Fix for 164744 - fix for pk12util to export multiple certs

13 files changed, 1165 insertions, 55 deletions

diff --git a/security/dbm/Makefile b/security/dbm/Makefile
new file mode 100644
index 000000000..34cd6d899
--- /dev/null
+++ b/security/dbm/Makefile
@@ -0,0 +1,80 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+coreconf_hack:
+	cd ../coreconf; gmake
+	gmake import
+
+RelEng_bld: coreconf_hack
+	gmake
diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk
new file mode 100644
index 000000000..753364931
--- /dev/null
+++ b/security/dbm/config/config.mk
@@ -0,0 +1,67 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#
+# These macros are defined by mozilla's configure script.
+# We define them manually here.
+#
+
+DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR
+
+#
+# Most platforms have snprintf, so it's simpler to list the exceptions.
+#
+HAVE_SNPRINTF = 1
+#
+# OSF1 V4.0D doesn't have snprintf but V5.0A does.
+#
+ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D)
+HAVE_SNPRINTF =
+endif
+ifdef HAVE_SNPRINTF
+DEFINES += -DHAVE_SNPRINTF
+endif
+
+ifeq (,$(filter-out IRIX Linux,$(OS_TARGET)))
+DEFINES += -DHAVE_SYS_CDEFS_H
+endif
+
+ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET)))
+DEFINES += -DHAVE_SYS_BYTEORDER_H
+endif
+
+#
+# None of the platforms that we are interested in need to
+# define HAVE_MEMORY_H.
+#
diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile
new file mode 100644
index 000000000..ba4dd8ddf
--- /dev/null
+++ b/security/dbm/include/Makefile
@@ -0,0 +1,76 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn
new file mode 100644
index 000000000..886fedd98
--- /dev/null
+++ b/security/dbm/include/manifest.mn
@@ -0,0 +1,57 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../..
+
+VPATH  = $(CORE_DEPTH)/../dbm/include
+
+MODULE = dbm
+
+EXPORTS =	nsres.h   \
+		cdefs.h   \
+		mcom_db.h \
+		ncompat.h \
+		winfile.h \
+		$(NULL)
+
+PRIVATE_EXPORTS =	hsearch.h \
+			page.h    \
+			extern.h  \
+			ndbm.h    \
+			queue.h   \
+			hash.h    \
+			mpool.h   \
+			search.h  \
+			$(NULL)
+
diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn
new file mode 100644
index 000000000..11f4f4237
--- /dev/null
+++ b/security/dbm/manifest.mn
@@ -0,0 +1,45 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ..
+
+MODULE = dbm
+
+IMPORTS = nspr20/v4.1.2
+
+RELEASE = dbm
+
+DIRS =  include \
+        src     \
+	$(NULL)
diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile
new file mode 100644
index 000000000..8fce98394
--- /dev/null
+++ b/security/dbm/src/Makefile
@@ -0,0 +1,76 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(CORE_DEPTH)/dbm/config/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk
new file mode 100644
index 000000000..370fd75d6
--- /dev/null
+++ b/security/dbm/src/config.mk
@@ -0,0 +1,63 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG)
+
+INCLUDES += -I$(CORE_DEPTH)/../dbm/include
+
+#
+#  Currently, override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+
+ifdef SHARED_LIBRARY
+	ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16
+		DLLBASE=/BASE:0x30000000
+		RES=$(OBJDIR)/dbm.res
+		RESNAME=../include/dbm.rc
+	endif
+	ifeq ($(DLL_SUFFIX),dll)
+		DEFINES += -D_DLL
+	endif
+endif
+
+ifeq ($(OS_TARGET),AIX)
+	OS_LIBS += -lc_r
+endif
diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c
new file mode 100644
index 000000000..001a48c5c
--- /dev/null
+++ b/security/dbm/src/dirent.c
@@ -0,0 +1,348 @@
+#ifdef OS2
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <dirent.h>
+#include <errno.h>
+
+/*#ifndef __EMX__ 
+#include <libx.h>
+#endif */
+
+#define INCL_DOSFILEMGR
+#define INCL_DOSERRORS
+#include <os2.h>
+
+#if OS2 >= 2
+# define FFBUF	FILEFINDBUF3
+# define Word	ULONG
+  /*
+   * LS20 recommends a request count of 100, but according to the
+   * APAR text it does not lead to missing files, just to funny
+   * numbers of returned entries.
+   *
+   * LS30 HPFS386 requires a count greater than 2, or some files
+   * are missing (those starting with a character less that '.').
+   *
+   * Novell looses entries which overflow the buffer. In previous
+   * versions of dirent2, this could have lead to missing files
+   * when the average length of 100 directory entries was 40 bytes
+   * or more (quite unlikely for files on a Novell server).
+   *
+   * Conclusion: Make sure that the entries all fit into the buffer
+   * and that the buffer is large enough for more than 2 entries
+   * (each entry is at most 300 bytes long). And ignore the LS20
+   * effect.
+   */
+# define Count	25
+# define BufSz	(25 * (sizeof(FILEFINDBUF3)+1))
+#else
+# define FFBUF	FILEFINDBUF
+# define Word	USHORT
+# define BufSz	1024
+# define Count	3
+#endif
+
+#if defined(__IBMC__) || defined(__IBMCPP__)
+  #define error(rc) _doserrno = rc, errno = EOS2ERR
+#elif defined(MICROSOFT)
+  #define error(rc) _doserrno = rc, errno = 255
+#else
+  #define error(rc) errno = 255
+#endif
+
+struct _dirdescr {
+	HDIR		handle;		/* DosFindFirst handle */
+	char		fstype;		/* filesystem type */
+	Word		count;		/* valid entries in <ffbuf> */
+	long		number;		/* absolute number of next entry */
+	int		index;		/* relative number of next entry */
+	FFBUF *		next;		/* pointer to next entry */
+	char		name[MAXPATHLEN+3]; /* directory name */
+	unsigned	attrmask;	/* attribute mask for seekdir */
+	struct dirent	entry;		/* buffer for directory entry */
+	BYTE		ffbuf[BufSz];
+};
+
+/*
+ * Return first char of filesystem type, or 0 if unknown.
+ */
+static char
+getFSType(const char *path)
+{
+	static char cache[1+26];
+	char drive[3], info[512];
+	Word unit, infolen;
+	char r;
+
+	if (isalpha(path[0]) && path[1] == ':') {
+		unit = toupper(path[0]) - '@';
+		path += 2;
+	} else {
+		ULONG driveMap;
+#if OS2 >= 2
+		if (DosQueryCurrentDisk(&unit, &driveMap))
+#else
+		if (DosQCurDisk(&unit, &driveMap))
+#endif
+			return 0;
+	}
+
+	if ((path[0] == '\\' || path[0] == '/')
+	 && (path[1] == '\\' || path[1] == '/'))
+		return 0;
+
+	if (cache [unit])
+		return cache [unit];
+
+	drive[0] = '@' + unit;
+	drive[1] = ':';
+	drive[2] = '\0';
+	infolen = sizeof info;
+#if OS2 >= 2
+	if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen))
+		return 0;
+	if (infolen >= sizeof(FSQBUFFER2)) {
+		FSQBUFFER2 *p = (FSQBUFFER2 *)info;
+		r = p->szFSDName[p->cbName];
+	} else
+#else
+	if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0))
+		return 0;
+	if (infolen >= 9) {
+		char *p = info + sizeof(USHORT);
+		p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT);
+		r = *p;
+	} else
+#endif
+		r = 0;
+	return cache [unit] = r;
+}
+
+char *
+abs_path(const char *name, char *buffer, int len)
+{
+	char buf[4];
+	if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') {
+		buf[0] = name[0];
+		buf[1] = name[1];
+		buf[2] = '.';
+		buf[3] = '\0';
+		name = buf;
+	}
+#if OS2 >= 2
+	if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len))
+#else
+	if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L))
+#endif
+		return NULL;
+	return buffer;
+}
+
+DIR *
+openxdir(const char *path, unsigned att_mask)
+{
+	DIR *dir;
+	char name[MAXPATHLEN+3];
+	Word rc;
+
+	dir = malloc(sizeof(DIR));
+	if (dir == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	strncpy(name, path, MAXPATHLEN);
+	name[MAXPATHLEN] = '\0';
+	switch (name[strlen(name)-1]) {
+	default:
+		strcat(name, "\\");
+	case '\\':
+	case '/':
+	case ':':
+		;
+	}
+	strcat(name, ".");
+	if (!abs_path(name, dir->name, MAXPATHLEN+1))
+		strcpy(dir->name, name);
+	if (dir->name[strlen(dir->name)-1] == '\\')
+		strcat(dir->name, "*");
+	else
+		strcat(dir->name, "\\*");
+
+	dir->fstype = getFSType(dir->name);
+	dir->attrmask = att_mask | A_DIR;
+
+	dir->handle = HDIR_CREATE;
+	dir->count = 100;
+#if OS2 >= 2
+	rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask,
+		dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
+#else
+	rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask,
+		(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
+#endif
+	switch (rc) {
+	default:
+		free(dir);
+		error(rc);
+		return NULL;
+	case NO_ERROR:
+	case ERROR_NO_MORE_FILES:
+		;
+	}
+
+	dir->number = 0;
+	dir->index = 0;
+	dir->next = (FFBUF *)dir->ffbuf;
+
+	return (DIR *)dir;
+}
+
+DIR *
+opendir(const char *pathname)
+{
+	return openxdir(pathname, 0);
+}
+
+struct dirent *
+readdir(DIR *dir)
+{
+	static int dummy_ino = 2;
+
+	if (dir->index == dir->count) {
+		Word rc;
+		dir->count = 100;
+#if OS2 >= 2
+		rc = DosFindNext(dir->handle, dir->ffbuf,
+			sizeof dir->ffbuf, &dir->count);
+#else
+		rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf,
+			sizeof dir->ffbuf, &dir->count);
+#endif
+		if (rc) {
+			error(rc);
+			return NULL;
+		}
+
+		dir->index = 0;
+		dir->next = (FFBUF *)dir->ffbuf;
+	}
+
+	if (dir->index == dir->count)
+		return NULL;
+
+	memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName);
+	dir->entry.d_name[dir->next->cchName] = '\0';
+	dir->entry.d_ino = dummy_ino++;
+	dir->entry.d_reclen = dir->next->cchName;
+	dir->entry.d_namlen = dir->next->cchName;
+	dir->entry.d_size = dir->next->cbFile;
+	dir->entry.d_attribute = dir->next->attrFile;
+	dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite;
+	dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite;
+
+	switch (dir->fstype) {
+	case 'F': /* FAT */
+	case 'C': /* CDFS */
+		if (dir->next->attrFile & FILE_DIRECTORY)
+			strupr(dir->entry.d_name);
+		else
+			strlwr(dir->entry.d_name);
+	}
+
+#if OS2 >= 2
+	dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset);
+#else
+	dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1);
+#endif
+	++dir->number;
+	++dir->index;
+
+	return &dir->entry;
+}
+
+long
+telldir(DIR *dir)
+{
+	return dir->number;
+}
+
+void
+seekdir(DIR *dir, long off)
+{
+	if (dir->number > off) {
+		char name[MAXPATHLEN+2];
+		Word rc;
+
+		DosFindClose(dir->handle);
+
+		strcpy(name, dir->name);
+		strcat(name, "*");
+
+		dir->handle = HDIR_CREATE;
+		dir->count = 32767;
+#if OS2 >= 2
+		rc = DosFindFirst(name, &dir->handle, dir->attrmask,
+			dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
+#else
+		rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask,
+			(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
+#endif
+		switch (rc) {
+		default:
+			error(rc);
+			return;
+		case NO_ERROR:
+		case ERROR_NO_MORE_FILES:
+			;
+		}
+
+		dir->number = 0;
+		dir->index = 0;
+		dir->next = (FFBUF *)dir->ffbuf;
+	}
+
+	while (dir->number < off && readdir(dir))
+		;
+}
+
+void
+closedir(DIR *dir)
+{
+	DosFindClose(dir->handle);
+	free(dir);
+}
+
+/*****************************************************************************/
+
+#ifdef TEST
+
+main(int argc, char **argv)
+{
+	int i;
+	DIR *dir;
+	struct dirent *ep;
+
+	for (i = 1; i < argc; ++i) {
+		dir = opendir(argv[i]);
+		if (!dir)
+			continue;
+		while (ep = readdir(dir))
+			if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1]))
+				printf("%s%s\n", argv[i], ep->d_name);
+			else
+				printf("%s/%s\n", argv[i], ep->d_name);
+		closedir(dir);
+	}
+
+	return 0;
+}
+
+#endif
+
+#endif /* OS2 */
+
diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h
new file mode 100644
index 000000000..07a6c0ac8
--- /dev/null
+++ b/security/dbm/src/dirent.h
@@ -0,0 +1,97 @@
+#ifndef __DIRENT_H__
+#define __DIRENT_H__
+/*
+ * @(#)msd_dir.h 1.4 87/11/06   Public Domain.
+ *
+ *  A public domain implementation of BSD directory routines for
+ *  MS-DOS.  Written by Michael Rendell ({uunet,utai}michael@garfield),
+ *  August 1897
+ *
+ *  Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks
+ *  and returns 2 more pieces of information - file size & attribute.
+ *  Plus a little reshuffling of some #define's positions    December 1987
+ *
+ *  Some modifications by Martin Junius                      02-14-89
+ *
+ *	AK900712
+ *	AK910410	abs_path - make absolute path
+ *
+ */
+
+#ifdef __EMX__
+#include <sys/param.h>
+#else
+#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC)
+#include <stdio.h>
+#ifdef MAXPATHLEN
+	#undef MAXPATHLEN
+#endif
+#define MAXPATHLEN (FILENAME_MAX*4)
+#define MAXNAMLEN FILENAME_MAX
+
+#else
+#include <param.h>
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* attribute stuff */
+#ifndef A_RONLY
+# define A_RONLY   0x01
+# define A_HIDDEN  0x02
+# define A_SYSTEM  0x04
+# define A_LABEL   0x08
+# define A_DIR     0x10
+# define A_ARCHIVE 0x20
+#endif
+
+struct dirent {
+#if defined(OS2) || defined(WIN32)        /* use the layout of EMX to avoid trouble */
+    int            d_ino;                 /* Dummy */
+    int            d_reclen;		  /* Dummy, same as d_namlen */
+    int            d_namlen;              /* length of name */
+    char           d_name[MAXNAMLEN + 1];
+    unsigned long  d_size;
+    unsigned short d_attribute;           /* attributes (see above) */
+    unsigned short d_time;                /* modification time */
+    unsigned short d_date;                /* modification date */
+#else
+    char	   d_name[MAXNAMLEN + 1]; /* garentee null termination */
+    char	   d_attribute;		  /* .. extension .. */
+    unsigned long  d_size;		  /* .. extension .. */
+#endif
+};
+
+typedef struct _dirdescr DIR;
+/* the structs do not have to be defined here */
+
+extern DIR		*opendir(const char *);
+extern DIR		*openxdir(const char *, unsigned);
+extern struct dirent	*readdir(DIR *);
+extern void		seekdir(DIR *, long);
+extern long		telldir(DIR *);
+extern void 		closedir(DIR *);
+#define			rewinddir(dirp) seekdir(dirp, 0L)
+
+extern char *		abs_path(const char *name, char *buffer, int len);
+
+#ifndef S_IFMT
+#define S_IFMT ( S_IFDIR | S_IFREG )
+#endif
+
+#ifndef S_ISDIR
+#define S_ISDIR( m )                    (((m) & S_IFMT) == S_IFDIR)
+#endif
+
+#ifndef S_ISREG
+#define S_ISREG( m )                    (((m) & S_IFMT) == S_IFREG)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn
new file mode 100644
index 000000000..80f2abfd0
--- /dev/null
+++ b/security/dbm/src/manifest.mn
@@ -0,0 +1,61 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../..
+
+VPATH  = $(CORE_DEPTH)/../dbm/src
+
+MODULE = dbm
+
+#
+# memmove.c, snprintf.c, and strerror.c are not in CSRCS because
+# the Standard C Library has memmove and strerror and DBM is not
+# using snprintf.
+#
+
+CSRCS = db.c	   \
+	h_bigkey.c \
+	h_func.c   \
+	h_log2.c   \
+	h_page.c   \
+	hash.c	   \
+	hash_buf.c \
+	hsearch.c  \
+	mktemp.c   \
+	ndbm.c	   \
+	nsres.c	   \
+	dirent.c	   \
+	$(NULL)
+
+LIBRARY_NAME = dbm
diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile
new file mode 100644
index 000000000..fe132e19c
--- /dev/null
+++ b/security/dbm/tests/Makefile
@@ -0,0 +1,69 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+DEPTH		= ../..
+CORE_DEPTH	= ../..
+
+VPATH		= $(CORE_DEPTH)/../dbm/tests
+
+MODULE		= dbm
+
+CSRCS		= lots.c
+
+PROGRAM		= lots
+
+include $(DEPTH)/coreconf/config.mk
+
+include $(DEPTH)/dbm/config/config.mk
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET))) 
+LIBDBM		= ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX)
+else
+LIBDBM		= ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX)
+endif
+
+INCLUDES	+= -I$(CORE_DEPTH)/../dbm/include
+
+LDFLAGS		= $(LDOPTS) $(LIBDBM)
+
+include $(DEPTH)/coreconf/rules.mk
+
+lots.pure: lots
+	purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS)
+
+crash: crash.o $(MYLIBS)
+	$(CC) -o crash $(CFLAGS) $^
+
+crash.pure: crash.o $(MYLIBS)
+	purify $(CC) -o crash.pure $(CFLAGS) $^
+
diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c
index 95a51422a..ddeaa1a7c 100644
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -39,6 +39,7 @@
 #include "pk12util.h"
 #include "nss.h"
 #include "secport.h"
+#include "certdb.h"
 
 #define PKCS12_IN_BUFFER_SIZE	200
 
@@ -551,6 +552,38 @@ p12u_WriteToExportFile(void *arg, const char *buf, unsigned long len)
     }
 }
 
+static SECStatus
+cert_UserCertsOnly(CERTCertList *certList)
+{
+    CERTCertListNode *node, *freenode;
+    CERTCertificate *cert;
+    PRUint32 numusercerts = 0;
+    
+    node = CERT_LIST_HEAD(certList);
+    
+    while ( ! CERT_LIST_END(node, certList) ) {
+	cert = node->cert;
+	if ( !( cert->trust->sslFlags & CERTDB_USER ) &&
+	     !( cert->trust->emailFlags & CERTDB_USER ) &&
+	     !( cert->trust->objectSigningFlags & CERTDB_USER ) ) {
+	    /* Not a User Cert, so remove this cert from the list */
+	    freenode = node;
+	    node = CERT_LIST_NEXT(node);
+	    CERT_RemoveCertListNode(freenode);
+	} else {
+	    /* Is a User cert, so leave it in the list */
+	    node = CERT_LIST_NEXT(node);
+            numusercerts ++;
+	}
+    }
+    
+    if (numusercerts) {
+        return(SECSuccess);
+    } else  {
+        return(SECFailure);
+    }
+}
+
 void
 P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
 			secuPWData *slotPw, secuPWData *p12FilePw)
@@ -559,7 +592,9 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
     SEC_PKCS12SafeInfo *keySafe = NULL, *certSafe = NULL;
     SECItem *pwitem = NULL;
     p12uContext *p12cxt = NULL;
-    CERTCertificate *cert = NULL;
+    CERTCertList* certlist = NULL;
+    CERTCertListNode* node = NULL;
+    PK11SlotInfo* slot = NULL;
 
     if (P12U_InitSlot(inSlot, slotPw) != SECSuccess) {
 	SECU_PrintError(progName,"Failed to authenticate to \"%s\"",
@@ -567,17 +602,17 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
 	pk12uErrno = PK12UERR_PK11GETSLOT;
 	goto loser;
     }
-    cert = PK11_FindCertFromNickname(nn, slotPw);
-    if(!cert) {
-	SECU_PrintError(progName,"find cert by nickname failed");
+    certlist = PK11_FindCertsFromNickname(nn, slotPw);
+    if(!certlist) {
+	SECU_PrintError(progName,"find user certs from nickname failed");
 	pk12uErrno = PK12UERR_FINDCERTBYNN;
 	return;
     }
 
-    if (!cert->slot) {
-	SECU_PrintError(progName,"cert does not have a slot");
-	pk12uErrno = PK12UERR_FINDCERTBYNN;
-	goto loser;
+    if (SECSuccess != cert_UserCertsOnly(certlist)) {
+        SECU_PrintError(progName,"find user certs from nickname failed");
+        pk12uErrno = PK12UERR_FINDCERTBYNN;
+        return;
     }
 
     /*	Password to use for PKCS12 file.  */
@@ -586,61 +621,87 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
 	goto loser;
     }
 
-    p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, cert->slot, slotPw);
-    if(!p12ecx) {
-	SECU_PrintError(progName,"export context creation failed");
-	pk12uErrno = PK12UERR_EXPORTCXCREATE;
-	goto loser;
-    }
-
-    if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1)
-       != SECSuccess) {
-	SECU_PrintError(progName,"PKCS12 add password integrity failed");
-	pk12uErrno = PK12UERR_PK12ADDPWDINTEG;
+    p12cxt = p12u_InitFile(PR_FALSE, outfile); 
+    if(!p12cxt) {
+	SECU_PrintError(progName,"Initialization failed: %s", outfile);
+	pk12uErrno = PK12UERR_INIT_FILE;
 	goto loser;
     }
 
-    keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx);
-    if(/*!SEC_PKCS12IsEncryptionAllowed() || */ PK11_IsFIPS()) {
-	certSafe = keySafe;
-    } else {
-	certSafe = SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem,
-			SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
+    if (certlist) {
+        CERTCertificate* cert = NULL;
+        node = CERT_LIST_HEAD(certlist);
+        if (node) {
+            cert = node->cert;
+        }
+        if (cert) {
+            slot = cert->slot; /* use the slot from the first matching
+                certificate to create the context . This is for keygen */
+        }
     }
-
-    if(!certSafe || !keySafe) {
-	SECU_PrintError(progName,"key or cert safe creation failed");
-	pk12uErrno = PK12UERR_CERTKEYSAFE;
-	goto loser;
+    if (!slot) {
+        SECU_PrintError(progName,"cert does not have a slot");
+        pk12uErrno = PK12UERR_FINDCERTBYNN;
+        goto loser;
     }
-
-    if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert,
-			CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem,
-			SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC)
-			!= SECSuccess) {
-	SECU_PrintError(progName,"add cert and key failed");
-	pk12uErrno = PK12UERR_ADDCERTKEY;
-	goto loser;
+    p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, slot, slotPw);
+    if(!p12ecx) {
+        SECU_PrintError(progName,"export context creation failed");
+        pk12uErrno = PK12UERR_EXPORTCXCREATE;
+        goto loser;
     }
 
-    p12cxt = p12u_InitFile(PR_FALSE, outfile); 
-    if(!p12cxt) {
-	SECU_PrintError(progName,"Initialization failed: %s", outfile);
-	pk12uErrno = PK12UERR_INIT_FILE;
-	goto loser;
+    if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1)
+       != SECSuccess) {
+        SECU_PrintError(progName,"PKCS12 add password integrity failed");
+        pk12uErrno = PK12UERR_PK12ADDPWDINTEG;
+        goto loser;
+    }
+
+    for (node = CERT_LIST_HEAD(certlist);!CERT_LIST_END(node,certlist);node=CERT_LIST_NEXT(node))
+    {
+        CERTCertificate* cert = node->cert;
+        if (!cert->slot) {
+            SECU_PrintError(progName,"cert does not have a slot");
+            pk12uErrno = PK12UERR_FINDCERTBYNN;
+            goto loser;
+        }
+    
+        keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx);
+        if(/*!SEC_PKCS12IsEncryptionAllowed() || */ PK11_IsFIPS()) {
+            certSafe = keySafe;
+        } else {
+            certSafe = SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem,
+                SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
+        }
+    
+        if(!certSafe || !keySafe) {
+            SECU_PrintError(progName,"key or cert safe creation failed");
+            pk12uErrno = PK12UERR_CERTKEYSAFE;
+            goto loser;
+        }
+    
+        if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert,
+            CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem,
+            SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC)
+            != SECSuccess) {
+                SECU_PrintError(progName,"add cert and key failed");
+                pk12uErrno = PK12UERR_ADDCERTKEY;
+                goto loser;
+        }
+        CERT_DestroyCertificate(cert);
+        node->cert = NULL;
     }
 
     if(SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt)
-			!= SECSuccess) {
-	SECU_PrintError(progName,"PKCS12 encode failed");
-	pk12uErrno = PK12UERR_ENCODE;
-	goto loser;
+                        != SECSuccess) {
+        SECU_PrintError(progName,"PKCS12 encode failed");
+        pk12uErrno = PK12UERR_ENCODE;
+        goto loser;
     }
 
     p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE);
     SECITEM_ZfreeItem(pwitem, PR_TRUE);
-    CERT_DestroyCertificate(cert);
-
     fprintf(stdout, "%s: PKCS12 EXPORT SUCCESSFUL\n", progName);
     SEC_PKCS12DestroyExportContext(p12ecx);
 
@@ -649,18 +710,27 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
 loser:
     SEC_PKCS12DestroyExportContext(p12ecx);
 
+    for (node = CERT_LIST_HEAD(certlist);!CERT_LIST_END(node,certlist);node=CERT_LIST_NEXT(node))
+    {
+        CERTCertificate* cert = node->cert;
+        if (!node->cert) {
+            continue;
+        }
+
+        if(cert) {
+            CERT_DestroyCertificate(cert);
+        }
+    }
+
     if (slotPw)
-	PR_Free(slotPw->data);
+        PR_Free(slotPw->data);
 
     if (p12FilePw)
-	PR_Free(p12FilePw->data);
+        PR_Free(p12FilePw->data);
 
-    if(cert) {
-	CERT_DestroyCertificate(cert);
-    }
     p12u_DestroyExportFileInfo(&p12cxt, PR_TRUE);
     if(pwitem) {
-	SECITEM_ZfreeItem(pwitem, PR_TRUE);
+        SECITEM_ZfreeItem(pwitem, PR_TRUE);
     }
     p12u_DoPKCS12ExportErrors();
     return;
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def
index 61a631c4f..6d19fcaf9 100644
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -693,6 +693,7 @@ CERT_DestroyOCSPRequest;
 CERT_EncodeOCSPRequest;
 CERT_GetOCSPResponseStatus;
 CERT_GetOCSPStatusForCertID;
+CERT_RemoveCertListNode;
 CERT_VerifyCACertForUsage;
 CERT_VerifyCertificate;
 CERT_VerifyCertificateNow;