Bug 801218 - Upgrade NSS to 3.14 Final (needs NSPR 4.9.3 final), r=wtc, a=bbajaj
authorKai Engert <kaie@kuix.de>
Mon, 05 Nov 2012 23:44:18 +0100
changeset 113976 9cc413f943a34a9e534c06b4f598278bdb2f6ad8
parent 113975 c82029001796b2ac2839cce1aee3b598f259bca6
child 113977 91bc264379f9f7c88a4fe344d890d94968caa28f
push id2582
push userkaie@kuix.de
push dateMon, 05 Nov 2012 22:44:27 +0000
treeherdermozilla-aurora@9cc413f943a3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswtc, bbajaj
bugs801218
milestone18.0a2
Bug 801218 - Upgrade NSS to 3.14 Final (needs NSPR 4.9.3 final), r=wtc, a=bbajaj
dbm/include/mcom_db.h
nsprpub/TAG-INFO
nsprpub/config/prdepend.h
nsprpub/pr/include/md/_linux.cfg
nsprpub/pr/include/md/_pth.h
nsprpub/pr/include/prinit.h
nsprpub/pr/src/pthreads/ptthread.c
security/coreconf/coreconf.dep
security/nss/COPYING
security/nss/TAG-INFO
security/nss/TAG-INFO-CKBI
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
security/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
security/nss/cmd/bltest/tests/aes_cts/ciphertext0
security/nss/cmd/bltest/tests/aes_cts/ciphertext1
security/nss/cmd/bltest/tests/aes_cts/ciphertext2
security/nss/cmd/bltest/tests/aes_cts/ciphertext3
security/nss/cmd/bltest/tests/aes_cts/ciphertext4
security/nss/cmd/bltest/tests/aes_cts/ciphertext5
security/nss/cmd/bltest/tests/aes_cts/iv0
security/nss/cmd/bltest/tests/aes_cts/iv1
security/nss/cmd/bltest/tests/aes_cts/iv2
security/nss/cmd/bltest/tests/aes_cts/iv3
security/nss/cmd/bltest/tests/aes_cts/iv4
security/nss/cmd/bltest/tests/aes_cts/iv5
security/nss/cmd/bltest/tests/aes_cts/key0
security/nss/cmd/bltest/tests/aes_cts/key1
security/nss/cmd/bltest/tests/aes_cts/key2
security/nss/cmd/bltest/tests/aes_cts/key3
security/nss/cmd/bltest/tests/aes_cts/key4
security/nss/cmd/bltest/tests/aes_cts/key5
security/nss/cmd/bltest/tests/aes_cts/mktst.sh
security/nss/cmd/bltest/tests/aes_cts/numtests
security/nss/cmd/bltest/tests/aes_cts/plaintext0
security/nss/cmd/bltest/tests/aes_cts/plaintext1
security/nss/cmd/bltest/tests/aes_cts/plaintext2
security/nss/cmd/bltest/tests/aes_cts/plaintext3
security/nss/cmd/bltest/tests/aes_cts/plaintext4
security/nss/cmd/bltest/tests/aes_cts/plaintext5
security/nss/lib/ckfw/builtins/certdata.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/cts.c
security/nss/lib/freebl/gcm.c
security/nss/lib/freebl/pqg.c
security/nss/lib/nss/nss.h
security/nss/lib/nss/nssinit.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/pkcs11i.h
security/nss/lib/softoken/softkver.h
security/nss/lib/util/nssutil.h
security/nss/lib/util/pkcs11t.h
security/nss/lib/util/utilmod.c
security/nss/tests/cipher/performance.sh
security/nss/tests/lowhash/lowhash.sh
--- a/dbm/include/mcom_db.h
+++ b/dbm/include/mcom_db.h
@@ -201,23 +201,19 @@
 #endif
 #endif
 
 #ifdef macintosh
 #include <stdio.h>
 #include "xp_mcom.h"
 #define O_ACCMODE       3       /* Mask for file access modes */
 #define EFTYPE 2000
-#ifdef __cplusplus
-extern "C" {
-#endif
+PR_BEGIN_EXTERN_C
 int mkstemp(const char *path);
-#ifdef __cplusplus
-}
-#endif
+PR_END_EXTERN_C
 #endif	/* MACINTOSH */
 
 #if !defined(_WINDOWS) && !defined(macintosh)
 #include <sys/stat.h>
 #include <errno.h>
 #endif
 
 /* define EFTYPE since most don't */
@@ -390,32 +386,28 @@ typedef struct {
 	((char *)a)[1] = ((char *)&_tmp)[0];				\
 }
 #define	P_16_COPY(a, b) {						\
 	((char *)&(b))[0] = ((char *)&(a))[1];				\
 	((char *)&(b))[1] = ((char *)&(a))[0];				\
 }
 #endif
 
-#ifdef __cplusplus
-extern "C" {
-#endif
+PR_BEGIN_EXTERN_C
 
 extern DB *
 dbopen (const char *, int, int, DBTYPE, const void *);
 
 /* set or unset a global lock flag to disable the
  * opening of any DBM file
  */
 void dbSetOrClearDBLock(DBLockFlagEnum type);
 
 #ifdef __DBINTERFACE_PRIVATE
 DB	*__bt_open (const char *, int, int, const BTREEINFO *, int);
 DB	*__hash_open (const char *, int, int, const HASHINFO *, int);
 DB	*__rec_open (const char *, int, int, const RECNOINFO *, int);
 void	 __dbpanic (DB *dbp);
 #endif
 
-#ifdef __cplusplus
-}
-#endif
+PR_END_EXTERN_C
 
 #endif /* !_DB_H_ */
--- a/nsprpub/TAG-INFO
+++ b/nsprpub/TAG-INFO
@@ -1,1 +1,1 @@
-NSPR_4_9_3_BETA1
+NSPR_4_9_3_RTM
--- a/nsprpub/config/prdepend.h
+++ b/nsprpub/config/prdepend.h
@@ -5,9 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSPR in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
+
--- a/nsprpub/pr/include/md/_linux.cfg
+++ b/nsprpub/pr/include/md/_linux.cfg
@@ -207,16 +207,63 @@
 #define PR_ALIGN_OF_POINTER 8
 #define PR_ALIGN_OF_WORD    8
 
 #define PR_BYTES_PER_WORD_LOG2  3
 #define PR_BYTES_PER_DWORD_LOG2 3
 
 #elif defined(__x86_64__)
 
+#ifdef __ILP32__
+
+#define IS_LITTLE_ENDIAN 1
+#undef  IS_BIG_ENDIAN
+
+#define PR_BYTES_PER_BYTE   1
+#define PR_BYTES_PER_SHORT  2
+#define PR_BYTES_PER_INT    4
+#define PR_BYTES_PER_INT64  8
+#define PR_BYTES_PER_LONG   4
+#define PR_BYTES_PER_FLOAT  4
+#define PR_BYTES_PER_DOUBLE 8
+#define PR_BYTES_PER_WORD   4
+#define PR_BYTES_PER_DWORD  8
+
+#define PR_BITS_PER_BYTE    8
+#define PR_BITS_PER_SHORT   16
+#define PR_BITS_PER_INT     32
+#define PR_BITS_PER_INT64   64
+#define PR_BITS_PER_LONG    32
+#define PR_BITS_PER_FLOAT   32
+#define PR_BITS_PER_DOUBLE  64
+#define PR_BITS_PER_WORD    32
+
+#define PR_BITS_PER_BYTE_LOG2   3
+#define PR_BITS_PER_SHORT_LOG2  4
+#define PR_BITS_PER_INT_LOG2    5
+#define PR_BITS_PER_INT64_LOG2  6
+#define PR_BITS_PER_LONG_LOG2   5
+#define PR_BITS_PER_FLOAT_LOG2  5
+#define PR_BITS_PER_DOUBLE_LOG2 6
+#define PR_BITS_PER_WORD_LOG2   5
+
+#define PR_ALIGN_OF_SHORT   2
+#define PR_ALIGN_OF_INT     4
+#define PR_ALIGN_OF_LONG    4
+#define PR_ALIGN_OF_INT64   4
+#define PR_ALIGN_OF_FLOAT   4
+#define PR_ALIGN_OF_DOUBLE  4
+#define PR_ALIGN_OF_POINTER 4
+#define PR_ALIGN_OF_WORD    4
+
+#define PR_BYTES_PER_WORD_LOG2   2
+#define PR_BYTES_PER_DWORD_LOG2  3
+
+#else
+
 #define IS_LITTLE_ENDIAN 1
 #undef  IS_BIG_ENDIAN
 #define IS_64
 
 #define PR_BYTES_PER_BYTE   1
 #define PR_BYTES_PER_SHORT  2
 #define PR_BYTES_PER_INT    4
 #define PR_BYTES_PER_INT64  8
@@ -251,16 +298,18 @@
 #define PR_ALIGN_OF_FLOAT   4
 #define PR_ALIGN_OF_DOUBLE  8
 #define PR_ALIGN_OF_POINTER 8
 #define PR_ALIGN_OF_WORD    8
 
 #define PR_BYTES_PER_WORD_LOG2  3
 #define PR_BYTES_PER_DWORD_LOG2 3
 
+#endif
+
 #elif defined(__mc68000__)
 
 #undef  IS_LITTLE_ENDIAN
 #define IS_BIG_ENDIAN 1
 
 #define PR_BYTES_PER_BYTE   1
 #define PR_BYTES_PER_SHORT  2
 #define PR_BYTES_PER_INT    4
--- a/nsprpub/pr/include/md/_pth.h
+++ b/nsprpub/pr/include/md/_pth.h
@@ -125,29 +125,26 @@
 #error "pthreads is not supported for this architecture"
 #endif
 
 #if defined(_PR_DCETHREADS)
 #define _PT_PTHREAD_ATTR_INIT            pthread_attr_create
 #define _PT_PTHREAD_ATTR_DESTROY         pthread_attr_delete
 #define _PT_PTHREAD_CREATE(t, a, f, r)   pthread_create(t, a, f, r) 
 #define _PT_PTHREAD_KEY_CREATE           pthread_keycreate
-#define _PT_PTHREAD_KEY_DELETE           pthread_keydelete
-/* Set _PT_PTHREAD_KEY_DELETE to empty if pthread_keydelete isn't available */
 #define _PT_PTHREAD_ATTR_SETSCHEDPOLICY  pthread_attr_setsched
 #define _PT_PTHREAD_ATTR_GETSTACKSIZE(a, s) \
                                      (*(s) = pthread_attr_getstacksize(*(a)), 0)
 #define _PT_PTHREAD_GETSPECIFIC(k, r) \
 		pthread_getspecific((k), (pthread_addr_t *) &(r))
 #elif defined(_PR_PTHREADS)
 #define _PT_PTHREAD_ATTR_INIT            pthread_attr_init
 #define _PT_PTHREAD_ATTR_DESTROY         pthread_attr_destroy
 #define _PT_PTHREAD_CREATE(t, a, f, r)   pthread_create(t, &a, f, r) 
 #define _PT_PTHREAD_KEY_CREATE           pthread_key_create
-#define _PT_PTHREAD_KEY_DELETE           pthread_key_delete
 #define _PT_PTHREAD_ATTR_SETSCHEDPOLICY  pthread_attr_setschedpolicy
 #define _PT_PTHREAD_ATTR_GETSTACKSIZE(a, s) pthread_attr_getstacksize(a, s)
 #define _PT_PTHREAD_GETSPECIFIC(k, r)    (r) = pthread_getspecific(k)
 #else
 #error "Cannot determine pthread strategy"
 #endif
 
 #if defined(_PR_DCETHREADS)
--- a/nsprpub/pr/include/prinit.h
+++ b/nsprpub/pr/include/prinit.h
@@ -26,21 +26,21 @@ PR_BEGIN_EXTERN_C
 /*
 ** NSPR's version is used to determine the likelihood that the version you
 ** used to build your component is anywhere close to being compatible with
 ** what is in the underlying library.
 **
 ** The format of the version string is
 **     "<major version>.<minor version>[.<patch level>] [<Beta>]"
 */
-#define PR_VERSION  "4.9.3 Beta"
+#define PR_VERSION  "4.9.3"
 #define PR_VMAJOR   4
 #define PR_VMINOR   9
 #define PR_VPATCH   3
-#define PR_BETA     PR_TRUE
+#define PR_BETA     PR_FALSE
 
 /*
 ** PRVersionCheck
 **
 ** The basic signature of the function that is called to provide version
 ** checking. The result will be a boolean that indicates the likelihood
 ** that the underling library will perform as the caller expects.
 **
--- a/nsprpub/pr/src/pthreads/ptthread.c
+++ b/nsprpub/pr/src/pthreads/ptthread.c
@@ -38,17 +38,17 @@ static PRIntn pt_schedpriv = 0;
 extern PRLock *_pr_sleeplock;
 
 static struct _PT_Bookeeping
 {
     PRLock *ml;                 /* a lock to protect ourselves */
     PRCondVar *cv;              /* used to signal global things */
     PRInt32 system, user;       /* a count of the two different types */
     PRUintn this_many;          /* number of threads allowed for exit */
-    pthread_key_t key;          /* private private data key */
+    pthread_key_t key;          /* thread private data key */
     PRThread *first, *last;     /* list of threads we know about */
 #if defined(_PR_DCETHREADS) || defined(_POSIX_THREAD_PRIORITY_SCHEDULING)
     PRInt32 minPrio, maxPrio;   /* range of scheduling priorities */
 #endif
 } pt_book = {0};
 
 static void _pt_thread_death(void *arg);
 static void _pt_thread_death_internal(void *arg, PRBool callDestructors);
@@ -970,17 +970,18 @@ void _PR_Fini(void)
         /*
          * PR_FALSE, because it is unsafe to call back to the 
          * thread private data destructors at final cleanup.
          */
         _pt_thread_death_internal(thred, PR_FALSE);
         rv = pthread_setspecific(pt_book.key, NULL);
         PR_ASSERT(0 == rv);
     }
-    _PT_PTHREAD_KEY_DELETE(pt_book.key);
+    rv = pthread_key_delete(pt_book.key);
+    PR_ASSERT(0 == rv);
     /* TODO: free other resources used by NSPR */
     /* _pr_initialized = PR_FALSE; */
 }  /* _PR_Fini */
 
 PR_IMPLEMENT(PRStatus) PR_Cleanup(void)
 {
     PRThread *me = PR_GetCurrentThread();
     int rv;
--- a/security/coreconf/coreconf.dep
+++ b/security/coreconf/coreconf.dep
@@ -1,12 +1,12 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * A dummy header file that is a dependency for all the object files.
- * Used to force a full recompilation of NSS in Mozilla's Tinderbox
- * depend builds.  See comments in rules.mk.
- */
-
-#error "Do not include this header file."
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * A dummy header file that is a dependency for all the object files.
+ * Used to force a full recompilation of NSS in Mozilla's Tinderbox
+ * depend builds.  See comments in rules.mk.
+ */
+
+#error "Do not include this header file."
new file mode 100644
--- /dev/null
+++ b/security/nss/COPYING
@@ -0,0 +1,403 @@
+NSS is available under the Mozilla Public License, version 2, a copy of which
+is below.
+
+Note on GPL Compatibility
+-------------------------
+
+The MPL 2, section 3.3, permits you to combine NSS with code under the GNU
+General Public License (GPL) version 2, or any later version of that
+license, to make a Larger Work, and distribute the result under the GPL.
+The only condition is that you must also make NSS, and any changes you
+have made to it, available to recipients under the terms of the MPL 2 also.
+
+Anyone who receives the combined code from you does not have to continue
+to dual licence in this way, and may, if they wish, distribute under the
+terms of either of the two licences - either the MPL alone or the GPL
+alone. However, we discourage people from distributing copies of NSS under
+the GPL alone, because it means that any improvements they make cannot be
+reincorporated into the main version of NSS. There is never a need to do
+this for license compatibility reasons.
+
+Note on LGPL Compatibility
+--------------------------
+
+The above also applies to combining MPLed code in a single library with
+code under the GNU Lesser General Public License (LGPL) version 2.1, or
+any later version of that license. If the LGPLed code and the MPLed code
+are not in the same library, then the copyleft coverage of the two
+licences does not overlap, so no issues arise.
+
+
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in 
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_14_BETA1
+NSS_3_14_RTM
--- a/security/nss/TAG-INFO-CKBI
+++ b/security/nss/TAG-INFO-CKBI
@@ -1,1 +1,1 @@
-NSS_3_14_BETA1
+NSS_3_14_RTM
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -2180,16 +2180,17 @@ dsaOp(bltestCipherInfo *cipherInfo)
                                             &cipherInfo->input.pBuf);
                         CHECKERROR(rv, __LINE__);
                     }
                     cipherInfo->repetitions += j;
                 }
             }
             TIMEFINISH(cipherInfo->optime, 1.0);
         }
+	cipherInfo->output.buf.len = cipherInfo->output.pBuf.len;
         bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, 
                      &cipherInfo->output);
     } else {
         TIMESTART();
         rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
                               &cipherInfo->params.dsa.sig.buf,
                               &cipherInfo->input.pBuf);
         TIMEFINISH(cipherInfo->optime, 1.0);
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
@@ -0,0 +1,47 @@
+# Raeburn                     Standards Track                    [Page 12]
+# 
+# RFC 3962             AES Encryption for Kerberos 5         February 2005
+# 
+# Some test vectors for CBC with ciphertext stealing, using an initial
+# vector of all-zero.
+#
+# Original Test vectors were for AES CTS-3 (Kerberos). These test vectors have been modified for AES CTS-1 (NIST)
+#
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext0
@@ -0,0 +1,1 @@
+l8Y1NWjyv4y02KWANi2n/38=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext1
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/l/AB4Pg79ssHURdTI7/ftIg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext2
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9ag=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext3
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9bP//ZQMFqGMG1VJ0vg4Ap4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext4
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext5
@@ -0,0 +1,2 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
+SAfv6DbuiaUmcw28L3vIQA==
new file mode 100644
index 0000000000000000000000000000000000000000..4bdfab8333086af48b9ece6d1f9db9aa9a07cdff
GIT binary patch
literal 34
dc${NkKm~jZ$4pH#KJD+>a${+OneOuc^#Dwl2^|0c
new file mode 100644
index 0000000000000000000000000000000000000000..3e8c8e9e6b97306f58059d6807b665465bc3bc64
GIT binary patch
literal 34
ec${NkKm~jZe;6w4`2KD>c*XU~iTB^%DggjZ*a_(X
new file mode 100644
index 0000000000000000000000000000000000000000..b4bbc2e76fb0ee149bce3609e147cae594ccf0d4
GIT binary patch
literal 34
dc${NkKm~jZmWHaz%iEH!?yEn2X2$EUD*!$l2^jzY
new file mode 100644
index 0000000000000000000000000000000000000000..c065e8362dc47e875113249f9a575f490363087a
GIT binary patch
literal 34
dc${NkKm~jZoB#iv!Xvh@M>^E=(hm!!c>qgx2mAm4
new file mode 100644
index 0000000000000000000000000000000000000000..ba11a0ec02ff240e50a83121b4c2b60eed06e3a3
GIT binary patch
literal 34
ec${NkKm~jZbJuq7o_6Hy0qcXz4;N0^eFFeigbFSI
new file mode 100644
index 0000000000000000000000000000000000000000..213a4bd3c7541d93cdc6bd0427ca28cc3cb2c062
GIT binary patch
literal 34
dc${NkKm~jZ9_;U5n7!*<s#eUqN5A@n0{}x72b%x@
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key0
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key1
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key2
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key3
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key4
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key5
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/mktst.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+for i in 0 1 2 3 4 5
+do
+    file="aes_cts_$i.txt"
+    grep "Key" $file | sed -e 's;Key:;;' | hex > key$i
+    grep "IV"  $file | sed -e 's;IV:;;' | hex > iv$i
+    grep "Input"  $file | sed -e 's;Input:;;' | hex  > plaintext$i
+    grep "Output"  $file | sed -e 's;Output:;;' | hex | btoa > ciphertext$i
+done
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/numtests
@@ -0,0 +1,1 @@
+6
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext0
@@ -0,0 +1,1 @@
+I would like the 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext1
@@ -0,0 +1,1 @@
+I would like the General Gau's 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext2
@@ -0,0 +1,1 @@
+I would like the General Gau's C
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext3
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please,
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext4
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please, 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext5
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please, and wonton soup.
\ No newline at end of file
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -1,14 +1,14 @@
 /* THIS IS A GENERATED FILE */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $";
 #endif /* DEBUG */
 
 #ifndef BUILTINS_H
 #include "builtins.h"
 #endif /* BUILTINS_H */
 
 static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_BBOOL ck_true = CK_TRUE;
@@ -1079,25 +1079,43 @@ static const CK_ATTRIBUTE_TYPE nss_built
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_352 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_353 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 };
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_354 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_355 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_356 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_357 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_358 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_359 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CVS ID", (PRUint32)7 },
   { (void *)"NSS", (PRUint32)4 },
-  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $", (PRUint32)160 }
+  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $", (PRUint32)160 }
 };
 #endif /* DEBUG */
 static const NSSItem nss_builtins_items_1 [] = {
   { (void *)&cko_nss_builtin_root_list, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Mozilla Builtin Roots", (PRUint32)22 }
@@ -23602,16 +23620,402 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)80 },
   { (void *)"\002\001\002"
 , (PRUint32)3 },
   { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
 };
+static const NSSItem nss_builtins_items_354 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", (PRUint32)55 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)"\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001"
+"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060"
+"\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234"
+"\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156"
+"\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172"
+"\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261"
+"\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122"
+"\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162"
+"\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122"
+"\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154"
+"\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305"
+"\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040"
+"\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056"
+"\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060"
+"\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061"
+"\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071"
+"\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124"
+"\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162"
+"\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110"
+"\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143"
+"\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002"
+"\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153"
+"\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303"
+"\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304"
+"\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154"
+"\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237"
+"\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305"
+"\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062"
+"\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367"
+"\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002"
+"\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357"
+"\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077"
+"\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130"
+"\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352"
+"\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132"
+"\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006"
+"\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217"
+"\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302"
+"\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206"
+"\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177"
+"\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044"
+"\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217"
+"\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050"
+"\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371"
+"\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114"
+"\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252"
+"\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006"
+"\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344"
+"\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003"
+"\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003"
+"\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006"
+"\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001"
+"\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121"
+"\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026"
+"\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050"
+"\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017"
+"\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210"
+"\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153"
+"\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374"
+"\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271"
+"\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330"
+"\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265"
+"\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032"
+"\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325"
+"\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277"
+"\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031"
+"\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146"
+"\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071"
+"\175"
+, (PRUint32)1089 }
+};
+static const NSSItem nss_builtins_items_355 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", (PRUint32)55 },
+  { (void *)"\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020"
+"\210\331\140\063"
+, (PRUint32)20 },
+  { (void *)"\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162"
+, (PRUint32)16 },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_356 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"T-TeleSec GlobalRoot Class 3", (PRUint32)29 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)"\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001"
+"\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060"
+"\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061"
+"\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164"
+"\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123"
+"\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035"
+"\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163"
+"\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060"
+"\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145"
+"\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141"
+"\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060"
+"\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065"
+"\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006"
+"\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124"
+"\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162"
+"\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142"
+"\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171"
+"\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164"
+"\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124"
+"\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157"
+"\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006"
+"\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017"
+"\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042"
+"\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315"
+"\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366"
+"\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053"
+"\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077"
+"\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104"
+"\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373"
+"\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270"
+"\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042"
+"\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206"
+"\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271"
+"\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221"
+"\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223"
+"\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114"
+"\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067"
+"\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137"
+"\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243"
+"\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060"
+"\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004"
+"\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265"
+"\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277"
+"\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013"
+"\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262"
+"\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115"
+"\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035"
+"\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131"
+"\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262"
+"\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312"
+"\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364"
+"\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223"
+"\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076"
+"\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323"
+"\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157"
+"\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011"
+"\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245"
+"\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032"
+"\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202"
+"\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051"
+"\116\223\303\244\124\024\133"
+, (PRUint32)967 }
+};
+static const NSSItem nss_builtins_items_357 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"T-TeleSec GlobalRoot Class 3", (PRUint32)29 },
+  { (void *)"\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276"
+"\021\343\201\321"
+, (PRUint32)20 },
+  { (void *)"\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357"
+, (PRUint32)16 },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_358 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"EE Certification Centre Root CA", (PRUint32)32 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161"
+"\346\112"
+, (PRUint32)18 },
+  { (void *)"\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124"
+"\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060"
+"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165"
+"\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060"
+"\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151"
+"\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165"
+"\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103"
+"\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156"
+"\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006"
+"\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100"
+"\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063"
+"\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062"
+"\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006"
+"\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004"
+"\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145"
+"\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046"
+"\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146"
+"\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122"
+"\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206"
+"\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145"
+"\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001"
+"\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001"
+"\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373"
+"\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062"
+"\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114"
+"\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303"
+"\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316"
+"\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123"
+"\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174"
+"\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060"
+"\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247"
+"\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125"
+"\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335"
+"\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176"
+"\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352"
+"\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104"
+"\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203"
+"\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241"
+"\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003"
+"\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006"
+"\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006"
+"\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277"
+"\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003"
+"\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003"
+"\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001"
+"\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006"
+"\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005"
+"\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005"
+"\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267"
+"\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216"
+"\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225"
+"\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257"
+"\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120"
+"\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006"
+"\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274"
+"\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032"
+"\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156"
+"\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134"
+"\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072"
+"\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026"
+"\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123"
+"\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356"
+"\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357"
+"\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220"
+"\307\314\165\301\226\305\235"
+, (PRUint32)1031 }
+};
+static const NSSItem nss_builtins_items_359 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"EE Certification Centre Root CA", (PRUint32)32 },
+  { (void *)"\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303"
+"\173\047\314\327"
+, (PRUint32)20 },
+  { (void *)"\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157"
+, (PRUint32)16 },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161"
+"\346\112"
+, (PRUint32)18 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
 
 builtinsInternalObject
 nss_builtins_data[] = {
 #ifdef DEBUG
   { 7, nss_builtins_types_0, nss_builtins_items_0, {NULL} },
 #endif /* DEBUG */
   { 5, nss_builtins_types_1, nss_builtins_items_1, {NULL} },
   { 11, nss_builtins_types_2, nss_builtins_items_2, {NULL} },
@@ -23960,16 +24364,22 @@ nss_builtins_data[] = {
   { 13, nss_builtins_types_345, nss_builtins_items_345, {NULL} },
   { 11, nss_builtins_types_346, nss_builtins_items_346, {NULL} },
   { 13, nss_builtins_types_347, nss_builtins_items_347, {NULL} },
   { 11, nss_builtins_types_348, nss_builtins_items_348, {NULL} },
   { 13, nss_builtins_types_349, nss_builtins_items_349, {NULL} },
   { 11, nss_builtins_types_350, nss_builtins_items_350, {NULL} },
   { 13, nss_builtins_types_351, nss_builtins_items_351, {NULL} },
   { 11, nss_builtins_types_352, nss_builtins_items_352, {NULL} },
-  { 13, nss_builtins_types_353, nss_builtins_items_353, {NULL} }
+  { 13, nss_builtins_types_353, nss_builtins_items_353, {NULL} },
+  { 11, nss_builtins_types_354, nss_builtins_items_354, {NULL} },
+  { 13, nss_builtins_types_355, nss_builtins_items_355, {NULL} },
+  { 11, nss_builtins_types_356, nss_builtins_items_356, {NULL} },
+  { 13, nss_builtins_types_357, nss_builtins_items_357, {NULL} },
+  { 11, nss_builtins_types_358, nss_builtins_items_358, {NULL} },
+  { 13, nss_builtins_types_359, nss_builtins_items_359, {NULL} }
 };
 const PRUint32
 #ifdef DEBUG
-  nss_builtins_nObjects = 353+1;
+  nss_builtins_nObjects = 359+1;
 #else
-  nss_builtins_nObjects = 353;
+  nss_builtins_nObjects = 359;
 #endif /* DEBUG */
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -1,13 +1,13 @@
 # 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.85 $ $Date: 2012/06/28 13:50:18 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.86 $ $Date: 2012/10/18 16:26:52 $"
 
 #
 # certdata.txt
 #
 # This file contains the object definitions for the certs and other
 # information "built into" NSS.
 #
 # Object definitions:
@@ -24417,8 +24417,466 @@ CKA_ISSUER MULTILINE_OCTAL
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\002
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+#
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234
+\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156
+\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060
+\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061
+\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071
+\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124
+\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162
+\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110
+\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143
+\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002
+\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153
+\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303
+\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304
+\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154
+\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237
+\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305
+\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062
+\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357
+\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077
+\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130
+\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352
+\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132
+\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006
+\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217
+\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302
+\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206
+\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177
+\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044
+\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217
+\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050
+\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371
+\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114
+\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252
+\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344
+\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121
+\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026
+\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050
+\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017
+\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210
+\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153
+\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374
+\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271
+\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330
+\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265
+\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032
+\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325
+\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277
+\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031
+\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146
+\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071
+\175
+END
+
+# Trust for "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020
+\210\331\140\063
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "T-TeleSec GlobalRoot Class 3"
+#
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164
+\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123
+\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
+\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060
+\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145
+\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141
+\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060
+\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065
+\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124
+\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162
+\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142
+\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171
+\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164
+\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124
+\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157
+\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042
+\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315
+\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366
+\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053
+\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077
+\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104
+\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373
+\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270
+\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042
+\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206
+\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271
+\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221
+\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223
+\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114
+\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067
+\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137
+\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265
+\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277
+\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262
+\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115
+\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035
+\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131
+\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262
+\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312
+\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364
+\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223
+\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076
+\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323
+\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157
+\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011
+\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245
+\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032
+\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202
+\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051
+\116\223\303\244\124\024\133
+END
+
+# Trust for "T-TeleSec GlobalRoot Class 3"
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276
+\021\343\201\321
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "EE Certification Centre Root CA"
+#
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124
+\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165
+\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060
+\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151
+\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165
+\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156
+\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006
+\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100
+\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063
+\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062
+\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006
+\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004
+\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145
+\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046
+\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122
+\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206
+\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373
+\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062
+\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114
+\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303
+\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316
+\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123
+\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174
+\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060
+\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247
+\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125
+\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335
+\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176
+\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352
+\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104
+\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203
+\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241
+\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277
+\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003
+\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003
+\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006
+\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005
+\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267
+\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216
+\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225
+\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257
+\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120
+\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006
+\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274
+\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032
+\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156
+\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134
+\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072
+\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026
+\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123
+\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356
+\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357
+\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220
+\307\314\165\301\226\305\235
+END
+
+# Trust for "EE Certification Centre Root CA"
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303
+\173\047\314\327
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -40,18 +40,18 @@
  *     ...
  *   - NSS 3.29 branch: 250-255
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 91
-#define NSS_BUILTINS_LIBRARY_VERSION "1.91"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 92
+#define NSS_BUILTINS_LIBRARY_VERSION "1.92"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1,15 +1,15 @@
 /*
  * crypto.h - public data structures and prototypes for the crypto library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: blapi.h,v 1.48 2012/06/28 17:55:05 rrelyea%redhat.com Exp $ */
+/* $Id: blapi.h,v 1.49 2012/10/11 00:10:26 rrelyea%redhat.com Exp $ */
 
 #ifndef _BLAPI_H_
 #define _BLAPI_H_
 
 #include "blapit.h"
 #include "hasht.h"
 #include "alghmac.h"
 
@@ -1267,16 +1267,20 @@ PQG_ParamGenSeedLen(
  * match the table below or an error will result:
  *
  *  L            N
  * 1024         160
  * 2048         224
  * 2048         256
  * 3072         256
  *
+ * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
+ * pick a default value (typically the smallest secure value for these
+ * variables).
+ *
  * The verify parameters will conform to FIPS186-3 using the smallest 
  * permissible hash for the key strength.
  */
 extern SECStatus
 PQG_ParamGenV2(
              unsigned int L, 	     /* input : determines length of P. */
              unsigned int N, 	     /* input : determines length of Q. */
 	     unsigned int seedBytes, /* input : length of seed in bytes.*/
--- a/security/nss/lib/freebl/cts.c
+++ b/security/nss/lib/freebl/cts.c
@@ -110,17 +110,17 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
 	return SECFailure;
     }
     fullblocks = (inlen/blocksize)*blocksize;
     rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
 	 fullblocks, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(*outlen == fullblocks);
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
     inbuf += fullblocks;
     inlen -= fullblocks;
     if (inlen == 0) {
 	return SECSuccess;
     }
     written = *outlen - (blocksize - inlen);
     outbuf += written;
     maxout -= written;
@@ -135,17 +135,16 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
      * we decrypt (at the cost of some complexity as you can see in decrypt
      * below */
     PORT_Memcpy(lastBlock, inbuf, inlen);
     PORT_Memset(lastBlock + inlen, 0, blocksize - inlen);
     rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock,
 			blocksize, blocksize);
     PORT_Memset(lastBlock, 0, blocksize);
     if (rv == SECSuccess) {
-	PORT_Assert(tmp == blocksize);
 	*outlen = written + blocksize;
     }
     return rv;
 }
 
 
 #define XOR_BLOCK(x,y,count) for(i=0; i < count; i++) x[i] = x[i] ^ y[i]
 
@@ -203,42 +202,42 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
 
     fullblocks = (inlen/blocksize)*blocksize;
 
     /* even though we expect the input to be CS-1, CS-2 is easier to parse,
      * so convert to CS-2 immediately. NOTE: this is the same code as in
      * the comment for encrypt. NOTE2: since we can't modify inbuf unless
      * inbuf and outbuf overlap, just copy inbuf to outbuf and modify it there
      */
-    pad = blocksize + (inlen - fullblocks);
-    if (pad != blocksize) {
+    pad = inlen - fullblocks;
+    if (pad != 0) {
 	if (inbuf != outbuf) {
 	    memcpy(outbuf, inbuf, inlen);
 	    /* keep the names so we logically know how we are using the
 	     * buffers */
 	    inbuf = outbuf;
 	}
-	memcpy(lastBlock,        inbuf+inlen-blocksize-pad, blocksize);
+	memcpy(lastBlock, inbuf+inlen-blocksize, blocksize);
 	/* we know inbuf == outbuf now, inbuf is declared const and can't
 	 * be the target, so use outbuf for the target here */
-	memcpy(outbuf+inlen-blocksize-pad, inbuf+inlen-pad, pad);
-	memcpy(outbuf+inlen-blocksize,     lastBlock,       blocksize);
+	memcpy(outbuf+inlen-pad, inbuf+inlen-blocksize-pad, pad);
+	memcpy(outbuf+inlen-blocksize-pad, lastBlock, blocksize);
     }
     /* save the previous to last block so we can undo the misordered
      * chaining */
     tmp =  (fullblocks < blocksize*2) ? cts->iv :
 			inbuf+fullblocks-blocksize*2;
     PORT_Memcpy(Cn_2, tmp, blocksize);
     PORT_Memcpy(Cn, inbuf+fullblocks-blocksize, blocksize);
     rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
 	 fullblocks, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(*outlen == fullblocks);
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
     inbuf += fullblocks;
     inlen -= fullblocks;
     if (inlen == 0) {
 	return SECSuccess;
     }
     outbuf += fullblocks;
     maxout -= fullblocks;
 
@@ -270,26 +269,25 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
 
     /* make up for the out of order CBC decryption */
     XOR_BLOCK(lastBlock, Cn_2, blocksize);
     XOR_BLOCK(lastBlock, Pn, blocksize);
     /* last buf now has Pn || Cn-1**, copy out Pn */
     PORT_Memcpy(outbuf, lastBlock, inlen);
     *outlen += inlen;
     /* copy Cn-1* into last buf to recover Cn-1 */
-    PORT_Memcpy(lastBlock, Cn-1, inlen);
+    PORT_Memcpy(lastBlock, Cn_1, inlen);
     /* note: because Cn and Cn-1 were out of order, our pointer to Pn also
      * points to where Pn-1 needs to reside. From here on out read Pn in
      * the code as really Pn-1. */
     rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock,
 	 blocksize, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(tmpLen == blocksize);
     /* make up for the out of order CBC decryption */
     XOR_BLOCK(Pn, Cn_2, blocksize);
     XOR_BLOCK(Pn, Cn, blocksize);
     /* reset iv to Cn  */
     PORT_Memcpy(cts->iv, Cn, blocksize);
     /* This makes Cn the last block for the next decrypt operation, which
      * matches the encrypt. We don't care about the contexts of last block,
      * only the side effect of setting the internal IV */
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -128,18 +128,16 @@ struct gcmHashContextStr {
      unsigned int bufLen;
      int m; /* XXX what is m? */
      unsigned char counterBuf[2*GCM_HASH_LEN_LEN];
      PRUint64 cLen;
 };
 
 /* f = x^128 + x^7 + x^2 + x + 1 */
 static const unsigned int poly_128[] = { 128, 7, 2, 1, 0 };
-/* f = x^64 + x^4 + x^3 + x + 1 */
-static const unsigned int poly_64[] = { 64, 4, 3, 1, 0 };
 
 /* sigh, GCM defines the bit strings exactly backwards from everything else */
 static void
 gcm_reverse(unsigned char *target, const unsigned char *src,
 							unsigned int blocksize)
 {
     unsigned int i;
     for (i=0; i < blocksize; i++) {
@@ -162,24 +160,21 @@ gcmHash_InitContext(gcmHashContext *ghas
     CHECK_MPI_OK( mp_init(&ghash->X) );
     CHECK_MPI_OK( mp_init(&ghash->C_i) );
 
     mp_zero(&ghash->X);
     gcm_reverse(H_rev, H, blocksize);
     CHECK_MPI_OK( mp_read_unsigned_octets(&ghash->H, H_rev, blocksize) );
 
     /* set the irreducible polynomial. Each blocksize has its own polynomial.
-     * for now only blocksizes 16 (=128 bits) and 8 (=64 bits) are defined */
+     * for now only blocksize 16 (=128 bits) is defined */
     switch (blocksize) {
     case 16: /* 128 bits */
 	ghash->poly = poly_128;
 	break;
-    case 8: /* 64 bits */
-	ghash->poly = poly_64;
-	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	goto cleanup;
     }
     ghash->cLen = 0;
     ghash->bufLen = 0;
     ghash->m = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -342,25 +337,22 @@ gcm_longs_to_bytes(const unsigned long *
 static SECStatus
 gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
 		    unsigned int blocksize)
 {
     PORT_Memset(ghash->X, 0, sizeof(ghash->X));
     PORT_Memset(ghash->H, 0, sizeof(ghash->H));
     gcm_bytes_to_longs(ghash->H, H, blocksize);
 
-    /* set the irreducible polynomial. Each blocksize has it's own polynommial
-     * for now only blocksizes 16 (=128 bits) and 8 (=64 bits) are defined */
+    /* set the irreducible polynomial. Each blocksize has its own polynommial
+     * for now only blocksize 16 (=128 bits) is defined */
     switch (blocksize) {
     case 16: /* 128 bits */
 	ghash->R = (unsigned long) 0x87; /* x^7 + x^2 + x +1 */
 	break;
-    case 8: /* 64 bits */
-	ghash->R = (unsigned long) 0x1b; /* x^4 + x^3 + x + 1 */
-	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	goto cleanup;
     }
     ghash->cLen = 0;
     ghash->bufLen = 0;
     ghash->m = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -608,17 +600,17 @@ GCM_CreateContext(void *context, freeblC
 		  const unsigned char *params, unsigned int blocksize)
 {
     GCMContext *gcm = NULL;
     gcmHashContext *ghash;
     unsigned char H[MAX_BLOCK_SIZE];
     unsigned int tmp;
     PRBool freeCtr = PR_FALSE;
     PRBool freeHash = PR_FALSE;
-    const CK_AES_GCM_PARAMS *gcmParams = (const CK_AES_GCM_PARAMS *)params;
+    const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     CK_AES_CTR_PARAMS ctrParams;
     SECStatus rv;
 
     if (blocksize > MAX_BLOCK_SIZE || blocksize > sizeof(ctrParams.cb)) {
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	return NULL;
     }
     gcm = PORT_ZNew(GCMContext);
@@ -636,20 +628,17 @@ GCM_CreateContext(void *context, freeblC
     if (rv != SECSuccess) {
 	goto loser;
     }
     freeHash = PR_TRUE;
 
     /* fill in the Counter context */
     ctrParams.ulCounterBits = 32;
     PORT_Memset(ctrParams.cb, 0, sizeof(ctrParams.cb));
-    if ((blocksize == 8) && (gcmParams->ulIvLen == 4)) {
-	ctrParams.cb[3] = 1;
-	PORT_Memcpy(&ctrParams.cb[4], gcmParams->pIv, gcmParams->ulIvLen);
-    } else if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
+    if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
 	PORT_Memcpy(ctrParams.cb, gcmParams->pIv, gcmParams->ulIvLen);
 	ctrParams.cb[blocksize-1] = 1;
     } else {
 	rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen,
 			    blocksize);
 	if (rv != SECSuccess) {
 	    goto loser;
 	}
--- a/security/nss/lib/freebl/pqg.c
+++ b/security/nss/lib/freebl/pqg.c
@@ -1,16 +1,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * PQG parameter generation/verification.  Based on FIPS 186-3.
  *
- * $Id: pqg.c,v 1.23 2012/09/25 23:38:38 wtc%google.com Exp $
+ * $Id: pqg.c,v 1.25 2012/10/11 00:18:23 rrelyea%redhat.com Exp $
  */
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 
 #include "prerr.h"
 #include "secerr.h"
 
@@ -68,17 +68,17 @@ int prime_testcount_q(int L, int N)
     return prime_testcount_p(L,N);
 }
 
 /*
  * generic function to make sure our input matches DSA2 requirements 
  * this gives us one place to go if we need to bump the requirements in the
  * future.
  */
-SECStatus static
+static SECStatus
 pqg_validate_dsa2(unsigned int L, unsigned int N)
 {
 
     switch (L) {
     case 1024:
 	if (N != DSA1_Q_BITS) {
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    return SECFailure;
@@ -98,16 +98,37 @@ pqg_validate_dsa2(unsigned int L, unsign
 	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
     return SECSuccess;
 }
 
+static unsigned int
+pqg_get_default_N(unsigned int L)
+{
+    unsigned int N = 0;
+    switch (L) {
+    case 1024:
+	N = DSA1_Q_BITS;
+	break;
+    case 2048:
+	N = 224;
+	break;
+    case 3072:
+	N = 256;
+	break;
+    default:
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	break; /* N already set to zero */
+    }
+    return N;
+}
+
 /*
  * Select the lowest hash algorithm usable
  */
 static HASH_HashType
 getFirstHash(unsigned int L, unsigned int N)
 {
     if (N < 224) {
 	return HASH_AlgSHA1;
@@ -216,17 +237,17 @@ PQG_Check(const PQGParams *params)
 	int j;
 
 	/* handle DSA1 pqg parameters with less thatn 1024 bits*/
 	if ( N != DSA1_Q_BITS ) {
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    return SECFailure;
 	}
 	j = PQG_PBITS_TO_INDEX(L);
-	if ( j >= 0 && j <= 8 ) {
+	if ( j < 0 ) { 
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    rv = SECFailure;
 	}
     } else {
 	/* handle DSA2 parameters (includes DSA1, 1024 bits) */
 	rv = pqg_validate_dsa2(L, N);
     }
     return rv;
@@ -1218,17 +1239,20 @@ pqg_ParamGen(unsigned int L, unsigned in
     unsigned int  maxCount;
     HASH_HashType hashtype;
     SECItem      *seed;     /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
     PRArenaPool  *arena  = NULL;
     PQGParams    *params = NULL;
     PQGVerify    *verify = NULL;
     PRBool passed;
     SECItem hit = { 0, 0, 0 };
-    mp_int P, Q, G, H, l;
+    SECItem firstseed = { 0, 0, 0 };
+    SECItem qseed = { 0, 0, 0 };
+    SECItem pseed = { 0, 0, 0 };
+    mp_int P, Q, G, H, l, p0;
     mp_err    err = MP_OKAY;
     SECStatus rv  = SECFailure;
     int iterations = 0;
 
 
     /* Step 1. L and N already checked by caller*/
     /* Step 2. if (seedlen < N) return INVALID; */
     if (seedBytes < N/BITS_PER_BYTE || !pParams || !pVfy) {
@@ -1266,21 +1290,23 @@ pqg_ParamGen(unsigned int L, unsigned in
     seed = &verify->seed;
     arena = NULL;
     /* Initialize bignums */
     MP_DIGITS(&P) = 0;
     MP_DIGITS(&Q) = 0;
     MP_DIGITS(&G) = 0;
     MP_DIGITS(&H) = 0;
     MP_DIGITS(&l) = 0;
+    MP_DIGITS(&p0) = 0;
     CHECK_MPI_OK( mp_init(&P) );
     CHECK_MPI_OK( mp_init(&Q) );
     CHECK_MPI_OK( mp_init(&G) );
     CHECK_MPI_OK( mp_init(&H) );
     CHECK_MPI_OK( mp_init(&l) );
+    CHECK_MPI_OK( mp_init(&p0) );
 
     /* Select Hash and Compute lengths. */
     /* getFirstHash gives us the smallest acceptable hash for this key
      * strength */
     hashtype = getFirstHash(L,N);
     outlen = HASH_ResultLen(hashtype)*BITS_PER_BYTE;
 
     /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
@@ -1309,21 +1335,58 @@ step_5:
     ** Step 7. (Step 3 in 186-1)
     ** "Form Q from U by setting the most signficant bit (the 2**159 bit) 
     **  and the least signficant bit to 1.  In terms of boolean operations,
     **  Q = U OR 2**159 OR 1.  Note that 2**159 < Q < 2**160. (186-1)"
     **
     ** "q = 2**(N-1) + U + 1 - (U mod 2) (186-3)
     **
     ** Note: Both formulations are the same for U < 2**(N-1) and N=160
+    **
+    ** If using Shawe-Taylor, We do the entire A.1.2.1.2 setps in the block
+    ** FIPS186_3_ST_TYPE. 
     */
     if (type == FIPS186_1_TYPE) {
 	CHECK_SEC_OK( makeQfromSeed(seedlen, seed, &Q) );
+    } else if (type == FIPS186_3_TYPE) {
+	CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
     } else {
-	CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
+	/* FIPS186_3_ST_TYPE */
+	int qgen_counter, pgen_counter;
+
+        /* Step 1 (L,N) already checked for acceptability */
+
+	firstseed = *seed;
+	qgen_counter = 0;
+	/* Step 2. Use N and firstseed to  generate random prime q
+	 * using Apendix C.6 */
+	CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q,
+		&qseed, &qgen_counter) );
+	/* Step 3. Use floor(L/2+1) and qseed to generate random prime p0
+	 * using Appendix C.6 */
+	pgen_counter = 0;
+	CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, (L+1)/2+1,
+			&qseed, &p0, &pseed, &pgen_counter) );
+	/* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
+	CHECK_SEC_OK( makePrimefromPrimesShaweTaylor(hashtype, L, 
+		&p0, &Q, &P, &pseed, &pgen_counter) );
+
+	/* combine all the seeds */
+	seed->len = firstseed.len +qseed.len + pseed.len;
+	seed->data = PORT_ArenaZAlloc(verify->arena, seed->len);
+	if (seed->data == NULL) {
+	    goto cleanup;
+	}
+	PORT_Memcpy(seed->data, firstseed.data, firstseed.len);
+	PORT_Memcpy(seed->data+firstseed.len, pseed.data, pseed.len);
+	PORT_Memcpy(seed->data+firstseed.len+pseed.len, qseed.data, qseed.len);
+	counter = 0 ; /* (qgen_counter << 16) | pgen_counter; */
+
+	/* we've generated both P and Q now, skip to generating G */
+	goto generate_G;
     }
     /* ******************************************************************
     ** Step 8. (Step 4 in 186-1)
     ** "Use a robust primality testing algorithm to test whether q is prime."
     **
     ** Appendix 2.1 states that a Rabin test with at least 50 iterations
     ** "will give an acceptable probability of error."
     */
@@ -1398,16 +1461,18 @@ step_11_9:
     /* ******************************************************************
     ** Step 12.  "goto step 5."
     **
     ** NOTE: if counter <= maxCount, then we exited the loop at Step 11.8
     ** and now need to return p,q, seed, and counter.
     */
     if (counter > maxCount) 
 	     goto step_5;
+
+generate_G:
     /* ******************************************************************
     ** returning p, q, seed and counter
     */
     if (type == FIPS186_1_TYPE) {
 	/* Generate g, This is called the "Unverifiable Generation of g
 	 * in FIPA186-3 Appedix A.2.1. For compatibility we maintain
 	 * this version of the code */
 	SECITEM_AllocItem(NULL, &hit, L/8); /* h is no longer than p */
@@ -1430,21 +1495,28 @@ step_11_9:
     /* All generation is done.  Now, save the PQG params.  */
     MPINT_TO_SECITEM(&P, &params->prime,    params->arena);
     MPINT_TO_SECITEM(&Q, &params->subPrime, params->arena);
     MPINT_TO_SECITEM(&G, &params->base,     params->arena);
     verify->counter = counter;
     *pParams = params;
     *pVfy = verify;
 cleanup:
+    if (pseed.data) {
+	PORT_Free(pseed.data);
+    }
+    if (qseed.data) {
+	PORT_Free(qseed.data);
+    }
     mp_clear(&P);
     mp_clear(&Q);
     mp_clear(&G);
     mp_clear(&H);
     mp_clear(&l);
+    mp_clear(&p0);
     if (err) {
 	MP_TO_SEC_ERROR(err);
 	rv = SECFailure;
     }
     if (rv) {
 	PORT_FreeArena(params->arena, PR_TRUE);
 	PORT_FreeArena(verify->arena, PR_TRUE);
     }
@@ -1484,21 +1556,28 @@ PQG_ParamGenSeedLen(unsigned int j, unsi
     return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
                         pParams, pVfy);
 }
 
 SECStatus
 PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
                     PQGParams **pParams, PQGVerify **pVfy)
 {
+    if (N == 0) {
+	N = pqg_get_default_N(L);
+    }
+    if (seedBytes == 0) {
+	/* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
+	seedBytes = N/8;
+    }
     if (pqg_validate_dsa2(L,N) != SECSuccess) {
 	/* error code already set */
 	return SECFailure;
     }
-    return pqg_ParamGen(L, N, FIPS186_3_TYPE, seedBytes, pParams, pVfy);
+    return pqg_ParamGen(L, N, FIPS186_3_ST_TYPE, seedBytes, pParams, pVfy);
 }
 
 
 /*
  * verify can use vfy structures returned from either FIPS186-1 or
  * FIPS186-2, and can handle differences in selected Hash functions to
  * generate the parameters.
  */
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -1,15 +1,15 @@
 /*
  * NSS utility functions
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nss.h,v 1.97 2012/09/21 21:58:44 wtc%google.com Exp $ */
+/* $Id: nss.h,v 1.99 2012/10/18 16:54:44 kaie%kuix.de Exp $ */
 
 #ifndef __nss_h_
 #define __nss_h_
 
 /* The private macro _NSS_ECC_STRING is for NSS internal use only. */
 #ifdef NSS_ENABLE_ECC
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
 #define _NSS_ECC_STRING " Extended ECC"
@@ -29,22 +29,22 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.14.0.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION  "3.14.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   14
 #define NSS_VPATCH   0
-#define NSS_VBUILD   0
-#define NSS_BETA     PR_TRUE
+#define NSS_VBUILD   1
+#define NSS_BETA     PR_FALSE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
 
 /*
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@@ -1,15 +1,15 @@
 /*
  * NSS utility functions
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nssinit.c,v 1.118 2012/09/21 21:58:44 wtc%google.com Exp $ */
+/* $Id: nssinit.c,v 1.119 2012/10/09 18:22:46 emaldona%redhat.com Exp $ */
 
 #include <ctype.h>
 #include <string.h>
 #include "seccomon.h"
 #include "prerror.h"
 #include "prinit.h"
 #include "prprf.h"
 #include "prmem.h"
@@ -631,25 +631,29 @@ nss_Init(const char *configdir, const ch
 	    passwordRequired = initParams->passwordRequired;
 	}
     } else {
 	configStrings = pk11_config_strings;
 	configName = pk11_config_name;
 	passwordRequired = pk11_password_required;
     }
 
-    /* we always try to initialize the modules */
-    rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
+    /* Skip the module init if we are already initted and we are trying
+     * to init with not noCertDB and noModDB */
+    if (!(isReallyInitted && noCertDB && noModDB)) {
+	/* we always try to initialize the modules */
+	rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
 		updateDir, updCertPrefix, updKeyPrefix, updateID, 
 		updateName, configName, configStrings, passwordRequired,
 		readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, 
 		(initContextPtr != NULL));
 
-    if (rv != SECSuccess) {
-	goto loser;
+	if (rv != SECSuccess) {
+	    goto loser;
+	}
     }
 
 
     /* finish up initialization */
     if (!isReallyInitted) {
 	if (SECOID_Init() != SECSuccess) {
 	    goto loser;
 	}
@@ -912,16 +916,22 @@ nss_GetShutdownEntry(NSS_ShutdownFunc sF
 /*
  * register a callback to be called when NSS shuts down
  */
 SECStatus
 NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
 {
     int i;
 
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
+
     PZ_Lock(nssInitLock);
     if (!NSS_IsInitialized()) {
 	PZ_Unlock(nssInitLock);
 	PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
 	return SECFailure;
     }
     PZ_Unlock(nssInitLock);
     if (sFunc == NULL) {
@@ -970,16 +980,21 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
 /*
  * unregister a callback so it won't get called on shutdown.
  */
 SECStatus
 NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
 {
     int i;
 
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
     PZ_Lock(nssInitLock);
     if (!NSS_IsInitialized()) {
 	PZ_Unlock(nssInitLock);
 	PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
 	return SECFailure;
     }
     PZ_Unlock(nssInitLock);
 
@@ -1108,16 +1123,21 @@ nss_Shutdown(void)
     }
     return shutdownRV;
 }
 
 SECStatus
 NSS_Shutdown(void)
 {
     SECStatus rv;
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
     PZ_Lock(nssInitLock);
 
     if (!nssIsInitted) {
 	PZ_Unlock(nssInitLock);
 	PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
 	return SECFailure;
     }
 
@@ -1160,16 +1180,21 @@ nss_RemoveList(NSSInitContext *context) 
  * This is different than NSS_Shutdown, where calling it will shutdown NSS
  * irreguardless of who else may have NSS open.
  */
 SECStatus
 NSS_ShutdownContext(NSSInitContext *context)
 {
     SECStatus rv = SECSuccess;
 
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */ 
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+	return SECFailure;
+    }
     PZ_Lock(nssInitLock);
     /* If one or more threads are in the middle of init, wait for them
      * to complete */
     while (nssIsInInit) {
 	PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT);
     }
 
     /* OK, we are the only thread now either initializing or shutting down */
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -420,22 +420,24 @@ sftk_InitGeneric(SFTKSession *session,SF
     /* allocate the context structure */
     context = (SFTKSessionContext *)PORT_Alloc(sizeof(SFTKSessionContext));
     if (context == NULL) {
 	if (key) sftk_FreeObject(key);
 	return CKR_HOST_MEMORY;
     }
     context->type = ctype;
     context->multi = PR_TRUE;
+    context->rsa = PR_FALSE;
     context->cipherInfo = NULL;
     context->hashInfo = NULL;
     context->doPad = PR_FALSE;
     context->padDataLength = 0;
     context->key = key;
     context->blockSize = 0;
+    context->maxLen = 0;
 
     *contextPtr = context;
     return CKR_OK;
 }
 
 static int
 sftk_aes_mode(CK_MECHANISM_TYPE mechanism)
 {
@@ -502,16 +504,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
     switch(pMechanism->mechanism) {
     case CKM_RSA_PKCS:
     case CKM_RSA_X_509:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	context->multi = PR_FALSE;
+	context->rsa = PR_TRUE;
 	if (isEncrypt) {
 	    NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key,CKK_RSA,&crv);
 	    if (pubKey == NULL) {
 		break;
 	    }
 	    context->maxLen = nsslowkey_PublicModulusLen(pubKey);
 	    context->cipherInfo =  (void *)pubKey;
 	    context->update = (SFTKCipher) 
@@ -767,16 +770,19 @@ finish_des:
 	context->doPad = PR_TRUE;
 	/* fall thru */
     case CKM_AES_ECB:
     case CKM_AES_CBC:
 	context->blockSize = 16;
     case CKM_AES_CTS:
     case CKM_AES_CTR:
     case CKM_AES_GCM:
+	if (pMechanism->mechanism == CKM_AES_GCM) {
+	    context->multi = PR_FALSE;
+	}
 	if (key_type != CKK_AES) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	att = sftk_FindAttribute(key,CKA_VALUE);
 	if (att == NULL) {
 	    crv = CKR_KEY_HANDLE_INVALID;
 	    break;
@@ -997,18 +1003,18 @@ CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSe
 
     CHECK_FORK();
 
     /* make sure we're legal */
     crv = sftk_GetContext(hSession,&context,SFTK_ENCRYPT,PR_FALSE,&session);
     if (crv != CKR_OK) return crv;
 
     if (!pEncryptedData) {
-	*pulEncryptedDataLen = context->multi ? 
-		ulDataLen + 2 * context->blockSize : context->maxLen;
+	*pulEncryptedDataLen = context->rsa ? context->maxLen :
+		ulDataLen + 2 * context->blockSize;
 	goto finish;
     }
 
     if (context->doPad) {
 	if (context->multi) {
 	    CK_ULONG finalLen;
 	    /* padding is fairly complicated, have the update and final 
 	     * code deal with it */
@@ -2010,16 +2016,17 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
 	goto finish_rsa;
     case CKM_RSA_X_509:
 	context->update = (SFTKCipher)  RSA_SignRaw;
 finish_rsa:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
+	context->rsa = PR_TRUE;
 	privKey = sftk_GetPrivKey(key,CKK_RSA,&crv);
 	if (privKey == NULL) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	/* OK, info is allocated only if we're doing hash and sign mechanism.
 	 * It's necessary to be able to set the correct OID in the final 
 	 * signature.
@@ -2034,16 +2041,17 @@ finish_rsa:
 	}
 	context->maxLen = nsslowkey_PrivateModulusLen(privKey);
 	break;
     case CKM_RSA_PKCS_PSS:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	} 
+	context->rsa = PR_TRUE;
 	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) {
 	    crv = CKR_MECHANISM_PARAM_INVALID;
 	    break;
 	}
 	info = PORT_New(SFTKHashSignInfo);
 	if (info == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
@@ -2527,16 +2535,17 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
     case CKM_RSA_X_509:
 	context->verify = (SFTKVerify) RSA_CheckSignRaw;
 finish_rsa:
 	if (key_type != CKK_RSA) {
 	    if (info) PORT_Free(info);
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
+	context->rsa = PR_TRUE;
 	pubKey = sftk_GetPubKey(key,CKK_RSA,&crv);
 	if (pubKey == NULL) {
 	    if (info) PORT_Free(info);
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	if (info) {
 	    info->key = pubKey;
@@ -2547,16 +2556,17 @@ finish_rsa:
 	    context->destroy = sftk_Null;
 	}
 	break;
     case CKM_RSA_PKCS_PSS:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	} 
+	context->rsa = PR_TRUE;
 	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) {
 	    crv = CKR_MECHANISM_PARAM_INVALID;
 	    break;
 	}
 	info = PORT_New(SFTKHashVerifyInfo);
 	if (info == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
@@ -2776,16 +2786,17 @@ CK_RV NSC_VerifyRecoverInit(CK_SESSION_H
     switch(pMechanism->mechanism) {
     case CKM_RSA_PKCS:
     case CKM_RSA_X_509:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	context->multi = PR_FALSE;
+	context->rsa = PR_TRUE;
 	pubKey = sftk_GetPubKey(key,CKK_RSA,&crv);
 	if (pubKey == NULL) {
 	    break;
 	}
 	context->cipherInfo = pubKey;
 	context->update = (SFTKCipher) (pMechanism->mechanism == CKM_RSA_X_509
 			? RSA_CheckSignRecoverRaw : RSA_CheckSignRecover);
 	context->destroy = sftk_Null;
--- a/security/nss/lib/softoken/pkcs11i.h
+++ b/security/nss/lib/softoken/pkcs11i.h
@@ -244,16 +244,17 @@ typedef enum {
  *      multi=1 hashInfo=0   block (symmetric) cipher MACing
  *      multi=1 hashInfo=X   PKC S/V with prior hashing
  *      multi=0 hashInfo=0   PKC S/V one shot (w/o hashing)
  *      multi=0 hashInfo=X   *** shouldn't happen ***
  */
 struct SFTKSessionContextStr {
     SFTKContextType	type;
     PRBool		multi; 		/* is multipart */
+    PRBool		rsa; 		/* is rsa */
     PRBool		doPad; 		/* use PKCS padding for block ciphers */
     unsigned int	blockSize; 	/* blocksize for padding */
     unsigned int	padDataLength; 	/* length of the valid data in padbuf */
     /** latest incomplete block of data for block cipher */
     unsigned char	padBuf[SFTK_MAX_BLOCK_SIZE];
     /** result of MAC'ing of latest full block of data with block cipher */
     unsigned char	macBuf[SFTK_MAX_BLOCK_SIZE];
     CK_ULONG		macSize;	/* size of a general block cipher mac*/
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.14.0.0" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION  "3.14.0.1" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   14
 #define SOFTOKEN_VPATCH   0
-#define SOFTOKEN_VBUILD   0
-#define SOFTOKEN_BETA     PR_TRUE
+#define SOFTOKEN_VBUILD   1
+#define SOFTOKEN_BETA     PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,22 +14,22 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.14.0.0 Beta"
+#define NSSUTIL_VERSION  "3.14.0.1"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   14
 #define NSSUTIL_VPATCH   0
-#define NSSUTIL_VBUILD   0
-#define NSSUTIL_BETA     PR_TRUE
+#define NSSUTIL_VBUILD   1
+#define NSSUTIL_BETA     PR_FALSE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */
 extern const char *NSSUTIL_GetVersion(void);
 
--- a/security/nss/lib/util/pkcs11t.h
+++ b/security/nss/lib/util/pkcs11t.h
@@ -1490,43 +1490,46 @@ typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS C
 typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
   CK_BYTE      iv[16];
   CK_BYTE_PTR  pData;
   CK_ULONG     length;
 } CK_AES_CBC_ENCRYPT_DATA_PARAMS;
 
 typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
 
+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
 typedef struct CK_AES_CTR_PARAMS {
   CK_ULONG     ulCounterBits;
   CK_BYTE      cb[16];
 } CK_AES_CTR_PARAMS;
 
 typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
 
-typedef struct CK_AES_GCM_PARAMS {
+/* CK_GCM_PARAMS is new for version 2.30 */
+typedef struct CK_GCM_PARAMS {
   CK_BYTE_PTR  pIv;
   CK_ULONG     ulIvLen;
   CK_BYTE_PTR  pAAD;
   CK_ULONG     ulAADLen;
   CK_ULONG     ulTagBits;
-} CK_AES_GCM_PARAMS;
+} CK_GCM_PARAMS;
 
-typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR;
+typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
 
-typedef struct CK_AES_CCM_PARAMS {
+/* CK_CCM_PARAMS is new for version 2.30 */
+typedef struct CK_CCM_PARAMS {
   CK_ULONG     ulDataLen;
   CK_BYTE_PTR  pNonce;
   CK_ULONG     ulNonceLen;
   CK_BYTE_PTR  pAAD;
   CK_ULONG     ulAADLen;
   CK_ULONG     ulMACLen;
-} CK_AES_CCM_PARAMS;
+} CK_CCM_PARAMS;
 
-typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR;
+typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
 
 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
  * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
 typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
   CK_ULONG      ulPasswordLen;
   CK_BYTE_PTR   pPassword;
   CK_ULONG      ulPublicDataLen;
--- a/security/nss/lib/util/utilmod.c
+++ b/security/nss/lib/util/utilmod.c
@@ -13,17 +13,18 @@
  *
  * Each SFTKDBHandle points to a low level database handle (SDB). This handle
  * represents the underlying physical database. These objects are not 
  * reference counted, and are 'owned' by their respective SFTKDBHandles.
  */
 
 #include "prprf.h" 
 #include "prsystem.h"
-#include "lgglue.h"
+#include "pkcs11t.h"
+#include "secitem.h"
 #include "utilpars.h" 
 #include "secerr.h"
 #if defined (_WIN32)
 #include <io.h>
 #endif
 
 /****************************************************************
  *
--- a/security/nss/tests/cipher/performance.sh
+++ b/security/nss/tests/cipher/performance.sh
@@ -99,16 +99,17 @@ if [ $TESTSET = "all" -o $TESTSET = "dsa
 
 while read mode keysize bufsize reps cxreps
 do
     if [ $mode != "#" ]; then
 	echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
 	${BINDIR}/bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${DSAPERFOUT}
 	mv "tmp.in.0" "$mode.in"
 	mv tmp.key $mode.key
+	rm -f $mode.out
 	echo "bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
 	${BINDIR}/bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
 	echo "bltest -V -m $mode -f ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -i ${CIPHERDIR}/$mode.in -o ${CIPHERDIR}/$mode.out"
 	${BINDIR}/bltest -V -m $mode -f ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -i ${CIPHERDIR}/$mode.in -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
     fi
 done < ${DSATESTS} 
 
 echo "<TABLE BORDER=1><TR><TH COLSPAN=6>DSA Cipher Performance</TH></TR>" >> ${PERFRESULTS}
new file mode 100644
--- /dev/null
+++ b/security/nss/tests/lowhash/lowhash.sh
@@ -0,0 +1,92 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+# mozilla/security/nss/tests/lowhash/lowhash.sh
+#
+# Script to test basic functionallity of the NSSLoHash API
+#
+# included from 
+# --------------
+#   all.sh
+#
+# needs to work on all Linux platforms
+#
+# tests implemented:
+# lowash (verify encryption cert - bugzilla bug 119059)
+#
+# special strings
+# ---------------
+#
+########################################################################
+
+errors=0
+
+############################## lowhash_init ##############################
+# local shell function to initialize this script 
+########################################################################
+lowhash_init()
+{
+  SCRIPTNAME=lowhash.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  LOWHASHDIR=../lowhash
+  mkdir -p ${LOWHASHDIR}
+  html_head "Lowhash Tests"
+  cd ${LOWHASHDIR}
+}
+
+############################## lowhash_test ##############################
+# local shell function to test basic the NSS Low Hash API both in
+# FIPS 140 compliant mode and not
+########################################################################
+lowhash_test()
+{
+  if [ ! -f ${BINDIR}/lowhashtest -a  \
+       ! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then
+    echo "freebl lowhash not supported in this plaform."
+  else
+    TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+    OLD_MODE=`echo ${NSS_FIPS}`
+    for fips_mode in 0 1; do
+      echo "lowhashtest with fips mode=${mode}"
+      export NSS_FIPS=${fips_mode}
+      for TEST in ${TESTS}
+      do
+        echo "lowhashtest ${TEST}"
+        ${BINDIR}/lowhashtest ${TEST} 2>&1
+        RESULT=$?
+        html_msg ${RESULT} 0 "lowhashtest with fips mode=${mode} for ${TEST}"
+      done
+    done
+    export NSS_FIPS=${OLD_MODE}
+  fi
+}
+
+############################## lowhash_cleanup ############################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+lowhash_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+lowhash_init
+lowhash_test
+lowhash_cleanup
+echo "lowhash.sh done"