depth != node->depth) {
-		depth = node->depth;
-		fprintf(outfile,"CERT %d. %s %s:\n", depth,
-				 bestCertName(node->cert), 
-			  	 depth ? "[Certificate Authority]": "");
-	    	if (verbose) {
-		    const char * emailAddr;
-		    emailAddr = CERT_GetFirstEmailAddress(node->cert);
-		    if (emailAddr) {
-		    	fprintf(outfile,"Email Address(es): ");
-			do {
-			    fprintf(outfile, "%s\n", emailAddr);
-			    emailAddr = CERT_GetNextEmailAddress(node->cert,
-			                                         emailAddr);
-			} while (emailAddr);
-		    }
-		}
-	    }
-	    fprintf(outfile,"  ERROR %d: %s\n", node->error,
-						SECU_Strerror(node->error));
-	    errstr = NULL;
-	    switch (node->error) {
-	    case SEC_ERROR_INADEQUATE_KEY_USAGE:
-		flags = (unsigned int)node->arg;
-		switch (flags) {
-		case KU_DIGITAL_SIGNATURE:
-		    errstr = "Cert cannot sign.";
-		    break;
-		case KU_KEY_ENCIPHERMENT:
-		    errstr = "Cert cannot encrypt.";
-		    break;
-		case KU_KEY_CERT_SIGN:
-		    errstr = "Cert cannot sign other certs.";
-		    break;
-		default:
-		    errstr = "[unknown usage].";
-		    break;
-		}
-	    case SEC_ERROR_INADEQUATE_CERT_TYPE:
-		flags = (unsigned int)node->arg;
-		switch (flags) {
-		case NS_CERT_TYPE_SSL_CLIENT:
-		case NS_CERT_TYPE_SSL_SERVER:
-		    errstr = "Cert cannot be used for SSL.";
-		    break;
-		case NS_CERT_TYPE_SSL_CA:
-		    errstr = "Cert cannot be used as an SSL CA.";
-		    break;
-		case NS_CERT_TYPE_EMAIL:
-		    errstr = "Cert cannot be used for SMIME.";
-		    break;
-		case NS_CERT_TYPE_EMAIL_CA:
-		    errstr = "Cert cannot be used as an SMIME CA.";
-		    break;
-		case NS_CERT_TYPE_OBJECT_SIGNING:
-		    errstr = "Cert cannot be used for object signing.";
-		    break;
-		case NS_CERT_TYPE_OBJECT_SIGNING_CA:
-		    errstr = "Cert cannot be used as an object signing CA.";
-		    break;
-		default:
-		    errstr = "[unknown usage].";
-		    break;
-		}
-	    case SEC_ERROR_UNKNOWN_ISSUER:
-	    case SEC_ERROR_UNTRUSTED_ISSUER:
-	    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
-		errstr = node->cert->issuerName;
-		break;
-	    default:
-		break;
-	    }
-	    if (errstr) {
-		fprintf(stderr,"    %s\n",errstr);
-	    }
-	    CERT_DestroyCertificate(node->cert);
-	}    
-    }
-    PORT_SetError(err); /* restore original error code */
-}
-
-typedef struct certMemStr {
-    struct certMemStr * next;
-    CERTCertificate * cert;
-} certMem;
-
-certMem * theCerts;
-
-void
-rememberCert(CERTCertificate * cert)
-{
-    certMem * newCertMem = PORT_ZNew(certMem);
-    if (newCertMem) {
-	newCertMem->next = theCerts;
-	newCertMem->cert = cert;
-	theCerts = newCertMem;
-    }
-}
-
-void
-forgetCerts(void)
-{
-    certMem * oldCertMem;
-    while (oldCertMem = theCerts) {
-    	theCerts = oldCertMem->next;
-	CERT_DestroyCertificate(oldCertMem->cert);
-	PORT_Free(oldCertMem);
-    }
-    theCerts = NULL;
-}
-
-
-CERTCertificate *
-readCertFile(const char * fileName, PRBool isAscii)
-{
-    unsigned char * pb;
-    CERTCertificate * cert  = NULL;
-    CERTCertDBHandle *defaultDB = NULL;
-    PRFileDesc*     fd;
-    PRInt32         cc      = -1;
-    PRInt32         total;
-    PRInt32         remaining;
-    SECItem         item;
-    static unsigned char certBuf[RD_BUF_SIZE];
-
-    fd = PR_Open(fileName, PR_RDONLY, 0777); 
-    if (!fd) {
-	PRIntn err = PR_GetError();
-    	fprintf(stderr, "open of %s failed, %d = %s\n", 
-	        fileName, err, SECU_Strerror(err));
-	return cert;
-    }
-    /* read until EOF or buffer is full */
-    pb = certBuf;
-    while (0 < (remaining = (sizeof certBuf) - (pb - certBuf))) {
-	cc = PR_Read(fd, pb, remaining);
-	if (cc == 0) 
-	    break;
-	if (cc < 0) {
-	    PRIntn err = PR_GetError();
-	    fprintf(stderr, "read of %s failed, %d = %s\n", 
-	        fileName, err, SECU_Strerror(err));
-	    break;
-	}
-	/* cc > 0 */
-	pb += cc;
-    }
-    PR_Close(fd);
-    if (cc < 0)
-    	return cert;
-    if (!remaining || cc > 0) { /* file was too big. */
-	fprintf(stderr, "cert file %s was too big.\n");
-	return cert;
-    }
-    total = pb - certBuf;
-    if (!total) { /* file was empty */
-	fprintf(stderr, "cert file %s was empty.\n");
-	return cert;
-    }
-    if (isAscii) {
-    	/* convert from Base64 to binary here ... someday */
-    }
-    item.type = siBuffer;
-    item.data = certBuf;
-    item.len  = total;
-    defaultDB = CERT_GetDefaultCertDB();
-    cert = CERT_NewTempCertificate(defaultDB, &item, 
-                                   NULL     /* nickname */, 
-                                   PR_FALSE /* isPerm */, 
-				   PR_TRUE  /* copyDER */);
-    if (!cert) {
-	PRIntn err = PR_GetError();
-	fprintf(stderr, "couldn't import %s, %d = %s\n",
-	        fileName, err, SECU_Strerror(err));
-    }
-    return cert;
-}
-
-int
-main(int argc, char *argv[], char *envp[])
-{
-    char *               certDir      = NULL;
-    char *               progName     = NULL;
-    char *               cipherString = NULL;
-    CERTCertificate *    cert;
-    CERTCertificate *    firstCert    = NULL;
-    CERTCertDBHandle *   defaultDB    = NULL;
-    PRBool               isAscii      = PR_FALSE;
-    SECStatus            secStatus;
-    SECCertUsage         certUsage    = certUsageSSLServer;
-    PLOptState *         optstate;
-    PLOptStatus          status;
-
-    PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
-    progName = PL_strdup(argv[0]);
-
-    optstate = PL_CreateOptState(argc, argv, "ad:ru:w:v");
-    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
-	switch(optstate->option) {
-	case  0  : /* positional parameter */  goto breakout;
-	case 'a' : isAscii  = PR_TRUE;                        break;
-	case 'd' : certDir  = PL_strdup(optstate->value);     break;
-	case 'r' : isAscii  = PR_FALSE;                       break;
-	case 'u' : certUsage = (SECCertUsage)PORT_Atoi(optstate->value); break;
-	case 'w' : password = PL_strdup(optstate->value);     break;
-	case 'v' : verbose++;                                 break;
-	default  : Usage(progName);                           break;
-	}
-    }
-breakout:
-    if (status != PL_OPT_OK)
-	Usage(progName);
-
-    /* Set our password function callback. */
-    PK11_SetPasswordFunc(myPasswd);
-
-    /* Initialize the NSS libraries. */
-    if (certDir) {
-	secStatus = NSS_Init(certDir);
-    } else {
-	secStatus = NSS_NoDB_Init(NULL);
-
-	/* load the builtins */
-	SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0);
-    }
-    if (secStatus != SECSuccess) {
-	exitErr("NSS_Init");
-    }
-
-
-    while (status == PL_OPT_OK) {
-	switch(optstate->option) {
-	default  : Usage(progName);                           break;
-	case 'a' : isAscii  = PR_TRUE;                        break;
-	case 'r' : isAscii  = PR_FALSE;                       break;
-	case  0  : /* positional parameter */
-	    cert = readCertFile(optstate->value, isAscii);
-	    if (!cert) 
-	        goto punt;
-	    rememberCert(cert);
-	    if (!firstCert)
-	        firstCert = cert;
-	    break;
-	}
-        status = PL_GetNextOpt(optstate);
-    }
-    if (status == PL_OPT_BAD || !firstCert)
-	Usage(progName);
-
-    /* NOW, verify the cert chain. */
-    defaultDB = CERT_GetDefaultCertDB();
-    secStatus = CERT_VerifyCert(defaultDB, firstCert, 
-                                PR_TRUE /* check sig */,
-				certUsage, 
-				PR_Now(), 
-				NULL, 		/* wincx  */
-				NULL);		/* error log */
-
-    if (secStatus != SECSuccess) {
-	PRIntn err = PR_GetError();
-	fprintf(stderr, "Chain is bad, %d = %s\n", err, SECU_Strerror(err));
-	printCertProblems(stderr, defaultDB, firstCert, 
-			  PR_TRUE, certUsage, NULL);
-    } else {
-    	fprintf(stderr, "Chain is good!\n");
-    }
-
-punt:
-    forgetCerts();
-    NSS_Shutdown();
-    PR_Cleanup();
-    return 0;
-}
--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -45,29 +45,42 @@ int ssl2CipherSuites[] = {
     SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
     SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
     SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
     0
 };
 
 int ssl3CipherSuites[] = {
-    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
-    SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,      /* b */
-    SSL_RSA_WITH_RC4_128_MD5,               /* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,          /* d */
-    SSL_RSA_WITH_DES_CBC_SHA,               /* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,         /* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     /* g */
-    SSL_FORTEZZA_DMS_WITH_NULL_SHA,         /* h */
-    SSL_RSA_WITH_NULL_MD5,                  /* i */
-    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     /* j */
-    SSL_RSA_FIPS_WITH_DES_CBC_SHA,          /* k */
-    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    /* l */
-    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     /* m */
+    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,	/* a */
+    SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,		/* b */
+    SSL_RSA_WITH_RC4_128_MD5,			/* c */
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
+    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    SSL_FORTEZZA_DMS_WITH_NULL_SHA,		/* h */
+    SSL_RSA_WITH_NULL_MD5,			/* i */
+    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
+    SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
+    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
+    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
+    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
+    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
+    SSL_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 /**************************************************************************
 ** 
 ** SSL callback routines.
 **
 **************************************************************************/
--- a/security/nss/lib/base/errorval.c
+++ b/security/nss/lib/base/errorval.c
@@ -83,9 +83,11 @@ const NSSError NSS_ERROR_MAXIMUM_FOUND  
 
 const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND   = 31;
 
 const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE           = 32;
 
 const NSSError NSS_ERROR_HASH_COLLISION                 = 33;
 const NSSError NSS_ERROR_DEVICE_ERROR                   = 34;
 const NSSError NSS_ERROR_INVALID_CERTIFICATE            = 35;
+const NSSError NSS_ERROR_BUSY                           = 36;
+const NSSError NSS_ERROR_ALREADY_INITIALIZED            = 37;
 
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@@ -473,16 +473,19 @@ CERT_FindCertByKeyID (CERTCertDBHandle *
 /*
 ** Generate a certificate key from the issuer and serialnumber, then look it
 ** up in the database.  Return the cert if found.
 **	"issuerAndSN" is the issuer and serial number to look for
 */
 extern CERTCertificate *
 CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
 
+extern CERTCertificate *
+CERT_FindCertBySubjectKeyID (CERTCertDBHandle *handle, SECItem *subjKeyID);
+
 /*
 ** Find a certificate in the database by a nickname
 **	"nickname" is the ascii string nickname to look for
 */
 extern CERTCertificate *
 CERT_FindCertByNickname (CERTCertDBHandle *handle, char *nickname);
 
 /*
@@ -564,19 +567,19 @@ extern CERTIssuerAndSN *CERT_GetCertIssu
 extern SECStatus CERT_VerifySignedData(CERTSignedData *sd,
 				       CERTCertificate *cert,
 				       int64 t,
 				       void *wincx);
 /*
 ** verify the signature of a signed data object with the given DER publickey
 */
 extern SECStatus
-CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd,
-                                    CERTSubjectPublicKeyInfo *pubKeyInfo,
-                                    void *wincx);
+CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
+                                       CERTSubjectPublicKeyInfo *pubKeyInfo,
+                                       void *wincx);
 
 /*
 ** verify the signature of a signed data object with a SECKEYPublicKey.
 */
 extern SECStatus
 CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
                                    SECKEYPublicKey *pubKey, void *wincx);
 
@@ -917,17 +920,17 @@ extern CERTCrlDistributionPoints * CERT_
 ** allocated in value->data.
 */
 extern SECStatus CERT_FindKeyUsageExtension (CERTCertificate *cert, 
 							SECItem *value);
 
 /* Return the decoded value of the subjectKeyID extension. The caller should 
 ** free up the storage allocated in retItem->data.
 */
-extern SECStatus CERT_FindSubjectKeyIDExten (CERTCertificate *cert, 
+extern SECStatus CERT_FindSubjectKeyIDExtension (CERTCertificate *cert, 
 							   SECItem *retItem);
 
 /*
 ** If cert is a v3 certificate, and a critical keyUsage extension is included,
 ** then check the usage against the extension value.  If a non-critical 
 ** keyUsage extension is included, this will return SECSuccess without 
 ** checking, since the extension is an advisory field, not a restriction.  
 ** If cert is not a v3 certificate, this will return SECSuccess.
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -665,17 +665,17 @@ cert_GetKeyID(CERTCertificate *cert)
 {
     SECItem tmpitem;
     SECStatus rv;
     SECKEYPublicKey *key;
     
     cert->subjectKeyID.len = 0;
 
     /* see of the cert has a key identifier extension */
-    rv = CERT_FindSubjectKeyIDExten(cert, &tmpitem);
+    rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem);
     if ( rv == SECSuccess ) {
 	cert->subjectKeyID.data = (unsigned char*) PORT_ArenaAlloc(cert->arena, tmpitem.len);
 	if ( cert->subjectKeyID.data != NULL ) {
 	    PORT_Memcpy(cert->subjectKeyID.data, tmpitem.data, tmpitem.len);
 	    cert->subjectKeyID.len = tmpitem.len;
 	    cert->keyIDGenerated = PR_FALSE;
 	}
 	
@@ -742,17 +742,17 @@ cert_IsRootCert(CERTCertificate *cert)
 	return PR_FALSE;
     }
 
     /* check the authKeyID extension */
     if (cert->authKeyID) {
 	/* authority key identifier is present */
 	if (cert->authKeyID->keyID.len > 0) {
 	    /* the keyIdentifier field is set, look for subjectKeyID */
-	    rv = CERT_FindSubjectKeyIDExten(cert, &tmpitem);
+	    rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem);
 	    if (rv == SECSuccess) {
 		PRBool match;
 		/* also present, they MUST match for it to be a root */
 		match = SECITEM_ItemsAreEqual(&cert->authKeyID->keyID,
 		                              &tmpitem);
 		PORT_Free(tmpitem.data);
 		if (!match) return PR_FALSE; /* else fall through */
 	    } else {
@@ -2732,8 +2732,164 @@ CERT_GetStatusConfig(CERTCertDBHandle *h
  * should not be another configuration set.
  */
 void
 CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *statusConfig)
 {
   PORT_Assert(handle->statusConfig == NULL);
   handle->statusConfig = statusConfig;
 }
+
+/*
+ * Code for dealing with subjKeyID to cert mappings.
+ */
+
+static PLHashTable *gSubjKeyIDHash = NULL;
+static PRLock      *gSubjKeyIDLock = NULL;
+
+static void *cert_AllocTable(void *pool, PRSize size)
+{
+    return PORT_Alloc(size);
+}
+
+static void cert_FreeTable(void *pool, void *item)
+{
+    PORT_Free(item);
+}
+
+static PLHashEntry* cert_AllocEntry(void *pool, const void *key)
+{
+    return PORT_New(PLHashEntry);
+}
+
+static void cert_FreeEntry(void *pool, PLHashEntry *he, PRUintn flag)
+{
+    SECITEM_FreeItem((SECItem*)(he->value), PR_TRUE);
+    if (flag == HT_FREE_ENTRY) {
+        SECITEM_FreeItem((SECItem*)(he->key), PR_TRUE);
+        PORT_Free(he);
+    }
+}
+
+static PLHashAllocOps cert_AllocOps = {
+    cert_AllocTable, cert_FreeTable, cert_AllocEntry, cert_FreeEntry
+};
+
+SECStatus
+cert_CreateSubjectKeyIDHashTable(void)
+{
+    gSubjKeyIDHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+                                    SECITEM_HashCompare,
+                                    &cert_AllocOps, NULL);
+    if (!gSubjKeyIDHash) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    gSubjKeyIDLock = PR_NewLock();
+    if (!gSubjKeyIDLock) {
+        PL_HashTableDestroy(gSubjKeyIDHash);
+        gSubjKeyIDHash = NULL;
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    return SECSuccess;
+
+}
+
+SECStatus
+cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert)
+{
+    SECItem *newKeyID, *oldVal, *newVal;
+    SECStatus rv = SECFailure;
+
+    if (!gSubjKeyIDLock) {
+	/* If one is created, then both are there.  So only check for one. */
+	return SECFailure;
+    }
+
+    newVal = SECITEM_DupItem(&cert->derCert);
+    if (!newVal) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto done;
+    }
+    newKeyID = SECITEM_DupItem(subjKeyID);
+    if (!newKeyID) {
+        SECITEM_FreeItem(newVal, PR_TRUE);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto done;
+    }
+
+    PR_Lock(gSubjKeyIDLock);
+    /* The hash table implementation does not free up the memory 
+     * associated with the key of an already existing entry if we add a 
+     * duplicate, so we would wind up leaking the previously allocated 
+     * key if we don't remove before adding.
+     */
+    oldVal = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
+    if (oldVal) {
+        PL_HashTableRemove(gSubjKeyIDHash, subjKeyID);
+    }
+
+    rv = (PL_HashTableAdd(gSubjKeyIDHash, newKeyID, newVal)) ? SECSuccess :
+                                                               SECFailure;
+    PR_Unlock(gSubjKeyIDLock);
+done:
+    return rv;
+}
+
+SECStatus
+cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID)
+{
+    SECStatus rv;
+    if (!gSubjKeyIDLock)
+        return SECFailure;
+
+    PR_Lock(gSubjKeyIDLock);
+    rv = (PL_HashTableRemove(gSubjKeyIDHash, subjKeyID)) ? SECSuccess :
+                                                           SECFailure;
+    PR_Unlock(gSubjKeyIDLock);
+    return rv;
+}
+
+SECStatus
+cert_DestroySubjectKeyIDHashTable(void)
+{
+    if (gSubjKeyIDHash) {
+        PR_Lock(gSubjKeyIDLock);
+        PL_HashTableDestroy(gSubjKeyIDHash);
+        gSubjKeyIDHash = NULL;
+        PR_Unlock(gSubjKeyIDLock);
+        PR_DestroyLock(gSubjKeyIDLock);
+        gSubjKeyIDLock = NULL;
+    }
+    return SECSuccess;
+}
+
+SECItem*
+cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID)
+{
+    SECItem   *val;
+ 
+    if (!gSubjKeyIDLock)
+        return NULL;
+
+    PR_Lock(gSubjKeyIDLock);
+    val = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
+    if (val) {
+        val = SECITEM_DupItem(val);
+    }
+    PR_Unlock(gSubjKeyIDLock);
+    return val;
+}
+
+CERTCertificate*
+CERT_FindCertBySubjectKeyID(CERTCertDBHandle *handle, SECItem *subjKeyID)
+{
+    CERTCertificate *cert = NULL;
+    SECItem *derCert;
+
+    derCert = cert_FindDERCertBySubjectKeyID(subjKeyID);
+    if (derCert) {
+        cert = CERT_FindCertByDERCert(handle, derCert);
+        SECITEM_FreeItem(derCert, PR_TRUE);
+    }
+    return cert;
+}
--- a/security/nss/lib/certdb/certi.h
+++ b/security/nss/lib/certdb/certi.h
@@ -183,10 +183,31 @@ SECStatus InitCRLCache(void);
 SECStatus ShutdownCRLCache(void);
 
 /* Returns a pointer to an environment-like string, a series of
 ** null-terminated strings, terminated by a zero-length string.
 ** This function is intended to be internal to NSS.
 */
 extern char * cert_GetCertificateEmailAddresses(CERTCertificate *cert);
 
+/*
+ * These functions are used to map subjectKeyID extension values to certs.
+ */
+SECStatus
+cert_CreateSubjectKeyIDHashTable(void);
+
+SECStatus
+cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert);
+
+/*
+ * Call this function to remove an entry from the mapping table.
+ */
+SECStatus
+cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID);
+
+SECStatus
+cert_DestroySubjectKeyIDHashTable(void);
+
+SECItem*
+cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID);
+
 #endif /* _CERTI_H_ */
 
--- a/security/nss/lib/certdb/certv3.c
+++ b/security/nss/lib/certdb/certv3.c
@@ -286,17 +286,17 @@ CERT_FindKeyUsageExtension(CERTCertifica
     return (CERT_FindBitStringExtension(cert->extensions,
 					SEC_OID_X509_KEY_USAGE, retItem));    
 }
 
 /*
  * get the value of the X.509 v3 Key Usage Extension
  */
 SECStatus
-CERT_FindSubjectKeyIDExten(CERTCertificate *cert, SECItem *retItem)
+CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem)
 {
 
     SECItem encodedValue;
     SECStatus rv;
 
     encodedValue.data = NULL;
     rv = cert_FindExtension
 	 (cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue);
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -428,22 +428,22 @@ cert_DecodeGeneralNames (PRArenaPool  *a
 	    goto loser;
 	}
 	if (head == NULL) {
 	    head = &(currentName->l);
 	    tail = head;
 	}
 	currentName->l.next = head;
 	currentName->l.prev = tail;
-	tail = &(currentName->l);
-	(cert_get_prev_general_name(currentName))->l.next = tail;
+	tail = head->prev = tail->next = &(currentName->l);
 	encodedGenName++;
     }
-    (cert_get_next_general_name(currentName))->l.prev = tail;
-    return cert_get_next_general_name(currentName);
+    if (currentName) {
+	return cert_get_next_general_name(currentName);
+    }
 loser:
     return NULL;
 }
 
 void
 CERT_DestroyGeneralName(CERTGeneralName *name)
 {
     cert_DestroyGeneralNames(name);
@@ -600,40 +600,33 @@ cert_DecodeNameConstraintSubTree(PRArena
 				 PRBool        permited)
 {
     CERTNameConstraint   *current = NULL;
     CERTNameConstraint   *first = NULL;
     CERTNameConstraint   *last = NULL;
     CERTNameConstraint   *next = NULL;
     int                  i = 0;
 
+    PORT_Assert(arena);
     while (subTree[i] != NULL) {
 	current = cert_DecodeNameConstraint(arena, subTree[i]);
 	if (current == NULL) {
 	    goto loser;
 	}
 	if (last == NULL) {
 	    first = last = current;
 	}
 	current->l.prev = &(last->l);
 	current->l.next = last->l.next;
 	last->l.next = &(current->l);
 	i++;
     }
     first->l.prev = &(current->l);
     return first;
 loser:
-    if (first) {
-	current = first;
-	do {
-	    next = cert_get_next_name_constraint(current);
-	    PORT_Free(current);
-	    current = next;
-	}while (current != first);
-    }
     return NULL;
 }
 
 CERTNameConstraints *
 cert_DecodeNameConstraints(PRArenaPool   *arena,
 			   SECItem       *encodedConstraints)
 {
     CERTNameConstraints   *constraints;
@@ -837,17 +830,17 @@ CERT_AddNameConstraint(CERTNameConstrain
     PORT_Assert(constraint != NULL);
     constraint->l.next = constraint->l.prev = &constraint->l;
     list = cert_CombineConstraintsLists(list, constraint);
     return list;
 }
 
 
 SECStatus
-CERT_GetNameConstriantByType (CERTNameConstraint *constraints,
+CERT_GetNameConstraintByType (CERTNameConstraint *constraints,
 			      CERTGeneralNameType type, 
 			      CERTNameConstraint **returnList,
 			      PRArenaPool *arena)
 {
     CERTNameConstraint *current;
     CERTNameConstraint *temp;
     
     *returnList = NULL;
@@ -962,287 +955,331 @@ CERT_GetCertificateNames(CERTCertificate
     PORT_Free(altNameExtension.data);
     DN = cert_CombineNamesLists(DN, altName);
     return DN;
 loser:
 
     return NULL;
 }
 
+/* This function does very basic regular expression matching.
+** The only wildcard character is "*", which matches any substring.
+** constraint is the regular expression.  name is to be tested against it.
+** return SECSuccess on match, SECFailure otherwise.  Does not set error.
+*/
 static SECStatus
-compareNameToConstraint(char *name, char *constraint, PRBool substring)
+compareNameToConstraint(const char *name, const char *constraint, int level)
 {
+    PRBool substring = PR_FALSE;
     SECStatus  rv;
 
-    if (*constraint == '\0' && *name == '\0') {
-	return SECSuccess;
+    while (*name == *constraint && *constraint != '\0' && *constraint != '*') {
+        ++name;
+	++constraint;
     }
-    if (*constraint == '*') {
-	return compareNameToConstraint(name, constraint + 1, PR_TRUE);
+    if (*constraint == '\0' && *name == '\0') 
+	return SECSuccess;
+
+    while (*constraint == '*') {
+        ++constraint;
+	substring = PR_TRUE;
     }
-    if (substring) {
-	if (*constraint == '\0') {
-	    return SECSuccess;
-	}
-	while (*name != *constraint) {
-	    if (*name == '\0') {
-		return SECFailure;
-	    }
+
+    if (!substring) 
+        return SECFailure;
+
+    if (*constraint == '\0') 
+	return SECSuccess;
+
+    if (++level > 20)
+    	return SECFailure;  /* prevent stack overflow */
+
+    do {
+	while (*name != *constraint && *name != '\0')
 	    name++;
-	}
-	rv = compareNameToConstraint(name + 1, constraint + 1, PR_FALSE);
-	if (rv == SECSuccess) {
-	    return rv;
-	}
-	name++;
-    } else {
-	if (*name == *constraint) {
-	    name++;
-	    constraint++;
-	} else {
+	if (*name == '\0') 
 	    return SECFailure;
-	}
+
+	/* recurse */
+	rv = compareNameToConstraint(name + 1, constraint + 1, level); 
+
+	++name;
+    } while (rv != SECSuccess);
+    return rv;
+}
+
+#define compareN2C(n,c) compareNameToConstraint((n),(c),0)
+
+/* This isn't right for items containing UCS2 or UCS4.
+** Those should be converted to UTF8 rather than merely strncpy'ed.
+** But it's not clear that we can tell what the encoding is here.
+*/
+static char *
+secItem2String(PLArenaPool *arena, SECItem *item)
+{
+    char * cPtr;
+    if (arena)
+        cPtr = PORT_ArenaAlloc(arena, item->len + 1);
+    else
+        cPtr = PORT_Alloc(item->len + 1);
+    if (cPtr) {
+	if (item->len)
+	    PORT_Strncpy(cPtr, (char *)item->data, item->len);
+	cPtr[item->len] = '\0';
     }
-    return compareNameToConstraint(name, constraint, substring);
+    return cPtr;
 }
 
 SECStatus
 cert_CompareNameWithConstraints(CERTGeneralName     *name, 
 				CERTNameConstraint  *constraints,
 				PRBool              excluded)
 {
     SECStatus           rv = SECSuccess;
-    char                *nameString = NULL;
-    char                *constraintString = NULL;
+    char                *nString = NULL;
+    char                *cString = NULL;
     int                 start;
     int                 end;
-    int                 tag;
-    CERTRDN             **nameRDNS, *nameRDN;
-    CERTRDN             **constraintRDNS, *constraintRDN;
-    CERTAVA             **nameAVAS, *nameAVA;
-    CERTAVA             **constraintAVAS, *constraintAVA;
+    CERTRDN             **nRDNs, *nRDN;
+    CERTAVA             **nAVAs, *nAVA;
     CERTNameConstraint  *current;
-    SECItem             *avaValue;
-    CERTName            constraintName;
     CERTName            certName;
     SECComparison       status = SECEqual;
-    PRArenaPool         *certNameArena;
-    PRArenaPool         *constraintNameArena;
+    PRArenaPool         *nArena;
+
+    if (!constraints)
+        return SECSuccess;
+
+    nArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!nArena)
+        return SECFailure;
 
     certName.arena = NULL;
-    certName.rdns = NULL;
-    constraintName.arena = NULL;
-    constraintName.rdns = NULL;
-    if (constraints != NULL) {
-	current = constraints;
-	if (name->type == certDirectoryName) {
-	    certNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-	    CERT_CopyName(certNameArena, &certName, &name->name.directoryName);
-	    nameRDNS = certName.rdns;
-	    for (;;) {
-		nameRDN = *nameRDNS++;
-		nameAVAS = nameRDN->avas;
-		for(;;) {
-		    nameAVA = *nameAVAS++;
-		    tag = CERT_GetAVATag(nameAVA);
-		    if ( tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
-			 tag == SEC_OID_RFC1274_MAIL) {
-			avaValue = CERT_DecodeAVAValue(&nameAVA->value);
-			nameString = (char*)PORT_ZAlloc(avaValue->len + 1);
-			nameString = PORT_Strncpy(nameString, (char *) avaValue->data, avaValue->len);
-			start = 0;
-			while(nameString[start] != '@' && nameString[start + 1] != '\0') {
-			    start++;
-			} 
+    certName.rdns  = NULL;
+
+    /* Phase 1.  If the name is a Directory Name, look through all the
+    ** AVAs in all the RDNs for any that are email addresses.  
+    ** Subject all email addresses to all RFC822 email address constraints.
+    */
+    if (name->type == certDirectoryName) {
+	rv = CERT_CopyName(nArena, &certName, &name->name.directoryName);
+	if (rv != SECSuccess)
+	    goto loser;
+	nRDNs = certName.rdns;
+	while (nRDNs && *nRDNs) { /* loop over RDNs */
+	    nRDN = *nRDNs++;
+	    nAVAs = nRDN->avas;
+	    while (nAVAs && *nAVAs) { /* loop over AVAs */
+		int tag;
+		nAVA = *nAVAs++;
+		tag = CERT_GetAVATag(nAVA);
+		if ( tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
+		     tag == SEC_OID_RFC1274_MAIL) { /* email AVA */
+		    SECItem *avaValue;
+		    avaValue = CERT_DecodeAVAValue(&nAVA->value);
+		    if (!avaValue)
+		        goto loser;
+		    nString = secItem2String(nArena, avaValue);
+		    SECITEM_FreeItem(avaValue, PR_TRUE);
+		    if (!nString) 
+		         goto loser;
+		    start = 0;
+		    while (nString[start] != '@' && nString[start] != '\0') {
 			start++;
-			do{
-			    if (current->name.type == certRFC822Name) {
-				constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-				constraintString = PORT_Strncpy(constraintString, 
-								(char *) current->name.name.other.data,
-								current->name.name.other.len);
-				rv = compareNameToConstraint(nameString + start, constraintString, 
-							     PR_FALSE);
-
-				if (constraintString != NULL) {
-				    PORT_Free(constraintString);
-				    constraintString = NULL;
-				}
-				if (nameString != NULL) {
-				    PORT_Free(nameString);
-				    nameString = NULL;
-				}
-				if (rv == SECSuccess && excluded == PR_TRUE) {
+		    } 
+		    if (nString[start])
+			start++;
+		    current = constraints;
+		    do { /* loop over constraints */
+			if (current->name.type == certRFC822Name) {
+			    cString = 
+			      secItem2String(nArena, &current->name.name.other);
+			    if (!cString)
+			        goto loser;
+			    rv = compareN2C(nString + start, cString);
+			    if (rv == SECSuccess) {
+			    	if (excluded) 
 				    goto found;
-				}
-				if (rv == SECSuccess && excluded == PR_FALSE) {
-				    break;
-				}
+				break; /* out of loop over constraints. */
 			    }
-			    current = cert_get_next_name_constraint(current);
-			} while (current != constraints);
-		    }
-		    if (rv != SECSuccess && excluded == PR_FALSE) {
-			goto loser;
-		    }
-		    if (*nameAVAS == NULL) {
-			break;
-		    }
-		}
-		if (*nameRDNS == NULL) {
-		    break;
+			} /* email address constraint */
+			current = cert_get_next_name_constraint(current);
+		    } while (current != constraints); /*loop over constraints*/
+		} /* handle one email AVA */
+		if (rv != SECSuccess && excluded == PR_FALSE) {
+		    goto no_match;
 		}
 	    }
-	}
-	current = constraints;
-	do {
-	    switch (name->type) {
-	      case certDNSName:
-		nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
-		nameString = PORT_Strncpy(nameString, (char *) name->name.other.data, 
-					  name->name.other.len);
-		constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-		constraintString = PORT_Strncpy(constraintString, 
-						(char *) current->name.name.other.data,
-						current->name.name.other.len);
-		rv = compareNameToConstraint(nameString, constraintString, PR_FALSE);
-		if (nameString != NULL) {
-		    PORT_Free(nameString);
+	} /* loop over RDNs */
+    } /* name->type == certDirectoryName */
+
+    /* Phase 2. loop over all constratints for this name. */
+    current = constraints;
+    do {
+	switch (name->type) {
+
+	case certDNSName:
+	    PORT_Assert(name->type == current->name.type);
+	    nString = secItem2String(nArena, &name->name.other);
+	    if (!nString)
+	        goto loser;
+	    cString = secItem2String(nArena, &current->name.name.other);
+	    if (!cString)
+	        goto loser;
+	    rv = compareN2C(nString, cString);
+	    break;
+
+	case certRFC822Name:
+	    PORT_Assert(name->type == current->name.type);
+	    nString = secItem2String(nArena, &name->name.other);
+	    if (!nString)
+	        goto loser;
+	    start = 0;
+	    while (nString[start] != '@' && 
+	           nString[start] != '\0') {
+		start++;
+	    } 
+	    if (nString[start])
+		start++;
+	    cString = secItem2String(nArena, &current->name.name.other);
+	    if (!cString)
+	        goto loser;
+	    rv = compareN2C(nString + start, cString);
+	    break;
+
+	case certURI:
+	    PORT_Assert(name->type == current->name.type);
+	    nString = secItem2String(nArena, &name->name.other);
+	    if (!nString)
+	        goto loser;
+	    /* XXX This URI hostname parsing is wrong because it doesn't
+	    ** handle user name and password strings that can come
+	    ** before the host name.
+	    */
+	    start = 0;
+	    while(nString[start] != 0 &&
+	          PORT_Strncmp(nString + start, "://", 3) != 0 ) {
+		start++;
+	    }
+	    if (nString[start])
+		start +=3;
+	    end = 0;
+	    while(nString[start + end] != '/' && 
+		  nString[start + end] != ':' &&
+		  nString[start + end] != '\0') {
+		end++;
+	    }
+	    nString[start + end] = '\0';
+	    cString = secItem2String(nArena, &current->name.name.other);
+	    if (!cString)
+	        goto loser;
+	    rv = compareN2C(nString + start, cString);
+	    break;
+
+	case certDirectoryName:  
+	    PORT_Assert(current->name.type == certDirectoryName || \
+	                current->name.type == certRFC822Name);
+	    if (current->name.type == certRFC822Name) 
+		goto next_constraint; /* already handled in phase 1. */
+	    if (current->name.type == certDirectoryName) {
+		PRArenaPool         *cArena;
+		CERTRDN             **cRDNs, *cRDN;
+		CERTAVA             **cAVAs, *cAVA;
+		CERTName            constraintName;
+
+		constraintName.arena = NULL;
+		constraintName.rdns  = NULL;
+
+		cArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 
+		if (!cArena)
+		    goto loser;
+		rv = CERT_CopyName(cArena, &constraintName, 
+		                   &current->name.name.directoryName);
+		if (rv != SECSuccess) {
+		    PORT_FreeArena(cArena, PR_FALSE);
+		    goto loser;
 		}
-		if (constraintString != NULL) {
-		    PORT_Free(constraintString);
+		cRDNs = constraintName.rdns;  
+		while (cRDNs && *cRDNs) { /* loop over constraint RDNs */
+		    cRDN = *cRDNs++;
+		    cAVAs = cRDN->avas;
+		    while (cAVAs && *cAVAs) { /* loop over constraint AVAs */
+			cAVA = *cAVAs++;
+
+			/* certName was initialized in Phase 1. */
+			PORT_Assert(certName.arena != NULL);
+
+			nRDNs = certName.rdns;
+			while (nRDNs && *nRDNs) { /* loop over name RDNs */
+			    nRDN = *nRDNs++;
+			    nAVAs = nRDN->avas;
+			    while (nAVAs && *nAVAs) { /* loop over name AVAs */
+				nAVA = *nAVAs++;
+				status = CERT_CompareAVA(cAVA, nAVA);
+				if (status == SECEqual) 
+				    break;
+			    } /* loop over name AVAs */
+			    if (status == SECEqual) 
+				break;
+			} /* loop over name RDNs */
+			if (status != SECEqual) 
+			    break;
+		    } /* loop over AVAs in constraint */
+		    if (status != SECEqual) 
+			break;
+		} /* loop over RDNs in constraint */
+		PORT_FreeArena(cArena, PR_FALSE);
+		if (status == SECEqual) {
+		    if (!excluded) 
+			goto found;
+		    goto no_match;
 		}
 		break;
-	      case certRFC822Name:
-		nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
-		nameString = PORT_Strncpy(nameString, (char *) name->name.other.data, 
-					  name->name.other.len);
-		start = 0;
-		while(nameString[start] != '@' && nameString[start + 1] != '\0') {
-		    start++;
-		} 
-		start++;
-		constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-		constraintString = PORT_Strncpy(constraintString, 
-						(char *) current->name.name.other.data,
-						current->name.name.other.len);
-		rv = compareNameToConstraint(nameString + start, constraintString, PR_FALSE);
-		if (nameString != NULL) {
-		    PORT_Free(nameString);
-		}
-		if (constraintString != NULL) {
-		    PORT_Free(constraintString);
-		}
-		break;
-	      case certURI:
-	        nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
-		nameString = PORT_Strncpy(nameString, (char *) name->name.other.data, 
-					  name->name.other.len);
-		start = 0;
-		while(PORT_Strncmp(nameString + start, "://", 3) != 0 && 
-		      nameString[start + 3] != '\0') {
-		    start++;
-		}
-		start +=3;
-		end = 0;
-		while(nameString[start + end] != '/' && 
-		      nameString[start + end] != '\0') {
-		    end++;
-		}
-		nameString[start + end] = '\0';
-		constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-		constraintString = PORT_Strncpy(constraintString, 
-						(char *) current->name.name.other.data,
-						current->name.name.other.len);
-		rv = compareNameToConstraint(nameString + start, constraintString, PR_FALSE);
-		if (nameString != NULL) {
-		    PORT_Free(nameString);
-		}
-		if (constraintString != NULL) {
-		    PORT_Free(constraintString);
-		}
-		break;
-	      case certDirectoryName:  
-		if (current->name.type == certDirectoryName) {
-		    constraintNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 
-		    CERT_CopyName(constraintNameArena, &constraintName, &current->name.name.directoryName);
-		    constraintRDNS = constraintName.rdns;  
-		    for (;;) {
-			constraintRDN = *constraintRDNS++;
-			constraintAVAS = constraintRDN->avas;
-			for(;;) {
-			    constraintAVA = *constraintAVAS++;
-			    certNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-			    CERT_CopyName(certNameArena, &certName, &name->name.directoryName);
-			    nameRDNS = certName.rdns;
-			    for (;;) {
-				nameRDN = *nameRDNS++;
-				nameAVAS = nameRDN->avas++;
-				for(;;) {
-				    nameAVA = *nameAVAS++;
-				    status = CERT_CompareAVA(constraintAVA, nameAVA);
-				    if (status == SECEqual || *nameAVAS == NULL) {
-					break;
-				    }
-				}
-				if (status == SECEqual || *nameRDNS == NULL) {
-				    break;
-				}
-			    }
-			    if (status != SECEqual || *constraintAVAS == NULL) {
-				break;
-			    }
-			}
-			if (status != SECEqual || *constraintRDNS == NULL) {
-			    break;
-			}
-		    }
-		    if (status == SECEqual) {
-			if (excluded == PR_FALSE) {
-			    goto found;
-			} else {
-			    goto loser;
-			}
-		    }
-		    break;
-		} else if (current->name.type == certRFC822Name) {
-		    current = cert_get_next_name_constraint(current);
-		    continue;
-		}
-	      default:
-		/* other types are not supported */
-		if (excluded) {
-		    goto found;
-		} else {
-		    goto loser;
-		}
 	    }
-	    if (rv == SECSuccess && status == SECEqual) {
-		goto found;
-	    }
-	    current = cert_get_next_name_constraint(current);
-	} while (current !=constraints);
-    } else {
-	goto found;
-    }
+	    goto loser;
+#ifdef NOTYET
+	case certOtherName:	/* type 1 */
+	case certX400Address:	/* type 4 */
+	case certEDIPartyName:  /* type 6 */
+	case certIPAddress:	/* type 8 */
+	case certRegisterID:	/* type 9 */
+	    PORT_Assert(name->type == current->name.type);
+	    if (name->type == current->name.type &&
+		name->name.other.len == current->name.name.other.len &&
+		!memcmp(name->name.other.data, current->name.name.other.data,
+		        name->name.other.len))
+		rv = SECSuccess;
+	    else
+	    	rv = SECFailure;
+	    break;
+#endif
+	default:
+	    /* non-standard types are not supported */
+	    goto loser;
+	}
+	if (rv == SECSuccess && status == SECEqual) {
+	    goto found;
+	}
+next_constraint:
+	current = cert_get_next_name_constraint(current);
+    } while (current !=constraints);
+
+no_match:
+    if (nArena)
+    	PORT_FreeArena(nArena, PR_FALSE);
+    return SECFailure;
+
 loser:
-    if (certName.arena) {
-	CERT_DestroyName(&certName);
-    }
-    if (constraintName.arena) {
-	CERT_DestroyName(&constraintName);
-    }
-    return SECFailure;
+    if (nArena)
+    	PORT_FreeArena(nArena, PR_FALSE);
+    return excluded ? SECSuccess : SECFailure;
+
 found:
-    if (certName.arena) {
-	CERT_DestroyName(&certName);
-    }
-    if (constraintName.arena) {
-	CERT_DestroyName(&constraintName);
-    }
+    if (nArena)
+    	PORT_FreeArena(nArena, PR_FALSE);
     return SECSuccess;
 }
 
 
 CERTCertificate *
 CERT_CompareNameSpace(CERTCertificate  *cert,
 		      CERTGeneralName  *namesList,
  		      SECItem          *namesListIndex,
@@ -1263,31 +1300,31 @@ CERT_CompareNameSpace(CERTCertificate  *
     }
     constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);
     currentName = namesList;
     if (constraints == NULL) {
 	goto loser;
     }
     do {
  	if (constraints->excluded != NULL) {
- 	    rv = CERT_GetNameConstriantByType(constraints->excluded, currentName->type, 
+ 	    rv = CERT_GetNameConstraintByType(constraints->excluded, currentName->type, 
  					      &matchingConstraints, arena);
  	    if (rv != SECSuccess) {
  		goto loser;
  	    }
  	    if (matchingConstraints != NULL) {
  		rv = cert_CompareNameWithConstraints(currentName, matchingConstraints,
  						     PR_TRUE);
  		if (rv != SECFailure) {
  		    goto loser;
  		}
  	    }
  	}
  	if (constraints->permited != NULL) {
- 	    rv = CERT_GetNameConstriantByType(constraints->permited, currentName->type, 
+ 	    rv = CERT_GetNameConstraintByType(constraints->permited, currentName->type, 
  					      &matchingConstraints, arena);
             if (rv != SECSuccess) {
 		goto loser;
 	    }
  	    if (matchingConstraints != NULL) {
  		rv = cert_CompareNameWithConstraints(currentName, matchingConstraints,
  						     PR_FALSE);
  		if (rv != SECSuccess) {
--- a/security/nss/lib/certdb/secname.c
+++ b/security/nss/lib/certdb/secname.c
@@ -62,18 +62,18 @@ CountArray(void **array)
     if (array) {
 	while (*array++) {
 	    count++;
 	}
     }
     return count;
 }
 
-static void
-**AddToArray(PRArenaPool *arena, void **array, void *element)
+static void **
+AddToArray(PRArenaPool *arena, void **array, void *element)
 {
     unsigned count;
     void **ap;
 
     /* Count up number of slots already in use in the array */
     count = 0;
     ap = array;
     if (ap) {
@@ -91,45 +91,16 @@ static void
     }
     if (array) {
 	array[count] = element;
 	array[count+1] = 0;
     }
     return array;
 }
 
-#if 0
-static void
-**RemoveFromArray(void **array, void *element)
-{
-    unsigned count;
-    void **ap;
-    int slot;
-
-    /* Look for element */
-    ap = array;
-    if (ap) {
-	count = 1;			/* count the null at the end */
-	slot = -1;
-	for (; *ap; ap++, count++) {
-	    if (*ap == element) {
-		/* Found it */
-		slot = ap - array;
-	    }
-	}
-	if (slot >= 0) {
-	    /* Found it. Squish array down */
-	    PORT_Memmove((void*) (array + slot), (void*) (array + slot + 1),
-		       (count - slot - 1) * sizeof(void*));
-	    /* Don't bother reallocing the memory */
-	}
-    }
-    return array;
-}
-#endif /* 0 */
 
 SECOidTag
 CERT_GetAVATag(CERTAVA *ava)
 {
     SECOidData *oid;
     if (!ava->type.data) return (SECOidTag)-1;
 
     oid = SECOID_FindOID(&ava->type);
@@ -212,16 +183,17 @@ SetupAVAValue(PRArenaPool *arena, int va
     unsigned valueLen, valueLenLen, total;
     unsigned ucs4Len = 0, ucs4MaxLen;
     unsigned char *cp, *ucs4Val;
 
     switch (valueType) {
       case SEC_ASN1_PRINTABLE_STRING:
       case SEC_ASN1_IA5_STRING:
       case SEC_ASN1_T61_STRING:
+      case SEC_ASN1_UTF8_STRING: /* no conversion required */
 	valueLen = PORT_Strlen(value);
 	break;
       case SEC_ASN1_UNIVERSAL_STRING:
 	valueLen = PORT_Strlen(value);
 	ucs4Val = (unsigned char *)PORT_ArenaZAlloc(arena, 
 						    PORT_Strlen(value) * 6);
 	ucs4MaxLen = PORT_Strlen(value) * 6;
 	if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, (unsigned char *)value, valueLen,
@@ -352,27 +324,37 @@ CERT_AddAVA(PRArenaPool *arena, CERTRDN 
     rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
     return rdn->avas ? SECSuccess : SECFailure;
 }
 
 SECStatus
 CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from)
 {
     CERTAVA **avas, *fava, *tava;
-    SECStatus rv;
+    SECStatus rv = SECSuccess;
 
     /* Copy each ava from from */
     avas = from->avas;
-    while ((fava = *avas++) != 0) {
-	tava = CERT_CopyAVA(arena, fava);
-	if (!tava) return SECFailure;
-	rv = CERT_AddAVA(arena, to, tava);
-	if (rv) return rv;
+    if (avas) {
+	if (avas[0] == NULL) {
+	    rv = CERT_AddAVA(arena, to, NULL);
+	    return rv;
+	}
+	while ((fava = *avas++) != 0) {
+	    tava = CERT_CopyAVA(arena, fava);
+	    if (!tava) {
+	    	rv = SECFailure;
+		break;
+	    }
+	    rv = CERT_AddAVA(arena, to, tava);
+	    if (rv != SECSuccess) 
+	    	break;
+	}
     }
-    return SECSuccess;
+    return rv;
 }
 
 /************************************************************************/
 
 const SEC_ASN1Template CERT_NameTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF,
 	  offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
 };
@@ -455,37 +437,48 @@ CERT_AddRDN(CERTName *name, CERTRDN *rdn
     name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
     return name->rdns ? SECSuccess : SECFailure;
 }
 
 SECStatus
 CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from)
 {
     CERTRDN **rdns, *frdn, *trdn;
-    SECStatus rv;
+    SECStatus rv = SECSuccess;
 
-    if (!to || !from)
+    if (!to || !from) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
+    }
 
     CERT_DestroyName(to);
     to->arena = arena;
 
     /* Copy each rdn from from */
     rdns = from->rdns;
-    while ((frdn = *rdns++) != 0) {
-	trdn = CERT_CreateRDN(arena, 0);
-	if ( trdn == NULL ) {
-	    return(SECFailure);
+    if (rdns) {
+    	if (rdns[0] == NULL) {
+	    rv = CERT_AddRDN(to, NULL);
+	    return rv;
 	}
-	rv = CERT_CopyRDN(arena, trdn, frdn);
-	if (rv) return rv;
-	rv = CERT_AddRDN(to, trdn);
-	if (rv) return rv;
+	while ((frdn = *rdns++) != NULL) {
+	    trdn = CERT_CreateRDN(arena, 0);
+	    if (!trdn) {
+		rv = SECFailure;
+		break;
+	    }
+	    rv = CERT_CopyRDN(arena, trdn, frdn);
+	    if (rv != SECSuccess) 
+	        break;
+	    rv = CERT_AddRDN(to, trdn);
+	    if (rv != SECSuccess) 
+	        break;
+	}
     }
-    return SECSuccess;
+    return rv;
 }
 
 /************************************************************************/
 
 SECComparison
 CERT_CompareAVA(CERTAVA *a, CERTAVA *b)
 {
     SECComparison rv;
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -117,19 +117,19 @@ CERT_VerifySignedDataWithPublicKey(CERTS
 
     return rv ? SECFailure : SECSuccess;
 }
 
 /*
  * verify the signature of a signed data object with the given DER publickey
  */
 SECStatus
-CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd, 
-                                    CERTSubjectPublicKeyInfo *pubKeyInfo,
-		                    void *wincx)
+CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd, 
+                                       CERTSubjectPublicKeyInfo *pubKeyInfo,
+		                       void *wincx)
 {
     SECKEYPublicKey *pubKey;
     SECStatus        rv		= SECFailure;
 
     /* get cert's public key */
     pubKey = SECKEY_ExtractPublicKey(pubKeyInfo);
     if (pubKey) {
 	rv =  CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -34,25 +34,25 @@
 #ifdef DEBUG
 static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$";
 #endif /* DEBUG */
 
 #ifndef BUILTINS_H
 #include "builtins.h"
 #endif /* BUILTINS_H */
 
-static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
-static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
-static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
-static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
 static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
+static const CK_BBOOL ck_false = CK_FALSE;
+static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
+static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
 static const CK_OBJECT_CLASS cko_data = CKO_DATA;
-static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_BBOOL ck_true = CK_TRUE;
-static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
+static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
 #ifdef DEBUG
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_0 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_APPLICATION,  CKA_VALUE
 };
 #endif /* DEBUG */
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_1 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL
 };
@@ -435,43 +435,25 @@ static const CK_ATTRIBUTE_TYPE nss_built
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_128 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_129 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_130 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_131 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_132 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_133 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_134 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_135 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
-};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CVS ID", (PRUint32)7 },
   { (void *)"NSS", (PRUint32)4 },
-  { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)179 }
+  { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)183 }
 };
 #endif /* DEBUG */
 static const NSSItem nss_builtins_items_1 [] = {
   { (void *)&cko_netscape_builtin_root_list, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Mozilla Builtin Roots", (PRUint32)22 }
@@ -4239,249 +4221,16 @@ static const NSSItem nss_builtins_items_
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
 static const NSSItem nss_builtins_items_66 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"ValiCert OCSP Responder", (PRUint32)24 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141"
-"\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
-"\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125"
-"\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156"
-"\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141"
-"\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040"
-"\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120"
-"\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072"
-"\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156"
-"\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001"
-"\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162"
-"\164\056\143\157\155"
-, (PRUint32)181 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141"
-"\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
-"\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125"
-"\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156"
-"\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141"
-"\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040"
-"\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120"
-"\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072"
-"\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156"
-"\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001"
-"\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162"
-"\164\056\143\157\155"
-, (PRUint32)181 },
-  { (void *)"\002\001\001"
-, (PRUint32)3 },
-  { (void *)"\060\202\003\110\060\202\002\261\240\003\002\001\002\002\001\001"
-"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060"
-"\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141\154"
-"\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157\156"
-"\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125\004"
-"\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156\143"
-"\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141\163"
-"\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040\101"
-"\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120\061"
-"\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072\057"
-"\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156\145"
-"\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001\011"
-"\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162\164"
-"\056\143\157\155\060\036\027\015\060\060\060\062\061\062\061\061"
-"\065\060\060\065\132\027\015\060\065\060\062\061\060\061\061\065"
-"\060\060\065\132\060\201\262\061\044\060\042\006\003\125\004\007"
-"\023\033\126\141\154\151\103\145\162\164\040\126\141\154\151\144"
-"\141\164\151\157\156\040\116\145\164\167\157\162\153\061\027\060"
-"\025\006\003\125\004\012\023\016\126\141\154\151\103\145\162\164"
-"\054\040\111\156\143\056\061\054\060\052\006\003\125\004\013\023"
-"\043\103\154\141\163\163\040\061\040\126\141\154\151\144\141\164"
-"\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040"
-"\117\103\123\120\061\041\060\037\006\003\125\004\003\023\030\150"
-"\164\164\160\072\057\057\167\167\167\056\166\141\154\151\143\145"
-"\162\164\056\156\145\164\057\061\040\060\036\006\011\052\206\110"
-"\206\367\015\001\011\001\026\021\151\156\146\157\100\166\141\154"
-"\151\143\145\162\164\056\143\157\155\060\201\237\060\015\006\011"
-"\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060"
-"\201\211\002\201\201\000\307\214\057\247\303\100\207\073\075\327"
-"\304\232\130\024\144\012\303\010\071\142\032\317\322\353\251\361"
-"\151\164\212\312\016\132\166\314\242\122\116\320\363\304\172\265"
-"\370\246\034\273\243\247\244\123\207\133\215\300\000\273\325\146"
-"\044\347\164\306\026\310\257\310\003\142\325\062\207\242\122\221"
-"\104\224\225\250\107\103\155\245\110\234\366\114\165\325\117\142"
-"\347\311\377\173\364\044\214\247\274\050\166\265\062\240\045\163"
-"\267\107\057\170\370\106\371\207\024\360\167\374\012\167\350\117"
-"\375\214\037\372\142\331\002\003\001\000\001\243\154\060\152\060"
-"\017\006\011\053\006\001\005\005\007\060\001\005\004\002\005\000"
-"\060\023\006\003\125\035\045\004\014\060\012\006\010\053\006\001"
-"\005\005\007\003\011\060\013\006\003\125\035\017\004\004\003\002"
-"\001\206\060\065\006\010\053\006\001\005\005\007\001\001\004\051"
-"\060\047\060\045\006\010\053\006\001\005\005\007\060\001\206\031"
-"\150\164\164\160\072\057\057\157\143\163\160\062\056\166\141\154"
-"\151\143\145\162\164\056\156\145\164\060\015\006\011\052\206\110"
-"\206\367\015\001\001\005\005\000\003\201\201\000\025\305\340\270"
-"\064\162\022\006\040\250\142\225\223\321\274\223\272\220\253\334"
-"\116\215\216\215\230\114\343\062\365\053\077\263\227\373\252\242"
-"\255\100\227\255\150\275\134\255\123\016\320\246\263\015\254\032"
-"\231\215\252\060\036\317\016\160\377\002\260\167\145\203\315\332"
-"\007\134\122\315\131\273\242\310\342\264\026\203\217\324\225\171"
-"\223\055\350\277\104\223\061\222\060\323\064\064\361\020\373\041"
-"\254\056\364\303\135\144\143\172\231\341\232\253\102\035\110\146"
-"\246\167\067\270\125\074\255\376\145\260\142\351"
-, (PRUint32)844 }
-};
-static const NSSItem nss_builtins_items_67 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"ValiCert OCSP Responder", (PRUint32)24 },
-  { (void *)"\133\166\261\274\342\212\360\366\161\221\205\147\046\215\021\151"
-"\017\027\077\163"
-, (PRUint32)20 },
-  { (void *)"\325\036\040\137\321\365\035\202\127\010\122\071\035\372\212\255"
-, (PRUint32)16 },
-  { (void *)"\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141"
-"\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
-"\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125"
-"\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156"
-"\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141"
-"\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040"
-"\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120"
-"\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072"
-"\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156"
-"\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001"
-"\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162"
-"\164\056\143\157\155"
-, (PRUint32)181 },
-  { (void *)"\002\001\001"
-, (PRUint32)3 },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_68 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Code Signing Root", (PRUint32)39 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004"
-"\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147"
-"\156\151\156\147\040\122\157\157\164"
-, (PRUint32)105 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004"
-"\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147"
-"\156\151\156\147\040\122\157\157\164"
-, (PRUint32)105 },
-  { (void *)"\002\004\002\000\000\277"
-, (PRUint32)6 },
-  { (void *)"\060\202\003\246\060\202\002\216\240\003\002\001\002\002\004\002"
-"\000\000\277\060\015\006\011\052\206\110\206\367\015\001\001\005"
-"\005\000\060\147\061\013\060\011\006\003\125\004\006\023\002\111"
-"\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164"
-"\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012"
-"\103\171\142\145\162\124\162\165\163\164\061\057\060\055\006\003"
-"\125\004\003\023\046\102\141\154\164\151\155\157\162\145\040\103"
-"\171\142\145\162\124\162\165\163\164\040\103\157\144\145\040\123"
-"\151\147\156\151\156\147\040\122\157\157\164\060\036\027\015\060"
-"\060\060\065\061\067\061\064\060\061\060\060\132\027\015\062\065"
-"\060\065\061\067\062\063\065\071\060\060\132\060\147\061\013\060"
-"\011\006\003\125\004\006\023\002\111\105\061\022\060\020\006\003"
-"\125\004\012\023\011\102\141\154\164\151\155\157\162\145\061\023"
-"\060\021\006\003\125\004\013\023\012\103\171\142\145\162\124\162"
-"\165\163\164\061\057\060\055\006\003\125\004\003\023\046\102\141"
-"\154\164\151\155\157\162\145\040\103\171\142\145\162\124\162\165"
-"\163\164\040\103\157\144\145\040\123\151\147\156\151\156\147\040"
-"\122\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206"
-"\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012"
-"\002\202\001\001\000\310\161\232\030\022\216\172\333\371\232\374"
-"\101\257\330\362\364\011\216\255\077\376\147\067\074\332\311\046"
-"\120\261\261\076\313\350\116\163\000\362\262\334\363\305\106\373"
-"\011\357\030\226\316\247\340\234\204\135\040\016\172\240\252\066"
-"\213\372\050\266\170\056\263\354\350\107\363\004\360\220\043\264"
-"\352\257\345\123\270\005\367\107\135\053\206\361\247\244\306\073"
-"\065\266\322\015\122\101\327\364\222\165\341\242\012\120\126\207"
-"\276\227\013\173\063\205\020\271\050\030\356\063\352\110\021\327"
-"\133\221\107\166\042\324\356\317\135\347\250\116\034\235\226\221"
-"\335\234\275\164\011\250\162\141\252\260\041\072\361\075\054\003"
-"\126\011\322\301\334\303\265\307\124\067\253\346\046\242\262\106"
-"\161\163\312\021\210\356\274\347\144\367\320\021\032\163\100\132"
-"\310\111\054\017\267\357\220\177\150\200\004\070\013\033\017\073"
-"\324\365\240\263\302\216\341\064\264\200\231\155\236\166\324\222"
-"\051\100\261\225\322\067\244\147\022\177\340\142\273\256\065\305"
-"\231\066\202\104\270\346\170\030\063\141\161\223\133\055\215\237"
-"\170\225\202\353\155\002\003\001\000\001\243\132\060\130\060\023"
-"\006\003\125\035\045\004\014\060\012\006\010\053\006\001\005\005"
-"\007\003\003\060\035\006\003\125\035\016\004\026\004\024\310\101"
-"\064\134\025\025\004\345\100\362\321\253\232\157\044\222\172\207"
-"\102\132\060\022\006\003\125\035\023\001\001\377\004\010\060\006"
-"\001\001\377\002\001\003\060\016\006\003\125\035\017\001\001\377"
-"\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367\015"
-"\001\001\005\005\000\003\202\001\001\000\122\164\252\225\113\042"
-"\214\307\075\226\244\376\135\372\057\265\274\353\360\013\351\126"
-"\070\035\321\155\015\241\274\150\213\360\305\200\245\044\064\375"
-"\362\226\030\021\206\241\066\365\067\347\124\100\325\144\037\303"
-"\137\160\102\153\055\071\307\236\122\005\316\347\152\162\322\215"
-"\162\077\107\120\203\253\307\215\045\311\260\343\247\123\026\225"
-"\246\152\123\352\030\235\217\170\251\167\167\032\371\264\227\107"
-"\131\210\047\050\265\312\341\056\327\076\016\242\015\270\042\104"
-"\003\343\321\143\260\101\072\241\365\244\055\367\166\036\004\124"
-"\231\170\062\100\327\053\174\115\272\246\234\260\171\156\007\276"
-"\214\354\356\327\070\151\133\301\014\126\150\237\376\353\321\341"
-"\310\210\371\362\315\177\276\205\264\104\147\000\120\076\364\046"
-"\003\144\352\167\175\350\136\076\034\067\107\310\326\352\244\363"
-"\066\074\227\302\071\162\005\224\031\045\303\327\067\101\017\301"
-"\037\207\212\375\252\276\351\261\144\127\344\333\222\241\317\341"
-"\111\350\073\037\221\023\132\303\217\331\045\130\111\200\107\017"
-"\306\003\256\254\343\277\267\300\252\052"
-, (PRUint32)938 }
-};
-static const NSSItem nss_builtins_items_69 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Code Signing Root", (PRUint32)39 },
-  { (void *)"\060\106\330\310\210\377\151\060\303\112\374\315\111\047\010\174"
-"\140\126\173\015"
-, (PRUint32)20 },
-  { (void *)"\220\365\050\111\126\321\135\054\260\123\324\113\357\157\220\042"
-, (PRUint32)16 },
-  { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004"
-"\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147"
-"\156\151\156\147\040\122\157\157\164"
-, (PRUint32)105 },
-  { (void *)"\002\004\002\000\000\277"
-, (PRUint32)6 },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_70 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Root", (PRUint32)26 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
 "\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
 "\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
 "\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004"
 "\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142"
 "\145\162\124\162\165\163\164\040\122\157\157\164"
@@ -4549,17 +4298,17 @@ static const NSSItem nss_builtins_items_
 "\144\346\037\267\316\360\362\237\056\273\033\267\362\120\210\163"
 "\222\302\342\343\026\215\232\062\002\253\216\030\335\351\020\021"
 "\356\176\065\253\220\257\076\060\224\172\320\063\075\247\145\017"
 "\365\374\216\236\142\317\107\104\054\001\135\273\035\265\062\322"
 "\107\322\070\056\320\376\201\334\062\152\036\265\356\074\325\374"
 "\347\201\035\031\303\044\102\352\143\071\251"
 , (PRUint32)891 }
 };
-static const NSSItem nss_builtins_items_71 [] = {
+static const NSSItem nss_builtins_items_67 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Root", (PRUint32)26 },
   { (void *)"\324\336\040\320\136\146\374\123\376\032\120\210\054\170\333\050"
 "\122\312\344\164"
 , (PRUint32)20 },
@@ -4573,111 +4322,17 @@ static const NSSItem nss_builtins_items_
 "\145\162\124\162\165\163\164\040\122\157\157\164"
 , (PRUint32)92 },
   { (void *)"\002\004\002\000\000\271"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_72 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Mobile Commerce Root", (PRUint32)42 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004"
-"\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122"
-"\157\157\164"
-, (PRUint32)99 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004"
-"\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122"
-"\157\157\164"
-, (PRUint32)99 },
-  { (void *)"\002\004\002\000\000\270"
-, (PRUint32)6 },
-  { (void *)"\060\202\002\175\060\202\001\346\240\003\002\001\002\002\004\002"
-"\000\000\270\060\015\006\011\052\206\110\206\367\015\001\001\005"
-"\005\000\060\141\061\013\060\011\006\003\125\004\006\023\002\111"
-"\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164"
-"\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012"
-"\103\171\142\145\162\124\162\165\163\164\061\051\060\047\006\003"
-"\125\004\003\023\040\102\141\154\164\151\155\157\162\145\040\103"
-"\171\142\145\162\124\162\165\163\164\040\115\157\142\151\154\145"
-"\040\122\157\157\164\060\036\027\015\060\060\060\065\061\062\061"
-"\070\062\060\060\060\132\027\015\062\060\060\065\061\062\062\063"
-"\065\071\060\060\132\060\141\061\013\060\011\006\003\125\004\006"
-"\023\002\111\105\061\022\060\020\006\003\125\004\012\023\011\102"
-"\141\154\164\151\155\157\162\145\061\023\060\021\006\003\125\004"
-"\013\023\012\103\171\142\145\162\124\162\165\163\164\061\051\060"
-"\047\006\003\125\004\003\023\040\102\141\154\164\151\155\157\162"
-"\145\040\103\171\142\145\162\124\162\165\163\164\040\115\157\142"
-"\151\154\145\040\122\157\157\164\060\201\237\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060\201"
-"\211\002\201\201\000\243\155\261\070\126\254\374\265\126\041\336"
-"\300\220\135\046\107\202\306\175\217\037\240\205\217\057\273\324"
-"\341\034\035\362\044\037\050\260\057\271\244\245\157\242\042\040"
-"\144\376\204\107\074\176\053\154\151\152\270\324\300\226\216\214"
-"\122\015\315\157\101\324\277\004\256\247\201\057\055\230\110\322"
-"\301\224\243\265\031\135\135\121\144\364\216\101\260\233\300\055"
-"\042\240\136\306\330\132\022\143\274\021\112\136\046\022\035\342"
-"\046\005\346\017\137\042\037\172\137\166\224\256\317\132\050\016"
-"\253\105\332\042\061\002\003\001\000\001\243\102\060\100\060\035"
-"\006\003\125\035\016\004\026\004\024\311\342\217\300\002\046\132"
-"\266\300\007\343\177\224\007\030\333\056\245\232\160\060\017\006"
-"\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016"
-"\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015"
-"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
-"\000\123\010\013\046\011\170\102\163\324\354\172\167\107\015\343"
-"\013\063\161\357\256\063\024\115\373\372\375\032\267\121\365\344"
-"\231\034\006\161\327\051\031\327\346\025\040\121\121\106\155\117"
-"\336\030\111\230\320\370\170\273\161\350\215\001\006\325\327\144"
-"\217\224\337\107\376\240\205\151\066\251\057\102\172\150\112\022"
-"\326\213\013\160\104\012\244\004\357\046\210\301\065\161\070\135"
-"\033\133\110\102\360\347\224\034\160\225\064\250\253\365\253\342"
-"\170\255\365\360\122\375\233\352\102\014\350\330\124\276\123\146"
-"\365"
-, (PRUint32)641 }
-};
-static const NSSItem nss_builtins_items_73 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Mobile Commerce Root", (PRUint32)42 },
-  { (void *)"\264\343\013\234\301\325\356\275\240\040\030\370\271\212\321\377"
-"\151\267\072\161"
-, (PRUint32)20 },
-  { (void *)"\353\264\040\035\017\266\161\003\367\304\367\307\244\162\206\350"
-, (PRUint32)16 },
-  { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004"
-"\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122"
-"\157\157\164"
-, (PRUint32)99 },
-  { (void *)"\002\004\002\000\000\270"
-, (PRUint32)6 },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_74 [] = {
+static const NSSItem nss_builtins_items_68 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure Global eBusiness CA", (PRUint32)35 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
@@ -4735,17 +4390,17 @@ static const NSSItem nss_builtins_items_
 "\147\275\001\257\315\340\161\374\132\317\144\304\340\226\230\320"
 "\243\100\342\001\212\357\047\007\361\145\001\212\104\055\006\145"
 "\165\122\300\206\020\040\041\137\154\153\017\154\256\011\034\257"
 "\362\242\030\064\304\165\244\163\034\361\215\334\357\255\371\263"
 "\166\264\222\277\334\225\020\036\276\313\310\073\132\204\140\031"
 "\126\224\251\125"
 , (PRUint32)660 }
 };
-static const NSSItem nss_builtins_items_75 [] = {
+static const NSSItem nss_builtins_items_69 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure Global eBusiness CA", (PRUint32)35 },
   { (void *)"\176\170\112\020\034\202\145\314\055\341\361\155\107\264\100\312"
 "\331\012\031\105"
 , (PRUint32)20 },
@@ -4759,17 +4414,17 @@ static const NSSItem nss_builtins_items_
 "\165\163\151\156\145\163\163\040\103\101\055\061"
 , (PRUint32)92 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_76 [] = {
+static const NSSItem nss_builtins_items_70 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 1", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
@@ -4826,17 +4481,17 @@ static const NSSItem nss_builtins_items_
 "\142\040\247\204\113\130\145\361\342\371\225\041\077\365\324\176"
 "\130\036\107\207\124\076\130\241\265\265\370\052\357\161\347\274"
 "\303\366\261\111\106\342\327\240\153\345\126\172\232\047\230\174"
 "\106\142\024\347\311\374\156\003\022\171\200\070\035\110\202\215"
 "\374\027\376\052\226\053\265\142\246\246\075\275\177\222\131\315"
 "\132\052\202\262\067\171"
 , (PRUint32)646 }
 };
-static const NSSItem nss_builtins_items_77 [] = {
+static const NSSItem nss_builtins_items_71 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 1", (PRUint32)30 },
   { (void *)"\332\100\030\213\221\211\243\355\356\256\332\227\376\057\235\365"
 "\267\321\212\101"
 , (PRUint32)20 },
@@ -4850,17 +4505,17 @@ static const NSSItem nss_builtins_items_
 "\040\103\101\055\061"
 , (PRUint32)85 },
   { (void *)"\002\001\004"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_78 [] = {
+static const NSSItem nss_builtins_items_72 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 2", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\027\060\025\006\003\125\004\012\023\016\105\161\165\151\146\141"
@@ -4925,17 +4580,17 @@ static const NSSItem nss_builtins_items_
 "\321\301\076\123\237\003\104\260\176\113\364\157\344\174\037\347"
 "\342\261\344\270\232\357\303\275\316\336\013\062\064\331\336\050"
 "\355\063\153\304\324\327\075\022\130\253\175\011\055\313\160\365"
 "\023\212\224\241\047\244\326\160\305\155\224\265\311\175\235\240"
 "\322\306\010\111\331\146\233\246\323\364\013\334\305\046\127\341"
 "\221\060\352\315"
 , (PRUint32)804 }
 };
-static const NSSItem nss_builtins_items_79 [] = {
+static const NSSItem nss_builtins_items_73 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 2", (PRUint32)30 },
   { (void *)"\071\117\366\205\013\006\276\122\345\030\126\314\020\341\200\350"
 "\202\263\205\314"
 , (PRUint32)20 },
@@ -4948,17 +4603,17 @@ static const NSSItem nss_builtins_items_
 "\145\040\145\102\165\163\151\156\145\163\163\040\103\101\055\062"
 , (PRUint32)80 },
   { (void *)"\002\004\067\160\317\265"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_80 [] = {
+static const NSSItem nss_builtins_items_74 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 2", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -5033,17 +4688,17 @@ static const NSSItem nss_builtins_items_
 "\212\362\043\330\057\313\156\000\066\117\373\360\057\001\314\017"
 "\300\042\145\364\253\342\116\141\055\003\202\175\221\026\265\060"
 "\325\024\336\136\307\220\374\241\374\253\020\257\134\153\160\247"
 "\007\357\051\206\350\262\045\307\040\377\046\335\167\357\171\104"
 "\024\304\275\335\073\305\003\233\167\043\354\240\354\273\132\071"
 "\265\314\255\006"
 , (PRUint32)900 }
 };
-static const NSSItem nss_builtins_items_81 [] = {
+static const NSSItem nss_builtins_items_75 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 2", (PRUint32)33 },
   { (void *)"\311\015\033\352\210\075\247\321\027\276\073\171\364\041\016\032"
 "\130\224\247\055"
 , (PRUint32)20 },
@@ -5058,17 +4713,17 @@ static const NSSItem nss_builtins_items_
 "\164\040\062"
 , (PRUint32)99 },
   { (void *)"\002\002\003\036"
 , (PRUint32)4 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_82 [] = {
+static const NSSItem nss_builtins_items_76 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA", (PRUint32)18 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061"
 "\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123"
@@ -5167,17 +4822,17 @@ static const NSSItem nss_builtins_items_
 "\344\164\324\075\352\001\161\272\004\165\100\247\251\177\071\071"
 "\232\125\227\051\145\256\031\125\045\005\162\107\323\350\030\334"
 "\270\351\257\103\163\001\022\164\243\341\134\137\025\135\044\363"
 "\371\344\364\266\147\147\022\347\144\042\212\366\245\101\246\034"
 "\266\140\143\105\212\020\264\272\106\020\256\101\127\145\154\077"
 "\043\020\077\041\020\131\267\344\100\335\046\014\043\366\252\256"
 , (PRUint32)1328 }
 };
-static const NSSItem nss_builtins_items_83 [] = {
+static const NSSItem nss_builtins_items_77 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA", (PRUint32)18 },
   { (void *)"\133\315\315\314\146\366\334\344\104\037\343\175\134\303\023\114"
 "\106\364\160\070"
 , (PRUint32)20 },
@@ -5191,17 +4846,17 @@ static const NSSItem nss_builtins_items_
 "\123\124\145\144\040\122\157\157\164\040\103\101"
 , (PRUint32)92 },
   { (void *)"\002\004\071\117\175\207"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_84 [] = {
+static const NSSItem nss_builtins_items_78 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Low-Value Services Root", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5285,17 +4940,17 @@ static const NSSItem nss_builtins_items_
 "\247\077\376\321\146\255\013\274\153\231\206\357\077\175\363\030"
 "\062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173"
 "\054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200"
 "\132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317"
 "\213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344"
 "\065\341\035\026\034\320\274\053\216\326\161\331"
 , (PRUint32)1052 }
 };
-static const NSSItem nss_builtins_items_85 [] = {
+static const NSSItem nss_builtins_items_79 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Low-Value Services Root", (PRUint32)33 },
   { (void *)"\314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353"
 "\044\343\224\235"
 , (PRUint32)20 },
@@ -5310,17 +4965,17 @@ static const NSSItem nss_builtins_items_
 "\103\101\040\122\157\157\164"
 , (PRUint32)103 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_86 [] = {
+static const NSSItem nss_builtins_items_80 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust External Root", (PRUint32)23 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5408,17 +5063,17 @@ static const NSSItem nss_builtins_items_
 "\142\041\150\025\040\103\074\231\347\174\275\044\330\251\221\027"
 "\163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236"
 "\216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163"
 "\111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132"
 "\232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202"
 "\027\132\173\320\274\307\217\116\206\004"
 , (PRUint32)1082 }
 };
-static const NSSItem nss_builtins_items_87 [] = {
+static const NSSItem nss_builtins_items_81 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust External Root", (PRUint32)23 },
   { (void *)"\002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133"
 "\150\205\030\150"
 , (PRUint32)20 },
@@ -5434,17 +5089,17 @@ static const NSSItem nss_builtins_items_
 "\164"
 , (PRUint32)113 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_88 [] = {
+static const NSSItem nss_builtins_items_82 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Public Services Root", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5528,17 +5183,17 @@ static const NSSItem nss_builtins_items_
 "\341\042\015\207\000\144\376\214\175\142\071\145\246\357\102\266"
 "\200\045\022\141\001\250\044\023\160\000\021\046\137\372\065\120"
 "\305\110\314\006\107\350\047\330\160\215\137\144\346\241\104\046"
 "\136\042\354\222\315\377\102\232\104\041\155\134\305\343\042\035"
 "\137\107\022\347\316\137\135\372\330\252\261\063\055\331\166\362"
 "\116\072\063\014\053\263\055\220\006"
 , (PRUint32)1049 }
 };
-static const NSSItem nss_builtins_items_89 [] = {
+static const NSSItem nss_builtins_items_83 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Public Services Root", (PRUint32)30 },
   { (void *)"\052\266\050\110\136\170\373\363\255\236\171\020\335\153\337\231"
 "\162\054\226\345"
 , (PRUint32)20 },
@@ -5554,17 +5209,17 @@ static const NSSItem nss_builtins_items_
 "\164"
 , (PRUint32)113 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_90 [] = {
+static const NSSItem nss_builtins_items_84 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Qualified Certificates Root", (PRUint32)37 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5649,17 +5304,17 @@ static const NSSItem nss_builtins_items_
 "\011\371\277\122\241\356\302\200\076\006\134\056\125\100\301\033"
 "\365\160\105\260\334\135\372\366\162\132\167\322\143\315\317\130"
 "\211\000\102\143\077\171\071\320\104\260\202\156\101\031\350\335"
 "\340\301\210\132\321\036\161\223\037\044\060\164\345\036\250\336"
 "\074\047\067\177\203\256\236\167\317\360\060\261\377\113\231\350"
 "\306\241"
 , (PRUint32)1058 }
 };
-static const NSSItem nss_builtins_items_91 [] = {
+static const NSSItem nss_builtins_items_85 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Qualified Certificates Root", (PRUint32)37 },
   { (void *)"\115\043\170\354\221\225\071\265\000\177\165\217\003\073\041\036"
 "\305\115\213\317"
 , (PRUint32)20 },
@@ -5674,17 +5329,17 @@ static const NSSItem nss_builtins_items_
 "\144\040\103\101\040\122\157\157\164"
 , (PRUint32)105 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_92 [] = {
+static const NSSItem nss_builtins_items_86 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -5766,17 +5421,17 @@ static const NSSItem nss_builtins_items_
 "\301\167\234\275\054\003\170\051\215\244\245\167\207\365\361\053"
 "\046\255\314\007\154\072\124\132\050\340\011\363\115\012\004\312"
 "\324\130\151\013\247\263\365\335\001\245\347\334\360\037\272\301"
 "\135\220\215\263\352\117\301\021\131\227\152\262\053\023\261\332"
 "\255\227\241\263\261\240\040\133\312\062\253\215\317\023\360\037"
 "\051\303"
 , (PRUint32)930 }
 };
-static const NSSItem nss_builtins_items_93 [] = {
+static const NSSItem nss_builtins_items_87 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\004\226\110\344\112\311\314\255\105\203\230\331\074\175\221\365"
 "\042\104\033\212"
 , (PRUint32)20 },
@@ -5792,17 +5447,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\020\053\150\324\243\106\236\305\073\050\011\253\070\135\177"
 "\047\040"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_94 [] = {
+static const NSSItem nss_builtins_items_88 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -5884,17 +5539,17 @@ static const NSSItem nss_builtins_items_
 "\040\232\163\055\163\125\154\130\233\054\302\264\064\054\172\063"
 "\102\312\221\331\351\103\257\317\036\340\365\304\172\253\077\162"
 "\143\036\251\067\341\133\073\210\263\023\206\202\220\127\313\127"
 "\377\364\126\276\042\335\343\227\250\341\274\042\103\302\335\115"
 "\333\366\201\236\222\024\236\071\017\023\124\336\202\330\300\136"
 "\064\215"
 , (PRUint32)930 }
 };
-static const NSSItem nss_builtins_items_95 [] = {
+static const NSSItem nss_builtins_items_89 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\042\171\151\276\320\122\116\115\035\066\262\361\162\041\167\361"
 "\124\123\110\167"
 , (PRUint32)20 },
@@ -5910,17 +5565,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\020\011\106\027\346\035\330\324\034\240\014\240\142\350\171"
 "\212\247"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_96 [] = {
+static const NSSItem nss_builtins_items_90 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -6002,17 +5657,17 @@ static const NSSItem nss_builtins_items_
 "\001\163\132\221\221\202\124\054\023\012\323\167\043\317\067\374"
 "\143\336\247\343\366\267\265\151\105\050\111\303\221\334\252\107"
 "\034\251\210\231\054\005\052\215\215\212\372\142\342\132\267\000"
 "\040\135\071\304\050\302\313\374\236\250\211\256\133\075\216\022"
 "\352\062\262\374\353\024\327\011\025\032\300\315\033\325\265\025"
 "\116\101\325\226\343\116"
 , (PRUint32)934 }
 };
-static const NSSItem nss_builtins_items_97 [] = {
+static const NSSItem nss_builtins_items_91 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\265\355\267\332\046\072\126\164\322\042\105\060\324\307\217\172"
 "\007\365\345\137"
 , (PRUint32)20 },
@@ -6028,17 +5683,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\020\056\226\236\277\266\142\154\354\173\351\163\314\343\154"
 "\301\204"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_98 [] = {
+static const NSSItem nss_builtins_items_92 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Secure Server OCSP Responder", (PRUint32)38 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\236\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -6120,17 +5775,17 @@ static const NSSItem nss_builtins_items_
 "\052\266\226\117\107\333\276\116\333\316\314\272\206\270\030\316"
 "\261\022\221\137\143\367\363\110\076\314\361\115\023\344\155\011"
 "\224\170\000\222\313\243\040\235\006\013\152\240\103\007\316\321"
 "\031\154\217\030\165\232\237\027\063\375\251\046\270\343\342\336"
 "\302\250\304\132\212\177\230\326\007\006\153\314\126\236\206\160"
 "\316\324\357"
 , (PRUint32)931 }
 };
-static const NSSItem nss_builtins_items_99 [] = {
+static const NSSItem nss_builtins_items_93 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Secure Server OCSP Responder", (PRUint32)38 },
   { (void *)"\161\236\140\141\327\175\054\203\361\242\135\074\366\215\002\274"
 "\224\070\305\056"
 , (PRUint32)20 },
@@ -6146,17 +5801,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\021\000\377\105\325\047\135\044\373\263\302\071\044\123\127"
 "\341\117\336"
 , (PRUint32)19 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_100 [] = {
+static const NSSItem nss_builtins_items_94 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Time Stamping Authority CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\245\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -6247,17 +5902,17 @@ static const NSSItem nss_builtins_items_
 "\067\000\064\047\051\350\067\113\362\357\104\227\153\027\121\032"
 "\303\126\235\074\032\212\366\112\106\106\067\214\372\313\365\144"
 "\132\070\150\056\034\303\357\160\316\270\106\006\026\277\367\176"
 "\347\265\250\076\105\254\251\045\165\042\173\157\077\260\234\224"
 "\347\307\163\253\254\037\356\045\233\300\026\355\267\312\133\360"
 "\024"
 , (PRUint32)977 }
 };
-static const NSSItem nss_builtins_items_101 [] = {
+static const NSSItem nss_builtins_items_95 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Time Stamping Authority CA", (PRUint32)36 },
   { (void *)"\246\017\064\310\142\154\201\366\213\367\175\251\366\147\130\212"
 "\220\077\175\066"
 , (PRUint32)20 },
@@ -6279,17 +5934,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)196 },
   { (void *)"\002\020\123\141\262\140\256\333\161\216\247\224\263\023\063\364"
 "\007\011"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_102 [] = {
+static const NSSItem nss_builtins_items_96 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Time Stamping CA", (PRUint32)24 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\213\061\013\060\011\006\003\125\004\006\023\002\132\101"
 "\061\025\060\023\006\003\125\004\010\023\014\127\145\163\164\145"
@@ -6354,17 +6009,17 @@ static const NSSItem nss_builtins_items_
 "\151\306\136\344\260\224\157\112\271\347\336\133\210\266\173\333"
 "\343\047\345\166\303\360\065\301\313\265\047\233\063\171\334\220"
 "\246\000\236\167\372\374\315\047\224\102\026\234\323\034\150\354"
 "\277\134\335\345\251\173\020\012\062\164\124\023\061\213\205\003"
 "\204\221\267\130\001\060\024\070\257\050\312\374\261\120\031\031"
 "\011\254\211\111\323"
 , (PRUint32)677 }
 };
-static const NSSItem nss_builtins_items_103 [] = {
+static const NSSItem nss_builtins_items_97 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Time Stamping CA", (PRUint32)24 },
   { (void *)"\276\066\244\126\057\262\356\005\333\263\323\043\043\255\364\105"
 "\010\116\326\126"
 , (PRUint32)20 },
@@ -6381,17 +6036,17 @@ static const NSSItem nss_builtins_items_
 "\151\155\145\163\164\141\155\160\151\156\147\040\103\101"
 , (PRUint32)142 },
   { (void *)"\002\001\000"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_104 [] = {
+static const NSSItem nss_builtins_items_98 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
 "\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
@@ -6493,17 +6148,17 @@ static const NSSItem nss_builtins_items_
 "\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205"
 "\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021"
 "\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154"
 "\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124"
 "\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274"
 "\005\377\154\211\063\360\354\025\017"
 , (PRUint32)1177 }
 };
-static const NSSItem nss_builtins_items_105 [] = {
+static const NSSItem nss_builtins_items_99 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
   { (void *)"\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366"
 "\045\072\110\223"
 , (PRUint32)20 },
@@ -6523,17 +6178,17 @@ static const NSSItem nss_builtins_items_
 "\151\157\156\040\101\165\164\150\157\162\151\164\171"
 , (PRUint32)189 },
   { (void *)"\002\004\070\233\021\074"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_106 [] = {
+static const NSSItem nss_builtins_items_100 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
 "\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
@@ -6634,17 +6289,17 @@ static const NSSItem nss_builtins_items_
 "\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276"
 "\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277"
 "\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172"
 "\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103"
 "\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235"
 "\316\145\146\227\256\046\136"
 , (PRUint32)1159 }
 };
-static const NSSItem nss_builtins_items_107 [] = {
+static const NSSItem nss_builtins_items_101 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
   { (void *)"\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266"
 "\266\360\277\163"
 , (PRUint32)20 },
@@ -6664,17 +6319,17 @@ static const NSSItem nss_builtins_items_
 "\164\150\157\162\151\164\171"
 , (PRUint32)183 },
   { (void *)"\002\004\070\236\366\344"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_108 [] = {
+static const NSSItem nss_builtins_items_102 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 1", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124"
@@ -6759,17 +6414,17 @@ static const NSSItem nss_builtins_items_
 "\237\141\150\317\055\114\004\235\327\045\117\012\016\115\220\213"
 "\030\126\250\223\110\127\334\157\256\275\236\147\127\167\211\120"
 "\263\276\021\233\105\147\203\206\031\207\323\230\275\010\032\026"
 "\037\130\202\013\341\226\151\005\113\216\354\203\121\061\007\325"
 "\324\237\377\131\173\250\156\205\317\323\113\251\111\260\137\260"
 "\071\050\150\016\163\335\045\232\336\022"
 , (PRUint32)1002 }
 };
-static const NSSItem nss_builtins_items_109 [] = {
+static const NSSItem nss_builtins_items_103 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 1", (PRUint32)47 },
   { (void *)"\164\124\123\134\044\243\247\130\040\176\076\076\323\044\370\026"
 "\373\041\026\111"
 , (PRUint32)20 },
@@ -6786,17 +6441,17 @@ static const NSSItem nss_builtins_items_
 "\162\151\164\171\040\061"
 , (PRUint32)134 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_110 [] = {
+static const NSSItem nss_builtins_items_104 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 2", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124"
@@ -6913,17 +6568,17 @@ static const NSSItem nss_builtins_items_
 "\050\030\244\026\017\061\375\072\154\043\223\040\166\341\375\007"
 "\205\321\133\077\322\034\163\062\335\372\271\370\214\317\002\207"
 "\172\232\226\344\355\117\211\215\123\103\253\016\023\300\001\025"
 "\264\171\070\333\374\156\075\236\121\266\270\023\213\147\317\371"
 "\174\331\042\035\366\135\305\034\001\057\230\350\172\044\030\274"
 "\204\327\372\334\162\133\367\301\072\150"
 , (PRUint32)1514 }
 };
-static const NSSItem nss_builtins_items_111 [] = {
+static const NSSItem nss_builtins_items_105 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 2", (PRUint32)47 },
   { (void *)"\374\041\232\166\021\057\166\301\305\010\203\074\232\057\242\272"
 "\204\254\010\172"
 , (PRUint32)20 },
@@ -6940,17 +6595,17 @@ static const NSSItem nss_builtins_items_
 "\162\151\164\171\040\062"
 , (PRUint32)134 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_112 [] = {
+static const NSSItem nss_builtins_items_106 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA-Baltimore Implementation", (PRUint32)43 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124"
 "\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023"
@@ -7055,17 +6710,17 @@ static const NSSItem nss_builtins_items_
 "\341\305\175\357\041\340\215\016\135\121\175\261\147\375\243\275"
 "\070\066\306\362\070\206\207\032\226\150\140\106\373\050\024\107"
 "\125\341\247\200\014\153\342\352\337\115\174\220\110\240\066\275"
 "\011\027\211\177\303\362\323\234\234\343\335\304\033\335\365\267"
 "\161\263\123\005\211\006\320\313\112\200\301\310\123\220\265\074"
 "\061\210\027\120\237\311\304\016\213\330\250\002\143\015"
 , (PRUint32)1390 }
 };
-static const NSSItem nss_builtins_items_113 [] = {
+static const NSSItem nss_builtins_items_107 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA-Baltimore Implementation", (PRUint32)43 },
   { (void *)"\334\273\236\267\031\113\304\162\005\301\021\165\051\206\203\133"
 "\123\312\344\370"
 , (PRUint32)20 },
@@ -7080,17 +6735,17 @@ static const NSSItem nss_builtins_items_
 "\145\156\164\141\164\151\157\156"
 , (PRUint32)104 },
   { (void *)"\002\004\074\265\075\106"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_114 [] = {
+static const NSSItem nss_builtins_items_108 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - Entrust Implementation", (PRUint32)43 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124"
 "\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023"
@@ -7210,17 +6865,17 @@ static const NSSItem nss_builtins_items_
 "\136\000\245\314\314\174\051\052\336\050\220\253\267\341\266\377"
 "\175\045\013\100\330\252\064\243\055\336\007\353\137\316\012\335"
 "\312\176\072\175\046\301\142\150\072\346\057\067\363\201\206\041"
 "\304\251\144\252\357\105\066\321\032\146\174\370\351\067\326\326"
 "\141\276\242\255\110\347\337\346\164\376\323\155\175\322\045\334"
 "\254\142\127\251\367"
 , (PRUint32)1621 }
 };
-static const NSSItem nss_builtins_items_115 [] = {
+static const NSSItem nss_builtins_items_109 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - Entrust Implementation", (PRUint32)43 },
   { (void *)"\162\231\171\023\354\233\015\256\145\321\266\327\262\112\166\243"
 "\256\302\356\026"
 , (PRUint32)20 },
@@ -7235,17 +6890,17 @@ static const NSSItem nss_builtins_items_
 "\145\156\164\141\164\151\157\156"
 , (PRUint32)104 },
   { (void *)"\002\004\074\265\117\100"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_116 [] = {
+static const NSSItem nss_builtins_items_110 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - RSA Implementation", (PRUint32)39 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124"
 "\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023"
@@ -7351,17 +7006,17 @@ static const NSSItem nss_builtins_items_
 "\047\134\323\163\007\301\302\363\114\233\157\237\033\312\036\252"
 "\250\070\063\011\130\262\256\374\007\350\066\334\125\272\057\117"
 "\100\376\172\275\006\246\201\301\223\042\174\206\021\012\006\167"
 "\110\256\065\267\057\062\232\141\136\213\276\051\237\051\044\210"
 "\126\071\054\250\322\253\226\003\132\324\110\237\271\100\204\013"
 "\230\150\373\001\103\326\033\342\011\261\227\034"
 , (PRUint32)1388 }
 };
-static const NSSItem nss_builtins_items_117 [] = {
+static const NSSItem nss_builtins_items_111 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - RSA Implementation", (PRUint32)39 },
   { (void *)"\035\202\131\312\041\047\303\313\301\154\331\062\366\054\145\051"
 "\214\250\207\022"
 , (PRUint32)20 },
@@ -7377,17 +7032,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)100 },
   { (void *)"\002\020\073\131\307\173\315\133\127\236\275\067\122\254\166\264"
 "\252\032"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_118 [] = {
+static const NSSItem nss_builtins_items_112 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 2048 v3", (PRUint32)21 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101"
 "\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060"
@@ -7455,17 +7110,17 @@ static const NSSItem nss_builtins_items_
 "\022\000\360\137\254\015\341\254\160\143\163\367\177\171\237\062"
 "\045\102\164\005\200\050\277\275\301\044\226\130\025\261\027\041"
 "\351\211\113\333\007\210\147\364\025\255\160\076\057\115\205\073"
 "\302\267\333\376\230\150\043\211\341\164\017\336\364\305\204\143"
 "\051\033\314\313\007\311\000\244\251\327\302\042\117\147\327\167"
 "\354\040\005\141\336"
 , (PRUint32)869 }
 };
-static const NSSItem nss_builtins_items_119 [] = {
+static const NSSItem nss_builtins_items_113 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 2048 v3", (PRUint32)21 },
   { (void *)"\045\001\220\031\317\373\331\231\034\267\150\045\164\215\224\137"
 "\060\223\225\102"
 , (PRUint32)20 },
@@ -7478,17 +7133,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)60 },
   { (void *)"\002\020\012\001\001\001\000\000\002\174\000\000\000\012\000\000"
 "\000\002"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_120 [] = {
+static const NSSItem nss_builtins_items_114 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 1024 v3", (PRUint32)21 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101"
 "\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060"
@@ -7539,17 +7194,17 @@ static const NSSItem nss_builtins_items_
 "\103\225\343\037\351\166\315\334\353\274\223\240\145\012\307\115"
 "\117\137\247\257\242\106\024\271\014\363\314\275\152\156\267\235"
 "\336\045\102\320\124\377\236\150\163\143\334\044\353\042\277\250"
 "\162\362\136\000\341\015\116\072\103\156\231\116\077\211\170\003"
 "\230\312\363\125\314\235\256\216\301\252\105\230\372\217\032\240"
 "\215\210\043\361\025\101\015\245\106\076\221\077\213\353\367\161"
 , (PRUint32)608 }
 };
-static const NSSItem nss_builtins_items_121 [] = {
+static const NSSItem nss_builtins_items_115 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 1024 v3", (PRUint32)21 },
   { (void *)"\074\273\135\340\374\326\071\174\005\210\345\146\227\275\106\052"
 "\275\371\134\166"
 , (PRUint32)20 },
@@ -7562,17 +7217,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)60 },
   { (void *)"\002\020\012\001\001\001\000\000\002\174\000\000\000\013\000\000"
 "\000\002"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_122 [] = {
+static const NSSItem nss_builtins_items_116 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GeoTrust Global CA", (PRUint32)19 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165"
@@ -7640,17 +7295,17 @@ static const NSSItem nss_builtins_items_
 "\207\016\004\154\325\377\335\240\135\355\207\122\267\053\025\002"
 "\256\071\246\152\164\351\332\304\347\274\115\064\036\251\134\115"
 "\063\137\222\011\057\210\146\135\167\227\307\035\166\023\251\325"
 "\345\361\026\011\021\065\325\254\333\044\161\160\054\230\126\013"
 "\331\027\264\321\343\121\053\136\165\350\325\320\334\117\064\355"
 "\302\005\146\200\241\313\346\063"
 , (PRUint32)856 }
 };
-static const NSSItem nss_builtins_items_123 [] = {
+static const NSSItem nss_builtins_items_117 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GeoTrust Global CA", (PRUint32)19 },
   { (void *)"\336\050\364\244\377\345\271\057\243\305\003\321\243\111\247\371"
 "\226\052\202\022"
 , (PRUint32)20 },
@@ -7663,17 +7318,17 @@ static const NSSItem nss_builtins_items_
 "\154\040\103\101"
 , (PRUint32)68 },
   { (void *)"\002\003\002\064\126"
 , (PRUint32)5 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_124 [] = {
+static const NSSItem nss_builtins_items_118 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"UTN-USER First-Network Applications", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\243\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060"
@@ -7771,17 +7426,17 @@ static const NSSItem nss_builtins_items_
 "\255\006\264\334\010\243\004\325\051\244\226\232\022\147\112\214"
 "\140\105\235\361\043\232\260\000\234\150\265\230\120\323\357\216"
 "\056\222\145\261\110\076\041\276\025\060\052\015\265\014\243\153"
 "\077\256\177\127\365\037\226\174\337\157\335\202\060\054\145\033"
 "\100\112\315\150\271\162\354\161\166\354\124\216\037\205\014\001"
 "\152\372\246\070\254\037\304\204"
 , (PRUint32)1128 }
 };
-static const NSSItem nss_builtins_items_125 [] = {
+static const NSSItem nss_builtins_items_119 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"UTN-USER First-Network Applications", (PRUint32)36 },
   { (void *)"\135\230\234\333\025\226\021\066\121\145\144\033\126\017\333\352"
 "\052\302\076\361"
 , (PRUint32)20 },
@@ -7801,17 +7456,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)166 },
   { (void *)"\002\020\104\276\014\213\120\000\044\264\021\323\066\060\113\300"
 "\063\167"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_126 [] = {
+static const NSSItem nss_builtins_items_120 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 1", (PRUint32)46 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143"
@@ -7888,17 +7543,17 @@ static const NSSItem nss_builtins_items_
 "\335\245\270\062\237\215\340\051\337\041\164\206\202\333\057\202"
 "\060\306\307\065\206\263\371\226\137\106\333\014\105\375\363\120"
 "\303\157\306\303\110\255\106\246\341\047\107\012\035\016\233\266"
 "\302\167\177\143\362\340\175\032\276\374\340\337\327\307\247\154"
 "\260\371\256\272\074\375\164\264\021\350\130\015\200\274\323\250"
 "\200\072\231\355\165\314\106\173"
 , (PRUint32)936 }
 };
-static const NSSItem nss_builtins_items_127 [] = {
+static const NSSItem nss_builtins_items_121 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 1", (PRUint32)46 },
   { (void *)"\071\041\301\025\301\135\016\312\134\313\133\304\360\175\041\330"
 "\005\013\126\152"
 , (PRUint32)20 },
@@ -7913,17 +7568,17 @@ static const NSSItem nss_builtins_items_
 "\151\164\171\040\061"
 , (PRUint32)101 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_128 [] = {
+static const NSSItem nss_builtins_items_122 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 2", (PRUint32)46 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143"
@@ -8032,17 +7687,17 @@ static const NSSItem nss_builtins_items_
 "\375\034\215\000\017\270\067\337\147\212\235\146\251\002\152\221"
 "\377\023\312\057\135\203\274\207\223\154\334\044\121\026\004\045"
 "\146\372\263\331\302\272\051\276\232\110\070\202\231\364\277\073"
 "\112\061\031\371\277\216\041\063\024\312\117\124\137\373\316\373"
 "\217\161\177\375\136\031\240\017\113\221\270\304\124\274\006\260"
 "\105\217\046\221\242\216\376\251"
 , (PRUint32)1448 }
 };
-static const NSSItem nss_builtins_items_129 [] = {
+static const NSSItem nss_builtins_items_123 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 2", (PRUint32)46 },
   { (void *)"\205\265\377\147\233\014\171\226\037\310\156\104\042\000\106\023"
 "\333\027\222\204"
 , (PRUint32)20 },
@@ -8057,17 +7712,17 @@ static const NSSItem nss_builtins_items_
 "\151\164\171\040\062"
 , (PRUint32)101 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_130 [] = {
+static const NSSItem nss_builtins_items_124 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa eCommerce Root", (PRUint32)20 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -8145,17 +7800,17 @@ static const NSSItem nss_builtins_items_
 "\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060"
 "\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213"
 "\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000"
 "\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355"
 "\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026"
 "\222\340\134\366\007\017"
 , (PRUint32)934 }
 };
-static const NSSItem nss_builtins_items_131 [] = {
+static const NSSItem nss_builtins_items_125 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa eCommerce Root", (PRUint32)20 },
   { (void *)"\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062"
 "\275\340\005\142"
 , (PRUint32)20 },
@@ -8171,17 +7826,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)109 },
   { (void *)"\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220"
 "\034\142"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_132 [] = {
+static const NSSItem nss_builtins_items_126 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 2 CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105"
 "\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165"
@@ -8263,17 +7918,17 @@ static const NSSItem nss_builtins_items_
 "\214\265\137\172\162\241\205\006\316\206\370\005\216\350\371\045"
 "\312\332\203\214\006\254\353\066\155\205\221\064\004\066\364\102"
 "\360\370\171\056\012\110\134\253\314\121\117\170\166\240\331\254"
 "\031\275\052\321\151\004\050\221\312\066\020\047\200\127\133\322"
 "\134\365\302\133\253\144\201\143\164\121\364\227\277\315\022\050"
 "\367\115\146\177\247\360\034\001\046\170\262\146\107\160\121\144"
 , (PRUint32)864 }
 };
-static const NSSItem nss_builtins_items_133 [] = {
+static const NSSItem nss_builtins_items_127 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 2 CA", (PRUint32)36 },
   { (void *)"\203\216\060\367\177\335\024\252\070\136\321\105\000\234\016\042"
 "\066\111\117\252"
 , (PRUint32)20 },
@@ -8293,17 +7948,17 @@ static const NSSItem nss_builtins_items_
 "\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145"
 , (PRUint32)191 },
   { (void *)"\002\002\003\352"
 , (PRUint32)4 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_134 [] = {
+static const NSSItem nss_builtins_items_128 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 3 CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105"
 "\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165"
@@ -8385,17 +8040,17 @@ static const NSSItem nss_builtins_items_
 "\115\275\175\001\243\077\366\354\316\361\336\376\175\345\341\076"
 "\273\306\253\136\013\335\075\226\304\313\251\324\371\046\346\006"
 "\116\236\014\245\172\272\156\303\174\202\031\321\307\261\261\303"
 "\333\015\216\233\100\174\067\013\361\135\350\375\037\220\210\245"
 "\016\116\067\144\041\250\116\215\264\237\361\336\110\255\325\126"
 "\030\122\051\213\107\064\022\011\324\273\222\065\357\017\333\064"
 , (PRUint32)864 }
 };
-static const NSSItem nss_builtins_items_135 [] = {
+static const NSSItem nss_builtins_items_129 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 3 CA", (PRUint32)36 },
   { (void *)"\237\307\226\350\370\122\117\206\072\341\111\155\070\022\102\020"
 "\137\033\170\365"
 , (PRUint32)20 },
@@ -8549,22 +8204,16 @@ nss_builtins_data[] = {
   { 12, nss_builtins_types_121, nss_builtins_items_121, {NULL} },
   { 11, nss_builtins_types_122, nss_builtins_items_122, {NULL} },
   { 12, nss_builtins_types_123, nss_builtins_items_123, {NULL} },
   { 11, nss_builtins_types_124, nss_builtins_items_124, {NULL} },
   { 12, nss_builtins_types_125, nss_builtins_items_125, {NULL} },
   { 11, nss_builtins_types_126, nss_builtins_items_126, {NULL} },
   { 12, nss_builtins_types_127, nss_builtins_items_127, {NULL} },
   { 11, nss_builtins_types_128, nss_builtins_items_128, {NULL} },
-  { 12, nss_builtins_types_129, nss_builtins_items_129, {NULL} },
-  { 11, nss_builtins_types_130, nss_builtins_items_130, {NULL} },
-  { 12, nss_builtins_types_131, nss_builtins_items_131, {NULL} },
-  { 11, nss_builtins_types_132, nss_builtins_items_132, {NULL} },
-  { 12, nss_builtins_types_133, nss_builtins_items_133, {NULL} },
-  { 11, nss_builtins_types_134, nss_builtins_items_134, {NULL} },
-  { 12, nss_builtins_types_135, nss_builtins_items_135, {NULL} }
+  { 12, nss_builtins_types_129, nss_builtins_items_129, {NULL} }
 };
 PR_IMPLEMENT_DATA(const PRUint32)
 #ifdef DEBUG
-  nss_builtins_nObjects = 135+1;
+  nss_builtins_nObjects = 129+1;
 #else
-  nss_builtins_nObjects = 135;
+  nss_builtins_nObjects = 129;
 #endif /* DEBUG */
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -4176,269 +4176,16 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\004\070\143\271\146
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 
 #
-# Certificate "ValiCert OCSP Responder"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "ValiCert OCSP Responder"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141
-\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157
-\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125
-\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156
-\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141
-\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040
-\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120
-\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072
-\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156
-\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001
-\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162
-\164\056\143\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141
-\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157
-\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125
-\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156
-\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141
-\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040
-\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120
-\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072
-\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156
-\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001
-\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162
-\164\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\110\060\202\002\261\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141\154
-\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157\156
-\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125\004
-\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156\143
-\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141\163
-\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120\061
-\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072\057
-\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156\145
-\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001\011
-\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162\164
-\056\143\157\155\060\036\027\015\060\060\060\062\061\062\061\061
-\065\060\060\065\132\027\015\060\065\060\062\061\060\061\061\065
-\060\060\065\132\060\201\262\061\044\060\042\006\003\125\004\007
-\023\033\126\141\154\151\103\145\162\164\040\126\141\154\151\144
-\141\164\151\157\156\040\116\145\164\167\157\162\153\061\027\060
-\025\006\003\125\004\012\023\016\126\141\154\151\103\145\162\164
-\054\040\111\156\143\056\061\054\060\052\006\003\125\004\013\023
-\043\103\154\141\163\163\040\061\040\126\141\154\151\144\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040
-\117\103\123\120\061\041\060\037\006\003\125\004\003\023\030\150
-\164\164\160\072\057\057\167\167\167\056\166\141\154\151\143\145
-\162\164\056\156\145\164\057\061\040\060\036\006\011\052\206\110
-\206\367\015\001\011\001\026\021\151\156\146\157\100\166\141\154
-\151\143\145\162\164\056\143\157\155\060\201\237\060\015\006\011
-\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
-\201\211\002\201\201\000\307\214\057\247\303\100\207\073\075\327
-\304\232\130\024\144\012\303\010\071\142\032\317\322\353\251\361
-\151\164\212\312\016\132\166\314\242\122\116\320\363\304\172\265
-\370\246\034\273\243\247\244\123\207\133\215\300\000\273\325\146
-\044\347\164\306\026\310\257\310\003\142\325\062\207\242\122\221
-\104\224\225\250\107\103\155\245\110\234\366\114\165\325\117\142
-\347\311\377\173\364\044\214\247\274\050\166\265\062\240\045\163
-\267\107\057\170\370\106\371\207\024\360\167\374\012\167\350\117
-\375\214\037\372\142\331\002\003\001\000\001\243\154\060\152\060
-\017\006\011\053\006\001\005\005\007\060\001\005\004\002\005\000
-\060\023\006\003\125\035\045\004\014\060\012\006\010\053\006\001
-\005\005\007\003\011\060\013\006\003\125\035\017\004\004\003\002
-\001\206\060\065\006\010\053\006\001\005\005\007\001\001\004\051
-\060\047\060\045\006\010\053\006\001\005\005\007\060\001\206\031
-\150\164\164\160\072\057\057\157\143\163\160\062\056\166\141\154
-\151\143\145\162\164\056\156\145\164\060\015\006\011\052\206\110
-\206\367\015\001\001\005\005\000\003\201\201\000\025\305\340\270
-\064\162\022\006\040\250\142\225\223\321\274\223\272\220\253\334
-\116\215\216\215\230\114\343\062\365\053\077\263\227\373\252\242
-\255\100\227\255\150\275\134\255\123\016\320\246\263\015\254\032
-\231\215\252\060\036\317\016\160\377\002\260\167\145\203\315\332
-\007\134\122\315\131\273\242\310\342\264\026\203\217\324\225\171
-\223\055\350\277\104\223\061\222\060\323\064\064\361\020\373\041
-\254\056\364\303\135\144\143\172\231\341\232\253\102\035\110\146
-\246\167\067\270\125\074\255\376\145\260\142\351
-END
-
-# Trust for Certificate "ValiCert OCSP Responder"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "ValiCert OCSP Responder"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\133\166\261\274\342\212\360\366\161\221\205\147\046\215\021\151
-\017\027\077\163
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\325\036\040\137\321\365\035\202\127\010\122\071\035\372\212\255
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141
-\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157
-\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125
-\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156
-\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141
-\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040
-\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120
-\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072
-\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156
-\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001
-\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162
-\164\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-
-#
-# Certificate "Baltimore CyberTrust Code Signing Root"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Code Signing Root"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004
-\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147
-\156\151\156\147\040\122\157\157\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004
-\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147
-\156\151\156\147\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\277
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\246\060\202\002\216\240\003\002\001\002\002\004\002
-\000\000\277\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\147\061\013\060\011\006\003\125\004\006\023\002\111
-\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164
-\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012
-\103\171\142\145\162\124\162\165\163\164\061\057\060\055\006\003
-\125\004\003\023\046\102\141\154\164\151\155\157\162\145\040\103
-\171\142\145\162\124\162\165\163\164\040\103\157\144\145\040\123
-\151\147\156\151\156\147\040\122\157\157\164\060\036\027\015\060
-\060\060\065\061\067\061\064\060\061\060\060\132\027\015\062\065
-\060\065\061\067\062\063\065\071\060\060\132\060\147\061\013\060
-\011\006\003\125\004\006\023\002\111\105\061\022\060\020\006\003
-\125\004\012\023\011\102\141\154\164\151\155\157\162\145\061\023
-\060\021\006\003\125\004\013\023\012\103\171\142\145\162\124\162
-\165\163\164\061\057\060\055\006\003\125\004\003\023\046\102\141
-\154\164\151\155\157\162\145\040\103\171\142\145\162\124\162\165
-\163\164\040\103\157\144\145\040\123\151\147\156\151\156\147\040
-\122\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
-\002\202\001\001\000\310\161\232\030\022\216\172\333\371\232\374
-\101\257\330\362\364\011\216\255\077\376\147\067\074\332\311\046
-\120\261\261\076\313\350\116\163\000\362\262\334\363\305\106\373
-\011\357\030\226\316\247\340\234\204\135\040\016\172\240\252\066
-\213\372\050\266\170\056\263\354\350\107\363\004\360\220\043\264
-\352\257\345\123\270\005\367\107\135\053\206\361\247\244\306\073
-\065\266\322\015\122\101\327\364\222\165\341\242\012\120\126\207
-\276\227\013\173\063\205\020\271\050\030\356\063\352\110\021\327
-\133\221\107\166\042\324\356\317\135\347\250\116\034\235\226\221
-\335\234\275\164\011\250\162\141\252\260\041\072\361\075\054\003
-\126\011\322\301\334\303\265\307\124\067\253\346\046\242\262\106
-\161\163\312\021\210\356\274\347\144\367\320\021\032\163\100\132
-\310\111\054\017\267\357\220\177\150\200\004\070\013\033\017\073
-\324\365\240\263\302\216\341\064\264\200\231\155\236\166\324\222
-\051\100\261\225\322\067\244\147\022\177\340\142\273\256\065\305
-\231\066\202\104\270\346\170\030\063\141\161\223\133\055\215\237
-\170\225\202\353\155\002\003\001\000\001\243\132\060\130\060\023
-\006\003\125\035\045\004\014\060\012\006\010\053\006\001\005\005
-\007\003\003\060\035\006\003\125\035\016\004\026\004\024\310\101
-\064\134\025\025\004\345\100\362\321\253\232\157\044\222\172\207
-\102\132\060\022\006\003\125\035\023\001\001\377\004\010\060\006
-\001\001\377\002\001\003\060\016\006\003\125\035\017\001\001\377
-\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367\015
-\001\001\005\005\000\003\202\001\001\000\122\164\252\225\113\042
-\214\307\075\226\244\376\135\372\057\265\274\353\360\013\351\126
-\070\035\321\155\015\241\274\150\213\360\305\200\245\044\064\375
-\362\226\030\021\206\241\066\365\067\347\124\100\325\144\037\303
-\137\160\102\153\055\071\307\236\122\005\316\347\152\162\322\215
-\162\077\107\120\203\253\307\215\045\311\260\343\247\123\026\225
-\246\152\123\352\030\235\217\170\251\167\167\032\371\264\227\107
-\131\210\047\050\265\312\341\056\327\076\016\242\015\270\042\104
-\003\343\321\143\260\101\072\241\365\244\055\367\166\036\004\124
-\231\170\062\100\327\053\174\115\272\246\234\260\171\156\007\276
-\214\354\356\327\070\151\133\301\014\126\150\237\376\353\321\341
-\310\210\371\362\315\177\276\205\264\104\147\000\120\076\364\046
-\003\144\352\167\175\350\136\076\034\067\107\310\326\352\244\363
-\066\074\227\302\071\162\005\224\031\045\303\327\067\101\017\301
-\037\207\212\375\252\276\351\261\144\127\344\333\222\241\317\341
-\111\350\073\037\221\023\132\303\217\331\045\130\111\200\107\017
-\306\003\256\254\343\277\267\300\252\052
-END
-
-# Trust for Certificate "Baltimore CyberTrust Code Signing Root"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Code Signing Root"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\060\106\330\310\210\377\151\060\303\112\374\315\111\047\010\174
-\140\126\173\015
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\220\365\050\111\126\321\135\054\260\123\324\113\357\157\220\042
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004
-\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147
-\156\151\156\147\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\277
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-
-#
 # Certificate "Baltimore CyberTrust Root"
 #
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Baltimore CyberTrust Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
@@ -4545,120 +4292,16 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\004\002\000\000\271
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
 
 #
-# Certificate "Baltimore CyberTrust Mobile Commerce Root"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Mobile Commerce Root"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004
-\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122
-\157\157\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004
-\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122
-\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\270
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\175\060\202\001\346\240\003\002\001\002\002\004\002
-\000\000\270\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\141\061\013\060\011\006\003\125\004\006\023\002\111
-\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164
-\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012
-\103\171\142\145\162\124\162\165\163\164\061\051\060\047\006\003
-\125\004\003\023\040\102\141\154\164\151\155\157\162\145\040\103
-\171\142\145\162\124\162\165\163\164\040\115\157\142\151\154\145
-\040\122\157\157\164\060\036\027\015\060\060\060\065\061\062\061
-\070\062\060\060\060\132\027\015\062\060\060\065\061\062\062\063
-\065\071\060\060\132\060\141\061\013\060\011\006\003\125\004\006
-\023\002\111\105\061\022\060\020\006\003\125\004\012\023\011\102
-\141\154\164\151\155\157\162\145\061\023\060\021\006\003\125\004
-\013\023\012\103\171\142\145\162\124\162\165\163\164\061\051\060
-\047\006\003\125\004\003\023\040\102\141\154\164\151\155\157\162
-\145\040\103\171\142\145\162\124\162\165\163\164\040\115\157\142
-\151\154\145\040\122\157\157\164\060\201\237\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060\201
-\211\002\201\201\000\243\155\261\070\126\254\374\265\126\041\336
-\300\220\135\046\107\202\306\175\217\037\240\205\217\057\273\324
-\341\034\035\362\044\037\050\260\057\271\244\245\157\242\042\040
-\144\376\204\107\074\176\053\154\151\152\270\324\300\226\216\214
-\122\015\315\157\101\324\277\004\256\247\201\057\055\230\110\322
-\301\224\243\265\031\135\135\121\144\364\216\101\260\233\300\055
-\042\240\136\306\330\132\022\143\274\021\112\136\046\022\035\342
-\046\005\346\017\137\042\037\172\137\166\224\256\317\132\050\016
-\253\105\332\042\061\002\003\001\000\001\243\102\060\100\060\035
-\006\003\125\035\016\004\026\004\024\311\342\217\300\002\046\132
-\266\300\007\343\177\224\007\030\333\056\245\232\160\060\017\006
-\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016
-\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015
-\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
-\000\123\010\013\046\011\170\102\163\324\354\172\167\107\015\343
-\013\063\161\357\256\063\024\115\373\372\375\032\267\121\365\344
-\231\034\006\161\327\051\031\327\346\025\040\121\121\106\155\117
-\336\030\111\230\320\370\170\273\161\350\215\001\006\325\327\144
-\217\224\337\107\376\240\205\151\066\251\057\102\172\150\112\022
-\326\213\013\160\104\012\244\004\357\046\210\301\065\161\070\135
-\033\133\110\102\360\347\224\034\160\225\064\250\253\365\253\342
-\170\255\365\360\122\375\233\352\102\014\350\330\124\276\123\146
-\365
-END
-
-# Trust for Certificate "Baltimore CyberTrust Mobile Commerce Root"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Mobile Commerce Root"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\264\343\013\234\301\325\356\275\240\040\030\370\271\212\321\377
-\151\267\072\161
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\353\264\040\035\017\266\161\003\367\304\367\307\244\162\206\350
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004
-\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122
-\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\270
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
-
-#
 # Certificate "Equifax Secure Global eBusiness CA"
 #
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -45,17 +45,17 @@
  * to the PKCS #11 spec versions.
  */
 #define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
 #define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 1
 
 /* These are the  correct verion numbers that details the changes 
  * to the list of trusted certificates.  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 20
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 21
 
 /* These verion numbers that details the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These verion numbers that details the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/ckfw/nssck.api
+++ b/security/nss/lib/ckfw/nssck.api
@@ -1869,17 +1869,17 @@ static CK_RV CK_ENTRY
   CK_FUNCTION_LIST_PTR_PTR ppFunctionList
 )
 {
   *ppFunctionList = &FunctionList;
   return CKR_OK;
 }
 
 /* This one is always present */
-#ifdef WIN32
+#if defined(WIN32) || defined(XP_OS2_VACPP)
 CK_RV _declspec(dllexport)
 #else
 CK_RV CK_ENTRY
 #endif
 C_GetFunctionList
 (
   CK_FUNCTION_LIST_PTR_PTR ppFunctionList
 )
--- a/security/nss/lib/crmf/respcmn.c
+++ b/security/nss/lib/crmf/respcmn.c
@@ -76,34 +76,27 @@ CMMF_DestroyCertResponse(CMMFCertRespons
 SECStatus
 CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent)
 {
     CMMFCertifiedKeyPair *certKeyPair;
     int i;
 
     PORT_Assert(inCertRepContent != NULL);
     if (inCertRepContent != NULL && inCertRepContent->poolp != NULL) {
-	if (!inCertRepContent->isDecoded) {
-	  if (inCertRepContent->response != NULL) {
-	    for (i=0; inCertRepContent->response[i] != NULL; i++) {
-	        certKeyPair = inCertRepContent->response[i]->certifiedKeyPair;
-		if (certKeyPair != NULL                    &&
-		    certKeyPair->certOrEncCert.choice == cmmfCertificate &&
-		    certKeyPair->certOrEncCert.cert.certificate != NULL) {
-		    CERT_DestroyCertificate
-		                 (certKeyPair->certOrEncCert.cert.certificate);
-		}
-	    }
-	  }
-	  if (inCertRepContent->caPubs != NULL) {
-	    for (i=0; inCertRepContent->caPubs[i] != NULL; i++) {
-	        CERT_DestroyCertificate(inCertRepContent->caPubs[i]);
-	    }
-	  }
-	}
+        if (inCertRepContent->response != NULL) {
+            for (i=0; inCertRepContent->response[i] != NULL; i++) {
+                certKeyPair = inCertRepContent->response[i]->certifiedKeyPair;
+                if (certKeyPair != NULL                    &&
+                    certKeyPair->certOrEncCert.choice == cmmfCertificate &&
+                    certKeyPair->certOrEncCert.cert.certificate != NULL) {
+                    CERT_DestroyCertificate
+                                 (certKeyPair->certOrEncCert.cert.certificate);
+                }
+            }
+        }
         PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
     }
     return SECSuccess;
 }
 
 SECStatus
 CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont)
 {
--- a/security/nss/lib/cryptohi/hasht.h
+++ b/security/nss/lib/cryptohi/hasht.h
@@ -42,36 +42,29 @@
 typedef struct SECHashObjectStr SECHashObject;
 typedef struct HASHContextStr HASHContext;
 
 /*
  * The hash functions the security library supports
  * NOTE the order must match the definition of SECHashObjects[]!
  */
 typedef enum {
-    HASH_AlgNULL   = 0,
-    HASH_AlgMD2    = 1,
-    HASH_AlgMD5    = 2,
-    HASH_AlgSHA1   = 3,
-    HASH_AlgSHA256 = 4,
-    HASH_AlgSHA384 = 5,
-    HASH_AlgSHA512 = 6,
+    HASH_AlgNULL = 0,
+    HASH_AlgMD2 = 1,
+    HASH_AlgMD5 = 2,
+    HASH_AlgSHA1 = 3,
     HASH_AlgTOTAL
 } HASH_HashType;
 
 /*
  * Number of bytes each hash algorithm produces
  */
 #define MD2_LENGTH	16
 #define MD5_LENGTH	16
 #define SHA1_LENGTH	20
-#define SHA256_LENGTH 	32
-#define SHA384_LENGTH 	48
-#define SHA512_LENGTH 	64
-#define HASH_LENGTH_MAX SHA512_LENGTH
 
 /*
  * Structure to hold hash computation info and routines
  */
 struct SECHashObjectStr {
     unsigned int length;
     void * (*create)(void);
     void * (*clone)(void *);
--- a/security/nss/lib/cryptohi/sechash.c
+++ b/security/nss/lib/cryptohi/sechash.c
@@ -82,31 +82,16 @@ md5_NewContext(void) {
 	return (void *) PK11_CreateDigestContext(SEC_OID_MD5);
 }
 
 static void *
 sha1_NewContext(void) {
 	return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
 }
 
-static void *
-sha256_NewContext(void) {
-	return (void *) PK11_CreateDigestContext(SEC_OID_SHA256);
-}
-
-static void *
-sha384_NewContext(void) {
-	return (void *) PK11_CreateDigestContext(SEC_OID_SHA384);
-}
-
-static void *
-sha512_NewContext(void) {
-	return (void *) PK11_CreateDigestContext(SEC_OID_SHA512);
-}
-
 const SECHashObject SECHashObjects[] = {
   { 0,
     (void * (*)(void)) null_hash_new_context,
     (void * (*)(void *)) null_hash_clone_context,
     (void (*)(void *, PRBool)) null_hash_destroy_context,
     (void (*)(void *)) null_hash_begin,
     (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
     (void (*)(void *, unsigned char *, unsigned int *,
@@ -134,43 +119,16 @@ const SECHashObject SECHashObjects[] = {
     (void * (*)(void)) sha1_NewContext,
     (void * (*)(void *)) PK11_CloneContext,
     (void (*)(void *, PRBool)) PK11_DestroyContext,
     (void (*)(void *)) PK11_DigestBegin,
     (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
     (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
 							PK11_DigestFinal
   },
-  { SHA256_LENGTH,
-    (void * (*)(void)) sha256_NewContext,
-    (void * (*)(void *)) PK11_CloneContext,
-    (void (*)(void *, PRBool)) PK11_DestroyContext,
-    (void (*)(void *)) PK11_DigestBegin,
-    (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
-							PK11_DigestFinal
-  },
-  { SHA384_LENGTH,
-    (void * (*)(void)) sha384_NewContext,
-    (void * (*)(void *)) PK11_CloneContext,
-    (void (*)(void *, PRBool)) PK11_DestroyContext,
-    (void (*)(void *)) PK11_DigestBegin,
-    (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
-							PK11_DigestFinal
-  },
-  { SHA512_LENGTH,
-    (void * (*)(void)) sha512_NewContext,
-    (void * (*)(void *)) PK11_CloneContext,
-    (void (*)(void *, PRBool)) PK11_DestroyContext,
-    (void (*)(void *)) PK11_DigestBegin,
-    (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
-							PK11_DigestFinal
-  },
 };
 
 const SECHashObject * 
 HASH_GetHashObject(HASH_HashType type)
 {
     return &SECHashObjects[type];
 }
 
--- a/security/nss/lib/dev/dev.h
+++ b/security/nss/lib/dev/dev.h
@@ -318,16 +318,28 @@ extern const NSSError NSS_ERROR_USER_CAN
 
 NSS_EXTERN PRStatus
 nssSlot_Logout
 (
   NSSSlot *slot,
   nssSession *sessionOpt
 );
 
+NSS_EXTERN void
+nssSlot_EnterMonitor
+(
+  NSSSlot *slot
+);
+
+NSS_EXTERN void
+nssSlot_ExitMonitor
+(
+  NSSSlot *slot
+);
+
 #define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1
 #define NSSSLOT_ASK_PASSWORD_EVERY_TIME  0
 NSS_EXTERN void
 nssSlot_SetPasswordDefaults
 (
   NSSSlot *slot,
   PRInt32 askPasswordTimeout
 );
--- a/security/nss/lib/dev/devslot.c
+++ b/security/nss/lib/dev/devslot.c
@@ -71,16 +71,17 @@ struct NSSSlotStr
 {
   struct nssDeviceBaseStr base;
   NSSModule *module; /* Parent */
   NSSToken *token;  /* Peer */
   CK_SLOT_ID slotID;
   CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
   struct nssSlotAuthInfoStr authInfo;
   PRIntervalTime lastTokenPing;
+  PZLock *lock;
 #ifdef NSS_3_4_CODE
   PK11SlotInfo *pk11slot;
 #endif
 };
 #endif /* PURE_STAN_CODE */
 
 #define NSSSLOT_IS_FRIENDLY(slot) \
   (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
@@ -146,16 +147,19 @@ nssSlot_Create
     }
     rvSlot->base.arena = arena;
     rvSlot->base.refCount = 1;
     rvSlot->base.name = slotName;
     rvSlot->base.lock = PZ_NewLock(nssNSSILockOther); /* XXX */
     if (!rvSlot->base.lock) {
 	goto loser;
     }
+    if (!nssModule_IsThreadSafe(parent)) {
+	rvSlot->lock = nssModule_GetLock(parent);
+    }
     rvSlot->module = parent; /* refs go from module to slots */
     rvSlot->slotID = slotID;
     rvSlot->ckFlags = slotInfo.flags;
     /* Initialize the token if present. */
     if (slotInfo.flags & CKF_TOKEN_PRESENT) {
 	token = nssToken_Create(slotID, rvSlot);
 	if (!token) {
 	    goto loser;
@@ -185,16 +189,32 @@ nssSlot_Destroy
 	    nssModule_DestroyFromSlot(slot->module, slot);
 #endif
 	    return nssArena_Destroy(slot->base.arena);
 	}
     }
     return PR_SUCCESS;
 }
 
+void
+nssSlot_EnterMonitor(NSSSlot *slot)
+{
+    if (slot->lock) {
+	PZ_Lock(slot->lock);
+    }
+}
+
+void
+nssSlot_ExitMonitor(NSSSlot *slot)
+{
+    if (slot->lock) {
+	PZ_Unlock(slot->lock);
+    }
+}
+
 NSS_IMPLEMENT void
 NSSSlot_Destroy
 (
   NSSSlot *slot
 )
 {
     (void)nssSlot_Destroy(slot);
 }
@@ -269,17 +289,19 @@ nssSlot_IsTokenPresent
 #ifdef PURE_STAN_BUILD
     epv = nssModule_GetCryptokiEPV(slot->module);
 #else
     epv = slot->epv;
 #endif
     if (!epv) {
 	return PR_FALSE;
     }
+    nssSlot_EnterMonitor(slot);
     ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
+    nssSlot_ExitMonitor(slot);
     if (ckrv != CKR_OK) {
 	slot->token->base.name[0] = 0; /* XXX */
 	return PR_FALSE;
     }
     slot->ckFlags = slotInfo.flags;
     /* check for the presence of the token */
     if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
 	if (!slot->token) {
@@ -767,47 +789,52 @@ nssSlot_CreateSession
     if (ckrv != CKR_OK) {
 	/* set an error here, eh? */
 	return (nssSession *)NULL;
     }
     rvSession = nss_ZNEW(arenaOpt, nssSession);
     if (!rvSession) {
 	return (nssSession *)NULL;
     }
-    if (!nssModule_IsThreadSafe(slot->module)) {
-	/* If the parent module is not threadsafe, create lock to manage 
-	 * session within threads.
+    if (nssModule_IsThreadSafe(slot->module)) {
+	/* If the parent module is threadsafe, 
+         * create lock to protect just this session.
 	 */
 	rvSession->lock = PZ_NewLock(nssILockOther);
 	if (!rvSession->lock) {
 	    /* need to translate NSPR error? */
 	    if (arenaOpt) {
 	    } else {
 		nss_ZFreeIf(rvSession);
 	    }
 	    return (nssSession *)NULL;
 	}
+        rvSession->ownLock = PR_TRUE;
+    } else {
+        rvSession->lock = slot->lock;
+        rvSession->ownLock = PR_FALSE;
     }
+	
     rvSession->handle = handle;
     rvSession->slot = slot;
     rvSession->isRW = readWrite;
     return rvSession;
 }
 
 NSS_IMPLEMENT PRStatus
 nssSession_Destroy
 (
   nssSession *s
 )
 {
     CK_RV ckrv = CKR_OK;
     if (s) {
 	void *epv = s->slot->epv;
 	ckrv = CKAPI(epv)->C_CloseSession(s->handle);
-	if (s->lock) {
+	if (s->ownLock && s->lock) {
 	    PZ_DestroyLock(s->lock);
 	}
 	nss_ZFreeIf(s);
     }
     return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
 }
 #endif /* PURE_STAN_BUILD */
 
--- a/security/nss/lib/dev/devt.h
+++ b/security/nss/lib/dev/devt.h
@@ -119,28 +119,30 @@ struct NSSSlotStr
 {
   struct nssDeviceBaseStr base;
   NSSModule *module; /* Parent */
   NSSToken *token;  /* Peer */
   CK_SLOT_ID slotID;
   CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
   struct nssSlotAuthInfoStr authInfo;
   PRIntervalTime lastTokenPing;
+  PZLock *lock;
 #ifdef NSS_3_4_CODE
   void *epv;
   PK11SlotInfo *pk11slot;
 #endif
 };
 
 struct nssSessionStr
 {
   PZLock *lock;
   CK_SESSION_HANDLE handle;
   NSSSlot *slot;
   PRBool isRW;
+  PRBool ownLock;
 };
 
 typedef enum {
     NSSCertificateType_Unknown = 0,
     NSSCertificateType_PKIX = 1
 } NSSCertificateType;
 
 #ifdef nodef
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -388,17 +388,17 @@ find_objects
   NSSToken *tok,
   nssSession *sessionOpt,
   CK_ATTRIBUTE_PTR obj_template,
   CK_ULONG otsize,
   PRUint32 maximumOpt,
   PRStatus *statusOpt
 )
 {
-    CK_RV ckrv;
+    CK_RV ckrv = CKR_OK;
     CK_ULONG count;
     CK_OBJECT_HANDLE *objectHandles;
     CK_OBJECT_HANDLE staticObjects[OBJECT_STACK_SIZE];
     PRUint32 arraySize, numHandles;
     void *epv = nssToken_GetCryptokiEPV(tok);
     nssCryptokiObject **objects;
     nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
 
@@ -410,16 +410,17 @@ find_objects
     }
     numHandles = 0;
     if (arraySize <= OBJECT_STACK_SIZE) {
 	objectHandles = staticObjects;
     } else {
 	objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
     }
     if (!objectHandles) {
+	ckrv = CKR_HOST_MEMORY;
 	goto loser;
     }
     nssSession_EnterMonitor(session); /* ==== session lock === */
     /* Initialize the find with the template */
     ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, 
                                          obj_template, otsize);
     if (ckrv != CKR_OK) {
 	nssSession_ExitMonitor(session);
@@ -454,16 +455,17 @@ find_objects
 	    }
 	} else {
 	    objectHandles = nss_ZREALLOCARRAY(objectHandles, 
 	                                  CK_OBJECT_HANDLE, 
 	                                  arraySize);
 	}
 	if (!objectHandles) {
 	    nssSession_ExitMonitor(session);
+	    ckrv = CKR_HOST_MEMORY;
 	    goto loser;
 	}
     }
     ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
     nssSession_ExitMonitor(session); /* ==== end session lock === */
     if (ckrv != CKR_OK) {
 	goto loser;
     }
@@ -478,17 +480,33 @@ find_objects
 	nss_ZFreeIf(objectHandles);
     }
     if (statusOpt) *statusOpt = PR_SUCCESS;
     return objects;
 loser:
     if (objectHandles && objectHandles != staticObjects) {
 	nss_ZFreeIf(objectHandles);
     }
-    if (statusOpt) *statusOpt = PR_FAILURE;
+    /*
+     * These errors should be treated the same as if the objects just weren't
+     * found..
+     */
+    if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
+	(ckrv == CKR_ATTRIBUTE_VALUE_INVALID) ||
+	(ckrv == CKR_DATA_INVALID) ||
+	(ckrv == CKR_DATA_LEN_RANGE) ||
+	(ckrv == CKR_FUNCTION_NOT_SUPPORTED) ||
+	(ckrv == CKR_TEMPLATE_INCOMPLETE) ||
+	(ckrv == CKR_TEMPLATE_INCONSISTENT)) {
+
+	nss_SetError(NSS_ERROR_NOT_FOUND);
+	if (statusOpt) *statusOpt = PR_SUCCESS;
+    } else {
+	if (statusOpt) *statusOpt = PR_FAILURE;
+    }
     return (nssCryptokiObject **)NULL;
 }
 
 static nssCryptokiObject **
 find_objects_by_template
 (
   NSSToken *token,
   nssSession *sessionOpt,
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -702,68 +702,16 @@ extern SECStatus SHA1_Flatten(SHA1Contex
 /*
  * Resurrect a flattened context into a SHA-1 Context
  *    "space" the buffer of the flattend buffer
  *    "arg" ptr to void used by cryptographic resurrect
  *  returns resurected context;
  */
 extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
 
-/******************************************/
-
-extern SHA256Context *SHA256_NewContext(void);
-extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
-extern void SHA256_Begin(SHA256Context *cx);
-extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
-			unsigned int inputLen);
-extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
-extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
-extern void SHA256_TraceState(SHA256Context *cx);
-extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
-extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
-extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
-
-/******************************************/
-
-extern SHA512Context *SHA512_NewContext(void);
-extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
-extern void SHA512_Begin(SHA512Context *cx);
-extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
-			unsigned int inputLen);
-extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
-extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
-extern void SHA512_TraceState(SHA512Context *cx);
-extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
-extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
-extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
-
-/******************************************/
-
-extern SHA384Context *SHA384_NewContext(void);
-extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
-extern void SHA384_Begin(SHA384Context *cx);
-extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
-			unsigned int inputLen);
-extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
-extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
-extern void SHA384_TraceState(SHA384Context *cx);
-extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
-extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
-extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
-
-/******************************************/
 /*
 ** Pseudo Random Number Generation.  FIPS compliance desirable.
 */
 
 /*
 ** Initialize the global RNG context and give it some seed input taken
 ** from the system.  This function is thread-safe and will only allow
 ** the global context to be initialized once.  The seed input is likely
--- a/security/nss/lib/freebl/ldvector.c
+++ b/security/nss/lib/freebl/ldvector.c
@@ -108,63 +108,19 @@ static const struct FREEBLVectorStr vect
     SHA1_Resurrect,
     RNG_RNGInit,
     RNG_RandomUpdate,
     RNG_GenerateGlobalRandomBytes,
     RNG_RNGShutdown,
     PQG_ParamGen,
     PQG_ParamGenSeedLen,
     PQG_VerifyParams,
-
-    /* End of Version 3.001. */
-
     RSA_PrivateKeyOpDoubleChecked,
     RSA_PrivateKeyCheck,
     BL_Cleanup,
-
-    /* End of Version 3.002. */
-
-    SHA256_NewContext,
-    SHA256_DestroyContext,
-    SHA256_Begin,
-    SHA256_Update,
-    SHA256_End,
-    SHA256_HashBuf,
-    SHA256_Hash,
-    SHA256_TraceState,
-    SHA256_FlattenSize,
-    SHA256_Flatten,
-    SHA256_Resurrect,
-
-    SHA512_NewContext,
-    SHA512_DestroyContext,
-    SHA512_Begin,
-    SHA512_Update,
-    SHA512_End,
-    SHA512_HashBuf,
-    SHA512_Hash,
-    SHA512_TraceState,
-    SHA512_FlattenSize,
-    SHA512_Flatten,
-    SHA512_Resurrect,
-
-    SHA384_NewContext,
-    SHA384_DestroyContext,
-    SHA384_Begin,
-    SHA384_Update,
-    SHA384_End,
-    SHA384_HashBuf,
-    SHA384_Hash,
-    SHA384_TraceState,
-    SHA384_FlattenSize,
-    SHA384_Flatten,
-    SHA384_Resurrect,
-
-    /* End of Version 3.003. */
-
 };
 
 
 const FREEBLVector * 
 FREEBL_GetVector(void)
 {
   return &vector;
 }
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -954,283 +954,8 @@ PQG_DestroyVerify(PQGVerify *vfy)
 void 
 BL_Cleanup(void)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return;
   (vector->p_BL_Cleanup)();
 }
 
-/* ============== New for 3.003 =============================== */
-
-SECStatus 
-SHA256_Hash(unsigned char *dest, const char *src)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA256_Hash)(dest, src);
-}
-
-SECStatus 
-SHA256_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA256_HashBuf)(dest, src, src_length);
-}
-
-SHA256Context *
-SHA256_NewContext(void)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA256_NewContext)();
-}
-
-void 
-SHA256_DestroyContext(SHA256Context *cx, PRBool freeit)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_DestroyContext)(cx, freeit);
-}
-
-void 
-SHA256_Begin(SHA256Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_Begin)(cx);
-}
-
-void 
-SHA256_Update(SHA256Context *cx, const unsigned char *input,
-			unsigned int inputLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_Update)(cx, input, inputLen);
-}
-
-void 
-SHA256_End(SHA256Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen);
-}
-
-void 
-SHA256_TraceState(SHA256Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_TraceState)(cx);
-}
-
-unsigned int 
-SHA256_FlattenSize(SHA256Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return 0;
-  return (vector->p_SHA256_FlattenSize)(cx);
-}
-
-SECStatus 
-SHA256_Flatten(SHA256Context *cx,unsigned char *space)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA256_Flatten)(cx, space);
-}
-
-SHA256Context * 
-SHA256_Resurrect(unsigned char *space, void *arg)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA256_Resurrect)(space, arg);
-}
-
-SECStatus 
-SHA512_Hash(unsigned char *dest, const char *src)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA512_Hash)(dest, src);
-}
-
-SECStatus 
-SHA512_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA512_HashBuf)(dest, src, src_length);
-}
-
-SHA512Context *
-SHA512_NewContext(void)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA512_NewContext)();
-}
-
-void 
-SHA512_DestroyContext(SHA512Context *cx, PRBool freeit)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_DestroyContext)(cx, freeit);
-}
-
-void 
-SHA512_Begin(SHA512Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_Begin)(cx);
-}
-
-void 
-SHA512_Update(SHA512Context *cx, const unsigned char *input,
-			unsigned int inputLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_Update)(cx, input, inputLen);
-}
-
-void 
-SHA512_End(SHA512Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen);
-}
-
-void 
-SHA512_TraceState(SHA512Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_TraceState)(cx);
-}
-
-unsigned int 
-SHA512_FlattenSize(SHA512Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return 0;
-  return (vector->p_SHA512_FlattenSize)(cx);
-}
-
-SECStatus 
-SHA512_Flatten(SHA512Context *cx,unsigned char *space)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA512_Flatten)(cx, space);
-}
-
-SHA512Context * 
-SHA512_Resurrect(unsigned char *space, void *arg)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA512_Resurrect)(space, arg);
-}
-
-
-SECStatus 
-SHA384_Hash(unsigned char *dest, const char *src)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA384_Hash)(dest, src);
-}
-
-SECStatus 
-SHA384_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA384_HashBuf)(dest, src, src_length);
-}
-
-SHA384Context *
-SHA384_NewContext(void)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA384_NewContext)();
-}
-
-void 
-SHA384_DestroyContext(SHA384Context *cx, PRBool freeit)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_DestroyContext)(cx, freeit);
-}
-
-void 
-SHA384_Begin(SHA384Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_Begin)(cx);
-}
-
-void 
-SHA384_Update(SHA384Context *cx, const unsigned char *input,
-			unsigned int inputLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_Update)(cx, input, inputLen);
-}
-
-void 
-SHA384_End(SHA384Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen);
-}
-
-void 
-SHA384_TraceState(SHA384Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_TraceState)(cx);
-}
-
-unsigned int 
-SHA384_FlattenSize(SHA384Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return 0;
-  return (vector->p_SHA384_FlattenSize)(cx);
-}
-
-SECStatus 
-SHA384_Flatten(SHA384Context *cx,unsigned char *space)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA384_Flatten)(cx, space);
-}
-
-SHA384Context * 
-SHA384_Resurrect(unsigned char *space, void *arg)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA384_Resurrect)(space, arg);
-}
-
-
-
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -35,17 +35,17 @@
  * $Id$
  */
 
 #ifndef _LOADER_H_
 #define _LOADER_H_ 1
 
 #include "blapi.h"
 
-#define FREEBL_VERSION 0x0303
+#define FREEBL_VERSION 0x0302
 
 struct FREEBLVectorStr {
 
   unsigned short length;  /* of this struct in bytes */
   unsigned short version; /* of this struct. */
 
   RSAPrivateKey * (* p_RSA_NewKey)(int         keySizeInBits,
 				 SECItem *   publicExponent);
@@ -260,63 +260,16 @@ struct FREEBLVectorStr {
                               const unsigned char *input);
 
   SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key);
 
   void (* p_BL_Cleanup)(void);
 
   /* Version 3.002 came to here */
 
- SHA256Context *(* p_SHA256_NewContext)(void);
- void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
- void (* p_SHA256_Begin)(SHA256Context *cx);
- void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA256_TraceState)(SHA256Context *cx);
- unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx);
- SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space);
- SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg);
-
- SHA512Context *(* p_SHA512_NewContext)(void);
- void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
- void (* p_SHA512_Begin)(SHA512Context *cx);
- void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA512_TraceState)(SHA512Context *cx);
- unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx);
- SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space);
- SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg);
-
- SHA384Context *(* p_SHA384_NewContext)(void);
- void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
- void (* p_SHA384_Begin)(SHA384Context *cx);
- void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA384_TraceState)(SHA384Context *cx);
- unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx);
- SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space);
- SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg);
-
-  /* Version 3.003 came to here */
-
 };
 
 typedef struct FREEBLVectorStr FREEBLVector;
 
 SEC_BEGIN_PROTOS
 
 typedef const FREEBLVector * FREEBLGetVectorFn(void);
 
--- a/security/nss/lib/freebl/manifest.mn
+++ b/security/nss/lib/freebl/manifest.mn
@@ -76,17 +76,16 @@ CSRCS = \
 else
 CSRCS = \
 	ldvector.c \
 	prng_fips1861.c \
 	sysrand.c \
 	sha_fast.c \
 	md2.c \
 	md5.c \
-	sha512.c \
 	alg2268.c \
 	arcfour.c \
 	arcfive.c \
 	desblapi.c \
 	des.c \
 	rijndael.c \
 	dh.c \
 	pqg.c \
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -712,16 +712,26 @@ PK11_TokenKeyGen;
 SEC_QuickDERDecodeItem;
 SECKEY_CopyPublicKey;
 ;+    local:
 ;+       *;
 ;+};
 ;+NSS_3.7 { 	# NSS 3.7 release
 ;+    global:
 CERT_CRLCacheRefreshIssuer;
+CERT_DestroyOCSPResponse;
 CERT_EncodeAltNameExtension;
+CERT_FindCertBySubjectKeyID;
+CERT_FindSubjectKeyIDExtension;
 CERT_GetFirstEmailAddress;
 CERT_GetNextEmailAddress;
-CERT_VerifySignedDataWithPubKeyInfo;
 CERT_VerifySignedDataWithPublicKey;
+CERT_VerifySignedDataWithPublicKeyInfo;
+PK11_WaitForTokenEvent;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.7.1 { 	# NSS 3.7.1 release
+;+    global:
+PK11_TokenRefresh;
+;+    local:
+;+       *;
+;+};
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -44,21 +44,21 @@ SEC_BEGIN_PROTOS
 
 /*
  * NSS's major version, minor version, patch level, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
  */
-#define NSS_VERSION  "3.7 Beta"
+#define NSS_VERSION  "3.7.7"
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   7
-#define NSS_VPATCH   0
-#define NSS_BETA     PR_TRUE
+#define NSS_VPATCH   7
+#define NSS_BETA     PR_FALSE
 
 
 /*
  * Return a boolean that indicates whether the underlying library
  * will perform as the caller expects.
  *
  * The only argument is a string, which should be the verson
  * identifier of the NSS library. That string will be compared
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@@ -44,19 +44,22 @@
 #include "key.h"
 #include "ssl.h"
 #include "sslproto.h"
 #include "secmod.h"
 #include "secoid.h"
 #include "nss.h"
 #include "secrng.h"
 #include "pk11func.h"
+#include "secerr.h"
+#include "nssbase.h"
 
 #include "pki3hack.h"
 #include "certi.h"
+#include "secmodi.h"
 
 /*
  * On Windows nss3.dll needs to export the symbol 'mktemp' to be
  * fully backward compatible with the nss3.dll in NSS 3.2.x and
  * 3.3.x.  This symbol was unintentionally exported and its
  * definition (in DBM) was moved from nss3.dll to softokn3.dll
  * in NSS 3.4.  See bug 142575.
  */
@@ -458,29 +461,32 @@ loser:
 	PR_smprintf_free(moduleSpec);
 	if (module) {
 	    if (module->loaded) rv=SECSuccess;
 	    SECMOD_DestroyModule(module);
 	}
     }
 
     if (rv == SECSuccess) {
-	/* can this function fail?? */
-	STAN_LoadDefaultNSS3TrustDomain();
+	if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) {
+	    return SECFailure;
+	}
 	CERT_SetDefaultCertDB((CERTCertDBHandle *)
 				STAN_GetDefaultTrustDomain());
 #ifndef XP_MAC
 	/* only servers need this. We currently do not have a mac server */
 	if ((!noModDB) && (!noCertDB) && (!noRootInit)) {
 	    if (!SECMOD_HasRootCerts()) {
 		nss_FindExternalRoot(configdir, secmodName);
 	    }
 	}
 #endif
 	pk11sdr_Init();
+	cert_CreateSubjectKeyIDHashTable();
+	SECMOD_InitCallOnce();
 	nss_IsInitted = PR_TRUE;
     }
     return rv;
 }
 
 
 SECStatus
 NSS_Init(const char *configdir)
@@ -532,26 +538,37 @@ NSS_Initialize(const char *configdir, co
  */
 SECStatus
 NSS_NoDB_Init(const char * configdir)
 {
       return nss_Init("","","","",
 			PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE);
 }
 
+extern const NSSError NSS_ERROR_BUSY;
+
 SECStatus
 NSS_Shutdown(void)
 {
     SECStatus rv;
+    PRStatus status;
 
     ShutdownCRLCache();
     SECOID_Shutdown();
-    STAN_Shutdown();
+    status = STAN_Shutdown();
+    cert_DestroySubjectKeyIDHashTable();
+    SECMOD_CleanupCallOnce();
     rv = SECMOD_Shutdown();
     pk11sdr_Shutdown();
+    if (status == PR_FAILURE) {
+	if (NSS_GetError() == NSS_ERROR_BUSY) {
+	    PORT_SetError(SEC_ERROR_BUSY);
+	}
+	rv = SECFailure;
+    }
     nss_IsInitted = PR_FALSE;
     return rv;
 }
 
 
 
 extern const char __nss_base_rcsid[];
 extern const char __nss_base_sccsid[];
--- a/security/nss/lib/pk11wrap/debug_module.c
+++ b/security/nss/lib/pk11wrap/debug_module.c
@@ -265,1768 +265,1824 @@ static void print_template(CK_ATTRIBUTE_
     }
 }
 
 static void print_mechanism(CK_MECHANISM_PTR m)
 {
     PR_LOG(modlog, 4, ("      mechanism = 0x%p", m->mechanism));
 }
 
-struct nssdbg_prof_str {
-    PRUint32 time;
-    PRUint32 calls;
-    char *function;
-};
-
-#define NSSDBG_DEFINE(func) { 0, 0, #func }
+#define MAX_UINT32 0xffffffff
 
-struct nssdbg_prof_str nssdbg_prof_data[] = {
-#define FUNC_C_INITIALIZE 0
-    NSSDBG_DEFINE(C_Initialize),
-#define FUNC_C_FINALIZE 1
-    NSSDBG_DEFINE(C_Finalize),
-#define FUNC_C_GETINFO 2
-    NSSDBG_DEFINE(C_GetInfo),
-#define FUNC_C_GETFUNCITONLIST 3
-    NSSDBG_DEFINE(C_GetFunctionList),
-#define FUNC_C_GETSLOTLIST 4
-    NSSDBG_DEFINE(C_GetSlotList),
-#define FUNC_C_GETSLOTINFO 5
-    NSSDBG_DEFINE(C_GetSlotInfo),
-#define FUNC_C_GETTOKENINFO 6
-    NSSDBG_DEFINE(C_GetTokenInfo),
-#define FUNC_C_GETMECHANISMLIST 7
-    NSSDBG_DEFINE(C_GetMechanismList),
-#define FUNC_C_GETMECHANISMINFO 8
-    NSSDBG_DEFINE(C_GetMechanismInfo),
-#define FUNC_C_INITTOKEN 9
-    NSSDBG_DEFINE(C_InitToken),
-#define FUNC_C_INITPIN 10
-    NSSDBG_DEFINE(C_InitPIN),
-#define FUNC_C_SETPIN 11
-    NSSDBG_DEFINE(C_SetPIN),
-#define FUNC_C_OPENSESSION 12
-    NSSDBG_DEFINE(C_OpenSession),
-#define FUNC_C_CLOSESESSION 13
-    NSSDBG_DEFINE(C_CloseSession),
-#define FUNC_C_CLOSEALLSESSIONS 14
-    NSSDBG_DEFINE(C_CloseAllSessions),
-#define FUNC_C_GETSESSIONINFO 15
-    NSSDBG_DEFINE(C_GetSessionInfo),
-#define FUNC_C_GETOPERATIONSTATE 16
-    NSSDBG_DEFINE(C_GetOperationState),
-#define FUNC_C_SETOPERATIONSTATE 17
-    NSSDBG_DEFINE(C_SetOperationState),
-#define FUNC_C_LOGIN 18
-    NSSDBG_DEFINE(C_Login),
-#define FUNC_C_LOGOUT 19
-    NSSDBG_DEFINE(C_Logout),
-#define FUNC_C_CREATEOBJECT 20
-    NSSDBG_DEFINE(C_CreateObject),
-#define FUNC_C_COPYOBJECT 21
-    NSSDBG_DEFINE(C_CopyObject),
-#define FUNC_C_DESTROYOBJECT 22
-    NSSDBG_DEFINE(C_DestroyObject),
-#define FUNC_C_GETOBJECTSIZE  23
-    NSSDBG_DEFINE(C_GetObjectSize),
-#define FUNC_C_GETATTRIBUTEVALUE 24
-    NSSDBG_DEFINE(C_GetAttributeValue),
-#define FUNC_C_SETATTRIBUTEVALUE 25
-    NSSDBG_DEFINE(C_SetAttributeValue),
-#define FUNC_C_FINDOBJECTSINIT 26
-    NSSDBG_DEFINE(C_FindObjectsInit),
-#define FUNC_C_FINDOBJECTS 27
-    NSSDBG_DEFINE(C_FindObjects),
-#define FUNC_C_FINDOBJECTSFINAL 28
-    NSSDBG_DEFINE(C_FindObjectsFinal),
-#define FUNC_C_ENCRYPTINIT 29
-    NSSDBG_DEFINE(C_EncryptInit),
-#define FUNC_C_ENCRYPT 30
-    NSSDBG_DEFINE(C_Encrypt),
-#define FUNC_C_ENCRYPTUPDATE 31
-    NSSDBG_DEFINE(C_EncryptUpdate),
-#define FUNC_C_ENCRYPTFINAL 32
-    NSSDBG_DEFINE(C_EncryptFinal),
-#define FUNC_C_DECRYPTINIT 33
-    NSSDBG_DEFINE(C_DecryptInit),
-#define FUNC_C_DECRYPT 34
-    NSSDBG_DEFINE(C_Decrypt),
-#define FUNC_C_DECRYPTUPDATE 35
-    NSSDBG_DEFINE(C_DecryptUpdate),
-#define FUNC_C_DECRYPTFINAL 36
-    NSSDBG_DEFINE(C_DecryptFinal),
-#define FUNC_C_DIGESTINIT 37
-    NSSDBG_DEFINE(C_DigestInit),
-#define FUNC_C_DIGEST 38
-    NSSDBG_DEFINE(C_Digest),
-#define FUNC_C_DIGESTUPDATE 39
-    NSSDBG_DEFINE(C_DigestUpdate),
-#define FUNC_C_DIGESTKEY 40
-    NSSDBG_DEFINE(C_DigestKey),
-#define FUNC_C_DIGESTFINAL 41
-    NSSDBG_DEFINE(C_DigestFinal),
-#define FUNC_C_SIGNINIT 42
-    NSSDBG_DEFINE(C_SignInit),
-#define FUNC_C_SIGN 43
-    NSSDBG_DEFINE(C_Sign),
-#define FUNC_C_SIGNUPDATE 44
-    NSSDBG_DEFINE(C_SignUpdate),
-#define FUNC_C_SIGNFINAL 45
-    NSSDBG_DEFINE(C_SignFinal),
-#define FUNC_C_SIGNRECOVERINIT 46
-    NSSDBG_DEFINE(C_SignRecoverInit),
-#define FUNC_C_SIGNRECOVER 47
-    NSSDBG_DEFINE(C_SignRecover),
-#define FUNC_C_VERIFYINIT 48
-    NSSDBG_DEFINE(C_VerifyInit),
-#define FUNC_C_VERIFY 49
-    NSSDBG_DEFINE(C_Verify),
-#define FUNC_C_VERIFYUPDATE 50
-    NSSDBG_DEFINE(C_VerifyUpdate),
-#define FUNC_C_VERIFYFINAL 51
-    NSSDBG_DEFINE(C_VerifyFinal),
-#define FUNC_C_VERIFYRECOVERINIT 52
-    NSSDBG_DEFINE(C_VerifyRecoverInit),
-#define FUNC_C_VERIFYRECOVER 53
-    NSSDBG_DEFINE(C_VerifyRecover),
-#define FUNC_C_DIGESTENCRYPTUPDATE 54
-    NSSDBG_DEFINE(C_DigestEncryptUpdate),
-#define FUNC_C_DECRYPTDIGESTUPDATE 55
-    NSSDBG_DEFINE(C_DecryptDigestUpdate),
-#define FUNC_C_SIGNENCRYPTUPDATE 56
-    NSSDBG_DEFINE(C_SignEncryptUpdate),
-#define FUNC_C_DECRYPTVERIFYUPDATE 57
-    NSSDBG_DEFINE(C_DecryptVerifyUpdate),
-#define FUNC_C_GENERATEKEY 58
-    NSSDBG_DEFINE(C_GenerateKey),
-#define FUNC_C_GENERATEKEYPAIR 59
-    NSSDBG_DEFINE(C_GenerateKeyPair),
-#define FUNC_C_WRAPKEY 60
-    NSSDBG_DEFINE(C_WrapKey),
-#define FUNC_C_UNWRAPKEY 61
-    NSSDBG_DEFINE(C_UnWrapKey),
-#define FUNC_C_DERIVEKEY 62 
-    NSSDBG_DEFINE(C_DeriveKey),
-#define FUNC_C_SEEDRANDOM 63
-    NSSDBG_DEFINE(C_SeedRandom),
-#define FUNC_C_GENERATERANDOM 64
-    NSSDBG_DEFINE(C_GenerateRandom),
-#define FUNC_C_GETFUNCTIONSTATUS 65
-    NSSDBG_DEFINE(C_GetFunctionStatus),
-#define FUNC_C_CANCELFUNCTION 66
-    NSSDBG_DEFINE(C_CancelFunction),
-#define FUNC_C_WAITFORSLOTEVENT 67
-    NSSDBG_DEFINE(C_WaitForSlotEvent)
-};
-
-int nssdbg_prof_size = sizeof(nssdbg_prof_data)/sizeof(nssdbg_prof_data[0]);
-    
-
-static void nssdbg_finish_time(PRInt32 fun_number, PRIntervalTime start)
+static void nssdbg_finish_time(PRInt32 *counter, PRIntervalTime start)
 {
     PRIntervalTime ival;
     PRIntervalTime end = PR_IntervalNow();
 
-    ival = end-start;
-    /* sigh, lie to PRAtomic add and say we are using signed values */
-    PR_AtomicAdd((PRInt32 *)&nssdbg_prof_data[fun_number].time, (PRInt32)ival);
+    if (end >= start) {
+	ival = PR_IntervalToMilliseconds(end-start);
+    } else {
+	/* the interval timer rolled over. presume it only tripped once */
+	ival = PR_IntervalToMilliseconds(MAX_UINT32-start) +
+			PR_IntervalToMilliseconds(end);
+    }
+    PR_AtomicAdd(counter, ival);
 }
 
-static void nssdbg_start_time(PRInt32 fun_number, PRIntervalTime *start)
-{
-    PR_AtomicIncrement((PRInt32 *)&nssdbg_prof_data[fun_number].calls);
-    *start = PR_IntervalNow();
-}
-
+static PRInt32 counter_C_Initialize = 0;
+static PRInt32 calls_C_Initialize = 0;
 CK_RV NSSDBGC_Initialize(
   CK_VOID_PTR pInitArgs
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Initialize);
     PR_LOG(modlog, 1, ("C_Initialize"));
     PR_LOG(modlog, 3, ("  pInitArgs = 0x%p", pInitArgs));
-    nssdbg_start_time(FUNC_C_INITIALIZE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Initialize(pInitArgs);
-    nssdbg_finish_time(FUNC_C_INITIALIZE,start);
+    nssdbg_finish_time(&counter_C_Initialize,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Finalize = 0;
+static PRInt32 calls_C_Finalize = 0;
 CK_RV NSSDBGC_Finalize(
   CK_VOID_PTR pReserved
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Finalize);
     PR_LOG(modlog, 1, ("C_Finalize"));
     PR_LOG(modlog, 3, ("  pReserved = 0x%p", pReserved));
-    nssdbg_start_time(FUNC_C_FINALIZE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Finalize(pReserved);
-    nssdbg_finish_time(FUNC_C_FINALIZE,start);
+    nssdbg_finish_time(&counter_C_Finalize,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetInfo = 0;
+static PRInt32 calls_C_GetInfo = 0;
 CK_RV NSSDBGC_GetInfo(
   CK_INFO_PTR pInfo
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetInfo);
     PR_LOG(modlog, 1, ("C_GetInfo"));
     PR_LOG(modlog, 3, ("  pInfo = 0x%p", pInfo));
-    nssdbg_start_time(FUNC_C_GETINFO,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetInfo(pInfo);
-    nssdbg_finish_time(FUNC_C_GETINFO,start);
+    nssdbg_finish_time(&counter_C_GetInfo,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetFunctionList = 0;
+static PRInt32 calls_C_GetFunctionList = 0;
 CK_RV NSSDBGC_GetFunctionList(
   CK_FUNCTION_LIST_PTR_PTR ppFunctionList
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetFunctionList);
     PR_LOG(modlog, 1, ("C_GetFunctionList"));
     PR_LOG(modlog, 3, ("  ppFunctionList = 0x%p", ppFunctionList));
-    nssdbg_start_time(FUNC_C_GETFUNCITONLIST,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetFunctionList(ppFunctionList);
-    nssdbg_finish_time(FUNC_C_GETFUNCITONLIST,start);
+    nssdbg_finish_time(&counter_C_GetFunctionList,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetSlotList = 0;
+static PRInt32 calls_C_GetSlotList = 0;
 CK_RV NSSDBGC_GetSlotList(
   CK_BBOOL       tokenPresent,
   CK_SLOT_ID_PTR pSlotList,
   CK_ULONG_PTR   pulCount
 )
 {
     CK_RV rv;
     PRIntervalTime start;
     CK_ULONG i;
+    PR_AtomicIncrement(&calls_C_GetSlotList);
     PR_LOG(modlog, 1, ("C_GetSlotList"));
     PR_LOG(modlog, 3, ("  tokenPresent = 0x%x", tokenPresent));
     PR_LOG(modlog, 3, ("  pSlotList = 0x%p", pSlotList));
     PR_LOG(modlog, 3, ("  pulCount = 0x%p", pulCount));
-    nssdbg_start_time(FUNC_C_GETSLOTLIST,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetSlotList(tokenPresent,
                                  pSlotList,
                                  pulCount);
-    nssdbg_finish_time(FUNC_C_GETSLOTLIST,start);
+    nssdbg_finish_time(&counter_C_GetSlotList,start);
     PR_LOG(modlog, 4, ("  *pulCount = 0x%x", *pulCount));
     if (pSlotList) {
 	for (i=0; i<*pulCount; i++) {
 	    PR_LOG(modlog, 4, ("  slotID[%d] = %x", i, pSlotList[i]));
 	}
     }
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetSlotInfo = 0;
+static PRInt32 calls_C_GetSlotInfo = 0;
 CK_RV NSSDBGC_GetSlotInfo(
   CK_SLOT_ID       slotID,
   CK_SLOT_INFO_PTR pInfo
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetSlotInfo);
     PR_LOG(modlog, 1, ("C_GetSlotInfo"));
     PR_LOG(modlog, 3, ("  slotID = 0x%x", slotID));
     PR_LOG(modlog, 3, ("  pInfo = 0x%p", pInfo));
-    nssdbg_start_time(FUNC_C_GETSLOTINFO,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetSlotInfo(slotID,
                                  pInfo);
-    nssdbg_finish_time(FUNC_C_GETSLOTINFO,start);
+    nssdbg_finish_time(&counter_C_GetSlotInfo,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetTokenInfo = 0;
+static PRInt32 calls_C_GetTokenInfo = 0;
 CK_RV NSSDBGC_GetTokenInfo(
   CK_SLOT_ID        slotID,
   CK_TOKEN_INFO_PTR pInfo
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetTokenInfo);
     PR_LOG(modlog, 1, ("C_GetTokenInfo"));
     PR_LOG(modlog, 3, ("  slotID = 0x%x", slotID));
     PR_LOG(modlog, 3, ("  pInfo = 0x%p", pInfo));
-    nssdbg_start_time(FUNC_C_GETTOKENINFO,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetTokenInfo(slotID,
                                  pInfo);
-    nssdbg_finish_time(FUNC_C_GETTOKENINFO,start);
+    nssdbg_finish_time(&counter_C_GetTokenInfo,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetMechanismList = 0;
+static PRInt32 calls_C_GetMechanismList = 0;
 CK_RV NSSDBGC_GetMechanismList(
   CK_SLOT_ID            slotID,
   CK_MECHANISM_TYPE_PTR pMechanismList,
   CK_ULONG_PTR          pulCount
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetMechanismList);
     PR_LOG(modlog, 1, ("C_GetMechanismList"));
     PR_LOG(modlog, 3, ("  slotID = 0x%x", slotID));
     PR_LOG(modlog, 3, ("  pMechanismList = 0x%p", pMechanismList));
     PR_LOG(modlog, 3, ("  pulCount = 0x%p", pulCount));
-    nssdbg_start_time(FUNC_C_GETMECHANISMLIST,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetMechanismList(slotID,
                                  pMechanismList,
                                  pulCount);
-    nssdbg_finish_time(FUNC_C_GETMECHANISMLIST,start);
+    nssdbg_finish_time(&counter_C_GetMechanismList,start);
     PR_LOG(modlog, 4, ("  *pulCount = 0x%x", *pulCount));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetMechanismInfo = 0;
+static PRInt32 calls_C_GetMechanismInfo = 0;
 CK_RV NSSDBGC_GetMechanismInfo(
   CK_SLOT_ID            slotID,
   CK_MECHANISM_TYPE     type,
   CK_MECHANISM_INFO_PTR pInfo
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetMechanismInfo);
     PR_LOG(modlog, 1, ("C_GetMechanismInfo"));
     PR_LOG(modlog, 3, ("  slotID = 0x%x", slotID));
     PR_LOG(modlog, 3, ("  type = 0x%x", type));
     PR_LOG(modlog, 3, ("  pInfo = 0x%p", pInfo));
-    nssdbg_start_time(FUNC_C_GETMECHANISMINFO,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetMechanismInfo(slotID,
                                  type,
                                  pInfo);
-    nssdbg_finish_time(FUNC_C_GETMECHANISMINFO,start);
+    nssdbg_finish_time(&counter_C_GetMechanismInfo,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_InitToken = 0;
+static PRInt32 calls_C_InitToken = 0;
 CK_RV NSSDBGC_InitToken(
   CK_SLOT_ID  slotID,
   CK_CHAR_PTR pPin,
   CK_ULONG    ulPinLen,
   CK_CHAR_PTR pLabel
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_InitToken);
     PR_LOG(modlog, 1, ("C_InitToken"));
     PR_LOG(modlog, 3, ("  slotID = 0x%x", slotID));
     PR_LOG(modlog, 3, ("  pPin = 0x%p", pPin));
     PR_LOG(modlog, 3, ("  ulPinLen = %d", ulPinLen));
     PR_LOG(modlog, 3, ("  pLabel = 0x%p", pLabel));
-    nssdbg_start_time(FUNC_C_INITTOKEN,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_InitToken(slotID,
                                  pPin,
                                  ulPinLen,
                                  pLabel);
-    nssdbg_finish_time(FUNC_C_INITTOKEN,start);
+    nssdbg_finish_time(&counter_C_InitToken,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_InitPIN = 0;
+static PRInt32 calls_C_InitPIN = 0;
 CK_RV NSSDBGC_InitPIN(
   CK_SESSION_HANDLE hSession,
   CK_CHAR_PTR       pPin,
   CK_ULONG          ulPinLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_InitPIN);
     PR_LOG(modlog, 1, ("C_InitPIN"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pPin = 0x%p", pPin));
     PR_LOG(modlog, 3, ("  ulPinLen = %d", ulPinLen));
-    nssdbg_start_time(FUNC_C_INITPIN,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_InitPIN(hSession,
                                  pPin,
                                  ulPinLen);
-    nssdbg_finish_time(FUNC_C_INITPIN,start);
+    nssdbg_finish_time(&counter_C_InitPIN,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SetPIN = 0;
+static PRInt32 calls_C_SetPIN = 0;
 CK_RV NSSDBGC_SetPIN(
   CK_SESSION_HANDLE hSession,
   CK_CHAR_PTR       pOldPin,
   CK_ULONG          ulOldLen,
   CK_CHAR_PTR       pNewPin,
   CK_ULONG          ulNewLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SetPIN);
     PR_LOG(modlog, 1, ("C_SetPIN"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pOldPin = 0x%p", pOldPin));
     PR_LOG(modlog, 3, ("  ulOldLen = %d", ulOldLen));
     PR_LOG(modlog, 3, ("  pNewPin = 0x%p", pNewPin));
     PR_LOG(modlog, 3, ("  ulNewLen = %d", ulNewLen));
-    nssdbg_start_time(FUNC_C_SETPIN,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SetPIN(hSession,
                                  pOldPin,
                                  ulOldLen,
                                  pNewPin,
                                  ulNewLen);
-    nssdbg_finish_time(FUNC_C_SETPIN,start);
+    nssdbg_finish_time(&counter_C_SetPIN,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
-static PRUint32 numOpenSessions = 0;
-static PRUint32 maxOpenSessions = 0;
+static PRInt32 counter_C_OpenSession = 0;
+static PRInt32 calls_C_OpenSession = 0;
+static PRInt32 numOpenSessions = 0;
+static PRInt32 maxOpenSessions = 0;
 CK_RV NSSDBGC_OpenSession(
   CK_SLOT_ID            slotID,
   CK_FLAGS              flags,
   CK_VOID_PTR           pApplication,
   CK_NOTIFY             Notify,
   CK_SESSION_HANDLE_PTR phSession
 )
 {
     CK_RV rv;
     PRIntervalTime start;
-    PR_AtomicIncrement((PRInt32 *)&numOpenSessions);
+    PR_AtomicIncrement(&calls_C_OpenSession);
+    PR_AtomicIncrement(&numOpenSessions);
     maxOpenSessions = PR_MAX(numOpenSessions, maxOpenSessions);
     PR_LOG(modlog, 1, ("C_OpenSession"));
     PR_LOG(modlog, 3, ("  slotID = 0x%x", slotID));
     PR_LOG(modlog, 3, ("  flags = 0x%x", flags));
     PR_LOG(modlog, 3, ("  pApplication = 0x%p", pApplication));
     PR_LOG(modlog, 3, ("  Notify = 0x%x", Notify));
     PR_LOG(modlog, 3, ("  phSession = 0x%p", phSession));
-    nssdbg_start_time(FUNC_C_OPENSESSION,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_OpenSession(slotID,
                                  flags,
                                  pApplication,
                                  Notify,
                                  phSession);
-    nssdbg_finish_time(FUNC_C_OPENSESSION,start);
+    nssdbg_finish_time(&counter_C_OpenSession,start);
     PR_LOG(modlog, 4, ("  *phSession = 0x%x", *phSession));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_CloseSession = 0;
+static PRInt32 calls_C_CloseSession = 0;
 CK_RV NSSDBGC_CloseSession(
   CK_SESSION_HANDLE hSession
 )
 {
     CK_RV rv;
     PRIntervalTime start;
-    PR_AtomicDecrement((PRInt32 *)&numOpenSessions);
+    PR_AtomicIncrement(&calls_C_CloseSession);
+    PR_AtomicDecrement(&numOpenSessions);
     PR_LOG(modlog, 1, ("C_CloseSession"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
-    nssdbg_start_time(FUNC_C_CLOSESESSION,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_CloseSession(hSession);
-    nssdbg_finish_time(FUNC_C_CLOSESESSION,start);
+    nssdbg_finish_time(&counter_C_CloseSession,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_CloseAllSessions = 0;
+static PRInt32 calls_C_CloseAllSessions = 0;
 CK_RV NSSDBGC_CloseAllSessions(
   CK_SLOT_ID slotID
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_CloseAllSessions);
     PR_LOG(modlog, 1, ("C_CloseAllSessions"));
     PR_LOG(modlog, 3, ("  slotID = 0x%x", slotID));
-    nssdbg_start_time(FUNC_C_CLOSEALLSESSIONS,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_CloseAllSessions(slotID);
-    nssdbg_finish_time(FUNC_C_CLOSEALLSESSIONS,start);
+    nssdbg_finish_time(&counter_C_CloseAllSessions,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetSessionInfo = 0;
+static PRInt32 calls_C_GetSessionInfo = 0;
 CK_RV NSSDBGC_GetSessionInfo(
   CK_SESSION_HANDLE   hSession,
   CK_SESSION_INFO_PTR pInfo
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetSessionInfo);
     PR_LOG(modlog, 1, ("C_GetSessionInfo"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pInfo = 0x%p", pInfo));
-    nssdbg_start_time(FUNC_C_GETSESSIONINFO,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetSessionInfo(hSession,
                                  pInfo);
-    nssdbg_finish_time(FUNC_C_GETSESSIONINFO,start);
+    nssdbg_finish_time(&counter_C_GetSessionInfo,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetOperationState = 0;
+static PRInt32 calls_C_GetOperationState = 0;
 CK_RV NSSDBGC_GetOperationState(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pOperationState,
   CK_ULONG_PTR      pulOperationStateLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetOperationState);
     PR_LOG(modlog, 1, ("C_GetOperationState"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pOperationState = 0x%p", pOperationState));
     PR_LOG(modlog, 3, ("  pulOperationStateLen = 0x%p", pulOperationStateLen));
-    nssdbg_start_time(FUNC_C_GETOPERATIONSTATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetOperationState(hSession,
                                  pOperationState,
                                  pulOperationStateLen);
-    nssdbg_finish_time(FUNC_C_GETOPERATIONSTATE,start);
+    nssdbg_finish_time(&counter_C_GetOperationState,start);
     PR_LOG(modlog, 4, ("  *pulOperationStateLen = 0x%x", *pulOperationStateLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SetOperationState = 0;
+static PRInt32 calls_C_SetOperationState = 0;
 CK_RV NSSDBGC_SetOperationState(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR      pOperationState,
   CK_ULONG         ulOperationStateLen,
   CK_OBJECT_HANDLE hEncryptionKey,
   CK_OBJECT_HANDLE hAuthenticationKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SetOperationState);
     PR_LOG(modlog, 1, ("C_SetOperationState"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pOperationState = 0x%p", pOperationState));
     PR_LOG(modlog, 3, ("  ulOperationStateLen = %d", ulOperationStateLen));
     PR_LOG(modlog, 3, ("  hEncryptionKey = 0x%x", hEncryptionKey));
     PR_LOG(modlog, 3, ("  hAuthenticationKey = 0x%x", hAuthenticationKey));
-    nssdbg_start_time(FUNC_C_SETOPERATIONSTATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SetOperationState(hSession,
                                  pOperationState,
                                  ulOperationStateLen,
                                  hEncryptionKey,
                                  hAuthenticationKey);
-    nssdbg_finish_time(FUNC_C_SETOPERATIONSTATE,start);
+    nssdbg_finish_time(&counter_C_SetOperationState,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Login = 0;
+static PRInt32 calls_C_Login = 0;
 CK_RV NSSDBGC_Login(
   CK_SESSION_HANDLE hSession,
   CK_USER_TYPE      userType,
   CK_CHAR_PTR       pPin,
   CK_ULONG          ulPinLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Login);
     PR_LOG(modlog, 1, ("C_Login"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  userType = 0x%x", userType));
     PR_LOG(modlog, 3, ("  pPin = 0x%p", pPin));
     PR_LOG(modlog, 3, ("  ulPinLen = %d", ulPinLen));
-    nssdbg_start_time(FUNC_C_LOGIN,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Login(hSession,
                                  userType,
                                  pPin,
                                  ulPinLen);
-    nssdbg_finish_time(FUNC_C_LOGIN,start);
+    nssdbg_finish_time(&counter_C_Login,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Logout = 0;
+static PRInt32 calls_C_Logout = 0;
 CK_RV NSSDBGC_Logout(
   CK_SESSION_HANDLE hSession
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Logout);
     PR_LOG(modlog, 1, ("C_Logout"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
-    nssdbg_start_time(FUNC_C_LOGOUT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Logout(hSession);
-    nssdbg_finish_time(FUNC_C_LOGOUT,start);
+    nssdbg_finish_time(&counter_C_Logout,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_CreateObject = 0;
+static PRInt32 calls_C_CreateObject = 0;
 CK_RV NSSDBGC_CreateObject(
   CK_SESSION_HANDLE    hSession,
   CK_ATTRIBUTE_PTR     pTemplate,
   CK_ULONG             ulCount,
   CK_OBJECT_HANDLE_PTR phObject
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_CreateObject);
     PR_LOG(modlog, 1, ("C_CreateObject"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulCount = %d", ulCount));
     PR_LOG(modlog, 3, ("  phObject = 0x%p", phObject));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_CREATEOBJECT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_CreateObject(hSession,
                                  pTemplate,
                                  ulCount,
                                  phObject);
-    nssdbg_finish_time(FUNC_C_CREATEOBJECT,start);
+    nssdbg_finish_time(&counter_C_CreateObject,start);
     PR_LOG(modlog, 4, ("  *phObject = 0x%x", *phObject));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_CopyObject = 0;
+static PRInt32 calls_C_CopyObject = 0;
 CK_RV NSSDBGC_CopyObject(
   CK_SESSION_HANDLE    hSession,
   CK_OBJECT_HANDLE     hObject,
   CK_ATTRIBUTE_PTR     pTemplate,
   CK_ULONG             ulCount,
   CK_OBJECT_HANDLE_PTR phNewObject
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_CopyObject);
     PR_LOG(modlog, 1, ("C_CopyObject"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  hObject = 0x%x", hObject));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulCount = %d", ulCount));
     PR_LOG(modlog, 3, ("  phNewObject = 0x%p", phNewObject));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_COPYOBJECT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_CopyObject(hSession,
                                  hObject,
                                  pTemplate,
                                  ulCount,
                                  phNewObject);
-    nssdbg_finish_time(FUNC_C_COPYOBJECT,start);
+    nssdbg_finish_time(&counter_C_CopyObject,start);
     PR_LOG(modlog, 4, ("  *phNewObject = 0x%x", *phNewObject));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DestroyObject = 0;
+static PRInt32 calls_C_DestroyObject = 0;
 CK_RV NSSDBGC_DestroyObject(
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE  hObject
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DestroyObject);
     PR_LOG(modlog, 1, ("C_DestroyObject"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  hObject = 0x%x", hObject));
-    nssdbg_start_time(FUNC_C_DESTROYOBJECT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DestroyObject(hSession,
                                  hObject);
-    nssdbg_finish_time(FUNC_C_DESTROYOBJECT,start);
+    nssdbg_finish_time(&counter_C_DestroyObject,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetObjectSize = 0;
+static PRInt32 calls_C_GetObjectSize = 0;
 CK_RV NSSDBGC_GetObjectSize(
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE  hObject,
   CK_ULONG_PTR      pulSize
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetObjectSize);
     PR_LOG(modlog, 1, ("C_GetObjectSize"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  hObject = 0x%x", hObject));
     PR_LOG(modlog, 3, ("  pulSize = 0x%p", pulSize));
-    nssdbg_start_time(FUNC_C_GETOBJECTSIZE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetObjectSize(hSession,
                                  hObject,
                                  pulSize);
-    nssdbg_finish_time(FUNC_C_GETOBJECTSIZE,start);
+    nssdbg_finish_time(&counter_C_GetObjectSize,start);
     PR_LOG(modlog, 4, ("  *pulSize = 0x%x", *pulSize));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetAttributeValue = 0;
+static PRInt32 calls_C_GetAttributeValue = 0;
 CK_RV NSSDBGC_GetAttributeValue(
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE  hObject,
   CK_ATTRIBUTE_PTR  pTemplate,
   CK_ULONG          ulCount
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetAttributeValue);
     PR_LOG(modlog, 1, ("C_GetAttributeValue"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  hObject = 0x%x", hObject));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulCount = %d", ulCount));
-    nssdbg_start_time(FUNC_C_GETATTRIBUTEVALUE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetAttributeValue(hSession,
                                  hObject,
                                  pTemplate,
                                  ulCount);
-    nssdbg_finish_time(FUNC_C_GETATTRIBUTEVALUE,start);
+    nssdbg_finish_time(&counter_C_GetAttributeValue,start);
     print_template(pTemplate, ulCount);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SetAttributeValue = 0;
+static PRInt32 calls_C_SetAttributeValue = 0;
 CK_RV NSSDBGC_SetAttributeValue(
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE  hObject,
   CK_ATTRIBUTE_PTR  pTemplate,
   CK_ULONG          ulCount
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SetAttributeValue);
     PR_LOG(modlog, 1, ("C_SetAttributeValue"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  hObject = 0x%x", hObject));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulCount = %d", ulCount));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_SETATTRIBUTEVALUE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SetAttributeValue(hSession,
                                  hObject,
                                  pTemplate,
                                  ulCount);
-    nssdbg_finish_time(FUNC_C_SETATTRIBUTEVALUE,start);
+    nssdbg_finish_time(&counter_C_SetAttributeValue,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_FindObjectsInit = 0;
+static PRInt32 calls_C_FindObjectsInit = 0;
 CK_RV NSSDBGC_FindObjectsInit(
   CK_SESSION_HANDLE hSession,
   CK_ATTRIBUTE_PTR  pTemplate,
   CK_ULONG          ulCount
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_FindObjectsInit);
     PR_LOG(modlog, 1, ("C_FindObjectsInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulCount = %d", ulCount));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_FINDOBJECTSINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_FindObjectsInit(hSession,
                                  pTemplate,
                                  ulCount);
-    nssdbg_finish_time(FUNC_C_FINDOBJECTSINIT,start);
+    nssdbg_finish_time(&counter_C_FindObjectsInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_FindObjects = 0;
+static PRInt32 calls_C_FindObjects = 0;
 CK_RV NSSDBGC_FindObjects(
   CK_SESSION_HANDLE    hSession,
   CK_OBJECT_HANDLE_PTR phObject,
   CK_ULONG             ulMaxObjectCount,
   CK_ULONG_PTR         pulObjectCount
 )
 {
     CK_RV rv;
     CK_ULONG i;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_FindObjects);
     PR_LOG(modlog, 1, ("C_FindObjects"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  phObject = 0x%p", phObject));
     PR_LOG(modlog, 3, ("  ulMaxObjectCount = %d", ulMaxObjectCount));
     PR_LOG(modlog, 3, ("  pulObjectCount = 0x%p", pulObjectCount));
-    nssdbg_start_time(FUNC_C_FINDOBJECTS,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_FindObjects(hSession,
                                  phObject,
                                  ulMaxObjectCount,
                                  pulObjectCount);
-    nssdbg_finish_time(FUNC_C_FINDOBJECTS,start);
+    nssdbg_finish_time(&counter_C_FindObjects,start);
     PR_LOG(modlog, 4, ("  *pulObjectCount = 0x%x", *pulObjectCount));
     for (i=0; i<*pulObjectCount; i++) {
 	PR_LOG(modlog, 4, ("  phObject[%d] = 0x%x", i, phObject[i]));
     }
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_FindObjectsFinal = 0;
+static PRInt32 calls_C_FindObjectsFinal = 0;
 CK_RV NSSDBGC_FindObjectsFinal(
   CK_SESSION_HANDLE hSession
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_FindObjectsFinal);
     PR_LOG(modlog, 1, ("C_FindObjectsFinal"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
-    nssdbg_start_time(FUNC_C_FINDOBJECTSFINAL,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_FindObjectsFinal(hSession);
-    nssdbg_finish_time(FUNC_C_FINDOBJECTSFINAL,start);
+    nssdbg_finish_time(&counter_C_FindObjectsFinal,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_EncryptInit = 0;
+static PRInt32 calls_C_EncryptInit = 0;
 CK_RV NSSDBGC_EncryptInit(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism,
   CK_OBJECT_HANDLE  hKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_EncryptInit);
     PR_LOG(modlog, 1, ("C_EncryptInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_ENCRYPTINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_EncryptInit(hSession,
                                  pMechanism,
                                  hKey);
-    nssdbg_finish_time(FUNC_C_ENCRYPTINIT,start);
+    nssdbg_finish_time(&counter_C_EncryptInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Encrypt = 0;
+static PRInt32 calls_C_Encrypt = 0;
 CK_RV NSSDBGC_Encrypt(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pData,
   CK_ULONG          ulDataLen,
   CK_BYTE_PTR       pEncryptedData,
   CK_ULONG_PTR      pulEncryptedDataLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Encrypt);
     PR_LOG(modlog, 1, ("C_Encrypt"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pData = 0x%p", pData));
     PR_LOG(modlog, 3, ("  ulDataLen = %d", ulDataLen));
     PR_LOG(modlog, 3, ("  pEncryptedData = 0x%p", pEncryptedData));
     PR_LOG(modlog, 3, ("  pulEncryptedDataLen = 0x%p", pulEncryptedDataLen));
-    nssdbg_start_time(FUNC_C_ENCRYPT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Encrypt(hSession,
                                  pData,
                                  ulDataLen,
                                  pEncryptedData,
                                  pulEncryptedDataLen);
-    nssdbg_finish_time(FUNC_C_ENCRYPT,start);
+    nssdbg_finish_time(&counter_C_Encrypt,start);
     PR_LOG(modlog, 4, ("  *pulEncryptedDataLen = 0x%x", *pulEncryptedDataLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_EncryptUpdate = 0;
+static PRInt32 calls_C_EncryptUpdate = 0;
 CK_RV NSSDBGC_EncryptUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pPart,
   CK_ULONG          ulPartLen,
   CK_BYTE_PTR       pEncryptedPart,
   CK_ULONG_PTR      pulEncryptedPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_EncryptUpdate);
     PR_LOG(modlog, 1, ("C_EncryptUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  ulPartLen = %d", ulPartLen));
     PR_LOG(modlog, 3, ("  pEncryptedPart = 0x%p", pEncryptedPart));
     PR_LOG(modlog, 3, ("  pulEncryptedPartLen = 0x%p", pulEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_ENCRYPTUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_EncryptUpdate(hSession,
                                  pPart,
                                  ulPartLen,
                                  pEncryptedPart,
                                  pulEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_ENCRYPTUPDATE,start);
+    nssdbg_finish_time(&counter_C_EncryptUpdate,start);
     PR_LOG(modlog, 4, ("  *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_EncryptFinal = 0;
+static PRInt32 calls_C_EncryptFinal = 0;
 CK_RV NSSDBGC_EncryptFinal(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pLastEncryptedPart,
   CK_ULONG_PTR      pulLastEncryptedPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_EncryptFinal);
     PR_LOG(modlog, 1, ("C_EncryptFinal"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pLastEncryptedPart = 0x%p", pLastEncryptedPart));
     PR_LOG(modlog, 3, ("  pulLastEncryptedPartLen = 0x%p", pulLastEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_ENCRYPTFINAL,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_EncryptFinal(hSession,
                                  pLastEncryptedPart,
                                  pulLastEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_ENCRYPTFINAL,start);
+    nssdbg_finish_time(&counter_C_EncryptFinal,start);
     PR_LOG(modlog, 4, ("  *pulLastEncryptedPartLen = 0x%x", *pulLastEncryptedPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DecryptInit = 0;
+static PRInt32 calls_C_DecryptInit = 0;
 CK_RV NSSDBGC_DecryptInit(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism,
   CK_OBJECT_HANDLE  hKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DecryptInit);
     PR_LOG(modlog, 1, ("C_DecryptInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_DECRYPTINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DecryptInit(hSession,
                                  pMechanism,
                                  hKey);
-    nssdbg_finish_time(FUNC_C_DECRYPTINIT,start);
+    nssdbg_finish_time(&counter_C_DecryptInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Decrypt = 0;
+static PRInt32 calls_C_Decrypt = 0;
 CK_RV NSSDBGC_Decrypt(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pEncryptedData,
   CK_ULONG          ulEncryptedDataLen,
   CK_BYTE_PTR       pData,
   CK_ULONG_PTR      pulDataLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Decrypt);
     PR_LOG(modlog, 1, ("C_Decrypt"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pEncryptedData = 0x%p", pEncryptedData));
     PR_LOG(modlog, 3, ("  ulEncryptedDataLen = %d", ulEncryptedDataLen));
     PR_LOG(modlog, 3, ("  pData = 0x%p", pData));
     PR_LOG(modlog, 3, ("  pulDataLen = 0x%p", pulDataLen));
-    nssdbg_start_time(FUNC_C_DECRYPT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Decrypt(hSession,
                                  pEncryptedData,
                                  ulEncryptedDataLen,
                                  pData,
                                  pulDataLen);
-    nssdbg_finish_time(FUNC_C_DECRYPT,start);
+    nssdbg_finish_time(&counter_C_Decrypt,start);
     PR_LOG(modlog, 4, ("  *pulDataLen = 0x%x", *pulDataLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DecryptUpdate = 0;
+static PRInt32 calls_C_DecryptUpdate = 0;
 CK_RV NSSDBGC_DecryptUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pEncryptedPart,
   CK_ULONG          ulEncryptedPartLen,
   CK_BYTE_PTR       pPart,
   CK_ULONG_PTR      pulPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DecryptUpdate);
     PR_LOG(modlog, 1, ("C_DecryptUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pEncryptedPart = 0x%p", pEncryptedPart));
     PR_LOG(modlog, 3, ("  ulEncryptedPartLen = %d", ulEncryptedPartLen));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  pulPartLen = 0x%p", pulPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DecryptUpdate(hSession,
                                  pEncryptedPart,
                                  ulEncryptedPartLen,
                                  pPart,
                                  pulPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTUPDATE,start);
+    nssdbg_finish_time(&counter_C_DecryptUpdate,start);
     PR_LOG(modlog, 4, ("  *pulPartLen = 0x%x", *pulPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DecryptFinal = 0;
+static PRInt32 calls_C_DecryptFinal = 0;
 CK_RV NSSDBGC_DecryptFinal(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pLastPart,
   CK_ULONG_PTR      pulLastPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DecryptFinal);
     PR_LOG(modlog, 1, ("C_DecryptFinal"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pLastPart = 0x%p", pLastPart));
     PR_LOG(modlog, 3, ("  pulLastPartLen = 0x%p", pulLastPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTFINAL,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DecryptFinal(hSession,
                                  pLastPart,
                                  pulLastPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTFINAL,start);
+    nssdbg_finish_time(&counter_C_DecryptFinal,start);
     PR_LOG(modlog, 4, ("  *pulLastPartLen = 0x%x", *pulLastPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DigestInit = 0;
+static PRInt32 calls_C_DigestInit = 0;
 CK_RV NSSDBGC_DigestInit(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DigestInit);
     PR_LOG(modlog, 1, ("C_DigestInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_DIGESTINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DigestInit(hSession,
                                  pMechanism);
-    nssdbg_finish_time(FUNC_C_DIGESTINIT,start);
+    nssdbg_finish_time(&counter_C_DigestInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Digest = 0;
+static PRInt32 calls_C_Digest = 0;
 CK_RV NSSDBGC_Digest(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pData,
   CK_ULONG          ulDataLen,
   CK_BYTE_PTR       pDigest,
   CK_ULONG_PTR      pulDigestLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Digest);
     PR_LOG(modlog, 1, ("C_Digest"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pData = 0x%p", pData));
     PR_LOG(modlog, 3, ("  ulDataLen = %d", ulDataLen));
     PR_LOG(modlog, 3, ("  pDigest = 0x%p", pDigest));
     PR_LOG(modlog, 3, ("  pulDigestLen = 0x%p", pulDigestLen));
-    nssdbg_start_time(FUNC_C_DIGEST,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Digest(hSession,
                                  pData,
                                  ulDataLen,
                                  pDigest,
                                  pulDigestLen);
-    nssdbg_finish_time(FUNC_C_DIGEST,start);
+    nssdbg_finish_time(&counter_C_Digest,start);
     PR_LOG(modlog, 4, ("  *pulDigestLen = 0x%x", *pulDigestLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DigestUpdate = 0;
+static PRInt32 calls_C_DigestUpdate = 0;
 CK_RV NSSDBGC_DigestUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pPart,
   CK_ULONG          ulPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DigestUpdate);
     PR_LOG(modlog, 1, ("C_DigestUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  ulPartLen = %d", ulPartLen));
-    nssdbg_start_time(FUNC_C_DIGESTUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DigestUpdate(hSession,
                                  pPart,
                                  ulPartLen);
-    nssdbg_finish_time(FUNC_C_DIGESTUPDATE,start);
+    nssdbg_finish_time(&counter_C_DigestUpdate,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DigestKey = 0;
+static PRInt32 calls_C_DigestKey = 0;
 CK_RV NSSDBGC_DigestKey(
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE  hKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DigestKey);
     PR_LOG(modlog, 1, ("C_DigestKey"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
-    nssdbg_start_time(FUNC_C_DIGESTKEY,&start);
+    PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
+    start = PR_IntervalNow();
     rv = module_functions->C_DigestKey(hSession,
                                  hKey);
-    nssdbg_finish_time(FUNC_C_DIGESTKEY,start);
+    nssdbg_finish_time(&counter_C_DigestKey,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DigestFinal = 0;
+static PRInt32 calls_C_DigestFinal = 0;
 CK_RV NSSDBGC_DigestFinal(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pDigest,
   CK_ULONG_PTR      pulDigestLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DigestFinal);
     PR_LOG(modlog, 1, ("C_DigestFinal"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pDigest = 0x%p", pDigest));
     PR_LOG(modlog, 3, ("  pulDigestLen = 0x%p", pulDigestLen));
-    nssdbg_start_time(FUNC_C_DIGESTFINAL,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DigestFinal(hSession,
                                  pDigest,
                                  pulDigestLen);
-    nssdbg_finish_time(FUNC_C_DIGESTFINAL,start);
+    nssdbg_finish_time(&counter_C_DigestFinal,start);
     PR_LOG(modlog, 4, ("  *pulDigestLen = 0x%x", *pulDigestLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SignInit = 0;
+static PRInt32 calls_C_SignInit = 0;
 CK_RV NSSDBGC_SignInit(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism,
   CK_OBJECT_HANDLE  hKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SignInit);
     PR_LOG(modlog, 1, ("C_SignInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_SIGNINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SignInit(hSession,
                                  pMechanism,
                                  hKey);
-    nssdbg_finish_time(FUNC_C_SIGNINIT,start);
+    nssdbg_finish_time(&counter_C_SignInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Sign = 0;
+static PRInt32 calls_C_Sign = 0;
 CK_RV NSSDBGC_Sign(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pData,
   CK_ULONG          ulDataLen,
   CK_BYTE_PTR       pSignature,
   CK_ULONG_PTR      pulSignatureLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Sign);
     PR_LOG(modlog, 1, ("C_Sign"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pData = 0x%p", pData));
     PR_LOG(modlog, 3, ("  ulDataLen = %d", ulDataLen));
     PR_LOG(modlog, 3, ("  pSignature = 0x%p", pSignature));
     PR_LOG(modlog, 3, ("  pulSignatureLen = 0x%p", pulSignatureLen));
-    nssdbg_start_time(FUNC_C_SIGN,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Sign(hSession,
                                  pData,
                                  ulDataLen,
                                  pSignature,
                                  pulSignatureLen);
-    nssdbg_finish_time(FUNC_C_SIGN,start);
+    nssdbg_finish_time(&counter_C_Sign,start);
     PR_LOG(modlog, 4, ("  *pulSignatureLen = 0x%x", *pulSignatureLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SignUpdate = 0;
+static PRInt32 calls_C_SignUpdate = 0;
 CK_RV NSSDBGC_SignUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pPart,
   CK_ULONG          ulPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SignUpdate);
     PR_LOG(modlog, 1, ("C_SignUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  ulPartLen = %d", ulPartLen));
-    nssdbg_start_time(FUNC_C_SIGNUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SignUpdate(hSession,
                                  pPart,
                                  ulPartLen);
-    nssdbg_finish_time(FUNC_C_SIGNUPDATE,start);
+    nssdbg_finish_time(&counter_C_SignUpdate,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SignFinal = 0;
+static PRInt32 calls_C_SignFinal = 0;
 CK_RV NSSDBGC_SignFinal(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pSignature,
   CK_ULONG_PTR      pulSignatureLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SignFinal);
     PR_LOG(modlog, 1, ("C_SignFinal"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pSignature = 0x%p", pSignature));
     PR_LOG(modlog, 3, ("  pulSignatureLen = 0x%p", pulSignatureLen));
-    nssdbg_start_time(FUNC_C_SIGNFINAL,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SignFinal(hSession,
                                  pSignature,
                                  pulSignatureLen);
-    nssdbg_finish_time(FUNC_C_SIGNFINAL,start);
+    nssdbg_finish_time(&counter_C_SignFinal,start);
     PR_LOG(modlog, 4, ("  *pulSignatureLen = 0x%x", *pulSignatureLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SignRecoverInit = 0;
+static PRInt32 calls_C_SignRecoverInit = 0;
 CK_RV NSSDBGC_SignRecoverInit(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism,
   CK_OBJECT_HANDLE  hKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SignRecoverInit);
     PR_LOG(modlog, 1, ("C_SignRecoverInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_SIGNRECOVERINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SignRecoverInit(hSession,
                                  pMechanism,
                                  hKey);
-    nssdbg_finish_time(FUNC_C_SIGNRECOVERINIT,start);
+    nssdbg_finish_time(&counter_C_SignRecoverInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SignRecover = 0;
+static PRInt32 calls_C_SignRecover = 0;
 CK_RV NSSDBGC_SignRecover(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pData,
   CK_ULONG          ulDataLen,
   CK_BYTE_PTR       pSignature,
   CK_ULONG_PTR      pulSignatureLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SignRecover);
     PR_LOG(modlog, 1, ("C_SignRecover"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pData = 0x%p", pData));
     PR_LOG(modlog, 3, ("  ulDataLen = %d", ulDataLen));
     PR_LOG(modlog, 3, ("  pSignature = 0x%p", pSignature));
     PR_LOG(modlog, 3, ("  pulSignatureLen = 0x%p", pulSignatureLen));
-    nssdbg_start_time(FUNC_C_SIGNRECOVER,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SignRecover(hSession,
                                  pData,
                                  ulDataLen,
                                  pSignature,
                                  pulSignatureLen);
-    nssdbg_finish_time(FUNC_C_SIGNRECOVER,start);
+    nssdbg_finish_time(&counter_C_SignRecover,start);
     PR_LOG(modlog, 4, ("  *pulSignatureLen = 0x%x", *pulSignatureLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_VerifyInit = 0;
+static PRInt32 calls_C_VerifyInit = 0;
 CK_RV NSSDBGC_VerifyInit(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism,
   CK_OBJECT_HANDLE  hKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_VerifyInit);
     PR_LOG(modlog, 1, ("C_VerifyInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_VERIFYINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_VerifyInit(hSession,
                                  pMechanism,
                                  hKey);
-    nssdbg_finish_time(FUNC_C_VERIFYINIT,start);
+    nssdbg_finish_time(&counter_C_VerifyInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_Verify = 0;
+static PRInt32 calls_C_Verify = 0;
 CK_RV NSSDBGC_Verify(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pData,
   CK_ULONG          ulDataLen,
   CK_BYTE_PTR       pSignature,
   CK_ULONG          ulSignatureLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_Verify);
     PR_LOG(modlog, 1, ("C_Verify"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pData = 0x%p", pData));
     PR_LOG(modlog, 3, ("  ulDataLen = %d", ulDataLen));
     PR_LOG(modlog, 3, ("  pSignature = 0x%p", pSignature));
     PR_LOG(modlog, 3, ("  ulSignatureLen = %d", ulSignatureLen));
-    nssdbg_start_time(FUNC_C_VERIFY,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_Verify(hSession,
                                  pData,
                                  ulDataLen,
                                  pSignature,
                                  ulSignatureLen);
-    nssdbg_finish_time(FUNC_C_VERIFY,start);
+    nssdbg_finish_time(&counter_C_Verify,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_VerifyUpdate = 0;
+static PRInt32 calls_C_VerifyUpdate = 0;
 CK_RV NSSDBGC_VerifyUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pPart,
   CK_ULONG          ulPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_VerifyUpdate);
     PR_LOG(modlog, 1, ("C_VerifyUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  ulPartLen = %d", ulPartLen));
-    nssdbg_start_time(FUNC_C_VERIFYUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_VerifyUpdate(hSession,
                                  pPart,
                                  ulPartLen);
-    nssdbg_finish_time(FUNC_C_VERIFYUPDATE,start);
+    nssdbg_finish_time(&counter_C_VerifyUpdate,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_VerifyFinal = 0;
+static PRInt32 calls_C_VerifyFinal = 0;
 CK_RV NSSDBGC_VerifyFinal(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pSignature,
   CK_ULONG          ulSignatureLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_VerifyFinal);
     PR_LOG(modlog, 1, ("C_VerifyFinal"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pSignature = 0x%p", pSignature));
     PR_LOG(modlog, 3, ("  ulSignatureLen = %d", ulSignatureLen));
-    nssdbg_start_time(FUNC_C_VERIFYFINAL,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_VerifyFinal(hSession,
                                  pSignature,
                                  ulSignatureLen);
-    nssdbg_finish_time(FUNC_C_VERIFYFINAL,start);
+    nssdbg_finish_time(&counter_C_VerifyFinal,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_VerifyRecoverInit = 0;
+static PRInt32 calls_C_VerifyRecoverInit = 0;
 CK_RV NSSDBGC_VerifyRecoverInit(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism,
   CK_OBJECT_HANDLE  hKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_VerifyRecoverInit);
     PR_LOG(modlog, 1, ("C_VerifyRecoverInit"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_VERIFYRECOVERINIT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_VerifyRecoverInit(hSession,
                                  pMechanism,
                                  hKey);
-    nssdbg_finish_time(FUNC_C_VERIFYRECOVERINIT,start);
+    nssdbg_finish_time(&counter_C_VerifyRecoverInit,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_VerifyRecover = 0;
+static PRInt32 calls_C_VerifyRecover = 0;
 CK_RV NSSDBGC_VerifyRecover(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pSignature,
   CK_ULONG          ulSignatureLen,
   CK_BYTE_PTR       pData,
   CK_ULONG_PTR      pulDataLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_VerifyRecover);
     PR_LOG(modlog, 1, ("C_VerifyRecover"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pSignature = 0x%p", pSignature));
     PR_LOG(modlog, 3, ("  ulSignatureLen = %d", ulSignatureLen));
     PR_LOG(modlog, 3, ("  pData = 0x%p", pData));
     PR_LOG(modlog, 3, ("  pulDataLen = 0x%p", pulDataLen));
-    nssdbg_start_time(FUNC_C_VERIFYRECOVER,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_VerifyRecover(hSession,
                                  pSignature,
                                  ulSignatureLen,
                                  pData,
                                  pulDataLen);
-    nssdbg_finish_time(FUNC_C_VERIFYRECOVER,start);
+    nssdbg_finish_time(&counter_C_VerifyRecover,start);
     PR_LOG(modlog, 4, ("  *pulDataLen = 0x%x", *pulDataLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DigestEncryptUpdate = 0;
+static PRInt32 calls_C_DigestEncryptUpdate = 0;
 CK_RV NSSDBGC_DigestEncryptUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pPart,
   CK_ULONG          ulPartLen,
   CK_BYTE_PTR       pEncryptedPart,
   CK_ULONG_PTR      pulEncryptedPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DigestEncryptUpdate);
     PR_LOG(modlog, 1, ("C_DigestEncryptUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  ulPartLen = %d", ulPartLen));
     PR_LOG(modlog, 3, ("  pEncryptedPart = 0x%p", pEncryptedPart));
     PR_LOG(modlog, 3, ("  pulEncryptedPartLen = 0x%p", pulEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_DIGESTENCRYPTUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DigestEncryptUpdate(hSession,
                                  pPart,
                                  ulPartLen,
                                  pEncryptedPart,
                                  pulEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_DIGESTENCRYPTUPDATE,start);
+    nssdbg_finish_time(&counter_C_DigestEncryptUpdate,start);
     PR_LOG(modlog, 4, ("  *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DecryptDigestUpdate = 0;
+static PRInt32 calls_C_DecryptDigestUpdate = 0;
 CK_RV NSSDBGC_DecryptDigestUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pEncryptedPart,
   CK_ULONG          ulEncryptedPartLen,
   CK_BYTE_PTR       pPart,
   CK_ULONG_PTR      pulPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DecryptDigestUpdate);
     PR_LOG(modlog, 1, ("C_DecryptDigestUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pEncryptedPart = 0x%p", pEncryptedPart));
     PR_LOG(modlog, 3, ("  ulEncryptedPartLen = %d", ulEncryptedPartLen));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  pulPartLen = 0x%p", pulPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTDIGESTUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DecryptDigestUpdate(hSession,
                                  pEncryptedPart,
                                  ulEncryptedPartLen,
                                  pPart,
                                  pulPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTDIGESTUPDATE,start);
+    nssdbg_finish_time(&counter_C_DecryptDigestUpdate,start);
     PR_LOG(modlog, 4, ("  *pulPartLen = 0x%x", *pulPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SignEncryptUpdate = 0;
+static PRInt32 calls_C_SignEncryptUpdate = 0;
 CK_RV NSSDBGC_SignEncryptUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pPart,
   CK_ULONG          ulPartLen,
   CK_BYTE_PTR       pEncryptedPart,
   CK_ULONG_PTR      pulEncryptedPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SignEncryptUpdate);
     PR_LOG(modlog, 1, ("C_SignEncryptUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  ulPartLen = %d", ulPartLen));
     PR_LOG(modlog, 3, ("  pEncryptedPart = 0x%p", pEncryptedPart));
     PR_LOG(modlog, 3, ("  pulEncryptedPartLen = 0x%p", pulEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_SIGNENCRYPTUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SignEncryptUpdate(hSession,
                                  pPart,
                                  ulPartLen,
                                  pEncryptedPart,
                                  pulEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_SIGNENCRYPTUPDATE,start);
+    nssdbg_finish_time(&counter_C_SignEncryptUpdate,start);
     PR_LOG(modlog, 4, ("  *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DecryptVerifyUpdate = 0;
+static PRInt32 calls_C_DecryptVerifyUpdate = 0;
 CK_RV NSSDBGC_DecryptVerifyUpdate(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pEncryptedPart,
   CK_ULONG          ulEncryptedPartLen,
   CK_BYTE_PTR       pPart,
   CK_ULONG_PTR      pulPartLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DecryptVerifyUpdate);
     PR_LOG(modlog, 1, ("C_DecryptVerifyUpdate"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pEncryptedPart = 0x%p", pEncryptedPart));
     PR_LOG(modlog, 3, ("  ulEncryptedPartLen = %d", ulEncryptedPartLen));
     PR_LOG(modlog, 3, ("  pPart = 0x%p", pPart));
     PR_LOG(modlog, 3, ("  pulPartLen = 0x%p", pulPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTVERIFYUPDATE,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DecryptVerifyUpdate(hSession,
                                  pEncryptedPart,
                                  ulEncryptedPartLen,
                                  pPart,
                                  pulPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTVERIFYUPDATE,start);
+    nssdbg_finish_time(&counter_C_DecryptVerifyUpdate,start);
     PR_LOG(modlog, 4, ("  *pulPartLen = 0x%x", *pulPartLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GenerateKey = 0;
+static PRInt32 calls_C_GenerateKey = 0;
 CK_RV NSSDBGC_GenerateKey(
   CK_SESSION_HANDLE    hSession,
   CK_MECHANISM_PTR     pMechanism,
   CK_ATTRIBUTE_PTR     pTemplate,
   CK_ULONG             ulCount,
   CK_OBJECT_HANDLE_PTR phKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GenerateKey);
     PR_LOG(modlog, 1, ("C_GenerateKey"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulCount = %d", ulCount));
     PR_LOG(modlog, 3, ("  phKey = 0x%p", phKey));
     print_template(pTemplate, ulCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_GENERATEKEY,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GenerateKey(hSession,
                                  pMechanism,
                                  pTemplate,
                                  ulCount,
                                  phKey);
-    nssdbg_finish_time(FUNC_C_GENERATEKEY,start);
+    nssdbg_finish_time(&counter_C_GenerateKey,start);
     PR_LOG(modlog, 4, ("  *phKey = 0x%x", *phKey));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GenerateKeyPair = 0;
+static PRInt32 calls_C_GenerateKeyPair = 0;
 CK_RV NSSDBGC_GenerateKeyPair(
   CK_SESSION_HANDLE    hSession,
   CK_MECHANISM_PTR     pMechanism,
   CK_ATTRIBUTE_PTR     pPublicKeyTemplate,
   CK_ULONG             ulPublicKeyAttributeCount,
   CK_ATTRIBUTE_PTR     pPrivateKeyTemplate,
   CK_ULONG             ulPrivateKeyAttributeCount,
   CK_OBJECT_HANDLE_PTR phPublicKey,
   CK_OBJECT_HANDLE_PTR phPrivateKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GenerateKeyPair);
     PR_LOG(modlog, 1, ("C_GenerateKeyPair"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  pPublicKeyTemplate = 0x%p", pPublicKeyTemplate));
     PR_LOG(modlog, 3, ("  ulPublicKeyAttributeCount = %d", ulPublicKeyAttributeCount));
     PR_LOG(modlog, 3, ("  pPrivateKeyTemplate = 0x%p", pPrivateKeyTemplate));
     PR_LOG(modlog, 3, ("  ulPrivateKeyAttributeCount = %d", ulPrivateKeyAttributeCount));
     PR_LOG(modlog, 3, ("  phPublicKey = 0x%p", phPublicKey));
     PR_LOG(modlog, 3, ("  phPrivateKey = 0x%p", phPrivateKey));
     print_template(pPublicKeyTemplate, ulPublicKeyAttributeCount);
     print_template(pPrivateKeyTemplate, ulPrivateKeyAttributeCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_GENERATEKEYPAIR,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GenerateKeyPair(hSession,
                                  pMechanism,
                                  pPublicKeyTemplate,
                                  ulPublicKeyAttributeCount,
                                  pPrivateKeyTemplate,
                                  ulPrivateKeyAttributeCount,
                                  phPublicKey,
                                  phPrivateKey);
-    nssdbg_finish_time(FUNC_C_GENERATEKEYPAIR,start);
+    nssdbg_finish_time(&counter_C_GenerateKeyPair,start);
     PR_LOG(modlog, 4, ("  *phPublicKey = 0x%x", *phPublicKey));
     PR_LOG(modlog, 4, ("  *phPrivateKey = 0x%x", *phPrivateKey));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_WrapKey = 0;
+static PRInt32 calls_C_WrapKey = 0;
 CK_RV NSSDBGC_WrapKey(
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR  pMechanism,
   CK_OBJECT_HANDLE  hWrappingKey,
   CK_OBJECT_HANDLE  hKey,
   CK_BYTE_PTR       pWrappedKey,
   CK_ULONG_PTR      pulWrappedKeyLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_WrapKey);
     PR_LOG(modlog, 1, ("C_WrapKey"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hWrappingKey = 0x%x", hWrappingKey));
     PR_LOG(modlog, 3, ("  hKey = 0x%x", hKey));
     PR_LOG(modlog, 3, ("  pWrappedKey = 0x%p", pWrappedKey));
     PR_LOG(modlog, 3, ("  pulWrappedKeyLen = 0x%p", pulWrappedKeyLen));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_WRAPKEY,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_WrapKey(hSession,
                                  pMechanism,
                                  hWrappingKey,
                                  hKey,
                                  pWrappedKey,
                                  pulWrappedKeyLen);
-    nssdbg_finish_time(FUNC_C_WRAPKEY,start);
+    nssdbg_finish_time(&counter_C_WrapKey,start);
     PR_LOG(modlog, 4, ("  *pulWrappedKeyLen = 0x%x", *pulWrappedKeyLen));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_UnwrapKey = 0;
+static PRInt32 calls_C_UnwrapKey = 0;
 CK_RV NSSDBGC_UnwrapKey(
   CK_SESSION_HANDLE    hSession,
   CK_MECHANISM_PTR     pMechanism,
   CK_OBJECT_HANDLE     hUnwrappingKey,
   CK_BYTE_PTR          pWrappedKey,
   CK_ULONG             ulWrappedKeyLen,
   CK_ATTRIBUTE_PTR     pTemplate,
   CK_ULONG             ulAttributeCount,
   CK_OBJECT_HANDLE_PTR phKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_UnwrapKey);
     PR_LOG(modlog, 1, ("C_UnwrapKey"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hUnwrappingKey = 0x%x", hUnwrappingKey));
     PR_LOG(modlog, 3, ("  pWrappedKey = 0x%p", pWrappedKey));
     PR_LOG(modlog, 3, ("  ulWrappedKeyLen = %d", ulWrappedKeyLen));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulAttributeCount = %d", ulAttributeCount));
     PR_LOG(modlog, 3, ("  phKey = 0x%p", phKey));
     print_template(pTemplate, ulAttributeCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_UNWRAPKEY,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_UnwrapKey(hSession,
                                  pMechanism,
                                  hUnwrappingKey,
                                  pWrappedKey,
                                  ulWrappedKeyLen,
                                  pTemplate,
                                  ulAttributeCount,
                                  phKey);
-    nssdbg_finish_time(FUNC_C_UNWRAPKEY,start);
+    nssdbg_finish_time(&counter_C_UnwrapKey,start);
     PR_LOG(modlog, 4, ("  *phKey = 0x%x", *phKey));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_DeriveKey = 0;
+static PRInt32 calls_C_DeriveKey = 0;
 CK_RV NSSDBGC_DeriveKey(
   CK_SESSION_HANDLE    hSession,
   CK_MECHANISM_PTR     pMechanism,
   CK_OBJECT_HANDLE     hBaseKey,
   CK_ATTRIBUTE_PTR     pTemplate,
   CK_ULONG             ulAttributeCount,
   CK_OBJECT_HANDLE_PTR phKey
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_DeriveKey);
     PR_LOG(modlog, 1, ("C_DeriveKey"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pMechanism = 0x%p", pMechanism));
     PR_LOG(modlog, 3, ("  hBaseKey = 0x%x", hBaseKey));
     PR_LOG(modlog, 3, ("  pTemplate = 0x%p", pTemplate));
     PR_LOG(modlog, 3, ("  ulAttributeCount = %d", ulAttributeCount));
     PR_LOG(modlog, 3, ("  phKey = 0x%p", phKey));
     print_template(pTemplate, ulAttributeCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_DERIVEKEY,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_DeriveKey(hSession,
                                  pMechanism,
                                  hBaseKey,
                                  pTemplate,
                                  ulAttributeCount,
                                  phKey);
-    nssdbg_finish_time(FUNC_C_DERIVEKEY,start);
+    nssdbg_finish_time(&counter_C_DeriveKey,start);
     PR_LOG(modlog, 4, ("  *phKey = 0x%x", *phKey));
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_SeedRandom = 0;
+static PRInt32 calls_C_SeedRandom = 0;
 CK_RV NSSDBGC_SeedRandom(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       pSeed,
   CK_ULONG          ulSeedLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_SeedRandom);
     PR_LOG(modlog, 1, ("C_SeedRandom"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  pSeed = 0x%p", pSeed));
     PR_LOG(modlog, 3, ("  ulSeedLen = %d", ulSeedLen));
-    nssdbg_start_time(FUNC_C_SEEDRANDOM,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_SeedRandom(hSession,
                                  pSeed,
                                  ulSeedLen);
-    nssdbg_finish_time(FUNC_C_SEEDRANDOM,start);
+    nssdbg_finish_time(&counter_C_SeedRandom,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GenerateRandom = 0;
+static PRInt32 calls_C_GenerateRandom = 0;
 CK_RV NSSDBGC_GenerateRandom(
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR       RandomData,
   CK_ULONG          ulRandomLen
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GenerateRandom);
     PR_LOG(modlog, 1, ("C_GenerateRandom"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
     PR_LOG(modlog, 3, ("  RandomData = 0x%p", RandomData));
     PR_LOG(modlog, 3, ("  ulRandomLen = %d", ulRandomLen));
-    nssdbg_start_time(FUNC_C_GENERATERANDOM,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GenerateRandom(hSession,
                                  RandomData,
                                  ulRandomLen);
-    nssdbg_finish_time(FUNC_C_GENERATERANDOM,start);
+    nssdbg_finish_time(&counter_C_GenerateRandom,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_GetFunctionStatus = 0;
+static PRInt32 calls_C_GetFunctionStatus = 0;
 CK_RV NSSDBGC_GetFunctionStatus(
   CK_SESSION_HANDLE hSession
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_GetFunctionStatus);
     PR_LOG(modlog, 1, ("C_GetFunctionStatus"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
-    nssdbg_start_time(FUNC_C_GETFUNCTIONSTATUS,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_GetFunctionStatus(hSession);
-    nssdbg_finish_time(FUNC_C_GETFUNCTIONSTATUS,start);
+    nssdbg_finish_time(&counter_C_GetFunctionStatus,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_CancelFunction = 0;
+static PRInt32 calls_C_CancelFunction = 0;
 CK_RV NSSDBGC_CancelFunction(
   CK_SESSION_HANDLE hSession
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_CancelFunction);
     PR_LOG(modlog, 1, ("C_CancelFunction"));
     PR_LOG(modlog, 3, ("  hSession = 0x%x", hSession));
-    nssdbg_start_time(FUNC_C_CANCELFUNCTION,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_CancelFunction(hSession);
-    nssdbg_finish_time(FUNC_C_CANCELFUNCTION,start);
+    nssdbg_finish_time(&counter_C_CancelFunction,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
+static PRInt32 counter_C_WaitForSlotEvent = 0;
+static PRInt32 calls_C_WaitForSlotEvent = 0;
 CK_RV NSSDBGC_WaitForSlotEvent(
   CK_FLAGS       flags,
   CK_SLOT_ID_PTR pSlot,
   CK_VOID_PTR    pRserved
 )
 {
     CK_RV rv;
     PRIntervalTime start;
+    PR_AtomicIncrement(&calls_C_WaitForSlotEvent);
     PR_LOG(modlog, 1, ("C_WaitForSlotEvent"));
     PR_LOG(modlog, 3, ("  flags = 0x%x", flags));
     PR_LOG(modlog, 3, ("  pSlot = 0x%p", pSlot));
     PR_LOG(modlog, 3, ("  pRserved = 0x%p", pRserved));
-    nssdbg_start_time(FUNC_C_WAITFORSLOTEVENT,&start);
+    start = PR_IntervalNow();
     rv = module_functions->C_WaitForSlotEvent(flags,
                                  pSlot,
                                  pRserved);
-    nssdbg_finish_time(FUNC_C_WAITFORSLOTEVENT,start);
+    nssdbg_finish_time(&counter_C_WaitForSlotEvent,start);
     PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
     return rv;
 }
 
 CK_FUNCTION_LIST_PTR nss_InsertDeviceLog(
   CK_FUNCTION_LIST_PTR devEPV
 )
 {
@@ -2098,112 +2154,716 @@ CK_FUNCTION_LIST_PTR nss_InsertDeviceLog
     debug_functions.C_SeedRandom = NSSDBGC_SeedRandom;
     debug_functions.C_GenerateRandom = NSSDBGC_GenerateRandom;
     debug_functions.C_GetFunctionStatus = NSSDBGC_GetFunctionStatus;
     debug_functions.C_CancelFunction = NSSDBGC_CancelFunction;
     debug_functions.C_WaitForSlotEvent = NSSDBGC_WaitForSlotEvent;
     return &debug_functions;
 }
 
-/*
- * scale the time factor up accordingly.
- * This routine tries to keep at least 2 significant figures on output.
- *    If the time is 0, then indicate that with a 'z' for units.
- *    If the time is greater than 10 minutes, output the time in minutes.
- *    If the time is less than 10 minutes but greater than 10 seconds output 
- * the time in second.
- *    If the time is less than 10 seconds but greater than 10 milliseconds 
- * output * the time in millisecond.
- *    If the time is less than 10 milliseconds but greater than 0 ticks output 
- * the time in microsecond.
- *
- */
-static PRUint32 getPrintTime(PRIntervalTime time ,char **type)
-{
-	PRUint32 prTime;
-
-        /* detect a programming error by outputting 'bu' to the output stream
-	 * rather than crashing */
- 	*type = "bug";
-	if (time == 0) {
-	    *type = "z";
-	    return 0;
-	}
-
-	prTime = PR_IntervalToSeconds(time);
-
-	if (prTime >= 600) {
-	    *type="m";
-	    return prTime/60;
-	}
-        if (prTime >= 10) {
-	    *type="s";
-	    return prTime;
-	} 
-	prTime = PR_IntervalToMilliseconds(time);
-        if (prTime >= 10) {
-	    *type="ms";
-	    return prTime;
-	} 
- 	*type = "us";
-	return PR_IntervalToMicroseconds(time);
-}
-
 static void print_final_statistics(void)
 {
     int total_calls = 0;
-    PRIntervalTime total_time = 0;
-    PRUint32 pr_total_time;
-    char *type;
+    PRInt32 total_time = 0;
     char *fname;
     FILE *outfile = NULL;
-    int i;
 
     fname = PR_GetEnv("NSS_OUTPUT_FILE");
     if (fname) {
-	/* need to add an optional process id to the filename */
 	outfile = fopen(fname,"w+");
     }
     if (!outfile) {
 	outfile = stdout;
     }
 	
 
-    fprintf(outfile,"%-25s %10s %12s %12s %10s\n", "Function", "# Calls", 
-				"Time", "Avg.", "% Time");
+    fprintf(outfile,"%-25s %10s %11s %10s %10s\n", "Function", "# Calls", "Time (ms)", "Avg. (ms)", "% Time");
+    fprintf(outfile,"\n");
+    total_calls += calls_C_CancelFunction;
+    total_time += counter_C_CancelFunction;
+    total_calls += calls_C_CloseAllSessions;
+    total_time += counter_C_CloseAllSessions;
+    total_calls += calls_C_CloseSession;
+    total_time += counter_C_CloseSession;
+    total_calls += calls_C_CopyObject;
+    total_time += counter_C_CopyObject;
+    total_calls += calls_C_CreateObject;
+    total_time += counter_C_CreateObject;
+    total_calls += calls_C_Decrypt;
+    total_time += counter_C_Decrypt;
+    total_calls += calls_C_DecryptDigestUpdate;
+    total_time += counter_C_DecryptDigestUpdate;
+    total_calls += calls_C_DecryptFinal;
+    total_time += counter_C_DecryptFinal;
+    total_calls += calls_C_DecryptInit;
+    total_time += counter_C_DecryptInit;
+    total_calls += calls_C_DecryptUpdate;
+    total_time += counter_C_DecryptUpdate;
+    total_calls += calls_C_DecryptVerifyUpdate;
+    total_time += counter_C_DecryptVerifyUpdate;
+    total_calls += calls_C_DeriveKey;
+    total_time += counter_C_DeriveKey;
+    total_calls += calls_C_DestroyObject;
+    total_time += counter_C_DestroyObject;
+    total_calls += calls_C_Digest;
+    total_time += counter_C_Digest;
+    total_calls += calls_C_DigestEncryptUpdate;
+    total_time += counter_C_DigestEncryptUpdate;
+    total_calls += calls_C_DigestFinal;
+    total_time += counter_C_DigestFinal;
+    total_calls += calls_C_DigestInit;
+    total_time += counter_C_DigestInit;
+    total_calls += calls_C_DigestKey;
+    total_time += counter_C_DigestKey;
+    total_calls += calls_C_DigestUpdate;
+    total_time += counter_C_DigestUpdate;
+    total_calls += calls_C_Encrypt;
+    total_time += counter_C_Encrypt;
+    total_calls += calls_C_EncryptFinal;
+    total_time += counter_C_EncryptFinal;
+    total_calls += calls_C_EncryptInit;
+    total_time += counter_C_EncryptInit;
+    total_calls += calls_C_EncryptUpdate;
+    total_time += counter_C_EncryptUpdate;
+    total_calls += calls_C_Finalize;
+    total_time += counter_C_Finalize;
+    total_calls += calls_C_FindObjects;
+    total_time += counter_C_FindObjects;
+    total_calls += calls_C_FindObjectsFinal;
+    total_time += counter_C_FindObjectsFinal;