Bug, 1048876, Update Mozilla 32 to use NSS 3.16.4, a=lmandel
authorKai Engert <kaie@kuix.de>
Wed, 06 Aug 2014 20:22:33 +0200
changeset 208249 22589028e561
parent 208248 adb28e85421f
child 208250 3315c53c4bb7
push id3789
push userkaie@kuix.de
push date2014-08-06 18:22 +0000
treeherdermozilla-beta@22589028e561 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerslmandel
bugs1048876
milestone32.0
Bug, 1048876, Update Mozilla 32 to use NSS 3.16.4, a=lmandel
security/nss/TAG-INFO
security/nss/coreconf/coreconf.dep
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
security/nss/lib/nss/nss.h
security/nss/lib/softoken/softkver.h
security/nss/lib/util/nssutil.h
security/nss/tests/libpkix/certs/PayPalEE.cert
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_16_3_RTM
+NSS_3_16_4_RTM
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -65,16 +65,135 @@
 BEGINDATA
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Mozilla Builtin Roots"
 
 #
+# Certificate "GTE CyberTrust Global Root"
+#
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number: 421 (0x1a5)
+# Subject: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Not Valid Before: Thu Aug 13 00:29:00 1998
+# Not Valid After : Mon Aug 13 23:59:00 2018
+# Fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+# Fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTE CyberTrust Global Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\001\245
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\132\060\202\001\303\002\002\001\245\060\015\006\011
+\052\206\110\206\367\015\001\001\004\005\000\060\165\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\030\060\026\006\003
+\125\004\012\023\017\107\124\105\040\103\157\162\160\157\162\141
+\164\151\157\156\061\047\060\045\006\003\125\004\013\023\036\107
+\124\105\040\103\171\142\145\162\124\162\165\163\164\040\123\157
+\154\165\164\151\157\156\163\054\040\111\156\143\056\061\043\060
+\041\006\003\125\004\003\023\032\107\124\105\040\103\171\142\145
+\162\124\162\165\163\164\040\107\154\157\142\141\154\040\122\157
+\157\164\060\036\027\015\071\070\060\070\061\063\060\060\062\071
+\060\060\132\027\015\061\070\060\070\061\063\062\063\065\071\060
+\060\132\060\165\061\013\060\011\006\003\125\004\006\023\002\125
+\123\061\030\060\026\006\003\125\004\012\023\017\107\124\105\040
+\103\157\162\160\157\162\141\164\151\157\156\061\047\060\045\006
+\003\125\004\013\023\036\107\124\105\040\103\171\142\145\162\124
+\162\165\163\164\040\123\157\154\165\164\151\157\156\163\054\040
+\111\156\143\056\061\043\060\041\006\003\125\004\003\023\032\107
+\124\105\040\103\171\142\145\162\124\162\165\163\164\040\107\154
+\157\142\141\154\040\122\157\157\164\060\201\237\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
+\201\211\002\201\201\000\225\017\240\266\360\120\234\350\172\307
+\210\315\335\027\016\056\260\224\320\033\075\016\366\224\300\212
+\224\307\006\310\220\227\310\270\144\032\172\176\154\074\123\341
+\067\050\163\140\177\262\227\123\007\237\123\371\155\130\224\322
+\257\215\155\210\147\200\346\355\262\225\317\162\061\312\245\034
+\162\272\134\002\347\144\102\347\371\251\054\326\072\015\254\215
+\102\252\044\001\071\346\234\077\001\205\127\015\130\207\105\370
+\323\205\252\223\151\046\205\160\110\200\077\022\025\307\171\264
+\037\005\057\073\142\231\002\003\001\000\001\060\015\006\011\052
+\206\110\206\367\015\001\001\004\005\000\003\201\201\000\155\353
+\033\011\351\136\331\121\333\147\042\141\244\052\074\110\167\343
+\240\174\246\336\163\242\024\003\205\075\373\253\016\060\305\203
+\026\063\201\023\010\236\173\064\116\337\100\310\164\327\271\175
+\334\364\166\125\175\233\143\124\030\351\360\352\363\134\261\331
+\213\102\036\271\300\225\116\272\372\325\342\174\365\150\141\277
+\216\354\005\227\137\133\260\327\243\205\064\304\044\247\015\017
+\225\223\357\313\224\330\236\037\235\134\205\155\307\252\256\117
+\037\042\265\315\225\255\272\247\314\371\253\013\172\177
+END
+
+# Trust for Certificate "GTE CyberTrust Global Root"
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number: 421 (0x1a5)
+# Subject: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Not Valid Before: Thu Aug 13 00:29:00 1998
+# Not Valid After : Mon Aug 13 23:59:00 2018
+# Fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+# Fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTE CyberTrust Global Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\227\201\171\120\330\034\226\160\314\064\330\011\317\171\104\061
+\066\176\364\164
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\312\075\323\150\361\003\134\320\062\372\270\053\131\350\132\333
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\001\245
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Thawte Server CA"
 #
 # Issuer: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
 # Serial Number: 1 (0x1)
 # Subject: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
 # Not Valid Before: Thu Aug 01 00:00:00 1996
 # Not Valid After : Thu Dec 31 23:59:59 2020
 # Fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
@@ -29869,8 +29988,166 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\020\120\160\153\315\330\023\374\033\116\073\063\162\322\021
 \110\215
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "USERTrust-temporary-intermediate-after-1024bit-removal"
+#
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number:5d:20:61:8e:8c:0e:b9:34:40:93:b9:b1:d8:63:95:b6
+# Subject: CN=USERTrust Legacy Secure Server CA,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Tue Aug 05 00:00:00 2014
+# Not Valid After : Sun Nov 01 23:59:59 2015
+# Fingerprint (SHA-256): 92:96:6E:83:44:D2:FB:3A:28:0E:B8:60:4D:81:40:77:4C:E1:A0:57:C5:82:BE:BC:83:4D:03:02:E8:59:BC:43
+# Fingerprint (SHA1): 7C:2F:91:E2:BB:96:68:A9:C6:F6:BD:10:19:2C:6B:52:5A:1B:BA:48
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust-temporary-intermediate-after-1024bit-removal"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\052\060\050\006\003\125\004\003\023\041
+\125\123\105\122\124\162\165\163\164\040\114\145\147\141\143\171
+\040\123\145\143\165\162\145\040\123\145\162\166\145\162\040\103
+\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\135\040\141\216\214\016\271\064\100\223\271\261\330\143
+\225\266
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\231\060\202\003\201\240\003\002\001\002\002\020\135
+\040\141\216\214\016\271\064\100\223\271\261\330\143\225\266\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\157
+\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024\060
+\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163\164
+\040\101\102\061\046\060\044\006\003\125\004\013\023\035\101\144
+\144\124\162\165\163\164\040\105\170\164\145\162\156\141\154\040
+\124\124\120\040\116\145\164\167\157\162\153\061\042\060\040\006
+\003\125\004\003\023\031\101\144\144\124\162\165\163\164\040\105
+\170\164\145\162\156\141\154\040\103\101\040\122\157\157\164\060
+\036\027\015\061\064\060\070\060\065\060\060\060\060\060\060\132
+\027\015\061\065\061\061\060\061\062\063\065\071\065\071\132\060
+\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\052\060\050\006\003\125\004\003\023\041\125
+\123\105\122\124\162\165\163\164\040\114\145\147\141\143\171\040
+\123\145\143\165\162\145\040\123\145\162\166\145\162\040\103\101
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\331\115\040\072\346\051\060\206\362\351\206\211\166\064\116
+\150\037\226\104\367\321\371\326\202\116\246\070\236\356\313\133
+\341\216\056\275\362\127\200\375\311\077\374\220\163\104\274\217
+\273\127\133\345\055\037\024\060\165\066\365\177\274\317\126\364
+\177\201\377\256\221\315\330\322\152\313\227\371\367\315\220\152
+\105\055\304\273\244\205\023\150\127\137\357\051\272\052\312\352
+\365\314\244\004\233\143\315\000\353\375\355\215\335\043\306\173
+\036\127\035\066\177\037\010\232\015\141\333\132\154\161\002\123
+\050\302\372\215\375\253\273\263\361\215\164\113\337\275\275\314
+\006\223\143\011\225\302\020\172\235\045\220\062\235\001\302\071
+\123\260\340\025\153\307\327\164\345\244\042\233\344\224\377\204
+\221\373\055\263\031\103\055\223\017\234\022\011\344\147\271\047
+\172\062\255\172\052\314\101\130\300\156\131\137\356\070\053\027
+\042\234\211\372\156\347\345\127\065\364\132\355\222\225\223\055
+\371\314\044\077\245\034\075\047\275\042\003\163\314\365\312\363
+\251\364\334\376\317\351\320\134\320\017\253\207\374\203\375\310
+\251\002\003\001\000\001\243\202\001\037\060\202\001\033\060\037
+\006\003\125\035\043\004\030\060\026\200\024\255\275\230\172\064
+\264\046\367\372\304\046\124\357\003\275\340\044\313\124\032\060
+\035\006\003\125\035\016\004\026\004\024\257\244\100\257\237\026
+\376\253\061\375\373\325\227\213\365\221\243\044\206\026\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\022
+\006\003\125\035\023\001\001\377\004\010\060\006\001\001\377\002
+\001\000\060\035\006\003\125\035\045\004\026\060\024\006\010\053
+\006\001\005\005\007\003\001\006\010\053\006\001\005\005\007\003
+\002\060\031\006\003\125\035\040\004\022\060\020\060\016\006\014
+\053\006\001\004\001\262\061\001\002\001\003\004\060\104\006\003
+\125\035\037\004\075\060\073\060\071\240\067\240\065\206\063\150
+\164\164\160\072\057\057\143\162\154\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\057\101\144\144\124\162\165\163\164
+\105\170\164\145\162\156\141\154\103\101\122\157\157\164\056\143
+\162\154\060\065\006\010\053\006\001\005\005\007\001\001\004\051
+\060\047\060\045\006\010\053\006\001\005\005\007\060\001\206\031
+\150\164\164\160\072\057\057\157\143\163\160\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\204\256\055
+\150\070\021\154\203\121\142\300\221\302\230\274\306\073\372\245
+\305\275\073\011\346\156\140\157\060\003\206\042\032\262\213\363
+\306\316\036\273\033\171\340\026\024\115\322\232\005\113\377\217
+\354\360\050\051\352\052\004\035\075\257\021\022\325\111\230\120
+\102\237\141\146\072\266\100\231\004\014\153\020\062\351\367\317
+\206\130\117\055\315\323\254\176\350\133\152\203\174\015\240\234
+\134\120\066\165\015\155\176\102\267\337\246\334\220\134\157\043
+\116\227\035\363\042\165\277\003\065\346\135\177\307\371\233\054
+\207\366\216\326\045\226\131\235\317\352\020\036\357\156\352\132
+\233\167\030\064\314\201\167\257\232\207\302\012\345\345\236\023
+\225\123\275\275\111\032\245\166\022\366\334\362\221\267\351\032
+\341\274\115\075\225\161\175\370\215\174\076\003\117\123\355\376
+\122\375\312\137\223\341\032\001\033\002\267\163\116\272\146\351
+\170\213\120\376\021\313\321\147\320\042\117\167\352\315\024\025
+\100\256\146\135\350\056\177\036\210\157\125\171\326\271\176\343
+\265\375\221\240\300\362\046\207\113\057\235\365\240
+END
+
+# Trust for "USERTrust-temporary-intermediate-after-1024bit-removal"
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number:5d:20:61:8e:8c:0e:b9:34:40:93:b9:b1:d8:63:95:b6
+# Subject: CN=USERTrust Legacy Secure Server CA,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Tue Aug 05 00:00:00 2014
+# Not Valid After : Sun Nov 01 23:59:59 2015
+# Fingerprint (SHA-256): 92:96:6E:83:44:D2:FB:3A:28:0E:B8:60:4D:81:40:77:4C:E1:A0:57:C5:82:BE:BC:83:4D:03:02:E8:59:BC:43
+# Fingerprint (SHA1): 7C:2F:91:E2:BB:96:68:A9:C6:F6:BD:10:19:2C:6B:52:5A:1B:BA:48
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust-temporary-intermediate-after-1024bit-removal"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\174\057\221\342\273\226\150\251\306\366\275\020\031\054\153\122
+\132\033\272\110
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\131\153\146\214\004\251\341\013\017\356\105\245\220\044\037\016
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\135\040\141\216\214\016\271\064\100\223\271\261\330\143
+\225\266
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -40,18 +40,18 @@
  *     ...
  *   - NSS 3.29 branch: 250-255
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 0
-#define NSS_BUILTINS_LIBRARY_VERSION "2.0"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1
+#define NSS_BUILTINS_LIBRARY_VERSION "2.1"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm
+++ b/security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm
@@ -7858,23 +7858,23 @@ s_mp_sqr_comba_4 PROC
 
         push rdi
         push rsi
 
         mov rdi, rcx
         mov rsi, rdx
 
         push rbp
+        push rbx
         sub rsp, 80
         mov r11, rsi
         xor esi, esi
         mov r10, rsi
         mov rbp, rsi
         mov r8, rsi
-        push rbx
         mov rbx, rsi
         mov rcx, qword ptr [16+rdi]
         mov rdi, rsi
         mov rax, qword ptr [rcx]
         mul rax
         add r10, rax
         adc rbx, rdx
         adc rdi, 0
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
@@ -117,17 +117,17 @@ pkix_pl_CrlDp_Create(
             issuerName = &dp->crlIssuer->name.directoryName;
         } else {
             issuerName = certIssuerName;
         }
         rdnArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
         if (!rdnArena) {
             PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
         }
-        issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName*);
+        issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName);
         if (!issuerNameCopy) {
             PKIX_ERROR(PKIX_ALLOCERROR);
         }
         rv = CERT_CopyName(rdnArena, issuerNameCopy, (CERTName*)issuerName);
         if (rv == SECFailure) {
             PKIX_ERROR(PKIX_ALLOCERROR);
         }
         rv = CERT_AddRDN(issuerNameCopy, (CERTRDN*)relName);
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -28,20 +28,20 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.16.3" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION  "3.16.4" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   16
-#define NSS_VPATCH   3
+#define NSS_VPATCH   4
 #define NSS_VBUILD   0
 #define NSS_BETA     PR_FALSE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.16.3" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION  "3.16.4" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   16
-#define SOFTOKEN_VPATCH   3
+#define SOFTOKEN_VPATCH   4
 #define SOFTOKEN_VBUILD   0
 #define SOFTOKEN_BETA     PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,20 +14,20 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.16.3"
+#define NSSUTIL_VERSION  "3.16.4"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   16
-#define NSSUTIL_VPATCH   3
+#define NSSUTIL_VPATCH   4
 #define NSSUTIL_VBUILD   0
 #define NSSUTIL_BETA     PR_FALSE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */
index 17eaa64bcb10941a38b71bb13e210687b13a62d2..32b46fcebaa22bc99e6d20fd5fef2447ffc7480a
GIT binary patch
literal 1548
zc$|GyeM}Q~818+v^ut2SRXUZ*MZ~$H<#+v1E2tp|q9|Z07WwpOD^&WmyF;j8#41(C
z7G}^Hj8i6}n~v#-y2;oCHX!PB&VeS2x;QZECeeuEqD*(!2?4Y0{<`OVpZ9t1_q^}#
zfKMO<KJ-yN0z)t?6YBd-J@bpqktbe!sk@w50i*(v+Mn!yCWRnAp9i+I5E38~AQ`9t
zgELHo5=`WP7z<u)qwFSop=%bt)Me2S5kSQyBv{x;0$)Xy&<vhxV@lmrF%b)l{}QyT
zY?PD6-RtlY+J=)1Uc@jSdVWkyX=$lu16xe9#Ttv-8AEwUe5U0cFo)0sEmw?S(WB}K
z4w9yE9iCXm*j!ed6<<v{>{gPoyIr`+v>Z=}2UC?&wo*?RK;X$@p#iW`TAjgYFlGTC
zBqA^%7f7N75DNL`#=#I0IOQau92<l&;bNPEEF~!$p#oF5FA2dE>6Co~$=L8Ts*rTq
zHwHQrG7!wA`B;z+5PI#Lx#R8Qy0Jj65E~7Ij+m_lT4E$9#KZ~g5!SgWmz^Z!AcPAB
zDTF4{g)ei{HX;ltxR6L8)v{H1Do(KWniygtzydQ-Oh_la>7?WJL=+%2V7Nk(us9Vr
zm3TaEiWwOoq6p^f_K;o=>EO&}&6qZJ_z<6m_@EFT8yCYq2;zPBMbe5om(yWL*`b~H
z&5bLfJy-Vi&$)Y0eDd-2tDpdhXzF_6lx=(Fozlv*ecI=H*(0viEJz8R-qe(zI}m<8
z+>Mq0-X4{jl%E!>$-3B{b;|csQ-kfEUw3*yRaSSjyZ5<F^Fp2)nJM^a`@1D8>GwmP
zT&Sqo73IZloP2ak7z9bIKbqHv`U{i`bI%qm$Sha8hK_)Ec=&;p()IQ(Dt7K2Y$wmn
zi#;B{q^AS99=pc;@$FC4*UIi~&0TQwSg!K#-Pi7Hd<a{*8oFj@>x9)$8<A5lAFGa^
z%RBIOnGugJBGdZo9v|yik&=9|s6)2s`M#FU^`@F>gV)aw9PWh?hzB+Jpfju^&7hDq
zQ6)#$f;`_FM*2dF>@?%1yklb%m~qH576mg-dOVlKwgS={7z?*NDh!1IFR)pv5D0pO
zq6o~d4_r7^6w0lIkX=?jKL~+F-(awgOXFxh$OYK~$y$Fh<o_!X3Q`Kdau7MfgP}0x
z$o;cwXs^>!5V(344-KM5Nidi+`9Epw4FwTgpGfpA5LT%eelNY{z}cv*@{FpqJv>Xz
z{mkM75X})H(CJ_r!0V^hhx;dUQmhh9j*()4g>nG%NK*(xQ@~PI{WS)V9~)n14Hz_I
zlmP#aF!RQb4dGULgYdX@=!v9%%eQNq7aksdij<&h)}MYEs#l}?cV4=9JI;X{d;W00
zt>0V_o=C}!ZHdR!hMY5kKH<?C;fcy-+2zKW+2Knw<bM{cE89f_J}UXbr0P5R-ErwN
zN{c63THKbOGY6toUmbO!QFY(%Mm~HHvb=Vy!QbcECXKs%BDHeaFS{0H=wc!Yx5tPM
z#ka|p&H7<Sy}NeS!+BT9?gxW&H=Wlu=1ffvu5v6<Z|(wl9YdO%eJehH^)Pux_ey4o
zHc4`6qc}Ia^Me6p>n&01{o2nes`l?VvbFWvod~|{x8}4%oqKuJ=5FcTZnJs&ChTBN
R&a=Twyq(gjeTO{1{sRD!^vVDL