Bug 504611: Apply the following changes to NSS_3_12_3_WITH_CKBI_1_75_RTM

for the NSS 3.12.3.1 release:
1. Fixes for bug 494302, bug 501605, and bug 489811.
2. Change the version strings to 3.12.3.1.
r=nelson
Modified Files:
 Tag: NSS_3_12_3_MINIBRANCH
	coreconf/coreconf.dep nss/lib/ckfw/Makefile
	nss/lib/freebl/win_rand.c nss/lib/nss/nss.h
	nss/lib/softoken/pkcs11.c nss/lib/softoken/softkver.h
	nss/lib/util/nssutil.h

7 files changed, 49 insertions, 34 deletions

diff --git a/security/coreconf/coreconf.dep b/security/coreconf/coreconf.dep
index b536cfc01..b75161110 100644
--- a/security/coreconf/coreconf.dep
+++ b/security/coreconf/coreconf.dep
@@ -42,4 +42,3 @@
  */
 
 #error "Do not include this header file."
-
diff --git a/security/nss/lib/ckfw/Makefile b/security/nss/lib/ckfw/Makefile
index c0b2c5815..186498435 100644
--- a/security/nss/lib/ckfw/Makefile
+++ b/security/nss/lib/ckfw/Makefile
@@ -41,7 +41,7 @@ include $(CORE_DEPTH)/coreconf/config.mk
 include config.mk
 include $(CORE_DEPTH)/coreconf/rules.mk
 
-ifdef MOZILLA_CLIENT
+ifdef NOTDEF # was ifdef MOZILLA_CLIENT
 NSS_BUILD_CAPI = 1
 endif
 
diff --git a/security/nss/lib/freebl/win_rand.c b/security/nss/lib/freebl/win_rand.c
index 37eb11737..184798817 100644
--- a/security/nss/lib/freebl/win_rand.c
+++ b/security/nss/lib/freebl/win_rand.c
@@ -58,6 +58,7 @@ static PRInt32  filesToRead;
 static DWORD    totalFileBytes;
 static DWORD    maxFileBytes	= 250000;	/* 250 thousand */
 static DWORD    dwNumFiles, dwReadEvery, dwFileToRead;
+static PRBool   usedWindowsPRNG;
 
 static BOOL
 CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
@@ -131,24 +132,25 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
     return n;
 }
 
-typedef PRInt32 (* Handler)(const char *);
+typedef PRInt32 (* Handler)(const PRUnichar *);
 #define MAX_DEPTH 2
+#define MAX_FOLDERS 4
+#define MAX_FILES 1024
 
 static void
 EnumSystemFilesInFolder(Handler func, PRUnichar* szSysDir, int maxDepth) 
 {
     int                 iContinue;
+    unsigned int        uFolders  = 0;
+    unsigned int        uFiles    = 0;
     HANDLE              lFindHandle;
     WIN32_FIND_DATAW    fdData;
     PRUnichar           szFileName[_MAX_PATH];
-    char                narrowFileName[_MAX_PATH];
 
     if (maxDepth < 0)
     	return;
-    // tack *.* on the end so we actually look for files. this will
-    // not overflow
-    wcscpy(szFileName, szSysDir);
-    wcscat(szFileName, L"\\*.*");
+    // append *.* so we actually look for files.
+    _snwprintf(szFileName, _MAX_PATH, L"%s\\*.*", szSysDir);
 
     lFindHandle = FindFirstFileW(szFileName, &fdData);
     if (lFindHandle == INVALID_HANDLE_VALUE)
@@ -163,13 +165,10 @@ EnumSystemFilesInFolder(Handler func, PRUnichar* szSysDir, int maxDepth)
 	    _snwprintf(szFileName, _MAX_PATH, L"%s\\%s", szSysDir, 
 		       fdData.cFileName);
 	    if (fdData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
-		EnumSystemFilesInFolder(func, szFileName, maxDepth - 1);
+		if (++uFolders <= MAX_FOLDERS)
+		    EnumSystemFilesInFolder(func, szFileName, maxDepth - 1);
 	    } else {
-		iContinue = WideCharToMultiByte(CP_ACP, 0, szFileName, -1, 
-						narrowFileName, _MAX_PATH, 
-						NULL, NULL);
-		if (iContinue)
-		    iContinue = !(*func)(narrowFileName);
+		iContinue = (++uFiles <= MAX_FILES) && !(*func)(szFileName);
 	    }
 	}
 	if (iContinue)
@@ -187,7 +186,6 @@ EnumSystemFiles(Handler func)
 	CSIDL_RECENT,
 #ifndef WINCE		     
 	CSIDL_INTERNET_CACHE, 
-	CSIDL_COMPUTERSNEARME, 
 	CSIDL_HISTORY,
 #endif
 	0
@@ -208,17 +206,16 @@ EnumSystemFiles(Handler func)
 }
 
 static PRInt32
-CountFiles(const char *file)
+CountFiles(const PRUnichar *file)
 {
     dwNumFiles++;
     return 0;
 }
 
-static void 
+static int
 ReadSingleFile(const char *filename)
 {
     PRFileDesc *    file;
-    int             nBytes;
     unsigned char   buffer[1024];
 
     file = PR_Open(filename, PR_RDONLY, 0);
@@ -227,27 +224,43 @@ ReadSingleFile(const char *filename)
 	    ;
         PR_Close(file);
     }
+    return (file != NULL);
 }
 
 static PRInt32
-ReadOneFile(const char *file)
+ReadOneFile(const PRUnichar *szFileName)
 {
+    char narrowFileName[_MAX_PATH];
+
     if (dwNumFiles == dwFileToRead) {
-	ReadSingleFile(file);
+	int success = WideCharToMultiByte(CP_ACP, 0, szFileName, -1, 
+					  narrowFileName, _MAX_PATH, 
+					  NULL, NULL);
+	if (success)
+	    success = ReadSingleFile(narrowFileName);
+    	if (!success)
+	    dwFileToRead++; /* couldn't read this one, read the next one. */
     }
     dwNumFiles++;
     return dwNumFiles > dwFileToRead;
 }
 
 static PRInt32
-ReadFiles(const char *file)
+ReadFiles(const PRUnichar *szFileName)
 {
+    char narrowFileName[_MAX_PATH];
+
     if ((dwNumFiles % dwReadEvery) == 0) {
 	++filesToRead;
     }
     if (filesToRead) {
-	DWORD    prevFileBytes = totalFileBytes;
-        RNG_FileForRNG(file);
+	DWORD prevFileBytes = totalFileBytes;
+	int   iContinue     = WideCharToMultiByte(CP_ACP, 0, szFileName, -1, 
+						  narrowFileName, _MAX_PATH, 
+						  NULL, NULL);
+	if (iContinue) {
+	    RNG_FileForRNG(narrowFileName);
+	}
 	if (prevFileBytes < totalFileBytes) {
 	    --filesToRead;
 	}
@@ -257,7 +270,7 @@ ReadFiles(const char *file)
 }
 
 static void
-ReadSystemFiles()
+ReadSystemFiles(void)
 {
     // first count the number of files
     dwNumFiles = 0;
@@ -277,6 +290,7 @@ ReadSystemFiles()
         dwReadEvery = 1;  // less than 10 files
 
     dwNumFiles = 0;
+    totalFileBytes = 0;
     EnumSystemFiles(ReadFiles);
 }
 
@@ -349,8 +363,9 @@ void RNG_SystemInfoForRNG(void)
     }
 #endif
 
-    // now let's do some files
-    ReadSystemFiles();
+    // Skip the potentially slow file scanning if the OS's PRNG worked.
+    if (!usedWindowsPRNG)
+	ReadSystemFiles();
 
     nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
     RNG_RandomUpdate(buffer, nBytes);
@@ -410,8 +425,10 @@ void RNG_FileForRNG(const char *filename)
 size_t RNG_SystemRNG(void *dest, size_t maxLen)
 {
     size_t bytes = 0;
+    usedWindowsPRNG = PR_FALSE;
     if (CeGenRandom(maxLen, dest)) {
-	    bytes = maxLen;
+	bytes = maxLen;
+	usedWindowsPRNG = PR_TRUE;
     }
     if (bytes == 0) {
 	bytes = rng_systemFromNoise(dest,maxLen);
@@ -429,8 +446,6 @@ void RNG_FileForRNG(const char *filename)
     struct stat     stat_buf;
     unsigned char   buffer[1024];
 
-   /* static DWORD    totalFileBytes = 0; */
-
     /* windows doesn't initialize all the bytes in the stat buf,
      * so initialize them all here to avoid UMRs.
      */
@@ -516,6 +531,7 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
     HCRYPTPROV hCryptProv;
     size_t bytes = 0;
 
+    usedWindowsPRNG = PR_FALSE;
     hModule = LoadLibrary("advapi32.dll");
     if (hModule == NULL) {
 	return rng_systemFromNoise(dest,maxLen);
@@ -525,6 +541,7 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
     if (pRtlGenRandom) {
 	if (pRtlGenRandom(dest, maxLen)) {
 	    bytes = maxLen;
+	    usedWindowsPRNG = PR_TRUE;
 	} else {
 	    bytes = rng_systemFromNoise(dest,maxLen);
 	}
@@ -544,6 +561,7 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
 	PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
 	if (pCryptGenRandom(hCryptProv, maxLen, dest)) {
 	    bytes = maxLen;
+	    usedWindowsPRNG = PR_TRUE;
 	}
 	pCryptReleaseContext(hCryptProv, 0);
     }
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index bac7c7524..b0a08b0aa 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -66,7 +66,7 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.12.3" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION  "3.12.3.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   12
 #define NSS_VPATCH   3
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index c5c2a8e2b..885121991 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -2587,8 +2587,6 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
 	crv = CKR_DEVICE_ERROR;
 	return crv;
     }
-    RNG_SystemInfoForRNG();
-
 
     /* NOTE:
      * we should be getting out mutexes from this list, not statically binding
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index 41222fc66..39a9007bb 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -57,7 +57,7 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.12.3" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION  "3.12.3.1" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   12
 #define SOFTOKEN_VPATCH   3
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index 9928f2a7b..4da6ee88c 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -49,7 +49,7 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.12.3"
+#define NSSUTIL_VERSION  "3.12.3.1"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   12
 #define NSSUTIL_VPATCH   3