fixup commit for branch 'THUNDERBIRD_M2_BRANCH'THUNDERBIRD_M2_BASE MOZILLA_1_6a_RELEASE

author: cvs2hg <devnull@localhost> 2003-09-18 01:31:45 +0000
committer: cvs2hg <devnull@localhost> 2003-09-18 01:31:45 +0000
commit: 3746b116c4cf056f9b7e965b2470c4d4d21c679a (patch)
tree: 63227d41300e41b5fd378d5b58c23d3879bf2391
parent: 7974ef0641bdd251f375eb5adccec21ef6afd28e (diff)
download: nss-hg-3746b116c4cf056f9b7e965b2470c4d4d21c679a.tar.gz
21 files changed, 175 insertions, 99 deletions
diff --git a/dbm/include/mcom_db.h b/dbm/include/mcom_db.h
index 43d21ad9c..97e74260e 100644
--- a/dbm/include/mcom_db.h
+++ b/dbm/include/mcom_db.h
@@ -190,7 +190,7 @@
 #define LITTLE_ENDIAN   1234
 #endif
 
-#if defined(_WINDOWS) || defined(XP_OS2)
+#if defined(_WINDOWS)
 #ifdef BYTE_ORDER
 #undef BYTE_ORDER
 #endif
@@ -222,14 +222,6 @@
 #define MAXPATHLEN 	1024               
 #endif
 
-#ifdef XP_OS2_VACPP
-#include <os2.h>
-#define	MAXPATHLEN	CCHMAXPATH
-#define	EPERM		EINVAL
-#define	ENOTDIR		EBADPOS
-#define	S_ISDIR(s)	((s) & S_IFDIR)
-#endif
-
 #define	EFTYPE		EINVAL		/* POSIX 1003.1 format errno. */
 
 #ifndef	STDERR_FILENO
@@ -253,7 +245,7 @@ int mkstemp(const char *path);
 PR_END_EXTERN_C
 #endif	/* MACINTOSH */
 
-#if !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2)
+#if !defined(_WINDOWS) && !defined(macintosh)
 #include <sys/stat.h>
 #include <errno.h>
 #endif
diff --git a/security/coreconf/Darwin.mk b/security/coreconf/Darwin.mk
index d58e5c760..edda3effb 100644
--- a/security/coreconf/Darwin.mk
+++ b/security/coreconf/Darwin.mk
@@ -59,7 +59,7 @@ endif
 # definitions so that the linker can catch multiply-defined symbols.
 # Also, common symbols are not allowed with Darwin dynamic libraries.
 
-OS_CFLAGS	= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wmost -fpascal-strings -traditional-cpp -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK
+OS_CFLAGS	= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wmost -fpascal-strings -no-cpp-precomp -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK
 
 ifdef BUILD_OPT
 OPTIMIZER	= -O2
diff --git a/security/coreconf/OS2.mk b/security/coreconf/OS2.mk
index 562a81de5..a8eed088f 100644
--- a/security/coreconf/OS2.mk
+++ b/security/coreconf/OS2.mk
@@ -62,7 +62,7 @@ ifdef XP_OS2_EMX
 
 CCC			= gcc
 LINK			= gcc
-AR                      = emxomfar -p256 r $@
+AR                      = emxomfar r $@
 # Keep AR_FLAGS blank so that we do not have to change rules.mk
 AR_FLAGS                = 
 RANLIB 			= @echo OS2 RANLIB
@@ -73,6 +73,8 @@ FILTER			= emxexp -o
 # GCC for OS/2 currently predefines these, but we don't want them
 DEFINES 		+= -Uunix -U__unix -U__unix__
 
+DEFINES			+= -DTCPV40HDRS
+
 ifndef NO_SHARED_LIB
 WRAP_MALLOC_LIB         = 
 WRAP_MALLOC_CFLAGS      = 
@@ -82,10 +84,7 @@ MKSHLIB                 = $(CXX) $(CXXFLAGS) $(DSO_LDOPTS) -o $@
 MKCSHLIB                = $(CC) $(CFLAGS) $(DSO_LDOPTS) -o $@
 MKSHLIB_FORCE_ALL       = 
 MKSHLIB_UNFORCE_ALL     = 
-DSO_LDOPTS              = -Zomf -Zdll -Zmt -Zcrtdll
-ifeq (,$(EMXOMFLD_LINKER))  # using LINK386.EXE
-  DSO_LDOPTS            += -Zlinker /NOO
-endif
+DSO_LDOPTS              = -Zomf -Zdll
 SHLIB_LDSTARTFILE	= 
 SHLIB_LDENDFILE		= 
 ifdef MAPFILE
@@ -98,11 +97,12 @@ PROCESS_MAP_FILE = \
 	echo DATA    PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \
 	echo EXPORTS >> $@; \
 	grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \
-	sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' >> $@
+	sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,\([\t ]*\),\1_,' | \
+	awk 'BEGIN {ord=1;} { print($$0 " @" ord " RESIDENTNAME"); ord++;}' >> $@
 
 endif   #NO_SHARED_LIB
 
-OS_CFLAGS          = -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Zmtd -Zomf -Zmt  -DDEBUG -DDEBUG_wintrinh -DTRACING -g
+OS_CFLAGS          = -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Zomf -DDEBUG -DTRACING -g
 
 # Where the libraries are
 MOZ_COMPONENT_NSPR_LIBS=-L$(DIST)/lib $(NSPR_LIBS)
diff --git a/security/coreconf/OpenBSD.mk b/security/coreconf/OpenBSD.mk
index 14fa73489..9c6fb3efc 100644
--- a/security/coreconf/OpenBSD.mk
+++ b/security/coreconf/OpenBSD.mk
@@ -46,6 +46,13 @@ OS_REL_CFLAGS		= -Di386
 CPU_ARCH		= x86
 endif
 
+ifndef CLASSIC_NSPR
+USE_PTHREADS		= 1
+DEFINES			+= -D_THREAD_SAFE -pthread
+OS_LIBS			+= -pthread
+DSO_LDOPTS		+= -pthread
+endif
+
 DLL_SUFFIX		= so.1.0
 
 OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -pipe -DOPENBSD
diff --git a/security/coreconf/WIN32.mk b/security/coreconf/WIN32.mk
index 9487e12f5..42347d850 100644
--- a/security/coreconf/WIN32.mk
+++ b/security/coreconf/WIN32.mk
@@ -46,7 +46,7 @@ ifdef NS_USE_GCC
 	AR          += cr $@
 	RANLIB       = ranlib
 	BSDECHO      = echo
-	RC           = windres.exe -O coff
+	RC           = windres.exe -O coff --use-temp-file
 	LINK_DLL      = $(CC) $(OS_DLLFLAGS) $(DLLFLAGS)
 else
 	CC           = cl
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c
index e414f4eb4..b84915f11 100644
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -1130,11 +1130,13 @@ cert_GetCertificateEmailAddresses(CERTCertificate *cert)
     }
     /* now copy superstring to cert's arena */
     finalLen = (pBuf - addrBuf) + 1;
-    pBuf = PORT_ArenaAlloc(cert->arena, finalLen);
-    if (pBuf) {
-    	PORT_Memcpy(pBuf, addrBuf, finalLen);
+    pBuf = NULL;
+    if (finalLen > 1) {
+	pBuf = PORT_ArenaAlloc(cert->arena, finalLen);
+	if (pBuf) {
+	    PORT_Memcpy(pBuf, addrBuf, finalLen);
+	}
     }
-     
 loser:
     if (tmpArena)
 	PORT_FreeArena(tmpArena, PR_FALSE);
diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c
index 94cde971a..e8ddcee71 100644
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -193,17 +193,30 @@ CERT_CreateGeneralNameList(CERTGeneralName *name) {
     }
     list = (CERTGeneralNameList *)
 	PORT_ArenaZAlloc(arena, sizeof(CERTGeneralNameList));
+    if (!list)
+    	goto loser;
     if (name != NULL) {
+	SECStatus rv;
 	list->name = (CERTGeneralName *)
 	    PORT_ArenaZAlloc(arena, sizeof(CERTGeneralName));
+	if (!list->name)
+	    goto loser;
 	list->name->l.next = list->name->l.prev = &list->name->l;
-	CERT_CopyGeneralName(arena, list->name, name);
+	rv = CERT_CopyGeneralName(arena, list->name, name);
+	if (rv != SECSuccess)
+	    goto loser;
     }
     list->lock = PZ_NewLock(nssILockList);
+    if (!list->lock)
+    	goto loser;
     list->arena = arena;
     list->refCount = 1;
 done:
     return list;
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
 }
 
 CERTGeneralName *
@@ -244,7 +257,6 @@ SECItem *
 CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PRArenaPool *arena)
 {
 
-
     PORT_Assert(arena);
     if (arena == NULL) {
 	goto loser;
@@ -290,9 +302,12 @@ CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PRArenaPool *are
       case certDirectoryName:
 	  if (genName->derDirectoryName.data == NULL) {
 	      /* The field hasn't been encoded yet. */
+	      SECItem * pre_dest =
 	      SEC_ASN1EncodeItem (arena, &(genName->derDirectoryName),
 				  &(genName->name.directoryName), 
 				  CERT_NameTemplate);
+	      if (!pre_dest)
+		  goto loser;
 	  }
 	  if (genName->derDirectoryName.data == NULL) {
 	      goto loser;
@@ -570,10 +585,10 @@ cert_DecodeNameConstraint(PRArenaPool       *arena,
     SECStatus              rv = SECSuccess;
     CERTGeneralName        *temp;
 
-
-
     PORT_Assert(arena);
     constraint = (CERTNameConstraint *) PORT_ArenaZAlloc(arena, sizeof(CERTNameConstraint));
+    if (!constraint)
+    	goto loser;
     rv = SEC_ASN1DecodeItem(arena, constraint, CERTNameConstraintTemplate, encodedConstraint);
     if (rv != SECSuccess) {
 	goto loser;
@@ -700,6 +715,8 @@ CERT_CopyGeneralName(PRArenaPool      *arena,
 	      rv = SECITEM_CopyItem(arena, &dest->name.other, &src->name.other);
 	  }
 	}
+	if (rv != SECSuccess)
+	    return rv;
 	src = cert_get_next_general_name(src);
 	/* if there is only one general name, we shouldn't do this */
 	if (src != srcHead) {
@@ -711,6 +728,8 @@ CERT_CopyGeneralName(PRArenaPool      *arena,
 		    temp = (CERTGeneralName *)
 		      PORT_ZAlloc(sizeof(CERTGeneralName));
 		}
+		if (!temp)
+		    return SECFailure;
 		temp->l.next = &destHead->l;
 		temp->l.prev = &dest->l;
 		destHead->l.prev = &temp->l;
diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c
index 3b818d370..f9911b81c 100644
--- a/security/nss/lib/certhigh/certhigh.c
+++ b/security/nss/lib/certhigh/certhigh.c
@@ -418,7 +418,7 @@ CollectNicknames( NSSCertificate *c, void *data)
      * a duplicate
      */
     if ( saveit ) {
-	nickname = STAN_GetCERTCertificateName(c);
+	nickname = STAN_GetCERTCertificateName(NULL, c);
 	/* nickname can only be NULL here if we are having memory 
 	 * alloc problems */
 	if (nickname == NULL) {
diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile
index 712b55cf1..7aba1e81e 100644
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -338,3 +338,11 @@ release_md::
 	cd $(PURE32DIR) && $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_PURE_32=1 FREEBL_PARENT=$(CDDIR) CORE_DEPTH=$(CDDIR)/$(CORE_DEPTH) $@
 
 endif
+
+# Bugzilla Bug 209827: disable optimization to work around what appears
+# to be a VACPP optimizer bug.
+ifdef XP_OS2_VACPP
+$(OBJDIR)/alg2268.obj: alg2268.c
+	@$(MAKE_OBJDIR)
+	$(CC) -Fo$@ -c $(filter-out /O+, $(CFLAGS)) $(call abspath,$<)
+endif
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index e6baca71c..f2c73b7c8 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -49,10 +49,10 @@ SEC_BEGIN_PROTOS
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
  */
-#define NSS_VERSION  "3.8.1 Beta"
+#define NSS_VERSION  "3.8.2 Beta 2"
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   8
-#define NSS_VPATCH   1
+#define NSS_VPATCH   2
 #define NSS_BETA     PR_TRUE
 
 
diff --git a/security/nss/lib/pk11wrap/Makefile b/security/nss/lib/pk11wrap/Makefile
index a84456e7d..333b07d37 100644
--- a/security/nss/lib/pk11wrap/Makefile
+++ b/security/nss/lib/pk11wrap/Makefile
@@ -86,3 +86,14 @@ $(OBJDIR)/pk11slot.o: pk11slot.c
 endif
 endif
 endif
+
+# Bugzilla Bug 209827: disable optimization to work around what appears
+# to be a VACPP optimizer bug.
+ifdef XP_OS2_VACPP
+$(OBJDIR)/pk11skey.obj: pk11skey.c
+	@$(MAKE_OBJDIR)
+	$(CC) -Fo$@ -c $(filter-out /O+, $(CFLAGS)) $(call abspath,$<)
+$(OBJDIR)/pk11slot.obj: pk11slot.c
+	@$(MAKE_OBJDIR)
+	$(CC) -Fo$@ -c $(filter-out /O+, $(CFLAGS)) $(call abspath,$<)
+endif
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index 33d896ec5..ebe346f99 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -3308,19 +3308,6 @@ struct listCertsStr {
     CERTCertList *certList;
 };
 
-static PRBool
-isOnList(CERTCertList *certList,NSSCertificate *c)
-{
-	CERTCertListNode *cln;
-
-	for (cln = CERT_LIST_HEAD(certList); !CERT_LIST_END(cln,certList);
-			cln = CERT_LIST_NEXT(cln)) {
-	    if (cln->cert->nssCertificate == c) {
-		return PR_TRUE;
-	    }
-	}
-	return PR_FALSE;
-}
 static PRStatus
 pk11ListCertCallback(NSSCertificate *c, void *arg)
 {
@@ -3353,12 +3340,6 @@ pk11ListCertCallback(NSSCertificate *c, void *arg)
 	return PR_SUCCESS;
     }
 
-    /* if we want Unique certs and we already have it on our list, skip it */
-    if ( isUnique && isOnList(certList,c) ) {
-	return PR_SUCCESS;
-    }
-
-
     newCert = STAN_GetCERTCertificate(c);
     if (!newCert) {
 	return PR_SUCCESS;
@@ -3367,15 +3348,42 @@ pk11ListCertCallback(NSSCertificate *c, void *arg)
     if( isCA  && (!CERT_IsCACert(newCert, &certType)) ) {
 	return PR_SUCCESS;
     }
-    CERT_DupCertificate(newCert);
+    if (isUnique) {
+	CERT_DupCertificate(newCert);
 
-    nickname = STAN_GetCERTCertificateName(c);
+	nickname = STAN_GetCERTCertificateName(certList->arena, c);
 
-    /* put slot certs at the end */
-    if (newCert->slot && !PK11_IsInternal(newCert->slot)) {
-    	CERT_AddCertToListTailWithData(certList,newCert,nickname);
+	/* put slot certs at the end */
+	if (newCert->slot && !PK11_IsInternal(newCert->slot)) {
+	    CERT_AddCertToListTailWithData(certList,newCert,nickname);
+	} else {
+	    CERT_AddCertToListHeadWithData(certList,newCert,nickname);
+	}
     } else {
-    	CERT_AddCertToListHeadWithData(certList,newCert,nickname);
+	/* add multiple instances to the cert list */
+	nssCryptokiObject **ip;
+	nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+	if (!instances) {
+	    return PR_SUCCESS;
+	}
+	for (ip = instances; *ip; ip++) {
+	    nssCryptokiObject *instance = *ip;
+	    PK11SlotInfo *slot = instance->token->pk11slot;
+
+	    /* put the same CERTCertificate in the list for all instances */
+	    CERT_DupCertificate(newCert);
+
+	    nickname = STAN_GetCERTCertificateNameForInstance(
+			certList->arena, c, instance);
+
+	    /* put slot certs at the end */
+	    if (slot && !PK11_IsInternal(slot)) {
+		CERT_AddCertToListTailWithData(certList,newCert,nickname);
+	    } else {
+		CERT_AddCertToListHeadWithData(certList,newCert,nickname);
+	    }
+	}
+	nssCryptokiObjectArray_Destroy(instances);
     }
     return PR_SUCCESS;
 }
diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h
index 115a42bb3..801d26eb7 100644
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@@ -264,6 +264,10 @@ PK11SymKey *PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent,
     PRBool owner, void *wincx);
 PK11SymKey *PK11_GetWrapKey(PK11SlotInfo *slot, int wrap,
 			      CK_MECHANISM_TYPE type,int series, void *wincx);
+/*
+ * This function is not thread-safe.  It can only be called when only
+ * one thread has a reference to wrapKey.
+ */
 void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey);
 CK_MECHANISM_TYPE PK11_GetMechanism(PK11SymKey *symKey);
 CK_OBJECT_HANDLE PK11_ImportPublicKey(PK11SlotInfo *slot, 
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index 430b40f3e..6d582f874 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -324,6 +324,11 @@ PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type,
     return symKey;
 }
 
+/*
+ * This function is not thread-safe because it sets wrapKey->sessionOwner
+ * without using a lock or atomic routine.  It can only be called when
+ * only one thread has a reference to wrapKey.
+ */
 void
 PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey)
 {
@@ -3423,20 +3428,7 @@ PK11_ExitContextMonitor(PK11Context *cx) {
 void
 PK11_DestroyContext(PK11Context *context, PRBool freeit)
 {
-    SECStatus rv = SECFailure;
-    if (context->ownSession && context->key && /* context owns session & key */
-        context->key->session == context->session && /* sharing session */
-        !context->key->sessionOwner)              /* sanity check */
-    {
-	/* session still valid, let the key free it as necessary */
-        rv = PK11_Finalize(context); /* end any ongoing activity */
-	if (rv == SECSuccess) {
-	    context->key->sessionOwner = PR_TRUE;
-	} /* else couldn't finalize the session, close it */
-    }
-    if (rv == SECFailure) {
-	pk11_CloseSession(context->slot,context->session,context->ownSession);
-    }
+    pk11_CloseSession(context->slot,context->session,context->ownSession);
     /* initialize the critical fields of the context */
     if (context->savedData != NULL ) PORT_Free(context->savedData);
     if (context->key) PK11_FreeSymKey(context->key);
@@ -3620,14 +3612,7 @@ static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type,
     context->operation = operation;
     context->key = symKey ? PK11_ReferenceSymKey(symKey) : NULL;
     context->slot = PK11_ReferenceSlot(slot);
-    if (symKey && symKey->sessionOwner) {
-	/* The symkey owns a session.  Adopt that session. */
-	context->session = symKey->session;
-	context->ownSession = symKey->sessionOwner;
-	symKey->sessionOwner = PR_FALSE;
-    } else {
-	context->session = pk11_GetNewSession(slot, &context->ownSession);
-    }
+    context->session = pk11_GetNewSession(slot,&context->ownSession);
     context->cx = symKey ? symKey->cx : NULL;
     /* get our session */
     context->savedData = NULL;
diff --git a/security/nss/lib/pkcs7/p7decode.c b/security/nss/lib/pkcs7/p7decode.c
index 54c279ca4..be0c56ac4 100644
--- a/security/nss/lib/pkcs7/p7decode.c
+++ b/security/nss/lib/pkcs7/p7decode.c
@@ -277,11 +277,8 @@ sec_pkcs7_decoder_start_digests (SEC_PKCS7DecoderContext *p7dcx, int depth,
 
     /*
      * No algorithms means no work to do.
-     * This is not expected, so cause an assert.
-     * But if it does happen, just act as if there were
-     * no algorithms specified.
+     * Just act as if there were no algorithms specified.
      */
-    PORT_Assert (digcnt != 0);
     if (digcnt == 0)
 	return SECSuccess;
 
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index ef378970a..7c91d5c41 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -586,9 +586,12 @@ get_cert_instance(NSSCertificate *c)
 }
 
 char * 
-STAN_GetCERTCertificateName(NSSCertificate *c)
+STAN_GetCERTCertificateNameForInstance (
+  PLArenaPool *arenaOpt,
+  NSSCertificate *c,
+  nssCryptokiInstance *instance
+)
 {
-    nssCryptokiInstance *instance = get_cert_instance(c);
     NSSCryptoContext *context = c->object.cryptoContext;
     PRStatus nssrv;
     int nicklen, tokenlen, len;
@@ -613,7 +616,11 @@ STAN_GetCERTCertificateName(NSSCertificate *c)
 	}
 	nicklen = nssUTF8_Size(stanNick, &nssrv);
 	len = tokenlen + nicklen;
-	nickname = PORT_Alloc(len);
+	if (arenaOpt) {
+	    nickname = PORT_ArenaAlloc(arenaOpt, len);
+	} else {
+	    nickname = PORT_Alloc(len);
+	}
 	nick = nickname;
 	if (tokenName) {
 	    memcpy(nick, tokenName, tokenlen-1);
@@ -626,6 +633,12 @@ STAN_GetCERTCertificateName(NSSCertificate *c)
     return nickname;
 }
 
+char * 
+STAN_GetCERTCertificateName(PLArenaPool *arenaOpt, NSSCertificate *c)
+{
+    nssCryptokiInstance *instance = get_cert_instance(c);
+    return STAN_GetCERTCertificateNameForInstance(arenaOpt, c, instance);
+}
 
 static void
 fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced)
diff --git a/security/nss/lib/pki/pki3hack.h b/security/nss/lib/pki/pki3hack.h
index da68269c3..6e50725d3 100644
--- a/security/nss/lib/pki/pki3hack.h
+++ b/security/nss/lib/pki/pki3hack.h
@@ -42,6 +42,10 @@ static const char PKINSS3HACK_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name
 #include "nssdevt.h"
 #endif /* NSSDEVT_H */
 
+#ifndef DEVT_H
+#include "devt.h"
+#endif /* DEVT_H */
+
 #ifndef NSSPKIT_H
 #include "nsspkit.h"
 #endif /* NSSPKIT_H */
@@ -107,7 +111,12 @@ nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena,
                                      NSSDER *issuer, NSSDER *serial);
 
 NSS_EXTERN char *
-STAN_GetCERTCertificateName(NSSCertificate *c);
+STAN_GetCERTCertificateName(PLArenaPool *arenaOpt, NSSCertificate *c);
+
+NSS_EXTERN char *
+STAN_GetCERTCertificateNameForInstance(PLArenaPool *arenaOpt,
+                                       NSSCertificate *c,
+                                       nssCryptokiInstance *instance);
 
 /* exposing this */
 NSS_EXTERN NSSCertificate *
diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c
index 1f1d3fa97..c9fd8012f 100644
--- a/security/nss/lib/pki/tdcache.c
+++ b/security/nss/lib/pki/tdcache.c
@@ -488,11 +488,15 @@ nssTrustDomain_RemoveTokenCertsFromCache (
     for (i=0; i<dtor.numCerts; i++) {
 	if (dtor.certs[i]->object.numInstances == 0) {
 	    nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]);
-	} else {
-	    STAN_ForceCERTCertificateUpdate(dtor.certs[i]);
+	    dtor.certs[i] = NULL;  /* skip this cert in the second for loop */
 	}
     }
     PZ_Unlock(td->cache->lock);
+    for (i=0; i<dtor.numCerts; i++) {
+	if (dtor.certs[i]) {
+	    STAN_ForceCERTCertificateUpdate(dtor.certs[i]);
+	}
+    }
     nss_ZFreeIf(dtor.certs);
     return PR_SUCCESS;
 }
diff --git a/security/nss/lib/ssl/sslmutex.c b/security/nss/lib/ssl/sslmutex.c
index d877b074f..6dad7b33b 100644
--- a/security/nss/lib/ssl/sslmutex.c
+++ b/security/nss/lib/ssl/sslmutex.c
@@ -199,10 +199,17 @@ sslMutex_Destroy(sslMutex *pMutex)
 #if defined(LINUX) && defined(i386)
 /* No memory barrier needed for this platform */
 
+/* nWaiters includes the holder of the lock (if any) and the number
+** threads waiting for it.  After incrementing nWaiters, if the count
+** is exactly 1, then you have the lock and may proceed.  If the 
+** count is greater than 1, then you must wait on the pipe.
+*/ 
+
+
 SECStatus 
 sslMutex_Unlock(sslMutex *pMutex)
 {
-    PRInt32 oldValue;
+    PRInt32 newValue;
     if (PR_FALSE == pMutex->isMultiProcess) {
         return single_process_sslMutex_Unlock(pMutex);
     }
@@ -212,8 +219,8 @@ sslMutex_Unlock(sslMutex *pMutex)
 	return SECFailure;
     }
     /* Do Memory Barrier here. */
-    oldValue = PR_AtomicDecrement(&pMutex->u.pipeStr.nWaiters);
-    if (oldValue > 1) {
+    newValue = PR_AtomicDecrement(&pMutex->u.pipeStr.nWaiters);
+    if (newValue > 0) {
 	int  cc;
 	char c  = 1;
 	do {
@@ -233,7 +240,7 @@ sslMutex_Unlock(sslMutex *pMutex)
 SECStatus 
 sslMutex_Lock(sslMutex *pMutex)
 {
-    PRInt32 oldValue;
+    PRInt32 newValue;
     if (PR_FALSE == pMutex->isMultiProcess) {
         return single_process_sslMutex_Lock(pMutex);
     }
@@ -242,9 +249,9 @@ sslMutex_Lock(sslMutex *pMutex)
 	PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
 	return SECFailure;
     }
-    oldValue = PR_AtomicDecrement(&pMutex->u.pipeStr.nWaiters);
+    newValue = PR_AtomicIncrement(&pMutex->u.pipeStr.nWaiters);
     /* Do Memory Barrier here. */
-    if (oldValue > 0) {
+    if (newValue > 1) {
 	int   cc;
 	char  c;
 	do {
diff --git a/security/nss/lib/util/secitem.c b/security/nss/lib/util/secitem.c
index 012a403af..eb4683ca4 100644
--- a/security/nss/lib/util/secitem.c
+++ b/security/nss/lib/util/secitem.c
@@ -143,6 +143,11 @@ SECITEM_CompareItem(const SECItem *a, const SECItem *b)
     unsigned m;
     SECComparison rv;
 
+    if (!a || !a->len || !a->data) 
+        return (!b || !b->len || !b->data) ? SECEqual : SECLessThan;
+    if (!b || !b->len || !b->data) 
+    	return SECGreaterThan;
+
     m = ( ( a->len < b->len ) ? a->len : b->len );
     
     rv = (SECComparison) PORT_Memcmp(a->data, b->data, m);
@@ -161,10 +166,15 @@ SECITEM_CompareItem(const SECItem *a, const SECItem *b)
 PRBool
 SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b)
 {
-    if (SECITEM_CompareItem(a, b) == SECEqual)
-	return PR_TRUE;
-
-    return PR_FALSE;
+    if (a->len != b->len)
+        return PR_FALSE;
+    if (!a->len)
+    	return PR_TRUE;
+    if (!a->data || !b->data) {
+        /* avoid null pointer crash. */
+	return (PRBool)(a->data == b->data);
+    }
+    return (PRBool)!PORT_Memcmp(a->data, b->data, a->len);
 }
 
 SECItem *
diff --git a/security/nss/tests/ssl/sslreq.txt b/security/nss/tests/ssl/sslreq.txt
index 2f7ad7736..c1da607c0 100644
--- a/security/nss/tests/ssl/sslreq.txt
+++ b/security/nss/tests/ssl/sslreq.txt
@@ -1,2 +1,2 @@
-GET / HTTP/1.0
-
+GET / HTTP/1.0
+
author	cvs2hg <devnull@localhost>	2003-09-18 01:31:45 +0000
committer	cvs2hg <devnull@localhost>	2003-09-18 01:31:45 +0000
commit	3746b116c4cf056f9b7e965b2470c4d4d21c679a (patch)
tree	63227d41300e41b5fd378d5b58c23d3879bf2391
parent	7974ef0641bdd251f375eb5adccec21ef6afd28e (diff)
download	nss-hg-3746b116c4cf056f9b7e965b2470c4d4d21c679a.tar.gz