fixup commit for tag 'LIGHTNING_0_3_1_RC1'LIGHTNING_0_3_1_RC1

15 files changed, 1945 insertions, 0 deletions

diff --git a/security/dbm/Makefile b/security/dbm/Makefile
new file mode 100644
index 000000000..34cd6d899
--- /dev/null
+++ b/security/dbm/Makefile
@@ -0,0 +1,80 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+coreconf_hack:
+	cd ../coreconf; gmake
+	gmake import
+
+RelEng_bld: coreconf_hack
+	gmake
diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk
new file mode 100644
index 000000000..753364931
--- /dev/null
+++ b/security/dbm/config/config.mk
@@ -0,0 +1,67 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#
+# These macros are defined by mozilla's configure script.
+# We define them manually here.
+#
+
+DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR
+
+#
+# Most platforms have snprintf, so it's simpler to list the exceptions.
+#
+HAVE_SNPRINTF = 1
+#
+# OSF1 V4.0D doesn't have snprintf but V5.0A does.
+#
+ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D)
+HAVE_SNPRINTF =
+endif
+ifdef HAVE_SNPRINTF
+DEFINES += -DHAVE_SNPRINTF
+endif
+
+ifeq (,$(filter-out IRIX Linux,$(OS_TARGET)))
+DEFINES += -DHAVE_SYS_CDEFS_H
+endif
+
+ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET)))
+DEFINES += -DHAVE_SYS_BYTEORDER_H
+endif
+
+#
+# None of the platforms that we are interested in need to
+# define HAVE_MEMORY_H.
+#
diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile
new file mode 100644
index 000000000..ba4dd8ddf
--- /dev/null
+++ b/security/dbm/include/Makefile
@@ -0,0 +1,76 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn
new file mode 100644
index 000000000..a7fa41085
--- /dev/null
+++ b/security/dbm/include/manifest.mn
@@ -0,0 +1,56 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../..
+
+VPATH  = $(CORE_DEPTH)/../dbm/include
+
+MODULE = dbm
+
+EXPORTS =	cdefs.h   \
+		mcom_db.h \
+		ncompat.h \
+		winfile.h \
+		$(NULL)
+
+PRIVATE_EXPORTS =	hsearch.h \
+			page.h    \
+			extern.h  \
+			ndbm.h    \
+			queue.h   \
+			hash.h    \
+			mpool.h   \
+			search.h  \
+			$(NULL)
+
diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn
new file mode 100644
index 000000000..d4065f761
--- /dev/null
+++ b/security/dbm/manifest.mn
@@ -0,0 +1,45 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ..
+
+MODULE = dbm
+
+IMPORTS = nspr20/v4.4.1
+
+RELEASE = dbm
+
+DIRS =  include \
+        src     \
+	$(NULL)
diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile
new file mode 100644
index 000000000..8fce98394
--- /dev/null
+++ b/security/dbm/src/Makefile
@@ -0,0 +1,76 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(CORE_DEPTH)/dbm/config/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk
new file mode 100644
index 000000000..370fd75d6
--- /dev/null
+++ b/security/dbm/src/config.mk
@@ -0,0 +1,63 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG)
+
+INCLUDES += -I$(CORE_DEPTH)/../dbm/include
+
+#
+#  Currently, override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+
+ifdef SHARED_LIBRARY
+	ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16
+		DLLBASE=/BASE:0x30000000
+		RES=$(OBJDIR)/dbm.res
+		RESNAME=../include/dbm.rc
+	endif
+	ifeq ($(DLL_SUFFIX),dll)
+		DEFINES += -D_DLL
+	endif
+endif
+
+ifeq ($(OS_TARGET),AIX)
+	OS_LIBS += -lc_r
+endif
diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c
new file mode 100644
index 000000000..001a48c5c
--- /dev/null
+++ b/security/dbm/src/dirent.c
@@ -0,0 +1,348 @@
+#ifdef OS2
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <dirent.h>
+#include <errno.h>
+
+/*#ifndef __EMX__ 
+#include <libx.h>
+#endif */
+
+#define INCL_DOSFILEMGR
+#define INCL_DOSERRORS
+#include <os2.h>
+
+#if OS2 >= 2
+# define FFBUF	FILEFINDBUF3
+# define Word	ULONG
+  /*
+   * LS20 recommends a request count of 100, but according to the
+   * APAR text it does not lead to missing files, just to funny
+   * numbers of returned entries.
+   *
+   * LS30 HPFS386 requires a count greater than 2, or some files
+   * are missing (those starting with a character less that '.').
+   *
+   * Novell looses entries which overflow the buffer. In previous
+   * versions of dirent2, this could have lead to missing files
+   * when the average length of 100 directory entries was 40 bytes
+   * or more (quite unlikely for files on a Novell server).
+   *
+   * Conclusion: Make sure that the entries all fit into the buffer
+   * and that the buffer is large enough for more than 2 entries
+   * (each entry is at most 300 bytes long). And ignore the LS20
+   * effect.
+   */
+# define Count	25
+# define BufSz	(25 * (sizeof(FILEFINDBUF3)+1))
+#else
+# define FFBUF	FILEFINDBUF
+# define Word	USHORT
+# define BufSz	1024
+# define Count	3
+#endif
+
+#if defined(__IBMC__) || defined(__IBMCPP__)
+  #define error(rc) _doserrno = rc, errno = EOS2ERR
+#elif defined(MICROSOFT)
+  #define error(rc) _doserrno = rc, errno = 255
+#else
+  #define error(rc) errno = 255
+#endif
+
+struct _dirdescr {
+	HDIR		handle;		/* DosFindFirst handle */
+	char		fstype;		/* filesystem type */
+	Word		count;		/* valid entries in <ffbuf> */
+	long		number;		/* absolute number of next entry */
+	int		index;		/* relative number of next entry */
+	FFBUF *		next;		/* pointer to next entry */
+	char		name[MAXPATHLEN+3]; /* directory name */
+	unsigned	attrmask;	/* attribute mask for seekdir */
+	struct dirent	entry;		/* buffer for directory entry */
+	BYTE		ffbuf[BufSz];
+};
+
+/*
+ * Return first char of filesystem type, or 0 if unknown.
+ */
+static char
+getFSType(const char *path)
+{
+	static char cache[1+26];
+	char drive[3], info[512];
+	Word unit, infolen;
+	char r;
+
+	if (isalpha(path[0]) && path[1] == ':') {
+		unit = toupper(path[0]) - '@';
+		path += 2;
+	} else {
+		ULONG driveMap;
+#if OS2 >= 2
+		if (DosQueryCurrentDisk(&unit, &driveMap))
+#else
+		if (DosQCurDisk(&unit, &driveMap))
+#endif
+			return 0;
+	}
+
+	if ((path[0] == '\\' || path[0] == '/')
+	 && (path[1] == '\\' || path[1] == '/'))
+		return 0;
+
+	if (cache [unit])
+		return cache [unit];
+
+	drive[0] = '@' + unit;
+	drive[1] = ':';
+	drive[2] = '\0';
+	infolen = sizeof info;
+#if OS2 >= 2
+	if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen))
+		return 0;
+	if (infolen >= sizeof(FSQBUFFER2)) {
+		FSQBUFFER2 *p = (FSQBUFFER2 *)info;
+		r = p->szFSDName[p->cbName];
+	} else
+#else
+	if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0))
+		return 0;
+	if (infolen >= 9) {
+		char *p = info + sizeof(USHORT);
+		p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT);
+		r = *p;
+	} else
+#endif
+		r = 0;
+	return cache [unit] = r;
+}
+
+char *
+abs_path(const char *name, char *buffer, int len)
+{
+	char buf[4];
+	if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') {
+		buf[0] = name[0];
+		buf[1] = name[1];
+		buf[2] = '.';
+		buf[3] = '\0';
+		name = buf;
+	}
+#if OS2 >= 2
+	if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len))
+#else
+	if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L))
+#endif
+		return NULL;
+	return buffer;
+}
+
+DIR *
+openxdir(const char *path, unsigned att_mask)
+{
+	DIR *dir;
+	char name[MAXPATHLEN+3];
+	Word rc;
+
+	dir = malloc(sizeof(DIR));
+	if (dir == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	strncpy(name, path, MAXPATHLEN);
+	name[MAXPATHLEN] = '\0';
+	switch (name[strlen(name)-1]) {
+	default:
+		strcat(name, "\\");
+	case '\\':
+	case '/':
+	case ':':
+		;
+	}
+	strcat(name, ".");
+	if (!abs_path(name, dir->name, MAXPATHLEN+1))
+		strcpy(dir->name, name);
+	if (dir->name[strlen(dir->name)-1] == '\\')
+		strcat(dir->name, "*");
+	else
+		strcat(dir->name, "\\*");
+
+	dir->fstype = getFSType(dir->name);
+	dir->attrmask = att_mask | A_DIR;
+
+	dir->handle = HDIR_CREATE;
+	dir->count = 100;
+#if OS2 >= 2
+	rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask,
+		dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
+#else
+	rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask,
+		(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
+#endif
+	switch (rc) {
+	default:
+		free(dir);
+		error(rc);
+		return NULL;
+	case NO_ERROR:
+	case ERROR_NO_MORE_FILES:
+		;
+	}
+
+	dir->number = 0;
+	dir->index = 0;
+	dir->next = (FFBUF *)dir->ffbuf;
+
+	return (DIR *)dir;
+}
+
+DIR *
+opendir(const char *pathname)
+{
+	return openxdir(pathname, 0);
+}
+
+struct dirent *
+readdir(DIR *dir)
+{
+	static int dummy_ino = 2;
+
+	if (dir->index == dir->count) {
+		Word rc;
+		dir->count = 100;
+#if OS2 >= 2
+		rc = DosFindNext(dir->handle, dir->ffbuf,
+			sizeof dir->ffbuf, &dir->count);
+#else
+		rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf,
+			sizeof dir->ffbuf, &dir->count);
+#endif
+		if (rc) {
+			error(rc);
+			return NULL;
+		}
+
+		dir->index = 0;
+		dir->next = (FFBUF *)dir->ffbuf;
+	}
+
+	if (dir->index == dir->count)
+		return NULL;
+
+	memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName);
+	dir->entry.d_name[dir->next->cchName] = '\0';
+	dir->entry.d_ino = dummy_ino++;
+	dir->entry.d_reclen = dir->next->cchName;
+	dir->entry.d_namlen = dir->next->cchName;
+	dir->entry.d_size = dir->next->cbFile;
+	dir->entry.d_attribute = dir->next->attrFile;
+	dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite;
+	dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite;
+
+	switch (dir->fstype) {
+	case 'F': /* FAT */
+	case 'C': /* CDFS */
+		if (dir->next->attrFile & FILE_DIRECTORY)
+			strupr(dir->entry.d_name);
+		else
+			strlwr(dir->entry.d_name);
+	}
+
+#if OS2 >= 2
+	dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset);
+#else
+	dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1);
+#endif
+	++dir->number;
+	++dir->index;
+
+	return &dir->entry;
+}
+
+long
+telldir(DIR *dir)
+{
+	return dir->number;
+}
+
+void
+seekdir(DIR *dir, long off)
+{
+	if (dir->number > off) {
+		char name[MAXPATHLEN+2];
+		Word rc;
+
+		DosFindClose(dir->handle);
+
+		strcpy(name, dir->name);
+		strcat(name, "*");
+
+		dir->handle = HDIR_CREATE;
+		dir->count = 32767;
+#if OS2 >= 2
+		rc = DosFindFirst(name, &dir->handle, dir->attrmask,
+			dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
+#else
+		rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask,
+			(PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
+#endif
+		switch (rc) {
+		default:
+			error(rc);
+			return;
+		case NO_ERROR:
+		case ERROR_NO_MORE_FILES:
+			;
+		}
+
+		dir->number = 0;
+		dir->index = 0;
+		dir->next = (FFBUF *)dir->ffbuf;
+	}
+
+	while (dir->number < off && readdir(dir))
+		;
+}
+
+void
+closedir(DIR *dir)
+{
+	DosFindClose(dir->handle);
+	free(dir);
+}
+
+/*****************************************************************************/
+
+#ifdef TEST
+
+main(int argc, char **argv)
+{
+	int i;
+	DIR *dir;
+	struct dirent *ep;
+
+	for (i = 1; i < argc; ++i) {
+		dir = opendir(argv[i]);
+		if (!dir)
+			continue;
+		while (ep = readdir(dir))
+			if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1]))
+				printf("%s%s\n", argv[i], ep->d_name);
+			else
+				printf("%s/%s\n", argv[i], ep->d_name);
+		closedir(dir);
+	}
+
+	return 0;
+}
+
+#endif
+
+#endif /* OS2 */
+
diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h
new file mode 100644
index 000000000..07a6c0ac8
--- /dev/null
+++ b/security/dbm/src/dirent.h
@@ -0,0 +1,97 @@
+#ifndef __DIRENT_H__
+#define __DIRENT_H__
+/*
+ * @(#)msd_dir.h 1.4 87/11/06   Public Domain.
+ *
+ *  A public domain implementation of BSD directory routines for
+ *  MS-DOS.  Written by Michael Rendell ({uunet,utai}michael@garfield),
+ *  August 1897
+ *
+ *  Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks
+ *  and returns 2 more pieces of information - file size & attribute.
+ *  Plus a little reshuffling of some #define's positions    December 1987
+ *
+ *  Some modifications by Martin Junius                      02-14-89
+ *
+ *	AK900712
+ *	AK910410	abs_path - make absolute path
+ *
+ */
+
+#ifdef __EMX__
+#include <sys/param.h>
+#else
+#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC)
+#include <stdio.h>
+#ifdef MAXPATHLEN
+	#undef MAXPATHLEN
+#endif
+#define MAXPATHLEN (FILENAME_MAX*4)
+#define MAXNAMLEN FILENAME_MAX
+
+#else
+#include <param.h>
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* attribute stuff */
+#ifndef A_RONLY
+# define A_RONLY   0x01
+# define A_HIDDEN  0x02
+# define A_SYSTEM  0x04
+# define A_LABEL   0x08
+# define A_DIR     0x10
+# define A_ARCHIVE 0x20
+#endif
+
+struct dirent {
+#if defined(OS2) || defined(WIN32)        /* use the layout of EMX to avoid trouble */
+    int            d_ino;                 /* Dummy */
+    int            d_reclen;		  /* Dummy, same as d_namlen */
+    int            d_namlen;              /* length of name */
+    char           d_name[MAXNAMLEN + 1];
+    unsigned long  d_size;
+    unsigned short d_attribute;           /* attributes (see above) */
+    unsigned short d_time;                /* modification time */
+    unsigned short d_date;                /* modification date */
+#else
+    char	   d_name[MAXNAMLEN + 1]; /* garentee null termination */
+    char	   d_attribute;		  /* .. extension .. */
+    unsigned long  d_size;		  /* .. extension .. */
+#endif
+};
+
+typedef struct _dirdescr DIR;
+/* the structs do not have to be defined here */
+
+extern DIR		*opendir(const char *);
+extern DIR		*openxdir(const char *, unsigned);
+extern struct dirent	*readdir(DIR *);
+extern void		seekdir(DIR *, long);
+extern long		telldir(DIR *);
+extern void 		closedir(DIR *);
+#define			rewinddir(dirp) seekdir(dirp, 0L)
+
+extern char *		abs_path(const char *name, char *buffer, int len);
+
+#ifndef S_IFMT
+#define S_IFMT ( S_IFDIR | S_IFREG )
+#endif
+
+#ifndef S_ISDIR
+#define S_ISDIR( m )                    (((m) & S_IFMT) == S_IFDIR)
+#endif
+
+#ifndef S_ISREG
+#define S_ISREG( m )                    (((m) & S_IFMT) == S_IFREG)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn
new file mode 100644
index 000000000..e2b4c64ec
--- /dev/null
+++ b/security/dbm/src/manifest.mn
@@ -0,0 +1,60 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../..
+
+VPATH  = $(CORE_DEPTH)/../dbm/src
+
+MODULE = dbm
+
+#
+# memmove.c, snprintf.c, and strerror.c are not in CSRCS because
+# the Standard C Library has memmove and strerror and DBM is not
+# using snprintf.
+#
+
+CSRCS = db.c	   \
+	h_bigkey.c \
+	h_func.c   \
+	h_log2.c   \
+	h_page.c   \
+	hash.c	   \
+	hash_buf.c \
+	hsearch.c  \
+	mktemp.c   \
+	ndbm.c	   \
+	dirent.c   \
+	$(NULL)
+
+LIBRARY_NAME = dbm
diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile
new file mode 100644
index 000000000..fe132e19c
--- /dev/null
+++ b/security/dbm/tests/Makefile
@@ -0,0 +1,69 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+DEPTH		= ../..
+CORE_DEPTH	= ../..
+
+VPATH		= $(CORE_DEPTH)/../dbm/tests
+
+MODULE		= dbm
+
+CSRCS		= lots.c
+
+PROGRAM		= lots
+
+include $(DEPTH)/coreconf/config.mk
+
+include $(DEPTH)/dbm/config/config.mk
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET))) 
+LIBDBM		= ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX)
+else
+LIBDBM		= ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX)
+endif
+
+INCLUDES	+= -I$(CORE_DEPTH)/../dbm/include
+
+LDFLAGS		= $(LDOPTS) $(LIBDBM)
+
+include $(DEPTH)/coreconf/rules.mk
+
+lots.pure: lots
+	purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS)
+
+crash: crash.o $(MYLIBS)
+	$(CC) -o crash $(CFLAGS) $^
+
+crash.pure: crash.o $(MYLIBS)
+	purify $(CC) -o crash.pure $(CFLAGS) $^
+
diff --git a/security/nss/lib/freebl/nss.h b/security/nss/lib/freebl/nss.h
new file mode 100644
index 000000000..d0f72fb07
--- /dev/null
+++ b/security/nss/lib/freebl/nss.h
@@ -0,0 +1,253 @@
+/***********************************************************************
+ *
+ * A copy of nss.h from NSS 3.11.4 for the directories that make up the
+ * NSS cryptographic module (lib/freebl and lib/softoken).
+ *
+ * When compiling in these directories, the compiler uses the local copy
+ * of nss.h, allowing the NSS cryptographic module to stay at version
+ * 3.11.4 (the version submitted to NIST for FIPS 140-2 validation).
+ *
+ * DO NOT CHANGE THIS FILE.
+ *
+ ***********************************************************************/
+/*
+ * NSS utility functions
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef __nss_h_
+#define __nss_h_
+
+#include "seccomon.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * NSS's major version, minor version, patch level, and whether
+ * this is a beta release.
+ *
+ * The format of the version string should be
+ *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
+ */
+/* ***** DO NOT CHANGE THIS FILE. ***** */
+#ifdef NSS_ENABLE_ECC
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+#define NSS_VERSION  "3.11.4 Extended ECC"
+#else
+#define NSS_VERSION  "3.11.4 Basic ECC"
+#endif
+#else
+#define NSS_VERSION  "3.11.4"
+#endif
+#define NSS_VMAJOR   3
+#define NSS_VMINOR   11
+#define NSS_VPATCH   4
+#define NSS_BETA     PR_FALSE
+
+/*
+ * Return a boolean that indicates whether the underlying library
+ * will perform as the caller expects.
+ *
+ * The only argument is a string, which should be the verson
+ * identifier of the NSS library. That string will be compared
+ * against a string that represents the actual build version of
+ * the NSS library.  It also invokes the version checking functions
+ * of the dependent libraries such as NSPR.
+ */
+extern PRBool NSS_VersionCheck(const char *importedVersion);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read only.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ */
+extern SECStatus NSS_Init(const char *configdir);
+
+/*
+ * Returns whether NSS has already been initialized or not.
+ */
+extern PRBool NSS_IsInitialized(void);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read/write.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ */
+extern SECStatus NSS_InitReadWrite(const char *configdir);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read/write.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ *
+ * This allows using application defined prefixes for the cert and key db's
+ * and an alternate name for the secmod database. NOTE: In future releases,
+ * the database prefixes my not necessarily map to database names.
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ * 			"https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ * 			"https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * flags - change the open options of NSS_Initialize as follows:
+ * 	NSS_INIT_READONLY - Open the databases read only.
+ * 	NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just 
+ * 			initialize the volatile certdb.
+ * 	NSS_INIT_NOMODDB  - Don't open the security module DB, just 
+ *			initialize the 	PKCS #11 module.
+ *      NSS_INIT_FORCEOPEN - Continue to force initializations even if the 
+ * 			databases cannot be opened.
+ *      NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
+ *			automatically.
+ *      NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
+ *      NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
+ *                      thread-safe, ie. that support locking - either OS
+ *                      locking or NSS-provided locks . If a PKCS#11
+ *                      module isn't thread-safe, don't serialize its
+ *                      calls; just don't load it instead. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example the Java SunPKCS11 provider.
+ *      NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
+ *                      error when loading PKCS#11 modules. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example Java SunPKCS11 provider.
+ *      NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
+ *                      PKCS#11 module. This may be necessary in order to
+ *                      ensure continuous operation and proper shutdown
+ *                      sequence if another piece of code is using the same
+ *                      PKCS#11 modules that NSS is accessing without going
+ *                      through NSS, for example Java SunPKCS11 provider.
+ *                      The following limitation applies when this is set :
+ *                      SECMOD_WaitForAnyTokenEvent will not use
+ *                      C_WaitForSlotEvent, in order to prevent the need for
+ *                      C_Finalize. This call will be emulated instead.
+ *      NSS_INIT_RESERVED - Currently has no effect, but may be used in the
+ *                      future to trigger better cooperation between PKCS#11
+ *                      modules used by both NSS and the Java SunPKCS11
+ *                      provider. This should occur after a new flag is defined
+ *                      for C_Initialize by the PKCS#11 working group.
+ *      NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
+ *                      use both NSS and the Java SunPKCS11 provider.
+ *
+ * Also NOTE: This is not the recommended method for initializing NSS. 
+ * The prefered method is NSS_init().
+ */
+#define NSS_INIT_READONLY	0x1
+#define NSS_INIT_NOCERTDB	0x2
+#define NSS_INIT_NOMODDB	0x4
+#define NSS_INIT_FORCEOPEN	0x8
+#define NSS_INIT_NOROOTINIT     0x10
+#define NSS_INIT_OPTIMIZESPACE  0x20
+#define NSS_INIT_PK11THREADSAFE   0x40
+#define NSS_INIT_PK11RELOAD       0x80
+#define NSS_INIT_NOPK11FINALIZE   0x100
+#define NSS_INIT_RESERVED         0x200
+
+#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \
+        NSS_INIT_PK11RELOAD | \
+        NSS_INIT_NOPK11FINALIZE | \
+        NSS_INIT_RESERVED
+
+#ifdef macintosh
+#define SECMOD_DB "Security Modules"
+#else
+#define SECMOD_DB "secmod.db"
+#endif
+
+extern SECStatus NSS_Initialize(const char *configdir, 
+	const char *certPrefix, const char *keyPrefix, 
+	const char *secmodName, PRUint32 flags);
+
+/*
+ * initialize NSS without a creating cert db's, key db's, or secmod db's.
+ */
+SECStatus NSS_NoDB_Init(const char *configdir);
+
+/*
+ * Allow applications and libraries to register with NSS so that they are called
+ * when NSS shuts down.
+ *
+ * void *appData application specific data passed in by the application at 
+ * NSS_RegisterShutdown() time.
+ * void *nssData is NULL in this release, but is reserved for future versions of 
+ * NSS to pass some future status information * back to the shutdown function. 
+ *
+ * If the shutdown function returns SECFailure,
+ * Shutdown will still complete, but NSS_Shutdown() will return SECFailure.
+ */
+typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData);
+
+/*
+ * Register a shutdown function.
+ */
+SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
+
+/*
+ * Remove an existing shutdown function (you may do this if your library is
+ * complete and going away, but NSS is still running).
+ */
+SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
+
+/* 
+ * Close the Cert, Key databases.
+ */
+extern SECStatus NSS_Shutdown(void);
+
+/*
+ * set the PKCS #11 strings for the internal token.
+ */
+void PK11_ConfigurePKCS11(const char *man, const char *libdes, 
+	const char *tokdes, const char *ptokdes, const char *slotdes, 
+	const char *pslotdes, const char *fslotdes, const char *fpslotdes,
+        int minPwd, int pwRequired);
+
+/*
+ * Dump the contents of the certificate cache and the temporary cert store.
+ * Use to detect leaked references of certs at shutdown time.
+ */
+void nss_DumpCertificateCacheInfo(void);
+
+SEC_END_PROTOS
+
+#endif /* __nss_h_ */
diff --git a/security/nss/lib/freebl/sha256.h b/security/nss/lib/freebl/sha256.h
new file mode 100644
index 000000000..f59813257
--- /dev/null
+++ b/security/nss/lib/freebl/sha256.h
@@ -0,0 +1,51 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2002
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _SHA_256_H_
+#define _SHA_256_H_
+
+#include "prtypes.h"
+
+struct SHA256ContextStr {
+    union {
+	PRUint32 w[64];	    /* message schedule, input buffer, plus 48 words */
+	PRUint8  b[256];
+    } u;
+    PRUint32 h[8];		/* 8 state variables */
+    PRUint32 sizeHi,sizeLo;	/* 64-bit count of hashed bytes. */
+};
+
+#endif /* _SHA_256_H_ */
diff --git a/security/nss/lib/softoken/fipsaudt.c b/security/nss/lib/softoken/fipsaudt.c
new file mode 100644
index 000000000..d17496deb
--- /dev/null
+++ b/security/nss/lib/softoken/fipsaudt.c
@@ -0,0 +1,351 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Network Security Services (NSS).
+ *
+ * The Initial Developer of the Original Code is
+ * Red Hat, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2006
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * This file implements audit logging required by FIPS 140-2 Security
+ * Level 2.
+ */
+
+#include "prprf.h"
+#include "softoken.h"
+
+/*
+ * Print the value of the returned object handle in the output buffer
+ * on a successful return of the PKCS #11 function.  If the PKCS #11
+ * function failed or the pointer to object handle is NULL (which is
+ * the case for C_DeriveKey with CKM_TLS_KEY_AND_MAC_DERIVE), an empty
+ * string is stored in the output buffer.
+ *
+ * out: the output buffer
+ * outlen: the length of the output buffer
+ * argName: the name of the "pointer to object handle" argument
+ * phObject: the pointer to object handle
+ * rv: the return value of the PKCS #11 function
+ */
+static void sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen,
+    const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
+{
+    if ((rv == CKR_OK) && phObject) {
+	PR_snprintf(out, outlen,
+	    " *%s=0x%08lX", argName, (PRUint32)*phObject);
+    } else {
+	PORT_Assert(outlen != 0);
+	out[0] = '\0';
+    }
+}
+
+/*
+ * MECHANISM_BUFSIZE needs to be large enough for sftk_PrintMechanism,
+ * which uses <= 49 bytes.
+ */
+#define MECHANISM_BUFSIZE 64
+
+static void sftk_PrintMechanism(char *out, PRUint32 outlen,
+    CK_MECHANISM_PTR pMechanism)
+{
+    if (pMechanism) {
+	/*
+	 * If we change the format string, we need to make sure
+	 * MECHANISM_BUFSIZE is still large enough.  We allow
+	 * 20 bytes for %p on a 64-bit platform.
+	 */
+	PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}",
+	    pMechanism, (PRUint32)pMechanism->mechanism);
+    } else {
+	PR_snprintf(out, outlen, "%p", pMechanism);
+    }
+}
+
+void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
+{
+    char msg[256];
+    char shObject[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintReturnedObjectHandle(shObject, sizeof shObject,
+	"phObject", phObject, rv);
+    PR_snprintf(msg, sizeof msg,
+	"C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
+	"phObject=%p)=0x%08lX%s",
+	(PRUint32)hSession, pTemplate, (PRUint32)ulCount,
+	phObject, (PRUint32)rv, shObject);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
+{
+    char msg[256];
+    char shNewObject[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject,
+	"phNewObject", phNewObject, rv);
+    PR_snprintf(msg, sizeof msg,
+	"C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
+	"pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+/* WARNING: hObject has been destroyed and can only be printed. */
+void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+	"C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+	"C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
+	"pulSize=%p)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pulSize, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+	"C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+	"pTemplate=%p, ulCount=%lu)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+	"C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+	"pTemplate=%p, ulCount=%lu)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    PR_snprintf(msg, sizeof msg,
+	"C_%sInit(hSession=0x%08lX, pMechanism=%s, "
+	"hKey=0x%08lX)=0x%08lX",
+	opName, (PRUint32)hSession, mech,
+	(PRUint32)hKey, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    char shKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
+    PR_snprintf(msg, sizeof msg,
+	"C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
+	"pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
+	(PRUint32)hSession, mech,
+	pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
+    CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
+{
+    char msg[512];
+    char mech[MECHANISM_BUFSIZE];
+    char shPublicKey[32];
+    char shPrivateKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey,
+	"phPublicKey", phPublicKey, rv);
+    sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey,
+	"phPrivateKey", phPrivateKey, rv);
+    PR_snprintf(msg, sizeof msg,
+	"C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
+	"pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
+	"pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
+	"phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
+	(PRUint32)hSession, mech,
+	pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
+	pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
+	phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
+    CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
+    CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    PR_snprintf(msg, sizeof msg,
+	"C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
+	"hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
+	(PRUint32)hSession, mech, (PRUint32)hWrappingKey,
+	(PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
+    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    char shKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
+    PR_snprintf(msg, sizeof msg,
+	"C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
+	"hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
+	"pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
+	(PRUint32)hSession, mech,
+	(PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
+	pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
+    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[512];
+    char mech[MECHANISM_BUFSIZE];
+    char shKey[32];
+    char sTlsKeys[128];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
+    if ((rv == CKR_OK) &&
+	(pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
+	CK_SSL3_KEY_MAT_PARAMS *param =
+	    (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
+	CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
+	PR_snprintf(sTlsKeys, sizeof sTlsKeys,
+	    " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
+	    " hClientKey=0x%08lX hServerKey=0x%08lX",
+	    (PRUint32)keymat->hClientMacSecret,
+	    (PRUint32)keymat->hServerMacSecret,
+	    (PRUint32)keymat->hClientKey,
+	    (PRUint32)keymat->hServerKey);
+    } else {
+	sTlsKeys[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+	"C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
+	"hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
+	"phKey=%p)=0x%08lX%s%s",
+	(PRUint32)hSession, mech,
+	(PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount,
+	phKey, (PRUint32)rv, shKey, sTlsKeys);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hKey, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+	"C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
diff --git a/security/nss/lib/softoken/nss.h b/security/nss/lib/softoken/nss.h
new file mode 100644
index 000000000..d0f72fb07
--- /dev/null
+++ b/security/nss/lib/softoken/nss.h
@@ -0,0 +1,253 @@
+/***********************************************************************
+ *
+ * A copy of nss.h from NSS 3.11.4 for the directories that make up the
+ * NSS cryptographic module (lib/freebl and lib/softoken).
+ *
+ * When compiling in these directories, the compiler uses the local copy
+ * of nss.h, allowing the NSS cryptographic module to stay at version
+ * 3.11.4 (the version submitted to NIST for FIPS 140-2 validation).
+ *
+ * DO NOT CHANGE THIS FILE.
+ *
+ ***********************************************************************/
+/*
+ * NSS utility functions
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef __nss_h_
+#define __nss_h_
+
+#include "seccomon.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * NSS's major version, minor version, patch level, and whether
+ * this is a beta release.
+ *
+ * The format of the version string should be
+ *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
+ */
+/* ***** DO NOT CHANGE THIS FILE. ***** */
+#ifdef NSS_ENABLE_ECC
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+#define NSS_VERSION  "3.11.4 Extended ECC"
+#else
+#define NSS_VERSION  "3.11.4 Basic ECC"
+#endif
+#else
+#define NSS_VERSION  "3.11.4"
+#endif
+#define NSS_VMAJOR   3
+#define NSS_VMINOR   11
+#define NSS_VPATCH   4
+#define NSS_BETA     PR_FALSE
+
+/*
+ * Return a boolean that indicates whether the underlying library
+ * will perform as the caller expects.
+ *
+ * The only argument is a string, which should be the verson
+ * identifier of the NSS library. That string will be compared
+ * against a string that represents the actual build version of
+ * the NSS library.  It also invokes the version checking functions
+ * of the dependent libraries such as NSPR.
+ */
+extern PRBool NSS_VersionCheck(const char *importedVersion);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read only.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ */
+extern SECStatus NSS_Init(const char *configdir);
+
+/*
+ * Returns whether NSS has already been initialized or not.
+ */
+extern PRBool NSS_IsInitialized(void);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read/write.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ */
+extern SECStatus NSS_InitReadWrite(const char *configdir);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read/write.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ *
+ * This allows using application defined prefixes for the cert and key db's
+ * and an alternate name for the secmod database. NOTE: In future releases,
+ * the database prefixes my not necessarily map to database names.
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ * 			"https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ * 			"https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * flags - change the open options of NSS_Initialize as follows:
+ * 	NSS_INIT_READONLY - Open the databases read only.
+ * 	NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just 
+ * 			initialize the volatile certdb.
+ * 	NSS_INIT_NOMODDB  - Don't open the security module DB, just 
+ *			initialize the 	PKCS #11 module.
+ *      NSS_INIT_FORCEOPEN - Continue to force initializations even if the 
+ * 			databases cannot be opened.
+ *      NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
+ *			automatically.
+ *      NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
+ *      NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
+ *                      thread-safe, ie. that support locking - either OS
+ *                      locking or NSS-provided locks . If a PKCS#11
+ *                      module isn't thread-safe, don't serialize its
+ *                      calls; just don't load it instead. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example the Java SunPKCS11 provider.
+ *      NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
+ *                      error when loading PKCS#11 modules. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example Java SunPKCS11 provider.
+ *      NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
+ *                      PKCS#11 module. This may be necessary in order to
+ *                      ensure continuous operation and proper shutdown
+ *                      sequence if another piece of code is using the same
+ *                      PKCS#11 modules that NSS is accessing without going
+ *                      through NSS, for example Java SunPKCS11 provider.
+ *                      The following limitation applies when this is set :
+ *                      SECMOD_WaitForAnyTokenEvent will not use
+ *                      C_WaitForSlotEvent, in order to prevent the need for
+ *                      C_Finalize. This call will be emulated instead.
+ *      NSS_INIT_RESERVED - Currently has no effect, but may be used in the
+ *                      future to trigger better cooperation between PKCS#11
+ *                      modules used by both NSS and the Java SunPKCS11
+ *                      provider. This should occur after a new flag is defined
+ *                      for C_Initialize by the PKCS#11 working group.
+ *      NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
+ *                      use both NSS and the Java SunPKCS11 provider.
+ *
+ * Also NOTE: This is not the recommended method for initializing NSS. 
+ * The prefered method is NSS_init().
+ */
+#define NSS_INIT_READONLY	0x1
+#define NSS_INIT_NOCERTDB	0x2
+#define NSS_INIT_NOMODDB	0x4
+#define NSS_INIT_FORCEOPEN	0x8
+#define NSS_INIT_NOROOTINIT     0x10
+#define NSS_INIT_OPTIMIZESPACE  0x20
+#define NSS_INIT_PK11THREADSAFE   0x40
+#define NSS_INIT_PK11RELOAD       0x80
+#define NSS_INIT_NOPK11FINALIZE   0x100
+#define NSS_INIT_RESERVED         0x200
+
+#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \
+        NSS_INIT_PK11RELOAD | \
+        NSS_INIT_NOPK11FINALIZE | \
+        NSS_INIT_RESERVED
+
+#ifdef macintosh
+#define SECMOD_DB "Security Modules"
+#else
+#define SECMOD_DB "secmod.db"
+#endif
+
+extern SECStatus NSS_Initialize(const char *configdir, 
+	const char *certPrefix, const char *keyPrefix, 
+	const char *secmodName, PRUint32 flags);
+
+/*
+ * initialize NSS without a creating cert db's, key db's, or secmod db's.
+ */
+SECStatus NSS_NoDB_Init(const char *configdir);
+
+/*
+ * Allow applications and libraries to register with NSS so that they are called
+ * when NSS shuts down.
+ *
+ * void *appData application specific data passed in by the application at 
+ * NSS_RegisterShutdown() time.
+ * void *nssData is NULL in this release, but is reserved for future versions of 
+ * NSS to pass some future status information * back to the shutdown function. 
+ *
+ * If the shutdown function returns SECFailure,
+ * Shutdown will still complete, but NSS_Shutdown() will return SECFailure.
+ */
+typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData);
+
+/*
+ * Register a shutdown function.
+ */
+SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
+
+/*
+ * Remove an existing shutdown function (you may do this if your library is
+ * complete and going away, but NSS is still running).
+ */
+SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
+
+/* 
+ * Close the Cert, Key databases.
+ */
+extern SECStatus NSS_Shutdown(void);
+
+/*
+ * set the PKCS #11 strings for the internal token.
+ */
+void PK11_ConfigurePKCS11(const char *man, const char *libdes, 
+	const char *tokdes, const char *ptokdes, const char *slotdes, 
+	const char *pslotdes, const char *fslotdes, const char *fpslotdes,
+        int minPwd, int pwRequired);
+
+/*
+ * Dump the contents of the certificate cache and the temporary cert store.
+ * Use to detect leaked references of certs at shutdown time.
+ */
+void nss_DumpCertificateCacheInfo(void);
+
+SEC_END_PROTOS
+
+#endif /* __nss_h_ */