Removed some remaining SelectVisible calls in favor of CanSeeBug

git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@121533 18797224-902f-48f8-a5cc-f745e15eee43
Update to HEAD 2002/05/13
2002-05-15 18:36:31 +00:00 · 2002-05-13 21:56:49 +00:00 · 2002-05-13 20:49:00 +00:00 · 2002-05-13 20:46:50 +00:00 · 2002-05-13 06:24:51 +00:00 · 2002-04-26 18:59:37 +00:00
384 changed files with 106012 additions and 92340 deletions
--- a/mozilla/security/nss/lib/rdb/Makefile
+++ b/mozilla/security/nss/lib/rdb/Makefile
@@ -1,80 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-export:: private_export
-
--- a/mozilla/security/nss/lib/rdb/config.mk
+++ b/mozilla/security/nss/lib/rdb/config.mk
@@ -1,82 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-ifdef NISCC_TEST
-DEFINES += -DNISCC_TEST
-endif
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-
-# don't want the 32 in the shared library name
-SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
-IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
-
-RES = $(OBJDIR)/$(LIBRARY_NAME).res
-RESNAME = $(LIBRARY_NAME).rc
-
-ifdef NS_USE_GCC
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib \
-	-lsqlite3 \
-	$(NULL)
-else # ! NS_USE_GCC
-EXTRA_SHARED_LIBS += \
-	$(DIST)/lib/sqlite3.lib \
-	$(NULL)
-endif # NS_USE_GCC
-
-else
-
-
-# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
-# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib/ \
-	-lsqlite3 \
-	$(NULL)
-
-ifeq ($(OS_ARCH), BeOS)
-EXTRA_SHARED_LIBS += -lbe
-endif
-
-ifeq ($(OS_TARGET),SunOS)
-# The -R '$ORIGIN' linker option instructs this library to search for its
-# dependencies in the same directory where it resides.
-MKSHLIB += -R '$$ORIGIN'
-endif
-
-endif
--- a/mozilla/security/nss/lib/rdb/manifest.mn
+++ b/mozilla/security/nss/lib/rdb/manifest.mn
@@ -1,49 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is Red Hat, Inc.
-#
-# The Initial Developer of the Original Code is
-# Red Hat, Inc.
-# Portions created by the Initial Developer are Copyright (C) 2005
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-
-MODULE = rdb
-MAPFILE = $(OBJDIR)/rdb.def
-
-CSRCS = \
-	rdb.c \
-	$(NULL)
-
-
-REQUIRES = dbm nss sqlite nspr
-
-LIBRARY_NAME = rdb
--- a/mozilla/security/nss/lib/rdb/rdb.c
+++ b/mozilla/security/nss/lib/rdb/rdb.c
@@ -1,807 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is Red Hat, Inc.
- *
- * The Initial Developer of the Original Code is
- * Red Hat, Inc.
- * Portions created by the Initial Developer are Copyright (C) 2005
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Robert Relyea (rrelyea@redhat.com)
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- *   This implementation has two slots:
- *	slot 1 is our generic crypto support. It does not require login.
- *   It supports Public Key ops, and all they bulk ciphers and hashes. 
- *   It can also support Private Key ops for imported Private keys. It does 
- *   not have any token storage.
- *	slot 2 is our private key support. It requires a login before use. It
- *   can store Private Keys and Certs as token objects. Currently only private
- *   keys and their associated Certificates are saved on the token.
- *
- *   In this implementation, session objects are only visible to the session
- *   that created or generated them.
- */
-#include "sqlite3.h"
-#include "mcom_db.h"
-#include "errno.h"
-#ifndef DARWIN
-#include "malloc.h"
-#endif
-#include "stdlib.h"
-#include "string.h"
-#include "sys/stat.h"
-#include "fcntl.h"
-#ifdef _WINDOWS
-#include "direct.h"
-#define usleep(x)
-#else
-#include "unistd.h"
-#endif
-
-/*
- * the following data structures should be moved to a 'rdb.h'.
- */
-#define STATIC_CMD_SIZE 2048
-struct RDBStr {
-    DB  db;
-    int (*xactstart)(DB *db);
-    int (*xactdone)(DB *db, PRBool abort);
-    int version;
-    int (*dbinitcomplete)(DB *db);
-    int flags;
-    int index;
-    unsigned char *dataPool;
-    int dataPoolSize;
-    unsigned char *keyPool;
-    int keyPoolSize;
-    sqlite3_stmt *delStmt;
-    sqlite3_stmt *getStmt;
-    sqlite3_stmt *seqStmt;
-    sqlite3_stmt *insertStmt;
-    sqlite3_stmt *replaceStmt;
-    sqlite3_stmt *beginStmt;
-    sqlite3_stmt *rollbackStmt;
-    sqlite3_stmt *commitStmt;
-};
-
-
-typedef struct RDBStr RDB;
-#define DB_RDB ((DBTYPE) 0xff)
-#define RDB_RDONLY      1
-#define RDB_RDWR        2
-#define RDB_CREATE      4
-
-#define DBM_OK 0
-#define DBM_ERROR -1
-#define DBM_END  1
-
-#define DEL_CMD      "DELETE FROM nssTable WHERE key=$KEY;"
-#define GET_CMD      "SELECT ALL * FROM nssTable WHERE key=$KEY;"
-#define SEQ_CMD      "SELECT ALL * FROM nssTable LIMIT 1 OFFSET $OFFSET;"
-#define INSERT_CMD   "INSERT INTO nssTable VALUES ( $KEY, $DATA );"
-#define REPLACE_CMD  "REPLACE INTO nssTable VALUES ( $KEY, $DATA );"
-#define BEGIN_CMD    "BEGIN EXCLUSIVE TRANSACTION;"
-#define ROLLBACK_CMD "ROLLBACK TRANSACTION;"
-#define COMMIT_CMD   "COMMIT TRANSACTION;"
-#define INIT_CMD  \
- "CREATE TABLE nssTable (Key PRIMARY KEY UNIQUE ON CONFLICT ABORT, Data);"
-#define IN_INIT_CMD   "CREATE TABLE nssInit (dummy);"
-#define DONE_INIT_CMD "DROP TABLE nssInit;"
-#define CHECK_TABLE_CMD "SELECT ALL * FROM %s LIMIT 0;"
-
-static int rdbupdateStmt(sqlite3 *db, sqlite3_stmt **stmt, const char *cmd)
-{
-    sqlite3_finalize(*stmt);
-    return sqlite3_prepare(db, cmd, -1, stmt, NULL);
-}
-
-#define MAX_RETRIES 10
-static int rdbdone(int err, int *count)
-{
-    /* allow as many rows as the database wants to give */
-    if (err == SQLITE_ROW) {
-	*count = 0;
-	return 0;
-    }
-    if (err != SQLITE_BUSY) {
-	return 1;
-    }
-    /* err == SQLITE_BUSY, Dont' retry forever in this case */
-    if (++(*count) >= MAX_RETRIES) {
-	return 1;
-    }
-    return 0;
-}
-
-static int rdbmapSQLError(sqlite3 *db, int sqlerr)
-{
-    if ((sqlerr == SQLITE_OK) ||
-	(sqlerr == SQLITE_DONE)) {
-	return DBM_OK;
-    } else {
-	return DBM_ERROR;
-    }
-}
-
-int rdbxactstart(DB *db)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->beginStmt, BEGIN_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->beginStmt;
-
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-    sqlite3_reset(stmt);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-
-int rdbxactdone(DB *db, PRBool abort)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->rollbackStmt, ROLLBACK_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->commitStmt, COMMIT_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = abort ? rdb->rollbackStmt : rdb->commitStmt;
-
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-    sqlite3_reset(stmt);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-
-int rdbclose(DB *db)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    int sqlerr = SQLITE_OK;
-
-    sqlite3_finalize(rdb->delStmt);
-    sqlite3_finalize(rdb->getStmt);
-    sqlite3_finalize(rdb->seqStmt);
-    sqlite3_finalize(rdb->insertStmt);
-    sqlite3_finalize(rdb->replaceStmt);
-    sqlite3_finalize(rdb->beginStmt);
-    sqlite3_finalize(rdb->rollbackStmt);
-    sqlite3_finalize(rdb->commitStmt);
-
-    sqlerr = sqlite3_close(psqlDB);
-    /* assert sqlerr == SQLITE_OK */
-    free(rdb);
-    return DBM_OK;
-}
-
-
-int rdbdel(const DB *db, const DBT *key, uint flags)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->delStmt, DEL_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->delStmt;
-
-    sqlite3_bind_blob(stmt, 1, key->data, key->size, SQLITE_STATIC);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-
-void
-setData(DBT *dbt,const char *blobData, int blobSize, 
-	unsigned char **poolPtr, int *poolSizePtr) 
-{
-    int size = blobSize < 2048 ? blobSize : 2048;
-
-    if (size > *poolSizePtr) {
-	*poolPtr = realloc(*poolPtr,size);
-	*poolSizePtr = size;
-    }
-    memcpy(*poolPtr, blobData, blobSize);
-    dbt->data = *poolPtr;
-    dbt->size = blobSize;
-}
-
-
-int rdbget(const DB *db, const DBT *key, DBT *data, uint flags)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int found = 0;
-    int sqlerr;
-    int ret;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->getStmt, GET_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->getStmt;
-
-    sqlite3_bind_blob(stmt, 1, key->data, key->size, SQLITE_STATIC);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-	if (sqlerr == SQLITE_ROW) {
-	    /* we only asked for 1, this will return the last one */
-	    int blobSize = sqlite3_column_bytes(stmt, 1);
-	    const char *blobData = sqlite3_column_blob(stmt, 1);
-	    setData(data,blobData,blobSize, &rdb->dataPool, &rdb->dataPoolSize);
-	    found = 1;
-	}
-    } while (!rdbdone(sqlerr,&retry));
-
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-
-    ret = rdbmapSQLError(psqlDB, sqlerr);
-    if ((ret == 0) && (!found)) {
-	ret = DBM_END;
-    }
-
-    return ret;
-}
-
-int rdbput(const DB *db, const DBT *key, const DBT *data, uint flag)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->insertStmt, INSERT_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->replaceStmt, REPLACE_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = (flag == R_NOOVERWRITE) ? rdb->insertStmt : rdb->replaceStmt;
-
-    sqlite3_bind_blob(stmt, 1, key->data, key->size, SQLITE_STATIC);
-    sqlite3_bind_blob(stmt, 2, data->data, data->size, SQLITE_STATIC);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-    sqlite3_bind_null(stmt,0);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-	
-int rdbseq(const DB *db, DBT *key, DBT *data, uint flags)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int found = 0;
-    int sqlerr;
-    int ret;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (flags == R_FIRST) {
-	rdb->index = 0;
-    } else if (flags == R_NEXT) {
-	rdb->index++;
-    } else {
-	errno = EINVAL;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->seqStmt, SEQ_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->seqStmt;
-
-    sqlite3_bind_int(stmt, 1, rdb->index);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-	if (sqlerr == SQLITE_ROW) {
-	    /* we only asked for 1, this will return the last one */
-	    int blobSize = sqlite3_column_bytes(stmt, 0);
-	    const char *blobData = sqlite3_column_blob(stmt, 0);
-	    setData(key,blobData,blobSize, &rdb->keyPool, &rdb->keyPoolSize);
-	    blobSize = sqlite3_column_bytes(stmt, 1);
-	    blobData = sqlite3_column_blob(stmt, 1);
-	    setData(data,blobData,blobSize, &rdb->dataPool, &rdb->dataPoolSize);
-	    found = 1;
-	}
-    } while (!rdbdone(sqlerr,&retry));
-
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-
-    ret = rdbmapSQLError(psqlDB, sqlerr);
-    if ((ret == 0) && (!found)) {
-	ret = DBM_END;
-    }
-    return ret;
-}
-
-
-int rdbsync(const DB *db, uint flags)
-{
-   return DBM_OK;
-}
-
-
-int rdbfd(const DB *db)
-{
-    errno = EINVAL;
-    return DBM_ERROR;
-}
-
-int rdbinitcomplete(DB *db)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    int sqlerr;
-
-    sqlerr = sqlite3_exec(psqlDB, DONE_INIT_CMD, NULL, 0, NULL);
-    /* deal with the error! */
-    return DBM_OK;
-}
-
-
-static int grdbstatus = 0;
-int rdbstatus(void)
-{
-    return grdbstatus;
-}
-
-static int tableExists(sqlite3 *sqlDB, const char *tableName)
-{
-    int sqlerr;
-    char * cmd = sqlite3_mprintf(CHECK_TABLE_CMD, tableName);
-
-    if (cmd == NULL) {
-	return 0;
-    }
-
-    sqlerr = 
-	 sqlite3_exec(sqlDB, cmd, NULL, 0, 0);
-    sqlite3_free(cmd);
-
-    return (sqlerr == SQLITE_OK) ? 1 : 0;
-}
-
-
-static int rdbIsDirectory(const char *dir)
-{
-    struct stat sbuf;
-    int rc;
-
-    rc = stat(dir,&sbuf);
-    if (rc == 0) {
-	return ((sbuf.st_mode & S_IFDIR) == S_IFDIR);
-    }
-    return 0;
-}
-
-static int rdbRmFile(const char *fileName)
-{
-    int rc = unlink(fileName);
-    if ((rc < 0) && (errno == EPERM)) {
-	chmod(fileName,0644);
-	rc = unlink(fileName);
-    }
-    return rc;
-}
-
-#define MAX_RECURSE_LEVEL 15
-#define DIR_MODE 0755
-#ifdef _WINDOWS
-#define MKDIR(x,y) mkdir(x)
-#else
-#define MKDIR(x,y) mkdir(x,y)
-#endif
-
-/*
- * Create a directory. Create any missing or broken 
- * components we need along the way. If we already have a
- * directory, return success.
- */
-int rdbMakedir(const char *directory, int level, int mode)
-{
-   int rc;
-   char *buf, *cp;
-#ifdef _WINDOWS
-   char *cp1;
-#endif
-
-   /* prevent arbitrary stack overflow */
-   if (level > MAX_RECURSE_LEVEL) {
-	errno = ENAMETOOLONG;
-	return -1;
-   }
-   umask(0);
-
-   /* just try it first */
-   rc = MKDIR(directory, mode);
-   if (rc != 0) {
-	if (errno == EEXIST) {
-	    if (rdbIsDirectory(directory)) {
-		/* we have a directory, use it */
-		return 0;
-	    } else  { /* must be a file */
-		/* remove the file and try again */
-		rc = rdbRmFile(directory);
-		if (rc == 0) {
-			rc = MKDIR(directory, mode);
-		}
-		return rc;
-	    }
-	}
-	/* if we fail because on of the subdirectory entries was a
-	 * file, or one of the subdirectory entries didn't exist,
-	 * move back one component and try the whole thing again
-	 */
-	if ((errno != ENOENT) && (errno != ENOTDIR)) {
-	    return rc;
-	}
-	buf = (char *)malloc(strlen(directory)+1);
-	strcpy(buf,directory);
-	cp = strrchr(buf,'/');
-#ifdef _WINDOWS
-	cp1 = strrchr(buf,'\\');
-	if (cp1 > cp) {
-	   cp = cp1;
-	}
-#endif
-	if (cp) {
-	    *cp = 0;
-	    rc = rdbMakedir(buf,level+1, mode);
-	    if (rc == 0) {
-	     	rc = MKDIR(directory, mode);
-	     }
-	 }
-	free(buf);
-    }
-    return rc;
-}
-
-static char *rdbBuildFileName(const char *appName, const char *prefix,
-				 const char *type, int flags)
-{
-    const char *home = getenv("HOME");
-    char *dir, *dbname;
-    char *prefixDir = NULL;
-    const char *prefixName = NULL;
-
-     /*
-      * build up the name of our database file.
-      * if create is set, make sure the directory path exists.
-      */
-    if (prefix) {
-	/*
-	 * prefix may have directory elements in it. If it does, we need
-	 * to break out the directory versus the actual prefix portions
-	 * so we can make sure the directory is created before we try to
-	 * create the db file.
-	 */
-	const char *end = strrchr(prefix,'/');
-#ifdef WINDOWS
-	/* windows has two possible directory field separators. Make sure
-	 * we pick the one that is furthest down the string. (this code
-	 * will also pick the non-null value. */
-	const char *end2 = strrchr(prefix,'\\');
-	/* find the last directory path element */
-	if (end2 > end) {
-	    end = end2;
-	}
-#endif
-	/* if the directory path exists, split the components */
-	if (end) {
-	   prefixDir = strdup(prefix);
-	   if (prefixDir == NULL) return NULL;
-	   prefixDir[prefix-end] = 0;
-	   prefixName = end+1;
-	} else {
-	   prefixName = prefix;
-	}
-    }
-    /* build the directory portion */
-    if (prefixDir) {
-	dir = sqlite3_mprintf("%s/.nssdb/%s/%s",home,appName,prefixDir);
-	free(prefixDir);
-    } else {
-	dir = sqlite3_mprintf("%s/.nssdb/%s",home,appName);
-    }
-    if (dir == NULL) return NULL;
-    /* if we are creating, make sure the directory is created as well */
-    if (flags == RDB_CREATE) {
-	rdbMakedir(dir,0, DIR_MODE);
-    }
-    /* build the full dbname */
-    dbname = sqlite3_mprintf("%s/%s%sS.sqldb",dir,prefixName? prefixName:"",type);
-    sqlite3_free(dir);
-    return dbname;
-}
-
-
-
-/* rdbopen */
-DB * rdbopen(const char *appName, const char *prefix, const char *type,
-				 int flags)
-{
-    char *name = rdbBuildFileName(appName, prefix, type, flags);
-    sqlite3  *psqlDB = NULL;
-    RDB  *rdb = NULL;
-    int sqlerr = SQLITE_OK;
-    int inTransaction = 0;
-    int inInit = 0;
-
-    if (name == NULL) {
-	errno = EINVAL;
-	return NULL;
-    }
-
-    sqlerr = sqlite3_open(name,&psqlDB );
-    sqlite3_free(name);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-
-    sqlerr = sqlite3_busy_timeout(psqlDB, 1000);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    
-
-    sqlerr = sqlite3_exec(psqlDB, BEGIN_CMD, NULL, 0, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    inTransaction = 1;
-
-    if (!tableExists(psqlDB,"nssTable")) {
-	if (flags != RDB_CREATE) {
-	    goto cleanup;
-	}
-	sqlerr = sqlite3_exec(psqlDB, INIT_CMD, NULL, 0, NULL);
-	if (sqlerr != SQLITE_OK) {
-	    goto cleanup;
-	}
-	/* hack. don't create the init on secmod db files */
-	if (strcmp(type,"secmod") != 0) {
-	    sqlerr = sqlite3_exec(psqlDB, IN_INIT_CMD, NULL, 0, NULL);
-	    if (sqlerr != SQLITE_OK) {
-		goto cleanup;
-	    }
-	}
-    } else {
-	/* if the nssInit table exists, then someone else is initing the
-	 * nss database. We don't want to complete the open until the init 
-	 * is completed. */
-	if (tableExists(psqlDB,"nssInit")) {
-	   inInit = 1;
-	}
-    }
-    rdb = (RDB *) malloc(sizeof(RDB));
-    rdb->db.internal = psqlDB;
-    rdb->db.type = DB_RDB;
-    rdb->db.close = rdbclose;
-    rdb->db.del = rdbdel;
-    rdb->db.get = rdbget;
-    rdb->db.put = rdbput;
-    rdb->db.seq = rdbseq;
-    rdb->db.sync = rdbsync;
-    rdb->db.fd = rdbfd;
-    rdb->version = 1;
-    rdb->index = 0;
-    rdb->flags = flags;
-    rdb->xactstart = rdbxactstart;
-    rdb->xactdone = rdbxactdone;
-    rdb->dbinitcomplete = rdbinitcomplete;
-    rdb->dataPool = NULL;
-    rdb->dataPoolSize = 0;
-    rdb->keyPool = NULL;
-    rdb->keyPoolSize = 0;
-    sqlerr = sqlite3_prepare(psqlDB, DEL_CMD, sizeof(DEL_CMD), 
-		&rdb->delStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, GET_CMD, sizeof(GET_CMD), 
-		&rdb->getStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, SEQ_CMD, sizeof(SEQ_CMD), 
-		&rdb->seqStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, INSERT_CMD, sizeof(INSERT_CMD), 
-		&rdb->insertStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, REPLACE_CMD, sizeof(REPLACE_CMD), 
-		&rdb->replaceStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, BEGIN_CMD, sizeof(BEGIN_CMD), 
-		&rdb->beginStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, ROLLBACK_CMD, sizeof(ROLLBACK_CMD), 
-		&rdb->rollbackStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, COMMIT_CMD, sizeof(COMMIT_CMD), 
-		&rdb->commitStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_exec(psqlDB, COMMIT_CMD, NULL, 0, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    inTransaction = 0;
-    if (inInit) {
-	while (tableExists(psqlDB,"nssInit")) {
-	    usleep(5);
-	}
-    }
-    return &rdb->db;
-
-cleanup:
-    /* lots of stuff to do */
-    if (inTransaction) {
-	sqlerr = sqlite3_exec(psqlDB, ROLLBACK_CMD, NULL, 0, NULL);
-	if (sqlerr != SQLITE_OK) {
-	    goto cleanup;
-	}
-    }
-    if (rdb) {
-	if (rdb->delStmt) {
-	    sqlite3_finalize(rdb->delStmt);
-	}
-	if (rdb->getStmt) {
-	    sqlite3_finalize(rdb->getStmt);
-	}
-	if (rdb->seqStmt) {
-	    sqlite3_finalize(rdb->seqStmt);
-	}
-	if (rdb->insertStmt) {
-	    sqlite3_finalize(rdb->insertStmt);
-	}
-	if (rdb->replaceStmt) {
-	    sqlite3_finalize(rdb->replaceStmt);
-	}
-	if (rdb->beginStmt) {
-	    sqlite3_finalize(rdb->beginStmt);
-	}
-	if (rdb->rollbackStmt) {
-	    sqlite3_finalize(rdb->rollbackStmt);
-	}
-	if (rdb->commitStmt) {
-	    sqlite3_finalize(rdb->commitStmt);
-	}
-	free(rdb);
-    }
-    if (psqlDB) {
-	sqlite3_close(psqlDB);
-    }
-    return NULL;
-
-};
--- a/mozilla/security/nss/lib/rdb/rdb.def
+++ b/mozilla/security/nss/lib/rdb/rdb.def
@@ -1,59 +0,0 @@
-;+#
-;+# ***** BEGIN LICENSE BLOCK *****
-;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-;+#
-;+# The contents of this file are subject to the Mozilla Public License Version
-;+# 1.1 (the "License"); you may not use this file except in compliance with
-;+# the License. You may obtain a copy of the License at
-;+# http://www.mozilla.org/MPL/
-;+#
-;+# Software distributed under the License is distributed on an "AS IS" basis,
-;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-;+# for the specific language governing rights and limitations under the
-;+# License.
-;+#
-;+# The Original Code is Red Hat, Inc.
-;+#
-;+# The Initial Developer of the Original Code is
-;+# Red Hat, Inc.
-;+# Portions created by the Initial Developer are Copyright (C) 2005
-;+# the Initial Developer. All Rights Reserved.
-;+#
-;+# Contributor(s):
-;+#
-;+# Alternatively, the contents of this file may be used under the terms of
-;+# either the GNU General Public License Version 2 or later (the "GPL"), or
-;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-;+# in which case the provisions of the GPL or the LGPL are applicable instead
-;+# of those above. If you wish to allow use of your version of this file only
-;+# under the terms of either the GPL or the LGPL, and not to allow others to
-;+# use your version of this file under the terms of the MPL, indicate your
-;+# decision by deleting the provisions above and replace them with the notice
-;+# and other provisions required by the GPL or the LGPL. If you do not delete
-;+# the provisions above, a recipient may use your version of this file under
-;+# the terms of any one of the MPL, the GPL or the LGPL.
-;+#
-;+# ***** END LICENSE BLOCK *****
-;+#
-;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
-;+#   1. For all unix platforms, the string ";-"  means "remove this line"
-;+#   2. For all unix platforms, the string " DATA " will be removed from any 
-;+#     line on which it occurs.
-;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
-;+#      On AIX, lines containing ";+" will be removed.
-;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
-;+#   5. For all unix platforms, after the above processing has taken place,
-;+#    all characters after the first ";" on the line will be removed.
-;+#    And for AIX, the first ";" will also be removed.
-;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
-;+#   directives are hidden behind ";", ";+", and ";-"
-;+
-;+RDB_1.0 {       # RDB 1.0
-;+    global:
-LIBRARY rdb ;-
-EXPORTS ;-
-rdbopen;
-rdbstatus;
-;+    local:
-;+*;
-;+};
--- a/mozilla/security/nss/lib/rdb/rdb.rc
+++ b/mozilla/security/nss/lib/rdb/rdb.rc
@@ -1,102 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2001
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Robert Relyea (rrelyea@redhat.com)
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nss.h"
-#include <winver.h>
-
-#define MY_LIBNAME "rdb"
-#define MY_FILEDESCRIPTION "NSS Multiaccess Database Library"
-
-#define STRINGIZE(x) #x
-#define STRINGIZE2(x) STRINGIZE(x)
-#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
-
-#ifdef _DEBUG
-#define MY_DEBUG_STR " (debug)"
-#define MY_FILEFLAGS_1 VS_FF_DEBUG
-#else
-#define MY_DEBUG_STR ""
-#define MY_FILEFLAGS_1 0x0L
-#endif
-#if NSS_BETA
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
-#else
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
-#endif
-
-#ifdef WINNT
-#define MY_FILEOS VOS_NT_WINDOWS32
-#else
-#define MY_FILEOS VOS__WINDOWS32
-#endif
-
-#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR
-
-/////////////////////////////////////////////////////////////////////////////
-//
-// Version-information resource
-//
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0
- PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0
- FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
- FILEFLAGS MY_FILEFLAGS_2
- FILEOS MY_FILEOS
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L // not used
-
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
-        BEGIN
-            VALUE "CompanyName", "Mozilla\0"
-            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
-            VALUE "FileVersion", NSS_VERSION "\0"
-            VALUE "InternalName", MY_INTERNAL_NAME "\0"
-            VALUE "LegalCopyright", "Copyright \251 2005 Red Hat, Inc.\0"
-            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
-            VALUE "ProductName", "Network Security Services\0"
-            VALUE "ProductVersion", NSS_VERSION "\0"
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 1200
-    END
-END
--- a/mozilla/security/nss/lib/softoken/Makefile
+++ b/mozilla/security/nss/lib/softoken/Makefile
@@ -1,95 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-export:: private_export
-
-# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
-# pkcs11c.c in 64-bit mode for unknown reasons.  A workaround is
-# to compile it with optimizations turned on.  (Bugzilla bug #63815)
-ifeq ($(OS_TARGET)$(OS_RELEASE),AIX4.3)
-ifeq ($(USE_64),1)
-ifndef BUILD_OPT
-$(OBJDIR)/pkcs11.o: pkcs11.c
-	@$(MAKE_OBJDIR)
-	$(CC) -o $@ -c -O2 $(CFLAGS) $<
-$(OBJDIR)/pkcs11c.o: pkcs11c.c
-	@$(MAKE_OBJDIR)
-	$(CC) -o $@ -c -O2 $(CFLAGS) $<
-endif
-endif
-endif
--- a/mozilla/security/nss/lib/softoken/alghmac.c
+++ b/mozilla/security/nss/lib/softoken/alghmac.c
@@ -1,166 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "sechash.h"
-#include "secport.h"
-#include "alghmac.h"
-#include "secerr.h"
-
-#define HMAC_PAD_SIZE 64
-
-struct HMACContextStr {
-    void *hash;
-    const SECHashObject *hashobj;
-    unsigned char ipad[HMAC_PAD_SIZE];
-    unsigned char opad[HMAC_PAD_SIZE];
-};
-
-void
-HMAC_Destroy(HMACContext *cx)
-{
-    if (cx == NULL)
-	return;
-
-    if (cx->hash != NULL)
-	cx->hashobj->destroy(cx->hash, PR_TRUE);
-    PORT_ZFree(cx, sizeof(HMACContext));
-}
-
-HMACContext *
-HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret, 
-            unsigned int secret_len, PRBool isFIPS)
-{
-    HMACContext *cx;
-    unsigned int i;
-    unsigned char hashed_secret[HASH_LENGTH_MAX];
-
-    /* required by FIPS 198 Section 3 */
-    if (isFIPS && secret_len < hash_obj->length/2) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return NULL;
-    }
-    cx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
-    if (cx == NULL)
-	return NULL;
-    cx->hashobj = hash_obj;
-
-    cx->hash = cx->hashobj->create();
-    if (cx->hash == NULL)
-	goto loser;
-
-    if (secret_len > HMAC_PAD_SIZE) {
-	cx->hashobj->begin( cx->hash);
-	cx->hashobj->update(cx->hash, secret, secret_len);
-	PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
-	cx->hashobj->end(   cx->hash, hashed_secret, &secret_len, 
-	                 sizeof hashed_secret);
-	if (secret_len != cx->hashobj->length)
-	    goto loser;
-	secret = (const unsigned char *)&hashed_secret[0];
-    }
-
-    PORT_Memset(cx->ipad, 0x36, sizeof cx->ipad);
-    PORT_Memset(cx->opad, 0x5c, sizeof cx->opad);
-
-    /* fold secret into padding */
-    for (i = 0; i < secret_len; i++) {
-	cx->ipad[i] ^= secret[i];
-	cx->opad[i] ^= secret[i];
-    }
-    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
-    return cx;
-
-loser:
-    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
-    HMAC_Destroy(cx);
-    return NULL;
-}
-
-void
-HMAC_Begin(HMACContext *cx)
-{
-    /* start inner hash */
-    cx->hashobj->begin(cx->hash);
-    cx->hashobj->update(cx->hash, cx->ipad, sizeof(cx->ipad));
-}
-
-void
-HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
-{
-    cx->hashobj->update(cx->hash, data, data_len);
-}
-
-SECStatus
-HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
-	    unsigned int max_result_len)
-{
-    if (max_result_len < cx->hashobj->length) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
-    if (*result_len != cx->hashobj->length)
-	return SECFailure;
-
-    cx->hashobj->begin(cx->hash);
-    cx->hashobj->update(cx->hash, cx->opad, sizeof(cx->opad));
-    cx->hashobj->update(cx->hash, result, *result_len);
-    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
-    return SECSuccess;
-}
-
-HMACContext *
-HMAC_Clone(HMACContext *cx)
-{
-    HMACContext *newcx;
-
-    newcx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
-    if (newcx == NULL)
-	goto loser;
-
-    newcx->hashobj = cx->hashobj;
-    newcx->hash = cx->hashobj->clone(cx->hash);
-    if (newcx->hash == NULL)
-	goto loser;
-    PORT_Memcpy(newcx->ipad, cx->ipad, sizeof(cx->ipad));
-    PORT_Memcpy(newcx->opad, cx->opad, sizeof(cx->opad));
-    return newcx;
-
-loser:
-    HMAC_Destroy(newcx);
-    return NULL;
-}
--- a/mozilla/security/nss/lib/softoken/alghmac.h
+++ b/mozilla/security/nss/lib/softoken/alghmac.h
@@ -1,91 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _ALGHMAC_H_
-#define _ALGHMAC_H_
-
-typedef struct HMACContextStr HMACContext;
-
-SEC_BEGIN_PROTOS
-
-/* destroy HMAC context */
-extern void
-HMAC_Destroy(HMACContext *cx);
-
-/* create HMAC context
- *  hashObj     hash object from SECRawHashObjects[]
- *  secret	the secret with which the HMAC is performed.
- *  secret_len	the length of the secret.
- *  isFIPS	true if conforming to FIPS 198.
- *
- * NULL is returned if an error occurs.
- */
-extern HMACContext *
-HMAC_Create(const SECHashObject *hashObj, const unsigned char *secret, 
-	    unsigned int secret_len, PRBool isFIPS);
-
-/* reset HMAC for a fresh round */
-extern void
-HMAC_Begin(HMACContext *cx);
-
-/* update HMAC 
- *  cx		HMAC Context
- *  data	the data to perform HMAC on
- *  data_len	the length of the data to process
- */
-extern void 
-HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len);
-
-/* Finish HMAC -- place the results within result
- *  cx		HMAC context
- *  result	buffer for resulting hmac'd data
- *  result_len	where the resultant hmac length is stored
- *  max_result_len  maximum possible length that can be stored in result
- */
-extern SECStatus
-HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
-	    unsigned int max_result_len);
-
-/* clone a copy of the HMAC state.  this is usefult when you would
- * need to keep a running hmac but also need to extract portions 
- * partway through the process.
- */
-extern HMACContext *
-HMAC_Clone(HMACContext *cx);
-
-SEC_END_PROTOS
-
-#endif
--- a/mozilla/security/nss/lib/softoken/cdbhdl.h
+++ b/mozilla/security/nss/lib/softoken/cdbhdl.h
@@ -1,85 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * cdbhdl.h - certificate database handle
- *   private to the certdb module
- *
- * $Id: cdbhdl.h,v 1.9 2004-04-25 15:03:16 gerv%gerv.net Exp $
- */
-#ifndef _CDBHDL_H_
-#define _CDBHDL_H_
-
-#include "nspr.h"
-#include "mcom_db.h"
-#include "pcertt.h"
-
-/*
- * Handle structure for open certificate databases
- */
-struct NSSLOWCERTCertDBHandleStr {
-    DB *permCertDB;
-    PZMonitor *dbMon;
-    PRBool dbVerify;
-};
-
-#ifdef DBM_USING_NSPR
-#define NO_RDONLY	PR_RDONLY
-#define NO_RDWR		PR_RDWR
-#define NO_CREATE	(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
-#else
-#define NO_RDONLY	O_RDONLY
-#define NO_RDWR		O_RDWR
-#define NO_CREATE	(O_RDWR | O_CREAT | O_TRUNC)
-#endif
-
-typedef DB * (*rdbfunc)(const char *appName, const char *prefix, 
-				const char *type, int flags);
-typedef int (*rdbstatusfunc)(void);
-
-#define RDB_FAIL 1
-#define RDB_RETRY 2
-
-DB * rdbopen(const char *appName, const char *prefix, 
-				const char *type, int flags, int *status);
-
-DB *dbsopen (const char *dbname , int flags, int mode, DBTYPE type, 
-						const void * appData);
-SECStatus db_Copy(DB *dest,DB *src);
-int db_BeginTransaction(DB *db);
-int db_FinishTransaction(DB *db, PRBool abort);
-int db_InitComplete(DB *db);
-
-#endif
--- a/mozilla/security/nss/lib/softoken/config.mk
+++ b/mozilla/security/nss/lib/softoken/config.mk
@@ -1,98 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
-CRYPTODIR=../freebl
-ifdef MOZILLA_SECURITY_BUILD
-	CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)crypto.$(LIB_SUFFIX)
-	CRYPTODIR=../crypto
-endif
-
-EXTRA_LIBS += \
-	$(CRYPTOLIB) \
-	$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
-	$(NULL)
-
-# can't do this in manifest.mn because OS_TARGET isn't defined there.
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-
-# don't want the 32 in the shared library name
-SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
-IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
-
-RES = $(OBJDIR)/$(LIBRARY_NAME).res
-RESNAME = $(LIBRARY_NAME).rc
-
-ifdef NS_USE_GCC
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib \
-	-lplc4 \
-	-lplds4 \
-	-lnspr4 \
-	$(NULL)
-else # ! NS_USE_GCC
-
-EXTRA_SHARED_LIBS += \
-	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.lib \
-	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.lib \
-	$(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib \
-	$(NULL)
-endif # NS_USE_GCC
-
-else
-
-# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
-# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib/ \
-	-lplc4 \
-	-lplds4 \
-	-lnspr4 \
-	$(NULL)
-endif
-
-ifeq ($(OS_TARGET),SunOS)
-# The -R '$ORIGIN' linker option instructs this library to search for its
-# dependencies in the same directory where it resides.
-MKSHLIB += -R '$$ORIGIN'
-endif
-
-ifeq ($(OS_TARGET),WINCE)
-DEFINES += -DDBM_USING_NSPR
-endif
--- a/mozilla/security/nss/lib/softoken/dbinit.c
+++ b/mozilla/security/nss/lib/softoken/dbinit.c
@@ -1,420 +0,0 @@
-/*
- * NSS utility functions
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: dbinit.c,v 1.25.8.1 2005-06-20 23:17:12 relyea%netscape.com Exp $ */
-
-#include <ctype.h>
-#include "seccomon.h"
-#include "prinit.h"
-#include "prprf.h"
-#include "prmem.h"
-#include "pcertt.h"
-#include "lowkeyi.h"
-#include "pcert.h"
-#include "cdbhdl.h"
-#include "pkcs11i.h"
-
-#define ALWAYS_MULTIACCESS "CommonClient"
-
-static char *
-sftk_certdb_name_cb(void *arg, int dbVersion)
-{
-    const char *configdir = (const char *)arg;
-    const char *dbver;
-    char *smpname = NULL;
-    char *dbname = NULL;
-
-    switch (dbVersion) {
-      case 8:
-	dbver = "8";
-	break;
-      case 7:
-	dbver = "7";
-	break;
-      case 6:
-	dbver = "6";
-	break;
-      case 5:
-	dbver = "5";
-	break;
-      case 4:
-      default:
-	dbver = "";
-	break;
-    }
-
-    /* make sure we return something allocated with PORT_ so we have properly
-     * matched frees at the end */
-    smpname = PR_smprintf(CERT_DB_FMT, configdir, dbver);
-    if (smpname) {
-	dbname = PORT_Strdup(smpname);
-	PR_smprintf_free(smpname);
-    }
-    return dbname;
-}
-    
-static char *
-sftk_keydb_name_cb(void *arg, int dbVersion)
-{
-    const char *configdir = (const char *)arg;
-    const char *dbver;
-    char *smpname = NULL;
-    char *dbname = NULL;
-    
-    switch (dbVersion) {
-      case 4:
-	dbver = "4";
-	break;
-      case 3:
-	dbver = "3";
-	break;
-      case 1:
-	dbver = "1";
-	break;
-      case 2:
-      default:
-	dbver = "";
-	break;
-    }
-
-    smpname = PR_smprintf(KEY_DB_FMT, configdir, dbver);
-    if (smpname) {
-	dbname = PORT_Strdup(smpname);
-	PR_smprintf_free(smpname);
-    }
-    return dbname;
-}
-
-const char *
-sftk_EvaluateConfigDir(const char *configdir,char **appName)
-{
-#ifdef ALWAYS_MULTIACCESS
-    *appName = PORT_Strdup(ALWAYS_MULTIACCESS);
-#else
-    if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
-	char *cdir;
-
-	*appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1);
-	if (*appName == NULL) {
-	    return configdir;
-	}
-	cdir = *appName;
-	while (*cdir && *cdir != ':') {
-	    cdir++;
-	}
-	if (*cdir == ':') {
-	   *cdir = 0;
-	   cdir++;
-	}
-	configdir = cdir;
-    }
-#endif
-    return configdir;
-}
-
-static CK_RV
-sftk_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
-    					    NSSLOWCERTCertDBHandle **certdbPtr)
-{
-    NSSLOWCERTCertDBHandle *certdb = NULL;
-    CK_RV        crv = CKR_NETSCAPE_CERTDB_FAILED;
-    SECStatus    rv;
-    char * name = NULL;
-    char * appName = NULL;
-
-    if (prefix == NULL) {
-	prefix = "";
-    }
-
-    configdir = sftk_EvaluateConfigDir(configdir, &appName);
-
-    name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);
-    if (name == NULL) goto loser;
-
-    certdb = (NSSLOWCERTCertDBHandle*)PORT_ZAlloc(sizeof(NSSLOWCERTCertDBHandle));
-    if (certdb == NULL) 
-    	goto loser;
-
-/* fix when we get the DB in */
-    rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix,
-				sftk_certdb_name_cb, (void *)name, PR_FALSE);
-    if (rv == SECSuccess) {
-	crv = CKR_OK;
-	*certdbPtr = certdb;
-	certdb = NULL;
-    }
-loser: 
-    if (certdb) PR_Free(certdb);
-    if (name) PR_smprintf_free(name);
-    if (appName) PORT_Free(appName);
-    return crv;
-}
-
-static CK_RV
-sftk_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
-    						NSSLOWKEYDBHandle **keydbPtr)
-{
-    NSSLOWKEYDBHandle *keydb;
-    char * name = NULL;
-    char * appName = NULL;
-
-    if (prefix == NULL) {
-	prefix = "";
-    }
-    configdir = sftk_EvaluateConfigDir(configdir, &appName);
-
-    name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);	
-    if (name == NULL) 
-	return CKR_HOST_MEMORY;
-    keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix, 
-					sftk_keydb_name_cb, (void *)name);
-    PR_smprintf_free(name);
-    if (appName) PORT_Free(appName);
-    if (keydb == NULL)
-	return CKR_NETSCAPE_KEYDB_FAILED;
-    *keydbPtr = keydb;
-
-    return CKR_OK;
-}
-
-
-/*
- * OK there are now lots of options here, lets go through them all:
- *
- * configdir - base directory where all the cert, key, and module datbases live.
- * certPrefix - prefix added to the beginning of the cert database example: "
- * 			"https-server1-"
- * keyPrefix - prefix added to the beginning of the key database example: "
- * 			"https-server1-"
- * secmodName - name of the security module database (usually "secmod.db").
- * readOnly - Boolean: true if the databases are to be openned read only.
- * nocertdb - Don't open the cert DB and key DB's, just initialize the 
- *			Volatile certdb.
- * nomoddb - Don't open the security module DB, just initialize the 
- *			PKCS #11 module.
- * forceOpen - Continue to force initializations even if the databases cannot
- * 			be opened.
- */
-CK_RV
-sftk_DBInit(const char *configdir, const char *certPrefix, 
-	    const char *keyPrefix, PRBool readOnly, 
-	    PRBool noCertDB, PRBool noKeyDB, PRBool forceOpen,
-	    NSSLOWCERTCertDBHandle **certdbPtr, NSSLOWKEYDBHandle **keydbPtr)
-{
-    CK_RV crv = CKR_OK;
-
-
-    if (!noCertDB) {
-	crv = sftk_OpenCertDB(configdir, certPrefix, readOnly, certdbPtr);
-	if (crv != CKR_OK) {
-	    if (!forceOpen) goto loser;
-	    crv = CKR_OK;
-	}
-    }
-    if (!noKeyDB) {
-
-	crv = sftk_OpenKeyDB(configdir, keyPrefix, readOnly, keydbPtr);
-	if (crv != CKR_OK) {
-	    if (!forceOpen) goto loser;
-	    crv = CKR_OK;
-	}
-    }
-
-
-loser:
-    return crv;
-}
-
-
-void
-sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, 
-		NSSLOWKEYDBHandle *keyHandle)
-{
-    if (certHandle) {
-    	nsslowcert_ClosePermCertDB(certHandle);
-	PORT_Free(certHandle);
-    }
-
-    if (keyHandle) {
-    	nsslowkey_CloseKeyDB(keyHandle);
-    }
-}
-
-static int rdbmapflags(int flags);
-static rdbfunc sftk_rdbfunc = NULL;
-static rdbstatusfunc sftk_rdbstatusfunc = NULL;
-
-/* NOTE: SHLIB_SUFFIX is defined on the command line */
-#define RDBLIB SHLIB_PREFIX"rdb."SHLIB_SUFFIX
-
-DB * rdbopen(const char *appName, const char *prefix, 
-			const char *type, int flags, int *status)
-{
-    PRLibrary *lib;
-    DB *db;
-
-    if (sftk_rdbfunc) {
-	db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
-	if (!db && status && sftk_rdbstatusfunc) {
-	    *status = (*sftk_rdbstatusfunc)();
-	}
-	return db;
-    }
-
-    /*
-     * try to open the library.
-     */
-    lib = PR_LoadLibrary(RDBLIB);
-
-    if (!lib) {
-	return NULL;
-    }
-
-    /* get the entry points */
-    sftk_rdbstatusfunc = (rdbstatusfunc) PR_FindSymbol(lib,"rdbstatus");
-    sftk_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen");
-    if (sftk_rdbfunc) {
-	db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
-	if (!db && status && sftk_rdbstatusfunc) {
-	    *status = (*sftk_rdbstatusfunc)();
-	}
-	return db;
-    }
-
-    /* couldn't find the entry point, unload the library and fail */
-    PR_UnloadLibrary(lib);
-    return NULL;
-}
-
-/*
- * the following data structures are from rdb.h.
- */
-struct RDBStr {
-    DB	db;
-    int (*xactstart)(DB *db);
-    int (*xactdone)(DB *db, PRBool abort);
-    int version;
-    int (*dbinitcomplete)(DB *db);
-};
-
-#define DB_RDB ((DBTYPE) 0xff)
-#define RDB_RDONLY	1
-#define RDB_RDWR 	2
-#define RDB_CREATE      4
-
-static int
-rdbmapflags(int flags) {
-   switch (flags) {
-   case NO_RDONLY:
-	return RDB_RDONLY;
-   case NO_RDWR:
-	return RDB_RDWR;
-   case NO_CREATE:
-	return RDB_CREATE;
-   default:
-	break;
-   }
-   return 0;
-}
-
-
-PRBool
-db_IsRDB(DB *db)
-{
-    return (PRBool) db->type == DB_RDB;
-}
-
-int
-db_BeginTransaction(DB *db)
-{
-    struct RDBStr *rdb = (struct RDBStr *)db;
-    if (db->type != DB_RDB) {
-	return 0;
-    }
-
-    return rdb->xactstart(db);
-}
-
-int
-db_FinishTransaction(DB *db, PRBool abort)
-{
-    struct RDBStr *rdb = (struct RDBStr *)db;
-    if (db->type != DB_RDB) {
-	return 0;
-    }
-
-    return rdb->xactdone(db, abort);
-}
-
-int
-db_InitComplete(DB *db)
-{
-    struct RDBStr *rdb = (struct RDBStr *)db;
-    if (db->type != DB_RDB) {
-	return 0;
-    }
-    /* we should have addes a version number to the RDBS structure. Since we
-     * didn't, we detect that we have and 'extended' structure if the rdbstatus
-     * func exists */
-    if (!sftk_rdbstatusfunc) {
-	return 0;
-    }
-
-    return rdb->dbinitcomplete(db);
-}
-
-
-
-SECStatus
-db_Copy(DB *dest,DB *src)
-{
-    int ret;
-    DBT key,data;
-    ret = (*src->seq)(src, &key, &data, R_FIRST);
-    if (ret)  {
-	return SECSuccess;
-    }
-
-    do {
-	(void)(*dest->put)(dest,&key,&data, R_NOOVERWRITE);
-    } while ( (*src->seq)(src, &key, &data, R_NEXT) == 0);
-    (void)(*dest->sync)(dest,0);
-
-    return SECSuccess;
-}
-
--- a/mozilla/security/nss/lib/softoken/dbmshim.c
+++ b/mozilla/security/nss/lib/softoken/dbmshim.c
@@ -1,664 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
- * Berkeley DB 1.85 Shim code to handle blobs.
- *
- * $Id: dbmshim.c,v 1.11 2005-03-29 18:21:18 nelsonb%netscape.com Exp $
- */
-#include "mcom_db.h"
-#include "secitem.h"
-#include "secder.h"
-#include "prprf.h"
-#include "cdbhdl.h"
-
-/* Call to SFTK_FreeSlot below */
-
-#include "pcertt.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "nssb64.h"
-#include "blapi.h"
-#include "sechash.h"
-
-#include "pkcs11i.h"
-
-/*
- *   Blob block:
- *   Byte 0   CERTDB Version           -+                       -+
- *   Byte 1   certDBEntryTypeBlob       |  BLOB_HEAD_LEN         |
- *   Byte 2   flags (always '0');       |                        |
- *   Byte 3   reserved (always '0');   -+                        |
- *   Byte 4   LSB length                | <--BLOB_LENGTH_START   | BLOB_BUF_LEN
- *   Byte 5       .                     |                        |
- *   Byte 6       .                     | BLOB_LENGTH_LEN        |
- *   Byte 7   MSB length                |                        |
- *   Byte 8   blob_filename   -+       -+  <-- BLOB_NAME_START   |
- *   Byte 9       .            | BLOB_NAME_LEN                   |
- *     .          .            |                                 |
- *   Byte 37      .           -+                                -+
- */
-#define DBS_BLOCK_SIZE (16*1024) /* 16 k */
-#define DBS_MAX_ENTRY_SIZE (DBS_BLOCK_SIZE - (2048)) /* 14 k */
-#define DBS_CACHE_SIZE	DBS_BLOCK_SIZE*8
-#define ROUNDDIV(x,y) (x+(y-1))/y
-#define BLOB_HEAD_LEN 4
-#define BLOB_LENGTH_START BLOB_HEAD_LEN
-#define BLOB_LENGTH_LEN 4
-#define BLOB_NAME_START BLOB_LENGTH_START+BLOB_LENGTH_LEN
-#define BLOB_NAME_LEN 1+ROUNDDIV(SHA1_LENGTH,3)*4+1
-#define BLOB_BUF_LEN BLOB_HEAD_LEN+BLOB_LENGTH_LEN+BLOB_NAME_LEN
-
-/* a Shim data structure. This data structure has a db built into it. */
-typedef struct DBSStr DBS;
-
-struct DBSStr {
-    DB db;
-    char *blobdir;
-    int mode;
-    PRBool readOnly;
-    PRFileMap *dbs_mapfile;
-    unsigned char *dbs_addr;
-    PRUint32 dbs_len;
-    char staticBlobArea[BLOB_BUF_LEN];
-};
-    
-    
-
-/*
- * return true if the Datablock contains a blobtype
- */
-static PRBool
-dbs_IsBlob(DBT *blobData)
-{
-    unsigned char *addr = (unsigned char *)blobData->data;
-    if (blobData->size < BLOB_BUF_LEN) {
-	return PR_FALSE;
-    }
-    return addr && ((certDBEntryType) addr[1] == certDBEntryTypeBlob);
-}
-
-/*
- * extract the filename in the blob of the real data set.
- * This value is not malloced (does not need to be freed by the caller.
- */
-static const char *
-dbs_getBlobFileName(DBT *blobData)
-{
-    char *addr = (char *)blobData->data;
-
-    return &addr[BLOB_NAME_START];
-}
-
-/*
- * extract the size of the actual blob from the blob record
- */
-static PRUint32
-dbs_getBlobSize(DBT *blobData)
-{
-    unsigned char *addr = (unsigned char *)blobData->data;
-
-    return (PRUint32)(addr[BLOB_LENGTH_START+3] << 24) | 
-			(addr[BLOB_LENGTH_START+2] << 16) | 
-			(addr[BLOB_LENGTH_START+1] << 8) | 
-			addr[BLOB_LENGTH_START];
-}
-
-
-/* We are using base64 data for the filename, but base64 data can include a
- * '/' which is interpreted as a path separator on  many platforms. Replace it
- * with an inocuous '-'. We don't need to convert back because we never actual
- * decode the filename.
- */
-
-static void
-dbs_replaceSlash(char *cp, int len)
-{
-   while (len--) {
-	if (*cp == '/') *cp = '-';
-	cp++;
-   }
-}
-
-/*
- * create a blob record from a key, data and return it in blobData.
- * NOTE: The data element is static data (keeping with the dbm model).
- */
-static void
-dbs_mkBlob(DBS *dbsp,const DBT *key, const DBT *data, DBT *blobData)
-{
-   unsigned char sha1_data[SHA1_LENGTH];
-   char *b = dbsp->staticBlobArea;
-   PRUint32 length = data->size;
-   SECItem sha1Item;
-
-   b[0] = CERT_DB_FILE_VERSION; /* certdb version number */
-   b[1] = (char) certDBEntryTypeBlob; /* type */
-   b[2] = 0; /* flags */
-   b[3] = 0; /* reserved */
-   b[BLOB_LENGTH_START] = length & 0xff;
-   b[BLOB_LENGTH_START+1] = (length >> 8) & 0xff;
-   b[BLOB_LENGTH_START+2] = (length >> 16) & 0xff;
-   b[BLOB_LENGTH_START+3] = (length >> 24) & 0xff;
-   sha1Item.data = sha1_data;
-   sha1Item.len = SHA1_LENGTH;
-   SHA1_HashBuf(sha1_data,key->data,key->size);
-   b[BLOB_NAME_START]='b'; /* Make sure we start with a alpha */
-   NSSBase64_EncodeItem(NULL,&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1,&sha1Item);
-   b[BLOB_BUF_LEN-1] = 0;
-   dbs_replaceSlash(&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1);
-   blobData->data = b;
-   blobData->size = BLOB_BUF_LEN;
-   return;
-}
-   
-
-/*
- * construct a path to the actual blob. The string returned must be
- * freed by the caller with PR_smprintf_free.
- *
- * Note: this file does lots of consistancy checks on the DBT. The
- * routines that call this depend on these checks, so they don't worry
- * about them (success of this routine implies a good blobdata record).
- */ 
-static char *
-dbs_getBlobFilePath(char *blobdir,DBT *blobData)
-{
-    const char *name;
-
-    if (blobdir == NULL) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
-    }
-    if (!dbs_IsBlob(blobData)) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
-    }
-    name = dbs_getBlobFileName(blobData);
-    if (!name || *name == 0) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
-    }
-    return  PR_smprintf("%s" PATH_SEPARATOR "%s", blobdir, name);
-}
-
-/*
- * Delete a blob file pointed to by the blob record.
- */
-static void
-dbs_removeBlob(DBS *dbsp, DBT *blobData)
-{
-    char *file;
-
-    file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
-    if (!file) {
-	return;
-    }
-    PR_Delete(file);
-    PR_smprintf_free(file);
-}
-
-/*
- * Directory modes are slightly different, the 'x' bit needs to be on to
- * access them. Copy all the read bits to 'x' bits
- */
-static int
-dbs_DirMode(int mode)
-{
-  int x_bits = (mode >> 2) &  0111;
-  return mode | x_bits;
-}
-
-/*
- * write a data blob to it's file. blobdData is the blob record that will be
- * stored in the database. data is the actual data to go out on disk.
- */
-static int
-dbs_writeBlob(DBS *dbsp, int mode, DBT *blobData, const DBT *data)
-{
-    char *file = NULL;
-    PRFileDesc *filed;
-    PRStatus status;
-    int len;
-    int error = 0;
-
-    file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
-    if (!file) {
-	goto loser;
-    }
-    if (PR_Access(dbsp->blobdir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
-	status = PR_MkDir(dbsp->blobdir,dbs_DirMode(mode));
-	if (status != PR_SUCCESS) {
-	    goto loser;
-	}
-    }
-    filed = PR_OpenFile(file,PR_CREATE_FILE|PR_TRUNCATE|PR_WRONLY, mode);
-    if (filed == NULL) {
-	error = PR_GetError();
-	goto loser;
-    }
-    len = PR_Write(filed,data->data,data->size);
-    error = PR_GetError();
-    PR_Close(filed);
-    if (len < (int)data->size) {
-	goto loser;
-    }
-    PR_smprintf_free(file);
-    return 0;
-
-loser:
-    if (file) {
-	PR_Delete(file);
-	PR_smprintf_free(file);
-    }
-    /* don't let close or delete reset the error */
-    PR_SetError(error,0);
-    return -1;
-}
-
-
-/*
- * we need to keep a address map in memory between calls to DBM.
- * remember what we have mapped can close it when we get another dbm
- * call. 
- *
- * NOTE: Not all platforms support mapped files. This code is designed to
- * detect this at runtime. If map files aren't supported the OS will indicate
- * this by failing the PR_Memmap call. In this case we emulate mapped files
- * by just reading in the file into regular memory. We signal this state by
- * making dbs_mapfile NULL and dbs_addr non-NULL.
- */
-
-static void
-dbs_freemap(DBS *dbsp)
-{
-    if (dbsp->dbs_mapfile) {
-	PR_MemUnmap(dbsp->dbs_addr,dbsp->dbs_len);
-	PR_CloseFileMap(dbsp->dbs_mapfile);
-	dbsp->dbs_mapfile = NULL;
-	dbsp->dbs_addr = NULL;
-	dbsp->dbs_len = 0;
-    } else if (dbsp->dbs_addr) {
-	PORT_Free(dbsp->dbs_addr);
-	dbsp->dbs_addr = NULL;
-	dbsp->dbs_len = 0;
-    }
-    return;
-}
-
-static void
-dbs_setmap(DBS *dbsp, PRFileMap *mapfile, unsigned char *addr, PRUint32 len)
-{
-    dbsp->dbs_mapfile = mapfile;
-    dbsp->dbs_addr = addr;
-    dbsp->dbs_len = len;
-}
-
-/*
- * platforms that cannot map the file need to read it into a temp buffer.
- */
-static unsigned char *
-dbs_EmulateMap(PRFileDesc *filed, int len)
-{
-    unsigned char *addr;
-    PRInt32 dataRead;
-
-    addr = PORT_Alloc(len);
-    if (addr == NULL) {
-	return NULL;
-    }
-
-    dataRead = PR_Read(filed,addr,len);
-    if (dataRead != len) {
-	PORT_Free(addr);
-	if (dataRead > 0) {
-	    /* PR_Read didn't set an error, we need to */
-	    PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	}
-	return NULL;
-    }
-
-    return addr;
-}
-
-
-/*
- * pull a database record off the disk
- * data points to the blob record on input and the real record (if we could
- * read it) on output. if there is an error data is not modified.
- */
-static int
-dbs_readBlob(DBS *dbsp, DBT *data)
-{
-    char *file = NULL;
-    PRFileDesc *filed = NULL;
-    PRFileMap *mapfile = NULL;
-    unsigned char *addr = NULL;
-    int error;
-    int len = -1;
-
-    file = dbs_getBlobFilePath(dbsp->blobdir, data);
-    if (!file) {
-	goto loser;
-    }
-    filed = PR_OpenFile(file,PR_RDONLY,0);
-    PR_smprintf_free(file); file = NULL;
-    if (filed == NULL) {
-	goto loser;
-    }
-
-    len = dbs_getBlobSize(data);
-    mapfile = PR_CreateFileMap(filed, len, PR_PROT_READONLY);
-    if (mapfile == NULL) {
-	 /* USE PR_GetError instead of PORT_GetError here
-	  * because we are getting the error from PR_xxx
-	  * function */
-	if (PR_GetError() != PR_NOT_IMPLEMENTED_ERROR) {
-	    goto loser;
-	}
-	addr = dbs_EmulateMap(filed, len);
-    } else {
-	addr = PR_MemMap(mapfile, 0, len);
-    }
-    if (addr == NULL) {
-	goto loser;
-    }
-    PR_Close(filed);
-    dbs_setmap(dbsp,mapfile,addr,len);
-
-    data->data = addr;
-    data->size = len;
-    return 0;
-
-loser:
-    /* preserve the error code */
-    error = PR_GetError();
-    if (addr) {
-	if (mapfile) {
-	    PORT_Assert(len != -1);
-	    PR_MemUnmap(addr,len);
-	} else {
-	    PORT_Free(addr);
-	}
-    }
-    if (mapfile) {
-	PR_CloseFileMap(mapfile);
-    }
-    if (filed) {
-	PR_Close(filed);
-    }
-    PR_SetError(error,0);
-    return -1;
-}
-
-/*
- * actual DBM shims
- */
-static int
-dbs_get(const DB *dbs, const DBT *key, DBT *data, unsigned int flags)
-{
-    int ret;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-    
-
-    dbs_freemap(dbsp);
-    
-    ret = (* db->get)(db, key, data, flags);
-    if ((ret == 0) && dbs_IsBlob(data)) {
-	ret = dbs_readBlob(dbsp,data);
-    }
-
-    return(ret);
-}
-
-static int
-dbs_put(const DB *dbs, DBT *key, const DBT *data, unsigned int flags)
-{
-    DBT blob;
-    int ret = 0;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-
-    dbs_freemap(dbsp);
-
-    /* If the db is readonly, just pass the data down to rdb and let it fail */
-    if (!dbsp->readOnly) {
-	DBT oldData;
-	int ret1;
-
-	/* make sure the current record is deleted if it's a blob */
-	ret1 = (*db->get)(db,key,&oldData,0);
-        if ((ret1 == 0) && flags == R_NOOVERWRITE) {
-	    /* let DBM return the error to maintain consistancy */
-	    return (* db->put)(db, key, data, flags);
-	}
-	if ((ret1 == 0) && dbs_IsBlob(&oldData)) {
-	    dbs_removeBlob(dbsp, &oldData);
-	}
-
-	if (data->size > DBS_MAX_ENTRY_SIZE) {
-	    dbs_mkBlob(dbsp,key,data,&blob);
-	    ret = dbs_writeBlob(dbsp, dbsp->mode, &blob, data);
-	    data = &blob;
-	}
-    }
-
-    if (ret == 0) {
-	ret = (* db->put)(db, key, data, flags);
-    }
-    return(ret);
-}
-
-static int
-dbs_sync(const DB *dbs, unsigned int flags)
-{
-    DB *db = (DB *)dbs->internal;
-    DBS *dbsp = (DBS *)dbs;
-
-    dbs_freemap(dbsp);
-
-    return (* db->sync)(db, flags);
-}
-
-static int
-dbs_del(const DB *dbs, const DBT *key, unsigned int flags)
-{
-    int ret;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-
-    dbs_freemap(dbsp);
-
-    if (!dbsp->readOnly) {
-	DBT oldData;
-	ret = (*db->get)(db,key,&oldData,0);
-	if ((ret == 0) && dbs_IsBlob(&oldData)) {
-	    dbs_removeBlob(dbsp,&oldData);
-	}
-    }
-
-    return (* db->del)(db, key, flags);
-}
-
-static int
-dbs_seq(const DB *dbs, DBT *key, DBT *data, unsigned int flags)
-{
-    int ret;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-    
-    dbs_freemap(dbsp);
-    
-    ret = (* db->seq)(db, key, data, flags);
-    if ((ret == 0) && dbs_IsBlob(data)) {
-	/* don't return a blob read as an error so traversals keep going */
-	(void) dbs_readBlob(dbsp,data);
-    }
-
-    return(ret);
-}
-
-static int
-dbs_close(DB *dbs)
-{
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-    int ret;
-
-    dbs_freemap(dbsp);
-    ret = (* db->close)(db);
-    PORT_Free(dbsp->blobdir);
-    PORT_Free(dbsp);
-    return ret;
-}
-
-static int
-dbs_fd(const DB *dbs)
-{
-    DB *db = (DB *)dbs->internal;
-
-    return (* db->fd)(db);
-}
-
-/*
- * the naming convention we use is
- * change the .xxx into .dir. (for nss it's always .db);
- * if no .extension exists or is equal to .dir, add a .dir 
- * the returned data must be freed.
- */
-#define DIRSUFFIX ".dir"
-static char *
-dbs_mkBlobDirName(const char *dbname)
-{
-    int dbname_len = PORT_Strlen(dbname);
-    int dbname_end = dbname_len;
-    const char *cp;
-    char *blobDir = NULL;
-
-    /* scan back from the end looking for either a directory separator, a '.',
-     * or the end of the string. NOTE: Windows should check for both separators
-     * here. For now this is safe because we know NSS always uses a '.'
-     */
-    for (cp = &dbname[dbname_len]; 
-		(cp > dbname) && (*cp != '.') && (*cp != *PATH_SEPARATOR) ;
-			cp--)
-	/* Empty */ ;
-    if (*cp == '.') {
-	dbname_end = cp - dbname;
-	if (PORT_Strcmp(cp,DIRSUFFIX) == 0) {
-	    dbname_end = dbname_len;
-	}
-    }
-    blobDir = PORT_ZAlloc(dbname_end+sizeof(DIRSUFFIX));
-    if (blobDir == NULL) {
-	return NULL;
-    }
-    PORT_Memcpy(blobDir,dbname,dbname_end);
-    PORT_Memcpy(&blobDir[dbname_end],DIRSUFFIX,sizeof(DIRSUFFIX));
-    return blobDir;
-}
-
-#define DBM_DEFAULT 0
-static const HASHINFO dbs_hashInfo = {
-	DBS_BLOCK_SIZE,		/* bucket size, must be greater than = to
-				 * or maximum entry size (+ header)
-				 * we allow before blobing */
-	DBM_DEFAULT,		/* Fill Factor */
-	DBM_DEFAULT,		/* number of elements */
-	DBS_CACHE_SIZE,		/* cache size */
-	DBM_DEFAULT,		/* hash function */
-	DBM_DEFAULT,		/* byte order */
-};
-
-/*
- * the open function. NOTE: this is the only exposed function in this file.
- * everything else is called through the function table pointer.
- */
-DB *
-dbsopen(const char *dbname, int flags, int mode, DBTYPE type,
-							 const void *userData)
-{
-    DB *db = NULL,*dbs = NULL;
-    DBS *dbsp = NULL;
-
-    /* NOTE: we are overriding userData with dbs_hashInfo. since all known
-     * callers pass 0, this is ok, otherwise we should merge the two */
-
-    dbsp = (DBS *)PORT_ZAlloc(sizeof(DBS));
-    if (!dbsp) {
-	return NULL;
-    }
-    dbs = &dbsp->db;
-
-    dbsp->blobdir=dbs_mkBlobDirName(dbname);
-    if (dbsp->blobdir == NULL) {
-	goto loser;
-    }
-    dbsp->mode = mode;
-    dbsp->readOnly = (PRBool)(flags == NO_RDONLY);
-    dbsp->dbs_mapfile = NULL;
-    dbsp->dbs_addr = NULL;
-    dbsp->dbs_len = 0;
-
-    /* the real dbm call */
-    db = dbopen(dbname, flags, mode, type, &dbs_hashInfo);
-    if (db == NULL) {
-	goto loser;
-    }
-    dbs->internal = (void *) db;
-    dbs->type = type;
-    dbs->close = dbs_close;
-    dbs->get = dbs_get;
-    dbs->del = dbs_del;
-    dbs->put = dbs_put;
-    dbs->seq = dbs_seq;
-    dbs->sync = dbs_sync;
-    dbs->fd = dbs_fd;
-
-    return dbs;
-loser:
-    if (db) {
-	(*db->close)(db);
-    }
-    if (dbsp && dbsp->blobdir) {
-	PORT_Free(dbsp->blobdir);
-    }
-    if (dbsp) {
-	PORT_Free(dbsp);
-    }
-    return NULL;
-}
--- a/mozilla/security/nss/lib/softoken/ecdecode.c
+++ b/mozilla/security/nss/lib/softoken/ecdecode.c
@@ -1,687 +0,0 @@
-/*
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Elliptic Curve Cryptography library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are Copyright (C) 2003
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com> and
- *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifdef NSS_ENABLE_ECC
-
-#include "blapi.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secerr.h"
-#include "ec.h"
-#include "ecl-curve.h"
-
-#define CHECK_OK(func) if (func == NULL) goto cleanup
-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
-
-/* Initializes a SECItem from a hexadecimal string */
-static SECItem *
-hexString2SECItem(PRArenaPool *arena, SECItem *item, const char *str)
-{
-    int i = 0;
-    int byteval = 0;
-    int tmp = PORT_Strlen(str);
-
-    if ((tmp % 2) != 0) return NULL;
-    
-    item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2);
-    if (item->data == NULL) return NULL;
-    item->len = tmp/2;
-
-    while (str[i]) {
-        if ((str[i] >= '0') && (str[i] <= '9'))
-	    tmp = str[i] - '0';
-	else if ((str[i] >= 'a') && (str[i] <= 'f'))
-	    tmp = str[i] - 'a' + 10;
-	else if ((str[i] >= 'A') && (str[i] <= 'F'))
-	    tmp = str[i] - 'A' + 10;
-	else
-	    return NULL;
-
-	byteval = byteval * 16 + tmp;
-	if ((i % 2) != 0) {
-	    item->data[i/2] = byteval;
-	    byteval = 0;
-	}
-	i++;
-    }
-
-    return item;
-}
-
-/* Copy all of the fields from srcParams into dstParams
- */
-SECStatus
-EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
-	      const ECParams *srcParams)
-{
-    SECStatus rv = SECFailure;
-
-    dstParams->arena = arena;
-    dstParams->type = srcParams->type;
-    dstParams->fieldID.size = srcParams->fieldID.size;
-    dstParams->fieldID.type = srcParams->fieldID.type;
-    if (srcParams->fieldID.type == ec_field_GFp) {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
-	    &srcParams->fieldID.u.prime));
-    } else {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
-	    &srcParams->fieldID.u.poly));
-    }
-    dstParams->fieldID.k1 = srcParams->fieldID.k1;
-    dstParams->fieldID.k2 = srcParams->fieldID.k2;
-    dstParams->fieldID.k3 = srcParams->fieldID.k3;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
-	&srcParams->curve.a));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
-	&srcParams->curve.b));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
-	&srcParams->curve.seed));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
-	&srcParams->base));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
-	&srcParams->order));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
-	&srcParams->DEREncoding));
-	dstParams->name = srcParams->name;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
- 	&srcParams->curveOID));
-    dstParams->cofactor = srcParams->cofactor;
-
-    return SECSuccess;
-
-cleanup:
-    return SECFailure;
-}
-
-SECStatus
-EC_FillParams(PRArenaPool *arena, const SECItem *encodedParams, 
-    ECParams *params)
-{
-    SECOidTag tag;
-    SECItem oid = { siBuffer, NULL, 0};
-    const ECCurveParams *curveParams;
-    char genenc[2 + 2 * 2 * MAX_ECKEY_LEN];
-
-#if EC_DEBUG
-    int i;
-
-    printf("Encoded params in EC_DecodeParams: ");
-    for (i = 0; i < encodedParams->len; i++) {
-	    printf("%02x:", encodedParams->data[i]);
-    }
-    printf("\n");
-#endif
-
-    if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
-	(encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
-	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	    return SECFailure;
-    };
-
-    oid.len = encodedParams->len - 2;
-    oid.data = encodedParams->data + 2;
-    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
-	((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { 
-	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	    return SECFailure;
-    }
-
-    params->arena = arena;
-    params->cofactor = 0;
-    params->type = ec_params_named;
-    params->name = ECCurve_noName;
-
-    /* For named curves, fill out curveOID */
-    params->curveOID.len = oid.len;
-    params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len);
-    if (params->curveOID.data == NULL) goto cleanup;
-    memcpy(params->curveOID.data, oid.data, oid.len);
-
-#if EC_DEBUG
-    printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
-#endif
-
-    switch (tag) {
-
-#define GF2M_POPULATE \
-	if ((params->name < ECCurve_noName) || \
-	    (params->name > ECCurve_pastLastCurve)) goto cleanup; \
-	CHECK_OK(curveParams); \
-	params->fieldID.size = curveParams->size; \
-	params->fieldID.type = ec_field_GF2m; \
-	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly, \
-	    curveParams->irr)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, \
-	    curveParams->curvea)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, \
-	    curveParams->curveb)); \
-	genenc[0] = '0'; \
-	genenc[1] = '4'; \
-	genenc[2] = '\0'; \
-	CHECK_OK(strcat(genenc, curveParams->genx)); \
-	CHECK_OK(strcat(genenc, curveParams->geny)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->base, \
-	    genenc)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->order, \
-	    curveParams->order)); \
-	params->cofactor = curveParams->cofactor;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V1:
-	/* Populate params for c2pnb163v1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB163V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V2:
-	/* Populate params for c2pnb163v2 */
-	params->name = ECCurve_X9_62_CHAR2_PNB163V2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V3:
-	/* Populate params for c2pnb163v3 */
-	params->name = ECCurve_X9_62_CHAR2_PNB163V3;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB176V1:
-	/* Populate params for c2pnb176v1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB176V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V1:
-	/* Populate params for c2tnb191v1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB191V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V2:
-	/* Populate params for c2tnb191v2 */
-	params->name = ECCurve_X9_62_CHAR2_TNB191V2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V3:
-	/* Populate params for c2tnb191v3 */
-	params->name = ECCurve_X9_62_CHAR2_TNB191V3;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB208W1:
-	/* Populate params for c2pnb208w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB208W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V1:
-	/* Populate params for c2tnb239v1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB239V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V2:
-	/* Populate params for c2tnb239v2 */
-	params->name = ECCurve_X9_62_CHAR2_TNB239V2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V3:
-	/* Populate params for c2tnb239v3 */
-	params->name = ECCurve_X9_62_CHAR2_TNB239V3;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB272W1:
-	/* Populate params for c2pnb272w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB272W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB304W1:
-	/* Populate params for c2pnb304w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB304W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB359V1:
-	/* Populate params for c2tnb359v1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB359V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB368W1:
-	/* Populate params for c2pnb368w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB368W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB431R1:
-	/* Populate params for c2tnb431r1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB431R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-	
-    case SEC_OID_SECG_EC_SECT113R1:
-	/* Populate params for sect113r1 */
-	params->name = ECCurve_SECG_CHAR2_113R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT113R2:
-	/* Populate params for sect113r2 */
-	params->name = ECCurve_SECG_CHAR2_113R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT131R1:
-	/* Populate params for sect131r1 */
-	params->name = ECCurve_SECG_CHAR2_131R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT131R2:
-	/* Populate params for sect131r2 */
-	params->name = ECCurve_SECG_CHAR2_131R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT163K1:
-	/* Populate params for sect163k1
-	 * (the NIST K-163 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_163K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT163R1:
-	/* Populate params for sect163r1 */
-	params->name = ECCurve_SECG_CHAR2_163R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT163R2:
-	/* Populate params for sect163r2
-	 * (the NIST B-163 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_163R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT193R1:
-	/* Populate params for sect193r1 */
-	params->name = ECCurve_SECG_CHAR2_193R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT193R2:
-	/* Populate params for sect193r2 */
-	params->name = ECCurve_SECG_CHAR2_193R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT233K1:
-	/* Populate params for sect233k1
-	 * (the NIST K-233 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_233K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT233R1:
-	/* Populate params for sect233r1
-	 * (the NIST B-233 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_233R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT239K1:
-	/* Populate params for sect239k1 */
-	params->name = ECCurve_SECG_CHAR2_239K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT283K1:
-        /* Populate params for sect283k1
-	 * (the NIST K-283 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_283K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT283R1:
-	/* Populate params for sect283r1
-	 * (the NIST B-283 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_283R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT409K1:
-	/* Populate params for sect409k1
-	 * (the NIST K-409 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_409K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT409R1:
-	/* Populate params for sect409r1
-	 * (the NIST B-409 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_409R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT571K1:
-	/* Populate params for sect571k1
-	 * (the NIST K-571 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_571K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT571R1:
-	/* Populate params for sect571r1
-	 * (the NIST B-571 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_571R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-#define GFP_POPULATE \
-	if ((params->name < ECCurve_noName) || \
-	    (params->name > ECCurve_pastLastCurve)) goto cleanup; \
-	CHECK_OK(curveParams); \
-	params->fieldID.size = curveParams->size; \
-	params->fieldID.type = ec_field_GFp; \
-	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime, \
-	    curveParams->irr)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, \
-	    curveParams->curvea)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, \
-	    curveParams->curveb)); \
-	genenc[0] = '0'; \
-	genenc[1] = '4'; \
-	genenc[2] = '\0'; \
-	CHECK_OK(strcat(genenc, curveParams->genx)); \
-	CHECK_OK(strcat(genenc, curveParams->geny)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->base, \
-	    genenc)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->order, \
-	    curveParams->order)); \
-	params->cofactor = curveParams->cofactor;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V1:
-	/* Populate params for prime192v1 aka secp192r1 
-	 * (the NIST P-192 curve)
-	 */
-	params->name = ECCurve_X9_62_PRIME_192V1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V2:
-	/* Populate params for prime192v2 */
-	params->name = ECCurve_X9_62_PRIME_192V2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V3:
-	/* Populate params for prime192v3 */
-	params->name = ECCurve_X9_62_PRIME_192V3;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-	
-    case SEC_OID_ANSIX962_EC_PRIME239V1:
-	/* Populate params for prime239v1 */
-	params->name = ECCurve_X9_62_PRIME_239V1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME239V2:
-	/* Populate params for prime239v2 */
-	params->name = ECCurve_X9_62_PRIME_239V2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME239V3:
-	/* Populate params for prime239v3 */
-	params->name = ECCurve_X9_62_PRIME_239V3;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME256V1:
-	/* Populate params for prime256v1 aka secp256r1
-	 * (the NIST P-256 curve)
-	 */
-	params->name = ECCurve_X9_62_PRIME_256V1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP112R1:
-        /* Populate params for secp112r1 */
-	params->name = ECCurve_SECG_PRIME_112R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP112R2:
-        /* Populate params for secp112r2 */
-	params->name = ECCurve_SECG_PRIME_112R2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP128R1:
-        /* Populate params for secp128r1 */
-	params->name = ECCurve_SECG_PRIME_128R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP128R2:
-        /* Populate params for secp128r2 */
-	params->name = ECCurve_SECG_PRIME_128R2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-	
-    case SEC_OID_SECG_EC_SECP160K1:
-        /* Populate params for secp160k1 */
-	params->name = ECCurve_SECG_PRIME_160K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP160R1:
-        /* Populate params for secp160r1 */
-	params->name = ECCurve_SECG_PRIME_160R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP160R2:
-	/* Populate params for secp160r1 */
-	params->name = ECCurve_SECG_PRIME_160R2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP192K1:
-	/* Populate params for secp192k1 */
-	params->name = ECCurve_SECG_PRIME_192K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP224K1:
-	/* Populate params for secp224k1 */
-	params->name = ECCurve_SECG_PRIME_224K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP224R1:
-	/* Populate params for secp224r1 
-	 * (the NIST P-224 curve)
-	 */
-	params->name = ECCurve_SECG_PRIME_224R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP256K1:
-	/* Populate params for secp256k1 */
-	params->name = ECCurve_SECG_PRIME_256K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP384R1:
-	/* Populate params for secp384r1
-	 * (the NIST P-384 curve)
-	 */
-	params->name = ECCurve_SECG_PRIME_384R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP521R1:
-	/* Populate params for secp521r1 
-	 * (the NIST P-521 curve)
-	 */
-	params->name = ECCurve_SECG_PRIME_521R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    default:
-	break;
-    };
-
-cleanup:
-    if (!params->cofactor) {
-	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-#if EC_DEBUG
-	printf("Unrecognized curve, returning NULL params\n");
-#endif
-	return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
-{
-    PRArenaPool *arena;
-    ECParams *params;
-    SECStatus rv = SECFailure;
-
-    /* Initialize an arena for the ECParams structure */
-    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
-	return SECFailure;
-
-    params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
-    if (!params) {
-	PORT_FreeArena(arena, PR_TRUE);
-	return SECFailure;
-    }
-
-    /* Copy the encoded params */
-    SECITEM_AllocItem(arena, &(params->DEREncoding),
-	encodedParams->len);
-    memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
-
-    /* Fill out the rest of the ECParams structure based on 
-     * the encoded params 
-     */
-    rv = EC_FillParams(arena, encodedParams, params);
-    if (rv == SECFailure) {
-	PORT_FreeArena(arena, PR_TRUE);	
-	return SECFailure;
-    } else {
-	*ecparams = params;;
-	return SECSuccess;
-    }
-}
-
-#endif /* NSS_ENABLE_ECC */
--- a/mozilla/security/nss/lib/softoken/fipstest.c
+++ b/mozilla/security/nss/lib/softoken/fipstest.c
--- a/mozilla/security/nss/lib/softoken/fipstokn.c
+++ b/mozilla/security/nss/lib/softoken/fipstokn.c
@@ -1,996 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- *   This implementation has two slots:
- *	slot 1 is our generic crypto support. It does not require login
- *   (unless you've enabled FIPS). It supports Public Key ops, and all they
- *   bulk ciphers and hashes. It can also support Private Key ops for imported
- *   Private keys. It does not have any token storage.
- *	slot 2 is our private key support. It requires a login before use. It
- *   can store Private Keys and Certs as token objects. Currently only private
- *   keys and their associated Certificates are saved on the token.
- *
- *   In this implementation, session objects are only visible to the session
- *   that created or generated them.
- */
-#include "seccomon.h"
-#include "softoken.h"
-#include "lowkeyi.h"
-#include "pcert.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-
-
-/*
- * ******************** Password Utilities *******************************
- */
-static PRBool isLoggedIn = PR_FALSE;
-static PRBool fatalError = PR_FALSE;
-
-/* Fips required checks before any useful crypto graphic services */
-static CK_RV sftk_fipsCheck(void) {
-    if (isLoggedIn != PR_TRUE) 
-	return CKR_USER_NOT_LOGGED_IN;
-    if (fatalError) 
-	return CKR_DEVICE_ERROR;
-    return CKR_OK;
-}
-
-
-#define SFTK_FIPSCHECK() \
-    CK_RV rv; \
-    if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
-
-#define SFTK_FIPSFATALCHECK() \
-    if (fatalError) return CKR_DEVICE_ERROR;
-
-
-/* grab an attribute out of a raw template */
-void *
-fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate, 
-				CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type)
-{
-    int i;
-
-    for (i=0; i < (int) ulCount; i++) {
-	if (pTemplate[i].type == type) {
-	    return pTemplate[i].pValue;
-	}
-    }
-    return NULL;
-}
-
-
-#define __PASTE(x,y)	x##y
-
-/* ------------- forward declare all the NSC_ functions ------------- */
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(NS,name)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-/* ------------- forward declare all the FIPS functions ------------- */
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F,name)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-/* ------------- build the CK_CRYPTO_TABLE ------------------------- */
-static CK_FUNCTION_LIST sftk_fipsTable = {
-    { 1, 10 },
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) __PASTE(F,name),
-
-
-#include "pkcs11f.h"
-
-};
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-static CK_RV
-fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
-{
-    CK_RV rv;
-    CK_OBJECT_CLASS objClass;
-    CK_ATTRIBUTE class; 
-    class.type = CKA_CLASS;
-    class.pValue = &objClass;
-    class.ulValueLen = sizeof(objClass);
-    rv = NSC_GetAttributeValue(hSession, hObject, &class, 1);
-    if (rv == CKR_OK) {
-	if ((objClass == CKO_PRIVATE_KEY) || (objClass == CKO_SECRET_KEY)) {
-	    rv = sftk_fipsCheck();
-	}
-    }
-    return rv;
-}
-
-
-/**********************************************************************
- *
- *     Start of PKCS 11 functions 
- *
- **********************************************************************/
-/* return the function list */
-CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) {
-    *pFunctionList = &sftk_fipsTable;
-    return CKR_OK;
-}
-
-/* sigh global so pkcs11 can read it */
-PRBool nsf_init = PR_FALSE;
-
-/* FC_Initialize initializes the PKCS #11 library. */
-CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
-    CK_RV crv;
-
-    if (nsf_init) {
-	return CKR_CRYPTOKI_ALREADY_INITIALIZED;
-    }
-
-    crv = nsc_CommonInitialize(pReserved, PR_TRUE);
-
-    /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
-    if (crv != CKR_OK) {
-	fatalError = PR_TRUE;
-	return crv;
-    }
-
-    fatalError = PR_FALSE; /* any error has been reset */
-
-    crv = sftk_fipsPowerUpSelfTest();
-    if (crv != CKR_OK) {
-        nsc_CommonFinalize(NULL, PR_TRUE);
-	fatalError = PR_TRUE;
-	return crv;
-    }
-    nsf_init = PR_TRUE;
-
-    return CKR_OK;
-}
-
-/*FC_Finalize indicates that an application is done with the PKCS #11 library.*/
-CK_RV FC_Finalize (CK_VOID_PTR pReserved) {
-   CK_RV crv;
-   if (!nsf_init) {
-      return CKR_OK;
-   }
-   crv = nsc_CommonFinalize (pReserved, PR_TRUE);
-   nsf_init = (PRBool) !(crv == CKR_OK);
-   return crv;
-}
-
-
-/* FC_GetInfo returns general information about PKCS #11. */
-CK_RV  FC_GetInfo(CK_INFO_PTR pInfo) {
-    return NSC_GetInfo(pInfo);
-}
-
-/* FC_GetSlotList obtains a list of slots in the system. */
-CK_RV FC_GetSlotList(CK_BBOOL tokenPresent,
-	 		CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
-    return nsc_CommonGetSlotList(tokenPresent,pSlotList,pulCount,
-							 NSC_FIPS_MODULE);
-}
-	
-/* FC_GetSlotInfo obtains information about a particular slot in the system. */
-CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
-
-    CK_RV crv;
-
-    crv = NSC_GetSlotInfo(slotID,pInfo);
-    if (crv != CKR_OK) {
-	return crv;
-    }
-
-    return CKR_OK;
-}
-
-
-/*FC_GetTokenInfo obtains information about a particular token in the system.*/
- CK_RV FC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) {
-    CK_RV crv;
-
-    crv = NSC_GetTokenInfo(slotID,pInfo);
-    pInfo->flags |= CKF_RNG | CKF_LOGIN_REQUIRED;
-    return crv;
-
-}
-
-
-
-/*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/
- CK_RV FC_GetMechanismList(CK_SLOT_ID slotID,
-	CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount) {
-    SFTK_FIPSFATALCHECK();
-    if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
-    /* FIPS Slot supports all functions */
-    return NSC_GetMechanismList(slotID,pMechanismList,pusCount);
-}
-
-
-/* FC_GetMechanismInfo obtains information about a particular mechanism 
- * possibly supported by a token. */
- CK_RV FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
-    					CK_MECHANISM_INFO_PTR pInfo) {
-    SFTK_FIPSFATALCHECK();
-    if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
-    /* FIPS Slot supports all functions */
-    return NSC_GetMechanismInfo(slotID,type,pInfo);
-}
-
-
-/* FC_InitToken initializes a token. */
- CK_RV FC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin,
- 				CK_ULONG usPinLen,CK_CHAR_PTR pLabel) {
-    return CKR_HOST_MEMORY; /*is this the right function for not implemented*/
-}
-
-
-/* FC_InitPIN initializes the normal user's PIN. */
- CK_RV FC_InitPIN(CK_SESSION_HANDLE hSession,
-    					CK_CHAR_PTR pPin, CK_ULONG ulPinLen) {
-    return NSC_InitPIN(hSession,pPin,ulPinLen);
-}
-
-
-/* FC_SetPIN modifies the PIN of user that is currently logged in. */
-/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
- CK_RV FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
-    CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen) {
-    CK_RV rv;
-    if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
-    return NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen);
-}
-
-/* FC_OpenSession opens a session between an application and a token. */
- CK_RV FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
-   CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession);
-}
-
-
-/* FC_CloseSession closes a session between an application and a token. */
- CK_RV FC_CloseSession(CK_SESSION_HANDLE hSession) {
-    return NSC_CloseSession(hSession);
-}
-
-
-/* FC_CloseAllSessions closes all sessions with a token. */
- CK_RV FC_CloseAllSessions (CK_SLOT_ID slotID) {
-    return NSC_CloseAllSessions (slotID);
-}
-
-
-/* FC_GetSessionInfo obtains information about the session. */
- CK_RV FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
-						CK_SESSION_INFO_PTR pInfo) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-
-    rv = NSC_GetSessionInfo(hSession,pInfo);
-    if (rv == CKR_OK) {
-	if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
-		pInfo->state = CKS_RO_USER_FUNCTIONS;
-	}
-	if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
-		pInfo->state = CKS_RW_USER_FUNCTIONS;
-	}
-    }
-    return rv;
-}
-
-/* FC_Login logs a user into a token. */
- CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
-				    CK_CHAR_PTR pPin, CK_ULONG usPinLen) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = NSC_Login(hSession,userType,pPin,usPinLen);
-    if (rv == CKR_OK)
-	isLoggedIn = PR_TRUE;
-    else if (rv == CKR_USER_ALREADY_LOGGED_IN)
-    {
-	isLoggedIn = PR_TRUE;
-
-	/* Provide FIPS PUB 140-1 power-up self-tests on demand. */
-	rv = sftk_fipsPowerUpSelfTest();
-	if (rv == CKR_OK)
-		return CKR_USER_ALREADY_LOGGED_IN;
-	else
-		fatalError = PR_TRUE;
-    }
-    return rv;
-}
-
-/* FC_Logout logs a user out from a token. */
- CK_RV FC_Logout(CK_SESSION_HANDLE hSession) {
-    SFTK_FIPSCHECK();
- 
-    rv = NSC_Logout(hSession);
-    isLoggedIn = PR_FALSE;
-    return rv;
-}
-
-
-/* FC_CreateObject creates a new object. */
- CK_RV FC_CreateObject(CK_SESSION_HANDLE hSession,
-		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 
-					CK_OBJECT_HANDLE_PTR phObject) {
-    CK_OBJECT_CLASS * classptr;
-    SFTK_FIPSCHECK();
-    classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS);
-    if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;
-
-    /* FIPS can't create keys from raw key material */
-    if ((*classptr == CKO_SECRET_KEY) || (*classptr == CKO_PRIVATE_KEY)) {
-	return CKR_ATTRIBUTE_VALUE_INVALID;
-    }
-    return NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
-}
-
-
-
-
-
-/* FC_CopyObject copies an object, creating a new object for the copy. */
- CK_RV FC_CopyObject(CK_SESSION_HANDLE hSession,
-       CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount,
-					CK_OBJECT_HANDLE_PTR phNewObject) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_CopyObject(hSession,hObject,pTemplate,usCount,phNewObject);
-}
-
-
-/* FC_DestroyObject destroys an object. */
- CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession,
-		 				CK_OBJECT_HANDLE hObject) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_DestroyObject(hSession,hObject);
-}
-
-
-/* FC_GetObjectSize gets the size of an object in bytes. */
- CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession,
-    			CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pusSize) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_GetObjectSize(hSession, hObject, pusSize);
-}
-
-
-/* FC_GetAttributeValue obtains the value of one or more object attributes. */
- CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_GetAttributeValue(hSession,hObject,pTemplate,usCount);
-}
-
-
-/* FC_SetAttributeValue modifies the value of one or more object attributes */
- CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_SetAttributeValue(hSession,hObject,pTemplate,usCount);
-}
-
-
-
-/* FC_FindObjectsInit initializes a search for token and session objects 
- * that match a template. */
- CK_RV FC_FindObjectsInit(CK_SESSION_HANDLE hSession,
-    			CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
-    /* let publically readable object be found */
-    int i;
-    CK_RV rv;
-    PRBool needLogin = PR_FALSE;
-
-    SFTK_FIPSFATALCHECK();
-
-    for (i=0; i < usCount; i++) {
-	CK_OBJECT_CLASS class;
-	if (pTemplate[i].type != CKA_CLASS) {
-	    continue;
-	}
-	if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
-	    continue;
-	}
-	if (pTemplate[i].pValue == NULL) {
-	    continue;
-	}
-	class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
-	if ((class == CKO_PRIVATE_KEY) || (class == CKO_SECRET_KEY)) {
-	    needLogin = PR_TRUE;
-	    break;
-	}
-    }
-    if (needLogin) {
-	if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
-    }
-    return NSC_FindObjectsInit(hSession,pTemplate,usCount);
-}
-
-
-/* FC_FindObjects continues a search for token and session objects 
- * that match a template, obtaining additional object handles. */
- CK_RV FC_FindObjects(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE_PTR phObject,CK_ULONG usMaxObjectCount,
-    					CK_ULONG_PTR pusObjectCount) {
-    /* let publically readable object be found */
-    SFTK_FIPSFATALCHECK();
-    return NSC_FindObjects(hSession,phObject,usMaxObjectCount,
-    							pusObjectCount);
-}
-
-
-/*
- ************** Crypto Functions:     Encrypt ************************
- */
-
-/* FC_EncryptInit initializes an encryption operation. */
- CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession,
-		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_EncryptInit(hSession,pMechanism,hKey);
-}
-
-/* FC_Encrypt encrypts single-part data. */
- CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-    		CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
-					 CK_ULONG_PTR pusEncryptedDataLen) {
-    SFTK_FIPSCHECK();
-    return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData,
-							pusEncryptedDataLen);
-}
-
-
-/* FC_EncryptUpdate continues a multiple-part encryption operation. */
- CK_RV FC_EncryptUpdate(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,	
-					CK_ULONG_PTR pusEncryptedPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart,
-						pusEncryptedPartLen);
-}
-
-
-/* FC_EncryptFinal finishes a multiple-part encryption operation. */
- CK_RV FC_EncryptFinal(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_EncryptFinal(hSession,pLastEncryptedPart,
-						pusLastEncryptedPartLen);
-}
-
-/*
- ************** Crypto Functions:     Decrypt ************************
- */
-
-
-/* FC_DecryptInit initializes a decryption operation. */
- CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession,
-			 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_DecryptInit(hSession,pMechanism,hKey);
-}
-
-/* FC_Decrypt decrypts encrypted data in a single part. */
- CK_RV FC_Decrypt(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pEncryptedData,CK_ULONG usEncryptedDataLen,CK_BYTE_PTR pData,
-    						CK_ULONG_PTR pusDataLen) {
-    SFTK_FIPSCHECK();
-    return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData,
-    								pusDataLen);
-}
-
-
-/* FC_DecryptUpdate continues a multiple-part decryption operation. */
- CK_RV FC_DecryptUpdate(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen,
-    				CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen,
-    							pPart,pusPartLen);
-}
-
-
-/* FC_DecryptFinal finishes a multiple-part decryption operation. */
- CK_RV FC_DecryptFinal(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen);
-}
-
-
-/*
- ************** Crypto Functions:     Digest (HASH)  ************************
- */
-
-/* FC_DigestInit initializes a message-digesting operation. */
- CK_RV FC_DigestInit(CK_SESSION_HANDLE hSession,
-    					CK_MECHANISM_PTR pMechanism) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_DigestInit(hSession, pMechanism);
-}
-
-
-/* FC_Digest digests data in a single part. */
- CK_RV FC_Digest(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
-    						CK_ULONG_PTR pusDigestLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen);
-}
-
-
-/* FC_DigestUpdate continues a multiple-part message-digesting operation. */
- CK_RV FC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
-					    CK_ULONG usPartLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_DigestUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_DigestFinal finishes a multiple-part message-digesting operation. */
- CK_RV FC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest,
-    						CK_ULONG_PTR pusDigestLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_DigestFinal(hSession,pDigest,pusDigestLen);
-}
-
-
-/*
- ************** Crypto Functions:     Sign  ************************
- */
-
-/* FC_SignInit initializes a signature (private key encryption) operation,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignInit(CK_SESSION_HANDLE hSession,
-		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_SignInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_Sign signs (encrypts with private key) data in a single part,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_Sign(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pData,CK_ULONG usDataLen,CK_BYTE_PTR pSignature,
-    					CK_ULONG_PTR pusSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen);
-}
-
-
-/* FC_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
-    							CK_ULONG usPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_SignUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_SignFinal finishes a multiple-part signature operation, 
- * returning the signature. */
- CK_RV FC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,
-					    CK_ULONG_PTR pusSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_SignFinal(hSession,pSignature,pusSignatureLen);
-}
-
-/*
- ************** Crypto Functions:     Sign Recover  ************************
- */
-/* FC_SignRecoverInit initializes a signature operation,
- * where the (digest) data can be recovered from the signature. 
- * E.g. encryption with the user's private key */
- CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
-			 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_SignRecoverInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_SignRecover signs data in a single operation
- * where the (digest) data can be recovered from the signature. 
- * E.g. encryption with the user's private key */
- CK_RV FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-  CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen);
-}
-
-/*
- ************** Crypto Functions:     verify  ************************
- */
-
-/* FC_VerifyInit initializes a verification operation, 
- * where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature (e.g. DSA) */
- CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession,
-			   CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_Verify verifies a signature in a single-part operation, 
- * where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-    CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen) {
-    /* make sure we're legal */
-    SFTK_FIPSCHECK();
-    return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen);
-}
-
-
-/* FC_VerifyUpdate continues a multiple-part verification operation, 
- * where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
-						CK_ULONG usPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_VerifyFinal finishes a multiple-part verification operation, 
- * checking the signature. */
- CK_RV FC_VerifyFinal(CK_SESSION_HANDLE hSession,
-			CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyFinal(hSession,pSignature,usSignatureLen);
-}
-
-/*
- ************** Crypto Functions:     Verify  Recover ************************
- */
-
-/* FC_VerifyRecoverInit initializes a signature verification operation, 
- * where the data is recovered from the signature. 
- * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
-			CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_VerifyRecover verifies a signature in a single-part operation, 
- * where the data is recovered from the signature. 
- * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecover(CK_SESSION_HANDLE hSession,
-		 CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen,
-    				CK_BYTE_PTR pData,CK_ULONG_PTR pusDataLen) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData,
-								pusDataLen);
-}
-
-/*
- **************************** Key Functions:  ************************
- */
-
-/* FC_GenerateKey generates a secret key, creating a new key object. */
- CK_RV FC_GenerateKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,
-    						CK_OBJECT_HANDLE_PTR phKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all secret keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-
-    return NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey);
-}
-
-
-/* FC_GenerateKeyPair generates a public-key/private-key pair, 
- * creating new key objects. */
- CK_RV FC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
-    CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
-    CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
-					CK_OBJECT_HANDLE_PTR phPrivateKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all private keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pPrivateKeyTemplate, 
-				usPrivateKeyAttributeCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-    return NSC_GenerateKeyPair (hSession,pMechanism,pPublicKeyTemplate,
-    		usPublicKeyAttributeCount,pPrivateKeyTemplate,
-		usPrivateKeyAttributeCount,phPublicKey,phPrivateKey);
-}
-
-
-/* FC_WrapKey wraps (i.e., encrypts) a key. */
- CK_RV FC_WrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
-    CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
-					 CK_ULONG_PTR pusWrappedKeyLen) {
-    SFTK_FIPSCHECK();
-    return NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
-							pusWrappedKeyLen);
-}
-
-
-/* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
- CK_RV FC_UnwrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
-    CK_BYTE_PTR pWrappedKey, CK_ULONG usWrappedKeyLen,
-    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount,
-						 CK_OBJECT_HANDLE_PTR phKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all secret keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					usAttributeCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-    return NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
-			usWrappedKeyLen,pTemplate,usAttributeCount,phKey);
-}
-
-
-/* FC_DeriveKey derives a key from a base key, creating a new key object. */
- CK_RV FC_DeriveKey( CK_SESSION_HANDLE hSession,
-	 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
-	 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount, 
-						CK_OBJECT_HANDLE_PTR phKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all secret keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					usAttributeCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-    return NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
-			usAttributeCount, phKey);
-}
-
-/*
- **************************** Radom Functions:  ************************
- */
-
-/* FC_SeedRandom mixes additional seed material into the token's random number 
- * generator. */
- CK_RV FC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
-    CK_ULONG usSeedLen) {
-    CK_RV crv;
-
-    SFTK_FIPSFATALCHECK();
-    crv = NSC_SeedRandom(hSession,pSeed,usSeedLen);
-    if (crv != CKR_OK) {
-	fatalError = PR_TRUE;
-    }
-    return crv;
-}
-
-
-/* FC_GenerateRandom generates random data. */
- CK_RV FC_GenerateRandom(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR	pRandomData, CK_ULONG usRandomLen) {
-    CK_RV crv;
-
-    SFTK_FIPSFATALCHECK();
-    crv = NSC_GenerateRandom(hSession,pRandomData,usRandomLen);
-    if (crv != CKR_OK) {
-	fatalError = PR_TRUE;
-    }
-    return crv;
-}
-
-
-/* FC_GetFunctionStatus obtains an updated status of a function running 
- * in parallel with an application. */
- CK_RV FC_GetFunctionStatus(CK_SESSION_HANDLE hSession) {
-    SFTK_FIPSCHECK();
-    return NSC_GetFunctionStatus(hSession);
-}
-
-
-/* FC_CancelFunction cancels a function running in parallel */
- CK_RV FC_CancelFunction(CK_SESSION_HANDLE hSession) {
-    SFTK_FIPSCHECK();
-    return NSC_CancelFunction(hSession);
-}
-
-/*
- ****************************  Version 1.1 Functions:  ************************
- */
-
-/* FC_GetOperationState saves the state of the cryptographic 
- *operation in a session. */
-CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pOperationState, CK_ULONG_PTR pulOperationStateLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen);
-}
-
-
-/* FC_SetOperationState restores the state of the cryptographic operation 
- * in a session. */
-CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pOperationState, CK_ULONG  ulOperationStateLen,
-        CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen,
-        				hEncryptionKey,hAuthenticationKey);
-}
-
-/* FC_FindObjectsFinal finishes a search for token and session objects. */
-CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
-    /* let publically readable object be found */
-    SFTK_FIPSFATALCHECK();
-    return NSC_FindObjectsFinal(hSession);
-}
-
-
-/* Dual-function cryptographic operations */
-
-/* FC_DigestEncryptUpdate continues a multiple-part digesting and encryption 
- * operation. */
-CK_RV FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR  pPart,
-    CK_ULONG  ulPartLen, CK_BYTE_PTR  pEncryptedPart,
-					 CK_ULONG_PTR pulEncryptedPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
-					 pulEncryptedPartLen);
-}
-
-
-/* FC_DecryptDigestUpdate continues a multiple-part decryption and digesting 
- * operation. */
-CK_RV FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
-     CK_BYTE_PTR  pEncryptedPart, CK_ULONG  ulEncryptedPartLen,
-    				CK_BYTE_PTR  pPart, CK_ULONG_PTR pulPartLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen,
-    				pPart,pulPartLen);
-}
-
-/* FC_SignEncryptUpdate continues a multiple-part signing and encryption 
- * operation. */
-CK_RV FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR  pPart,
-	 CK_ULONG  ulPartLen, CK_BYTE_PTR  pEncryptedPart,
-					 CK_ULONG_PTR pulEncryptedPartLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
-					 pulEncryptedPartLen);
-}
-
-/* FC_DecryptVerifyUpdate continues a multiple-part decryption and verify 
- * operation. */
-CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pEncryptedData, CK_ULONG  ulEncryptedDataLen, 
-				CK_BYTE_PTR  pData, CK_ULONG_PTR pulDataLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen, 
-				pData,pulDataLen);
-}
-
-
-/* FC_DigestKey continues a multi-part message-digesting operation,
- * by digesting the value of a secret key as part of the data already digested.
- */
-CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_DigestKey(hSession,hKey);
-}
-
-
-CK_RV FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
-							 CK_VOID_PTR pReserved)
-{
-    return NSC_WaitForSlotEvent(flags, pSlot, pReserved);
-}
--- a/mozilla/security/nss/lib/softoken/keydb.c
+++ b/mozilla/security/nss/lib/softoken/keydb.c
--- a/mozilla/security/nss/lib/softoken/keydbi.h
+++ b/mozilla/security/nss/lib/softoken/keydbi.h
@@ -1,84 +0,0 @@
-/*
- * private.h - Private data structures for the software token library
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: keydbi.h,v 1.6 2004-04-27 23:04:38 gerv%gerv.net Exp $ */
-
-#ifndef _KEYDBI_H_
-#define _KEYDBI_H_
-
-#include "nspr.h"
-#include "seccomon.h"
-#include "mcom_db.h"
-
-/*
- * Handle structure for open key databases
- */
-struct NSSLOWKEYDBHandleStr {
-    DB *db;
-    DB *updatedb;		/* used when updating an old version */
-    SECItem *global_salt;	/* password hashing salt for this db */
-    int version;		/* version of the database */
-    char *appname;		/* multiaccess app name */
-    char *dbname;		/* name of the openned DB */
-    PRBool readOnly;		/* is the DB read only */
-};
-
-/*
-** Typedef for callback for traversing key database.
-**      "key" is the key used to index the data in the database (nickname)
-**      "data" is the key data
-**      "pdata" is the user's data 
-*/
-typedef SECStatus (* NSSLOWKEYTraverseKeysFunc)(DBT *key, DBT *data, void *pdata);
-
-
-SEC_BEGIN_PROTOS
-
-/*
-** Traverse the entire key database, and pass the nicknames and keys to a 
-** user supplied function.
-**      "f" is the user function to call for each key
-**      "udata" is the user's data, which is passed through to "f"
-*/
-extern SECStatus nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle, 
-				NSSLOWKEYTraverseKeysFunc f,
-				void *udata);
-
-SEC_END_PROTOS
-
-#endif /* _KEYDBI_H_ */
--- a/mozilla/security/nss/lib/softoken/lowcert.c
+++ b/mozilla/security/nss/lib/softoken/lowcert.c
@@ -1,625 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
- * Certificate handling code
- *
- * $Id: lowcert.c,v 1.18 2004-04-25 15:03:16 gerv%gerv.net Exp $
- */
-
-#include "seccomon.h"
-#include "secder.h"
-#include "nssilock.h"
-#include "prmon.h"
-#include "prtime.h"
-#include "lowkeyi.h"
-#include "pcert.h"
-#include "secasn1.h"
-#include "secoid.h"
-
-#ifdef NSS_ENABLE_ECC
-extern SECStatus EC_FillParams(PRArenaPool *arena, 
-			       const SECItem *encodedParams,
-			       ECParams *params);
-#endif
-
-static const SEC_ASN1Template nsslowcert_SubjectPublicKeyInfoTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWCERTSubjectPublicKeyInfo) },
-    { SEC_ASN1_INLINE, offsetof(NSSLOWCERTSubjectPublicKeyInfo,algorithm),
-          SECOID_AlgorithmIDTemplate },
-    { SEC_ASN1_BIT_STRING,
-          offsetof(NSSLOWCERTSubjectPublicKeyInfo,subjectPublicKey), },
-    { 0, }
-};
-
-static const SEC_ASN1Template nsslowcert_RSAPublicKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPublicKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.modulus), },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.publicExponent), },
-    { 0, }
-};
-static const SEC_ASN1Template nsslowcert_DSAPublicKeyTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dsa.publicValue), },
-    { 0, }
-};
-static const SEC_ASN1Template nsslowcert_DHPublicKeyTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dh.publicValue), },
-    { 0, }
-};
-
-/*
- * See bugzilla bug 125359
- * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
- * all of the templates above that en/decode into integers must be converted
- * from ASN.1's signed integer type.  This is done by marking either the
- * source or destination (encoding or decoding, respectively) type as
- * siUnsignedInteger.
- */
-
-static void
-prepare_low_rsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
-{
-    pubk->u.rsa.modulus.type = siUnsignedInteger;
-    pubk->u.rsa.publicExponent.type = siUnsignedInteger;
-}
-
-static void
-prepare_low_dsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
-{
-    pubk->u.dsa.publicValue.type = siUnsignedInteger;
-    pubk->u.dsa.params.prime.type = siUnsignedInteger;
-    pubk->u.dsa.params.subPrime.type = siUnsignedInteger;
-    pubk->u.dsa.params.base.type = siUnsignedInteger;
-}
-
-static void
-prepare_low_dh_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
-{
-    pubk->u.dh.prime.type = siUnsignedInteger;
-    pubk->u.dh.base.type = siUnsignedInteger;
-    pubk->u.dh.publicValue.type = siUnsignedInteger;
-}
-
-/*
- * Allow use of default cert database, so that apps(such as mozilla) don't
- * have to pass the handle all over the place.
- */
-static NSSLOWCERTCertDBHandle *default_pcert_db_handle = 0;
-
-void
-nsslowcert_SetDefaultCertDB(NSSLOWCERTCertDBHandle *handle)
-{
-    default_pcert_db_handle = handle;
-    
-    return;
-}
-
-NSSLOWCERTCertDBHandle *
-nsslowcert_GetDefaultCertDB(void)
-{
-    return(default_pcert_db_handle);
-}
-
-/*
- * simple cert decoder to avoid the cost of asn1 engine
- */ 
-static unsigned char *
-nsslowcert_dataStart(unsigned char *buf, unsigned int length, 
-			unsigned int *data_length, PRBool includeTag,
-                        unsigned char* rettag) {
-    unsigned char tag;
-    unsigned int used_length= 0;
-
-    tag = buf[used_length++];
-
-    if (rettag) {
-        *rettag = tag;
-    }
-
-    /* blow out when we come to the end */
-    if (tag == 0) {
-	return NULL;
-    }
-
-    *data_length = buf[used_length++];
-
-    if (*data_length&0x80) {
-	int  len_count = *data_length & 0x7f;
-
-	*data_length = 0;
-
-	while (len_count-- > 0) {
-	    *data_length = (*data_length << 8) | buf[used_length++];
-	} 
-    }
-
-    if (*data_length > (length-used_length) ) {
-	*data_length = length-used_length;
-	return NULL;
-    }
-    if (includeTag) *data_length += used_length;
-
-    return (buf + (includeTag ? 0 : used_length));	
-}
-
-static void SetTimeType(SECItem* item, unsigned char tagtype)
-{
-    switch (tagtype) {
-        case SEC_ASN1_UTC_TIME:
-            item->type = siUTCTime;
-            break;
-
-        case SEC_ASN1_GENERALIZED_TIME:
-            item->type = siGeneralizedTime;
-            break;
-
-        default:
-            PORT_Assert(0);
-            break;
-    }
-}
-
-static int
-nsslowcert_GetValidityFields(unsigned char *buf,int buf_length,
-	SECItem *notBefore, SECItem *notAfter)
-{
-    unsigned char tagtype;
-    notBefore->data = nsslowcert_dataStart(buf,buf_length,
-						&notBefore->len,PR_FALSE, &tagtype);
-    if (notBefore->data == NULL) return SECFailure;
-    SetTimeType(notBefore, tagtype);
-    buf_length -= (notBefore->data-buf) + notBefore->len;
-    buf = notBefore->data + notBefore->len;
-    notAfter->data = nsslowcert_dataStart(buf,buf_length,
-						&notAfter->len,PR_FALSE, &tagtype);
-    if (notAfter->data == NULL) return SECFailure;
-    SetTimeType(notAfter, tagtype);
-    return SECSuccess;
-}
-
-static int
-nsslowcert_GetCertFields(unsigned char *cert,int cert_length,
-	SECItem *issuer, SECItem *serial, SECItem *derSN, SECItem *subject,
-	SECItem *valid, SECItem *subjkey)
-{
-    unsigned char *buf;
-    unsigned int buf_length;
-    unsigned char *dummy;
-    unsigned int dummylen;
-
-    /* get past the signature wrap */
-    buf = nsslowcert_dataStart(cert,cert_length,&buf_length,PR_FALSE, NULL);
-    if (buf == NULL) return SECFailure;
-    /* get into the raw cert data */
-    buf = nsslowcert_dataStart(buf,buf_length,&buf_length,PR_FALSE, NULL);
-    if (buf == NULL) return SECFailure;
-    /* skip past any optional version number */
-    if ((buf[0] & 0xa0) == 0xa0) {
-	dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
-	if (dummy == NULL) return SECFailure;
-	buf_length -= (dummy-buf) + dummylen;
-	buf = dummy + dummylen;
-    }
-    /* serial number */
-    if (derSN) {
-	derSN->data=nsslowcert_dataStart(buf,buf_length,&derSN->len,PR_TRUE, NULL);
-    }
-    serial->data = nsslowcert_dataStart(buf,buf_length,&serial->len,PR_FALSE, NULL);
-    if (serial->data == NULL) return SECFailure;
-    buf_length -= (serial->data-buf) + serial->len;
-    buf = serial->data + serial->len;
-    /* skip the OID */
-    dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
-    if (dummy == NULL) return SECFailure;
-    buf_length -= (dummy-buf) + dummylen;
-    buf = dummy + dummylen;
-    /* issuer */
-    issuer->data = nsslowcert_dataStart(buf,buf_length,&issuer->len,PR_TRUE, NULL);
-    if (issuer->data == NULL) return SECFailure;
-    buf_length -= (issuer->data-buf) + issuer->len;
-    buf = issuer->data + issuer->len;
-
-    /* only wanted issuer/SN */
-    if (valid == NULL) {
-	return SECSuccess;
-    }
-    /* validity */
-    valid->data = nsslowcert_dataStart(buf,buf_length,&valid->len,PR_FALSE, NULL);
-    if (valid->data == NULL) return SECFailure;
-    buf_length -= (valid->data-buf) + valid->len;
-    buf = valid->data + valid->len;
-    /*subject */
-    subject->data=nsslowcert_dataStart(buf,buf_length,&subject->len,PR_TRUE, NULL);
-    if (subject->data == NULL) return SECFailure;
-    buf_length -= (subject->data-buf) + subject->len;
-    buf = subject->data + subject->len;
-    /* subject  key info */
-    subjkey->data=nsslowcert_dataStart(buf,buf_length,&subjkey->len,PR_TRUE, NULL);
-    if (subjkey->data == NULL) return SECFailure;
-    buf_length -= (subjkey->data-buf) + subjkey->len;
-    buf = subjkey->data + subjkey->len;
-    return SECSuccess;
-}
-
-SECStatus
-nsslowcert_GetCertTimes(NSSLOWCERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
-{
-    int rv;
-    NSSLOWCERTValidity validity;
-
-    rv = nsslowcert_GetValidityFields(c->validity.data,c->validity.len,
-				&validity.notBefore,&validity.notAfter);
-    if (rv != SECSuccess) {
-	return rv;
-    }
-    
-    /* convert DER not-before time */
-    rv = DER_DecodeTimeChoice(notBefore, &validity.notBefore);
-    if (rv) {
-        return(SECFailure);
-    }
-    
-    /* convert DER not-after time */
-    rv = DER_DecodeTimeChoice(notAfter, &validity.notAfter);
-    if (rv) {
-        return(SECFailure);
-    }
-
-    return(SECSuccess);
-}
-
-/*
- * is certa newer than certb?  If one is expired, pick the other one.
- */
-PRBool
-nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb)
-{
-    PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now;
-    SECStatus rv;
-    PRBool newerbefore, newerafter;
-    
-    rv = nsslowcert_GetCertTimes(certa, &notBeforeA, &notAfterA);
-    if ( rv != SECSuccess ) {
-	return(PR_FALSE);
-    }
-    
-    rv = nsslowcert_GetCertTimes(certb, &notBeforeB, &notAfterB);
-    if ( rv != SECSuccess ) {
-	return(PR_TRUE);
-    }
-
-    newerbefore = PR_FALSE;
-    if ( LL_CMP(notBeforeA, >, notBeforeB) ) {
-	newerbefore = PR_TRUE;
-    }
-
-    newerafter = PR_FALSE;
-    if ( LL_CMP(notAfterA, >, notAfterB) ) {
-	newerafter = PR_TRUE;
-    }
-    
-    if ( newerbefore && newerafter ) {
-	return(PR_TRUE);
-    }
-    
-    if ( ( !newerbefore ) && ( !newerafter ) ) {
-	return(PR_FALSE);
-    }
-
-    /* get current time */
-    now = PR_Now();
-
-    if ( newerbefore ) {
-	/* cert A was issued after cert B, but expires sooner */
-	/* if A is expired, then pick B */
-	if ( LL_CMP(notAfterA, <, now ) ) {
-	    return(PR_FALSE);
-	}
-	return(PR_TRUE);
-    } else {
-	/* cert B was issued after cert A, but expires sooner */
-	/* if B is expired, then pick A */
-	if ( LL_CMP(notAfterB, <, now ) ) {
-	    return(PR_TRUE);
-	}
-	return(PR_FALSE);
-    }
-}
-
-#define SOFT_DEFAULT_CHUNKSIZE 2048
-
-
-static SECStatus
-nsslowcert_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn,
-			SECItem *key)
-{
-    unsigned int len = sn->len + issuer->len;
-
-
-    if (arena) {
-	key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
-    } else {
-	if (len > key->len) {
-	    key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
-	}
-    }
-    if ( !key->data ) {
-	goto loser;
-    }
-
-    key->len = len;
-    /* copy the serialNumber */
-    PORT_Memcpy(key->data, sn->data, sn->len);
-
-    /* copy the issuer */
-    PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
-
-    return(SECSuccess);
-
-loser:
-    return(SECFailure);
-}
-
-
-
-/*
- * take a DER certificate and decode it into a certificate structure
- */
-NSSLOWCERTCertificate *
-nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname)
-{
-    NSSLOWCERTCertificate *cert;
-    int rv;
-
-    /* allocate the certificate structure */
-    cert = nsslowcert_CreateCert();
-    
-    if ( !cert ) {
-	goto loser;
-    }
-    
-	/* point to passed in DER data */
-    cert->derCert = *derSignedCert;
-    cert->nickname = NULL;
-    cert->certKey.data = NULL;
-    cert->referenceCount = 1;
-
-    /* decode the certificate info */
-    rv = nsslowcert_GetCertFields(cert->derCert.data, cert->derCert.len,
-	&cert->derIssuer, &cert->serialNumber, &cert->derSN, &cert->derSubject,
-	&cert->validity, &cert->derSubjKeyInfo);
-
-    /* cert->subjectKeyID;	 x509v3 subject key identifier */
-    cert->subjectKeyID.data = NULL;
-    cert->subjectKeyID.len = 0;
-    cert->dbEntry = NULL;
-    cert ->trust = NULL;
-
-    /* generate and save the database key for the cert */
-    cert->certKey.data = cert->certKeySpace;
-    cert->certKey.len = sizeof(cert->certKeySpace);
-    rv = nsslowcert_KeyFromIssuerAndSN(NULL, &cert->derIssuer, 
-					&cert->serialNumber, &cert->certKey);
-    if ( rv ) {
-	goto loser;
-    }
-
-    /* set the nickname */
-    if ( nickname == NULL ) {
-	cert->nickname = NULL;
-    } else {
-	/* copy and install the nickname */
-	cert->nickname = pkcs11_copyNickname(nickname,cert->nicknameSpace,
-				sizeof(cert->nicknameSpace));
-    }
-
-#ifdef FIXME
-    /* initialize the subjectKeyID */
-    rv = cert_GetKeyID(cert);
-    if ( rv != SECSuccess ) {
-	goto loser;
-    }
-
-    /* set the email address */
-    cert->emailAddr = CERT_GetCertificateEmailAddress(cert);
-    
-#endif
-    
-    cert->referenceCount = 1;
-    
-    return(cert);
-    
-loser:
-    if (cert) {
-	nsslowcert_DestroyCertificate(cert);
-    }
-    
-    return(0);
-}
-
-char *
-nsslowcert_FixupEmailAddr(char *emailAddr)
-{
-    char *retaddr;
-    char *str;
-
-    if ( emailAddr == NULL ) {
-	return(NULL);
-    }
-    
-    /* copy the string */
-    str = retaddr = PORT_Strdup(emailAddr);
-    if ( str == NULL ) {
-	return(NULL);
-    }
-    
-    /* make it lower case */
-    while ( *str ) {
-	*str = tolower( *str );
-	str++;
-    }
-    
-    return(retaddr);
-}
-
-
-/*
- * Generate a database key, based on serial number and issuer, from a
- * DER certificate.
- */
-SECStatus
-nsslowcert_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key)
-{
-    int rv;
-    NSSLOWCERTCertKey certkey;
-
-    PORT_Memset(&certkey, 0, sizeof(NSSLOWCERTCertKey));    
-
-    rv = nsslowcert_GetCertFields(derCert->data, derCert->len,
-	&certkey.derIssuer, &certkey.serialNumber, NULL, NULL, NULL, NULL);
-
-    if ( rv ) {
-	goto loser;
-    }
-
-    return(nsslowcert_KeyFromIssuerAndSN(arena, &certkey.derIssuer,
-				   &certkey.serialNumber, key));
-loser:
-    return(SECFailure);
-}
-
-NSSLOWKEYPublicKey *
-nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
-{
-    NSSLOWCERTSubjectPublicKeyInfo spki;
-    NSSLOWKEYPublicKey *pubk;
-    SECItem os;
-    SECStatus rv;
-    PRArenaPool *arena;
-    SECOidTag tag;
-    SECItem newDerSubjKeyInfo;
-
-    arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL)
-        return NULL;
-
-    pubk = (NSSLOWKEYPublicKey *) 
-		PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey));
-    if (pubk == NULL) {
-        PORT_FreeArena (arena, PR_FALSE);
-        return NULL;
-    }
-
-    pubk->arena = arena;
-    PORT_Memset(&spki,0,sizeof(spki));
-
-    /* copy the DER into the arena, since Quick DER returns data that points
-       into the DER input, which may get freed by the caller */
-    rv = SECITEM_CopyItem(arena, &newDerSubjKeyInfo, &cert->derSubjKeyInfo);
-    if ( rv != SECSuccess ) {
-        PORT_FreeArena (arena, PR_FALSE);
-        return NULL;
-    }
-
-    /* we haven't bothered decoding the spki struct yet, do it now */
-    rv = SEC_QuickDERDecodeItem(arena, &spki, 
-		nsslowcert_SubjectPublicKeyInfoTemplate, &newDerSubjKeyInfo);
-    if (rv != SECSuccess) {
- 	PORT_FreeArena (arena, PR_FALSE);
- 	return NULL;
-    }
-
-    /* Convert bit string length from bits to bytes */
-    os = spki.subjectPublicKey;
-    DER_ConvertBitString (&os);
-
-    tag = SECOID_GetAlgorithmTag(&spki.algorithm);
-    switch ( tag ) {
-      case SEC_OID_X500_RSA_ENCRYPTION:
-      case SEC_OID_PKCS1_RSA_ENCRYPTION:
-        pubk->keyType = NSSLOWKEYRSAKey;
-        prepare_low_rsa_pub_key_for_asn1(pubk);
-        rv = SEC_QuickDERDecodeItem(arena, pubk, 
-				nsslowcert_RSAPublicKeyTemplate, &os);
-        if (rv == SECSuccess)
-            return pubk;
-        break;
-      case SEC_OID_ANSIX9_DSA_SIGNATURE:
-        pubk->keyType = NSSLOWKEYDSAKey;
-        prepare_low_dsa_pub_key_for_asn1(pubk);
-        rv = SEC_QuickDERDecodeItem(arena, pubk,
-				 nsslowcert_DSAPublicKeyTemplate, &os);
-        if (rv == SECSuccess) return pubk;
-        break;
-      case SEC_OID_X942_DIFFIE_HELMAN_KEY:
-        pubk->keyType = NSSLOWKEYDHKey;
-        prepare_low_dh_pub_key_for_asn1(pubk);
-        rv = SEC_QuickDERDecodeItem(arena, pubk,
-				 nsslowcert_DHPublicKeyTemplate, &os);
-        if (rv == SECSuccess) return pubk;
-        break;
-#ifdef NSS_ENABLE_ECC
-      case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
-        pubk->keyType = NSSLOWKEYECKey;
-	/* Since PKCS#11 directly takes the DER encoding of EC params
-	 * and public value, we don't need any decoding here.
-	 */
-        rv = SECITEM_CopyItem(arena, &pubk->u.ec.ecParams.DEREncoding, 
-	    &spki.algorithm.parameters);
-        if ( rv != SECSuccess )
-            break;	
-
-	/* Fill out the rest of the ecParams structure 
-	 * based on the encoded params
-	 */
-	if (EC_FillParams(arena, &pubk->u.ec.ecParams.DEREncoding,
-	    &pubk->u.ec.ecParams) != SECSuccess) 
-	    break;
-
-        rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os);
-	if (rv == SECSuccess) return pubk;
-        break;
-#endif /* NSS_ENABLE_ECC */
-      default:
-        rv = SECFailure;
-        break;
-    }
-
-    nsslowkey_DestroyPublicKey (pubk);
-    return NULL;
-}
-
--- a/mozilla/security/nss/lib/softoken/lowkey.c
+++ b/mozilla/security/nss/lib/softoken/lowkey.c
@@ -1,492 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "lowkeyi.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secder.h"
-#include "base64.h"
-#include "secasn1.h"
-#include "pcert.h"
-#include "secerr.h"
-
-#ifdef NSS_ENABLE_ECC
-extern SECStatus EC_CopyParams(PRArenaPool *arena, 
-			       ECParams *dstParams,
-			       const ECParams *srcParams);
-#endif
-
-const SEC_ASN1Template nsslowkey_PQGParamsTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
-    { 0, }
-};
-
-const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.version) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.modulus) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.publicExponent) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.privateExponent) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime1) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime2) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent1) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent2) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.coefficient) },
-    { 0 }                                                                     
-};                                                                            
-
-
-const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.publicValue) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.privateValue) },
-    { 0, }
-};
-
-const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.privateValue) },
-};
-
-const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.publicValue) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.privateValue) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.base) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.prime) },
-    { 0, }
-};
-
-#ifdef NSS_ENABLE_ECC
-
-/* XXX This is just a placeholder for later when we support
- * generic curves and need full-blown support for parsing EC
- * parameters. For now, we only support named curves in which
- * EC params are simply encoded as an object ID and we don't
- * use nsslowkey_ECParamsTemplate.
- */
-const SEC_ASN1Template nsslowkey_ECParamsTemplate[] = {
-    { SEC_ASN1_CHOICE, offsetof(ECParams,type), NULL, sizeof(ECParams) },
-    { SEC_ASN1_OBJECT_ID, offsetof(ECParams,curveOID), NULL, ec_params_named },
-    { 0, }
-};
-
-
-/* NOTE: The SECG specification allows the private key structure
- * to contain curve parameters but recommends that they be stored
- * in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
- * instead.
- */
-const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.ec.version) },
-    { SEC_ASN1_OCTET_STRING, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.privateValue) },
-    /* XXX The following template works for now since we only
-     * support named curves for which the parameters are
-     * encoded as an object ID. When we support generic curves,
-     * we'll need to define nsslowkey_ECParamsTemplate
-     */
-#if 1
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 0, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.ecParams.curveOID), 
-      SEC_ObjectIDTemplate }, 
-#else
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 0, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.ecParams), 
-      nsslowkey_ECParamsTemplate }, 
-#endif
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 1, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.publicValue),
-      SEC_BitStringTemplate }, 
-    { 0, }
-};
-#endif /* NSS_ENABLE_ECC */
-/*
- * See bugzilla bug 125359
- * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
- * all of the templates above that en/decode into integers must be converted
- * from ASN.1's signed integer type.  This is done by marking either the
- * source or destination (encoding or decoding, respectively) type as
- * siUnsignedInteger.
- */
-
-void
-prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.rsa.modulus.type = siUnsignedInteger;
-    key->u.rsa.publicExponent.type = siUnsignedInteger;
-    key->u.rsa.privateExponent.type = siUnsignedInteger;
-    key->u.rsa.prime1.type = siUnsignedInteger;
-    key->u.rsa.prime2.type = siUnsignedInteger;
-    key->u.rsa.exponent1.type = siUnsignedInteger;
-    key->u.rsa.exponent2.type = siUnsignedInteger;
-    key->u.rsa.coefficient.type = siUnsignedInteger;
-}
-
-void
-prepare_low_pqg_params_for_asn1(PQGParams *params)
-{
-    params->prime.type = siUnsignedInteger;
-    params->subPrime.type = siUnsignedInteger;
-    params->base.type = siUnsignedInteger;
-}
-
-void
-prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.dsa.publicValue.type = siUnsignedInteger;
-    key->u.dsa.privateValue.type = siUnsignedInteger;
-    key->u.dsa.params.prime.type = siUnsignedInteger;
-    key->u.dsa.params.subPrime.type = siUnsignedInteger;
-    key->u.dsa.params.base.type = siUnsignedInteger;
-}
-
-void
-prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.dsa.privateValue.type = siUnsignedInteger;
-}
-
-void
-prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.dh.prime.type = siUnsignedInteger;
-    key->u.dh.base.type = siUnsignedInteger;
-    key->u.dh.publicValue.type = siUnsignedInteger;
-    key->u.dh.privateValue.type = siUnsignedInteger;
-}
-
-#ifdef NSS_ENABLE_ECC
-void
-prepare_low_ecparams_for_asn1(ECParams *params)
-{
-    params->DEREncoding.type = siUnsignedInteger;
-    params->curveOID.type = siUnsignedInteger;
-}
-
-void
-prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.ec.version.type = siUnsignedInteger;
-    key->u.ec.ecParams.DEREncoding.type = siUnsignedInteger;
-    key->u.ec.ecParams.curveOID.type = siUnsignedInteger;
-    key->u.ec.privateValue.type = siUnsignedInteger;
-    key->u.ec.publicValue.type = siUnsignedInteger;
-}
-#endif /* NSS_ENABLE_ECC */
-
-void
-nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
-{
-    if (privk && privk->arena) {
-	PORT_FreeArena(privk->arena, PR_TRUE);
-    }
-}
-
-void
-nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *pubk)
-{
-    if (pubk && pubk->arena) {
-	PORT_FreeArena(pubk->arena, PR_FALSE);
-    }
-}
-unsigned
-nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubk)
-{
-    unsigned char b0;
-
-    /* interpret modulus length as key strength... in
-     * fortezza that's the public key length */
-
-    switch (pubk->keyType) {
-    case NSSLOWKEYRSAKey:
-    	b0 = pubk->u.rsa.modulus.data[0];
-    	return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
-    default:
-	break;
-    }
-    return 0;
-}
-
-unsigned
-nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privk)
-{
-
-    unsigned char b0;
-
-    switch (privk->keyType) {
-    case NSSLOWKEYRSAKey:
-	b0 = privk->u.rsa.modulus.data[0];
-	return b0 ? privk->u.rsa.modulus.len : privk->u.rsa.modulus.len - 1;
-    default:
-	break;
-    }
-    return 0;
-}
-
-NSSLOWKEYPublicKey *
-nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
-{
-    NSSLOWKEYPublicKey *pubk;
-    PLArenaPool *arena;
-
-
-    arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) {
-        PORT_SetError (SEC_ERROR_NO_MEMORY);
-        return NULL;
-    }
-
-    switch(privk->keyType) {
-      case NSSLOWKEYRSAKey:
-      case NSSLOWKEYNullKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						sizeof (NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    if (privk->keyType == NSSLOWKEYNullKey) return pubk;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.rsa.modulus,
-				  &privk->u.rsa.modulus);
-	    if (rv == SECSuccess) {
-		rv = SECITEM_CopyItem (arena, &pubk->u.rsa.publicExponent,
-				       &privk->u.rsa.publicExponent);
-		if (rv == SECSuccess)
-		    return pubk;
-	    }
-	    nsslowkey_DestroyPublicKey (pubk);
-	} else {
-	    PORT_SetError (SEC_ERROR_NO_MEMORY);
-	}
-	break;
-      case NSSLOWKEYDSAKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						    sizeof(NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
-				  &privk->u.dsa.publicValue);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
-				  &privk->u.dsa.params.prime);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
-				  &privk->u.dsa.params.subPrime);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
-				  &privk->u.dsa.params.base);
-	    if (rv == SECSuccess) return pubk;
-	}
-	break;
-      case NSSLOWKEYDHKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						    sizeof(NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
-				  &privk->u.dh.publicValue);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dh.prime,
-				  &privk->u.dh.prime);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dh.base,
-				  &privk->u.dh.base);
-	    if (rv == SECSuccess) return pubk;
-	}
-	break;
-#ifdef NSS_ENABLE_ECC
-      case NSSLOWKEYECKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						    sizeof(NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue,
-				  &privk->u.ec.publicValue);
-	    if (rv != SECSuccess) break;
-	    pubk->u.ec.ecParams.arena = arena;
-	    /* Copy the rest of the params */
-	    rv = EC_CopyParams(arena, &(pubk->u.ec.ecParams),
-			       &(privk->u.ec.ecParams));
-	    if (rv == SECSuccess) return pubk;
-	}
-	break;
-#endif /* NSS_ENABLE_ECC */
-	/* No Fortezza in Low Key implementations (Fortezza keys aren't
-	 * stored in our data base */
-    default:
-	break;
-    }
-
-    PORT_FreeArena (arena, PR_FALSE);
-    return NULL;
-}
-
-NSSLOWKEYPrivateKey *
-nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
-{
-    NSSLOWKEYPrivateKey *returnKey = NULL;
-    SECStatus rv = SECFailure;
-    PLArenaPool *poolp;
-
-    if(!privKey) {
-	return NULL;
-    }
-
-    poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if(!poolp) {
-	return NULL;
-    }
-
-    returnKey = (NSSLOWKEYPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(NSSLOWKEYPrivateKey));
-    if(!returnKey) {
-	rv = SECFailure;
-	goto loser;
-    }
-
-    returnKey->keyType = privKey->keyType;
-    returnKey->arena = poolp;
-
-    switch(privKey->keyType) {
-	case NSSLOWKEYRSAKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.modulus), 
-	    				&(privKey->u.rsa.modulus));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.version), 
-	    				&(privKey->u.rsa.version));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.publicExponent), 
-	    				&(privKey->u.rsa.publicExponent));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.privateExponent), 
-	    				&(privKey->u.rsa.privateExponent));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime1), 
-	    				&(privKey->u.rsa.prime1));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime2), 
-	    				&(privKey->u.rsa.prime2));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent1), 
-	    				&(privKey->u.rsa.exponent1));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent2), 
-	    				&(privKey->u.rsa.exponent2));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.coefficient), 
-	    				&(privKey->u.rsa.coefficient));
-	    if(rv != SECSuccess) break;
-	    break;
-	case NSSLOWKEYDSAKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.publicValue),
-	    				&(privKey->u.dsa.publicValue));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.privateValue),
-	    				&(privKey->u.dsa.privateValue));
-	    if(rv != SECSuccess) break;
-	    returnKey->u.dsa.params.arena = poolp;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.prime),
-					&(privKey->u.dsa.params.prime));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.subPrime),
-					&(privKey->u.dsa.params.subPrime));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.base),
-					&(privKey->u.dsa.params.base));
-	    if(rv != SECSuccess) break;
-	    break;
-	case NSSLOWKEYDHKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.publicValue),
-	    				&(privKey->u.dh.publicValue));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.privateValue),
-	    				&(privKey->u.dh.privateValue));
-	    if(rv != SECSuccess) break;
-	    returnKey->u.dsa.params.arena = poolp;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.prime),
-					&(privKey->u.dh.prime));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.base),
-					&(privKey->u.dh.base));
-	    if(rv != SECSuccess) break;
-	    break;
-#ifdef NSS_ENABLE_ECC
-	case NSSLOWKEYECKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
-	    				&(privKey->u.ec.version));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.publicValue),
-	    				&(privKey->u.ec.publicValue));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.privateValue),
-	    				&(privKey->u.ec.privateValue));
-	    if(rv != SECSuccess) break;
-	    returnKey->u.ec.ecParams.arena = poolp;
-	    /* Copy the rest of the params */
-	    rv = EC_CopyParams(poolp, &(returnKey->u.ec.ecParams),
-			       &(privKey->u.ec.ecParams));
-	    if (rv != SECSuccess) break;
-	    break;
-#endif /* NSS_ENABLE_ECC */
-	default:
-	    rv = SECFailure;
-    }
-
-loser:
-
-    if(rv != SECSuccess) {
-	PORT_FreeArena(poolp, PR_TRUE);
-	returnKey = NULL;
-    }
-
-    return returnKey;
-}
--- a/mozilla/security/nss/lib/softoken/lowkeyi.h
+++ b/mozilla/security/nss/lib/softoken/lowkeyi.h
@@ -1,274 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: lowkeyi.h,v 1.10 2004-04-27 23:04:38 gerv%gerv.net Exp $ */
-
-#ifndef _LOWKEYI_H_
-#define _LOWKEYI_H_
-
-#include "prtypes.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "pcertt.h"
-#include "lowkeyti.h"
-
-SEC_BEGIN_PROTOS
-
-/*
- * See bugzilla bug 125359
- * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
- * all of the templates above that en/decode into integers must be converted
- * from ASN.1's signed integer type.  This is done by marking either the
- * source or destination (encoding or decoding, respectively) type as
- * siUnsignedInteger.
- */
-extern void prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
-extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-#ifdef NSS_ENABLE_ECC
-extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_ecparams_for_asn1(ECParams *params);
-#endif /* NSS_ENABLE_ECC */
-
-typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
-    
-/*
-** Open a key database.
-*/
-extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly,
-					   const char *domain,
-					   const char *prefix,
-					   NSSLOWKEYDBNameFunc namecb,
-					   void *cbarg);
-
-
-/*
- * Clear out all the keys in the existing database
- */
-extern SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle);
-
-/*
-** Close the specified key database.
-*/
-extern void nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle);
-
-/*
- * Get the version number of the database
- */
-extern int nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle);
-
-/*
-** Support a default key database.
-*/
-extern void nsslowkey_SetDefaultKeyDB(NSSLOWKEYDBHandle *handle);
-extern NSSLOWKEYDBHandle *nsslowkey_GetDefaultKeyDB(void);
-
-/* set the alg id of the key encryption algorithm */
-extern void nsslowkey_SetDefaultKeyDBAlg(SECOidTag alg);
-
-/*
- * given a password and salt, produce a hash of the password
- */
-extern SECItem *nsslowkey_HashPassword(char *pw, SECItem *salt);
-
-/*
- * Derive the actual password value for a key database from the
- * password string value.  The derivation uses global salt value
- * stored in the key database.
- */
-extern SECItem *
-nsslowkey_DeriveKeyDBPassword(NSSLOWKEYDBHandle *handle, char *pw);
-
-/*
-** Delete a key from the database
-*/
-extern SECStatus nsslowkey_DeleteKey(NSSLOWKEYDBHandle *handle, 
-				  SECItem *pubkey);
-
-/*
-** Store a key in the database, indexed by its public key modulus.
-**	"pk" is the private key to store
-**	"f" is a the callback function for getting the password
-**	"arg" is the argument for the callback
-*/
-extern SECStatus nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle, 
-					    NSSLOWKEYPrivateKey *pk,
-					    SECItem *pubKeyData,
-					    char *nickname,
-					    SECItem *arg);
-
-/* does the key for this cert exist in the database filed by modulus */
-extern PRBool nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle,
-					 NSSLOWCERTCertificate *cert);
-/* does a key with this ID already exist? */
-extern PRBool nsslowkey_KeyForIDExists(NSSLOWKEYDBHandle *handle, SECItem *id);
-
-
-extern SECStatus nsslowkey_HasKeyDBPassword(NSSLOWKEYDBHandle *handle);
-extern SECStatus nsslowkey_SetKeyDBPassword(NSSLOWKEYDBHandle *handle,
-				     SECItem *pwitem);
-extern SECStatus nsslowkey_CheckKeyDBPassword(NSSLOWKEYDBHandle *handle,
-					   SECItem *pwitem);
-extern SECStatus nsslowkey_ChangeKeyDBPassword(NSSLOWKEYDBHandle *handle,
-					    SECItem *oldpwitem,
-					    SECItem *newpwitem);
-
-/*
-** Destroy a private key object.
-**	"key" the object
-**	"freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *key);
-
-/*
-** Destroy a public key object.
-**	"key" the object
-**	"freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *key);
-
-/*
-** Return the modulus length of "pubKey".
-*/
-extern unsigned int nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubKey);
-
-
-/*
-** Return the modulus length of "privKey".
-*/
-extern unsigned int nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privKey);
-
-
-/*
-** Convert a low private key "privateKey" into a public low key
-*/
-extern NSSLOWKEYPublicKey 
-		*nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privateKey);
-
-/*
- * Set the Key Database password.
- *   handle is a handle to the key database
- *   pwitem is the new password
- *   algorithm is the algorithm by which the key database 
- *   	password is to be encrypted.
- * On failure, SECFailure is returned, otherwise SECSuccess is 
- * returned.
- */
-extern SECStatus 
-nsslowkey_SetKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
-			SECItem *pwitem, 
-			SECOidTag algorithm);
-
-/* Check the key database password.
- *   handle is a handle to the key database
- *   pwitem is the suspect password
- *   algorithm is the algorithm by which the key database 
- *   	password is to be encrypted.
- * The password is checked against plaintext to see if it is the
- * actual password.  If it is not, SECFailure is returned.
- */
-extern SECStatus 
-nsslowkey_CheckKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
-				SECItem *pwitem, 
-				SECOidTag algorithm);
-
-/* Change the key database password and/or algorithm by which
- * the password is stored with.  
- *   handle is a handle to the key database
- *   old_pwitem is the current password
- *   new_pwitem is the new password
- *   old_algorithm is the algorithm by which the key database 
- *   	password is currently encrypted.
- *   new_algorithm is the algorithm with which the new password
- *      is to be encrypted.
- * A return of anything but SECSuccess indicates failure.
- */
-extern SECStatus 
-nsslowkey_ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
-			      SECItem *oldpwitem, SECItem *newpwitem,
-			      SECOidTag old_algorithm);
-
-SECStatus
-nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle,
-                           NSSLOWKEYPrivateKey *privkey,
-                           SECItem *pubKeyData,
-                           char *nickname,
-                           SECItem *arg);
-
-/* Store key by modulus and specify an encryption algorithm to use.
- *   handle is the pointer to the key database,
- *   privkey is the private key to be stored,
- *   f and arg are the function and arguments to the callback
- *       to get a password,
- *   algorithm is the algorithm which the privKey is to be stored.
- * A return of anything but SECSuccess indicates failure.
- */
-extern SECStatus 
-nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle, 
-			      NSSLOWKEYPrivateKey *privkey, 
-			      SECItem *pubKeyData,
-			      char *nickname,
-			      SECItem *arg,
-			      SECOidTag algorithm,
-                              PRBool update); 
-
-/* Find key by modulus.  This function is the inverse of store key
- * by modulus.  An attempt to locate the key with "modulus" is 
- * performed.  If the key is found, the private key is returned,
- * else NULL is returned.
- *   modulus is the modulus to locate
- */
-extern NSSLOWKEYPrivateKey *
-nsslowkey_FindKeyByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus, 
-			  SECItem *arg);
-
-extern char *
-nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
-                                        SECItem *modulus, SECItem *pwitem);
-
-
-/* Make a copy of a low private key in it's own arena.
- * a return of NULL indicates an error.
- */
-extern NSSLOWKEYPrivateKey *
-nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey);
-
-
-SEC_END_PROTOS
-
-#endif /* _LOWKEYI_H_ */
--- a/mozilla/security/nss/lib/softoken/lowkeyti.h
+++ b/mozilla/security/nss/lib/softoken/lowkeyti.h
@@ -1,163 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#ifndef _LOWKEYTI_H_
-#define _LOWKEYTI_H_ 1
-
-#include "blapit.h"
-#include "prtypes.h"
-#include "plarena.h"
-#include "secitem.h"
-#include "secasn1t.h"
-#include "secoidt.h"
-/*#include "secmodt.h"
-#include "pkcs11t.h" */
-
-
-/*
- * a key in/for the data base
- */
-struct NSSLOWKEYDBKeyStr {
-    PLArenaPool *arena;
-    int version;
-    char *nickname;
-    SECItem salt;
-    SECItem derPK;
-};
-typedef struct NSSLOWKEYDBKeyStr NSSLOWKEYDBKey;
-
-typedef struct NSSLOWKEYDBHandleStr NSSLOWKEYDBHandle;
-
-#ifdef NSS_USE_KEY4_DB
-#define NSSLOWKEY_DB_FILE_VERSION 4
-#else
-#define NSSLOWKEY_DB_FILE_VERSION 3
-#endif
-
-#define NSSLOWKEY_VERSION	    0	/* what we *create* */
-
-/*
-** Typedef for callback to get a password "key".
-*/
-extern const SEC_ASN1Template nsslowkey_PQGParamsTemplate[];
-extern const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[];
-extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
-extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
-extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
-extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[];
-#ifdef NSS_ENABLE_ECC
-#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION   1  /* as per SECG 1 C.4 */
-extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[];
-extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[];
-#endif /* NSS_ENABLE_ECC */
-
-extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[];
-extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
-
-/*
- * PKCS #8 attributes
- */
-struct NSSLOWKEYAttributeStr {
-    SECItem attrType;
-    SECItem *attrValue;
-};
-typedef struct NSSLOWKEYAttributeStr NSSLOWKEYAttribute;
-
-/*
-** A PKCS#8 private key info object
-*/
-struct NSSLOWKEYPrivateKeyInfoStr {
-    PLArenaPool *arena;
-    SECItem version;
-    SECAlgorithmID algorithm;
-    SECItem privateKey;
-    NSSLOWKEYAttribute **attributes;
-};
-typedef struct NSSLOWKEYPrivateKeyInfoStr NSSLOWKEYPrivateKeyInfo;
-#define NSSLOWKEY_PRIVATE_KEY_INFO_VERSION	0	/* what we *create* */
-
-/*
-** A PKCS#8 private key info object
-*/
-struct NSSLOWKEYEncryptedPrivateKeyInfoStr {
-    PLArenaPool *arena;
-    SECAlgorithmID algorithm;
-    SECItem encryptedData;
-};
-typedef struct NSSLOWKEYEncryptedPrivateKeyInfoStr NSSLOWKEYEncryptedPrivateKeyInfo;
-
-
-typedef enum { 
-    NSSLOWKEYNullKey = 0, 
-    NSSLOWKEYRSAKey = 1, 
-    NSSLOWKEYDSAKey = 2, 
-    NSSLOWKEYDHKey = 4,
-    NSSLOWKEYECKey = 5
-} NSSLOWKEYType;
-
-/*
-** An RSA public key object.
-*/
-struct NSSLOWKEYPublicKeyStr {
-    PLArenaPool *arena;
-    NSSLOWKEYType keyType ;
-    union {
-        RSAPublicKey rsa;
-	DSAPublicKey dsa;
-	DHPublicKey  dh;
-	ECPublicKey  ec;
-    } u;
-};
-typedef struct NSSLOWKEYPublicKeyStr NSSLOWKEYPublicKey;
-
-/*
-** Low Level private key object
-** This is only used by the raw Crypto engines (crypto), keydb (keydb),
-** and PKCS #11. Everyone else uses the high level key structure.
-*/
-struct NSSLOWKEYPrivateKeyStr {
-    PLArenaPool *arena;
-    NSSLOWKEYType keyType;
-    union {
-        RSAPrivateKey rsa;
-	DSAPrivateKey dsa;
-	DHPrivateKey  dh;
-	ECPrivateKey  ec;
-    } u;
-};
-typedef struct NSSLOWKEYPrivateKeyStr NSSLOWKEYPrivateKey;
-
-#endif	/* _LOWKEYTI_H_ */
--- a/mozilla/security/nss/lib/softoken/lowpbe.c
+++ b/mozilla/security/nss/lib/softoken/lowpbe.c
--- a/mozilla/security/nss/lib/softoken/lowpbe.h
+++ b/mozilla/security/nss/lib/softoken/lowpbe.h
@@ -1,135 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _SECPKCS5_H_
-#define _SECPKCS5_H_
-
-#include "plarena.h"
-#include "secitem.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "hasht.h"
-
-typedef SECItem * (* SEC_PKCS5GetPBEPassword)(void *arg);
-
-/* used for V2 PKCS 12 Draft Spec */ 
-typedef enum {
-    pbeBitGenIDNull = 0,
-    pbeBitGenCipherKey = 0x01,
-    pbeBitGenCipherIV = 0x02,
-    pbeBitGenIntegrityKey = 0x03
-} PBEBitGenID;
-
-typedef enum {
-    NSSPKCS5_PBKDF1 = 0,
-    NSSPKCS5_PBKDF2 = 1,
-    NSSPKCS5_PKCS12_V2 = 2
-} NSSPKCS5PBEType;
-
-typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter;
-
-struct NSSPKCS5PBEParameterStr {
-    PRArenaPool *poolp;
-    SECItem	salt;		/* octet string */
-    SECItem	iteration;	/* integer */
-
-    /* used locally */
-    int		iter;
-    int 	keyLen;
-    int		ivLen;
-    HASH_HashType hashType;
-    NSSPKCS5PBEType pbeType;
-    PBEBitGenID	keyID;
-    SECOidTag	encAlg;
-    PRBool	is2KeyDES;
-};
-
-
-SEC_BEGIN_PROTOS
-/* Create a PKCS5 Algorithm ID
- * The algorithm ID is set up using the PKCS #5 parameter structure
- *  algorithm is the PBE algorithm ID for the desired algorithm
- *  pbe is a pbe param block with all the info needed to create the 
- *   algorithm id.
- * If an error occurs or the algorithm specified is not supported 
- * or is not a password based encryption algorithm, NULL is returned.
- * Otherwise, a pointer to the algorithm id is returned.
- */
-extern SECAlgorithmID *
-nsspkcs5_CreateAlgorithmID(PRArenaPool *arena, SECOidTag algorithm, 
-						NSSPKCS5PBEParameter *pbe);
-
-/*
- * Convert an Algorithm ID to a PBE Param.
- * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
- * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
- */
-NSSPKCS5PBEParameter *
-nsspkcs5_AlgidToParam(SECAlgorithmID *algid);
-
-/*
- * Convert an Algorithm ID to a PBE Param.
- * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
- * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
- */
-NSSPKCS5PBEParameter *
-nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator);
-
-
-/* Encrypt/Decrypt data using password based encryption.  
- *  algid is the PBE algorithm identifier,
- *  pwitem is the password,
- *  src is the source for encryption/decryption,
- *  encrypt is PR_TRUE for encryption, PR_FALSE for decryption.
- * The key and iv are generated based upon PKCS #5 then the src
- * is either encrypted or decrypted.  If an error occurs, NULL
- * is returned, otherwise the ciphered contents is returned.
- */
-extern SECItem *
-nsspkcs5_CipherData(NSSPKCS5PBEParameter *, SECItem *pwitem,
-		    SECItem *src, PRBool encrypt, PRBool *update);
-
-extern SECItem *
-nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *, SECItem *pwitem,
-		    			SECItem *iv, PRBool faulty3DES);
-
-/* Destroys PBE parameter */
-extern void
-nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *param);
-
-SEC_END_PROTOS
-
-#endif
--- a/mozilla/security/nss/lib/softoken/manifest.mn
+++ b/mozilla/security/nss/lib/softoken/manifest.mn
@@ -1,89 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-
-MODULE = nss
-
-REQUIRES = dbm
-
-LIBRARY_NAME = softokn
-LIBRARY_VERSION = 3
-MAPFILE = $(OBJDIR)/softokn.def
-
-DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
-
-
-EXPORTS = \
-	pkcs11.h \
-	pkcs11f.h \
-	pkcs11p.h \
-	pkcs11t.h \
-	pkcs11n.h \
-	pkcs11u.h \
-	$(NULL)
-
-PRIVATE_EXPORTS = \
-	pk11pars.h \
-	$(NULL)
-
-CSRCS = \
-	alghmac.c \
-	dbinit.c \
-	dbmshim.c \
-	ecdecode.c \
-	fipstest.c \
-	fipstokn.c \
-	keydb.c    \
-	lowcert.c  \
-	lowkey.c   \
-	lowpbe.c   \
-	padbuf.c   \
-	pcertdb.c \
-	pk11db.c \
-	pkcs11.c   \
-	pkcs11c.c  \
-	pkcs11u.c  \
-	rawhash.c \
-	rsawrapr.c  \
-	softkver.c  \
-	tlsprf.c   \
-	$(NULL)
-
-ifdef NSS_ENABLE_ECC
-DEFINES += -DNSS_ENABLE_ECC
-endif
-
--- a/mozilla/security/nss/lib/softoken/padbuf.c
+++ b/mozilla/security/nss/lib/softoken/padbuf.c
@@ -1,80 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "blapit.h"
-#include "secport.h"
-#include "secerr.h"
-
-/*
- * Prepare a buffer for DES encryption, growing to the appropriate boundary,
- * filling with the appropriate padding.
- *
- * NOTE: If arena is non-NULL, we re-allocate from there, otherwise
- * we assume (and use) XP memory (re)allocation.
- */
-unsigned char *
-DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf, unsigned int inlen,
-	      unsigned int *outlen)
-{
-    unsigned char *outbuf;
-    unsigned int   des_len;
-    unsigned int   i;
-    unsigned char  des_pad_len;
-
-    /*
-     * We need from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
-     * The extra bytes contain the value of the length of the padding:
-     * if we have 2 bytes of padding, then the padding is "0x02, 0x02".
-     */
-    des_len = (inlen + DES_KEY_LENGTH) & ~(DES_KEY_LENGTH - 1);
-
-    if (arena != NULL) {
-	outbuf = (unsigned char*)PORT_ArenaGrow (arena, inbuf, inlen, des_len);
-    } else {
-	outbuf = (unsigned char*)PORT_Realloc (inbuf, des_len);
-    }
-
-    if (outbuf == NULL) {
-	PORT_SetError (SEC_ERROR_NO_MEMORY);
-	return NULL;
-    }
-
-    des_pad_len = des_len - inlen;
-    for (i = inlen; i < des_len; i++)
-	outbuf[i] = des_pad_len;
-
-    *outlen = des_len;
-    return outbuf;
-}
--- a/mozilla/security/nss/lib/softoken/pcert.h
+++ b/mozilla/security/nss/lib/softoken/pcert.h
@@ -1,246 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _PCERTDB_H_
-#define _PCERTDB_H_
-
-#include "plarena.h"
-#include "prlong.h"
-#include "pcertt.h"
-
-SEC_BEGIN_PROTOS
-
-/*
-** Add a DER encoded certificate to the permanent database.
-**	"derCert" is the DER encoded certificate.
-**	"nickname" is the nickname to use for the cert
-**	"trust" is the trust parameters for the cert
-*/
-SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, 
-			NSSLOWCERTCertificate *cert,
-				char *nickname, NSSLOWCERTCertTrust *trust);
-SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
-				NSSLOWCERTCertificate *cert, char *nickname);
-
-SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
-
-typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert,
-                                                   SECItem *k, void *pdata);
-/*
-** Traverse the entire permanent database, and pass the certs off to a
-** user supplied function.
-**	"certfunc" is the user function to call for each certificate
-**	"udata" is the user's data, which is passed through to "certfunc"
-*/
-SECStatus
-nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
-		      PermCertCallback certfunc,
-		      void *udata );
-
-PRBool
-nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
-
-certDBEntryRevocation *
-nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
-					 SECItem *crlKey, PRBool isKRL);
-
-SECStatus
-nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,SECItem *derName,
-								PRBool isKRL);
-SECStatus
-nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl ,
-				SECItem *derKey, char *url, PRBool isKRL);
-
-NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
-NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
-
-NSSLOWCERTCertificate *
-nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
-                        char *nickname, PRBool isperm, PRBool copyDER);
-NSSLOWCERTCertificate *
-nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
-void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
-void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
-
-/*
- * Lookup a certificate in the databases without locking
- *	"certKey" is the database key to look for
- *
- * XXX - this should be internal, but pkcs 11 needs to call it during a
- * traversal.
- */
-NSSLOWCERTCertificate *
-nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
-
-/*
- * Lookup trust for a certificate in the databases without locking
- *	"certKey" is the database key to look for
- *
- * XXX - this should be internal, but pkcs 11 needs to call it during a
- * traversal.
- */
-NSSLOWCERTTrust *
-nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
-
-/*
-** Generate a certificate key from the issuer and serialnumber, then look it
-** up in the database.  Return the cert if found.
-**	"issuerAndSN" is the issuer and serial number to look for
-*/
-extern NSSLOWCERTCertificate *
-nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
-
-/*
-** Generate a certificate key from the issuer and serialnumber, then look it
-** up in the database.  Return the cert if found.
-**	"issuerAndSN" is the issuer and serial number to look for
-*/
-extern NSSLOWCERTTrust *
-nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
-
-/*
-** Find a certificate in the database by a DER encoded certificate
-**	"derCert" is the DER encoded certificate
-*/
-extern NSSLOWCERTCertificate *
-nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
-
-/* convert an email address to lower case */
-char *nsslowcert_FixupEmailAddr(char *emailAddr);
-
-/*
-** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
-**      "derSignedCert" is the DER encoded signed certificate
-**      "copyDER" is true if the DER should be copied, false if the
-**              existing copy should be referenced
-**      "nickname" is the nickname to use in the database.  If it is NULL
-**              then a temporary nickname is generated.
-*/
-extern NSSLOWCERTCertificate *
-nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname);
-
-SECStatus
-nsslowcert_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key);
-
-certDBEntrySMime *
-nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
-							 char *emailAddr);
-void
-nsslowcert_DestroyDBEntry(certDBEntry *entry);
-
-SECStatus
-nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
-		const char *domain, const char *prefix,
-                NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
-
-void
-nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
-
-/*
- * is certa newer than certb?  If one is expired, pick the other one.
- */
-PRBool
-nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
-
-
-SECStatus
-nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
-		      certDBEntryType type,
-		      SECStatus (* callback)(SECItem *data, SECItem *key,
-					    certDBEntryType type, void *pdata),
-		      void *udata );
-SECStatus
-nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
-				 SECItem *derSubject,
-				 NSSLOWCERTCertCallback cb, void *cbarg);
-int
-nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
-							 SECItem *derSubject);
-SECStatus
-nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
-	 	char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
-
-int
-nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, 
-							char *nickname);
-SECStatus
-nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
-					 NSSLOWCERTCertTrust *trust);
-
-SECStatus
-nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, 
-	SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
-
-/*
- * Change the trust attributes of a certificate and make them permanent
- * in the database.
- */
-SECStatus
-nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, 
-	  	NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
-
-PRBool
-nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
-
-void
-nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
-
-PRBool
-nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
-
-void
-nsslowcert_DestroyFreeLists(void);
-
-void
-nsslowcert_DestroyGlobalLocks(void);
-
-void
-pkcs11_freeNickname(char *nickname, char *space);
-
-char *
-pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
-
-void
-pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
-
-unsigned char *
-pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
-						int spaceLen);
-NSSLOWCERTCertificate *
-nsslowcert_CreateCert(void);
-SEC_END_PROTOS
-
- #endif /* _PCERTDB_H_ */
--- a/mozilla/security/nss/lib/softoken/pcertdb.c
+++ b/mozilla/security/nss/lib/softoken/pcertdb.c
--- a/mozilla/security/nss/lib/softoken/pcertt.h
+++ b/mozilla/security/nss/lib/softoken/pcertt.h
@@ -1,446 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * certt.h - public data structures for the certificate library
- *
- * $Id: pcertt.h,v 1.13 2004-04-25 15:03:16 gerv%gerv.net Exp $
- */
-#ifndef _PCERTT_H_
-#define _PCERTT_H_
-
-#include "prclist.h"
-#include "pkcs11t.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "plarena.h"
-#include "prcvar.h"
-#include "nssilock.h"
-#include "prio.h"
-#include "prmon.h"
-
-/* Non-opaque objects */
-typedef struct NSSLOWCERTCertDBHandleStr               NSSLOWCERTCertDBHandle;
-typedef struct NSSLOWCERTCertKeyStr                    NSSLOWCERTCertKey;
-
-typedef struct NSSLOWCERTTrustStr                      NSSLOWCERTTrust;
-typedef struct NSSLOWCERTCertTrustStr                  NSSLOWCERTCertTrust;
-typedef struct NSSLOWCERTCertificateStr                NSSLOWCERTCertificate;
-typedef struct NSSLOWCERTCertificateListStr            NSSLOWCERTCertificateList;
-typedef struct NSSLOWCERTIssuerAndSNStr                NSSLOWCERTIssuerAndSN;
-typedef struct NSSLOWCERTSignedDataStr                 NSSLOWCERTSignedData;
-typedef struct NSSLOWCERTSubjectPublicKeyInfoStr       NSSLOWCERTSubjectPublicKeyInfo;
-typedef struct NSSLOWCERTValidityStr                   NSSLOWCERTValidity;
-
-/*
-** An X.509 validity object
-*/
-struct NSSLOWCERTValidityStr {
-    PRArenaPool *arena;
-    SECItem notBefore;
-    SECItem notAfter;
-};
-
-/*
- * A serial number and issuer name, which is used as a database key
- */
-struct NSSLOWCERTCertKeyStr {
-    SECItem serialNumber;
-    SECItem derIssuer;
-};
-
-/*
-** A signed data object. Used to implement the "signed" macro used
-** in the X.500 specs.
-*/
-struct NSSLOWCERTSignedDataStr {
-    SECItem data;
-    SECAlgorithmID signatureAlgorithm;
-    SECItem signature;
-};
-
-/*
-** An X.509 subject-public-key-info object
-*/
-struct NSSLOWCERTSubjectPublicKeyInfoStr {
-    PRArenaPool *arena;
-    SECAlgorithmID algorithm;
-    SECItem subjectPublicKey;
-};
-
-typedef struct _certDBEntryCert certDBEntryCert;
-typedef struct _certDBEntryRevocation certDBEntryRevocation;
-
-struct NSSLOWCERTCertTrustStr {
-    unsigned int sslFlags;
-    unsigned int emailFlags;
-    unsigned int objectSigningFlags;
-};
-
-/*
-** PKCS11 Trust representation
-*/
-struct NSSLOWCERTTrustStr {
-    NSSLOWCERTTrust *next;
-    NSSLOWCERTCertDBHandle *dbhandle;
-    SECItem dbKey;			/* database key for this cert */
-    certDBEntryCert *dbEntry;		/* database entry struct */
-    NSSLOWCERTCertTrust *trust;
-    SECItem *derCert;			/* original DER for the cert */
-    unsigned char dbKeySpace[512];
-};
-
-/*
-** An X.509 certificate object (the unsigned form)
-*/
-struct NSSLOWCERTCertificateStr {
-    /* the arena is used to allocate any data structures that have the same
-     * lifetime as the cert.  This is all stuff that hangs off of the cert
-     * structure, and is all freed at the same time.  I is used when the
-     * cert is decoded, destroyed, and at some times when it changes
-     * state
-     */
-    NSSLOWCERTCertificate *next;
-    NSSLOWCERTCertDBHandle *dbhandle;
-
-    SECItem derCert;			/* original DER for the cert */
-    SECItem derIssuer;			/* DER for issuer name */
-    SECItem derSN;
-    SECItem serialNumber;
-    SECItem derSubject;			/* DER for subject name */
-    SECItem derSubjKeyInfo;
-    NSSLOWCERTSubjectPublicKeyInfo *subjectPublicKeyInfo;
-    SECItem certKey;			/* database key for this cert */
-    SECItem validity;
-    certDBEntryCert *dbEntry;		/* database entry struct */
-    SECItem subjectKeyID;	/* x509v3 subject key identifier */
-    char *nickname;
-    char *emailAddr;
-    NSSLOWCERTCertTrust *trust;
-
-    /* the reference count is modified whenever someone looks up, dups
-     * or destroys a certificate
-     */
-    int referenceCount;
-
-    char nicknameSpace[200];
-    unsigned char certKeySpace[512];
-};
-
-#define SEC_CERTIFICATE_VERSION_1		0	/* default created */
-#define SEC_CERTIFICATE_VERSION_2		1	/* v2 */
-#define SEC_CERTIFICATE_VERSION_3		2	/* v3 extensions */
-
-#define SEC_CRL_VERSION_1		0	/* default */
-#define SEC_CRL_VERSION_2		1	/* v2 extensions */
-
-struct NSSLOWCERTIssuerAndSNStr {
-    SECItem derIssuer;
-    SECItem serialNumber;
-};
-
-typedef SECStatus (* NSSLOWCERTCertCallback)(NSSLOWCERTCertificate *cert, void *arg);
-
-/* This is the typedef for the callback passed to nsslowcert_OpenCertDB() */
-/* callback to return database name based on version number */
-typedef char * (*NSSLOWCERTDBNameFunc)(void *arg, int dbVersion);
-
-/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
-
-#include "secasn1t.h"	/* way down here because I expect template stuff to
-			 * move out of here anyway */
-
-/*
- * Certificate Database related definitions and data structures
- */
-
-/* version number of certificate database */
-#define CERT_DB_FILE_VERSION		8
-#define CERT_DB_V7_FILE_VERSION		7
-#define CERT_DB_CONTENT_VERSION		2
-
-#define SEC_DB_ENTRY_HEADER_LEN		3
-#define SEC_DB_KEY_HEADER_LEN		1
-
-/* All database entries have this form:
- * 	
- *	byte offset	field
- *	-----------	-----
- *	0		version
- *	1		type
- *	2		flags
- */
-
-/* database entry types */
-typedef enum {
-    certDBEntryTypeVersion = 0,
-    certDBEntryTypeCert = 1,
-    certDBEntryTypeNickname = 2,
-    certDBEntryTypeSubject = 3,
-    certDBEntryTypeRevocation = 4,
-    certDBEntryTypeKeyRevocation = 5,
-    certDBEntryTypeSMimeProfile = 6,
-    certDBEntryTypeContentVersion = 7,
-    certDBEntryTypeBlob = 8
-} certDBEntryType;
-
-typedef struct {
-    certDBEntryType type;
-    unsigned int version;
-    unsigned int flags;
-    PRArenaPool *arena;
-} certDBEntryCommon;
-
-/*
- * Certificate entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		sslFlags-msb
- *	1		sslFlags-lsb
- *	2		emailFlags-msb
- *	3		emailFlags-lsb
- *	4		objectSigningFlags-msb
- *	5		objectSigningFlags-lsb
- *	6		derCert-len-msb
- *	7		derCert-len-lsb
- *	8		nickname-len-msb
- *	9		nickname-len-lsb
- *	...		derCert
- *	...		nickname
- *
- * NOTE: the nickname string as stored in the database is null terminated,
- *		in other words, the last byte of the db entry is always 0
- *		if a nickname is present.
- * NOTE: if nickname is not present, then nickname-len-msb and
- *		nickname-len-lsb will both be zero.
- */
-struct _certDBEntryCert {
-    certDBEntryCommon common;
-    certDBEntryCert *next;
-    NSSLOWCERTCertTrust trust;
-    SECItem derCert;
-    char *nickname;
-    char nicknameSpace[200];
-    unsigned char derCertSpace[2048];
-};
-
-/*
- * Certificate Nickname entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		subjectname-len-msb
- *	1	        subjectname-len-lsb
- *	2...		subjectname
- *
- * The database key for this type of entry is a nickname string
- * The "subjectname" value is the DER encoded DN of the identity
- *   that matches this nickname.
- */
-typedef struct {
-    certDBEntryCommon common;
-    char *nickname;
-    SECItem subjectName;
-} certDBEntryNickname;
-
-#define DB_NICKNAME_ENTRY_HEADER_LEN 2
-
-/*
- * Certificate Subject entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		ncerts-msb
- *	1		ncerts-lsb
- *	2		nickname-msb
- *	3		nickname-lsb
- *	4		emailAddr-msb
- *	5		emailAddr-lsb
- *	...		nickname
- *	...		emailAddr
- *	...+2*i		certkey-len-msb
- *	...+1+2*i       certkey-len-lsb
- *	...+2*ncerts+2*i keyid-len-msb
- *	...+1+2*ncerts+2*i keyid-len-lsb
- *	...		certkeys
- *	...		keyids
- *
- * The database key for this type of entry is the DER encoded subject name
- * The "certkey" value is an array of  certificate database lookup keys that
- *   points to the database entries for the certificates that matche
- *   this subject.
- *
- */
-typedef struct _certDBEntrySubject {
-    certDBEntryCommon common;
-    SECItem derSubject;
-    unsigned int ncerts;
-    char *nickname;
-    SECItem *certKeys;
-    SECItem *keyIDs;
-    char **emailAddrs;
-    unsigned int nemailAddrs;
-} certDBEntrySubject;
-
-#define DB_SUBJECT_ENTRY_HEADER_LEN 6
-
-/*
- * Certificate SMIME profile entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		subjectname-len-msb
- *	1	        subjectname-len-lsb
- *	2		smimeoptions-len-msb
- *	3		smimeoptions-len-lsb
- *	4		options-date-len-msb
- *	5		options-date-len-lsb
- *	6...		subjectname
- *	...		smimeoptions
- *	...		options-date
- *
- * The database key for this type of entry is the email address string
- * The "subjectname" value is the DER encoded DN of the identity
- *   that matches this nickname.
- * The "smimeoptions" value is a string that represents the algorithm
- *   capabilities on the remote user.
- * The "options-date" is the date that the smime options value was created.
- *   This is generally the signing time of the signed message that contained
- *   the options.  It is a UTCTime value.
- */
-typedef struct {
-    certDBEntryCommon common;
-    char *emailAddr;
-    SECItem subjectName;
-    SECItem smimeOptions;
-    SECItem optionsDate;
-} certDBEntrySMime;
-
-#define DB_SMIME_ENTRY_HEADER_LEN 6
-
-/*
- * Crl/krl entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		derCert-len-msb
- *	1		derCert-len-lsb
- *	2		url-len-msb
- *	3		url-len-lsb
- *	...		derCert
- *	...		url
- *
- * NOTE: the url string as stored in the database is null terminated,
- *		in other words, the last byte of the db entry is always 0
- *		if a nickname is present. 
- * NOTE: if url is not present, then url-len-msb and
- *		url-len-lsb will both be zero.
- */
-#define DB_CRL_ENTRY_HEADER_LEN	4
-struct _certDBEntryRevocation {
-    certDBEntryCommon common;
-    SECItem	derCrl;
-    char	*url;	/* where to load the crl from */
-};
-
-/*
- * Database Version Entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	only the low level header...
- *
- * The database key for this type of entry is the string "Version"
- */
-typedef struct {
-    certDBEntryCommon common;
-} certDBEntryVersion;
-
-#define SEC_DB_VERSION_KEY "Version"
-#define SEC_DB_VERSION_KEY_LEN sizeof(SEC_DB_VERSION_KEY)
-
-/*
- * Database Content Version Entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		contentVersion
- *
- * The database key for this type of entry is the string "ContentVersion"
- */
-typedef struct {
-    certDBEntryCommon common;
-    char contentVersion;
-} certDBEntryContentVersion;
-
-#define SEC_DB_CONTENT_VERSION_KEY "ContentVersion"
-#define SEC_DB_CONTENT_VERSION_KEY_LEN sizeof(SEC_DB_CONTENT_VERSION_KEY)
-
-typedef union {
-    certDBEntryCommon common;
-    certDBEntryVersion version;
-    certDBEntryCert cert;
-    certDBEntryNickname nickname;
-    certDBEntrySubject subject;
-    certDBEntryRevocation revocation;
-} certDBEntry;
-
-/* length of the fixed part of a database entry */
-#define DBCERT_V4_HEADER_LEN	7
-#define DB_CERT_V5_ENTRY_HEADER_LEN	7
-#define DB_CERT_V6_ENTRY_HEADER_LEN	7
-#define DB_CERT_ENTRY_HEADER_LEN	10
-
-/* common flags for all types of certificates */
-#define CERTDB_VALID_PEER	(1<<0)
-#define CERTDB_TRUSTED		(1<<1)
-#define CERTDB_SEND_WARN	(1<<2)
-#define CERTDB_VALID_CA		(1<<3)
-#define CERTDB_TRUSTED_CA	(1<<4) /* trusted for issuing server certs */
-#define CERTDB_NS_TRUSTED_CA	(1<<5)
-#define CERTDB_USER		(1<<6)
-#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */
-#define CERTDB_INVISIBLE_CA	(1<<8) /* don't show in UI */
-#define CERTDB_GOVT_APPROVED_CA	(1<<9) /* can do strong crypto in export ver */
-#define CERTDB_NOT_TRUSTED	(1<<10) /* explicitly don't trust this cert */
-#define CERTDB_TRUSTED_UNKNOWN	(1<<11) /* accept trust from another source */
-
-/* bits not affected by the CKO_NETSCAPE_TRUST object */
-#define CERTDB_PRESERVE_TRUST_BITS (CERTDB_USER | CERTDB_VALID_PEER | \
-        CERTDB_NS_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_INVISIBLE_CA | \
-                                        CERTDB_GOVT_APPROVED_CA)
-
-#endif /* _PCERTT_H_ */
--- a/mozilla/security/nss/lib/softoken/pk11db.c
+++ b/mozilla/security/nss/lib/softoken/pk11db.c
--- a/mozilla/security/nss/lib/softoken/pk11pars.h
+++ b/mozilla/security/nss/lib/softoken/pk11pars.h
@@ -1,862 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2001
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * The following handles the loading, unloading and management of
- * various PCKS #11 modules
- */
-
-
-/*
- * this header file contains routines for parsing PKCS #11 module spec
- * strings. It contains 'C' code and should only be included in one module.
- * Currently it is included in both softoken and the wrapper.
- */
-#include <ctype.h>
-#include "pkcs11.h"
-#include "seccomon.h"
-#include "prprf.h"
-#include "secmodt.h"
-#include "pk11init.h"
-
-#define SECMOD_ARG_LIBRARY_PARAMETER "library="
-#define SECMOD_ARG_NAME_PARAMETER "name="
-#define SECMOD_ARG_MODULE_PARAMETER "parameters="
-#define SECMOD_ARG_NSS_PARAMETER "NSS="
-#define SECMOD_ARG_FORTEZZA_FLAG "FORTEZZA"
-#define SECMOD_ARG_ESCAPE '\\'
-
-struct secmodargSlotFlagTable {
-    char *name;
-    int len;
-    unsigned long value;
-};
-
-#define SFTK_DEFAULT_CIPHER_ORDER 0
-#define SFTK_DEFAULT_TRUST_ORDER 50
-
-
-#define SECMOD_ARG_ENTRY(arg,flag) \
-{ #arg , sizeof(#arg)-1, flag }
-static struct secmodargSlotFlagTable secmod_argSlotFlagTable[] = {
-	SECMOD_ARG_ENTRY(RSA,SECMOD_RSA_FLAG),
-	SECMOD_ARG_ENTRY(DSA,SECMOD_RSA_FLAG),
-	SECMOD_ARG_ENTRY(RC2,SECMOD_RC4_FLAG),
-	SECMOD_ARG_ENTRY(RC4,SECMOD_RC2_FLAG),
-	SECMOD_ARG_ENTRY(DES,SECMOD_DES_FLAG),
-	SECMOD_ARG_ENTRY(DH,SECMOD_DH_FLAG),
-	SECMOD_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
-	SECMOD_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
-	SECMOD_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
-	SECMOD_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
-	SECMOD_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
-	SECMOD_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
-	SECMOD_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
-	SECMOD_ARG_ENTRY(AES,SECMOD_AES_FLAG),
-	SECMOD_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
-	SECMOD_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
-};
-
-#define SECMOD_HANDLE_STRING_ARG(param,target,value,command) \
-    if (PORT_Strncasecmp(param,value,sizeof(value)-1) == 0) { \
-	param += sizeof(value)-1; \
-	target = secmod_argFetchValue(param,&next); \
-	param += next; \
-	command ;\
-    } else  
-
-#define SECMOD_HANDLE_FINAL_ARG(param) \
-    { param = secmod_argSkipParameter(param); } param = secmod_argStrip(param);
-	
-
-static int secmod_argSlotFlagTableSize = 
-	sizeof(secmod_argSlotFlagTable)/sizeof(secmod_argSlotFlagTable[0]);
-
-
-static PRBool secmod_argGetPair(char c) {
-    switch (c) {
-    case '\'': return c;
-    case '\"': return c;
-    case '<': return '>';
-    case '{': return '}';
-    case '[': return ']';
-    case '(': return ')';
-    default: break;
-    }
-    return ' ';
-}
-
-static PRBool secmod_argIsBlank(char c) {
-   return isspace(c);
-}
-
-static PRBool secmod_argIsEscape(char c) {
-    return c == '\\';
-}
-
-static PRBool secmod_argIsQuote(char c) {
-    switch (c) {
-    case '\'':
-    case '\"':
-    case '<':
-    case '{': /* } end curly to keep vi bracket matching working */
-    case '(': /* ) */
-    case '[': /* ] */ return PR_TRUE;
-    default: break;
-    }
-    return PR_FALSE;
-}
-
-static PRBool secmod_argHasChar(char *v, char c)
-{
-   for ( ;*v; v++) {
-	if (*v == c) return PR_TRUE;
-   }
-   return PR_FALSE;
-}
-
-static PRBool secmod_argHasBlanks(char *v)
-{
-   for ( ;*v; v++) {
-	if (secmod_argIsBlank(*v)) return PR_TRUE;
-   }
-   return PR_FALSE;
-}
-
-static char *secmod_argStrip(char *c) {
-   while (*c && secmod_argIsBlank(*c)) c++;
-   return c;
-}
-
-static char *
-secmod_argFindEnd(char *string) {
-    char endChar = ' ';
-    PRBool lastEscape = PR_FALSE;
-
-    if (secmod_argIsQuote(*string)) {
-	endChar = secmod_argGetPair(*string);
-	string++;
-    }
-
-    for (;*string; string++) {
-	if (lastEscape) {
-	    lastEscape = PR_FALSE;
-	    continue;
-	}
-	if (secmod_argIsEscape(*string) && !lastEscape) {
-	    lastEscape = PR_TRUE;
-	    continue;
-	} 
-	if ((endChar == ' ') && secmod_argIsBlank(*string)) break;
-	if (*string == endChar) {
-	    break;
-	}
-    }
-
-    return string;
-}
-
-static char *
-secmod_argFetchValue(char *string, int *pcount)
-{
-    char *end = secmod_argFindEnd(string);
-    char *retString, *copyString;
-    PRBool lastEscape = PR_FALSE;
-
-    *pcount = (end - string)+1;
-
-    if (*pcount == 0) return NULL;
-
-    copyString = retString = (char *)PORT_Alloc(*pcount);
-    if (retString == NULL) return NULL;
-
-    if (secmod_argIsQuote(*string)) string++;
-    for (; string < end; string++) {
-	if (secmod_argIsEscape(*string) && !lastEscape) {
-	    lastEscape = PR_TRUE;
-	    continue;
-	}
-	lastEscape = PR_FALSE;
-	*copyString++ = *string;
-    }
-    *copyString = 0;
-    return retString;
-}
-
-static char *
-secmod_argSkipParameter(char *string) 
-{
-     char *end;
-     /* look for the end of the <name>= */
-     for (;*string; string++) {
-	if (*string == '=') { string++; break; }
-	if (secmod_argIsBlank(*string)) return(string); 
-     }
-
-     end = secmod_argFindEnd(string);
-     if (*end) end++;
-     return end;
-}
-
-
-static SECStatus
-secmod_argParseModuleSpec(char *modulespec, char **lib, char **mod, 
-					char **parameters, char **nss)
-{
-    int next;
-    modulespec = secmod_argStrip(modulespec);
-
-    *lib = *mod = *parameters = *nss = 0;
-
-    while (*modulespec) {
-	SECMOD_HANDLE_STRING_ARG(modulespec,*lib,SECMOD_ARG_LIBRARY_PARAMETER,;)
-	SECMOD_HANDLE_STRING_ARG(modulespec,*mod,SECMOD_ARG_NAME_PARAMETER,;)
-	SECMOD_HANDLE_STRING_ARG(modulespec,*parameters,
-						SECMOD_ARG_MODULE_PARAMETER,;)
-	SECMOD_HANDLE_STRING_ARG(modulespec,*nss,SECMOD_ARG_NSS_PARAMETER,;)
-	SECMOD_HANDLE_FINAL_ARG(modulespec)
-   }
-   return SECSuccess;
-}
-
-
-static char *
-secmod_argGetParamValue(char *paramName,char *parameters)
-{
-    char searchValue[256];
-    int paramLen = strlen(paramName);
-    char *returnValue = NULL;
-    int next;
-
-    if ((parameters == NULL) || (*parameters == 0)) return NULL;
-
-    PORT_Assert(paramLen+2 < sizeof(searchValue));
-
-    PORT_Strcpy(searchValue,paramName);
-    PORT_Strcat(searchValue,"=");
-    while (*parameters) {
-	if (PORT_Strncasecmp(parameters,searchValue,paramLen+1) == 0) {
-	    parameters += paramLen+1;
-	    returnValue = secmod_argFetchValue(parameters,&next);
-	    break;
-	} else {
-	    parameters = secmod_argSkipParameter(parameters);
-	}
-	parameters = secmod_argStrip(parameters);
-   }
-   return returnValue;
-}
-    
-
-static char *
-secmod_argNextFlag(char *flags)
-{
-    for (; *flags ; flags++) {
-	if (*flags == ',') {
-	    flags++;
-	    break;
-	}
-    }
-    return flags;
-}
-
-static PRBool
-secmod_argHasFlag(char *label, char *flag, char *parameters)
-{
-    char *flags,*index;
-    int len = strlen(flag);
-    PRBool found = PR_FALSE;
-
-    flags = secmod_argGetParamValue(label,parameters);
-    if (flags == NULL) return PR_FALSE;
-
-    for (index=flags; *index; index=secmod_argNextFlag(index)) {
-	if (PORT_Strncasecmp(index,flag,len) == 0) {
-	    found=PR_TRUE;
-	    break;
-	}
-    }
-    PORT_Free(flags);
-    return found;
-}
-
-static void
-secmod_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList)
-{
-    newCiphers[0] = newCiphers[1] = 0;
-    if ((cipherList == NULL) || (*cipherList == 0)) return;
-
-    for (;*cipherList; cipherList=secmod_argNextFlag(cipherList)) {
-	if (PORT_Strncasecmp(cipherList,SECMOD_ARG_FORTEZZA_FLAG,
-				sizeof(SECMOD_ARG_FORTEZZA_FLAG)-1) == 0) {
-	    newCiphers[0] |= SECMOD_FORTEZZA_FLAG;
-	} 
-
-	/* add additional flags here as necessary */
-	/* direct bit mapping escape */
-	if (*cipherList == 0) {
-	   if (cipherList[1] == 'l') {
-		newCiphers[1] |= atoi(&cipherList[2]);
-	   } else {
-		newCiphers[0] |= atoi(&cipherList[2]);
-	   }
-	}
-    }
-}
-
-
-/*
- * decode a number. handle octal (leading '0'), hex (leading '0x') or decimal
- */
-static long
-secmod_argDecodeNumber(char *num)
-{
-    int	radix = 10;
-    unsigned long value = 0;
-    long retValue = 0;
-    int sign = 1;
-    int digit;
-
-    if (num == NULL) return retValue;
-
-    num = secmod_argStrip(num);
-
-    if (*num == '-') {
-	sign = -1;
-	num++;
-    }
-
-    if (*num == '0') {
-	radix = 8;
-	num++;
-	if ((*num == 'x') || (*num == 'X')) {
-	    radix = 16;
-	    num++;
-	}
-    }
-
-   
-    for ( ;*num; num++ ) {
-	if (isdigit(*num)) {
-	    digit = *num - '0';
-	} else if ((*num >= 'a') && (*num <= 'f'))  {
-	    digit = *num - 'a' + 10;
-	} else if ((*num >= 'A') && (*num <= 'F'))  {
-	    digit = *num - 'A' + 10;
-	} else {
-	    break;
-	}
-	if (digit >= radix) break;
-	value = value*radix + digit;
-    }
-
-    retValue = ((int) value) * sign;
-    return retValue;
-}
-
-static long
-secmod_argReadLong(char *label,char *params, long defValue, PRBool *isdefault)
-{
-    char *value;
-    long retValue;
-    if (isdefault) *isdefault = PR_FALSE; 
-
-    value = secmod_argGetParamValue(label,params);
-    if (value == NULL) {
-	if (isdefault) *isdefault = PR_TRUE;
-	return defValue;
-    }
-    retValue = secmod_argDecodeNumber(value);
-    if (value) PORT_Free(value);
-
-    return retValue;
-}
-
-
-static unsigned long
-secmod_argSlotFlags(char *label,char *params)
-{
-    char *flags,*index;
-    unsigned long retValue = 0;
-    int i;
-    PRBool all = PR_FALSE;
-
-    flags = secmod_argGetParamValue(label,params);
-    if (flags == NULL) return 0;
-
-    if (PORT_Strcasecmp(flags,"all") == 0) all = PR_TRUE;
-
-    for (index=flags; *index; index=secmod_argNextFlag(index)) {
-	for (i=0; i < secmod_argSlotFlagTableSize; i++) {
-	    if (all || (PORT_Strncasecmp(index, secmod_argSlotFlagTable[i].name,
-				secmod_argSlotFlagTable[i].len) == 0)) {
-		retValue |= secmod_argSlotFlagTable[i].value;
-	    }
-	}
-    }
-    PORT_Free(flags);
-    return retValue;
-}
-
-
-static void
-secmod_argDecodeSingleSlotInfo(char *name, char *params, 
-                               PK11PreSlotInfo *slotInfo)
-{
-    char *askpw;
-
-    slotInfo->slotID=secmod_argDecodeNumber(name);
-    slotInfo->defaultFlags=secmod_argSlotFlags("slotFlags",params);
-    slotInfo->timeout=secmod_argReadLong("timeout",params, 0, NULL);
-
-    askpw = secmod_argGetParamValue("askpw",params);
-    slotInfo->askpw = 0;
-
-    if (askpw) {
-	if (PORT_Strcasecmp(askpw,"every") == 0) {
-    	    slotInfo->askpw = -1;
-	} else if (PORT_Strcasecmp(askpw,"timeout") == 0) {
-    	    slotInfo->askpw = 1;
-	} 
-	PORT_Free(askpw);
-	slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
-    }
-    slotInfo->hasRootCerts = secmod_argHasFlag("rootFlags", "hasRootCerts", 
-                                               params);
-    slotInfo->hasRootTrust = secmod_argHasFlag("rootFlags", "hasRootTrust", 
-                                               params);
-}
-
-static char *
-secmod_argGetName(char *inString, int *next) 
-{
-    char *name=NULL;
-    char *string;
-    int len;
-
-    /* look for the end of the <name>= */
-    for (string = inString;*string; string++) {
-	if (*string == '=') { break; }
-	if (secmod_argIsBlank(*string)) break;
-    }
-
-    len = string - inString;
-
-    *next = len; 
-    if (*string == '=') (*next) += 1;
-    if (len > 0) {
-	name = PORT_Alloc(len+1);
-	PORT_Strncpy(name,inString,len);
-	name[len] = 0;
-    }
-    return name;
-}
-
-static PK11PreSlotInfo *
-secmod_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
-{
-    char *slotIndex;
-    PK11PreSlotInfo *slotInfo = NULL;
-    int i=0,count = 0,next;
-
-    *retCount = 0;
-    if ((slotParams == NULL) || (*slotParams == 0))  return NULL;
-
-    /* first count the number of slots */
-    for (slotIndex = secmod_argStrip(slotParams); *slotIndex; 
-	 slotIndex = secmod_argStrip(secmod_argSkipParameter(slotIndex))) {
-	count++;
-    }
-
-    /* get the data structures */
-    if (arena) {
-	slotInfo = (PK11PreSlotInfo *) 
-			PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo));
-	PORT_Memset(slotInfo,0,count*sizeof(PK11PreSlotInfo));
-    } else {
-	slotInfo = (PK11PreSlotInfo *) 
-			PORT_ZAlloc(count*sizeof(PK11PreSlotInfo));
-    }
-    if (slotInfo == NULL) return NULL;
-
-    for (slotIndex = secmod_argStrip(slotParams), i = 0; 
-					*slotIndex && i < count ; ) {
-	char *name;
-	name = secmod_argGetName(slotIndex,&next);
-	slotIndex += next;
-
-	if (!secmod_argIsBlank(*slotIndex)) {
-	    char *args = secmod_argFetchValue(slotIndex,&next);
-	    slotIndex += next;
-	    if (args) {
-		secmod_argDecodeSingleSlotInfo(name,args,&slotInfo[i]);
-		i++;
-		PORT_Free(args);
-	    }
-	}
-	if (name) PORT_Free(name);
-	slotIndex = secmod_argStrip(slotIndex);
-    }
-    *retCount = i;
-    return slotInfo;
-}
-
-static char *secmod_nullString = "";
-
-static char *
-secmod_formatValue(PRArenaPool *arena, char *value, char quote)
-{
-    char *vp,*vp2,*retval;
-    int size = 0, escapes = 0;
-
-    for (vp=value; *vp ;vp++) {
-	if ((*vp == quote) || (*vp == SECMOD_ARG_ESCAPE)) escapes++;
-	size++;
-    }
-    if (arena) {
-	retval = PORT_ArenaZAlloc(arena,size+escapes+1);
-    } else {
-	retval = PORT_ZAlloc(size+escapes+1);
-    }
-    if (retval == NULL) return NULL;
-    vp2 = retval;
-    for (vp=value; *vp; vp++) {
-	if ((*vp == quote) || (*vp == SECMOD_ARG_ESCAPE)) 
-				*vp2++ = SECMOD_ARG_ESCAPE;
-	*vp2++ = *vp;
-    }
-    return retval;
-}
-    
-static char *secmod_formatPair(char *name,char *value, char quote)
-{
-    char openQuote = quote;
-    char closeQuote = secmod_argGetPair(quote);
-    char *newValue = NULL;
-    char *returnValue;
-    PRBool need_quote = PR_FALSE;
-
-    if (!value || (*value == 0)) return secmod_nullString;
-
-    if (secmod_argHasBlanks(value) || secmod_argIsQuote(value[0]))
-							 need_quote=PR_TRUE;
-
-    if ((need_quote && secmod_argHasChar(value,closeQuote))
-				 || secmod_argHasChar(value,SECMOD_ARG_ESCAPE)) {
-	value = newValue = secmod_formatValue(NULL, value,quote);
-	if (newValue == NULL) return secmod_nullString;
-    }
-    if (need_quote) {
-    	returnValue = PR_smprintf("%s=%c%s%c",name,openQuote,value,closeQuote);
-    } else {
-    	returnValue = PR_smprintf("%s=%s",name,value);
-    }
-    if (returnValue == NULL) returnValue = secmod_nullString;
-
-    if (newValue) PORT_Free(newValue);
-
-    return returnValue;
-}
-
-static char *secmod_formatIntPair(char *name, unsigned long value, 
-                                  unsigned long def)
-{
-    char *returnValue;
-
-    if (value == def) return secmod_nullString;
-
-    returnValue = PR_smprintf("%s=%d",name,value);
-
-    return returnValue;
-}
-
-static void
-secmod_freePair(char *pair)
-{
-    if (pair && pair != secmod_nullString) {
-	PR_smprintf_free(pair);
-    }
-}
-
-#define MAX_FLAG_SIZE  sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\
-				sizeof("moduleDBOnly")+sizeof("critical")
-static char *
-secmod_mkNSSFlags(PRBool internal, PRBool isFIPS,
-		PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
-{
-    char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
-    PRBool first = PR_TRUE;
-
-    PORT_Memset(flags,0,MAX_FLAG_SIZE);
-    if (internal) {
-	PORT_Strcat(flags,"internal");
-	first = PR_FALSE;
-    }
-    if (isFIPS) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"FIPS");
-	first = PR_FALSE;
-    }
-    if (isModuleDB) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"moduleDB");
-	first = PR_FALSE;
-    }
-    if (isModuleDBOnly) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"moduleDBOnly");
-	first = PR_FALSE;
-    }
-    if (isCritical) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"critical");
-	first = PR_FALSE;
-    }
-    return flags;
-}
-
-static char *
-secmod_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
-{
-    char *cipher = NULL;
-    int i;
-
-    for (i=0; i < sizeof(ssl0)*8; i++) {
-	if (ssl0 & (1<<i)) {
-	    char *string;
-	    if ((1<<i) == SECMOD_FORTEZZA_FLAG) {
-		string = PR_smprintf("%s","FORTEZZA");
-	    } else {
-		string = PR_smprintf("0h0x%08x",1<<i);
-	    }
-	    if (cipher) {
-		char *tmp;
-		tmp = PR_smprintf("%s,%s",cipher,string);
-		PR_smprintf_free(cipher);
-		PR_smprintf_free(string);
-		cipher = tmp;
-	    } else {
-		cipher = string;
-	    }
-	}
-    }
-    for (i=0; i < sizeof(ssl0)*8; i++) {
-	if (ssl1 & (1<<i)) {
-	    if (cipher) {
-		char *tmp;
-		tmp = PR_smprintf("%s,0l0x%08x",cipher,1<<i);
-		PR_smprintf_free(cipher);
-		cipher = tmp;
-	    } else {
-		cipher = PR_smprintf("0l0x%08x",1<<i);
-	    }
-	}
-    }
-
-    return cipher;
-}
-
-static char *
-secmod_mkSlotFlags(unsigned long defaultFlags)
-{
-    char *flags=NULL;
-    int i,j;
-
-    for (i=0; i < sizeof(defaultFlags)*8; i++) {
-	if (defaultFlags & (1<<i)) {
-	    char *string = NULL;
-
-	    for (j=0; j < secmod_argSlotFlagTableSize; j++) {
-		if (secmod_argSlotFlagTable[j].value == ( 1UL << i )) {
-		    string = secmod_argSlotFlagTable[j].name;
-		    break;
-		}
-	    }
-	    if (string) {
-		if (flags) {
-		    char *tmp;
-		    tmp = PR_smprintf("%s,%s",flags,string);
-		    PR_smprintf_free(flags);
-		    flags = tmp;
-		} else {
-		    flags = PR_smprintf("%s",string);
-		}
-	    }
-	}
-    }
-
-    return flags;
-}
-
-#define SECMOD_MAX_ROOT_FLAG_SIZE  sizeof("hasRootCerts")+sizeof("hasRootTrust")
-
-static char *
-secmod_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
-{
-    char *flags= (char *)PORT_ZAlloc(SECMOD_MAX_ROOT_FLAG_SIZE);
-    PRBool first = PR_TRUE;
-
-    PORT_Memset(flags,0,SECMOD_MAX_ROOT_FLAG_SIZE);
-    if (hasRootCerts) {
-	PORT_Strcat(flags,"hasRootCerts");
-	first = PR_FALSE;
-    }
-    if (hasRootTrust) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"hasRootTrust");
-	first = PR_FALSE;
-    }
-    return flags;
-}
-
-static char *
-secmod_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
-		  unsigned long timeout, unsigned char askpw_in,
-		  PRBool hasRootCerts, PRBool hasRootTrust) {
-    char *askpw,*flags,*rootFlags,*slotString;
-    char *flagPair,*rootFlagsPair;
-	
-    switch (askpw_in) {
-    case 0xff:
-	askpw = "every";
-	break;
-    case 1:
-	askpw = "timeout";
-	break;
-    default:
-	askpw = "any";
-	break;
-    }
-    flags = secmod_mkSlotFlags(defaultFlags);
-    rootFlags = secmod_mkRootFlags(hasRootCerts,hasRootTrust);
-    flagPair=secmod_formatPair("slotFlags",flags,'\'');
-    rootFlagsPair=secmod_formatPair("rootFlags",rootFlags,'\'');
-    if (flags) PR_smprintf_free(flags);
-    if (rootFlags) PORT_Free(rootFlags);
-    if (defaultFlags & PK11_OWN_PW_DEFAULTS) {
-    	slotString = PR_smprintf("0x%08lx=[%s askpw=%s timeout=%d %s]",
-				(PRUint32)slotID,flagPair,askpw,timeout,
-				rootFlagsPair);
-    } else {
-    	slotString = PR_smprintf("0x%08lx=[%s %s]",
-				(PRUint32)slotID,flagPair,rootFlagsPair);
-    }
-    secmod_freePair(flagPair);
-    secmod_freePair(rootFlagsPair);
-    return slotString;
-}
-
-static char *
-secmod_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
-	  PRBool isModuleDB,  PRBool isModuleDBOnly, PRBool isCritical, 
-	  unsigned long trustOrder, unsigned long cipherOrder,
-				unsigned long ssl0, unsigned long ssl1) {
-    int slotLen, i;
-    char *slotParams, *ciphers, *nss, *nssFlags, *tmp;
-    char *trustOrderPair,*cipherOrderPair,*slotPair,*cipherPair,*flagPair;
-
-
-    /* now let's build up the string
-     * first the slot infos
-     */
-    slotLen=0;
-    for (i=0; i < (int)slotCount; i++) {
-	slotLen += PORT_Strlen(slotStrings[i])+1;
-    }
-    slotLen += 1; /* space for the final NULL */
-
-    slotParams = (char *)PORT_ZAlloc(slotLen);
-    PORT_Memset(slotParams,0,slotLen);
-    for (i=0; i < (int)slotCount; i++) {
-	PORT_Strcat(slotParams,slotStrings[i]);
-	PORT_Strcat(slotParams," ");
-	PR_smprintf_free(slotStrings[i]);
-	slotStrings[i]=NULL;
-    }
-    
-    /*
-     * now the NSS structure
-     */
-    nssFlags = secmod_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
-							isCritical); 
-	/* for now only the internal module is critical */
-    ciphers = secmod_mkCipherFlags(ssl0, ssl1);
-
-    trustOrderPair=secmod_formatIntPair("trustOrder",trustOrder,
-					SFTK_DEFAULT_TRUST_ORDER);
-    cipherOrderPair=secmod_formatIntPair("cipherOrder",cipherOrder,
-					SFTK_DEFAULT_CIPHER_ORDER);
-    slotPair=secmod_formatPair("slotParams",slotParams,'{'); /* } */
-    if (slotParams) PORT_Free(slotParams);
-    cipherPair=secmod_formatPair("ciphers",ciphers,'\'');
-    if (ciphers) PR_smprintf_free(ciphers);
-    flagPair=secmod_formatPair("Flags",nssFlags,'\'');
-    if (nssFlags) PORT_Free(nssFlags);
-    nss = PR_smprintf("%s %s %s %s %s",trustOrderPair,
-			cipherOrderPair,slotPair,cipherPair,flagPair);
-    secmod_freePair(trustOrderPair);
-    secmod_freePair(cipherOrderPair);
-    secmod_freePair(slotPair);
-    secmod_freePair(cipherPair);
-    secmod_freePair(flagPair);
-    tmp = secmod_argStrip(nss);
-    if (*tmp == '\0') {
-	PR_smprintf_free(nss);
-	nss = NULL;
-    }
-    return nss;
-}
-
-static char *
-secmod_mkNewModuleSpec(char *dllName, char *commonName, char *parameters, 
-								char *NSS) {
-    char *moduleSpec;
-    char *lib,*name,*param,*nss;
-
-    /*
-     * now the final spec
-     */
-    lib = secmod_formatPair("library",dllName,'\"');
-    name = secmod_formatPair("name",commonName,'\"');
-    param = secmod_formatPair("parameters",parameters,'\"');
-    nss = secmod_formatPair("NSS",NSS,'\"');
-    moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss);
-    secmod_freePair(lib);
-    secmod_freePair(name);
-    secmod_freePair(param);
-    secmod_freePair(nss);
-    return (moduleSpec);
-}
-
--- a/mozilla/security/nss/lib/softoken/pkcs11.c
+++ b/mozilla/security/nss/lib/softoken/pkcs11.c
--- a/mozilla/security/nss/lib/softoken/pkcs11.h
+++ b/mozilla/security/nss/lib/softoken/pkcs11.h
@@ -1,323 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   RSA Labs
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- *
- * The latest version of this header can be found at:
- *    http://www.rsalabs.com/pkcs/pkcs-11/index.html
- */
-#ifndef _PKCS11_H_
-#define _PKCS11_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Before including this file (pkcs11.h) (or pkcs11t.h by
- * itself), 6 platform-specific macros must be defined.  These
- * macros are described below, and typical definitions for them
- * are also given.  Be advised that these definitions can depend
- * on both the platform and the compiler used (and possibly also
- * on whether a PKCS #11 library is linked statically or
- * dynamically).
- *
- * In addition to defining these 6 macros, the packing convention
- * for PKCS #11 structures should be set.  The PKCS #11
- * convention on packing is that structures should be 1-byte
- * aligned.
- *
- * In a Win32 environment, this might be done by using the
- * following preprocessor directive before including pkcs11.h
- * or pkcs11t.h:
- *
- * #pragma pack(push, cryptoki, 1)
- *
- * and using the following preprocessor directive after including
- * pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(pop, cryptoki)
- *
- * In a Win16 environment, this might be done by using the
- * following preprocessor directive before including pkcs11.h
- * or pkcs11t.h:
- *
- * #pragma pack(1)
- *
- * In a UNIX environment, you're on your own here.  You might
- * not need to do anything.
- *
- *
- * Now for the macros:
- *
- *
- * 1. CK_PTR: The indirection string for making a pointer to an
- * object.  It can be used like this:
- *
- * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
- *
- * In a Win32 environment, it might be defined by
- *
- * #define CK_PTR *
- *
- * In a Win16 environment, it might be defined by
- *
- * #define CK_PTR far *
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_PTR *
- *
- *
- * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
- * an exportable PKCS #11 library function definition out of a
- * return type and a function name.  It should be used in the
- * following fashion to define the exposed PKCS #11 functions in
- * a PKCS #11 library:
- *
- * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
- *   CK_VOID_PTR pReserved
- * )
- * {
- *   ...
- * }
- *
- * For defining a function in a Win32 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- *   returnType __declspec(dllexport) name
- *
- * For defining a function in a Win16 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- *   returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- *   returnType name
- *
- *
- * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
- * an importable PKCS #11 library function declaration out of a
- * return type and a function name.  It should be used in the
- * following fashion:
- *
- * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
- *   CK_VOID_PTR pReserved
- * );
- *
- * For declaring a function in a Win32 PKCS #11 .dll, it might
- * be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __declspec(dllimport) name
- *
- * For declaring a function in a Win16 PKCS #11 .dll, it might
- * be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType name
- *
- *
- * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
- * which makes a PKCS #11 API function pointer declaration or
- * function pointer type declaration out of a return type and a
- * function name.  It should be used in the following fashion:
- *
- * // Define funcPtr to be a pointer to a PKCS #11 API function
- * // taking arguments args and returning CK_RV.
- * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
- *
- * or
- *
- * // Define funcPtrType to be the type of a pointer to a
- * // PKCS #11 API function taking arguments args and returning
- * // CK_RV, and then define funcPtr to be a variable of type
- * // funcPtrType.
- * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
- * funcPtrType funcPtr;
- *
- * For accessing functions in a Win32 PKCS #11 .dll, in might be
- * defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __declspec(dllimport) (* name)
- *
- * For accessing functions in a Win16 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __export _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType (* name)
- *
- *
- * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
- * a function pointer type for an application callback out of
- * a return type for the callback and a name for the callback.
- * It should be used in the following fashion:
- *
- * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
- *
- * to declare a function pointer, myCallback, to a callback
- * which takes arguments args and returns a CK_RV.  It can also
- * be used like this:
- *
- * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
- * myCallbackType myCallback;
- *
- * In a Win32 environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- * In a Win16 environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- *
- * 6. NULL_PTR: This macro is the value of a NULL pointer.
- *
- * In any ANSI/ISO C environment (and in many others as well),
- * this should be defined by
- *
- * #ifndef NULL_PTR
- * #define NULL_PTR 0
- * #endif
- */
-
-
-/* All the various PKCS #11 types and #define'd values are in the
- * file pkcs11t.h. */
-#include "pkcs11t.h"
-
-#define __PASTE(x,y)      x##y
-
-
-/* packing defines */
-#include "pkcs11p.h"
-/* ==============================================================
- * Define the "extern" form of all the entry points.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  CK_DECLARE_FUNCTION(CK_RV, name)
-
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define the typedef form of all the entry points.  That is, for
- * each PKCS #11 function C_XXX, define a type CK_C_XXX which is
- * a pointer to that kind of function.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define structed vector of entry points.  A CK_FUNCTION_LIST
- * contains a CK_VERSION indicating a library's PKCS #11 version
- * and then a whole slew of function pointers to the routines in
- * the library.  This type was declared, but not defined, in
- * pkcs11t.h.
- * ==============================================================
- */
-
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  __PASTE(CK_,name) name;
-  
-struct CK_FUNCTION_LIST {
-
-  CK_VERSION    version;  /* PKCS #11 version */
-
-/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h" 
-
-};
-
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-/* unpack */
-#include "pkcs11u.h"
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
--- a/mozilla/security/nss/lib/softoken/pkcs11c.c
+++ b/mozilla/security/nss/lib/softoken/pkcs11c.c
--- a/mozilla/security/nss/lib/softoken/pkcs11f.h
+++ b/mozilla/security/nss/lib/softoken/pkcs11f.h
@@ -1,937 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* This function contains pretty much everything about all the */
-/* PKCS #11  function prototypes.  Because this information is */
-/* used for more than just declaring function prototypes, the */
-/* order of the functions appearing herein is important, and */
-/* should not be altered. */
-
-
-
-/* General-purpose */
-
-/* C_Initialize initializes the PKCS #11 library. */
-CK_PKCS11_FUNCTION_INFO(C_Initialize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pInitArgs  /* if this is not NULL_PTR, it gets
-                            * cast to CK_C_INITIALIZE_ARGS_PTR
-                            * and dereferenced */
-);
-#endif
-
-
-/* C_Finalize indicates that an application is done with the
- * PKCS #11 library. */
-CK_PKCS11_FUNCTION_INFO(C_Finalize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pReserved  /* reserved.  Should be NULL_PTR */
-);
-#endif
-
-
-/* C_GetInfo returns general information about PKCS #11. */
-CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_INFO_PTR   pInfo  /* location that receives information */
-);
-#endif
-
-
-/* C_GetFunctionList returns the function list. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FUNCTION_LIST_PTR_PTR ppFunctionList  /* receives pointer to
-                                            * function list */
-);
-#endif
-
-
-
-/* Slot and token management */
-
-/* C_GetSlotList obtains a list of slots in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_BBOOL       tokenPresent,  /* only slots with tokens? */
-  CK_SLOT_ID_PTR pSlotList,     /* receives array of slot IDs */
-  CK_ULONG_PTR   pulCount       /* receives number of slots */
-);
-#endif
-
-
-/* C_GetSlotInfo obtains information about a particular slot in
- * the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID       slotID,  /* the ID of the slot */
-  CK_SLOT_INFO_PTR pInfo    /* receives the slot information */
-);
-#endif
-
-
-/* C_GetTokenInfo obtains information about a particular token
- * in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID        slotID,  /* ID of the token's slot */
-  CK_TOKEN_INFO_PTR pInfo    /* receives the token information */
-);
-#endif
-
-
-/* C_GetMechanismList obtains a list of mechanism types
- * supported by a token. */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,          /* ID of token's slot */
-  CK_MECHANISM_TYPE_PTR pMechanismList,  /* gets mech. array */
-  CK_ULONG_PTR          pulCount         /* gets # of mechs. */
-);
-#endif
-
-
-/* C_GetMechanismInfo obtains information about a particular
- * mechanism possibly supported by a token. */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,  /* ID of the token's slot */
-  CK_MECHANISM_TYPE     type,    /* type of mechanism */
-  CK_MECHANISM_INFO_PTR pInfo    /* receives mechanism info */
-);
-#endif
-
-
-/* C_InitToken initializes a token. */
-CK_PKCS11_FUNCTION_INFO(C_InitToken)
-#ifdef CK_NEED_ARG_LIST
-(
-/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-  CK_SLOT_ID         slotID,    /* ID of the token's slot */
-  CK_CHAR_PTR        pPin,      /* the SO's initial PIN */
-  CK_ULONG           ulPinLen,  /* length in bytes of the PIN */
-  CK_UTF8CHAR_PTR    pLabel     /* 32-byte token label (blank padded) */
-);
-#endif
-
-
-/* C_InitPIN initializes the normal user's PIN. */
-CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_CHAR_PTR       pPin,      /* the normal user's PIN */
-  CK_ULONG          ulPinLen   /* length in bytes of the PIN */
-);
-#endif
-
-
-/* C_SetPIN modifies the PIN of the user who is logged in. */
-CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_CHAR_PTR       pOldPin,   /* the old PIN */
-  CK_ULONG          ulOldLen,  /* length of the old PIN */
-  CK_CHAR_PTR       pNewPin,   /* the new PIN */
-  CK_ULONG          ulNewLen   /* length of the new PIN */
-);
-#endif
-
-
-
-/* Session management */
-
-/* C_OpenSession opens a session between an application and a
- * token. */
-CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,        /* the slot's ID */
-  CK_FLAGS              flags,         /* from CK_SESSION_INFO */
-  CK_VOID_PTR           pApplication,  /* passed to callback */
-  CK_NOTIFY             Notify,        /* callback function */
-  CK_SESSION_HANDLE_PTR phSession      /* gets session handle */
-);
-#endif
-
-
-/* C_CloseSession closes a session between an application and a
- * token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CloseAllSessions closes all sessions with a token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID     slotID  /* the token's slot */
-);
-#endif
-
-
-/* C_GetSessionInfo obtains information about the session. */
-CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE   hSession,  /* the session's handle */
-  CK_SESSION_INFO_PTR pInfo      /* receives session info */
-);
-#endif
-
-
-/* C_GetOperationState obtains the state of the cryptographic operation
- * in a session. */
-CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,             /* session's handle */
-  CK_BYTE_PTR       pOperationState,      /* gets state */
-  CK_ULONG_PTR      pulOperationStateLen  /* gets state length */
-);
-#endif
-
-
-/* C_SetOperationState restores the state of the cryptographic
- * operation in a session. */
-CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR      pOperationState,      /* holds state */
-  CK_ULONG         ulOperationStateLen,  /* holds state length */
-  CK_OBJECT_HANDLE hEncryptionKey,       /* en/decryption key */
-  CK_OBJECT_HANDLE hAuthenticationKey    /* sign/verify key */
-);
-#endif
-
-
-/* C_Login logs a user into a token. */
-CK_PKCS11_FUNCTION_INFO(C_Login)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_USER_TYPE      userType,  /* the user type */
-  CK_CHAR_PTR       pPin,      /* the user's PIN */
-  CK_ULONG          ulPinLen   /* the length of the PIN */
-);
-#endif
-
-
-/* C_Logout logs a user out from a token. */
-CK_PKCS11_FUNCTION_INFO(C_Logout)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Object management */
-
-/* C_CreateObject creates a new object. */
-CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,   /* the object's template */
-  CK_ULONG          ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phObject  /* gets new object's handle. */
-);
-#endif
-
-
-/* C_CopyObject copies an object, creating a new object for the
- * copy. */
-CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_OBJECT_HANDLE     hObject,     /* the object's handle */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new object */
-  CK_ULONG             ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phNewObject  /* receives handle of copy */
-);
-#endif
-
-
-/* C_DestroyObject destroys an object. */
-CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject    /* the object's handle */
-);
-#endif
-
-
-/* C_GetObjectSize gets the size of an object in bytes. */
-CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,   /* the object's handle */
-  CK_ULONG_PTR      pulSize    /* receives size of object */
-);
-#endif
-
-
-/* C_GetAttributeValue obtains the value of one or more object
- * attributes. */
-CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs; gets vals */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_SetAttributeValue modifies the value of one or more object
- * attributes */
-CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs and values */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_FindObjectsInit initializes a search for token and session
- * objects that match a template. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* attribute values to match */
-  CK_ULONG          ulCount     /* attrs in search template */
-);
-#endif
-
-
-/* C_FindObjects continues a search for token and session
- * objects that match a template, obtaining additional object
- * handles. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE    hSession,          /* session's handle */
- CK_OBJECT_HANDLE_PTR phObject,          /* gets obj. handles */
- CK_ULONG             ulMaxObjectCount,  /* max handles to get */
- CK_ULONG_PTR         pulObjectCount     /* actual # returned */
-);
-#endif
-
-
-/* C_FindObjectsFinal finishes a search for token and session
- * objects. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Encryption and decryption */
-
-/* C_EncryptInit initializes an encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the encryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of encryption key */
-);
-#endif
-
-
-/* C_Encrypt encrypts single-part data. */
-CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pData,               /* the plaintext data */
-  CK_ULONG          ulDataLen,           /* bytes of plaintext */
-  CK_BYTE_PTR       pEncryptedData,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedDataLen  /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptUpdate continues a multiple-part encryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pPart,              /* the plaintext data */
-  CK_ULONG          ulPartLen,          /* plaintext data len */
-  CK_BYTE_PTR       pEncryptedPart,     /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptFinal finishes a multiple-part encryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,                /* session handle */
-  CK_BYTE_PTR       pLastEncryptedPart,      /* last c-text */
-  CK_ULONG_PTR      pulLastEncryptedPartLen  /* gets last size */
-);
-#endif
-
-
-/* C_DecryptInit initializes a decryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the decryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of decryption key */
-);
-#endif
-
-
-/* C_Decrypt decrypts encrypted data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pEncryptedData,     /* ciphertext */
-  CK_ULONG          ulEncryptedDataLen, /* ciphertext length */
-  CK_BYTE_PTR       pData,              /* gets plaintext */
-  CK_ULONG_PTR      pulDataLen          /* gets p-text size */
-);
-#endif
-
-
-/* C_DecryptUpdate continues a multiple-part decryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* encrypted data */
-  CK_ULONG          ulEncryptedPartLen,  /* input length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* p-text size */
-);
-#endif
-
-
-/* C_DecryptFinal finishes a multiple-part decryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pLastPart,      /* gets plaintext */
-  CK_ULONG_PTR      pulLastPartLen  /* p-text size */
-);
-#endif
-
-
-
-/* Message digesting */
-
-/* C_DigestInit initializes a message-digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism  /* the digesting mechanism */
-);
-#endif
-
-
-/* C_Digest digests data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Digest)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pData,        /* data to be digested */
-  CK_ULONG          ulDataLen,    /* bytes of data to digest */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets digest length */
-);
-#endif
-
-
-/* C_DigestUpdate continues a multiple-part message-digesting
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* data to be digested */
-  CK_ULONG          ulPartLen  /* bytes of data to be digested */
-);
-#endif
-
-
-/* C_DigestKey continues a multi-part message-digesting
- * operation, by digesting the value of a secret key as part of
- * the data already digested. */
-CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hKey       /* secret key to digest */
-);
-#endif
-
-
-/* C_DigestFinal finishes a multiple-part message-digesting
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets byte count of digest */
-);
-#endif
-
-
-
-/* Signing and MACing */
-
-/* C_SignInit initializes a signature (private key encryption)
- * operation, where the signature is (will be) an appendix to
- * the data, and plaintext cannot be recovered from the
- *signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of signature key */
-);
-#endif
-
-
-/* C_Sign signs (encrypts with private key) data in a single
- * part, where the signature is (will be) an appendix to the
- * data, and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_Sign)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* the data to sign */
-  CK_ULONG          ulPartLen  /* count of bytes to sign */
-);
-#endif
-
-
-/* C_SignFinal finishes a multiple-part signature operation, 
- * returning the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignRecoverInit initializes a signature operation, where
- * the data can be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism, /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey        /* handle of the signature key */
-);
-#endif
-
-
-/* C_SignRecover signs data in a single operation, where the
- * data can be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-
-/* Verifying signatures and MACs */
-
-/* C_VerifyInit initializes a verification operation, where the
- * signature is an appendix to the data, and plaintext cannot
- *  cannot be recovered from the signature (e.g. DSA). */
-CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */ 
-);
-#endif
-
-
-/* C_Verify verifies a signature in a single-part operation, 
- * where the signature is an appendix to the data, and plaintext
- * cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_Verify)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pData,          /* signed data */
-  CK_ULONG          ulDataLen,      /* length of signed data */
-  CK_BYTE_PTR       pSignature,     /* signature */
-  CK_ULONG          ulSignatureLen  /* signature length*/
-);
-#endif
-
-
-/* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* signed data */
-  CK_ULONG          ulPartLen  /* length of signed data */
-);
-#endif
-
-
-/* C_VerifyFinal finishes a multiple-part verification
- * operation, checking the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pSignature,     /* signature to verify */
-  CK_ULONG          ulSignatureLen  /* signature length */
-);
-#endif
-
-
-/* C_VerifyRecoverInit initializes a signature verification
- * operation, where the data is recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */
-);
-#endif
-
-
-/* C_VerifyRecover verifies a signature in a single-part
- * operation, where the data is recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* signature to verify */
-  CK_ULONG          ulSignatureLen,  /* signature length */
-  CK_BYTE_PTR       pData,           /* gets signed data */
-  CK_ULONG_PTR      pulDataLen       /* gets signed data len */
-);
-#endif
-
-
-
-/* Dual-function cryptographic operations */
-
-/* C_DigestEncryptUpdate continues a multiple-part digesting
- * and encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptDigestUpdate continues a multiple-part decryption and
- * digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets plaintext len */
-);
-#endif
-
-
-/* C_SignEncryptUpdate continues a multiple-part signing and
- * encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptVerifyUpdate continues a multiple-part decryption and
- * verify operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets p-text length */
-);
-#endif
-
-
-
-/* Key management */
-
-/* C_GenerateKey generates a secret key, creating a new key
- * object. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_MECHANISM_PTR     pMechanism,  /* key generation mech. */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new key */
-  CK_ULONG             ulCount,     /* # of attrs in template */
-  CK_OBJECT_HANDLE_PTR phKey        /* gets handle of new key */
-);
-#endif
-
-
-/* C_GenerateKeyPair generates a public-key/private-key pair, 
- * creating new key objects. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,                    /* session
-                                                     * handle */
-  CK_MECHANISM_PTR     pMechanism,                  /* key-gen
-                                                     * mech. */
-  CK_ATTRIBUTE_PTR     pPublicKeyTemplate,          /* template
-                                                     * for pub.
-                                                     * key */
-  CK_ULONG             ulPublicKeyAttributeCount,   /* # pub.
-                                                     * attrs. */
-  CK_ATTRIBUTE_PTR     pPrivateKeyTemplate,         /* template
-                                                     * for priv.
-                                                     * key */
-  CK_ULONG             ulPrivateKeyAttributeCount,  /* # priv.
-                                                     * attrs. */
-  CK_OBJECT_HANDLE_PTR phPublicKey,                 /* gets pub.
-                                                     * key
-                                                     * handle */
-  CK_OBJECT_HANDLE_PTR phPrivateKey                 /* gets
-                                                     * priv. key
-                                                     * handle */
-);
-#endif
-
-
-/* C_WrapKey wraps (i.e., encrypts) a key. */
-CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,      /* the wrapping mechanism */
-  CK_OBJECT_HANDLE  hWrappingKey,    /* wrapping key */
-  CK_OBJECT_HANDLE  hKey,            /* key to be wrapped */
-  CK_BYTE_PTR       pWrappedKey,     /* gets wrapped key */
-  CK_ULONG_PTR      pulWrappedKeyLen /* gets wrapped key size */
-);
-#endif
-
-
-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
- * key object. */
-CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* unwrapping mech. */
-  CK_OBJECT_HANDLE     hUnwrappingKey,    /* unwrapping key */
-  CK_BYTE_PTR          pWrappedKey,       /* the wrapped key */
-  CK_ULONG             ulWrappedKeyLen,   /* wrapped key len */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-/* C_DeriveKey derives a key from a base key, creating a new key
- * object. */
-CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* key deriv. mech. */
-  CK_OBJECT_HANDLE     hBaseKey,          /* base key */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-
-/* Random number generation */
-
-/* C_SeedRandom mixes additional seed material into the token's
- * random number generator. */
-CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pSeed,     /* the seed material */
-  CK_ULONG          ulSeedLen  /* length of seed material */
-);
-#endif
-
-
-/* C_GenerateRandom generates random data. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_BYTE_PTR       RandomData,  /* receives the random data */
-  CK_ULONG          ulRandomLen  /* # of bytes to generate */
-);
-#endif
-
-
-
-/* Parallel function management */
-
-/* C_GetFunctionStatus is a legacy function; it obtains an
- * updated status of a function running in parallel with an
- * application. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CancelFunction is a legacy function; it cancels a function
- * running in parallel. */
-CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Functions added in for PKCS #11 Version 2.01 or later */
-
-/* C_WaitForSlotEvent waits for a slot event (token insertion,
- * removal, etc.) to occur. */
-CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FLAGS flags,        /* blocking/nonblocking flag */
-  CK_SLOT_ID_PTR pSlot,  /* location that receives the slot ID */
-  CK_VOID_PTR pRserved   /* reserved.  Should be NULL_PTR */
-);
-#endif
--- a/mozilla/security/nss/lib/softoken/pkcs11i.h
+++ b/mozilla/security/nss/lib/softoken/pkcs11i.h
@@ -1,697 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Internal data structures and functions used by pkcs11.c
- */
-#ifndef _PKCS11I_H_
-#define _PKCS11I_H_ 1
-
-#include "nssilock.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "lowkeyti.h"
-#include "pkcs11t.h"
-#include "pcertt.h"
-
-
-/* 
- * Configuration Defines 
- *
- * The following defines affect the space verse speed trade offs of
- * the PKCS #11 module. For the most part the current settings are optimized
- * for web servers, where we want faster speed and lower lock contention at
- * the expense of space.
- */
-
-/* 
- * The attribute allocation strategy is static allocation:
- *   Attributes are pre-allocated as part of the session object and used from
- *   the object array.
- */
-#define MAX_OBJS_ATTRS 45	/* number of attributes to preallocate in
-				 * the object (must me the absolute max) */
-#define ATTR_SPACE 50  		/* Maximum size of attribute data before extra
-				 * data needs to be allocated. This is set to
-				 * enough space to hold an SSL MASTER secret */
-
-#define NSC_STRICT      PR_FALSE  /* forces the code to do strict template
-				   * matching when doing C_FindObject on token
-				   * objects. This will slow down search in
-				   * NSS. */
-/* default search block allocations and increments */
-#define NSC_CERT_BLOCK_SIZE     50
-#define NSC_SEARCH_BLOCK_SIZE   5 
-#define NSC_SLOT_LIST_BLOCK_SIZE 10
-
-#define NSC_FIPS_MODULE 1
-#define NSC_NON_FIPS_MODULE 0
-
-/* these are data base storage hashes, not cryptographic hashes.. The define
- * the effective size of the various object hash tables */
-/* clients care more about memory usage than lookup performance on
- * cyrptographic objects. Clients also have less objects around to play with 
- *
- * we eventually should make this configurable at runtime! Especially now that
- * NSS is a shared library.
- */
-#define SPACE_ATTRIBUTE_HASH_SIZE 32 
-#define SPACE_TOKEN_OBJECT_HASH_SIZE 32
-#define SPACE_SESSION_HASH_SIZE 32
-#define TIME_ATTRIBUTE_HASH_SIZE 32
-#define TIME_TOKEN_OBJECT_HASH_SIZE 1024
-#define TIME_SESSION_HASH_SIZE 1024
-#define MAX_OBJECT_LIST_SIZE 800  
-				  /* how many objects to keep on the free list
-				   * before we start freeing them */
-#define MAX_KEY_LEN 256
-
-#define MULTIACCESS "multiaccess:"
-
-/*
- * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
- * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
- * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
- *
- * HASH_SIZE   LOG2_BUCKETS_PER   BUCKETS_PER_LOCK  NUMBER_OF_BUCKETS
- * 1024        9                  512               2
- * 1024        5                  32                32
- * 1024        1                  2                 512
- * 1024        0                  1                 1024
- * 4096        11                 2048              2
- * 4096        9                  512               8
- * 4096        5                  32                128
- * 4096        1                  2                 2048
- * 4096        0                  1                 4096
- */
-#define LOG2_BUCKETS_PER_SESSION_LOCK 1
-#define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
-/* NOSPREAD sessionID to hash table index macro has been slower. */
-
-/* define typedefs, double as forward declarations as well */
-typedef struct SFTKAttributeStr SFTKAttribute;
-typedef struct SFTKObjectListStr SFTKObjectList;
-typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
-typedef struct SFTKObjectListElementStr SFTKObjectListElement;
-typedef struct SFTKObjectStr SFTKObject;
-typedef struct SFTKSessionObjectStr SFTKSessionObject;
-typedef struct SFTKTokenObjectStr SFTKTokenObject;
-typedef struct SFTKSessionStr SFTKSession;
-typedef struct SFTKSlotStr SFTKSlot;
-typedef struct SFTKSessionContextStr SFTKSessionContext;
-typedef struct SFTKSearchResultsStr SFTKSearchResults;
-typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
-typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
-typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
-
-/* define function pointer typdefs for pointer tables */
-typedef void (*SFTKDestroy)(void *, PRBool);
-typedef void (*SFTKBegin)(void *);
-typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
-					void *, unsigned int);
-typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
-typedef void (*SFTKHash)(void *,void *,unsigned int);
-typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
-typedef void (*SFTKFree)(void *);
-
-/* Value to tell if an attribute is modifiable or not.
- *    NEVER: attribute is only set on creation.
- *    ONCOPY: attribute is set on creation and can only be changed on copy.
- *    SENSITIVE: attribute can only be changed to TRUE.
- *    ALWAYS: attribute can always be changed.
- */
-typedef enum {
-	SFTK_NEVER = 0,
-	SFTK_ONCOPY = 1,
-	SFTK_SENSITIVE = 2,
-	SFTK_ALWAYS = 3
-} SFTKModifyType;
-
-/*
- * Free Status Enum... tell us more information when we think we're
- * deleting an object.
- */
-typedef enum {
-	SFTK_DestroyFailure,
-	SFTK_Destroyed,
-	SFTK_Busy
-} SFTKFreeStatus;
-
-/*
- * attribute values of an object.
- */
-struct SFTKAttributeStr {
-    SFTKAttribute  	*next;
-    SFTKAttribute  	*prev;
-    PRBool		freeAttr;
-    PRBool		freeData;
-    /*must be called handle to make sftkqueue_find work */
-    CK_ATTRIBUTE_TYPE	handle;
-    CK_ATTRIBUTE 	attrib;
-    unsigned char space[ATTR_SPACE];
-};
-
-
-/*
- * doubly link list of objects
- */
-struct SFTKObjectListStr {
-    SFTKObjectList *next;
-    SFTKObjectList *prev;
-    SFTKObject	   *parent;
-};
-
-struct SFTKObjectFreeListStr {
-    SFTKObject	*head;
-    PZLock	*lock;
-    int		count;
-};
-
-/*
- * PKCS 11 crypto object structure
- */
-struct SFTKObjectStr {
-    SFTKObject *next;
-    SFTKObject	*prev;
-    CK_OBJECT_CLASS 	objclass;
-    CK_OBJECT_HANDLE	handle;
-    int 		refCount;
-    PZLock 		*refLock;
-    SFTKSlot	   	*slot;
-    void 		*objectInfo;
-    SFTKFree 		infoFree;
-};
-
-struct SFTKTokenObjectStr {
-    SFTKObject  obj;
-    SECItem	dbKey;
-};
-
-struct SFTKSessionObjectStr {
-    SFTKObject	   obj;
-    SFTKObjectList sessionList;
-    PZLock		*attributeLock;
-    SFTKSession   	*session;
-    PRBool		wasDerived;
-    int nextAttr;
-    SFTKAttribute	attrList[MAX_OBJS_ATTRS];
-    PRBool		optimizeSpace;
-    unsigned int	hashSize;
-    SFTKAttribute 	*head[1];
-};
-
-/*
- * struct to deal with a temparary list of objects
- */
-struct SFTKObjectListElementStr {
-    SFTKObjectListElement	*next;
-    SFTKObject 			*object;
-};
-
-/*
- * Area to hold Search results
- */
-struct SFTKSearchResultsStr {
-    CK_OBJECT_HANDLE	*handles;
-    int			size;
-    int			index;
-    int			array_size;
-};
-
-
-/* 
- * the universal crypto/hash/sign/verify context structure
- */
-typedef enum {
-    SFTK_ENCRYPT,
-    SFTK_DECRYPT,
-    SFTK_HASH,
-    SFTK_SIGN,
-    SFTK_SIGN_RECOVER,
-    SFTK_VERIFY,
-    SFTK_VERIFY_RECOVER
-} SFTKContextType;
-
-
-#define SFTK_MAX_BLOCK_SIZE 16
-/* currently SHA512 is the biggest hash length */
-#define SFTK_MAX_MAC_LENGTH 64
-#define SFTK_INVALID_MAC_SIZE 0xffffffff
-
-struct SFTKSessionContextStr {
-    SFTKContextType	type;
-    PRBool		multi; 		/* is multipart */
-    PRBool		doPad; 		/* use PKCS padding for block ciphers */
-    unsigned int	blockSize; 	/* blocksize for padding */
-    unsigned int	padDataLength; 	/* length of the valid data in padbuf */
-    unsigned char	padBuf[SFTK_MAX_BLOCK_SIZE];
-    unsigned char	macBuf[SFTK_MAX_BLOCK_SIZE];
-    CK_ULONG		macSize;	/* size of a general block cipher mac*/
-    void		*cipherInfo;
-    void		*hashInfo;
-    unsigned int	cipherInfoLen;
-    CK_MECHANISM_TYPE	currentMech;
-    SFTKCipher		update;
-    SFTKHash		hashUpdate;
-    SFTKEnd		end;
-    SFTKDestroy		destroy;
-    SFTKDestroy		hashdestroy;
-    SFTKVerify		verify;
-    unsigned int	maxLen;
-    SFTKObject		*key;
-};
-
-/*
- * Sessions (have objects)
- */
-struct SFTKSessionStr {
-    SFTKSession        *next;
-    SFTKSession        *prev;
-    CK_SESSION_HANDLE	handle;
-    int			refCount;
-    PZLock		*objectLock;
-    int			objectIDCount;
-    CK_SESSION_INFO	info;
-    CK_NOTIFY		notify;
-    CK_VOID_PTR		appData;
-    SFTKSlot		*slot;
-    SFTKSearchResults	*search;
-    SFTKSessionContext	*enc_context;
-    SFTKSessionContext	*hash_context;
-    SFTKSessionContext	*sign_context;
-    SFTKObjectList	*objects[1];
-};
-
-/*
- * slots (have sessions and objects)
- *
- * The array of sessionLock's protect the session hash table (head[])
- * as well as the reference count of session objects in that bucket
- * (head[]->refCount),  objectLock protects all elements of the token
- * object hash table (tokObjects[], tokenIDCount, and tokenHashTable),
- * and slotLock protects the remaining protected elements:
- * password, isLoggedIn, ssoLoggedIn, and sessionCount
- */
-struct SFTKSlotStr {
-    CK_SLOT_ID		slotID;
-    PZLock		*slotLock;
-    PZLock		**sessionLock;
-    unsigned int	numSessionLocks;
-    unsigned long	sessionLockMask;
-    PZLock		*objectLock;
-    SECItem		*password;
-    PRBool		hasTokens;
-    PRBool		isLoggedIn;
-    PRBool		ssoLoggedIn;
-    PRBool		needLogin;
-    PRBool		DB_loaded;
-    PRBool		readOnly;
-    PRBool		optimizeSpace;
-    NSSLOWCERTCertDBHandle *certDB;
-    NSSLOWKEYDBHandle	*keyDB;
-    int			minimumPinLen;
-    PRInt32		sessionIDCount;  /* atomically incremented */
-    int			sessionIDConflict;  /* not protected by a lock */
-    int			sessionCount;
-    PRInt32             rwSessionCount; /* set by atomic operations */
-    int			tokenIDCount;
-    int			index;
-    PLHashTable		*tokenHashTable;
-    SFTKObject		**tokObjects;
-    unsigned int	tokObjHashSize;
-    SFTKSession		**head;
-    unsigned int	sessHashSize;
-    char		tokDescription[33];
-    char		slotDescription[64];
-};
-
-/*
- * special joint operations Contexts
- */
-struct SFTKHashVerifyInfoStr {
-    SECOidTag   	hashOid;
-    NSSLOWKEYPublicKey	*key;
-};
-
-struct SFTKHashSignInfoStr {
-    SECOidTag   	hashOid;
-    NSSLOWKEYPrivateKey	*key;
-};
-
-/* context for the Final SSLMAC message */
-struct SFTKSSLMACInfoStr {
-    void 		*hashContext;
-    SFTKBegin		begin;
-    SFTKHash		update;
-    SFTKEnd		end;
-    CK_ULONG		macSize;
-    int			padSize;
-    unsigned char	key[MAX_KEY_LEN];
-    unsigned int	keySize;
-};
-
-/*
- * session handle modifiers
- */
-#define SFTK_SESSION_SLOT_MASK	0xff000000L
-
-/*
- * object handle modifiers
- */
-#define SFTK_TOKEN_MASK		0x80000000L
-#define SFTK_TOKEN_MAGIC	0x80000000L
-#define SFTK_TOKEN_TYPE_MASK	0x70000000L
-/* keydb (high bit == 0) */
-#define SFTK_TOKEN_TYPE_PRIV	0x10000000L
-#define SFTK_TOKEN_TYPE_PUB	0x20000000L
-#define SFTK_TOKEN_TYPE_KEY	0x30000000L
-/* certdb (high bit == 1) */
-#define SFTK_TOKEN_TYPE_TRUST	0x40000000L
-#define SFTK_TOKEN_TYPE_CRL	0x50000000L
-#define SFTK_TOKEN_TYPE_SMIME	0x60000000L
-#define SFTK_TOKEN_TYPE_CERT	0x70000000L
-
-#define SFTK_TOKEN_KRL_HANDLE	(SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
-/* how big a password/pin we can deal with */
-#define SFTK_MAX_PIN	255
-
-/* slot ID's */
-#define NETSCAPE_SLOT_ID 1
-#define PRIVATE_KEY_SLOT_ID 2
-#define FIPS_SLOT_ID 3
-
-/* slot helper macros */
-#define sftk_SlotFromSession(sp) ((sp)->slot)
-#define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
-
-/* the session hash multiplier (see bug 201081) */
-#define SHMULTIPLIER 1791398085
-
-/* queueing helper macros */
-#define sftk_hash(value,size) \
-	((PRUint32)((value) * SHMULTIPLIER) & (size-1))
-#define sftkqueue_add(element,id,head,hash_size) \
-	{ int tmp = sftk_hash(id,hash_size); \
-	(element)->next = (head)[tmp]; \
-	(element)->prev = NULL; \
-	if ((head)[tmp]) (head)[tmp]->prev = (element); \
-	(head)[tmp] = (element); }
-#define sftkqueue_find(element,id,head,hash_size) \
-	for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
-					 (element) = (element)->next) { \
-	    if ((element)->handle == (id)) { break; } }
-#define sftkqueue_is_queued(element,id,head,hash_size) \
-	( ((element)->next) || ((element)->prev) || \
-	 ((head)[sftk_hash(id,hash_size)] == (element)) )
-#define sftkqueue_delete(element,id,head,hash_size) \
-	if ((element)->next) (element)->next->prev = (element)->prev; \
-	if ((element)->prev) (element)->prev->next = (element)->next; \
-	   else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
-	(element)->next = NULL; \
-	(element)->prev = NULL; \
-
-#define sftkqueue_init_element(element) \
-    (element)->prev = NULL;
-
-#define sftkqueue_add2(element, id, index, head) \
-    {                                            \
-	(element)->next = (head)[index];         \
-	if ((head)[index])                       \
-	    (head)[index]->prev = (element);     \
-	(head)[index] = (element);               \
-    }
-
-#define sftkqueue_find2(element, id, index, head) \
-    for ( (element) = (head)[index];              \
-          (element) != NULL;                      \
-          (element) = (element)->next) {          \
-	if ((element)->handle == (id)) { break; } \
-    }
-
-#define sftkqueue_delete2(element, id, index, head) \
-	if ((element)->next) (element)->next->prev = (element)->prev; \
-	if ((element)->prev) (element)->prev->next = (element)->next; \
-	   else (head)[index] = ((element)->next);
-
-#define sftkqueue_clear_deleted_element(element) \
-	(element)->next = NULL; \
-	(element)->prev = NULL; \
-
-
-/* sessionID (handle) is used to determine session lock bucket */
-#ifdef NOSPREAD
-/* NOSPREAD:	(ID>>L2LPB) & (perbucket-1) */
-#define SFTK_SESSION_LOCK(slot,handle) \
-    ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
-        & (slot)->sessionLockMask])
-#else
-/* SPREAD:	ID & (perbucket-1) */
-#define SFTK_SESSION_LOCK(slot,handle) \
-    ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
-#endif
-
-/* expand an attribute & secitem structures out */
-#define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
-#define sftk_item_expand(ip) (ip)->data,(ip)->len
-
-typedef struct sftk_token_parametersStr {
-    CK_SLOT_ID slotID;
-    char *configdir;
-    char *certPrefix;
-    char *keyPrefix;
-    char *tokdes;
-    char *slotdes;
-    int minPW; 
-    PRBool readOnly;
-    PRBool noCertDB;
-    PRBool noKeyDB;
-    PRBool forceOpen;
-    PRBool pwRequired;
-    PRBool optimizeSpace;
-} sftk_token_parameters;
-
-typedef struct sftk_parametersStr {
-    char *configdir;
-    char *secmodName;
-    char *man;
-    char *libdes; 
-    PRBool readOnly;
-    PRBool noModDB;
-    PRBool noCertDB;
-    PRBool forceOpen;
-    PRBool pwRequired;
-    PRBool optimizeSpace;
-    sftk_token_parameters *tokens;
-    int token_count;
-} sftk_parameters;
-
-
-/* machine dependent path stuff used by dbinit.c and pk11db.c */
-#ifdef macintosh
-#define PATH_SEPARATOR ":"
-#define SECMOD_DB "Security Modules"
-#define CERT_DB_FMT "%sCertificates%s"
-#define KEY_DB_FMT "%sKey Database%s"
-#else
-#define PATH_SEPARATOR "/"
-#define SECMOD_DB "secmod.db"
-#define CERT_DB_FMT "%scert%s.db"
-#define KEY_DB_FMT "%skey%s.db"
-#endif
-
-SEC_BEGIN_PROTOS
-
-extern int nsf_init;
-extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
-extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
-extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, 
-	CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
-/* shared functions between PKCS11.c and SFTKFIPS.c */
-extern CK_RV SFTK_SlotInit(char *configdir,sftk_token_parameters *params, 
-							int moduleIndex);
-
-/* internal utility functions used by pkcs11.c */
-extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
-					 CK_ATTRIBUTE_TYPE type);
-extern void sftk_FreeAttribute(SFTKAttribute *attribute);
-extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-				   void *valPtr,
-				  CK_ULONG length);
-extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
-				    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
-							 unsigned int bufLen);
-extern CK_RV sftk_ConstrainAttribute(SFTKObject *object, 
-	CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
-extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern void sftk_DeleteAttributeType(SFTKObject *object,
-				     CK_ATTRIBUTE_TYPE type);
-extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
-				    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
-				     SFTKObject *object,
-				     CK_ATTRIBUTE_TYPE type);
-extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
-				      CK_OBJECT_CLASS inClass);
-extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
-extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
-extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-                                                         CK_ULONG *longData);
-extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-				 void *value, unsigned int len);
-extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-				   void *value, unsigned int len);
-extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
-
-extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
-extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
-extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
-extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
-extern void sftk_ReferenceObject(SFTKObject *object);
-extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
-					 SFTKSession *session);
-extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
-extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
-
-extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
-				   SFTKObject **head, unsigned int size,
-				   PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
-				   int count, PRBool isLoggedIn);
-extern SFTKObjectListElement *sftk_FreeObjectListElement(
-					     SFTKObjectListElement *objectList);
-extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
-extern void sftk_FreeSearch(SFTKSearchResults *search);
-extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
-
-extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID);
-extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
-extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
-extern void sftk_FreeSession(SFTKSession *session);
-extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
-				    CK_VOID_PTR pApplication, CK_FLAGS flags);
-extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
-extern void sftk_update_all_states(SFTKSlot *slot);
-extern void sftk_FreeContext(SFTKSessionContext *context);
-extern void sftk_InitFreeLists(void);
-extern void sftk_CleanupFreeLists(void);
-
-extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
-					  CK_KEY_TYPE key_type, CK_RV *crvp);
-extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
-					    CK_KEY_TYPE key_type, CK_RV *crvp);
-extern void sftk_FormatDESKey(unsigned char *key, int length);
-extern PRBool sftk_CheckDESKey(unsigned char *key);
-extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
-
-extern CK_RV secmod_parseParameters(char *param, sftk_parameters *parsed,
-								PRBool isFIPS);
-extern void secmod_freeParams(sftk_parameters *params);
-extern char *secmod_getSecmodName(char *params, char **domain, 
-						char **filename, PRBool *rw);
-extern char ** secmod_ReadPermDB(const char *domain, const char *filename, 
-			const char *dbname, char *params, PRBool rw);
-extern SECStatus secmod_DeletePermDB(const char *domain, const char *filename,
-			const char *dbname, char *args, PRBool rw);
-extern SECStatus secmod_AddPermDB(const char *domain, const char *filename,
-			const char *dbname, char *module, PRBool rw);
-extern SECStatus secmod_ReleasePermDBData(const char *domain, 
-	const char *filename, const char *dbname, char **specList, PRBool rw);
-/* mechanism allows this operation */
-extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
-/*
- * OK there are now lots of options here, lets go through them all:
- *
- * configdir - base directory where all the cert, key, and module datbases live.
- * certPrefix - prefix added to the beginning of the cert database example: "
- *                      "https-server1-"
- * keyPrefix - prefix added to the beginning of the key database example: "
- *                      "https-server1-"
- * secmodName - name of the security module database (usually "secmod.db").
- * readOnly - Boolean: true if the databases are to be openned read only.
- * nocertdb - Don't open the cert DB and key DB's, just initialize the
- *                      Volatile certdb.
- * nomoddb - Don't open the security module DB, just initialize the
- *                      PKCS #11 module.
- * forceOpen - Continue to force initializations even if the databases cannot
- *                      be opened.
- */
-CK_RV sftk_DBInit(const char *configdir, const char *certPrefix,
-	 	const char *keyPrefix, PRBool readOnly, PRBool noCertDB, 
-		PRBool noKeyDB, PRBool forceOpen, 
-		NSSLOWCERTCertDBHandle **certDB, NSSLOWKEYDBHandle **keyDB);
-
-void sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, 
-		     NSSLOWKEYDBHandle *keyHandle);
-
-const char *sftk_EvaluateConfigDir(const char *configdir, char **domain);
-
-/*
- * narrow objects
- */
-SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
-SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
-
-/*
- * token object utilities
- */
-void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
-PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, 
-						CK_OBJECT_HANDLE handle);
-PRBool sftk_tokenMatch(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class,
-                                        CK_ATTRIBUTE_PTR theTemplate,int count);
-CK_OBJECT_HANDLE sftk_mkHandle(SFTKSlot *slot, 
-					SECItem *dbKey, CK_OBJECT_HANDLE class);
-SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, 
-						CK_OBJECT_HANDLE handle);
-SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
-
-/****************************************
- * implement TLS Pseudo Random Function (PRF)
- */
-
-extern SECStatus
-sftk_PRF(const SECItem *secret, const char *label, SECItem *seed, 
-         SECItem *result, PRBool isFIPS);
-
-extern CK_RV
-sftk_TLSPRFInit(SFTKSessionContext *context, 
-		  SFTKObject *        key, 
-		  CK_KEY_TYPE         key_type);
-
-SEC_END_PROTOS
-
-#endif /* _PKCS11I_H_ */
--- a/mozilla/security/nss/lib/softoken/pkcs11n.h
+++ b/mozilla/security/nss/lib/softoken/pkcs11n.h
@@ -1,236 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Stephen Henson <stephen.henson@gemplus.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _PKCS11N_H_
-#define _PKCS11N_H_
-
-#ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.12 $ $Date: 2005-01-20 02:25:50 $";
-#endif /* DEBUG */
-
-/*
- * pkcs11n.h
- *
- * This file contains the NSS-specific type definitions for Cryptoki
- * (PKCS#11).
- */
-
-/*
- * NSSCK_VENDOR_NETSCAPE
- *
- * Cryptoki reserves the high half of all the number spaces for
- * vendor-defined use.  I'd like to keep all of our Netscape-
- * specific values together, but not in the oh-so-obvious
- * 0x80000001, 0x80000002, etc. area.  So I've picked an offset,
- * and constructed values for the beginnings of our spaces.
- *
- * Note that some "historical" Netscape values don't fall within
- * this range.
- */
-#define NSSCK_VENDOR_NETSCAPE 0x4E534350 /* NSCP */
-
-/*
- * Netscape-defined object classes
- * 
- */
-#define CKO_NETSCAPE (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKO_NETSCAPE_CRL                (CKO_NETSCAPE + 1)
-#define CKO_NETSCAPE_SMIME              (CKO_NETSCAPE + 2)
-#define CKO_NETSCAPE_TRUST              (CKO_NETSCAPE + 3)
-#define CKO_NETSCAPE_BUILTIN_ROOT_LIST  (CKO_NETSCAPE + 4)
-
-/*
- * Netscape-defined key types
- *
- */
-#define CKK_NETSCAPE (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKK_NETSCAPE_PKCS8              (CKK_NETSCAPE + 1)
-/*
- * Netscape-defined certificate types
- *
- */
-#define CKC_NETSCAPE (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-/*
- * Netscape-defined object attributes
- *
- */
-#define CKA_NETSCAPE (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKA_NETSCAPE_URL                (CKA_NETSCAPE +  1)
-#define CKA_NETSCAPE_EMAIL              (CKA_NETSCAPE +  2)
-#define CKA_NETSCAPE_SMIME_INFO         (CKA_NETSCAPE +  3)
-#define CKA_NETSCAPE_SMIME_TIMESTAMP    (CKA_NETSCAPE +  4)
-#define CKA_NETSCAPE_PKCS8_SALT         (CKA_NETSCAPE +  5)
-#define CKA_NETSCAPE_PASSWORD_CHECK     (CKA_NETSCAPE +  6)
-#define CKA_NETSCAPE_EXPIRES            (CKA_NETSCAPE +  7)
-#define CKA_NETSCAPE_KRL                (CKA_NETSCAPE +  8)
-
-#define CKA_NETSCAPE_PQG_COUNTER        (CKA_NETSCAPE +  20)
-#define CKA_NETSCAPE_PQG_SEED           (CKA_NETSCAPE +  21)
-#define CKA_NETSCAPE_PQG_H              (CKA_NETSCAPE +  22)
-#define CKA_NETSCAPE_PQG_SEED_BITS      (CKA_NETSCAPE +  23)
-
-/*
- * Trust attributes:
- *
- * If trust goes standard, these probably will too.  So I'll
- * put them all in one place.
- */
-
-#define CKA_TRUST (CKA_NETSCAPE + 0x2000)
-
-/* "Usage" key information */
-#define CKA_TRUST_DIGITAL_SIGNATURE     (CKA_TRUST +  1)
-#define CKA_TRUST_NON_REPUDIATION       (CKA_TRUST +  2)
-#define CKA_TRUST_KEY_ENCIPHERMENT      (CKA_TRUST +  3)
-#define CKA_TRUST_DATA_ENCIPHERMENT     (CKA_TRUST +  4)
-#define CKA_TRUST_KEY_AGREEMENT         (CKA_TRUST +  5)
-#define CKA_TRUST_KEY_CERT_SIGN         (CKA_TRUST +  6)
-#define CKA_TRUST_CRL_SIGN              (CKA_TRUST +  7)
-
-/* "Purpose" trust information */
-#define CKA_TRUST_SERVER_AUTH           (CKA_TRUST +  8)
-#define CKA_TRUST_CLIENT_AUTH           (CKA_TRUST +  9)
-#define CKA_TRUST_CODE_SIGNING          (CKA_TRUST + 10)
-#define CKA_TRUST_EMAIL_PROTECTION      (CKA_TRUST + 11)
-#define CKA_TRUST_IPSEC_END_SYSTEM      (CKA_TRUST + 12)
-#define CKA_TRUST_IPSEC_TUNNEL          (CKA_TRUST + 13)
-#define CKA_TRUST_IPSEC_USER            (CKA_TRUST + 14)
-#define CKA_TRUST_TIME_STAMPING         (CKA_TRUST + 15)
-#define CKA_TRUST_STEP_UP_APPROVED      (CKA_TRUST + 16)
-
-#define CKA_CERT_SHA1_HASH	        (CKA_TRUST + 100)
-#define CKA_CERT_MD5_HASH		(CKA_TRUST + 101)
-
-/* Netscape trust stuff */
-/* XXX fgmr new ones here-- step-up, etc. */
-
-/* HISTORICAL: define used to pass in the database key for DSA private keys */
-#define CKA_NETSCAPE_DB                 0xD5A0DB00L
-#define CKA_NETSCAPE_TRUST              0x80000001L
-
-/*
- * Netscape-defined crypto mechanisms
- *
- */
-#define CKM_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKM_NETSCAPE_AES_KEY_WRAP      (CKM_NETSCAPE + 1)
-#define CKM_NETSCAPE_AES_KEY_WRAP_PAD  (CKM_NETSCAPE + 2)
-
-/*
- * HISTORICAL:
- * Do not attempt to use these. They are only used by NETSCAPE's internal
- * PKCS #11 interface. Most of these are place holders for other mechanism
- * and will change in the future.
- */
-#define CKM_NETSCAPE_PBE_SHA1_DES_CBC           0x80000002L
-#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC    0x80000003L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC    0x80000004L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC   0x80000005L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4        0x80000006L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4       0x80000007L
-#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC   0x80000008L
-#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN      0x80000009L
-#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN       0x8000000aL
-#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN       0x8000000bL
-
-#define CKM_TLS_PRF_GENERAL                     0x80000373L
-
-/*
- * Netscape-defined return values
- *
- */
-#define CKR_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKR_NETSCAPE_CERTDB_FAILED      (CKR_NETSCAPE + 1)
-#define CKR_NETSCAPE_KEYDB_FAILED       (CKR_NETSCAPE + 2)
-
-/*
- * Trust info
- *
- * This isn't part of the Cryptoki standard (yet), so I'm putting
- * all the definitions here.  Some of this would move to nssckt.h
- * if trust info were made part of the standard.  In view of this
- * possibility, I'm putting my (Netscape) values in the netscape
- * vendor space, like everything else.
- */
-
-typedef CK_ULONG          CK_TRUST;
-
-/* The following trust types are defined: */
-#define CKT_VENDOR_DEFINED     0x80000000
-
-#define CKT_NETSCAPE (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-/* If trust goes standard, these'll probably drop out of vendor space. */
-#define CKT_NETSCAPE_TRUSTED            (CKT_NETSCAPE + 1)
-#define CKT_NETSCAPE_TRUSTED_DELEGATOR  (CKT_NETSCAPE + 2)
-#define CKT_NETSCAPE_UNTRUSTED          (CKT_NETSCAPE + 3)
-#define CKT_NETSCAPE_MUST_VERIFY        (CKT_NETSCAPE + 4)
-#define CKT_NETSCAPE_TRUST_UNKNOWN      (CKT_NETSCAPE + 5) /* default */
-
-/* 
- * These may well remain Netscape-specific; I'm only using them
- * to cache resolution data.
- */
-#define CKT_NETSCAPE_VALID              (CKT_NETSCAPE + 10)
-#define CKT_NETSCAPE_VALID_DELEGATOR    (CKT_NETSCAPE + 11)
-
-
-/*
- * These are not really PKCS #11 values specifically. They are the 'loadable'
- * module spec NSS uses. The are available for others to use as well, but not
- * part of the formal PKCS #11 spec.
- *
- * The function 'FIND' returns an array of PKCS #11 initialization strings
- * The function 'ADD' takes a PKCS #11 initialization string and stores it.
- * The function 'DEL' takes a 'name= library=' value and deletes the associated
- *  string.
- * The function 'RELEASE' frees the array returned by 'FIND'
- */
-#define SECMOD_MODULE_DB_FUNCTION_FIND  0
-#define SECMOD_MODULE_DB_FUNCTION_ADD   1
-#define SECMOD_MODULE_DB_FUNCTION_DEL   2
-#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 
-typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
-                                        char *parameters, void *moduleSpec);
-
-#endif /* _PKCS11N_H_ */
--- a/mozilla/security/nss/lib/softoken/pkcs11p.h
+++ b/mozilla/security/nss/lib/softoken/pkcs11p.h
@@ -1,54 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security Inc. Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* these data types are platform/implementation dependent. */
-/*
- * Packing was removed from the shipped RSA header files, even
- * though it's still needed. put in a central file to help merging..
- */
-
-#if defined(_WIN32)
-#ifdef _MSC_VER
-#pragma warning(disable:4103)
-#endif
-#pragma pack(push, cryptoki, 1)
-#endif
-
--- a/mozilla/security/nss/lib/softoken/pkcs11t.h
+++ b/mozilla/security/nss/lib/softoken/pkcs11t.h
--- a/mozilla/security/nss/lib/softoken/pkcs11u.c
+++ b/mozilla/security/nss/lib/softoken/pkcs11u.c
--- a/mozilla/security/nss/lib/softoken/pkcs11u.h
+++ b/mozilla/security/nss/lib/softoken/pkcs11u.h
@@ -1,52 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security Inc. Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/*
- * reset any packing set by pkcs11p.h
- */
-
-#if defined (_WIN32)
-#ifdef _MSC_VER
-#pragma warning(disable:4103)
-#endif
-#pragma pack(pop, cryptoki)
-#endif
-
--- a/mozilla/security/nss/lib/softoken/rawhash.c
+++ b/mozilla/security/nss/lib/softoken/rawhash.c
@@ -1,138 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nspr.h"
-#include "sechash.h"
-#include "blapi.h"	/* below the line */
-
-
-static void *
-null_hash_new_context(void)
-{
-    return NULL;
-}
-
-static void *
-null_hash_clone_context(void *v)
-{
-    PORT_Assert(v == NULL);
-    return NULL;
-}
-
-static void
-null_hash_begin(void *v)
-{
-}
-
-static void
-null_hash_update(void *v, const unsigned char *input, unsigned int length)
-{
-}
-
-static void
-null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
-	      unsigned int maxOut)
-{
-    *outLen = 0;
-}
-
-static void
-null_hash_destroy_context(void *v, PRBool b)
-{
-    PORT_Assert(v == NULL);
-}
-
-
-const SECHashObject SECRawHashObjects[] = {
-  { 0,
-    (void * (*)(void)) null_hash_new_context,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) null_hash_destroy_context,
-    (void (*)(void *)) null_hash_begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
-    (void (*)(void *, unsigned char *, unsigned int *,
-	      unsigned int)) null_hash_end
-  },
-  { MD2_LENGTH,
-    (void * (*)(void)) MD2_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) MD2_DestroyContext,
-    (void (*)(void *)) MD2_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) MD2_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD2_End
-  },
-  { MD5_LENGTH,
-    (void * (*)(void)) MD5_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) MD5_DestroyContext,
-    (void (*)(void *)) MD5_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) MD5_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_End
-  },
-  { SHA1_LENGTH,
-    (void * (*)(void)) SHA1_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA1_DestroyContext,
-    (void (*)(void *)) SHA1_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End
-  },
-  { SHA256_LENGTH,
-    (void * (*)(void)) SHA256_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA256_DestroyContext,
-    (void (*)(void *)) SHA256_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA256_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA256_End
-  },
-  { SHA384_LENGTH,
-    (void * (*)(void)) SHA384_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA384_DestroyContext,
-    (void (*)(void *)) SHA384_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA384_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA384_End
-  },
-  { SHA512_LENGTH,
-    (void * (*)(void)) SHA512_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA512_DestroyContext,
-    (void (*)(void *)) SHA512_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA512_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA512_End
-  },
-};
-
--- a/mozilla/security/nss/lib/softoken/rsawrapr.c
+++ b/mozilla/security/nss/lib/softoken/rsawrapr.c
@@ -1,879 +0,0 @@
-/*
- * PKCS#1 encoding and decoding functions.
- * This file is believed to contain no code licensed from other parties.
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: rsawrapr.c,v 1.8 2005-04-04 09:27:42 julien.pierre.bugs%sun.com Exp $ */
-
-#include "blapi.h"
-#include "softoken.h"
-#include "sechash.h"
-
-#include "lowkeyi.h"
-#include "secerr.h"
-
-#define RSA_BLOCK_MIN_PAD_LEN		8
-#define RSA_BLOCK_FIRST_OCTET		0x00
-#define RSA_BLOCK_PRIVATE0_PAD_OCTET	0x00
-#define RSA_BLOCK_PRIVATE_PAD_OCTET	0xff
-#define RSA_BLOCK_AFTER_PAD_OCTET	0x00
-
-#define OAEP_SALT_LEN		8
-#define OAEP_PAD_LEN		8
-#define OAEP_PAD_OCTET		0x00
-
-#define FLAT_BUFSIZE 512	/* bytes to hold flattened SHA1Context. */
-
-static SHA1Context *
-SHA1_CloneContext(SHA1Context *original)
-{
-    SHA1Context *  clone	= NULL;
-    unsigned char *pBuf;
-    int            sha1ContextSize = SHA1_FlattenSize(original);
-    SECStatus      frv;
-    unsigned char  buf[FLAT_BUFSIZE];
-
-    PORT_Assert(sizeof buf >= sha1ContextSize);
-    if (sizeof buf >= sha1ContextSize) {
-    	pBuf = buf;
-    } else {
-        pBuf = PORT_Alloc(sha1ContextSize);
-	if (!pBuf)
-	    goto done;
-    }
-
-    frv = SHA1_Flatten(original, pBuf);
-    if (frv == SECSuccess) {
-	clone = SHA1_Resurrect(pBuf, NULL);
-	memset(pBuf, 0, sha1ContextSize);
-    }
-done:
-    if (pBuf != buf)
-    	PORT_Free(pBuf);
-    return clone;
-}
-
-/*
- * Modify data by XORing it with a special hash of salt.
- */
-static SECStatus
-oaep_xor_with_h1(unsigned char *data, unsigned int datalen,
-		 unsigned char *salt, unsigned int saltlen)
-{
-    SHA1Context *sha1cx;
-    unsigned char *dp, *dataend;
-    unsigned char end_octet;
-
-    sha1cx = SHA1_NewContext();
-    if (sha1cx == NULL) {
-	return SECFailure;
-    }
-
-    /*
-     * Get a hash of salt started; we will use it several times,
-     * adding in a different end octet (x00, x01, x02, ...).
-     */
-    SHA1_Begin (sha1cx);
-    SHA1_Update (sha1cx, salt, saltlen);
-    end_octet = 0;
-
-    dp = data;
-    dataend = data + datalen;
-
-    while (dp < dataend) {
-	SHA1Context *sha1cx_h1;
-	unsigned int sha1len, sha1off;
-	unsigned char sha1[SHA1_LENGTH];
-
-	/*
-	 * Create hash of (salt || end_octet)
-	 */
-	sha1cx_h1 = SHA1_CloneContext (sha1cx);
-	SHA1_Update (sha1cx_h1, &end_octet, 1);
-	SHA1_End (sha1cx_h1, sha1, &sha1len, sizeof(sha1));
-	SHA1_DestroyContext (sha1cx_h1, PR_TRUE);
-	PORT_Assert (sha1len == SHA1_LENGTH);
-
-	/*
-	 * XOR that hash with the data.
-	 * When we have fewer than SHA1_LENGTH octets of data
-	 * left to xor, use just the low-order ones of the hash.
-	 */
-	sha1off = 0;
-	if ((dataend - dp) < SHA1_LENGTH)
-	    sha1off = SHA1_LENGTH - (dataend - dp);
-	while (sha1off < SHA1_LENGTH)
-	    *dp++ ^= sha1[sha1off++];
-
-	/*
-	 * Bump for next hash chunk.
-	 */
-	end_octet++;
-    }
-
-    return SECSuccess;
-}
-
-/*
- * Modify salt by XORing it with a special hash of data.
- */
-static SECStatus
-oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen,
-		 unsigned char *data, unsigned int datalen)
-{
-    unsigned char sha1[SHA1_LENGTH];
-    unsigned char *psalt, *psha1, *saltend;
-    SECStatus rv;
-
-    /*
-     * Create a hash of data.
-     */
-    rv = SHA1_HashBuf (sha1, data, datalen);
-    if (rv != SECSuccess) {
-	return rv;
-    }
-
-    /*
-     * XOR the low-order octets of that hash with salt.
-     */
-    PORT_Assert (saltlen <= SHA1_LENGTH);
-    saltend = salt + saltlen;
-    psalt = salt;
-    psha1 = sha1 + SHA1_LENGTH - saltlen;
-    while (psalt < saltend) {
-	*psalt++ ^= *psha1++;
-    }
-
-    return SECSuccess;
-}
-
-/*
- * Format one block of data for public/private key encryption using
- * the rules defined in PKCS #1.
- */
-static unsigned char *
-rsa_FormatOneBlock(unsigned modulusLen, RSA_BlockType blockType,
-		   SECItem *data)
-{
-    unsigned char *block;
-    unsigned char *bp;
-    int padLen;
-    int i;
-
-    block = (unsigned char *) PORT_Alloc(modulusLen);
-    if (block == NULL)
-	return NULL;
-
-    bp = block;
-
-    /*
-     * All RSA blocks start with two octets:
-     *	0x00 || BlockType
-     */
-    *bp++ = RSA_BLOCK_FIRST_OCTET;
-    *bp++ = (unsigned char) blockType;
-
-    switch (blockType) {
-
-      /*
-       * Blocks intended for private-key operation.
-       */
-      case RSA_BlockPrivate0: /* essentially unused */
-      case RSA_BlockPrivate:	 /* preferred method */
-	/*
-	 * 0x00 || BT || Pad || 0x00 || ActualData
-	 *   1      1   padLen    1      data->len
-	 * Pad is either all 0x00 or all 0xff bytes, depending on blockType.
-	 */
-	padLen = modulusLen - data->len - 3;
-	PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
-	if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-	PORT_Memset (bp,
-		   blockType == RSA_BlockPrivate0
-			? RSA_BLOCK_PRIVATE0_PAD_OCTET
-			: RSA_BLOCK_PRIVATE_PAD_OCTET,
-		   padLen);
-	bp += padLen;
-	*bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
-	PORT_Memcpy (bp, data->data, data->len);
-	break;
-
-      /*
-       * Blocks intended for public-key operation.
-       */
-      case RSA_BlockPublic:
-
-	/*
-	 * 0x00 || BT || Pad || 0x00 || ActualData
-	 *   1      1   padLen    1      data->len
-	 * Pad is all non-zero random bytes.
-	 */
-	padLen = modulusLen - data->len - 3;
-	PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
-	if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-	for (i = 0; i < padLen; i++) {
-	    /* Pad with non-zero random data. */
-	    do {
-		RNG_GenerateGlobalRandomBytes(bp + i, 1);
-	    } while (bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
-	}
-	bp += padLen;
-	*bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
-	PORT_Memcpy (bp, data->data, data->len);
-
-	break;
-
-      /*
-       * Blocks intended for public-key operation, using
-       * Optimal Asymmetric Encryption Padding (OAEP).
-       */
-      case RSA_BlockOAEP:
-	/*
-	 * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData)
-	 *   1      1     OAEP_SALT_LEN     OAEP_PAD_LEN + data->len [+ N]
-	 *
-	 * where:
-	 *   PaddedData is "Pad1 || ActualData [|| Pad2]"
-	 *   Salt is random data.
-	 *   Pad1 is all zeros.
-	 *   Pad2, if present, is random data.
-	 *   (The "modified" fields are all the same length as the original
-	 * unmodified values; they are just xor'd with other values.)
-	 *
-	 *   Modified1 is an XOR of PaddedData with a special octet
-	 * string constructed of iterated hashing of Salt (see below).
-	 *   Modified2 is an XOR of Salt with the low-order octets of
-	 * the hash of Modified1 (see farther below ;-).
-	 *
-	 * Whew!
-	 */
-
-
-	/*
-	 * Salt
-	 */
-	RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
-	bp += OAEP_SALT_LEN;
-
-	/*
-	 * Pad1
-	 */
-	PORT_Memset (bp, OAEP_PAD_OCTET, OAEP_PAD_LEN);
-	bp += OAEP_PAD_LEN;
-
-	/*
-	 * Data
-	 */
-	PORT_Memcpy (bp, data->data, data->len);
-	bp += data->len;
-
-	/*
-	 * Pad2
-	 */
-	if (bp < (block + modulusLen))
-	    RNG_GenerateGlobalRandomBytes(bp, block - bp + modulusLen);
-
-	/*
-	 * Now we have the following:
-	 * 0x00 || BT || Salt || PaddedData
-	 * (From this point on, "Pad1 || Data [|| Pad2]" is treated
-	 * as the one entity PaddedData.)
-	 *
-	 * We need to turn PaddedData into Modified1.
-	 */
-	if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN,
-			     modulusLen - 2 - OAEP_SALT_LEN,
-			     block + 2, OAEP_SALT_LEN) != SECSuccess) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-
-	/*
-	 * Now we have:
-	 * 0x00 || BT || Salt || Modified1(PaddedData)
-	 *
-	 * The remaining task is to turn Salt into Modified2.
-	 */
-	if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN,
-			     block + 2 + OAEP_SALT_LEN,
-			     modulusLen - 2 - OAEP_SALT_LEN) != SECSuccess) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-
-	break;
-
-      default:
-	PORT_Assert (0);
-	PORT_Free (block);
-	return NULL;
-    }
-
-    return block;
-}
-
-static SECStatus
-rsa_FormatBlock(SECItem *result, unsigned modulusLen,
-		RSA_BlockType blockType, SECItem *data)
-{
-    /*
-     * XXX For now assume that the data length fits in a single
-     * XXX encryption block; the ASSERTs below force this.
-     * XXX To fix it, each case will have to loop over chunks whose
-     * XXX lengths satisfy the assertions, until all data is handled.
-     * XXX (Unless RSA has more to say about how to handle data
-     * XXX which does not fit in a single encryption block?)
-     * XXX And I do not know what the result is supposed to be,
-     * XXX so the interface to this function may need to change
-     * XXX to allow for returning multiple blocks, if they are
-     * XXX not wanted simply concatenated one after the other.
-     */
-
-    switch (blockType) {
-      case RSA_BlockPrivate0:
-      case RSA_BlockPrivate:
-      case RSA_BlockPublic:
-	/*
-	 * 0x00 || BT || Pad || 0x00 || ActualData
-	 *
-	 * The "3" below is the first octet + the second octet + the 0x00
-	 * octet that always comes just before the ActualData.
-	 */
-	PORT_Assert (data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
-
-	result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
-	if (result->data == NULL) {
-	    result->len = 0;
-	    return SECFailure;
-	}
-	result->len = modulusLen;
-
-	break;
-
-      case RSA_BlockOAEP:
-	/*
-	 * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2])
-	 *
-	 * The "2" below is the first octet + the second octet.
-	 * (The other fields do not contain the clear values, but are
-	 * the same length as the clear values.)
-	 */
-	PORT_Assert (data->len <= (modulusLen - (2 + OAEP_SALT_LEN
-						 + OAEP_PAD_LEN)));
-
-	result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
-	if (result->data == NULL) {
-	    result->len = 0;
-	    return SECFailure;
-	}
-	result->len = modulusLen;
-
-	break;
-
-      case RSA_BlockRaw:
-	/*
-	 * Pad || ActualData
-	 * Pad is zeros. The application is responsible for recovering
-	 * the actual data.
-	 */
-	if (data->len > modulusLen ) {
-	    return SECFailure;
-	}
-	result->data = (unsigned char*)PORT_ZAlloc(modulusLen);
-	result->len = modulusLen;
-	PORT_Memcpy(result->data+(modulusLen-data->len),data->data,data->len);
-	break;
-
-      default:
-	PORT_Assert (0);
-	result->data = NULL;
-	result->len = 0;
-	return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_Sign(NSSLOWKEYPrivateKey *key, 
-         unsigned char *      output, 
-	 unsigned int *       output_len,
-         unsigned int         maxOutputLen, 
-	 unsigned char *      input, 
-	 unsigned int         input_len)
-{
-    SECStatus     rv          = SECSuccess;
-    unsigned int  modulus_len = nsslowkey_PrivateModulusLen(key);
-    SECItem       formatted;
-    SECItem       unformatted;
-
-    if (maxOutputLen < modulus_len) 
-    	return SECFailure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	return SECFailure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPrivate,
-			 &unformatted);
-    if (rv != SECSuccess) 
-    	goto done;
-
-    rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
-    *output_len = modulus_len;
-
-    goto done;
-
-done:
-    if (formatted.data != NULL) 
-    	PORT_ZFree(formatted.data, modulus_len);
-    return rv;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSign(NSSLOWKEYPublicKey *key,
-              unsigned char *     sign, 
-	      unsigned int        sign_len, 
-	      unsigned char *     hash, 
-	      unsigned int        hash_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
-    unsigned int    i;
-    unsigned char * buffer;
-
-    modulus_len = nsslowkey_PublicModulusLen(key);
-    if (sign_len != modulus_len) 
-    	goto failure;
-    if (hash_len > modulus_len - 8) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
-    if (rv != SECSuccess)
-	goto loser;
-
-    /*
-     * check the padding that was used
-     */
-    if (buffer[0] != 0 || buffer[1] != 1) 
-    	goto loser;
-    for (i = 2; i < modulus_len - hash_len - 1; i++) {
-	if (buffer[i] == 0) 
-	    break;
-	if (buffer[i] != 0xff) 
-	    goto loser;
-    }
-
-    /*
-     * make sure we get the same results
-     */
-    if (PORT_Memcmp(buffer + modulus_len - hash_len, hash, hash_len) != 0)
-	goto loser;
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRecover(NSSLOWKEYPublicKey *key,
-                     unsigned char *     data,
-                     unsigned int *      data_len, 
-		     unsigned int        max_output_len, 
-		     unsigned char *     sign,
-		     unsigned int        sign_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
-    unsigned int    i;
-    unsigned char * buffer;
-
-    if (sign_len != modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
-    if (rv != SECSuccess)
-    	goto loser;
-    *data_len = 0;
-
-    /*
-     * check the padding that was used
-     */
-    if (buffer[0] != 0 || buffer[1] != 1) 
-    	goto loser;
-    for (i = 2; i < modulus_len; i++) {
-	if (buffer[i] == 0) {
-	    *data_len = modulus_len - i - 1;
-	    break;
-	}
-	if (buffer[i] != 0xff) 
-	    goto loser;
-    }
-    if (*data_len == 0) 
-    	goto loser;
-    if (*data_len > max_output_len) 
-    	goto loser;
-
-    /*
-     * make sure we get the same results
-     */
-    PORT_Memcpy(data,buffer + modulus_len - *data_len, *data_len);
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_EncryptBlock(NSSLOWKEYPublicKey *key, 
-                 unsigned char *     output, 
-		 unsigned int *      output_len,
-                 unsigned int        max_output_len, 
-		 unsigned char *     input, 
-		 unsigned int        input_len)
-{
-    SECStatus     rv;
-    unsigned int  modulus_len = nsslowkey_PublicModulusLen(key);
-    SECItem       formatted;
-    SECItem       unformatted;
-
-    formatted.data = NULL;
-    if (max_output_len < modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPublic,
-			 &unformatted);
-    if (rv != SECSuccess) 
-	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
-    if (rv != SECSuccess) 
-    	goto failure;
-
-    PORT_ZFree(formatted.data, modulus_len);
-    *output_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    if (formatted.data != NULL) 
-	PORT_ZFree(formatted.data, modulus_len);
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_DecryptBlock(NSSLOWKEYPrivateKey *key, 
-                 unsigned char *      output, 
-		 unsigned int *       output_len,
-                 unsigned int         max_output_len, 
-		 unsigned char *      input, 
-		 unsigned int         input_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PrivateModulusLen(key);
-    unsigned int    i;
-    unsigned char * buffer;
-
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-    if (input_len != modulus_len)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PrivateKeyOp(&key->u.rsa, buffer, input);
-    if (rv != SECSuccess) 
-    	goto loser;
-
-    if (buffer[0] != 0 || buffer[1] != 2) 
-    	goto loser;
-    *output_len = 0;
-    for (i = 2; i < modulus_len; i++) {
-	if (buffer[i] == 0) {
-	    *output_len = modulus_len - i - 1;
-	    break;
-	}
-    }
-    if (*output_len == 0) 
-    	goto loser;
-    if (*output_len > max_output_len) 
-    	goto loser;
-
-    PORT_Memcpy(output, buffer + modulus_len - *output_len, *output_len);
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-/*
- * added to make pkcs #11 happy
- *   RAW is RSA_X_509
- */
-SECStatus
-RSA_SignRaw(NSSLOWKEYPrivateKey *key, 
-            unsigned char *      output, 
-	    unsigned int *       output_len,
-            unsigned int         maxOutputLen, 
-	    unsigned char *      input, 
-	    unsigned int         input_len)
-{
-    SECStatus    rv          = SECSuccess;
-    unsigned int modulus_len = nsslowkey_PrivateModulusLen(key);
-    SECItem      formatted;
-    SECItem      unformatted;
-
-    if (maxOutputLen < modulus_len) 
-    	return SECFailure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	return SECFailure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
-    if (rv != SECSuccess) 
-    	goto done;
-
-    rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
-    *output_len = modulus_len;
-
-done:
-    if (formatted.data != NULL) 
-    	PORT_ZFree(formatted.data, modulus_len);
-    return rv;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRaw(NSSLOWKEYPublicKey *key,
-                 unsigned char *     sign, 
-		 unsigned int        sign_len, 
-		 unsigned char *     hash, 
-		 unsigned int        hash_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
-    unsigned char * buffer;
-
-    if (sign_len != modulus_len) 
-    	goto failure;
-    if (hash_len > modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
-    if (rv != SECSuccess)
-	goto loser;
-
-    /*
-     * make sure we get the same results
-     */
-    /* NOTE: should we verify the leading zeros? */
-    if (PORT_Memcmp(buffer + (modulus_len-hash_len), hash, hash_len) != 0)
-	goto loser;
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRecoverRaw(NSSLOWKEYPublicKey *key,
-                        unsigned char *     data,
-                        unsigned int *      data_len, 
-			unsigned int        max_output_len, 
-			unsigned char *     sign,
-			unsigned int        sign_len)
-{
-    SECStatus      rv;
-    unsigned int   modulus_len = nsslowkey_PublicModulusLen(key);
-
-    if (sign_len != modulus_len) 
-    	goto failure;
-    if (max_output_len < modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, data, sign);
-    if (rv != SECSuccess)
-	goto failure;
-
-    *data_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    return SECFailure;
-}
-
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_EncryptRaw(NSSLOWKEYPublicKey *key, 
-	       unsigned char *     output, 
-	       unsigned int *      output_len,
-               unsigned int        max_output_len, 
-	       unsigned char *     input, 
-	       unsigned int        input_len)
-{
-    SECStatus rv;
-    unsigned int  modulus_len = nsslowkey_PublicModulusLen(key);
-    SECItem       formatted;
-    SECItem       unformatted;
-
-    formatted.data = NULL;
-    if (max_output_len < modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
-    if (rv != SECSuccess)
-	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
-    if (rv != SECSuccess) 
-    	goto failure;
-
-    PORT_ZFree(formatted.data, modulus_len);
-    *output_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    if (formatted.data != NULL) 
-	PORT_ZFree(formatted.data, modulus_len);
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_DecryptRaw(NSSLOWKEYPrivateKey *key, 
-               unsigned char *      output, 
-	       unsigned int *       output_len,
-               unsigned int         max_output_len, 
-	       unsigned char *      input, 
-	       unsigned int         input_len)
-{
-    SECStatus     rv;
-    unsigned int  modulus_len = nsslowkey_PrivateModulusLen(key);
-
-    if (modulus_len <= 0) 
-    	goto failure;
-    if (modulus_len > max_output_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-    if (input_len != modulus_len) 
-    	goto failure;
-
-    rv = RSA_PrivateKeyOp(&key->u.rsa, output, input);
-    if (rv != SECSuccess)
-    	goto failure;
-
-    *output_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    return SECFailure;
-}
--- a/mozilla/security/nss/lib/softoken/softkver.c
+++ b/mozilla/security/nss/lib/softoken/softkver.c
@@ -1,56 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* Library identity and versioning */
-
-#include "nss.h"
-
-#if defined(DEBUG)
-#define _DEBUG_STRING " (debug)"
-#else
-#define _DEBUG_STRING ""
-#endif
-
-/*
- * Version information for the 'ident' and 'what commands
- *
- * NOTE: the first component of the concatenated rcsid string
- * must not end in a '$' to prevent rcs keyword substitution.
- */
-const char __nss_softokn_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING
-        "  " __DATE__ " " __TIME__ " $";
-const char __nss_softokn_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING
-        "  " __DATE__ " " __TIME__;
--- a/mozilla/security/nss/lib/softoken/softoken.h
+++ b/mozilla/security/nss/lib/softoken/softoken.h
@@ -1,164 +0,0 @@
-/*
- * softoken.h - private data structures and prototypes for the softoken lib
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: softoken.h,v 1.7 2005-03-29 18:21:18 nelsonb%netscape.com Exp $ */
-
-#ifndef _SOFTOKEN_H_
-#define _SOFTOKEN_H_
-
-#include "blapi.h"
-#include "lowkeyti.h"
-#include "softoknt.h"
-#include "secoidt.h"
-
-#include "pkcs11t.h"     /* CK_RV Required for sftk_fipsPowerUpSelfTest(). */
-
-SEC_BEGIN_PROTOS
-
-/*
-** RSA encryption/decryption. When encrypting/decrypting the output
-** buffer must be at least the size of the public key modulus.
-*/
-
-/*
-** Format some data into a PKCS#1 encryption block, preparing the
-** data for RSA encryption.
-**	"result" where the formatted block is stored (memory is allocated)
-**	"modulusLen" the size of the formatted block
-**	"blockType" what block type to use (SEC_RSABlock*)
-**	"data" the data to format
-*/
-extern SECStatus RSA_FormatBlock(SECItem *result,
-				 unsigned int modulusLen,
-				 RSA_BlockType blockType,
-				 SECItem *data);
-/*
-** Similar, but just returns a pointer to the allocated memory, *and*
-** will *only* format one block, even if we (in the future) modify
-** RSA_FormatBlock() to loop over multiples of modulusLen.
-*/
-extern unsigned char *RSA_FormatOneBlock(unsigned int modulusLen,
-					 RSA_BlockType blockType,
-					 SECItem *data);
-
-
-
-/*
- * convenience wrappers for doing single RSA operations. They create the
- * RSA context internally and take care of the formatting
- * requirements. Blinding happens automagically within RSA_SignHash and
- * RSA_DecryptBlock.
- */
-extern
-SECStatus RSA_Sign(NSSLOWKEYPrivateKey *key, unsigned char *output,
-		       unsigned int *outputLen, unsigned int maxOutputLen,
-		       unsigned char *input, unsigned int inputLen);
-extern
-SECStatus RSA_CheckSign(NSSLOWKEYPublicKey *key, unsigned char *sign,
-			    unsigned int signLength, unsigned char *hash,
-			    unsigned int hashLength);
-extern
-SECStatus RSA_CheckSignRecover(NSSLOWKEYPublicKey *key, unsigned char *data,
-    			    unsigned int *data_len,unsigned int max_output_len, 
-			    unsigned char *sign, unsigned int sign_len);
-extern
-SECStatus RSA_EncryptBlock(NSSLOWKEYPublicKey *key, unsigned char *output,
-			   unsigned int *outputLen, unsigned int maxOutputLen,
-			   unsigned char *input, unsigned int inputLen);
-extern
-SECStatus RSA_DecryptBlock(NSSLOWKEYPrivateKey *key, unsigned char *output,
-			   unsigned int *outputLen, unsigned int maxOutputLen,
-			   unsigned char *input, unsigned int inputLen);
-
-/*
- * added to make pkcs #11 happy
- *   RAW is RSA_X_509
- */
-extern
-SECStatus RSA_SignRaw( NSSLOWKEYPrivateKey *key, unsigned char *output,
-			 unsigned int *output_len, unsigned int maxOutputLen,
-			 unsigned char *input, unsigned int input_len);
-extern
-SECStatus RSA_CheckSignRaw( NSSLOWKEYPublicKey *key, unsigned char *sign, 
-			    unsigned int sign_len, unsigned char *hash, 
-			    unsigned int hash_len);
-extern
-SECStatus RSA_CheckSignRecoverRaw( NSSLOWKEYPublicKey *key, unsigned char *data,
-			    unsigned int *data_len, unsigned int max_output_len,
-			    unsigned char *sign, unsigned int sign_len);
-extern
-SECStatus RSA_EncryptRaw( NSSLOWKEYPublicKey *key, unsigned char *output,
-			    unsigned int *output_len,
-			    unsigned int max_output_len, 
-			    unsigned char *input, unsigned int input_len);
-extern
-SECStatus RSA_DecryptRaw(NSSLOWKEYPrivateKey *key, unsigned char *output,
-			     unsigned int *output_len,
-    			     unsigned int max_output_len,
-			     unsigned char *input, unsigned int input_len);
-
-/*
-** Prepare a buffer for DES encryption, growing to the appropriate boundary,
-** filling with the appropriate padding.
-** We add from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
-** The extra bytes contain the value of the length of the padding:
-** if we have 2 bytes of padding, then the padding is "0x02, 0x02".
-**
-** NOTE: If arena is non-NULL, we re-allocate from there, otherwise
-** we assume (and use) PR memory (re)allocation.
-** Maybe this belongs in util?
-*/
-extern unsigned char * DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf, 
-                                     unsigned int inlen, unsigned int *outlen);
-
-
-/****************************************/
-/*
-** Power-Up selftests required for FIPS and invoked only
-** under PKCS #11 FIPS mode.
-*/
-extern CK_RV sftk_fipsPowerUpSelfTest( void ); 
-
-/*
-** make known fixed PKCS #11 key types to their sizes in bytes
-*/	
-unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
-
-SEC_END_PROTOS
-
-#endif /* _SOFTOKEN_H_ */
--- a/mozilla/security/nss/lib/softoken/softokn.def
+++ b/mozilla/security/nss/lib/softoken/softokn.def
@@ -1,61 +0,0 @@
-;+#
-;+# ***** BEGIN LICENSE BLOCK *****
-;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-;+#
-;+# The contents of this file are subject to the Mozilla Public License Version
-;+# 1.1 (the "License"); you may not use this file except in compliance with
-;+# the License. You may obtain a copy of the License at
-;+# http://www.mozilla.org/MPL/
-;+#
-;+# Software distributed under the License is distributed on an "AS IS" basis,
-;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-;+# for the specific language governing rights and limitations under the
-;+# License.
-;+#
-;+# The Original Code is the Netscape security libraries.
-;+#
-;+# The Initial Developer of the Original Code is
-;+# Netscape Communications Corporation.
-;+# Portions created by the Initial Developer are Copyright (C) 2000
-;+# the Initial Developer. All Rights Reserved.
-;+#
-;+# Contributor(s):
-;+#   Dr Stephen Henson <stephen.henson@gemplus.com>
-;+#
-;+# Alternatively, the contents of this file may be used under the terms of
-;+# either the GNU General Public License Version 2 or later (the "GPL"), or
-;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-;+# in which case the provisions of the GPL or the LGPL are applicable instead
-;+# of those above. If you wish to allow use of your version of this file only
-;+# under the terms of either the GPL or the LGPL, and not to allow others to
-;+# use your version of this file under the terms of the MPL, indicate your
-;+# decision by deleting the provisions above and replace them with the notice
-;+# and other provisions required by the GPL or the LGPL. If you do not delete
-;+# the provisions above, a recipient may use your version of this file under
-;+# the terms of any one of the MPL, the GPL or the LGPL.
-;+#
-;+# ***** END LICENSE BLOCK *****
-;+#
-;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
-;+#   1. For all unix platforms, the string ";-"  means "remove this line"
-;+#   2. For all unix platforms, the string " DATA " will be removed from any 
-;+#	line on which it occurs.
-;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
-;+#      On AIX, lines containing ";+" will be removed.  
-;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
-;+#   5. For all unix platforms, after the above processing has taken place,
-;+#    all characters after the first ";" on the line will be removed.  
-;+#    And for AIX, the first ";" will also be removed.
-;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
-;+#   directives are hidden behind ";", ";+", and ";-"
-;+NSS_3.4 {       # NSS 3.4 release
-;+    global:
-LIBRARY softokn3 ;-
-EXPORTS ;-
-C_GetFunctionList; Make this function like a real PKCS #11 module as well
-FC_GetFunctionList;
-NSC_GetFunctionList;
-NSC_ModuleDBFunc;
-;+    local:
-;+       *;
-;+};
--- a/mozilla/security/nss/lib/softoken/softokn.rc
+++ b/mozilla/security/nss/lib/softoken/softokn.rc
@@ -1,101 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2001
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nss.h"
-#include <winver.h>
-
-#define MY_LIBNAME "softokn"
-#define MY_FILEDESCRIPTION "NSS PKCS #11 Library"
-
-#define STRINGIZE(x) #x
-#define STRINGIZE2(x) STRINGIZE(x)
-#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
-
-#ifdef _DEBUG
-#define MY_DEBUG_STR " (debug)"
-#define MY_FILEFLAGS_1 VS_FF_DEBUG
-#else
-#define MY_DEBUG_STR ""
-#define MY_FILEFLAGS_1 0x0L
-#endif
-#if NSS_BETA
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
-#else
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
-#endif
-
-#ifdef WINNT
-#define MY_FILEOS VOS_NT_WINDOWS32
-#else
-#define MY_FILEOS VOS__WINDOWS32
-#endif
-
-#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR
-
-/////////////////////////////////////////////////////////////////////////////
-//
-// Version-information resource
-//
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0
- PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0
- FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
- FILEFLAGS MY_FILEFLAGS_2
- FILEOS MY_FILEOS
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L // not used
-
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
-        BEGIN
-            VALUE "CompanyName", "Netscape Communications Corporation\0"
-            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
-            VALUE "FileVersion", NSS_VERSION "\0"
-            VALUE "InternalName", MY_INTERNAL_NAME "\0"
-            VALUE "LegalCopyright", "Copyright \251 1994-2001 Netscape Communications Corporation\0"
-            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
-            VALUE "ProductName", "Network Security Services\0"
-            VALUE "ProductVersion", NSS_VERSION "\0"
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 1200
-    END
-END
--- a/mozilla/security/nss/lib/softoken/softoknt.h
+++ b/mozilla/security/nss/lib/softoken/softoknt.h
@@ -1,64 +0,0 @@
-/*
- * softoknt.h - public data structures for the software token library
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: softoknt.h,v 1.3 2004-04-27 23:04:38 gerv%gerv.net Exp $ */
-
-#ifndef _SOFTOKNT_H_
-#define _SOFTOKNT_H_
-
-/*
- * RSA block types
- *
- * The actual values are important -- they are fixed, *not* arbitrary.
- * The explicit value assignments are not needed (because C would give
- * us those same values anyway) but are included as a reminder...
- */
-typedef enum {
-    RSA_BlockPrivate0 = 0,	/* unused, really */
-    RSA_BlockPrivate = 1,	/* pad for a private-key operation */
-    RSA_BlockPublic = 2,	/* pad for a public-key operation */
-    RSA_BlockOAEP = 3,		/* use OAEP padding */
-				/* XXX is this only for a public-key
-				   operation? If so, add "Public" */
-    RSA_BlockRaw = 4,		/* simply justify the block appropriately */
-    RSA_BlockTotal
-} RSA_BlockType;
-
-#define NSS_SOFTOKEN_DEFAULT_CHUNKSIZE   2048
-
-#endif /* _SOFTOKNT_H_ */
--- a/mozilla/security/nss/lib/softoken/tlsprf.c
+++ b/mozilla/security/nss/lib/softoken/tlsprf.c
@@ -1,337 +0,0 @@
-/* tlsprf.c - TLS Pseudo Random Function (PRF) implementation
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: tlsprf.c,v 1.5 2005-03-29 18:21:18 nelsonb%netscape.com Exp $ */
-
-#include "pkcs11i.h"
-#include "sechash.h"
-#include "alghmac.h"
-
-#define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
-
-#define PHASH_STATE_MAX_LEN 20
-
-/* TLS P_hash function */
-static SECStatus
-sftk_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label, 
-	SECItem *seed, SECItem *result, PRBool isFIPS)
-{
-    unsigned char state[PHASH_STATE_MAX_LEN];
-    unsigned char outbuf[PHASH_STATE_MAX_LEN];
-    unsigned int state_len = 0, label_len = 0, outbuf_len = 0, chunk_size;
-    unsigned int remaining;
-    unsigned char *res;
-    SECStatus status;
-    HMACContext *cx;
-    SECStatus rv = SECFailure;
-    const SECHashObject *hashObj = &SECRawHashObjects[hashType];
-
-    PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
-    PORT_Assert((seed != NULL) && (seed->data != NULL));
-    PORT_Assert((result != NULL) && (result->data != NULL));
-
-    remaining = result->len;
-    res = result->data;
-
-    if (label != NULL)
-	label_len = PORT_Strlen(label);
-
-    cx = HMAC_Create(hashObj, secret->data, secret->len, isFIPS);
-    if (cx == NULL)
-	goto loser;
-
-    /* initialize the state = A(1) = HMAC_hash(secret, seed) */
-    HMAC_Begin(cx);
-    HMAC_Update(cx, (unsigned char *)label, label_len);
-    HMAC_Update(cx, seed->data, seed->len);
-    status = HMAC_Finish(cx, state, &state_len, PHASH_STATE_MAX_LEN);
-    if (status != SECSuccess)
-	goto loser;
-
-    /* generate a block at a time until we're done */
-    while (remaining > 0) {
-
-	HMAC_Begin(cx);
-	HMAC_Update(cx, state, state_len);
-	if (label_len)
-	    HMAC_Update(cx, (unsigned char *)label, label_len);
-	HMAC_Update(cx, seed->data, seed->len);
-	status = HMAC_Finish(cx, outbuf, &outbuf_len, PHASH_STATE_MAX_LEN);
-	if (status != SECSuccess)
-	    goto loser;
-
-        /* Update the state = A(i) = HMAC_hash(secret, A(i-1)) */
-	HMAC_Begin(cx); 
-	HMAC_Update(cx, state, state_len); 
-	status = HMAC_Finish(cx, state, &state_len, PHASH_STATE_MAX_LEN);
-	if (status != SECSuccess)
-	    goto loser;
-
-	chunk_size = PR_MIN(outbuf_len, remaining);
-	PORT_Memcpy(res, &outbuf, chunk_size);
-	res += chunk_size;
-	remaining -= chunk_size;
-    }
-
-    rv = SECSuccess;
-
-loser:
-    /* if (cx) HMAC_Destroy(cx); */
-    /* clear out state so it's not left on the stack */
-    if (cx) HMAC_Destroy(cx);
-    PORT_Memset(state, 0, sizeof(state));
-    PORT_Memset(outbuf, 0, sizeof(outbuf));
-    return rv;
-}
-
-SECStatus
-sftk_PRF(const SECItem *secret, const char *label, SECItem *seed, 
-         SECItem *result, PRBool isFIPS)
-{
-    SECStatus rv = SECFailure, status;
-    unsigned int i;
-    SECItem tmp = { siBuffer, NULL, 0};
-    SECItem S1;
-    SECItem S2;
-
-    PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
-    PORT_Assert((seed != NULL) && (seed->data != NULL));
-    PORT_Assert((result != NULL) && (result->data != NULL));
-
-    S1.type = siBuffer;
-    S1.len  = (secret->len / 2) + (secret->len & 1);
-    S1.data = secret->data;
-
-    S2.type = siBuffer;
-    S2.len  = S1.len;
-    S2.data = secret->data + (secret->len - S2.len);
-
-    tmp.data = (unsigned char*)PORT_Alloc(result->len);
-    if (tmp.data == NULL)
-	goto loser;
-    tmp.len = result->len;
-
-    status = sftk_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS);
-    if (status != SECSuccess)
-	goto loser;
-
-    status = sftk_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS);
-    if (status != SECSuccess)
-	goto loser;
-
-    for (i = 0; i < result->len; i++)
-	result->data[i] ^= tmp.data[i];
-
-    rv = SECSuccess;
-
-loser:
-    if (tmp.data != NULL)
-	PORT_ZFree(tmp.data, tmp.len);
-    return rv;
-}
-
-static void sftk_TLSPRFNull(void *data, PRBool freeit)
-{
-    return;
-} 
-
-typedef struct {
-    PRUint32	   cxSize;	/* size of allocated block, in bytes.        */
-    PRUint32       cxBufSize;   /* sizeof buffer at cxBufPtr.                */
-    unsigned char *cxBufPtr;	/* points to real buffer, may be cxBuf.      */
-    PRUint32	   cxKeyLen;	/* bytes of cxBufPtr containing key.         */
-    PRUint32	   cxDataLen;	/* bytes of cxBufPtr containing data.        */
-    SECStatus	   cxRv;	/* records failure of void functions.        */
-    PRBool	   cxIsFIPS;	/* true if conforming to FIPS 198.           */
-    unsigned char  cxBuf[512];	/* actual size may be larger than 512.       */
-} TLSPRFContext;
-
-static void
-sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, 
-                        unsigned int data_len)
-{
-    PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen;
-
-    if (cx->cxRv != SECSuccess)	/* function has previously failed. */
-    	return;
-    if (bytesUsed + data_len > cx->cxBufSize) {
-	/* We don't use realloc here because 
-	** (a) realloc doesn't zero out the old block, and 
-	** (b) if realloc fails, we lose the old block.
-	*/
-	PRUint32 newBufSize = bytesUsed + data_len + 512;
-    	unsigned char * newBuf = (unsigned char *)PORT_Alloc(newBufSize);
-	if (!newBuf) {
-	   cx->cxRv = SECFailure;
-	   return;
-	}
-	PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed);
-	if (cx->cxBufPtr != cx->cxBuf) {
-	    PORT_ZFree(cx->cxBufPtr, bytesUsed);
-	}
-	cx->cxBufPtr  = newBuf;
-	cx->cxBufSize = newBufSize;
-    }
-    PORT_Memcpy(cx->cxBufPtr + bytesUsed, data, data_len);
-    cx->cxDataLen += data_len;
-}
-
-static void 
-sftk_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout,
-	 unsigned int *pDigestLen, unsigned int maxDigestLen)
-{
-    *pDigestLen = 0; /* tells Verify that no data has been input yet. */
-}
-
-/* Compute the PRF values from the data previously input. */
-static SECStatus
-sftk_TLSPRFUpdate(TLSPRFContext *cx, 
-                  unsigned char *sig,		/* output goes here. */
-		  unsigned int * sigLen, 	/* how much output.  */
-		  unsigned int   maxLen, 	/* output buffer size */
-		  unsigned char *hash, 		/* unused. */
-		  unsigned int   hashLen)	/* unused. */
-{
-    SECStatus rv;
-    SECItem sigItem;
-    SECItem seedItem;
-    SECItem secretItem;
-
-    if (cx->cxRv != SECSuccess)
-    	return cx->cxRv;
-
-    secretItem.data = cx->cxBufPtr;
-    secretItem.len  = cx->cxKeyLen;
-
-    seedItem.data = cx->cxBufPtr + cx->cxKeyLen;
-    seedItem.len  = cx->cxDataLen;
-
-    sigItem.data = sig;
-    sigItem.len  = maxLen;
-
-    rv = sftk_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS);
-    if (rv == SECSuccess && sigLen != NULL)
-    	*sigLen = sigItem.len;
-    return rv;
-
-}
-
-static SECStatus
-sftk_TLSPRFVerify(TLSPRFContext *cx, 
-                  unsigned char *sig, 		/* input, for comparison. */
-		  unsigned int   sigLen,	/* length of sig.         */
-		  unsigned char *hash, 		/* data to be verified.   */
-		  unsigned int   hashLen)	/* size of hash data.     */
-{
-    unsigned char * tmp    = (unsigned char *)PORT_Alloc(sigLen);
-    unsigned int    tmpLen = sigLen;
-    SECStatus       rv;
-
-    if (!tmp)
-    	return SECFailure;
-    if (hashLen) {
-    	/* hashLen is non-zero when the user does a one-step verify.
-	** In this case, none of the data has been input yet.
-	*/
-    	sftk_TLSPRFHashUpdate(cx, hash, hashLen);
-    }
-    rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
-    if (rv == SECSuccess) {
-    	rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
-    }
-    PORT_ZFree(tmp, sigLen);
-    return rv;
-}
-
-static void
-sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
-{
-    if (freeit) {
-	if (cx->cxBufPtr != cx->cxBuf) 
-	    PORT_ZFree(cx->cxBufPtr, cx->cxBufSize);
-	PORT_ZFree(cx, cx->cxSize);
-    }
-}
-
-CK_RV
-sftk_TLSPRFInit(SFTKSessionContext *context, 
-		  SFTKObject *        key, 
-		  CK_KEY_TYPE         key_type)
-{
-    SFTKAttribute * keyVal;
-    TLSPRFContext * prf_cx;
-    CK_RV           crv = CKR_HOST_MEMORY;
-    PRUint32        keySize;
-    PRUint32        blockSize;
-
-    if (key_type != CKK_GENERIC_SECRET)
-    	return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */
-
-    context->multi = PR_TRUE;
-
-    keyVal = sftk_FindAttribute(key, CKA_VALUE);
-    keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen;
-    blockSize = keySize + sizeof(TLSPRFContext);
-    prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize);
-    if (!prf_cx) 
-    	goto done;
-    prf_cx->cxSize    = blockSize;
-    prf_cx->cxKeyLen  = keySize;
-    prf_cx->cxDataLen = 0;
-    prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf);
-    prf_cx->cxRv      = SECSuccess;
-    prf_cx->cxIsFIPS  = (key->slot->slotID == FIPS_SLOT_ID);
-    prf_cx->cxBufPtr  = prf_cx->cxBuf;
-    if (keySize)
-	PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize);
-
-    context->hashInfo    = (void *) prf_cx;
-    context->cipherInfo  = (void *) prf_cx;
-    context->hashUpdate  = (SFTKHash)    sftk_TLSPRFHashUpdate;
-    context->end         = (SFTKEnd)     sftk_TLSPRFEnd;
-    context->update      = (SFTKCipher)  sftk_TLSPRFUpdate;
-    context->verify      = (SFTKVerify)  sftk_TLSPRFVerify;
-    context->destroy     = (SFTKDestroy) sftk_TLSPRFNull;
-    context->hashdestroy = (SFTKDestroy) sftk_TLSPRFHashDestroy;
-    crv = CKR_OK;
-
-done:
-    if (keyVal) 
-	sftk_FreeAttribute(keyVal);
-    return crv;
-}
-
--- a/mozilla/security/nss/lib/sqlite/Makefile
+++ b/mozilla/security/nss/lib/sqlite/Makefile
@@ -1,78 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-include config.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
--- a/mozilla/security/nss/lib/sqlite/alter.c
+++ b/mozilla/security/nss/lib/sqlite/alter.c
@@ -1,553 +0,0 @@
-/*
-** 2005 February 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains C code routines that used to generate VDBE code
-** that implements the ALTER TABLE command.
-**
-** $Id: alter.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include <ctype.h>
-
-/*
-** The code in this file only exists if we are not omitting the
-** ALTER TABLE logic from the build.
-*/
-#ifndef SQLITE_OMIT_ALTERTABLE
-
-
-/*
-** This function is used by SQL generated to implement the 
-** ALTER TABLE command. The first argument is the text of a CREATE TABLE or
-** CREATE INDEX command. The second is a table name. The table name in 
-** the CREATE TABLE or CREATE INDEX statement is replaced with the second
-** argument and the result returned. Examples:
-**
-** sqlite_rename_table('CREATE TABLE abc(a, b, c)', 'def')
-**     -> 'CREATE TABLE def(a, b, c)'
-**
-** sqlite_rename_table('CREATE INDEX i ON abc(a)', 'def')
-**     -> 'CREATE INDEX i ON def(a, b, c)'
-*/
-static void renameTableFunc(
-  sqlite3_context *context,
-  int argc,
-  sqlite3_value **argv
-){
-  unsigned char const *zSql = sqlite3_value_text(argv[0]);
-  unsigned char const *zTableName = sqlite3_value_text(argv[1]);
-
-  int token;
-  Token tname;
-  char const *zCsr = zSql;
-  int len = 0;
-  char *zRet;
-
-  /* The principle used to locate the table name in the CREATE TABLE 
-  ** statement is that the table name is the first token that is immediatedly
-  ** followed by a left parenthesis - TK_LP.
-  */
-  if( zSql ){
-    do {
-      /* Store the token that zCsr points to in tname. */
-      tname.z = zCsr;
-      tname.n = len;
-
-      /* Advance zCsr to the next token. Store that token type in 'token',
-      ** and it's length in 'len' (to be used next iteration of this loop).
-      */
-      do {
-        zCsr += len;
-        len = sqlite3GetToken(zCsr, &token);
-      } while( token==TK_SPACE );
-      assert( len>0 );
-    } while( token!=TK_LP );
-
-    zRet = sqlite3MPrintf("%.*s%Q%s", tname.z - zSql, zSql, 
-       zTableName, tname.z+tname.n);
-    sqlite3_result_text(context, zRet, -1, sqlite3FreeX);
-  }
-}
-
-#ifndef SQLITE_OMIT_TRIGGER
-/* This function is used by SQL generated to implement the ALTER TABLE
-** ALTER TABLE command. The first argument is the text of a CREATE TRIGGER 
-** statement. The second is a table name. The table name in the CREATE 
-** TRIGGER statement is replaced with the second argument and the result 
-** returned. This is analagous to renameTableFunc() above, except for CREATE
-** TRIGGER, not CREATE INDEX and CREATE TABLE.
-*/
-static void renameTriggerFunc(
-  sqlite3_context *context,
-  int argc,
-  sqlite3_value **argv
-){
-  unsigned char const *zSql = sqlite3_value_text(argv[0]);
-  unsigned char const *zTableName = sqlite3_value_text(argv[1]);
-
-  int token;
-  Token tname;
-  int dist = 3;
-  char const *zCsr = zSql;
-  int len = 0;
-  char *zRet;
-
-  /* The principle used to locate the table name in the CREATE TRIGGER 
-  ** statement is that the table name is the first token that is immediatedly
-  ** preceded by either TK_ON or TK_DOT and immediatedly followed by one
-  ** of TK_WHEN, TK_BEGIN or TK_FOR.
-  */
-  if( zSql ){
-    do {
-      /* Store the token that zCsr points to in tname. */
-      tname.z = zCsr;
-      tname.n = len;
-
-      /* Advance zCsr to the next token. Store that token type in 'token',
-      ** and it's length in 'len' (to be used next iteration of this loop).
-      */
-      do {
-        zCsr += len;
-        len = sqlite3GetToken(zCsr, &token);
-      }while( token==TK_SPACE );
-      assert( len>0 );
-
-      /* Variable 'dist' stores the number of tokens read since the most
-      ** recent TK_DOT or TK_ON. This means that when a WHEN, FOR or BEGIN 
-      ** token is read and 'dist' equals 2, the condition stated above
-      ** to be met.
-      **
-      ** Note that ON cannot be a database, table or column name, so
-      ** there is no need to worry about syntax like 
-      ** "CREATE TRIGGER ... ON ON.ON BEGIN ..." etc.
-      */
-      dist++;
-      if( token==TK_DOT || token==TK_ON ){
-        dist = 0;
-      }
-    } while( dist!=2 || (token!=TK_WHEN && token!=TK_FOR && token!=TK_BEGIN) );
-
-    /* Variable tname now contains the token that is the old table-name
-    ** in the CREATE TRIGGER statement.
-    */
-    zRet = sqlite3MPrintf("%.*s%Q%s", tname.z - zSql, zSql, 
-       zTableName, tname.z+tname.n);
-    sqlite3_result_text(context, zRet, -1, sqlite3FreeX);
-  }
-}
-#endif   /* !SQLITE_OMIT_TRIGGER */
-
-/*
-** Register built-in functions used to help implement ALTER TABLE
-*/
-void sqlite3AlterFunctions(sqlite3 *db){
-  static const struct {
-     char *zName;
-     signed char nArg;
-     void (*xFunc)(sqlite3_context*,int,sqlite3_value **);
-  } aFuncs[] = {
-    { "sqlite_rename_table",    2, renameTableFunc},
-#ifndef SQLITE_OMIT_TRIGGER
-    { "sqlite_rename_trigger",  2, renameTriggerFunc},
-#endif
-  };
-  int i;
-
-  for(i=0; i<sizeof(aFuncs)/sizeof(aFuncs[0]); i++){
-    sqlite3_create_function(db, aFuncs[i].zName, aFuncs[i].nArg,
-        SQLITE_UTF8, 0, aFuncs[i].xFunc, 0, 0);
-  }
-}
-
-/*
-** Generate the text of a WHERE expression which can be used to select all
-** temporary triggers on table pTab from the sqlite_temp_master table. If
-** table pTab has no temporary triggers, or is itself stored in the 
-** temporary database, NULL is returned.
-*/
-static char *whereTempTriggers(Parse *pParse, Table *pTab){
-  Trigger *pTrig;
-  char *zWhere = 0;
-  char *tmp = 0;
-  if( pTab->iDb!=1 ){
-    for( pTrig=pTab->pTrigger; pTrig; pTrig=pTrig->pNext ){
-      if( pTrig->iDb==1 ){
-        if( !zWhere ){
-          zWhere = sqlite3MPrintf("name=%Q", pTrig->name);
-        }else{
-          tmp = zWhere;
-          zWhere = sqlite3MPrintf("%s OR name=%Q", zWhere, pTrig->name);
-          sqliteFree(tmp);
-        }
-      }
-    }
-  }
-  return zWhere;
-}
-
-/*
-** Generate code to drop and reload the internal representation of table
-** pTab from the database, including triggers and temporary triggers.
-** Argument zName is the name of the table in the database schema at
-** the time the generated code is executed. This can be different from
-** pTab->zName if this function is being called to code part of an 
-** "ALTER TABLE RENAME TO" statement.
-*/
-static void reloadTableSchema(Parse *pParse, Table *pTab, const char *zName){
-  Vdbe *v;
-  char *zWhere;
-  int iDb;
-#ifndef SQLITE_OMIT_TRIGGER
-  Trigger *pTrig;
-#endif
-
-  v = sqlite3GetVdbe(pParse);
-  if( !v ) return;
-  iDb = pTab->iDb;
-
-#ifndef SQLITE_OMIT_TRIGGER
-  /* Drop any table triggers from the internal schema. */
-  for(pTrig=pTab->pTrigger; pTrig; pTrig=pTrig->pNext){
-    assert( pTrig->iDb==iDb || pTrig->iDb==1 );
-    sqlite3VdbeOp3(v, OP_DropTrigger, pTrig->iDb, 0, pTrig->name, 0);
-  }
-#endif
-
-  /* Drop the table and index from the internal schema */
-  sqlite3VdbeOp3(v, OP_DropTable, iDb, 0, pTab->zName, 0);
-
-  /* Reload the table, index and permanent trigger schemas. */
-  zWhere = sqlite3MPrintf("tbl_name=%Q", zName);
-  if( !zWhere ) return;
-  sqlite3VdbeOp3(v, OP_ParseSchema, iDb, 0, zWhere, P3_DYNAMIC);
-
-#ifndef SQLITE_OMIT_TRIGGER
-  /* Now, if the table is not stored in the temp database, reload any temp 
-  ** triggers. Don't use IN(...) in case SQLITE_OMIT_SUBQUERY is defined. 
-  */
-  if( (zWhere=whereTempTriggers(pParse, pTab)) ){
-    sqlite3VdbeOp3(v, OP_ParseSchema, 1, 0, zWhere, P3_DYNAMIC);
-  }
-#endif
-}
-
-/*
-** Generate code to implement the "ALTER TABLE xxx RENAME TO yyy" 
-** command. 
-*/
-void sqlite3AlterRenameTable(
-  Parse *pParse,            /* Parser context. */
-  SrcList *pSrc,            /* The table to rename. */
-  Token *pName              /* The new table name. */
-){
-  int iDb;                  /* Database that contains the table */
-  char *zDb;                /* Name of database iDb */
-  Table *pTab;              /* Table being renamed */
-  char *zName = 0;          /* NULL-terminated version of pName */ 
-  sqlite3 *db = pParse->db; /* Database connection */
-  Vdbe *v;
-#ifndef SQLITE_OMIT_TRIGGER
-  char *zWhere = 0;         /* Where clause to locate temp triggers */
-#endif
-  
-  assert( pSrc->nSrc==1 );
-
-  pTab = sqlite3LocateTable(pParse, pSrc->a[0].zName, pSrc->a[0].zDatabase);
-  if( !pTab ) goto exit_rename_table;
-  iDb = pTab->iDb;
-  zDb = db->aDb[iDb].zName;
-
-  /* Get a NULL terminated version of the new table name. */
-  zName = sqlite3NameFromToken(pName);
-  if( !zName ) goto exit_rename_table;
-
-  /* Check that a table or index named 'zName' does not already exist
-  ** in database iDb. If so, this is an error.
-  */
-  if( sqlite3FindTable(db, zName, zDb) || sqlite3FindIndex(db, zName, zDb) ){
-    sqlite3ErrorMsg(pParse, 
-        "there is already another table or index with this name: %s", zName);
-    goto exit_rename_table;
-  }
-
-  /* Make sure it is not a system table being altered, or a reserved name
-  ** that the table is being renamed to.
-  */
-  if( strlen(pTab->zName)>6 && 0==sqlite3StrNICmp(pTab->zName, "sqlite_", 7) ){
-    sqlite3ErrorMsg(pParse, "table %s may not be altered", pTab->zName);
-    goto exit_rename_table;
-  }
-  if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){
-    goto exit_rename_table;
-  }
-
-#ifndef SQLITE_OMIT_AUTHORIZATION
-  /* Invoke the authorization callback. */
-  if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){
-    goto exit_rename_table;
-  }
-#endif
-
-  /* Begin a transaction and code the VerifyCookie for database iDb. 
-  ** Then modify the schema cookie (since the ALTER TABLE modifies the
-  ** schema).
-  */
-  v = sqlite3GetVdbe(pParse);
-  if( v==0 ){
-    goto exit_rename_table;
-  }
-  sqlite3BeginWriteOperation(pParse, 0, iDb);
-  sqlite3ChangeCookie(db, v, iDb);
-
-  /* Modify the sqlite_master table to use the new table name. */
-  sqlite3NestedParse(pParse,
-      "UPDATE %Q.%s SET "
-#ifdef SQLITE_OMIT_TRIGGER
-          "sql = sqlite_rename_table(sql, %Q), "
-#else
-          "sql = CASE "
-            "WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)"
-            "ELSE sqlite_rename_table(sql, %Q) END, "
-#endif
-          "tbl_name = %Q, "
-          "name = CASE "
-            "WHEN type='table' THEN %Q "
-            "WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN "
-              "'sqlite_autoindex_' || %Q || substr(name, %d+18,10) "
-            "ELSE name END "
-      "WHERE tbl_name=%Q AND "
-          "(type='table' OR type='index' OR type='trigger');", 
-      zDb, SCHEMA_TABLE(iDb), zName, zName, zName, 
-#ifndef SQLITE_OMIT_TRIGGER
-      zName,
-#endif
-      zName, strlen(pTab->zName), pTab->zName
-  );
-
-#ifndef SQLITE_OMIT_AUTOINCREMENT
-  /* If the sqlite_sequence table exists in this database, then update 
-  ** it with the new table name.
-  */
-  if( sqlite3FindTable(db, "sqlite_sequence", zDb) ){
-    sqlite3NestedParse(pParse,
-        "UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q",
-        zDb, zName, pTab->zName);
-  }
-#endif
-
-#ifndef SQLITE_OMIT_TRIGGER
-  /* If there are TEMP triggers on this table, modify the sqlite_temp_master
-  ** table. Don't do this if the table being ALTERed is itself located in
-  ** the temp database.
-  */
-  if( (zWhere=whereTempTriggers(pParse, pTab)) ){
-    sqlite3NestedParse(pParse, 
-        "UPDATE sqlite_temp_master SET "
-            "sql = sqlite_rename_trigger(sql, %Q), "
-            "tbl_name = %Q "
-            "WHERE %s;", zName, zName, zWhere);
-    sqliteFree(zWhere);
-  }
-#endif
-
-  /* Drop and reload the internal table schema. */
-  reloadTableSchema(pParse, pTab, zName);
-
-exit_rename_table:
-  sqlite3SrcListDelete(pSrc);
-  sqliteFree(zName);
-}
-
-
-/*
-** This function is called after an "ALTER TABLE ... ADD" statement
-** has been parsed. Argument pColDef contains the text of the new
-** column definition.
-**
-** The Table structure pParse->pNewTable was extended to include
-** the new column during parsing.
-*/
-void sqlite3AlterFinishAddColumn(Parse *pParse, Token *pColDef){
-  Table *pNew;              /* Copy of pParse->pNewTable */
-  Table *pTab;              /* Table being altered */
-  int iDb;                  /* Database number */
-  const char *zDb;          /* Database name */
-  const char *zTab;         /* Table name */
-  char *zCol;               /* Null-terminated column definition */
-  Column *pCol;             /* The new column */
-  Expr *pDflt;              /* Default value for the new column */
-  Vdbe *v;
-
-  if( pParse->nErr ) return;
-  pNew = pParse->pNewTable;
-  assert( pNew );
-
-  iDb = pNew->iDb;
-  zDb = pParse->db->aDb[iDb].zName;
-  zTab = pNew->zName;
-  pCol = &pNew->aCol[pNew->nCol-1];
-  pDflt = pCol->pDflt;
-  pTab = sqlite3FindTable(pParse->db, zTab, zDb);
-  assert( pTab );
-
-  /* If the default value for the new column was specified with a 
-  ** literal NULL, then set pDflt to 0. This simplifies checking
-  ** for an SQL NULL default below.
-  */
-  if( pDflt && pDflt->op==TK_NULL ){
-    pDflt = 0;
-  }
-
-  /* Check that the new column is not specified as PRIMARY KEY or UNIQUE.
-  ** If there is a NOT NULL constraint, then the default value for the
-  ** column must not be NULL.
-  */
-  if( pCol->isPrimKey ){
-    sqlite3ErrorMsg(pParse, "Cannot add a PRIMARY KEY column");
-    return;
-  }
-  if( pNew->pIndex ){
-    sqlite3ErrorMsg(pParse, "Cannot add a UNIQUE column");
-    return;
-  }
-  if( pCol->notNull && !pDflt ){
-    sqlite3ErrorMsg(pParse, 
-        "Cannot add a NOT NULL column with default value NULL");
-    return;
-  }
-
-  /* Ensure the default expression is something that sqlite3ValueFromExpr()
-  ** can handle (i.e. not CURRENT_TIME etc.)
-  */
-  if( pDflt ){
-    sqlite3_value *pVal;
-    if( sqlite3ValueFromExpr(pDflt, SQLITE_UTF8, SQLITE_AFF_NONE, &pVal) ){
-      /* malloc() has failed */
-      return;
-    }
-    if( !pVal ){
-      sqlite3ErrorMsg(pParse, "Cannot add a column with non-constant default");
-      return;
-    }
-    sqlite3ValueFree(pVal);
-  }
-
-  /* Modify the CREATE TABLE statement. */
-  zCol = sqliteStrNDup(pColDef->z, pColDef->n);
-  if( zCol ){
-    char *zEnd = &zCol[pColDef->n-1];
-    while( (zEnd>zCol && *zEnd==';') || isspace(*(unsigned char *)zEnd) ){
-      *zEnd-- = '\0';
-    }
-    sqlite3NestedParse(pParse, 
-        "UPDATE %Q.%s SET "
-          "sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d,length(sql)) "
-        "WHERE type = 'table' AND name = %Q", 
-      zDb, SCHEMA_TABLE(iDb), pNew->addColOffset, zCol, pNew->addColOffset+1,
-      zTab
-    );
-    sqliteFree(zCol);
-  }
-
-  /* If the default value of the new column is NULL, then set the file
-  ** format to 2. If the default value of the new column is not NULL,
-  ** the file format becomes 3.
-  */
-  if( (v=sqlite3GetVdbe(pParse)) ){
-    int f = (pDflt?3:2);
-
-    /* Only set the file format to $f if it is currently less than $f. */
-    sqlite3VdbeAddOp(v, OP_ReadCookie, iDb, 1);
-    sqlite3VdbeAddOp(v, OP_Integer, f, 0);
-    sqlite3VdbeAddOp(v, OP_Ge, 0, sqlite3VdbeCurrentAddr(v)+3);
-    sqlite3VdbeAddOp(v, OP_Integer, f, 0);
-    sqlite3VdbeAddOp(v, OP_SetCookie, iDb, 1);
-  }
-
-  /* Reload the schema of the modified table. */
-  reloadTableSchema(pParse, pTab, pTab->zName);
-}
-
-
-/*
-** This function is called by the parser after the table-name in
-** an "ALTER TABLE <table-name> ADD" statement is parsed. Argument 
-** pSrc is the full-name of the table being altered.
-**
-** This routine makes a (partial) copy of the Table structure
-** for the table being altered and sets Parse.pNewTable to point
-** to it. Routines called by the parser as the column definition
-** is parsed (i.e. sqlite3AddColumn()) add the new Column data to 
-** the copy. The copy of the Table structure is deleted by tokenize.c 
-** after parsing is finished.
-**
-** Routine sqlite3AlterFinishAddColumn() will be called to complete
-** coding the "ALTER TABLE ... ADD" statement.
-*/
-void sqlite3AlterBeginAddColumn(Parse *pParse, SrcList *pSrc){
-  Table *pNew;
-  Table *pTab;
-  Vdbe *v;
-  int iDb;
-  int i;
-  int nAlloc;
-
-  /* Look up the table being altered. */
-  assert( !pParse->pNewTable );
-  pTab = sqlite3LocateTable(pParse, pSrc->a[0].zName, pSrc->a[0].zDatabase);
-  if( !pTab ) goto exit_begin_add_column;
-
-  /* Make sure this is not an attempt to ALTER a view. */
-  if( pTab->pSelect ){
-    sqlite3ErrorMsg(pParse, "Cannot add a column to a view");
-    goto exit_begin_add_column;
-  }
-
-  assert( pTab->addColOffset>0 );
-  iDb = pTab->iDb;
-
-  /* Put a copy of the Table struct in Parse.pNewTable for the
-  ** sqlite3AddColumn() function and friends to modify.
-  */
-  pNew = (Table *)sqliteMalloc(sizeof(Table));
-  if( !pNew ) goto exit_begin_add_column;
-  pParse->pNewTable = pNew;
-  pNew->nCol = pTab->nCol;
-  assert( pNew->nCol>0 );
-  nAlloc = (((pNew->nCol-1)/8)*8)+8;
-  assert( nAlloc>=pNew->nCol && nAlloc%8==0 && nAlloc-pNew->nCol<8 );
-  pNew->aCol = (Column *)sqliteMalloc(sizeof(Column)*nAlloc);
-  pNew->zName = sqliteStrDup(pTab->zName);
-  if( !pNew->aCol || !pNew->zName ){
-    goto exit_begin_add_column;
-  }
-  memcpy(pNew->aCol, pTab->aCol, sizeof(Column)*pNew->nCol);
-  for(i=0; i<pNew->nCol; i++){
-    Column *pCol = &pNew->aCol[i];
-    pCol->zName = sqliteStrDup(pCol->zName);
-    pCol->zType = 0;
-    pCol->pDflt = 0;
-  }
-  pNew->iDb = iDb;
-  pNew->addColOffset = pTab->addColOffset;
-  pNew->nRef = 1;
-
-  /* Begin a transaction and increment the schema cookie.  */
-  sqlite3BeginWriteOperation(pParse, 0, iDb);
-  v = sqlite3GetVdbe(pParse);
-  if( !v ) goto exit_begin_add_column;
-  sqlite3ChangeCookie(pParse->db, v, iDb);
-
-exit_begin_add_column:
-  sqlite3SrcListDelete(pSrc);
-  return;
-}
-#endif  /* SQLITE_ALTER_TABLE */
--- a/mozilla/security/nss/lib/sqlite/attach.c
+++ b/mozilla/security/nss/lib/sqlite/attach.c
@@ -1,352 +0,0 @@
-/*
-** 2003 April 6
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains code used to implement the ATTACH and DETACH commands.
-**
-** $Id: attach.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-
-/*
-** This routine is called by the parser to process an ATTACH statement:
-**
-**     ATTACH DATABASE filename AS dbname
-**
-** The pFilename and pDbname arguments are the tokens that define the
-** filename and dbname in the ATTACH statement.
-*/
-void sqlite3Attach(
-  Parse *pParse,       /* The parser context */
-  Token *pFilename,    /* Name of database file */
-  Token *pDbname,      /* Name of the database to use internally */
-  int keyType,         /* 0: no key.  1: TEXT,  2: BLOB */
-  Token *pKey          /* Text of the key for keytype 1 and 2 */
-){
-  Db *aNew;
-  int rc, i;
-  char *zFile = 0;
-  char *zName = 0;
-  sqlite3 *db;
-  Vdbe *v;
-
-  v = sqlite3GetVdbe(pParse);
-  if( !v ) return;
-  sqlite3VdbeAddOp(v, OP_Expire, 1, 0);
-  sqlite3VdbeAddOp(v, OP_Halt, 0, 0);
-  if( pParse->explain ) return;
-  db = pParse->db;
-  if( db->nDb>=MAX_ATTACHED+2 ){
-    sqlite3ErrorMsg(pParse, "too many attached databases - max %d", 
-       MAX_ATTACHED);
-    pParse->rc = SQLITE_ERROR;
-    return;
-  }
-
-  if( !db->autoCommit ){
-    sqlite3ErrorMsg(pParse, "cannot ATTACH database within transaction");
-    pParse->rc = SQLITE_ERROR;
-    return;
-  }
-
-  zFile = sqlite3NameFromToken(pFilename);
-  if( zFile==0 ){
-    goto attach_end;
-  }
-#ifndef SQLITE_OMIT_AUTHORIZATION
-  if( sqlite3AuthCheck(pParse, SQLITE_ATTACH, zFile, 0, 0)!=SQLITE_OK ){
-    goto attach_end;
-  }
-#endif /* SQLITE_OMIT_AUTHORIZATION */
-
-  zName = sqlite3NameFromToken(pDbname);
-  if( zName==0 ){
-    goto attach_end;
-  }
-  for(i=0; i<db->nDb; i++){
-    char *z = db->aDb[i].zName;
-    if( z && sqlite3StrICmp(z, zName)==0 ){
-      sqlite3ErrorMsg(pParse, "database %s is already in use", zName);
-      pParse->rc = SQLITE_ERROR;
-      goto attach_end;
-    }
-  }
-
-  if( db->aDb==db->aDbStatic ){
-    aNew = sqliteMalloc( sizeof(db->aDb[0])*3 );
-    if( aNew==0 ){
-      goto attach_end;
-    }
-    memcpy(aNew, db->aDb, sizeof(db->aDb[0])*2);
-  }else{
-    aNew = sqliteRealloc(db->aDb, sizeof(db->aDb[0])*(db->nDb+1) );
-    if( aNew==0 ){
-      goto attach_end;
-    } 
-  }
-  db->aDb = aNew;
-  aNew = &db->aDb[db->nDb++];
-  memset(aNew, 0, sizeof(*aNew));
-  sqlite3HashInit(&aNew->tblHash, SQLITE_HASH_STRING, 0);
-  sqlite3HashInit(&aNew->idxHash, SQLITE_HASH_STRING, 0);
-  sqlite3HashInit(&aNew->trigHash, SQLITE_HASH_STRING, 0);
-  sqlite3HashInit(&aNew->aFKey, SQLITE_HASH_STRING, 1);
-  aNew->zName = zName;
-  zName = 0;
-  aNew->safety_level = 3;
-  rc = sqlite3BtreeFactory(db, zFile, 0, MAX_PAGES, &aNew->pBt);
-  if( rc ){
-    sqlite3ErrorMsg(pParse, "unable to open database: %s", zFile);
-  }
-#if SQLITE_HAS_CODEC
-  {
-    extern int sqlite3CodecAttach(sqlite3*, int, void*, int);
-    char *zKey;
-    int nKey;
-    if( keyType==0 ){
-      /* No key specified.  Use the key from the main database */
-      extern void sqlite3CodecGetKey(sqlite3*, int, void**, int*);
-      sqlite3CodecGetKey(db, 0, (void**)&zKey, &nKey);
-    }else if( keyType==1 ){
-      /* Key specified as text */
-      zKey = sqlite3NameFromToken(pKey);
-      nKey = strlen(zKey);
-    }else{
-      /* Key specified as a BLOB */
-      char *zTemp;
-      assert( keyType==2 );
-      pKey->z++;
-      pKey->n--;
-      zTemp = sqlite3NameFromToken(pKey);
-      zKey = sqlite3HexToBlob(zTemp);
-      sqliteFree(zTemp);
-    }
-    sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
-    if( keyType ){
-      sqliteFree(zKey);
-    }
-  }
-#endif
-  db->flags &= ~SQLITE_Initialized;
-  if( pParse->nErr==0 && rc==SQLITE_OK ){
-    rc = sqlite3ReadSchema(pParse);
-  }
-  if( rc ){
-    int i = db->nDb - 1;
-    assert( i>=2 );
-    if( db->aDb[i].pBt ){
-      sqlite3BtreeClose(db->aDb[i].pBt);
-      db->aDb[i].pBt = 0;
-    }
-    sqlite3ResetInternalSchema(db, 0);
-    if( 0==pParse->nErr ){
-      pParse->nErr++;
-      pParse->rc = SQLITE_ERROR;
-    }
-  }
-
-attach_end:
-  sqliteFree(zFile);
-  sqliteFree(zName);
-}
-
-/*
-** This routine is called by the parser to process a DETACH statement:
-**
-**    DETACH DATABASE dbname
-**
-** The pDbname argument is the name of the database in the DETACH statement.
-*/
-void sqlite3Detach(Parse *pParse, Token *pDbname){
-  int i;
-  sqlite3 *db;
-  Vdbe *v;
-  Db *pDb = 0;
-  char *zName;
-
-  v = sqlite3GetVdbe(pParse);
-  if( !v ) return;
-  sqlite3VdbeAddOp(v, OP_Expire, 0, 0);
-  sqlite3VdbeAddOp(v, OP_Halt, 0, 0);
-  if( pParse->explain ) return;
-  db = pParse->db;
-  zName = sqlite3NameFromToken(pDbname);
-  if( zName==0 ) return;
-  for(i=0; i<db->nDb; i++){
-    pDb = &db->aDb[i];
-    if( pDb->pBt==0 ) continue;
-    if( sqlite3StrICmp(pDb->zName, zName)==0 ) break;
-  }
-  if( i>=db->nDb ){
-    sqlite3ErrorMsg(pParse, "no such database: %z", zName);
-    return;
-  }
-  if( i<2 ){
-    sqlite3ErrorMsg(pParse, "cannot detach database %z", zName);
-    return;
-  }
-  sqliteFree(zName);
-  if( !db->autoCommit ){
-    sqlite3ErrorMsg(pParse, "cannot DETACH database within transaction");
-    pParse->rc = SQLITE_ERROR;
-    return;
-  }
-#ifndef SQLITE_OMIT_AUTHORIZATION
-  if( sqlite3AuthCheck(pParse,SQLITE_DETACH,db->aDb[i].zName,0,0)!=SQLITE_OK ){
-    return;
-  }
-#endif /* SQLITE_OMIT_AUTHORIZATION */
-  sqlite3BtreeClose(pDb->pBt);
-  pDb->pBt = 0;
-  sqlite3ResetInternalSchema(db, 0);
-}
-
-/*
-** Initialize a DbFixer structure.  This routine must be called prior
-** to passing the structure to one of the sqliteFixAAAA() routines below.
-**
-** The return value indicates whether or not fixation is required.  TRUE
-** means we do need to fix the database references, FALSE means we do not.
-*/
-int sqlite3FixInit(
-  DbFixer *pFix,      /* The fixer to be initialized */
-  Parse *pParse,      /* Error messages will be written here */
-  int iDb,            /* This is the database that must be used */
-  const char *zType,  /* "view", "trigger", or "index" */
-  const Token *pName  /* Name of the view, trigger, or index */
-){
-  sqlite3 *db;
-
-  if( iDb<0 || iDb==1 ) return 0;
-  db = pParse->db;
-  assert( db->nDb>iDb );
-  pFix->pParse = pParse;
-  pFix->zDb = db->aDb[iDb].zName;
-  pFix->zType = zType;
-  pFix->pName = pName;
-  return 1;
-}
-
-/*
-** The following set of routines walk through the parse tree and assign
-** a specific database to all table references where the database name
-** was left unspecified in the original SQL statement.  The pFix structure
-** must have been initialized by a prior call to sqlite3FixInit().
-**
-** These routines are used to make sure that an index, trigger, or
-** view in one database does not refer to objects in a different database.
-** (Exception: indices, triggers, and views in the TEMP database are
-** allowed to refer to anything.)  If a reference is explicitly made
-** to an object in a different database, an error message is added to
-** pParse->zErrMsg and these routines return non-zero.  If everything
-** checks out, these routines return 0.
-*/
-int sqlite3FixSrcList(
-  DbFixer *pFix,       /* Context of the fixation */
-  SrcList *pList       /* The Source list to check and modify */
-){
-  int i;
-  const char *zDb;
-  struct SrcList_item *pItem;
-
-  if( pList==0 ) return 0;
-  zDb = pFix->zDb;
-  for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
-    if( pItem->zDatabase==0 ){
-      pItem->zDatabase = sqliteStrDup(zDb);
-    }else if( sqlite3StrICmp(pItem->zDatabase,zDb)!=0 ){
-      sqlite3ErrorMsg(pFix->pParse,
-         "%s %T cannot reference objects in database %s",
-         pFix->zType, pFix->pName, pItem->zDatabase);
-      return 1;
-    }
-#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
-    if( sqlite3FixSelect(pFix, pItem->pSelect) ) return 1;
-    if( sqlite3FixExpr(pFix, pItem->pOn) ) return 1;
-#endif
-  }
-  return 0;
-}
-#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
-int sqlite3FixSelect(
-  DbFixer *pFix,       /* Context of the fixation */
-  Select *pSelect      /* The SELECT statement to be fixed to one database */
-){
-  while( pSelect ){
-    if( sqlite3FixExprList(pFix, pSelect->pEList) ){
-      return 1;
-    }
-    if( sqlite3FixSrcList(pFix, pSelect->pSrc) ){
-      return 1;
-    }
-    if( sqlite3FixExpr(pFix, pSelect->pWhere) ){
-      return 1;
-    }
-    if( sqlite3FixExpr(pFix, pSelect->pHaving) ){
-      return 1;
-    }
-    pSelect = pSelect->pPrior;
-  }
-  return 0;
-}
-int sqlite3FixExpr(
-  DbFixer *pFix,     /* Context of the fixation */
-  Expr *pExpr        /* The expression to be fixed to one database */
-){
-  while( pExpr ){
-    if( sqlite3FixSelect(pFix, pExpr->pSelect) ){
-      return 1;
-    }
-    if( sqlite3FixExprList(pFix, pExpr->pList) ){
-      return 1;
-    }
-    if( sqlite3FixExpr(pFix, pExpr->pRight) ){
-      return 1;
-    }
-    pExpr = pExpr->pLeft;
-  }
-  return 0;
-}
-int sqlite3FixExprList(
-  DbFixer *pFix,     /* Context of the fixation */
-  ExprList *pList    /* The expression to be fixed to one database */
-){
-  int i;
-  struct ExprList_item *pItem;
-  if( pList==0 ) return 0;
-  for(i=0, pItem=pList->a; i<pList->nExpr; i++, pItem++){
-    if( sqlite3FixExpr(pFix, pItem->pExpr) ){
-      return 1;
-    }
-  }
-  return 0;
-}
-#endif
-
-#ifndef SQLITE_OMIT_TRIGGER
-int sqlite3FixTriggerStep(
-  DbFixer *pFix,     /* Context of the fixation */
-  TriggerStep *pStep /* The trigger step be fixed to one database */
-){
-  while( pStep ){
-    if( sqlite3FixSelect(pFix, pStep->pSelect) ){
-      return 1;
-    }
-    if( sqlite3FixExpr(pFix, pStep->pWhere) ){
-      return 1;
-    }
-    if( sqlite3FixExprList(pFix, pStep->pExprList) ){
-      return 1;
-    }
-    pStep = pStep->pNext;
-  }
-  return 0;
-}
-#endif
--- a/mozilla/security/nss/lib/sqlite/auth.c
+++ b/mozilla/security/nss/lib/sqlite/auth.c
@@ -1,224 +0,0 @@
-/*
-** 2003 January 11
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains code used to implement the sqlite3_set_authorizer()
-** API.  This facility is an optional feature of the library.  Embedded
-** systems that do not need this facility may omit it by recompiling
-** the library with -DSQLITE_OMIT_AUTHORIZATION=1
-**
-** $Id: auth.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-
-/*
-** All of the code in this file may be omitted by defining a single
-** macro.
-*/
-#ifndef SQLITE_OMIT_AUTHORIZATION
-
-/*
-** Set or clear the access authorization function.
-**
-** The access authorization function is be called during the compilation
-** phase to verify that the user has read and/or write access permission on
-** various fields of the database.  The first argument to the auth function
-** is a copy of the 3rd argument to this routine.  The second argument
-** to the auth function is one of these constants:
-**
-**       SQLITE_CREATE_INDEX
-**       SQLITE_CREATE_TABLE
-**       SQLITE_CREATE_TEMP_INDEX
-**       SQLITE_CREATE_TEMP_TABLE
-**       SQLITE_CREATE_TEMP_TRIGGER
-**       SQLITE_CREATE_TEMP_VIEW
-**       SQLITE_CREATE_TRIGGER
-**       SQLITE_CREATE_VIEW
-**       SQLITE_DELETE
-**       SQLITE_DROP_INDEX
-**       SQLITE_DROP_TABLE
-**       SQLITE_DROP_TEMP_INDEX
-**       SQLITE_DROP_TEMP_TABLE
-**       SQLITE_DROP_TEMP_TRIGGER
-**       SQLITE_DROP_TEMP_VIEW
-**       SQLITE_DROP_TRIGGER
-**       SQLITE_DROP_VIEW
-**       SQLITE_INSERT
-**       SQLITE_PRAGMA
-**       SQLITE_READ
-**       SQLITE_SELECT
-**       SQLITE_TRANSACTION
-**       SQLITE_UPDATE
-**
-** The third and fourth arguments to the auth function are the name of
-** the table and the column that are being accessed.  The auth function
-** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE.  If
-** SQLITE_OK is returned, it means that access is allowed.  SQLITE_DENY
-** means that the SQL statement will never-run - the sqlite3_exec() call
-** will return with an error.  SQLITE_IGNORE means that the SQL statement
-** should run but attempts to read the specified column will return NULL
-** and attempts to write the column will be ignored.
-**
-** Setting the auth function to NULL disables this hook.  The default
-** setting of the auth function is NULL.
-*/
-int sqlite3_set_authorizer(
-  sqlite3 *db,
-  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
-  void *pArg
-){
-  db->xAuth = xAuth;
-  db->pAuthArg = pArg;
-  sqlite3ExpirePreparedStatements(db);
-  return SQLITE_OK;
-}
-
-/*
-** Write an error message into pParse->zErrMsg that explains that the
-** user-supplied authorization function returned an illegal value.
-*/
-static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
-  sqlite3ErrorMsg(pParse, "illegal return value (%d) from the "
-    "authorization function - should be SQLITE_OK, SQLITE_IGNORE, "
-    "or SQLITE_DENY", rc);
-  pParse->rc = SQLITE_ERROR;
-}
-
-/*
-** The pExpr should be a TK_COLUMN expression.  The table referred to
-** is in pTabList or else it is the NEW or OLD table of a trigger.  
-** Check to see if it is OK to read this particular column.
-**
-** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN 
-** instruction into a TK_NULL.  If the auth function returns SQLITE_DENY,
-** then generate an error.
-*/
-void sqlite3AuthRead(
-  Parse *pParse,        /* The parser context */
-  Expr *pExpr,          /* The expression to check authorization on */
-  SrcList *pTabList     /* All table that pExpr might refer to */
-){
-  sqlite3 *db = pParse->db;
-  int rc;
-  Table *pTab;          /* The table being read */
-  const char *zCol;     /* Name of the column of the table */
-  int iSrc;             /* Index in pTabList->a[] of table being read */
-  const char *zDBase;   /* Name of database being accessed */
-  TriggerStack *pStack; /* The stack of current triggers */
-
-  if( db->xAuth==0 ) return;
-  assert( pExpr->op==TK_COLUMN );
-  for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
-    if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
-  }
-  if( iSrc>=0 && pTabList && iSrc<pTabList->nSrc ){
-    pTab = pTabList->a[iSrc].pTab;
-  }else if( (pStack = pParse->trigStack)!=0 ){
-    /* This must be an attempt to read the NEW or OLD pseudo-tables
-    ** of a trigger.
-    */
-    assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
-    pTab = pStack->pTab;
-  }else{
-    return;
-  }
-  if( pTab==0 ) return;
-  if( pExpr->iColumn>=0 ){
-    assert( pExpr->iColumn<pTab->nCol );
-    zCol = pTab->aCol[pExpr->iColumn].zName;
-  }else if( pTab->iPKey>=0 ){
-    assert( pTab->iPKey<pTab->nCol );
-    zCol = pTab->aCol[pTab->iPKey].zName;
-  }else{
-    zCol = "ROWID";
-  }
-  assert( pExpr->iDb<db->nDb );
-  zDBase = db->aDb[pExpr->iDb].zName;
-  rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, 
-                 pParse->zAuthContext);
-  if( rc==SQLITE_IGNORE ){
-    pExpr->op = TK_NULL;
-  }else if( rc==SQLITE_DENY ){
-    if( db->nDb>2 || pExpr->iDb!=0 ){
-      sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited", 
-         zDBase, pTab->zName, zCol);
-    }else{
-      sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited",pTab->zName,zCol);
-    }
-    pParse->rc = SQLITE_AUTH;
-  }else if( rc!=SQLITE_OK ){
-    sqliteAuthBadReturnCode(pParse, rc);
-  }
-}
-
-/*
-** Do an authorization check using the code and arguments given.  Return
-** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY.  If SQLITE_DENY
-** is returned, then the error count and error message in pParse are
-** modified appropriately.
-*/
-int sqlite3AuthCheck(
-  Parse *pParse,
-  int code,
-  const char *zArg1,
-  const char *zArg2,
-  const char *zArg3
-){
-  sqlite3 *db = pParse->db;
-  int rc;
-
-  /* Don't do any authorization checks if the database is initialising. */
-  if( db->init.busy ){
-    return SQLITE_OK;
-  }
-
-  if( db->xAuth==0 ){
-    return SQLITE_OK;
-  }
-  rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
-  if( rc==SQLITE_DENY ){
-    sqlite3ErrorMsg(pParse, "not authorized");
-    pParse->rc = SQLITE_AUTH;
-  }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
-    rc = SQLITE_DENY;
-    sqliteAuthBadReturnCode(pParse, rc);
-  }
-  return rc;
-}
-
-/*
-** Push an authorization context.  After this routine is called, the
-** zArg3 argument to authorization callbacks will be zContext until
-** popped.  Or if pParse==0, this routine is a no-op.
-*/
-void sqlite3AuthContextPush(
-  Parse *pParse,
-  AuthContext *pContext, 
-  const char *zContext
-){
-  pContext->pParse = pParse;
-  if( pParse ){
-    pContext->zAuthContext = pParse->zAuthContext;
-    pParse->zAuthContext = zContext;
-  }
-}
-
-/*
-** Pop an authorization context that was previously pushed
-** by sqlite3AuthContextPush
-*/
-void sqlite3AuthContextPop(AuthContext *pContext){
-  if( pContext->pParse ){
-    pContext->pParse->zAuthContext = pContext->zAuthContext;
-    pContext->pParse = 0;
-  }
-}
-
-#endif /* SQLITE_OMIT_AUTHORIZATION */
--- a/mozilla/security/nss/lib/sqlite/btree.c
+++ b/mozilla/security/nss/lib/sqlite/btree.c
--- a/mozilla/security/nss/lib/sqlite/btree.h
+++ b/mozilla/security/nss/lib/sqlite/btree.h
@@ -1,143 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This header file defines the interface that the sqlite B-Tree file
-** subsystem.  See comments in the source code for a detailed description
-** of what each interface routine does.
-**
-** @(#) $Id: btree.h,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#ifndef _BTREE_H_
-#define _BTREE_H_
-
-/* TODO: This definition is just included so other modules compile. It
-** needs to be revisited.
-*/
-#define SQLITE_N_BTREE_META 10
-
-/*
-** If defined as non-zero, auto-vacuum is enabled by default. Otherwise
-** it must be turned on for each database using "PRAGMA auto_vacuum = 1".
-*/
-#ifndef SQLITE_DEFAULT_AUTOVACUUM
-  #define SQLITE_DEFAULT_AUTOVACUUM 0
-#endif
-
-/*
-** Forward declarations of structure
-*/
-typedef struct Btree Btree;
-typedef struct BtCursor BtCursor;
-
-
-int sqlite3BtreeOpen(
-  const char *zFilename,   /* Name of database file to open */
-  Btree **,                /* Return open Btree* here */
-  int flags                /* Flags */
-);
-
-/* The flags parameter to sqlite3BtreeOpen can be the bitwise or of the
-** following values.
-**
-** NOTE:  These values must match the corresponding PAGER_ values in
-** pager.h.
-*/
-#define BTREE_OMIT_JOURNAL  1  /* Do not use journal.  No argument */
-#define BTREE_NO_READLOCK   2  /* Omit readlocks on readonly files */
-#define BTREE_MEMORY        4  /* In-memory DB.  No argument */
-
-int sqlite3BtreeClose(Btree*);
-int sqlite3BtreeSetBusyHandler(Btree*,BusyHandler*);
-int sqlite3BtreeSetCacheSize(Btree*,int);
-int sqlite3BtreeSetSafetyLevel(Btree*,int);
-int sqlite3BtreeSetPageSize(Btree*,int,int);
-int sqlite3BtreeGetPageSize(Btree*);
-int sqlite3BtreeGetReserve(Btree*);
-int sqlite3BtreeSetAutoVacuum(Btree *, int);
-int sqlite3BtreeGetAutoVacuum(Btree *);
-int sqlite3BtreeBeginTrans(Btree*,int);
-int sqlite3BtreeCommit(Btree*);
-int sqlite3BtreeRollback(Btree*);
-int sqlite3BtreeBeginStmt(Btree*);
-int sqlite3BtreeCommitStmt(Btree*);
-int sqlite3BtreeRollbackStmt(Btree*);
-int sqlite3BtreeCreateTable(Btree*, int*, int flags);
-int sqlite3BtreeIsInTrans(Btree*);
-int sqlite3BtreeIsInStmt(Btree*);
-int sqlite3BtreeSync(Btree*, const char *zMaster);
-int sqlite3BtreeReset(Btree *);
-
-const char *sqlite3BtreeGetFilename(Btree *);
-const char *sqlite3BtreeGetDirname(Btree *);
-const char *sqlite3BtreeGetJournalname(Btree *);
-int sqlite3BtreeCopyFile(Btree *, Btree *);
-
-/* The flags parameter to sqlite3BtreeCreateTable can be the bitwise OR
-** of the following flags:
-*/
-#define BTREE_INTKEY     1    /* Table has only 64-bit signed integer keys */
-#define BTREE_ZERODATA   2    /* Table has keys only - no data */
-#define BTREE_LEAFDATA   4    /* Data stored in leaves only.  Implies INTKEY */
-
-int sqlite3BtreeDropTable(Btree*, int, int*);
-int sqlite3BtreeClearTable(Btree*, int);
-int sqlite3BtreeGetMeta(Btree*, int idx, u32 *pValue);
-int sqlite3BtreeUpdateMeta(Btree*, int idx, u32 value);
-
-int sqlite3BtreeCursor(
-  Btree*,                              /* BTree containing table to open */
-  int iTable,                          /* Index of root page */
-  int wrFlag,                          /* 1 for writing.  0 for read-only */
-  int(*)(void*,int,const void*,int,const void*),  /* Key comparison function */
-  void*,                               /* First argument to compare function */
-  BtCursor **ppCursor                  /* Returned cursor */
-);
-
-void sqlite3BtreeSetCompare(
-  BtCursor *,
-  int(*)(void*,int,const void*,int,const void*),
-  void*
-);
-
-int sqlite3BtreeCloseCursor(BtCursor*);
-int sqlite3BtreeMoveto(BtCursor*, const void *pKey, i64 nKey, int *pRes);
-int sqlite3BtreeDelete(BtCursor*);
-int sqlite3BtreeInsert(BtCursor*, const void *pKey, i64 nKey,
-                                  const void *pData, int nData);
-int sqlite3BtreeFirst(BtCursor*, int *pRes);
-int sqlite3BtreeLast(BtCursor*, int *pRes);
-int sqlite3BtreeNext(BtCursor*, int *pRes);
-int sqlite3BtreeEof(BtCursor*);
-int sqlite3BtreeFlags(BtCursor*);
-int sqlite3BtreePrevious(BtCursor*, int *pRes);
-int sqlite3BtreeKeySize(BtCursor*, i64 *pSize);
-int sqlite3BtreeKey(BtCursor*, u32 offset, u32 amt, void*);
-const void *sqlite3BtreeKeyFetch(BtCursor*, int *pAmt);
-const void *sqlite3BtreeDataFetch(BtCursor*, int *pAmt);
-int sqlite3BtreeDataSize(BtCursor*, u32 *pSize);
-int sqlite3BtreeData(BtCursor*, u32 offset, u32 amt, void*);
-
-char *sqlite3BtreeIntegrityCheck(Btree*, int *aRoot, int nRoot);
-struct Pager *sqlite3BtreePager(Btree*);
-
-
-#ifdef SQLITE_TEST
-int sqlite3BtreeCursorInfo(BtCursor*, int*, int);
-void sqlite3BtreeCursorList(Btree*);
-#endif
-
-#ifdef SQLITE_DEBUG
-int sqlite3BtreePageDump(Btree*, int, int recursive);
-#else
-#define sqlite3BtreePageDump(X,Y,Z) SQLITE_OK
-#endif
-
-#endif /* _BTREE_H_ */
--- a/mozilla/security/nss/lib/sqlite/build.c
+++ b/mozilla/security/nss/lib/sqlite/build.c
--- a/mozilla/security/nss/lib/sqlite/callback.c
+++ b/mozilla/security/nss/lib/sqlite/callback.c
@@ -1,306 +0,0 @@
-/*
-** 2005 May 23 
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-**
-** This file contains functions used to access the internal hash tables
-** of user defined functions and collation sequences.
-**
-** $Id: callback.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-
-#include "sqliteInt.h"
-
-/*
-** Invoke the 'collation needed' callback to request a collation sequence
-** in the database text encoding of name zName, length nName.
-** If the collation sequence
-*/
-static void callCollNeeded(sqlite3 *db, const char *zName, int nName){
-  assert( !db->xCollNeeded || !db->xCollNeeded16 );
-  if( nName<0 ) nName = strlen(zName);
-  if( db->xCollNeeded ){
-    char *zExternal = sqliteStrNDup(zName, nName);
-    if( !zExternal ) return;
-    db->xCollNeeded(db->pCollNeededArg, db, (int)db->enc, zExternal);
-    sqliteFree(zExternal);
-  }
-#ifndef SQLITE_OMIT_UTF16
-  if( db->xCollNeeded16 ){
-    char const *zExternal;
-    sqlite3_value *pTmp = sqlite3GetTransientValue(db);
-    sqlite3ValueSetStr(pTmp, -1, zName, SQLITE_UTF8, SQLITE_STATIC);
-    zExternal = sqlite3ValueText(pTmp, SQLITE_UTF16NATIVE);
-    if( !zExternal ) return;
-    db->xCollNeeded16(db->pCollNeededArg, db, (int)db->enc, zExternal);
-  }
-#endif
-}
-
-/*
-** This routine is called if the collation factory fails to deliver a
-** collation function in the best encoding but there may be other versions
-** of this collation function (for other text encodings) available. Use one
-** of these instead if they exist. Avoid a UTF-8 <-> UTF-16 conversion if
-** possible.
-*/
-static int synthCollSeq(sqlite3 *db, CollSeq *pColl){
-  CollSeq *pColl2;
-  char *z = pColl->zName;
-  int n = strlen(z);
-  int i;
-  static const u8 aEnc[] = { SQLITE_UTF16BE, SQLITE_UTF16LE, SQLITE_UTF8 };
-  for(i=0; i<3; i++){
-    pColl2 = sqlite3FindCollSeq(db, aEnc[i], z, n, 0);
-    if( pColl2->xCmp!=0 ){
-      memcpy(pColl, pColl2, sizeof(CollSeq));
-      return SQLITE_OK;
-    }
-  }
-  return SQLITE_ERROR;
-}
-
-/*
-** This function is responsible for invoking the collation factory callback
-** or substituting a collation sequence of a different encoding when the
-** requested collation sequence is not available in the database native
-** encoding.
-** 
-** If it is not NULL, then pColl must point to the database native encoding 
-** collation sequence with name zName, length nName.
-**
-** The return value is either the collation sequence to be used in database
-** db for collation type name zName, length nName, or NULL, if no collation
-** sequence can be found.
-*/
-CollSeq *sqlite3GetCollSeq(
-  sqlite3* db, 
-  CollSeq *pColl, 
-  const char *zName, 
-  int nName
-){
-  CollSeq *p;
-
-  p = pColl;
-  if( !p ){
-    p = sqlite3FindCollSeq(db, db->enc, zName, nName, 0);
-  }
-  if( !p || !p->xCmp ){
-    /* No collation sequence of this type for this encoding is registered.
-    ** Call the collation factory to see if it can supply us with one.
-    */
-    callCollNeeded(db, zName, nName);
-    p = sqlite3FindCollSeq(db, db->enc, zName, nName, 0);
-  }
-  if( p && !p->xCmp && synthCollSeq(db, p) ){
-    p = 0;
-  }
-  assert( !p || p->xCmp );
-  return p;
-}
-
-/*
-** This routine is called on a collation sequence before it is used to
-** check that it is defined. An undefined collation sequence exists when
-** a database is loaded that contains references to collation sequences
-** that have not been defined by sqlite3_create_collation() etc.
-**
-** If required, this routine calls the 'collation needed' callback to
-** request a definition of the collating sequence. If this doesn't work, 
-** an equivalent collating sequence that uses a text encoding different
-** from the main database is substituted, if one is available.
-*/
-int sqlite3CheckCollSeq(Parse *pParse, CollSeq *pColl){
-  if( pColl ){
-    const char *zName = pColl->zName;
-    CollSeq *p = sqlite3GetCollSeq(pParse->db, pColl, zName, -1);
-    if( !p ){
-      if( pParse->nErr==0 ){
-        sqlite3ErrorMsg(pParse, "no such collation sequence: %s", zName);
-      }
-      pParse->nErr++;
-      return SQLITE_ERROR;
-    }
-  }
-  return SQLITE_OK;
-}
-
-
-
-/*
-** Locate and return an entry from the db.aCollSeq hash table. If the entry
-** specified by zName and nName is not found and parameter 'create' is
-** true, then create a new entry. Otherwise return NULL.
-**
-** Each pointer stored in the sqlite3.aCollSeq hash table contains an
-** array of three CollSeq structures. The first is the collation sequence
-** prefferred for UTF-8, the second UTF-16le, and the third UTF-16be.
-**
-** Stored immediately after the three collation sequences is a copy of
-** the collation sequence name. A pointer to this string is stored in
-** each collation sequence structure.
-*/
-static CollSeq * findCollSeqEntry(
-  sqlite3 *db,
-  const char *zName,
-  int nName,
-  int create
-){
-  CollSeq *pColl;
-  if( nName<0 ) nName = strlen(zName);
-  pColl = sqlite3HashFind(&db->aCollSeq, zName, nName);
-
-  if( 0==pColl && create ){
-    pColl = sqliteMalloc( 3*sizeof(*pColl) + nName + 1 );
-    if( pColl ){
-      CollSeq *pDel = 0;
-      pColl[0].zName = (char*)&pColl[3];
-      pColl[0].enc = SQLITE_UTF8;
-      pColl[1].zName = (char*)&pColl[3];
-      pColl[1].enc = SQLITE_UTF16LE;
-      pColl[2].zName = (char*)&pColl[3];
-      pColl[2].enc = SQLITE_UTF16BE;
-      memcpy(pColl[0].zName, zName, nName);
-      pColl[0].zName[nName] = 0;
-      pDel = sqlite3HashInsert(&db->aCollSeq, pColl[0].zName, nName, pColl);
-
-      /* If a malloc() failure occured in sqlite3HashInsert(), it will 
-      ** return the pColl pointer to be deleted (because it wasn't added
-      ** to the hash table).
-      */
-      assert( !pDel || (sqlite3_malloc_failed && pDel==pColl) );
-      sqliteFree(pDel);
-    }
-  }
-  return pColl;
-}
-
-/*
-** Parameter zName points to a UTF-8 encoded string nName bytes long.
-** Return the CollSeq* pointer for the collation sequence named zName
-** for the encoding 'enc' from the database 'db'.
-**
-** If the entry specified is not found and 'create' is true, then create a
-** new entry.  Otherwise return NULL.
-*/
-CollSeq *sqlite3FindCollSeq(
-  sqlite3 *db,
-  u8 enc,
-  const char *zName,
-  int nName,
-  int create
-){
-  CollSeq *pColl = findCollSeqEntry(db, zName, nName, create);
-  assert( SQLITE_UTF8==1 && SQLITE_UTF16LE==2 && SQLITE_UTF16BE==3 );
-  assert( enc>=SQLITE_UTF8 && enc<=SQLITE_UTF16BE );
-  if( pColl ) pColl += enc-1;
-  return pColl;
-}
-
-/*
-** Locate a user function given a name, a number of arguments and a flag
-** indicating whether the function prefers UTF-16 over UTF-8.  Return a
-** pointer to the FuncDef structure that defines that function, or return
-** NULL if the function does not exist.
-**
-** If the createFlag argument is true, then a new (blank) FuncDef
-** structure is created and liked into the "db" structure if a
-** no matching function previously existed.  When createFlag is true
-** and the nArg parameter is -1, then only a function that accepts
-** any number of arguments will be returned.
-**
-** If createFlag is false and nArg is -1, then the first valid
-** function found is returned.  A function is valid if either xFunc
-** or xStep is non-zero.
-**
-** If createFlag is false, then a function with the required name and
-** number of arguments may be returned even if the eTextRep flag does not
-** match that requested.
-*/
-FuncDef *sqlite3FindFunction(
-  sqlite3 *db,       /* An open database */
-  const char *zName, /* Name of the function.  Not null-terminated */
-  int nName,         /* Number of characters in the name */
-  int nArg,          /* Number of arguments.  -1 means any number */
-  u8 enc,            /* Preferred text encoding */
-  int createFlag     /* Create new entry if true and does not otherwise exist */
-){
-  FuncDef *p;         /* Iterator variable */
-  FuncDef *pFirst;    /* First function with this name */
-  FuncDef *pBest = 0; /* Best match found so far */
-  int bestmatch = 0;  
-
-
-  assert( enc==SQLITE_UTF8 || enc==SQLITE_UTF16LE || enc==SQLITE_UTF16BE );
-  if( nArg<-1 ) nArg = -1;
-
-  pFirst = (FuncDef*)sqlite3HashFind(&db->aFunc, zName, nName);
-  for(p=pFirst; p; p=p->pNext){
-    /* During the search for the best function definition, bestmatch is set
-    ** as follows to indicate the quality of the match with the definition
-    ** pointed to by pBest:
-    **
-    ** 0: pBest is NULL. No match has been found.
-    ** 1: A variable arguments function that prefers UTF-8 when a UTF-16
-    **    encoding is requested, or vice versa.
-    ** 2: A variable arguments function that uses UTF-16BE when UTF-16LE is
-    **    requested, or vice versa.
-    ** 3: A variable arguments function using the same text encoding.
-    ** 4: A function with the exact number of arguments requested that
-    **    prefers UTF-8 when a UTF-16 encoding is requested, or vice versa.
-    ** 5: A function with the exact number of arguments requested that
-    **    prefers UTF-16LE when UTF-16BE is requested, or vice versa.
-    ** 6: An exact match.
-    **
-    ** A larger value of 'matchqual' indicates a more desirable match.
-    */
-    if( p->nArg==-1 || p->nArg==nArg || nArg==-1 ){
-      int match = 1;          /* Quality of this match */
-      if( p->nArg==nArg || nArg==-1 ){
-        match = 4;
-      }
-      if( enc==p->iPrefEnc ){
-        match += 2;
-      }
-      else if( (enc==SQLITE_UTF16LE && p->iPrefEnc==SQLITE_UTF16BE) ||
-               (enc==SQLITE_UTF16BE && p->iPrefEnc==SQLITE_UTF16LE) ){
-        match += 1;
-      }
-
-      if( match>bestmatch ){
-        pBest = p;
-        bestmatch = match;
-      }
-    }
-  }
-
-  /* If the createFlag parameter is true, and the seach did not reveal an
-  ** exact match for the name, number of arguments and encoding, then add a
-  ** new entry to the hash table and return it.
-  */
-  if( createFlag && bestmatch<6 && 
-      (pBest = sqliteMalloc(sizeof(*pBest)+nName+1)) ){
-    pBest->nArg = nArg;
-    pBest->pNext = pFirst;
-    pBest->zName = (char*)&pBest[1];
-    pBest->iPrefEnc = enc;
-    memcpy(pBest->zName, zName, nName);
-    pBest->zName[nName] = 0;
-    if( pBest==sqlite3HashInsert(&db->aFunc,pBest->zName,nName,(void*)pBest) ){
-      sqliteFree(pBest);
-      return 0;
-    }
-  }
-
-  if( pBest && (pBest->xStep || pBest->xFunc || createFlag) ){
-    return pBest;
-  }
-  return 0;
-}
--- a/mozilla/security/nss/lib/sqlite/config.mk
+++ b/mozilla/security/nss/lib/sqlite/config.mk
@@ -1,63 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-
-# don't want the 32 in the shared library name
-SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
-IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
-
-RES = $(OBJDIR)/sqlite.res
-RESNAME = sqlite.rc
-
-
-else
-
-ifeq ($(OS_ARCH), BeOS)
-EXTRA_SHARED_LIBS += -lbe
-endif
-
-
-CFLAGS += -DHAVE_USLEEP=1
-
-ifeq ($(OS_TARGET),SunOS)
-# The -R '$ORIGIN' linker option instructs this library to search for its
-# dependencies in the same directory where it resides.
-MKSHLIB += -R '$$ORIGIN'
-endif
-
-endif
--- a/mozilla/security/nss/lib/sqlite/date.c
+++ b/mozilla/security/nss/lib/sqlite/date.c
--- a/mozilla/security/nss/lib/sqlite/delete.c
+++ b/mozilla/security/nss/lib/sqlite/delete.c
@@ -1,447 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains C code routines that are called by the parser
-** in order to generate code for DELETE FROM statements.
-**
-** $Id: delete.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-
-/*
-** Look up every table that is named in pSrc.  If any table is not found,
-** add an error message to pParse->zErrMsg and return NULL.  If all tables
-** are found, return a pointer to the last table.
-*/
-Table *sqlite3SrcListLookup(Parse *pParse, SrcList *pSrc){
-  Table *pTab = 0;
-  int i;
-  struct SrcList_item *pItem;
-  for(i=0, pItem=pSrc->a; i<pSrc->nSrc; i++, pItem++){
-    pTab = sqlite3LocateTable(pParse, pItem->zName, pItem->zDatabase);
-    sqlite3DeleteTable(pParse->db, pItem->pTab);
-    pItem->pTab = pTab;
-    if( pTab ){
-      pTab->nRef++;
-    }
-  }
-  return pTab;
-}
-
-/*
-** Check to make sure the given table is writable.  If it is not
-** writable, generate an error message and return 1.  If it is
-** writable return 0;
-*/
-int sqlite3IsReadOnly(Parse *pParse, Table *pTab, int viewOk){
-  if( pTab->readOnly && (pParse->db->flags & SQLITE_WriteSchema)==0
-        && pParse->nested==0 ){
-    sqlite3ErrorMsg(pParse, "table %s may not be modified", pTab->zName);
-    return 1;
-  }
-#ifndef SQLITE_OMIT_VIEW
-  if( !viewOk && pTab->pSelect ){
-    sqlite3ErrorMsg(pParse,"cannot modify %s because it is a view",pTab->zName);
-    return 1;
-  }
-#endif
-  return 0;
-}
-
-/*
-** Generate code that will open a table for reading.
-*/
-void sqlite3OpenTableForReading(
-  Vdbe *v,        /* Generate code into this VDBE */
-  int iCur,       /* The cursor number of the table */
-  Table *pTab     /* The table to be opened */
-){
-  sqlite3VdbeAddOp(v, OP_Integer, pTab->iDb, 0);
-  sqlite3VdbeAddOp(v, OP_OpenRead, iCur, pTab->tnum);
-  VdbeComment((v, "# %s", pTab->zName));
-  sqlite3VdbeAddOp(v, OP_SetNumColumns, iCur, pTab->nCol);
-}
-
-
-/*
-** Generate code for a DELETE FROM statement.
-**
-**     DELETE FROM table_wxyz WHERE a<5 AND b NOT NULL;
-**                 \________/       \________________/
-**                  pTabList              pWhere
-*/
-void sqlite3DeleteFrom(
-  Parse *pParse,         /* The parser context */
-  SrcList *pTabList,     /* The table from which we should delete things */
-  Expr *pWhere           /* The WHERE clause.  May be null */
-){
-  Vdbe *v;               /* The virtual database engine */
-  Table *pTab;           /* The table from which records will be deleted */
-  const char *zDb;       /* Name of database holding pTab */
-  int end, addr = 0;     /* A couple addresses of generated code */
-  int i;                 /* Loop counter */
-  WhereInfo *pWInfo;     /* Information about the WHERE clause */
-  Index *pIdx;           /* For looping over indices of the table */
-  int iCur;              /* VDBE Cursor number for pTab */
-  sqlite3 *db;           /* Main database structure */
-  AuthContext sContext;  /* Authorization context */
-  int oldIdx = -1;       /* Cursor for the OLD table of AFTER triggers */
-  NameContext sNC;       /* Name context to resolve expressions in */
-
-#ifndef SQLITE_OMIT_TRIGGER
-  int isView;                  /* True if attempting to delete from a view */
-  int triggers_exist = 0;      /* True if any triggers exist */
-#endif
-
-  sContext.pParse = 0;
-  if( pParse->nErr || sqlite3_malloc_failed ){
-    goto delete_from_cleanup;
-  }
-  db = pParse->db;
-  assert( pTabList->nSrc==1 );
-
-  /* Locate the table which we want to delete.  This table has to be
-  ** put in an SrcList structure because some of the subroutines we
-  ** will be calling are designed to work with multiple tables and expect
-  ** an SrcList* parameter instead of just a Table* parameter.
-  */
-  pTab = sqlite3SrcListLookup(pParse, pTabList);
-  if( pTab==0 )  goto delete_from_cleanup;
-
-  /* Figure out if we have any triggers and if the table being
-  ** deleted from is a view
-  */
-#ifndef SQLITE_OMIT_TRIGGER
-  triggers_exist = sqlite3TriggersExist(pParse, pTab, TK_DELETE, 0);
-  isView = pTab->pSelect!=0;
-#else
-# define triggers_exist 0
-# define isView 0
-#endif
-#ifdef SQLITE_OMIT_VIEW
-# undef isView
-# define isView 0
-#endif
-
-  if( sqlite3IsReadOnly(pParse, pTab, triggers_exist) ){
-    goto delete_from_cleanup;
-  }
-  assert( pTab->iDb<db->nDb );
-  zDb = db->aDb[pTab->iDb].zName;
-  if( sqlite3AuthCheck(pParse, SQLITE_DELETE, pTab->zName, 0, zDb) ){
-    goto delete_from_cleanup;
-  }
-
-  /* If pTab is really a view, make sure it has been initialized.
-  */
-  if( isView && sqlite3ViewGetColumnNames(pParse, pTab) ){
-    goto delete_from_cleanup;
-  }
-
-  /* Allocate a cursor used to store the old.* data for a trigger.
-  */
-  if( triggers_exist ){ 
-    oldIdx = pParse->nTab++;
-  }
-
-  /* Resolve the column names in the WHERE clause.
-  */
-  assert( pTabList->nSrc==1 );
-  iCur = pTabList->a[0].iCursor = pParse->nTab++;
-  memset(&sNC, 0, sizeof(sNC));
-  sNC.pParse = pParse;
-  sNC.pSrcList = pTabList;
-  if( sqlite3ExprResolveNames(&sNC, pWhere) ){
-    goto delete_from_cleanup;
-  }
-
-  /* Start the view context
-  */
-  if( isView ){
-    sqlite3AuthContextPush(pParse, &sContext, pTab->zName);
-  }
-
-  /* Begin generating code.
-  */
-  v = sqlite3GetVdbe(pParse);
-  if( v==0 ){
-    goto delete_from_cleanup;
-  }
-  if( pParse->nested==0 ) sqlite3VdbeCountChanges(v);
-  sqlite3BeginWriteOperation(pParse, triggers_exist, pTab->iDb);
-
-  /* If we are trying to delete from a view, construct that view into
-  ** a temporary table.
-  */
-  if( isView ){
-    Select *pView = sqlite3SelectDup(pTab->pSelect);
-    sqlite3Select(pParse, pView, SRT_TempTable, iCur, 0, 0, 0, 0);
-    sqlite3SelectDelete(pView);
-  }
-
-  /* Initialize the counter of the number of rows deleted, if
-  ** we are counting rows.
-  */
-  if( db->flags & SQLITE_CountRows ){
-    sqlite3VdbeAddOp(v, OP_Integer, 0, 0);
-  }
-
-  /* Special case: A DELETE without a WHERE clause deletes everything.
-  ** It is easier just to erase the whole table.  Note, however, that
-  ** this means that the row change count will be incorrect.
-  */
-  if( pWhere==0 && !triggers_exist ){
-    if( db->flags & SQLITE_CountRows ){
-      /* If counting rows deleted, just count the total number of
-      ** entries in the table. */
-      int endOfLoop = sqlite3VdbeMakeLabel(v);
-      int addr;
-      if( !isView ){
-        sqlite3OpenTableForReading(v, iCur, pTab);
-      }
-      sqlite3VdbeAddOp(v, OP_Rewind, iCur, sqlite3VdbeCurrentAddr(v)+2);
-      addr = sqlite3VdbeAddOp(v, OP_AddImm, 1, 0);
-      sqlite3VdbeAddOp(v, OP_Next, iCur, addr);
-      sqlite3VdbeResolveLabel(v, endOfLoop);
-      sqlite3VdbeAddOp(v, OP_Close, iCur, 0);
-    }
-    if( !isView ){
-      sqlite3VdbeAddOp(v, OP_Clear, pTab->tnum, pTab->iDb);
-      for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
-        sqlite3VdbeAddOp(v, OP_Clear, pIdx->tnum, pIdx->iDb);
-      }
-    }
-  }
-
-  /* The usual case: There is a WHERE clause so we have to scan through
-  ** the table and pick which records to delete.
-  */
-  else{
-    /* Ensure all required collation sequences are available. */
-    for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
-      if( sqlite3CheckIndexCollSeq(pParse, pIdx) ){
-        goto delete_from_cleanup;
-      }
-    }
-
-    /* Begin the database scan
-    */
-    pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, 0);
-    if( pWInfo==0 ) goto delete_from_cleanup;
-
-    /* Remember the rowid of every item to be deleted.
-    */
-    sqlite3VdbeAddOp(v, OP_Rowid, iCur, 0);
-    sqlite3VdbeAddOp(v, OP_ListWrite, 0, 0);
-    if( db->flags & SQLITE_CountRows ){
-      sqlite3VdbeAddOp(v, OP_AddImm, 1, 0);
-    }
-
-    /* End the database scan loop.
-    */
-    sqlite3WhereEnd(pWInfo);
-
-    /* Open the pseudo-table used to store OLD if there are triggers.
-    */
-    if( triggers_exist ){
-      sqlite3VdbeAddOp(v, OP_OpenPseudo, oldIdx, 0);
-      sqlite3VdbeAddOp(v, OP_SetNumColumns, oldIdx, pTab->nCol);
-    }
-
-    /* Delete every item whose key was written to the list during the
-    ** database scan.  We have to delete items after the scan is complete
-    ** because deleting an item can change the scan order.
-    */
-    sqlite3VdbeAddOp(v, OP_ListRewind, 0, 0);
-    end = sqlite3VdbeMakeLabel(v);
-
-    /* This is the beginning of the delete loop when there are
-    ** row triggers.
-    */
-    if( triggers_exist ){
-      addr = sqlite3VdbeAddOp(v, OP_ListRead, 0, end);
-      if( !isView ){
-        sqlite3VdbeAddOp(v, OP_Dup, 0, 0);
-        sqlite3OpenTableForReading(v, iCur, pTab);
-      }
-      sqlite3VdbeAddOp(v, OP_MoveGe, iCur, 0);
-      sqlite3VdbeAddOp(v, OP_Rowid, iCur, 0);
-      sqlite3VdbeAddOp(v, OP_RowData, iCur, 0);
-      sqlite3VdbeAddOp(v, OP_Insert, oldIdx, 0);
-      if( !isView ){
-        sqlite3VdbeAddOp(v, OP_Close, iCur, 0);
-      }
-
-      (void)sqlite3CodeRowTrigger(pParse, TK_DELETE, 0, TRIGGER_BEFORE, pTab,
-          -1, oldIdx, (pParse->trigStack)?pParse->trigStack->orconf:OE_Default,
-          addr);
-    }
-
-    if( !isView ){
-      /* Open cursors for the table we are deleting from and all its
-      ** indices.  If there are row triggers, this happens inside the
-      ** OP_ListRead loop because the cursor have to all be closed
-      ** before the trigger fires.  If there are no row triggers, the
-      ** cursors are opened only once on the outside the loop.
-      */
-      sqlite3OpenTableAndIndices(pParse, pTab, iCur, OP_OpenWrite);
-
-      /* This is the beginning of the delete loop when there are no
-      ** row triggers */
-      if( !triggers_exist ){ 
-        addr = sqlite3VdbeAddOp(v, OP_ListRead, 0, end);
-      }
-
-      /* Delete the row */
-      sqlite3GenerateRowDelete(db, v, pTab, iCur, pParse->nested==0);
-    }
-
-    /* If there are row triggers, close all cursors then invoke
-    ** the AFTER triggers
-    */
-    if( triggers_exist ){
-      if( !isView ){
-        for(i=1, pIdx=pTab->pIndex; pIdx; i++, pIdx=pIdx->pNext){
-          sqlite3VdbeAddOp(v, OP_Close, iCur + i, pIdx->tnum);
-        }
-        sqlite3VdbeAddOp(v, OP_Close, iCur, 0);
-      }
-      (void)sqlite3CodeRowTrigger(pParse, TK_DELETE, 0, TRIGGER_AFTER, pTab, -1,
-          oldIdx, (pParse->trigStack)?pParse->trigStack->orconf:OE_Default,
-          addr);
-    }
-
-    /* End of the delete loop */
-    sqlite3VdbeAddOp(v, OP_Goto, 0, addr);
-    sqlite3VdbeResolveLabel(v, end);
-    sqlite3VdbeAddOp(v, OP_ListReset, 0, 0);
-
-    /* Close the cursors after the loop if there are no row triggers */
-    if( !triggers_exist ){
-      for(i=1, pIdx=pTab->pIndex; pIdx; i++, pIdx=pIdx->pNext){
-        sqlite3VdbeAddOp(v, OP_Close, iCur + i, pIdx->tnum);
-      }
-      sqlite3VdbeAddOp(v, OP_Close, iCur, 0);
-    }
-  }
-
-  /*
-  ** Return the number of rows that were deleted. If this routine is 
-  ** generating code because of a call to sqlite3NestedParse(), do not
-  ** invoke the callback function.
-  */
-  if( db->flags & SQLITE_CountRows && pParse->nested==0 && !pParse->trigStack ){
-    sqlite3VdbeAddOp(v, OP_Callback, 1, 0);
-    sqlite3VdbeSetNumCols(v, 1);
-    sqlite3VdbeSetColName(v, 0, "rows deleted", P3_STATIC);
-  }
-
-delete_from_cleanup:
-  sqlite3AuthContextPop(&sContext);
-  sqlite3SrcListDelete(pTabList);
-  sqlite3ExprDelete(pWhere);
-  return;
-}
-
-/*
-** This routine generates VDBE code that causes a single row of a
-** single table to be deleted.
-**
-** The VDBE must be in a particular state when this routine is called.
-** These are the requirements:
-**
-**   1.  A read/write cursor pointing to pTab, the table containing the row
-**       to be deleted, must be opened as cursor number "base".
-**
-**   2.  Read/write cursors for all indices of pTab must be open as
-**       cursor number base+i for the i-th index.
-**
-**   3.  The record number of the row to be deleted must be on the top
-**       of the stack.
-**
-** This routine pops the top of the stack to remove the record number
-** and then generates code to remove both the table record and all index
-** entries that point to that record.
-*/
-void sqlite3GenerateRowDelete(
-  sqlite3 *db,       /* The database containing the index */
-  Vdbe *v,           /* Generate code into this VDBE */
-  Table *pTab,       /* Table containing the row to be deleted */
-  int iCur,          /* Cursor number for the table */
-  int count          /* Increment the row change counter */
-){
-  int addr;
-  addr = sqlite3VdbeAddOp(v, OP_NotExists, iCur, 0);
-  sqlite3GenerateRowIndexDelete(db, v, pTab, iCur, 0);
-  sqlite3VdbeAddOp(v, OP_Delete, iCur, (count?OPFLAG_NCHANGE:0));
-  sqlite3VdbeChangeP2(v, addr, sqlite3VdbeCurrentAddr(v));
-}
-
-/*
-** This routine generates VDBE code that causes the deletion of all
-** index entries associated with a single row of a single table.
-**
-** The VDBE must be in a particular state when this routine is called.
-** These are the requirements:
-**
-**   1.  A read/write cursor pointing to pTab, the table containing the row
-**       to be deleted, must be opened as cursor number "iCur".
-**
-**   2.  Read/write cursors for all indices of pTab must be open as
-**       cursor number iCur+i for the i-th index.
-**
-**   3.  The "iCur" cursor must be pointing to the row that is to be
-**       deleted.
-*/
-void sqlite3GenerateRowIndexDelete(
-  sqlite3 *db,       /* The database containing the index */
-  Vdbe *v,           /* Generate code into this VDBE */
-  Table *pTab,       /* Table containing the row to be deleted */
-  int iCur,          /* Cursor number for the table */
-  char *aIdxUsed     /* Only delete if aIdxUsed!=0 && aIdxUsed[i]!=0 */
-){
-  int i;
-  Index *pIdx;
-
-  for(i=1, pIdx=pTab->pIndex; pIdx; i++, pIdx=pIdx->pNext){
-    if( aIdxUsed!=0 && aIdxUsed[i-1]==0 ) continue;
-    sqlite3GenerateIndexKey(v, pIdx, iCur);
-    sqlite3VdbeAddOp(v, OP_IdxDelete, iCur+i, 0);
-  }
-}
-
-/*
-** Generate code that will assemble an index key and put it on the top
-** of the tack.  The key with be for index pIdx which is an index on pTab.
-** iCur is the index of a cursor open on the pTab table and pointing to
-** the entry that needs indexing.
-*/
-void sqlite3GenerateIndexKey(
-  Vdbe *v,           /* Generate code into this VDBE */
-  Index *pIdx,       /* The index for which to generate a key */
-  int iCur           /* Cursor number for the pIdx->pTable table */
-){
-  int j;
-  Table *pTab = pIdx->pTable;
-
-  sqlite3VdbeAddOp(v, OP_Rowid, iCur, 0);
-  for(j=0; j<pIdx->nColumn; j++){
-    int idx = pIdx->aiColumn[j];
-    if( idx==pTab->iPKey ){
-      sqlite3VdbeAddOp(v, OP_Dup, j, 0);
-    }else{
-      sqlite3VdbeAddOp(v, OP_Column, iCur, idx);
-      sqlite3ColumnDefault(v, pTab, idx);
-    }
-  }
-  sqlite3VdbeAddOp(v, OP_MakeRecord, pIdx->nColumn, (1<<24));
-  sqlite3IndexAffinityStr(v, pIdx);
-}
--- a/mozilla/security/nss/lib/sqlite/expr.c
+++ b/mozilla/security/nss/lib/sqlite/expr.c
--- a/mozilla/security/nss/lib/sqlite/func.c
+++ b/mozilla/security/nss/lib/sqlite/func.c
--- a/mozilla/security/nss/lib/sqlite/hash.c
+++ b/mozilla/security/nss/lib/sqlite/hash.c
@@ -1,387 +0,0 @@
-/*
-** 2001 September 22
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This is the implementation of generic hash-tables
-** used in SQLite.
-**
-** $Id: hash.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include <assert.h>
-
-/* Turn bulk memory into a hash table object by initializing the
-** fields of the Hash structure.
-**
-** "pNew" is a pointer to the hash table that is to be initialized.
-** keyClass is one of the constants SQLITE_HASH_INT, SQLITE_HASH_POINTER,
-** SQLITE_HASH_BINARY, or SQLITE_HASH_STRING.  The value of keyClass 
-** determines what kind of key the hash table will use.  "copyKey" is
-** true if the hash table should make its own private copy of keys and
-** false if it should just use the supplied pointer.  CopyKey only makes
-** sense for SQLITE_HASH_STRING and SQLITE_HASH_BINARY and is ignored
-** for other key classes.
-*/
-void sqlite3HashInit(Hash *pNew, int keyClass, int copyKey){
-  assert( pNew!=0 );
-  assert( keyClass>=SQLITE_HASH_STRING && keyClass<=SQLITE_HASH_BINARY );
-  pNew->keyClass = keyClass;
-#if 0
-  if( keyClass==SQLITE_HASH_POINTER || keyClass==SQLITE_HASH_INT ) copyKey = 0;
-#endif
-  pNew->copyKey = copyKey;
-  pNew->first = 0;
-  pNew->count = 0;
-  pNew->htsize = 0;
-  pNew->ht = 0;
-}
-
-/* Remove all entries from a hash table.  Reclaim all memory.
-** Call this routine to delete a hash table or to reset a hash table
-** to the empty state.
-*/
-void sqlite3HashClear(Hash *pH){
-  HashElem *elem;         /* For looping over all elements of the table */
-
-  assert( pH!=0 );
-  elem = pH->first;
-  pH->first = 0;
-  if( pH->ht ) sqliteFree(pH->ht);
-  pH->ht = 0;
-  pH->htsize = 0;
-  while( elem ){
-    HashElem *next_elem = elem->next;
-    if( pH->copyKey && elem->pKey ){
-      sqliteFree(elem->pKey);
-    }
-    sqliteFree(elem);
-    elem = next_elem;
-  }
-  pH->count = 0;
-}
-
-#if 0 /* NOT USED */
-/*
-** Hash and comparison functions when the mode is SQLITE_HASH_INT
-*/
-static int intHash(const void *pKey, int nKey){
-  return nKey ^ (nKey<<8) ^ (nKey>>8);
-}
-static int intCompare(const void *pKey1, int n1, const void *pKey2, int n2){
-  return n2 - n1;
-}
-#endif
-
-#if 0 /* NOT USED */
-/*
-** Hash and comparison functions when the mode is SQLITE_HASH_POINTER
-*/
-static int ptrHash(const void *pKey, int nKey){
-  uptr x = Addr(pKey);
-  return x ^ (x<<8) ^ (x>>8);
-}
-static int ptrCompare(const void *pKey1, int n1, const void *pKey2, int n2){
-  if( pKey1==pKey2 ) return 0;
-  if( pKey1<pKey2 ) return -1;
-  return 1;
-}
-#endif
-
-/*
-** Hash and comparison functions when the mode is SQLITE_HASH_STRING
-*/
-static int strHash(const void *pKey, int nKey){
-  const char *z = (const char *)pKey;
-  int h = 0;
-  if( nKey<=0 ) nKey = strlen(z);
-  while( nKey > 0  ){
-    h = (h<<3) ^ h ^ sqlite3UpperToLower[(unsigned char)*z++];
-    nKey--;
-  }
-  return h & 0x7fffffff;
-}
-static int strCompare(const void *pKey1, int n1, const void *pKey2, int n2){
-  if( n1!=n2 ) return 1;
-  return sqlite3StrNICmp((const char*)pKey1,(const char*)pKey2,n1);
-}
-
-/*
-** Hash and comparison functions when the mode is SQLITE_HASH_BINARY
-*/
-static int binHash(const void *pKey, int nKey){
-  int h = 0;
-  const char *z = (const char *)pKey;
-  while( nKey-- > 0 ){
-    h = (h<<3) ^ h ^ *(z++);
-  }
-  return h & 0x7fffffff;
-}
-static int binCompare(const void *pKey1, int n1, const void *pKey2, int n2){
-  if( n1!=n2 ) return 1;
-  return memcmp(pKey1,pKey2,n1);
-}
-
-/*
-** Return a pointer to the appropriate hash function given the key class.
-**
-** The C syntax in this function definition may be unfamilar to some 
-** programmers, so we provide the following additional explanation:
-**
-** The name of the function is "hashFunction".  The function takes a
-** single parameter "keyClass".  The return value of hashFunction()
-** is a pointer to another function.  Specifically, the return value
-** of hashFunction() is a pointer to a function that takes two parameters
-** with types "const void*" and "int" and returns an "int".
-*/
-static int (*hashFunction(int keyClass))(const void*,int){
-#if 0  /* HASH_INT and HASH_POINTER are never used */
-  switch( keyClass ){
-    case SQLITE_HASH_INT:     return &intHash;
-    case SQLITE_HASH_POINTER: return &ptrHash;
-    case SQLITE_HASH_STRING:  return &strHash;
-    case SQLITE_HASH_BINARY:  return &binHash;;
-    default: break;
-  }
-  return 0;
-#else
-  if( keyClass==SQLITE_HASH_STRING ){
-    return &strHash;
-  }else{
-    assert( keyClass==SQLITE_HASH_BINARY );
-    return &binHash;
-  }
-#endif
-}
-
-/*
-** Return a pointer to the appropriate hash function given the key class.
-**
-** For help in interpreted the obscure C code in the function definition,
-** see the header comment on the previous function.
-*/
-static int (*compareFunction(int keyClass))(const void*,int,const void*,int){
-#if 0 /* HASH_INT and HASH_POINTER are never used */
-  switch( keyClass ){
-    case SQLITE_HASH_INT:     return &intCompare;
-    case SQLITE_HASH_POINTER: return &ptrCompare;
-    case SQLITE_HASH_STRING:  return &strCompare;
-    case SQLITE_HASH_BINARY:  return &binCompare;
-    default: break;
-  }
-  return 0;
-#else
-  if( keyClass==SQLITE_HASH_STRING ){
-    return &strCompare;
-  }else{
-    assert( keyClass==SQLITE_HASH_BINARY );
-    return &binCompare;
-  }
-#endif
-}
-
-/* Link an element into the hash table
-*/
-static void insertElement(
-  Hash *pH,              /* The complete hash table */
-  struct _ht *pEntry,    /* The entry into which pNew is inserted */
-  HashElem *pNew         /* The element to be inserted */
-){
-  HashElem *pHead;       /* First element already in pEntry */
-  pHead = pEntry->chain;
-  if( pHead ){
-    pNew->next = pHead;
-    pNew->prev = pHead->prev;
-    if( pHead->prev ){ pHead->prev->next = pNew; }
-    else             { pH->first = pNew; }
-    pHead->prev = pNew;
-  }else{
-    pNew->next = pH->first;
-    if( pH->first ){ pH->first->prev = pNew; }
-    pNew->prev = 0;
-    pH->first = pNew;
-  }
-  pEntry->count++;
-  pEntry->chain = pNew;
-}
-
-
-/* Resize the hash table so that it cantains "new_size" buckets.
-** "new_size" must be a power of 2.  The hash table might fail 
-** to resize if sqliteMalloc() fails.
-*/
-static void rehash(Hash *pH, int new_size){
-  struct _ht *new_ht;            /* The new hash table */
-  HashElem *elem, *next_elem;    /* For looping over existing elements */
-  int (*xHash)(const void*,int); /* The hash function */
-
-  assert( (new_size & (new_size-1))==0 );
-  new_ht = (struct _ht *)sqliteMalloc( new_size*sizeof(struct _ht) );
-  if( new_ht==0 ) return;
-  if( pH->ht ) sqliteFree(pH->ht);
-  pH->ht = new_ht;
-  pH->htsize = new_size;
-  xHash = hashFunction(pH->keyClass);
-  for(elem=pH->first, pH->first=0; elem; elem = next_elem){
-    int h = (*xHash)(elem->pKey, elem->nKey) & (new_size-1);
-    next_elem = elem->next;
-    insertElement(pH, &new_ht[h], elem);
-  }
-}
-
-/* This function (for internal use only) locates an element in an
-** hash table that matches the given key.  The hash for this key has
-** already been computed and is passed as the 4th parameter.
-*/
-static HashElem *findElementGivenHash(
-  const Hash *pH,     /* The pH to be searched */
-  const void *pKey,   /* The key we are searching for */
-  int nKey,
-  int h               /* The hash for this key. */
-){
-  HashElem *elem;                /* Used to loop thru the element list */
-  int count;                     /* Number of elements left to test */
-  int (*xCompare)(const void*,int,const void*,int);  /* comparison function */
-
-  if( pH->ht ){
-    struct _ht *pEntry = &pH->ht[h];
-    elem = pEntry->chain;
-    count = pEntry->count;
-    xCompare = compareFunction(pH->keyClass);
-    while( count-- && elem ){
-      if( (*xCompare)(elem->pKey,elem->nKey,pKey,nKey)==0 ){ 
-        return elem;
-      }
-      elem = elem->next;
-    }
-  }
-  return 0;
-}
-
-/* Remove a single entry from the hash table given a pointer to that
-** element and a hash on the element's key.
-*/
-static void removeElementGivenHash(
-  Hash *pH,         /* The pH containing "elem" */
-  HashElem* elem,   /* The element to be removed from the pH */
-  int h             /* Hash value for the element */
-){
-  struct _ht *pEntry;
-  if( elem->prev ){
-    elem->prev->next = elem->next; 
-  }else{
-    pH->first = elem->next;
-  }
-  if( elem->next ){
-    elem->next->prev = elem->prev;
-  }
-  pEntry = &pH->ht[h];
-  if( pEntry->chain==elem ){
-    pEntry->chain = elem->next;
-  }
-  pEntry->count--;
-  if( pEntry->count<=0 ){
-    pEntry->chain = 0;
-  }
-  if( pH->copyKey && elem->pKey ){
-    sqliteFree(elem->pKey);
-  }
-  sqliteFree( elem );
-  pH->count--;
-}
-
-/* Attempt to locate an element of the hash table pH with a key
-** that matches pKey,nKey.  Return the data for this element if it is
-** found, or NULL if there is no match.
-*/
-void *sqlite3HashFind(const Hash *pH, const void *pKey, int nKey){
-  int h;             /* A hash on key */
-  HashElem *elem;    /* The element that matches key */
-  int (*xHash)(const void*,int);  /* The hash function */
-
-  if( pH==0 || pH->ht==0 ) return 0;
-  xHash = hashFunction(pH->keyClass);
-  assert( xHash!=0 );
-  h = (*xHash)(pKey,nKey);
-  assert( (pH->htsize & (pH->htsize-1))==0 );
-  elem = findElementGivenHash(pH,pKey,nKey, h & (pH->htsize-1));
-  return elem ? elem->data : 0;
-}
-
-/* Insert an element into the hash table pH.  The key is pKey,nKey
-** and the data is "data".
-**
-** If no element exists with a matching key, then a new
-** element is created.  A copy of the key is made if the copyKey
-** flag is set.  NULL is returned.
-**
-** If another element already exists with the same key, then the
-** new data replaces the old data and the old data is returned.
-** The key is not copied in this instance.  If a malloc fails, then
-** the new data is returned and the hash table is unchanged.
-**
-** If the "data" parameter to this function is NULL, then the
-** element corresponding to "key" is removed from the hash table.
-*/
-void *sqlite3HashInsert(Hash *pH, const void *pKey, int nKey, void *data){
-  int hraw;             /* Raw hash value of the key */
-  int h;                /* the hash of the key modulo hash table size */
-  HashElem *elem;       /* Used to loop thru the element list */
-  HashElem *new_elem;   /* New element added to the pH */
-  int (*xHash)(const void*,int);  /* The hash function */
-
-  assert( pH!=0 );
-  xHash = hashFunction(pH->keyClass);
-  assert( xHash!=0 );
-  hraw = (*xHash)(pKey, nKey);
-  assert( (pH->htsize & (pH->htsize-1))==0 );
-  h = hraw & (pH->htsize-1);
-  elem = findElementGivenHash(pH,pKey,nKey,h);
-  if( elem ){
-    void *old_data = elem->data;
-    if( data==0 ){
-      removeElementGivenHash(pH,elem,h);
-    }else{
-      elem->data = data;
-    }
-    return old_data;
-  }
-  if( data==0 ) return 0;
-  new_elem = (HashElem*)sqliteMalloc( sizeof(HashElem) );
-  if( new_elem==0 ) return data;
-  if( pH->copyKey && pKey!=0 ){
-    new_elem->pKey = sqliteMallocRaw( nKey );
-    if( new_elem->pKey==0 ){
-      sqliteFree(new_elem);
-      return data;
-    }
-    memcpy((void*)new_elem->pKey, pKey, nKey);
-  }else{
-    new_elem->pKey = (void*)pKey;
-  }
-  new_elem->nKey = nKey;
-  pH->count++;
-  if( pH->htsize==0 ){
-    rehash(pH,8);
-    if( pH->htsize==0 ){
-      pH->count = 0;
-      sqliteFree(new_elem);
-      return data;
-    }
-  }
-  if( pH->count > pH->htsize ){
-    rehash(pH,pH->htsize*2);
-  }
-  assert( pH->htsize>0 );
-  assert( (pH->htsize & (pH->htsize-1))==0 );
-  h = hraw & (pH->htsize-1);
-  insertElement(pH, &pH->ht[h], new_elem);
-  new_elem->data = data;
-  return 0;
-}
--- a/mozilla/security/nss/lib/sqlite/hash.h
+++ b/mozilla/security/nss/lib/sqlite/hash.h
@@ -1,109 +0,0 @@
-/*
-** 2001 September 22
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This is the header file for the generic hash-table implemenation
-** used in SQLite.
-**
-** $Id: hash.h,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#ifndef _SQLITE_HASH_H_
-#define _SQLITE_HASH_H_
-
-/* Forward declarations of structures. */
-typedef struct Hash Hash;
-typedef struct HashElem HashElem;
-
-/* A complete hash table is an instance of the following structure.
-** The internals of this structure are intended to be opaque -- client
-** code should not attempt to access or modify the fields of this structure
-** directly.  Change this structure only by using the routines below.
-** However, many of the "procedures" and "functions" for modifying and
-** accessing this structure are really macros, so we can't really make
-** this structure opaque.
-*/
-struct Hash {
-  char keyClass;          /* SQLITE_HASH_INT, _POINTER, _STRING, _BINARY */
-  char copyKey;           /* True if copy of key made on insert */
-  int count;              /* Number of entries in this table */
-  HashElem *first;        /* The first element of the array */
-  int htsize;             /* Number of buckets in the hash table */
-  struct _ht {            /* the hash table */
-    int count;               /* Number of entries with this hash */
-    HashElem *chain;         /* Pointer to first entry with this hash */
-  } *ht;
-};
-
-/* Each element in the hash table is an instance of the following 
-** structure.  All elements are stored on a single doubly-linked list.
-**
-** Again, this structure is intended to be opaque, but it can't really
-** be opaque because it is used by macros.
-*/
-struct HashElem {
-  HashElem *next, *prev;   /* Next and previous elements in the table */
-  void *data;              /* Data associated with this element */
-  void *pKey; int nKey;    /* Key associated with this element */
-};
-
-/*
-** There are 4 different modes of operation for a hash table:
-**
-**   SQLITE_HASH_INT         nKey is used as the key and pKey is ignored.
-**
-**   SQLITE_HASH_POINTER     pKey is used as the key and nKey is ignored.
-**
-**   SQLITE_HASH_STRING      pKey points to a string that is nKey bytes long
-**                           (including the null-terminator, if any).  Case
-**                           is ignored in comparisons.
-**
-**   SQLITE_HASH_BINARY      pKey points to binary data nKey bytes long. 
-**                           memcmp() is used to compare keys.
-**
-** A copy of the key is made for SQLITE_HASH_STRING and SQLITE_HASH_BINARY
-** if the copyKey parameter to HashInit is 1.  
-*/
-/* #define SQLITE_HASH_INT       1 // NOT USED */
-/* #define SQLITE_HASH_POINTER   2 // NOT USED */
-#define SQLITE_HASH_STRING    3
-#define SQLITE_HASH_BINARY    4
-
-/*
-** Access routines.  To delete, insert a NULL pointer.
-*/
-void sqlite3HashInit(Hash*, int keytype, int copyKey);
-void *sqlite3HashInsert(Hash*, const void *pKey, int nKey, void *pData);
-void *sqlite3HashFind(const Hash*, const void *pKey, int nKey);
-void sqlite3HashClear(Hash*);
-
-/*
-** Macros for looping over all elements of a hash table.  The idiom is
-** like this:
-**
-**   Hash h;
-**   HashElem *p;
-**   ...
-**   for(p=sqliteHashFirst(&h); p; p=sqliteHashNext(p)){
-**     SomeStructure *pData = sqliteHashData(p);
-**     // do something with pData
-**   }
-*/
-#define sqliteHashFirst(H)  ((H)->first)
-#define sqliteHashNext(E)   ((E)->next)
-#define sqliteHashData(E)   ((E)->data)
-#define sqliteHashKey(E)    ((E)->pKey)
-#define sqliteHashKeysize(E) ((E)->nKey)
-
-/*
-** Number of entries in a hash table
-*/
-#define sqliteHashCount(H)  ((H)->count)
-
-#endif /* _SQLITE_HASH_H_ */
--- a/mozilla/security/nss/lib/sqlite/insert.c
+++ b/mozilla/security/nss/lib/sqlite/insert.c
--- a/mozilla/security/nss/lib/sqlite/keywordhash.h
+++ b/mozilla/security/nss/lib/sqlite/keywordhash.h
@@ -1,96 +0,0 @@
-/* Hash score: 153 */
-static int keywordCode(const char *z, int n){
-  static const char zText[515] =
-    "ABORTABLEFTEMPORARYADDATABASELECTHENDEFAULTRANSACTIONATURALTER"
-    "AISEACHECKEYAFTEREFERENCESCAPELSEXCEPTRIGGEREGEXPLAINITIALLYAND"
-    "EFERRABLEXCLUSIVEXISTSTATEMENTATTACHAVINGLOBEFOREIGNOREINDEXAUTOINCREMENT"
-    "BEGINNERENAMEBETWEENOTNULLIKEBYCASCADEFERREDELETECASECOLLATECOLUMN"
-    "COMMITCONFLICTCONSTRAINTERSECTCREATECROSSCURRENT_DATECURRENT_TIMESTAMP"
-    "RAGMATCHDESCDETACHDISTINCTDROPRIMARYFAILIMITFROMFULLGROUPDATE"
-    "IMMEDIATEINSERTINSTEADINTOFFSETISNULLJOINORDEREPLACEOUTERESTRICT"
-    "RIGHTROLLBACKROWHENUNIONUNIQUEUSINGVACUUMVALUESVIEWHERE";
-  static const unsigned char aHash[127] = {
-      89,  79, 102,  88,   0,   4,   0,   0, 109,   0,  75,   0,   0,
-      92,  43,   0,  90,   0, 101, 104,  94,   0,   0,  10,   0,   0,
-     108,   0, 105, 100,   0,  28,  47,   0,  40,   0,   0,  63,  69,
-       0,  62,  19,   0,   0,  32,  81,   0, 103,  72,   0,   0,  34,
-       0,  60,  33,   0,   8,   0, 110,  37,  12,   0,  76,  39,  25,
-      64,   0,   0,  31,  80,  52,  30,  49,  20,  86,   0,  35,   0,
-      73,  26,   0,  70,   0,   0,   0,   0,  46,  65,  22,  85,  29,
-      67,  84,   0,   1,   0,   9,  98,  57,  18,   0, 107,  74,  96,
-      53,   6,  83,   0,   0,  48,  91,   0,  99,   0,  68,   0,   0,
-      15,   0, 111,  50,  55,   0,   2,  54,   0, 106,
-  };
-  static const unsigned char aNext[111] = {
-       0,   0,   0,   0,   0,   3,   0,   0,   0,   0,   0,   0,   0,
-       0,   0,   0,   0,   0,   0,   0,   0,  17,   0,   0,   0,   0,
-       0,  11,   0,   0,   0,   7,   0,   5,  13,   0,   0,   0,   0,
-       0,   0,   0,   0,   0,   0,  42,   0,   0,   0,   0,   0,   0,
-       0,  16,   0,  23,  51,   0,   0,   0,   0,  44,  58,   0,   0,
-       0,   0,   0,   0,   0,   0,  71,  41,   0,   0,  24,  59,  21,
-       0,  78,   0,  66,   0,   0,  82,  45,   0,   0,   0,   0,   0,
-       0,   0,  38,  93,  95,   0,   0,  97,   0,  14,  27,  77,   0,
-      56,  87,   0,  36,   0,  61,   0,
-  };
-  static const unsigned char aLen[111] = {
-       5,   5,   4,   4,   9,   2,   3,   8,   2,   6,   4,   3,   7,
-      11,   2,   7,   5,   5,   4,   5,   3,   5,  10,   6,   4,   6,
-       7,   6,   7,   9,   3,   3,  10,   9,   6,   9,   6,   6,   4,
-       6,   3,   7,   6,   7,   5,  13,   2,   2,   5,   5,   6,   7,
-       3,   7,   4,   4,   2,   7,   3,   8,   6,   4,   7,   6,   6,
-       8,  10,   9,   6,   5,  12,  12,  17,   6,   5,   4,   6,   8,
-       2,   4,   7,   4,   5,   4,   4,   5,   6,   9,   6,   7,   4,
-       2,   6,   3,   6,   4,   5,   7,   5,   8,   5,   8,   3,   4,
-       5,   6,   5,   6,   6,   4,   5,
-  };
-  static const unsigned short int aOffset[111] = {
-       0,   4,   7,  10,  10,  14,  19,  21,  26,  27,  32,  34,  36,
-      42,  51,  52,  57,  61,  65,  67,  71,  74,  78,  86,  91,  94,
-      99, 105, 108, 113, 118, 122, 124, 133, 141, 146, 155, 160, 165,
-     168, 170, 170, 174, 178, 180, 185, 187, 189, 198, 201, 205, 211,
-     217, 217, 220, 223, 227, 229, 230, 234, 241, 247, 251, 258, 264,
-     270, 278, 285, 294, 300, 305, 317, 317, 333, 337, 342, 346, 352,
-     353, 360, 363, 370, 373, 378, 382, 386, 389, 395, 404, 410, 417,
-     420, 420, 423, 426, 432, 436, 440, 447, 451, 459, 464, 472, 474,
-     478, 483, 489, 494, 500, 506, 509,
-  };
-  static const unsigned char aCode[111] = {
-    TK_ABORT,      TK_TABLE,      TK_JOIN_KW,    TK_TEMP,       TK_TEMP,       
-    TK_OR,         TK_ADD,        TK_DATABASE,   TK_AS,         TK_SELECT,     
-    TK_THEN,       TK_END,        TK_DEFAULT,    TK_TRANSACTION,TK_ON,         
-    TK_JOIN_KW,    TK_ALTER,      TK_RAISE,      TK_EACH,       TK_CHECK,      
-    TK_KEY,        TK_AFTER,      TK_REFERENCES, TK_ESCAPE,     TK_ELSE,       
-    TK_EXCEPT,     TK_TRIGGER,    TK_LIKE_KW,    TK_EXPLAIN,    TK_INITIALLY,  
-    TK_ALL,        TK_AND,        TK_DEFERRABLE, TK_EXCLUSIVE,  TK_EXISTS,     
-    TK_STATEMENT,  TK_ATTACH,     TK_HAVING,     TK_LIKE_KW,    TK_BEFORE,     
-    TK_FOR,        TK_FOREIGN,    TK_IGNORE,     TK_REINDEX,    TK_INDEX,      
-    TK_AUTOINCR,   TK_TO,         TK_IN,         TK_BEGIN,      TK_JOIN_KW,    
-    TK_RENAME,     TK_BETWEEN,    TK_NOT,        TK_NOTNULL,    TK_NULL,       
-    TK_LIKE_KW,    TK_BY,         TK_CASCADE,    TK_ASC,        TK_DEFERRED,   
-    TK_DELETE,     TK_CASE,       TK_COLLATE,    TK_COLUMNKW,   TK_COMMIT,     
-    TK_CONFLICT,   TK_CONSTRAINT, TK_INTERSECT,  TK_CREATE,     TK_JOIN_KW,    
-    TK_CTIME_KW,   TK_CTIME_KW,   TK_CTIME_KW,   TK_PRAGMA,     TK_MATCH,      
-    TK_DESC,       TK_DETACH,     TK_DISTINCT,   TK_IS,         TK_DROP,       
-    TK_PRIMARY,    TK_FAIL,       TK_LIMIT,      TK_FROM,       TK_JOIN_KW,    
-    TK_GROUP,      TK_UPDATE,     TK_IMMEDIATE,  TK_INSERT,     TK_INSTEAD,    
-    TK_INTO,       TK_OF,         TK_OFFSET,     TK_SET,        TK_ISNULL,     
-    TK_JOIN,       TK_ORDER,      TK_REPLACE,    TK_JOIN_KW,    TK_RESTRICT,   
-    TK_JOIN_KW,    TK_ROLLBACK,   TK_ROW,        TK_WHEN,       TK_UNION,      
-    TK_UNIQUE,     TK_USING,      TK_VACUUM,     TK_VALUES,     TK_VIEW,       
-    TK_WHERE,      
-  };
-  int h, i;
-  if( n<2 ) return TK_ID;
-  h = ((sqlite3UpperToLower[((unsigned char*)z)[0]]*4) ^
-      (sqlite3UpperToLower[((unsigned char*)z)[n-1]]*3) ^
-      n) % 127;
-  for(i=((int)aHash[h])-1; i>=0; i=((int)aNext[i])-1){
-    if( aLen[i]==n && sqlite3StrNICmp(&zText[aOffset[i]],z,n)==0 ){
-      return aCode[i];
-    }
-  }
-  return TK_ID;
-}
-int sqlite3KeywordCode(const char *z, int n){
-  return keywordCode(z, n);
-}
--- a/mozilla/security/nss/lib/sqlite/legacy.c
+++ b/mozilla/security/nss/lib/sqlite/legacy.c
@@ -1,138 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** Main file for the SQLite library.  The routines in this file
-** implement the programmer interface to the library.  Routines in
-** other files are for internal use by SQLite and should not be
-** accessed by users of the library.
-**
-** $Id: legacy.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-
-#include "sqliteInt.h"
-#include "os.h"
-#include <ctype.h>
-
-/*
-** Execute SQL code.  Return one of the SQLITE_ success/failure
-** codes.  Also write an error message into memory obtained from
-** malloc() and make *pzErrMsg point to that message.
-**
-** If the SQL is a query, then for each row in the query result
-** the xCallback() function is called.  pArg becomes the first
-** argument to xCallback().  If xCallback=NULL then no callback
-** is invoked, even for queries.
-*/
-int sqlite3_exec(
-  sqlite3 *db,                /* The database on which the SQL executes */
-  const char *zSql,           /* The SQL to be executed */
-  sqlite3_callback xCallback, /* Invoke this callback routine */
-  void *pArg,                 /* First argument to xCallback() */
-  char **pzErrMsg             /* Write error messages here */
-){
-  int rc = SQLITE_OK;
-  const char *zLeftover;
-  sqlite3_stmt *pStmt = 0;
-  char **azCols = 0;
-
-  int nRetry = 0;
-  int nChange = 0;
-  int nCallback;
-
-  if( zSql==0 ) return SQLITE_OK;
-  while( (rc==SQLITE_OK || (rc==SQLITE_SCHEMA && (++nRetry)<2)) && zSql[0] ){
-    int nCol;
-    char **azVals = 0;
-
-    pStmt = 0;
-    rc = sqlite3_prepare(db, zSql, -1, &pStmt, &zLeftover);
-    if( rc!=SQLITE_OK ){
-      if( pStmt ) sqlite3_finalize(pStmt);
-      continue;
-    }
-    if( !pStmt ){
-      /* this happens for a comment or white-space */
-      zSql = zLeftover;
-      continue;
-    }
-
-    db->nChange += nChange;
-    nCallback = 0;
-
-    nCol = sqlite3_column_count(pStmt);
-    azCols = sqliteMalloc(2*nCol*sizeof(const char *));
-    if( nCol && !azCols ){
-      rc = SQLITE_NOMEM;
-      goto exec_out;
-    }
-
-    while( 1 ){
-      int i;
-      rc = sqlite3_step(pStmt);
-
-      /* Invoke the callback function if required */
-      if( xCallback && (SQLITE_ROW==rc || 
-          (SQLITE_DONE==rc && !nCallback && db->flags&SQLITE_NullCallback)) ){
-        if( 0==nCallback ){
-          for(i=0; i<nCol; i++){
-            azCols[i] = (char *)sqlite3_column_name(pStmt, i);
-          }
-          nCallback++;
-        }
-        if( rc==SQLITE_ROW ){
-          azVals = &azCols[nCol];
-          for(i=0; i<nCol; i++){
-            azVals[i] = (char *)sqlite3_column_text(pStmt, i);
-          }
-        }
-        if( xCallback(pArg, nCol, azVals, azCols) ){
-          rc = SQLITE_ABORT;
-          goto exec_out;
-        }
-      }
-
-      if( rc!=SQLITE_ROW ){
-        rc = sqlite3_finalize(pStmt);
-        pStmt = 0;
-        if( db->pVdbe==0 ){
-          nChange = db->nChange;
-        }
-        if( rc!=SQLITE_SCHEMA ){
-          nRetry = 0;
-          zSql = zLeftover;
-          while( isspace((unsigned char)zSql[0]) ) zSql++;
-        }
-        break;
-      }
-    }
-
-    sqliteFree(azCols);
-    azCols = 0;
-  }
-
-exec_out:
-  if( pStmt ) sqlite3_finalize(pStmt);
-  if( azCols ) sqliteFree(azCols);
-
-  if( sqlite3_malloc_failed ){
-    rc = SQLITE_NOMEM;
-  }
-  if( rc!=SQLITE_OK && rc==sqlite3_errcode(db) && pzErrMsg ){
-    *pzErrMsg = malloc(1+strlen(sqlite3_errmsg(db)));
-    if( *pzErrMsg ){
-      strcpy(*pzErrMsg, sqlite3_errmsg(db));
-    }
-  }else if( pzErrMsg ){
-    *pzErrMsg = 0;
-  }
-
-  return rc;
-}
--- a/mozilla/security/nss/lib/sqlite/main.c
+++ b/mozilla/security/nss/lib/sqlite/main.c
--- a/mozilla/security/nss/lib/sqlite/manifest.mn
+++ b/mozilla/security/nss/lib/sqlite/manifest.mn
@@ -1,88 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-
-EXPORTS = \
-	sqlite3.h \
-	$(NULL)
-
-MODULE = sqlite
-
-CSRCS = \
-	alter.c \
-	attach.c \
-	auth.c \
-	btree.c \
-	build.c \
-	callback.c \
-	date.c \
-	delete.c \
-	expr.c \
-	func.c \
-	hash.c \
-	insert.c \
-	legacy.c \
-	main.c \
-	opcodes.c \
-	os_unix.c \
-	os_win.c \
-	pager.c \
-	parse.c \
-	pragma.c \
-	prepare.c \
-	printf.c \
-	random.c \
-	select.c \
-	table.c \
-	tokenize.c \
-	trigger.c \
-	update.c \
-	utf.c \
-	util.c \
-	vacuum.c \
-	vdbe.c \
-	vdbeapi.c \
-	vdbeaux.c \
-	vdbemem.c \
-	where.c \
-	$(NULL)
-
-
-MAPFILE = $(OBJDIR)/sqlite.def
-
-LIBRARY_NAME = sqlite
-LIBRARY_VERSION = 3
--- a/mozilla/security/nss/lib/sqlite/nss.h
+++ b/mozilla/security/nss/lib/sqlite/nss.h
@@ -1,63 +0,0 @@
-/*
- * NSS utility functions
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: nss.h,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $ */
-
-#ifndef __nss_h_
-#define __nss_h_
-
-
-SEC_BEGIN_PROTOS
-
-/*
- * NSS's major version, minor version, patch level, and whether
- * this is a beta release.
- *
- * The format of the version string should be
- *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
- */
-#define NSS_VERSION  "3.10.1 Beta"
-#define NSS_VMAJOR   3
-#define NSS_VMINOR   10
-#define NSS_VPATCH   1
-#define NSS_BETA     PR_TRUE
-
-
-SEC_END_PROTOS
-
-#endif /* __nss_h_ */
--- a/mozilla/security/nss/lib/sqlite/opcodes.c
+++ b/mozilla/security/nss/lib/sqlite/opcodes.c
@@ -1,135 +0,0 @@
-/* Automatically generated.  Do not edit */
-/* See the mkopcodec.awk script for details. */
-#if !defined(SQLITE_OMIT_EXPLAIN) || !defined(NDEBUG) || defined(VDBE_PROFILE) || defined(SQLITE_DEBUG)
-const char *const sqlite3OpcodeNames[] = { "?",
- /*   1 */ "MemLoad",
- /*   2 */ "Column",
- /*   3 */ "SetCookie",
- /*   4 */ "IfMemPos",
- /*   5 */ "MoveGt",
- /*   6 */ "AggFocus",
- /*   7 */ "RowKey",
- /*   8 */ "AggNext",
- /*   9 */ "OpenWrite",
- /*  10 */ "If",
- /*  11 */ "Pop",
- /*  12 */ "AggContextPush",
- /*  13 */ "CollSeq",
- /*  14 */ "OpenRead",
- /*  15 */ "Expire",
- /*  16 */ "SortReset",
- /*  17 */ "AutoCommit",
- /*  18 */ "Sort",
- /*  19 */ "ListRewind",
- /*  20 */ "IntegrityCk",
- /*  21 */ "SortInsert",
- /*  22 */ "Function",
- /*  23 */ "Noop",
- /*  24 */ "Return",
- /*  25 */ "NewRowid",
- /*  26 */ "Variable",
- /*  27 */ "String",
- /*  28 */ "ParseSchema",
- /*  29 */ "AggFunc",
- /*  30 */ "Close",
- /*  31 */ "ListWrite",
- /*  32 */ "CreateIndex",
- /*  33 */ "IsUnique",
- /*  34 */ "IdxIsNull",
- /*  35 */ "NotFound",
- /*  36 */ "MustBeInt",
- /*  37 */ "Halt",
- /*  38 */ "Rowid",
- /*  39 */ "IdxLT",
- /*  40 */ "AddImm",
- /*  41 */ "Statement",
- /*  42 */ "RowData",
- /*  43 */ "MemMax",
- /*  44 */ "Push",
- /*  45 */ "NotExists",
- /*  46 */ "OpenTemp",
- /*  47 */ "MemIncr",
- /*  48 */ "Gosub",
- /*  49 */ "AggSet",
- /*  50 */ "Integer",
- /*  51 */ "SortNext",
- /*  52 */ "Prev",
- /*  53 */ "CreateTable",
- /*  54 */ "Last",
- /*  55 */ "IdxRowid",
- /*  56 */ "ResetCount",
- /*  57 */ "Callback",
- /*  58 */ "ContextPush",
- /*  59 */ "DropTrigger",
- /*  60 */ "DropIndex",
- /*  61 */ "IdxGE",
- /*  62 */ "Or",
- /*  63 */ "And",
- /*  64 */ "Not",
- /*  65 */ "IdxDelete",
- /*  66 */ "Vacuum",
- /*  67 */ "MoveLe",
- /*  68 */ "IsNull",
- /*  69 */ "NotNull",
- /*  70 */ "Ne",
- /*  71 */ "Eq",
- /*  72 */ "Gt",
- /*  73 */ "Le",
- /*  74 */ "Lt",
- /*  75 */ "Ge",
- /*  76 */ "IfNot",
- /*  77 */ "BitAnd",
- /*  78 */ "BitOr",
- /*  79 */ "ShiftLeft",
- /*  80 */ "ShiftRight",
- /*  81 */ "Add",
- /*  82 */ "Subtract",
- /*  83 */ "Multiply",
- /*  84 */ "Divide",
- /*  85 */ "Remainder",
- /*  86 */ "Concat",
- /*  87 */ "Negative",
- /*  88 */ "DropTable",
- /*  89 */ "BitNot",
- /*  90 */ "String8",
- /*  91 */ "MakeRecord",
- /*  92 */ "Delete",
- /*  93 */ "AggContextPop",
- /*  94 */ "ListRead",
- /*  95 */ "ListReset",
- /*  96 */ "Dup",
- /*  97 */ "Goto",
- /*  98 */ "Clear",
- /*  99 */ "IdxGT",
- /* 100 */ "MoveLt",
- /* 101 */ "VerifyCookie",
- /* 102 */ "Pull",
- /* 103 */ "SetNumColumns",
- /* 104 */ "AbsValue",
- /* 105 */ "Transaction",
- /* 106 */ "AggGet",
- /* 107 */ "ContextPop",
- /* 108 */ "Next",
- /* 109 */ "AggInit",
- /* 110 */ "IdxInsert",
- /* 111 */ "Distinct",
- /* 112 */ "AggReset",
- /* 113 */ "Insert",
- /* 114 */ "Destroy",
- /* 115 */ "ReadCookie",
- /* 116 */ "ForceInt",
- /* 117 */ "OpenPseudo",
- /* 118 */ "Null",
- /* 119 */ "Blob",
- /* 120 */ "MemStore",
- /* 121 */ "Rewind",
- /* 122 */ "MoveGe",
- /* 123 */ "Found",
- /* 124 */ "NullRow",
- /* 125 */ "NotUsed_125",
- /* 126 */ "NotUsed_126",
- /* 127 */ "NotUsed_127",
- /* 128 */ "Real",
- /* 129 */ "HexBlob",
-};
-#endif
--- a/mozilla/security/nss/lib/sqlite/opcodes.h
+++ b/mozilla/security/nss/lib/sqlite/opcodes.h
@@ -1,144 +0,0 @@
-/* Automatically generated.  Do not edit */
-/* See the mkopcodeh.awk script for details */
-#define OP_MemLoad                              1
-#define OP_HexBlob                            129   /* same as TK_BLOB     */
-#define OP_Column                               2
-#define OP_SetCookie                            3
-#define OP_IfMemPos                             4
-#define OP_Real                               128   /* same as TK_FLOAT    */
-#define OP_MoveGt                               5
-#define OP_Ge                                  75   /* same as TK_GE       */
-#define OP_AggFocus                             6
-#define OP_RowKey                               7
-#define OP_AggNext                              8
-#define OP_Eq                                  71   /* same as TK_EQ       */
-#define OP_OpenWrite                            9
-#define OP_NotNull                             69   /* same as TK_NOTNULL  */
-#define OP_If                                  10
-#define OP_String8                             90   /* same as TK_STRING   */
-#define OP_Pop                                 11
-#define OP_AggContextPush                      12
-#define OP_CollSeq                             13
-#define OP_OpenRead                            14
-#define OP_Expire                              15
-#define OP_SortReset                           16
-#define OP_AutoCommit                          17
-#define OP_Gt                                  72   /* same as TK_GT       */
-#define OP_Sort                                18
-#define OP_ListRewind                          19
-#define OP_IntegrityCk                         20
-#define OP_SortInsert                          21
-#define OP_Function                            22
-#define OP_And                                 63   /* same as TK_AND      */
-#define OP_Subtract                            82   /* same as TK_MINUS    */
-#define OP_Noop                                23
-#define OP_Return                              24
-#define OP_Remainder                           85   /* same as TK_REM      */
-#define OP_NewRowid                            25
-#define OP_Multiply                            83   /* same as TK_STAR     */
-#define OP_Variable                            26
-#define OP_String                              27
-#define OP_ParseSchema                         28
-#define OP_AggFunc                             29
-#define OP_Close                               30
-#define OP_ListWrite                           31
-#define OP_CreateIndex                         32
-#define OP_IsUnique                            33
-#define OP_IdxIsNull                           34
-#define OP_NotFound                            35
-#define OP_MustBeInt                           36
-#define OP_Halt                                37
-#define OP_Rowid                               38
-#define OP_IdxLT                               39
-#define OP_AddImm                              40
-#define OP_Statement                           41
-#define OP_RowData                             42
-#define OP_MemMax                              43
-#define OP_Push                                44
-#define OP_Or                                  62   /* same as TK_OR       */
-#define OP_NotExists                           45
-#define OP_OpenTemp                            46
-#define OP_MemIncr                             47
-#define OP_Gosub                               48
-#define OP_Divide                              84   /* same as TK_SLASH    */
-#define OP_AggSet                              49
-#define OP_Integer                             50
-#define OP_SortNext                            51
-#define OP_Prev                                52
-#define OP_Concat                              86   /* same as TK_CONCAT   */
-#define OP_BitAnd                              77   /* same as TK_BITAND   */
-#define OP_CreateTable                         53
-#define OP_Last                                54
-#define OP_IsNull                              68   /* same as TK_ISNULL   */
-#define OP_IdxRowid                            55
-#define OP_ShiftRight                          80   /* same as TK_RSHIFT   */
-#define OP_ResetCount                          56
-#define OP_Callback                            57
-#define OP_ContextPush                         58
-#define OP_DropTrigger                         59
-#define OP_DropIndex                           60
-#define OP_IdxGE                               61
-#define OP_IdxDelete                           65
-#define OP_Vacuum                              66
-#define OP_MoveLe                              67
-#define OP_IfNot                               76
-#define OP_DropTable                           88
-#define OP_MakeRecord                          91
-#define OP_Delete                              92
-#define OP_AggContextPop                       93
-#define OP_ListRead                            94
-#define OP_ListReset                           95
-#define OP_ShiftLeft                           79   /* same as TK_LSHIFT   */
-#define OP_Dup                                 96
-#define OP_Goto                                97
-#define OP_Clear                               98
-#define OP_IdxGT                               99
-#define OP_MoveLt                             100
-#define OP_Le                                  73   /* same as TK_LE       */
-#define OP_VerifyCookie                       101
-#define OP_Pull                               102
-#define OP_Not                                 64   /* same as TK_NOT      */
-#define OP_SetNumColumns                      103
-#define OP_AbsValue                           104
-#define OP_Transaction                        105
-#define OP_Negative                            87   /* same as TK_UMINUS   */
-#define OP_Ne                                  70   /* same as TK_NE       */
-#define OP_AggGet                             106
-#define OP_ContextPop                         107
-#define OP_BitOr                               78   /* same as TK_BITOR    */
-#define OP_Next                               108
-#define OP_AggInit                            109
-#define OP_IdxInsert                          110
-#define OP_Distinct                           111
-#define OP_Lt                                  74   /* same as TK_LT       */
-#define OP_AggReset                           112
-#define OP_Insert                             113
-#define OP_Destroy                            114
-#define OP_ReadCookie                         115
-#define OP_ForceInt                           116
-#define OP_OpenPseudo                         117
-#define OP_Null                               118
-#define OP_Blob                               119
-#define OP_Add                                 81   /* same as TK_PLUS     */
-#define OP_MemStore                           120
-#define OP_Rewind                             121
-#define OP_MoveGe                             122
-#define OP_BitNot                              89   /* same as TK_BITNOT   */
-#define OP_Found                              123
-#define OP_NullRow                            124
-
-/* The following opcode values are never used */
-#define OP_NotUsed_125                        125
-#define OP_NotUsed_126                        126
-#define OP_NotUsed_127                        127
-
-#define NOPUSH_MASK_0 65400
-#define NOPUSH_MASK_1 61871
-#define NOPUSH_MASK_2 64446
-#define NOPUSH_MASK_3 65363
-#define NOPUSH_MASK_4 65535
-#define NOPUSH_MASK_5 46015
-#define NOPUSH_MASK_6 64254
-#define NOPUSH_MASK_7 7987
-#define NOPUSH_MASK_8 0
-#define NOPUSH_MASK_9 0
--- a/mozilla/security/nss/lib/sqlite/os.h
+++ b/mozilla/security/nss/lib/sqlite/os.h
@@ -1,202 +0,0 @@
-/*
-** 2001 September 16
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-******************************************************************************
-**
-** This header file (together with is companion C source-code file
-** "os.c") attempt to abstract the underlying operating system so that
-** the SQLite library will work on both POSIX and windows systems.
-*/
-#ifndef _SQLITE_OS_H_
-#define _SQLITE_OS_H_
-
-/*
-** Figure out if we are dealing with Unix, Windows or MacOS.
-**
-** N.B. MacOS means Mac Classic (or Carbon). Treat Darwin (OS X) as Unix.
-**      The MacOS build is designed to use CodeWarrior (tested with v8)
-*/
-#if !defined(OS_UNIX) && !defined(OS_TEST) && !defined(OS_OTHER)
-# define OS_OTHER 0
-# ifndef OS_WIN
-#   if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__BORLANDC__)
-#     define OS_WIN 1
-#     define OS_UNIX 0
-#   else
-#     define OS_WIN 0
-#     define OS_UNIX 1
-#  endif
-# else
-#  define OS_UNIX 0
-# endif
-#else
-# ifndef OS_WIN
-#  define OS_WIN 0
-# endif
-#endif
-
-/*
-** Invoke the appropriate operating-system specific header file.
-*/
-#if OS_TEST
-# include "os_test.h"
-#endif
-#if OS_UNIX
-# include "os_unix.h"
-#endif
-#if OS_WIN
-# include "os_win.h"
-#endif
-
-/* os_other.c and os_other.h are not delivered with SQLite.  These files
-** are place-holders that can be filled in by third-party developers to
-** implement backends to their on proprietary operating systems.
-*/
-#if OS_OTHER
-# include "os_other.h"
-#endif
-
-/* If the SET_FULLSYNC macro is not defined above, then make it
-** a no-op
-*/
-#ifndef SET_FULLSYNC
-# define SET_FULLSYNC(x,y)
-#endif
-
-/*
-** Temporary files are named starting with this prefix followed by 16 random
-** alphanumeric characters, and no file extension. They are stored in the
-** OS's standard temporary file directory, and are deleted prior to exit.
-** If sqlite is being embedded in another program, you may wish to change the
-** prefix to reflect your program's name, so that if your program exits
-** prematurely, old temporary files can be easily identified. This can be done
-** using -DTEMP_FILE_PREFIX=myprefix_ on the compiler command line.
-*/
-#ifndef TEMP_FILE_PREFIX
-# define TEMP_FILE_PREFIX "sqlite_"
-#endif
-
-/*
-** The following values may be passed as the second argument to
-** sqlite3OsLock(). The various locks exhibit the following semantics:
-**
-** SHARED:    Any number of processes may hold a SHARED lock simultaneously.
-** RESERVED:  A single process may hold a RESERVED lock on a file at
-**            any time. Other processes may hold and obtain new SHARED locks.
-** PENDING:   A single process may hold a PENDING lock on a file at
-**            any one time. Existing SHARED locks may persist, but no new
-**            SHARED locks may be obtained by other processes.
-** EXCLUSIVE: An EXCLUSIVE lock precludes all other locks.
-**
-** PENDING_LOCK may not be passed directly to sqlite3OsLock(). Instead, a
-** process that requests an EXCLUSIVE lock may actually obtain a PENDING
-** lock. This can be upgraded to an EXCLUSIVE lock by a subsequent call to
-** sqlite3OsLock().
-*/
-#define NO_LOCK         0
-#define SHARED_LOCK     1
-#define RESERVED_LOCK   2
-#define PENDING_LOCK    3
-#define EXCLUSIVE_LOCK  4
-
-/*
-** File Locking Notes:  (Mostly about windows but also some info for Unix)
-**
-** We cannot use LockFileEx() or UnlockFileEx() on Win95/98/ME because
-** those functions are not available.  So we use only LockFile() and
-** UnlockFile().
-**
-** LockFile() prevents not just writing but also reading by other processes.
-** A SHARED_LOCK is obtained by locking a single randomly-chosen 
-** byte out of a specific range of bytes. The lock byte is obtained at 
-** random so two separate readers can probably access the file at the 
-** same time, unless they are unlucky and choose the same lock byte.
-** An EXCLUSIVE_LOCK is obtained by locking all bytes in the range.
-** There can only be one writer.  A RESERVED_LOCK is obtained by locking
-** a single byte of the file that is designated as the reserved lock byte.
-** A PENDING_LOCK is obtained by locking a designated byte different from
-** the RESERVED_LOCK byte.
-**
-** On WinNT/2K/XP systems, LockFileEx() and UnlockFileEx() are available,
-** which means we can use reader/writer locks.  When reader/writer locks
-** are used, the lock is placed on the same range of bytes that is used
-** for probabilistic locking in Win95/98/ME.  Hence, the locking scheme
-** will support two or more Win95 readers or two or more WinNT readers.
-** But a single Win95 reader will lock out all WinNT readers and a single
-** WinNT reader will lock out all other Win95 readers.
-**
-** The following #defines specify the range of bytes used for locking.
-** SHARED_SIZE is the number of bytes available in the pool from which
-** a random byte is selected for a shared lock.  The pool of bytes for
-** shared locks begins at SHARED_FIRST. 
-**
-** These #defines are available in os.h so that Unix can use the same
-** byte ranges for locking.  This leaves open the possiblity of having
-** clients on win95, winNT, and unix all talking to the same shared file
-** and all locking correctly.  To do so would require that samba (or whatever
-** tool is being used for file sharing) implements locks correctly between
-** windows and unix.  I'm guessing that isn't likely to happen, but by
-** using the same locking range we are at least open to the possibility.
-**
-** Locking in windows is manditory.  For this reason, we cannot store
-** actual data in the bytes used for locking.  The pager never allocates
-** the pages involved in locking therefore.  SHARED_SIZE is selected so
-** that all locks will fit on a single page even at the minimum page size.
-** PENDING_BYTE defines the beginning of the locks.  By default PENDING_BYTE
-** is set high so that we don't have to allocate an unused page except
-** for very large databases.  But one should test the page skipping logic 
-** by setting PENDING_BYTE low and running the entire regression suite.
-**
-** Changing the value of PENDING_BYTE results in a subtly incompatible
-** file format.  Depending on how it is changed, you might not notice
-** the incompatibility right away, even running a full regression test.
-** The default location of PENDING_BYTE is the first byte past the
-** 1GB boundary.
-**
-*/
-#define PENDING_BYTE      0x40000000  /* First byte past the 1GB boundary */
-/* #define PENDING_BYTE     0x5400   // Page 22 - for testing */
-#define RESERVED_BYTE     (PENDING_BYTE+1)
-#define SHARED_FIRST      (PENDING_BYTE+2)
-#define SHARED_SIZE       510
-
-
-int sqlite3OsDelete(const char*);
-int sqlite3OsFileExists(const char*);
-int sqlite3OsOpenReadWrite(const char*, OsFile*, int*);
-int sqlite3OsOpenExclusive(const char*, OsFile*, int);
-int sqlite3OsOpenReadOnly(const char*, OsFile*);
-int sqlite3OsOpenDirectory(const char*, OsFile*);
-int sqlite3OsSyncDirectory(const char*);
-int sqlite3OsTempFileName(char*);
-int sqlite3OsIsDirWritable(char*);
-int sqlite3OsClose(OsFile*);
-int sqlite3OsRead(OsFile*, void*, int amt);
-int sqlite3OsWrite(OsFile*, const void*, int amt);
-int sqlite3OsSeek(OsFile*, i64 offset);
-int sqlite3OsSync(OsFile*);
-int sqlite3OsTruncate(OsFile*, i64 size);
-int sqlite3OsFileSize(OsFile*, i64 *pSize);
-char *sqlite3OsFullPathname(const char*);
-int sqlite3OsLock(OsFile*, int);
-int sqlite3OsUnlock(OsFile*, int);
-int sqlite3OsCheckReservedLock(OsFile *id);
-
-
-/* The interface for file I/O is above.  Other miscellaneous functions
-** are below */
-
-int sqlite3OsRandomSeed(char*);
-int sqlite3OsSleep(int ms);
-int sqlite3OsCurrentTime(double*);
-void sqlite3OsEnterMutex(void);
-void sqlite3OsLeaveMutex(void);
-
-#endif /* _SQLITE_OS_H_ */
--- a/mozilla/security/nss/lib/sqlite/os_common.h
+++ b/mozilla/security/nss/lib/sqlite/os_common.h
@@ -1,107 +0,0 @@
-/*
-** 2004 May 22
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-******************************************************************************
-**
-** This file contains macros and a little bit of code that is common to
-** all of the platform-specific files (os_*.c) and is #included into those
-** files.
-**
-** This file should be #included by the os_*.c files only.  It is not a
-** general purpose header file.
-*/
-
-/*
-** At least two bugs have slipped in because we changed the MEMORY_DEBUG
-** macro to SQLITE_DEBUG and some older makefiles have not yet made the
-** switch.  The following code should catch this problem at compile-time.
-*/
-#ifdef MEMORY_DEBUG
-# error "The MEMORY_DEBUG macro is obsolete.  Use SQLITE_DEBUG instead."
-#endif
-
-
-int sqlite3_os_trace = 0;
-#ifdef SQLITE_DEBUG
-static int last_page = 0;
-#define SEEK(X)           last_page=(X)
-#define TRACE1(X)         if( sqlite3_os_trace ) sqlite3DebugPrintf(X)
-#define TRACE2(X,Y)       if( sqlite3_os_trace ) sqlite3DebugPrintf(X,Y)
-#define TRACE3(X,Y,Z)     if( sqlite3_os_trace ) sqlite3DebugPrintf(X,Y,Z)
-#define TRACE4(X,Y,Z,A)   if( sqlite3_os_trace ) sqlite3DebugPrintf(X,Y,Z,A)
-#define TRACE5(X,Y,Z,A,B) if( sqlite3_os_trace ) sqlite3DebugPrintf(X,Y,Z,A,B)
-#define TRACE6(X,Y,Z,A,B,C) if(sqlite3_os_trace) sqlite3DebugPrintf(X,Y,Z,A,B,C)
-#define TRACE7(X,Y,Z,A,B,C,D) \
-    if(sqlite3_os_trace) sqlite3DebugPrintf(X,Y,Z,A,B,C,D)
-#else
-#define SEEK(X)
-#define TRACE1(X)
-#define TRACE2(X,Y)
-#define TRACE3(X,Y,Z)
-#define TRACE4(X,Y,Z,A)
-#define TRACE5(X,Y,Z,A,B)
-#define TRACE6(X,Y,Z,A,B,C)
-#define TRACE7(X,Y,Z,A,B,C,D)
-#endif
-
-/*
-** Macros for performance tracing.  Normally turned off.  Only works
-** on i486 hardware.
-*/
-#ifdef SQLITE_PERFORMANCE_TRACE
-__inline__ unsigned long long int hwtime(void){
-  unsigned long long int x;
-  __asm__("rdtsc\n\t"
-          "mov %%edx, %%ecx\n\t"
-          :"=A" (x));
-  return x;
-}
-static unsigned long long int g_start;
-static unsigned int elapse;
-#define TIMER_START       g_start=hwtime()
-#define TIMER_END         elapse=hwtime()-g_start
-#define TIMER_ELAPSED     elapse
-#else
-#define TIMER_START
-#define TIMER_END
-#define TIMER_ELAPSED     0
-#endif
-
-/*
-** If we compile with the SQLITE_TEST macro set, then the following block
-** of code will give us the ability to simulate a disk I/O error.  This
-** is used for testing the I/O recovery logic.
-*/
-#ifdef SQLITE_TEST
-int sqlite3_io_error_pending = 0;
-int sqlite3_diskfull_pending = 0;
-#define SimulateIOError(A)  \
-   if( sqlite3_io_error_pending ) \
-     if( sqlite3_io_error_pending-- == 1 ){ local_ioerr(); return A; }
-static void local_ioerr(){
-  sqlite3_io_error_pending = 0;  /* Really just a place to set a breakpoint */
-}
-#define SimulateDiskfullError \
-   if( sqlite3_diskfull_pending ) \
-     if( sqlite3_diskfull_pending-- == 1 ){ local_ioerr(); return SQLITE_FULL; }
-#else
-#define SimulateIOError(A)
-#define SimulateDiskfullError
-#endif
-
-/*
-** When testing, keep a count of the number of open files.
-*/
-#ifdef SQLITE_TEST
-int sqlite3_open_file_count = 0;
-#define OpenCounter(X)  sqlite3_open_file_count+=(X)
-#else
-#define OpenCounter(X)
-#endif
--- a/mozilla/security/nss/lib/sqlite/os_unix.c
+++ b/mozilla/security/nss/lib/sqlite/os_unix.c
--- a/mozilla/security/nss/lib/sqlite/os_unix.h
+++ b/mozilla/security/nss/lib/sqlite/os_unix.h
@@ -1,102 +0,0 @@
-/*
-** 2004 May 22
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-******************************************************************************
-**
-** This header file defined OS-specific features for Unix.
-*/
-#ifndef _SQLITE_OS_UNIX_H_
-#define _SQLITE_OS_UNIX_H_
-
-/*
-** Helpful hint:  To get this to compile on HP/UX, add -D_INCLUDE_POSIX_SOURCE
-** to the compiler command line.
-*/
-
-/*
-** These #defines should enable >2GB file support on Posix if the
-** underlying operating system supports it.  If the OS lacks
-** large file support, or if the OS is windows, these should be no-ops.
-**
-** Large file support can be disabled using the -DSQLITE_DISABLE_LFS switch
-** on the compiler command line.  This is necessary if you are compiling
-** on a recent machine (ex: RedHat 7.2) but you want your code to work
-** on an older machine (ex: RedHat 6.0).  If you compile on RedHat 7.2
-** without this option, LFS is enable.  But LFS does not exist in the kernel
-** in RedHat 6.0, so the code won't work.  Hence, for maximum binary
-** portability you should omit LFS.
-**
-** Similar is true for MacOS.  LFS is only supported on MacOS 9 and later.
-*/
-#ifndef SQLITE_DISABLE_LFS
-# define _LARGE_FILE       1
-# ifndef _FILE_OFFSET_BITS
-#   define _FILE_OFFSET_BITS 64
-# endif
-# define _LARGEFILE_SOURCE 1
-#endif
-
-/*
-** standard include files.
-*/
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-/*
-** The OsFile structure is a operating-system independing representation
-** of an open file handle.  It is defined differently for each architecture.
-**
-** This is the definition for Unix.
-**
-** OsFile.locktype takes one of the values SHARED_LOCK, RESERVED_LOCK,
-** PENDING_LOCK or EXCLUSIVE_LOCK.
-*/
-typedef struct OsFile OsFile;
-struct OsFile {
-  struct Pager *pPager;     /* The pager that owns this OsFile.  Might be 0 */
-  struct openCnt *pOpen;    /* Info about all open fd's on this inode */
-  struct lockInfo *pLock;   /* Info about locks on this inode */
-  int h;                    /* The file descriptor */
-  unsigned char locktype;   /* The type of lock held on this fd */
-  unsigned char isOpen;     /* True if needs to be closed */
-  unsigned char fullSync;   /* Use F_FULLSYNC if available */
-  int dirfd;                /* File descriptor for the directory */
-};
-
-/*
-** A macro to set the OsFile.fullSync flag, if it exists.
-*/
-#define SET_FULLSYNC(x,y)  ((x).fullSync = (y))
-
-/*
-** Maximum number of characters in a temporary file name
-*/
-#define SQLITE_TEMPNAME_SIZE 200
-
-/*
-** Minimum interval supported by sqlite3OsSleep().
-*/
-#if defined(HAVE_USLEEP) && HAVE_USLEEP
-# define SQLITE_MIN_SLEEP_MS 1
-#else
-# define SQLITE_MIN_SLEEP_MS 1000
-#endif
-
-/*
-** Default permissions when creating a new file
-*/
-#ifndef SQLITE_DEFAULT_FILE_PERMISSIONS
-# define SQLITE_DEFAULT_FILE_PERMISSIONS 0644
-#endif
-
-
-#endif /* _SQLITE_OS_UNIX_H_ */
--- a/mozilla/security/nss/lib/sqlite/os_win.c
+++ b/mozilla/security/nss/lib/sqlite/os_win.c
@@ -1,767 +0,0 @@
-/*
-** 2004 May 22
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-******************************************************************************
-**
-** This file contains code that is specific to windows.
-*/
-#include "sqliteInt.h"
-#include "os.h"
-#if OS_WIN               /* This file is used for windows only */
-
-#include <winbase.h>
-
-#ifdef __CYGWIN__
-# include <sys/cygwin.h>
-#endif
-
-/*
-** Macros used to determine whether or not to use threads.
-*/
-#if defined(THREADSAFE) && THREADSAFE
-# define SQLITE_W32_THREADS 1
-#endif
-
-/*
-** Include code that is common to all os_*.c files
-*/
-#include "os_common.h"
-
-/*
-** Do not include any of the File I/O interface procedures if the
-** SQLITE_OMIT_DISKIO macro is defined (indicating that there database
-** will be in-memory only)
-*/
-#ifndef SQLITE_OMIT_DISKIO
-
-/*
-** Delete the named file
-*/
-int sqlite3OsDelete(const char *zFilename){
-  DeleteFileA(zFilename);
-  TRACE2("DELETE \"%s\"\n", zFilename);
-  return SQLITE_OK;
-}
-
-/*
-** Return TRUE if the named file exists.
-*/
-int sqlite3OsFileExists(const char *zFilename){
-  return GetFileAttributesA(zFilename) != 0xffffffff;
-}
-
-/*
-** Attempt to open a file for both reading and writing.  If that
-** fails, try opening it read-only.  If the file does not exist,
-** try to create it.
-**
-** On success, a handle for the open file is written to *id
-** and *pReadonly is set to 0 if the file was opened for reading and
-** writing or 1 if the file was opened read-only.  The function returns
-** SQLITE_OK.
-**
-** On failure, the function returns SQLITE_CANTOPEN and leaves
-** *id and *pReadonly unchanged.
-*/
-int sqlite3OsOpenReadWrite(
-  const char *zFilename,
-  OsFile *id,
-  int *pReadonly
-){
-  HANDLE h;
-  assert( !id->isOpen );
-  h = CreateFileA(zFilename,
-     GENERIC_READ | GENERIC_WRITE,
-     FILE_SHARE_READ | FILE_SHARE_WRITE,
-     NULL,
-     OPEN_ALWAYS,
-     FILE_ATTRIBUTE_NORMAL | FILE_FLAG_RANDOM_ACCESS,
-     NULL
-  );
-  if( h==INVALID_HANDLE_VALUE ){
-    h = CreateFileA(zFilename,
-       GENERIC_READ,
-       FILE_SHARE_READ,
-       NULL,
-       OPEN_ALWAYS,
-       FILE_ATTRIBUTE_NORMAL | FILE_FLAG_RANDOM_ACCESS,
-       NULL
-    );
-    if( h==INVALID_HANDLE_VALUE ){
-      return SQLITE_CANTOPEN;
-    }
-    *pReadonly = 1;
-  }else{
-    *pReadonly = 0;
-  }
-  id->h = h;
-  id->locktype = NO_LOCK;
-  id->sharedLockByte = 0;
-  id->isOpen = 1;
-  OpenCounter(+1);
-  TRACE3("OPEN R/W %d \"%s\"\n", h, zFilename);
-  return SQLITE_OK;
-}
-
-
-/*
-** Attempt to open a new file for exclusive access by this process.
-** The file will be opened for both reading and writing.  To avoid
-** a potential security problem, we do not allow the file to have
-** previously existed.  Nor do we allow the file to be a symbolic
-** link.
-**
-** If delFlag is true, then make arrangements to automatically delete
-** the file when it is closed.
-**
-** On success, write the file handle into *id and return SQLITE_OK.
-**
-** On failure, return SQLITE_CANTOPEN.
-*/
-int sqlite3OsOpenExclusive(const char *zFilename, OsFile *id, int delFlag){
-  HANDLE h;
-  int fileflags;
-  assert( !id->isOpen );
-  if( delFlag ){
-    fileflags = FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_RANDOM_ACCESS 
-                     | FILE_FLAG_DELETE_ON_CLOSE;
-  }else{
-    fileflags = FILE_FLAG_RANDOM_ACCESS;
-  }
-  h = CreateFileA(zFilename,
-     GENERIC_READ | GENERIC_WRITE,
-     0,
-     NULL,
-     CREATE_ALWAYS,
-     fileflags,
-     NULL
-  );
-  if( h==INVALID_HANDLE_VALUE ){
-    return SQLITE_CANTOPEN;
-  }
-  id->h = h;
-  id->locktype = NO_LOCK;
-  id->sharedLockByte = 0;
-  id->isOpen = 1;
-  OpenCounter(+1);
-  TRACE3("OPEN EX %d \"%s\"\n", h, zFilename);
-  return SQLITE_OK;
-}
-
-/*
-** Attempt to open a new file for read-only access.
-**
-** On success, write the file handle into *id and return SQLITE_OK.
-**
-** On failure, return SQLITE_CANTOPEN.
-*/
-int sqlite3OsOpenReadOnly(const char *zFilename, OsFile *id){
-  HANDLE h;
-  assert( !id->isOpen );
-  h = CreateFileA(zFilename,
-     GENERIC_READ,
-     0,
-     NULL,
-     OPEN_EXISTING,
-     FILE_ATTRIBUTE_NORMAL | FILE_FLAG_RANDOM_ACCESS,
-     NULL
-  );
-  if( h==INVALID_HANDLE_VALUE ){
-    return SQLITE_CANTOPEN;
-  }
-  id->h = h;
-  id->locktype = NO_LOCK;
-  id->sharedLockByte = 0;
-  id->isOpen = 1;
-  OpenCounter(+1);
-  TRACE3("OPEN RO %d \"%s\"\n", h, zFilename);
-  return SQLITE_OK;
-}
-
-/*
-** Attempt to open a file descriptor for the directory that contains a
-** file.  This file descriptor can be used to fsync() the directory
-** in order to make sure the creation of a new file is actually written
-** to disk.
-**
-** This routine is only meaningful for Unix.  It is a no-op under
-** windows since windows does not support hard links.
-**
-** On success, a handle for a previously open file is at *id is
-** updated with the new directory file descriptor and SQLITE_OK is
-** returned.
-**
-** On failure, the function returns SQLITE_CANTOPEN and leaves
-** *id unchanged.
-*/
-int sqlite3OsOpenDirectory(
-  const char *zDirname,
-  OsFile *id
-){
-  return SQLITE_OK;
-}
-
-/*
-** If the following global variable points to a string which is the
-** name of a directory, then that directory will be used to store
-** temporary files.
-*/
-char *sqlite3_temp_directory = 0;
-
-/*
-** Create a temporary file name in zBuf.  zBuf must be big enough to
-** hold at least SQLITE_TEMPNAME_SIZE characters.
-*/
-int sqlite3OsTempFileName(char *zBuf){
-  static char zChars[] =
-    "abcdefghijklmnopqrstuvwxyz"
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-    "0123456789";
-  int i, j;
-  char zTempPath[SQLITE_TEMPNAME_SIZE];
-  if( sqlite3_temp_directory ){
-    strncpy(zTempPath, sqlite3_temp_directory, SQLITE_TEMPNAME_SIZE-30);
-    zTempPath[SQLITE_TEMPNAME_SIZE-30] = 0;
-  }else{
-    GetTempPathA(SQLITE_TEMPNAME_SIZE-30, zTempPath);
-  }
-  for(i=strlen(zTempPath); i>0 && zTempPath[i-1]=='\\'; i--){}
-  zTempPath[i] = 0;
-  for(;;){
-    sprintf(zBuf, "%s\\"TEMP_FILE_PREFIX, zTempPath);
-    j = strlen(zBuf);
-    sqlite3Randomness(15, &zBuf[j]);
-    for(i=0; i<15; i++, j++){
-      zBuf[j] = (char)zChars[ ((unsigned char)zBuf[j])%(sizeof(zChars)-1) ];
-    }
-    zBuf[j] = 0;
-    if( !sqlite3OsFileExists(zBuf) ) break;
-  }
-  TRACE2("TEMP FILENAME: %s\n", zBuf);
-  return SQLITE_OK; 
-}
-
-/*
-** Close a file.
-*/
-int sqlite3OsClose(OsFile *id){
-  if( id->isOpen ){
-    TRACE2("CLOSE %d\n", id->h);
-    CloseHandle(id->h);
-    OpenCounter(-1);
-    id->isOpen = 0;
-  }
-  return SQLITE_OK;
-}
-
-/*
-** Read data from a file into a buffer.  Return SQLITE_OK if all
-** bytes were read successfully and SQLITE_IOERR if anything goes
-** wrong.
-*/
-int sqlite3OsRead(OsFile *id, void *pBuf, int amt){
-  DWORD got;
-  assert( id->isOpen );
-  SimulateIOError(SQLITE_IOERR);
-  TRACE3("READ %d lock=%d\n", id->h, id->locktype);
-  if( !ReadFile(id->h, pBuf, amt, &got, 0) ){
-    got = 0;
-  }
-  if( got==(DWORD)amt ){
-    return SQLITE_OK;
-  }else{
-    return SQLITE_IOERR;
-  }
-}
-
-/*
-** Write data from a buffer into a file.  Return SQLITE_OK on success
-** or some other error code on failure.
-*/
-int sqlite3OsWrite(OsFile *id, const void *pBuf, int amt){
-  int rc = 0;
-  DWORD wrote;
-  assert( id->isOpen );
-  SimulateIOError(SQLITE_IOERR);
-  SimulateDiskfullError;
-  TRACE3("WRITE %d lock=%d\n", id->h, id->locktype);
-  assert( amt>0 );
-  while( amt>0 && (rc = WriteFile(id->h, pBuf, amt, &wrote, 0))!=0 && wrote>0 ){
-    amt -= wrote;
-    pBuf = &((char*)pBuf)[wrote];
-  }
-  if( !rc || amt>(int)wrote ){
-    return SQLITE_FULL;
-  }
-  return SQLITE_OK;
-}
-
-/*
-** Move the read/write pointer in a file.
-*/
-int sqlite3OsSeek(OsFile *id, i64 offset){
-  LONG upperBits = offset>>32;
-  LONG lowerBits = offset & 0xffffffff;
-  DWORD rc;
-  assert( id->isOpen );
-  SEEK(offset/1024 + 1);
-  rc = SetFilePointer(id->h, lowerBits, &upperBits, FILE_BEGIN);
-  TRACE3("SEEK %d %lld\n", id->h, offset);
-  return SQLITE_OK;
-}
-
-/*
-** Make sure all writes to a particular file are committed to disk.
-*/
-int sqlite3OsSync(OsFile *id){
-  assert( id->isOpen );
-  TRACE3("SYNC %d lock=%d\n", id->h, id->locktype);
-  if( FlushFileBuffers(id->h) ){
-    return SQLITE_OK;
-  }else{
-    return SQLITE_IOERR;
-  }
-}
-
-/*
-** Sync the directory zDirname. This is a no-op on operating systems other
-** than UNIX.
-*/
-int sqlite3OsSyncDirectory(const char *zDirname){
-  SimulateIOError(SQLITE_IOERR);
-  return SQLITE_OK;
-}
-
-/*
-** Truncate an open file to a specified size
-*/
-int sqlite3OsTruncate(OsFile *id, i64 nByte){
-  LONG upperBits = nByte>>32;
-  assert( id->isOpen );
-  TRACE3("TRUNCATE %d %lld\n", id->h, nByte);
-  SimulateIOError(SQLITE_IOERR);
-  SetFilePointer(id->h, nByte, &upperBits, FILE_BEGIN);
-  SetEndOfFile(id->h);
-  return SQLITE_OK;
-}
-
-/*
-** Determine the current size of a file in bytes
-*/
-int sqlite3OsFileSize(OsFile *id, i64 *pSize){
-  DWORD upperBits, lowerBits;
-  assert( id->isOpen );
-  SimulateIOError(SQLITE_IOERR);
-  lowerBits = GetFileSize(id->h, &upperBits);
-  *pSize = (((i64)upperBits)<<32) + lowerBits;
-  return SQLITE_OK;
-}
-
-/*
-** Return true (non-zero) if we are running under WinNT, Win2K or WinXP.
-** Return false (zero) for Win95, Win98, or WinME.
-**
-** Here is an interesting observation:  Win95, Win98, and WinME lack
-** the LockFileEx() API.  But we can still statically link against that
-** API as long as we don't call it win running Win95/98/ME.  A call to
-** this routine is used to determine if the host is Win95/98/ME or
-** WinNT/2K/XP so that we will know whether or not we can safely call
-** the LockFileEx() API.
-*/
-static int isNT(void){
-  static int osType = 0;   /* 0=unknown 1=win95 2=winNT */
-  if( osType==0 ){
-    OSVERSIONINFO sInfo;
-    sInfo.dwOSVersionInfoSize = sizeof(sInfo);
-    GetVersionEx(&sInfo);
-    osType = sInfo.dwPlatformId==VER_PLATFORM_WIN32_NT ? 2 : 1;
-  }
-  return osType==2;
-}
-
-/*
-** Acquire a reader lock.
-** Different API routines are called depending on whether or not this
-** is Win95 or WinNT.
-*/
-static int getReadLock(OsFile *id){
-  int res;
-  if( isNT() ){
-    OVERLAPPED ovlp;
-    ovlp.Offset = SHARED_FIRST;
-    ovlp.OffsetHigh = 0;
-    ovlp.hEvent = 0;
-    res = LockFileEx(id->h, LOCKFILE_FAIL_IMMEDIATELY, 0, SHARED_SIZE,0,&ovlp);
-  }else{
-    int lk;
-    sqlite3Randomness(sizeof(lk), &lk);
-    id->sharedLockByte = (lk & 0x7fffffff)%(SHARED_SIZE - 1);
-    res = LockFile(id->h, SHARED_FIRST+id->sharedLockByte, 0, 1, 0);
-  }
-  return res;
-}
-
-/*
-** Undo a readlock
-*/
-static int unlockReadLock(OsFile *id){
-  int res;
-  if( isNT() ){
-    res = UnlockFile(id->h, SHARED_FIRST, 0, SHARED_SIZE, 0);
-  }else{
-    res = UnlockFile(id->h, SHARED_FIRST + id->sharedLockByte, 0, 1, 0);
-  }
-  return res;
-}
-
-#ifndef SQLITE_OMIT_PAGER_PRAGMAS
-/*
-** Check that a given pathname is a directory and is writable 
-**
-*/
-int sqlite3OsIsDirWritable(char *zBuf){
-  int fileAttr;
-  if(! zBuf ) return 0;
-  if(! isNT() && strlen(zBuf) > MAX_PATH ) return 0;
-  fileAttr = GetFileAttributesA(zBuf);
-  if( fileAttr == 0xffffffff ) return 0;
-  if( (fileAttr & FILE_ATTRIBUTE_DIRECTORY) != FILE_ATTRIBUTE_DIRECTORY ){
-    return 0;
-  }
-  return 1;
-}
-#endif /* SQLITE_OMIT_PAGER_PRAGMAS */
-
-/*
-** Lock the file with the lock specified by parameter locktype - one
-** of the following:
-**
-**     (1) SHARED_LOCK
-**     (2) RESERVED_LOCK
-**     (3) PENDING_LOCK
-**     (4) EXCLUSIVE_LOCK
-**
-** Sometimes when requesting one lock state, additional lock states
-** are inserted in between.  The locking might fail on one of the later
-** transitions leaving the lock state different from what it started but
-** still short of its goal.  The following chart shows the allowed
-** transitions and the inserted intermediate states:
-**
-**    UNLOCKED -> SHARED
-**    SHARED -> RESERVED
-**    SHARED -> (PENDING) -> EXCLUSIVE
-**    RESERVED -> (PENDING) -> EXCLUSIVE
-**    PENDING -> EXCLUSIVE
-**
-** This routine will only increase a lock.  The sqlite3OsUnlock() routine
-** erases all locks at once and returns us immediately to locking level 0.
-** It is not possible to lower the locking level one step at a time.  You
-** must go straight to locking level 0.
-*/
-int sqlite3OsLock(OsFile *id, int locktype){
-  int rc = SQLITE_OK;    /* Return code from subroutines */
-  int res = 1;           /* Result of a windows lock call */
-  int newLocktype;       /* Set id->locktype to this value before exiting */
-  int gotPendingLock = 0;/* True if we acquired a PENDING lock this time */
-
-  assert( id->isOpen );
-  TRACE5("LOCK %d %d was %d(%d)\n",
-          id->h, locktype, id->locktype, id->sharedLockByte);
-
-  /* If there is already a lock of this type or more restrictive on the
-  ** OsFile, do nothing. Don't use the end_lock: exit path, as
-  ** sqlite3OsEnterMutex() hasn't been called yet.
-  */
-  if( id->locktype>=locktype ){
-    return SQLITE_OK;
-  }
-
-  /* Make sure the locking sequence is correct
-  */
-  assert( id->locktype!=NO_LOCK || locktype==SHARED_LOCK );
-  assert( locktype!=PENDING_LOCK );
-  assert( locktype!=RESERVED_LOCK || id->locktype==SHARED_LOCK );
-
-  /* Lock the PENDING_LOCK byte if we need to acquire a PENDING lock or
-  ** a SHARED lock.  If we are acquiring a SHARED lock, the acquisition of
-  ** the PENDING_LOCK byte is temporary.
-  */
-  newLocktype = id->locktype;
-  if( id->locktype==NO_LOCK
-   || (locktype==EXCLUSIVE_LOCK && id->locktype==RESERVED_LOCK)
-  ){
-    int cnt = 3;
-    while( cnt-->0 && (res = LockFile(id->h, PENDING_BYTE, 0, 1, 0))==0 ){
-      /* Try 3 times to get the pending lock.  The pending lock might be
-      ** held by another reader process who will release it momentarily.
-      */
-      TRACE2("could not get a PENDING lock. cnt=%d\n", cnt);
-      Sleep(1);
-    }
-    gotPendingLock = res;
-  }
-
-  /* Acquire a shared lock
-  */
-  if( locktype==SHARED_LOCK && res ){
-    assert( id->locktype==NO_LOCK );
-    res = getReadLock(id);
-    if( res ){
-      newLocktype = SHARED_LOCK;
-    }
-  }
-
-  /* Acquire a RESERVED lock
-  */
-  if( locktype==RESERVED_LOCK && res ){
-    assert( id->locktype==SHARED_LOCK );
-    res = LockFile(id->h, RESERVED_BYTE, 0, 1, 0);
-    if( res ){
-      newLocktype = RESERVED_LOCK;
-    }
-  }
-
-  /* Acquire a PENDING lock
-  */
-  if( locktype==EXCLUSIVE_LOCK && res ){
-    newLocktype = PENDING_LOCK;
-    gotPendingLock = 0;
-  }
-
-  /* Acquire an EXCLUSIVE lock
-  */
-  if( locktype==EXCLUSIVE_LOCK && res ){
-    assert( id->locktype>=SHARED_LOCK );
-    res = unlockReadLock(id);
-    TRACE2("unreadlock = %d\n", res);
-    res = LockFile(id->h, SHARED_FIRST, 0, SHARED_SIZE, 0);
-    if( res ){
-      newLocktype = EXCLUSIVE_LOCK;
-    }else{
-      TRACE2("error-code = %d\n", GetLastError());
-    }
-  }
-
-  /* If we are holding a PENDING lock that ought to be released, then
-  ** release it now.
-  */
-  if( gotPendingLock && locktype==SHARED_LOCK ){
-    UnlockFile(id->h, PENDING_BYTE, 0, 1, 0);
-  }
-
-  /* Update the state of the lock has held in the file descriptor then
-  ** return the appropriate result code.
-  */
-  if( res ){
-    rc = SQLITE_OK;
-  }else{
-    TRACE4("LOCK FAILED %d trying for %d but got %d\n", id->h,
-           locktype, newLocktype);
-    rc = SQLITE_BUSY;
-  }
-  id->locktype = newLocktype;
-  return rc;
-}
-
-/*
-** This routine checks if there is a RESERVED lock held on the specified
-** file by this or any other process. If such a lock is held, return
-** non-zero, otherwise zero.
-*/
-int sqlite3OsCheckReservedLock(OsFile *id){
-  int rc;
-  assert( id->isOpen );
-  if( id->locktype>=RESERVED_LOCK ){
-    rc = 1;
-    TRACE3("TEST WR-LOCK %d %d (local)\n", id->h, rc);
-  }else{
-    rc = LockFile(id->h, RESERVED_BYTE, 0, 1, 0);
-    if( rc ){
-      UnlockFile(id->h, RESERVED_BYTE, 0, 1, 0);
-    }
-    rc = !rc;
-    TRACE3("TEST WR-LOCK %d %d (remote)\n", id->h, rc);
-  }
-  return rc;
-}
-
-/*
-** Lower the locking level on file descriptor id to locktype.  locktype
-** must be either NO_LOCK or SHARED_LOCK.
-**
-** If the locking level of the file descriptor is already at or below
-** the requested locking level, this routine is a no-op.
-**
-** It is not possible for this routine to fail if the second argument
-** is NO_LOCK.  If the second argument is SHARED_LOCK then this routine
-** might return SQLITE_IOERR;
-*/
-int sqlite3OsUnlock(OsFile *id, int locktype){
-  int type;
-  int rc = SQLITE_OK;
-  assert( id->isOpen );
-  assert( locktype<=SHARED_LOCK );
-  TRACE5("UNLOCK %d to %d was %d(%d)\n", id->h, locktype,
-          id->locktype, id->sharedLockByte);
-  type = id->locktype;
-  if( type>=EXCLUSIVE_LOCK ){
-    UnlockFile(id->h, SHARED_FIRST, 0, SHARED_SIZE, 0);
-    if( locktype==SHARED_LOCK && !getReadLock(id) ){
-      /* This should never happen.  We should always be able to
-      ** reacquire the read lock */
-      rc = SQLITE_IOERR;
-    }
-  }
-  if( type>=RESERVED_LOCK ){
-    UnlockFile(id->h, RESERVED_BYTE, 0, 1, 0);
-  }
-  if( locktype==NO_LOCK && type>=SHARED_LOCK ){
-    unlockReadLock(id);
-  }
-  if( type>=PENDING_LOCK ){
-    UnlockFile(id->h, PENDING_BYTE, 0, 1, 0);
-  }
-  id->locktype = locktype;
-  return rc;
-}
-
-/*
-** Turn a relative pathname into a full pathname.  Return a pointer
-** to the full pathname stored in space obtained from sqliteMalloc().
-** The calling function is responsible for freeing this space once it
-** is no longer needed.
-*/
-char *sqlite3OsFullPathname(const char *zRelative){
-  char *zNotUsed;
-  char *zFull;
-  int nByte;
-#ifdef __CYGWIN__
-  nByte = strlen(zRelative) + MAX_PATH + 1001;
-  zFull = sqliteMalloc( nByte );
-  if( zFull==0 ) return 0;
-  if( cygwin_conv_to_full_win32_path(zRelative, zFull) ) return 0;
-#else
-  nByte = GetFullPathNameA(zRelative, 0, 0, &zNotUsed) + 1;
-  zFull = sqliteMalloc( nByte );
-  if( zFull==0 ) return 0;
-  GetFullPathNameA(zRelative, nByte, zFull, &zNotUsed);
-#endif
-  return zFull;
-}
-
-#endif /* SQLITE_OMIT_DISKIO */
-/***************************************************************************
-** Everything above deals with file I/O.  Everything that follows deals
-** with other miscellanous aspects of the operating system interface
-****************************************************************************/
-
-/*
-** Get information to seed the random number generator.  The seed
-** is written into the buffer zBuf[256].  The calling function must
-** supply a sufficiently large buffer.
-*/
-int sqlite3OsRandomSeed(char *zBuf){
-  /* We have to initialize zBuf to prevent valgrind from reporting
-  ** errors.  The reports issued by valgrind are incorrect - we would
-  ** prefer that the randomness be increased by making use of the
-  ** uninitialized space in zBuf - but valgrind errors tend to worry
-  ** some users.  Rather than argue, it seems easier just to initialize
-  ** the whole array and silence valgrind, even if that means less randomness
-  ** in the random seed.
-  **
-  ** When testing, initializing zBuf[] to zero is all we do.  That means
-  ** that we always use the same random number sequence.* This makes the
-  ** tests repeatable.
-  */
-  memset(zBuf, 0, 256);
-  GetSystemTime((LPSYSTEMTIME)zBuf);
-  return SQLITE_OK;
-}
-
-/*
-** Sleep for a little while.  Return the amount of time slept.
-*/
-int sqlite3OsSleep(int ms){
-  Sleep(ms);
-  return ms;
-}
-
-/*
-** Static variables used for thread synchronization
-*/
-static int inMutex = 0;
-#ifdef SQLITE_W32_THREADS
-  static CRITICAL_SECTION cs;
-#endif
-
-/*
-** The following pair of routine implement mutual exclusion for
-** multi-threaded processes.  Only a single thread is allowed to
-** executed code that is surrounded by EnterMutex() and LeaveMutex().
-**
-** SQLite uses only a single Mutex.  There is not much critical
-** code and what little there is executes quickly and without blocking.
-*/
-void sqlite3OsEnterMutex(){
-#ifdef SQLITE_W32_THREADS
-  static int isInit = 0;
-  while( !isInit ){
-    static long lock = 0;
-    if( InterlockedIncrement(&lock)==1 ){
-      InitializeCriticalSection(&cs);
-      isInit = 1;
-    }else{
-      Sleep(1);
-    }
-  }
-  EnterCriticalSection(&cs);
-#endif
-  assert( !inMutex );
-  inMutex = 1;
-}
-void sqlite3OsLeaveMutex(){
-  assert( inMutex );
-  inMutex = 0;
-#ifdef SQLITE_W32_THREADS
-  LeaveCriticalSection(&cs);
-#endif
-}
-
-/*
-** The following variable, if set to a non-zero value, becomes the result
-** returned from sqlite3OsCurrentTime().  This is used for testing.
-*/
-#ifdef SQLITE_TEST
-int sqlite3_current_time = 0;
-#endif
-
-/*
-** Find the current time (in Universal Coordinated Time).  Write the
-** current time and date as a Julian Day number into *prNow and
-** return 0.  Return 1 if the time and date cannot be found.
-*/
-int sqlite3OsCurrentTime(double *prNow){
-  FILETIME ft;
-  /* FILETIME structure is a 64-bit value representing the number of 
-     100-nanosecond intervals since January 1, 1601 (= JD 2305813.5). 
-  */
-  double now;
-  GetSystemTimeAsFileTime( &ft );
-  now = ((double)ft.dwHighDateTime) * 4294967296.0; 
-  *prNow = (now + ft.dwLowDateTime)/864000000000.0 + 2305813.5;
-#ifdef SQLITE_TEST
-  if( sqlite3_current_time ){
-    *prNow = sqlite3_current_time/86400.0 + 2440587.5;
-  }
-#endif
-  return 0;
-}
-
-#endif /* OS_WIN */
--- a/mozilla/security/nss/lib/sqlite/os_win.h
+++ b/mozilla/security/nss/lib/sqlite/os_win.h
@@ -1,40 +0,0 @@
-/*
-** 2004 May 22
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-******************************************************************************
-**
-** This header file defines OS-specific features for Win32
-*/
-#ifndef _SQLITE_OS_WIN_H_
-#define _SQLITE_OS_WIN_H_
-
-#include <windows.h>
-#include <winbase.h>
-
-/*
-** The OsFile structure is a operating-system independing representation
-** of an open file handle.  It is defined differently for each architecture.
-**
-** This is the definition for Win32.
-*/
-typedef struct OsFile OsFile;
-struct OsFile {
-  HANDLE h;               /* Handle for accessing the file */
-  unsigned char locktype; /* Type of lock currently held on this file */
-  unsigned char isOpen;   /* True if needs to be closed */
-  short sharedLockByte;   /* Randomly chosen byte used as a shared lock */
-};
-
-
-#define SQLITE_TEMPNAME_SIZE (MAX_PATH+50)
-#define SQLITE_MIN_SLEEP_MS 1
-
-
-#endif /* _SQLITE_OS_WIN_H_ */
--- a/mozilla/security/nss/lib/sqlite/pager.c
+++ b/mozilla/security/nss/lib/sqlite/pager.c
--- a/mozilla/security/nss/lib/sqlite/pager.h
+++ b/mozilla/security/nss/lib/sqlite/pager.h
@@ -1,115 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This header file defines the interface that the sqlite page cache
-** subsystem.  The page cache subsystem reads and writes a file a page
-** at a time and provides a journal for rollback.
-**
-** @(#) $Id: pager.h,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-
-/*
-** The default size of a database page.
-*/
-#ifndef SQLITE_DEFAULT_PAGE_SIZE
-# define SQLITE_DEFAULT_PAGE_SIZE 1024
-#endif
-
-/* Maximum page size.  The upper bound on this value is 32768.  This a limit
-** imposed by necessity of storing the value in a 2-byte unsigned integer
-** and the fact that the page size must be a power of 2.
-**
-** This value is used to initialize certain arrays on the stack at
-** various places in the code.  On embedded machines where stack space
-** is limited and the flexibility of having large pages is not needed,
-** it makes good sense to reduce the maximum page size to something more
-** reasonable, like 1024.
-*/
-#ifndef SQLITE_MAX_PAGE_SIZE
-# define SQLITE_MAX_PAGE_SIZE 8192
-#endif
-
-/*
-** Maximum number of pages in one database.
-*/
-#define SQLITE_MAX_PAGE 1073741823
-
-/*
-** The type used to represent a page number.  The first page in a file
-** is called page 1.  0 is used to represent "not a page".
-*/
-typedef unsigned int Pgno;
-
-/*
-** Each open file is managed by a separate instance of the "Pager" structure.
-*/
-typedef struct Pager Pager;
-
-/*
-** Allowed values for the flags parameter to sqlite3pager_open().
-**
-** NOTE: This values must match the corresponding BTREE_ values in btree.h.
-*/
-#define PAGER_OMIT_JOURNAL  0x0001    /* Do not use a rollback journal */
-#define PAGER_NO_READLOCK   0x0002    /* Omit readlocks on readonly files */
-
-
-/*
-** See source code comments for a detailed description of the following
-** routines:
-*/
-int sqlite3pager_open(Pager **ppPager, const char *zFilename,
-                     int nExtra, int flags);
-void sqlite3pager_set_busyhandler(Pager*, BusyHandler *pBusyHandler);
-void sqlite3pager_set_destructor(Pager*, void(*)(void*,int));
-void sqlite3pager_set_reiniter(Pager*, void(*)(void*,int));
-int sqlite3pager_set_pagesize(Pager*, int);
-void sqlite3pager_read_fileheader(Pager*, int, unsigned char*);
-void sqlite3pager_set_cachesize(Pager*, int);
-int sqlite3pager_close(Pager *pPager);
-int sqlite3pager_get(Pager *pPager, Pgno pgno, void **ppPage);
-void *sqlite3pager_lookup(Pager *pPager, Pgno pgno);
-int sqlite3pager_ref(void*);
-int sqlite3pager_unref(void*);
-Pgno sqlite3pager_pagenumber(void*);
-int sqlite3pager_write(void*);
-int sqlite3pager_iswriteable(void*);
-int sqlite3pager_overwrite(Pager *pPager, Pgno pgno, void*);
-int sqlite3pager_pagecount(Pager*);
-int sqlite3pager_truncate(Pager*,Pgno);
-int sqlite3pager_begin(void*, int exFlag);
-int sqlite3pager_commit(Pager*);
-int sqlite3pager_sync(Pager*,const char *zMaster, Pgno);
-int sqlite3pager_rollback(Pager*);
-int sqlite3pager_isreadonly(Pager*);
-int sqlite3pager_stmt_begin(Pager*);
-int sqlite3pager_stmt_commit(Pager*);
-int sqlite3pager_stmt_rollback(Pager*);
-void sqlite3pager_dont_rollback(void*);
-void sqlite3pager_dont_write(Pager*, Pgno);
-int *sqlite3pager_stats(Pager*);
-void sqlite3pager_set_safety_level(Pager*,int);
-const char *sqlite3pager_filename(Pager*);
-const char *sqlite3pager_dirname(Pager*);
-const char *sqlite3pager_journalname(Pager*);
-int sqlite3pager_rename(Pager*, const char *zNewName);
-void sqlite3pager_set_codec(Pager*,void(*)(void*,void*,Pgno,int),void*);
-int sqlite3pager_movepage(Pager*,void*,Pgno);
-int sqlite3pager_reset(Pager*);
-
-#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
-int sqlite3pager_lockstate(Pager*);
-#endif
-
-#ifdef SQLITE_TEST
-void sqlite3pager_refdump(Pager*);
-int pager3_refinfo_enable;
-#endif
--- a/mozilla/security/nss/lib/sqlite/parse.c
+++ b/mozilla/security/nss/lib/sqlite/parse.c
--- a/mozilla/security/nss/lib/sqlite/parse.h
+++ b/mozilla/security/nss/lib/sqlite/parse.h
@@ -1,140 +0,0 @@
-#define TK_END_OF_FILE                     1
-#define TK_ILLEGAL                         2
-#define TK_SPACE                           3
-#define TK_UNCLOSED_STRING                 4
-#define TK_COMMENT                         5
-#define TK_FUNCTION                        6
-#define TK_COLUMN                          7
-#define TK_AGG_FUNCTION                    8
-#define TK_CONST_FUNC                      9
-#define TK_SEMI                           10
-#define TK_EXPLAIN                        11
-#define TK_BEGIN                          12
-#define TK_TRANSACTION                    13
-#define TK_DEFERRED                       14
-#define TK_IMMEDIATE                      15
-#define TK_EXCLUSIVE                      16
-#define TK_COMMIT                         17
-#define TK_END                            18
-#define TK_ROLLBACK                       19
-#define TK_CREATE                         20
-#define TK_TABLE                          21
-#define TK_TEMP                           22
-#define TK_LP                             23
-#define TK_RP                             24
-#define TK_AS                             25
-#define TK_COMMA                          26
-#define TK_ID                             27
-#define TK_ABORT                          28
-#define TK_AFTER                          29
-#define TK_ASC                            30
-#define TK_ATTACH                         31
-#define TK_BEFORE                         32
-#define TK_CASCADE                        33
-#define TK_CONFLICT                       34
-#define TK_DATABASE                       35
-#define TK_DESC                           36
-#define TK_DETACH                         37
-#define TK_EACH                           38
-#define TK_FAIL                           39
-#define TK_FOR                            40
-#define TK_IGNORE                         41
-#define TK_INITIALLY                      42
-#define TK_INSTEAD                        43
-#define TK_LIKE_KW                        44
-#define TK_MATCH                          45
-#define TK_KEY                            46
-#define TK_OF                             47
-#define TK_OFFSET                         48
-#define TK_PRAGMA                         49
-#define TK_RAISE                          50
-#define TK_REPLACE                        51
-#define TK_RESTRICT                       52
-#define TK_ROW                            53
-#define TK_STATEMENT                      54
-#define TK_TRIGGER                        55
-#define TK_VACUUM                         56
-#define TK_VIEW                           57
-#define TK_REINDEX                        58
-#define TK_RENAME                         59
-#define TK_CTIME_KW                       60
-#define TK_ALTER                          61
-#define TK_OR                             62
-#define TK_AND                            63
-#define TK_NOT                            64
-#define TK_IS                             65
-#define TK_BETWEEN                        66
-#define TK_IN                             67
-#define TK_ISNULL                         68
-#define TK_NOTNULL                        69
-#define TK_NE                             70
-#define TK_EQ                             71
-#define TK_GT                             72
-#define TK_LE                             73
-#define TK_LT                             74
-#define TK_GE                             75
-#define TK_ESCAPE                         76
-#define TK_BITAND                         77
-#define TK_BITOR                          78
-#define TK_LSHIFT                         79
-#define TK_RSHIFT                         80
-#define TK_PLUS                           81
-#define TK_MINUS                          82
-#define TK_STAR                           83
-#define TK_SLASH                          84
-#define TK_REM                            85
-#define TK_CONCAT                         86
-#define TK_UMINUS                         87
-#define TK_UPLUS                          88
-#define TK_BITNOT                         89
-#define TK_STRING                         90
-#define TK_JOIN_KW                        91
-#define TK_CONSTRAINT                     92
-#define TK_DEFAULT                        93
-#define TK_NULL                           94
-#define TK_PRIMARY                        95
-#define TK_UNIQUE                         96
-#define TK_CHECK                          97
-#define TK_REFERENCES                     98
-#define TK_COLLATE                        99
-#define TK_AUTOINCR                       100
-#define TK_ON                             101
-#define TK_DELETE                         102
-#define TK_UPDATE                         103
-#define TK_INSERT                         104
-#define TK_SET                            105
-#define TK_DEFERRABLE                     106
-#define TK_FOREIGN                        107
-#define TK_DROP                           108
-#define TK_UNION                          109
-#define TK_ALL                            110
-#define TK_INTERSECT                      111
-#define TK_EXCEPT                         112
-#define TK_SELECT                         113
-#define TK_DISTINCT                       114
-#define TK_DOT                            115
-#define TK_FROM                           116
-#define TK_JOIN                           117
-#define TK_USING                          118
-#define TK_ORDER                          119
-#define TK_BY                             120
-#define TK_GROUP                          121
-#define TK_HAVING                         122
-#define TK_LIMIT                          123
-#define TK_WHERE                          124
-#define TK_INTO                           125
-#define TK_VALUES                         126
-#define TK_INTEGER                        127
-#define TK_FLOAT                          128
-#define TK_BLOB                           129
-#define TK_REGISTER                       130
-#define TK_VARIABLE                       131
-#define TK_EXISTS                         132
-#define TK_CASE                           133
-#define TK_WHEN                           134
-#define TK_THEN                           135
-#define TK_ELSE                           136
-#define TK_INDEX                          137
-#define TK_TO                             138
-#define TK_ADD                            139
-#define TK_COLUMNKW                       140
--- a/mozilla/security/nss/lib/sqlite/pragma.c
+++ b/mozilla/security/nss/lib/sqlite/pragma.c
@@ -1,933 +0,0 @@
-/*
-** 2003 April 6
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains code used to implement the PRAGMA command.
-**
-** $Id: pragma.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include "os.h"
-#include <ctype.h>
-
-/* Ignore this whole file if pragmas are disabled
-*/
-#if !defined(SQLITE_OMIT_PRAGMA) && !defined(SQLITE_OMIT_PARSER)
-
-#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
-# include "pager.h"
-# include "btree.h"
-#endif
-
-/*
-** Interpret the given string as a safety level.  Return 0 for OFF,
-** 1 for ON or NORMAL and 2 for FULL.  Return 1 for an empty or 
-** unrecognized string argument.
-**
-** Note that the values returned are one less that the values that
-** should be passed into sqlite3BtreeSetSafetyLevel().  The is done
-** to support legacy SQL code.  The safety level used to be boolean
-** and older scripts may have used numbers 0 for OFF and 1 for ON.
-*/
-static int getSafetyLevel(const u8 *z){
-                             /* 123456789 123456789 */
-  static const char zText[] = "onoffalseyestruefull";
-  static const u8 iOffset[] = {0, 1, 2, 4, 9, 12, 16};
-  static const u8 iLength[] = {2, 2, 3, 5, 3, 4, 4};
-  static const u8 iValue[] =  {1, 0, 0, 0, 1, 1, 2};
-  int i, n;
-  if( isdigit(*z) ){
-    return atoi(z);
-  }
-  n = strlen(z);
-  for(i=0; i<sizeof(iLength); i++){
-    if( iLength[i]==n && sqlite3StrNICmp(&zText[iOffset[i]],z,n)==0 ){
-      return iValue[i];
-    }
-  }
-  return 1;
-}
-
-/*
-** Interpret the given string as a boolean value.
-*/
-static int getBoolean(const u8 *z){
-  return getSafetyLevel(z)&1;
-}
-
-#ifndef SQLITE_OMIT_PAGER_PRAGMAS
-/*
-** Interpret the given string as a temp db location. Return 1 for file
-** backed temporary databases, 2 for the Red-Black tree in memory database
-** and 0 to use the compile-time default.
-*/
-static int getTempStore(const char *z){
-  if( z[0]>='0' && z[0]<='2' ){
-    return z[0] - '0';
-  }else if( sqlite3StrICmp(z, "file")==0 ){
-    return 1;
-  }else if( sqlite3StrICmp(z, "memory")==0 ){
-    return 2;
-  }else{
-    return 0;
-  }
-}
-#endif /* SQLITE_PAGER_PRAGMAS */
-
-#ifndef SQLITE_OMIT_PAGER_PRAGMAS
-/*
-** Invalidate temp storage, either when the temp storage is changed
-** from default, or when 'file' and the temp_store_directory has changed
-*/
-static int invalidateTempStorage(Parse *pParse){
-  sqlite3 *db = pParse->db;
-  if( db->aDb[1].pBt!=0 ){
-    if( db->flags & SQLITE_InTrans ){
-      sqlite3ErrorMsg(pParse, "temporary storage cannot be changed "
-        "from within a transaction");
-      return SQLITE_ERROR;
-    }
-    sqlite3BtreeClose(db->aDb[1].pBt);
-    db->aDb[1].pBt = 0;
-    sqlite3ResetInternalSchema(db, 0);
-  }
-  return SQLITE_OK;
-}
-#endif /* SQLITE_PAGER_PRAGMAS */
-
-#ifndef SQLITE_OMIT_PAGER_PRAGMAS
-/*
-** If the TEMP database is open, close it and mark the database schema
-** as needing reloading.  This must be done when using the TEMP_STORE
-** or DEFAULT_TEMP_STORE pragmas.
-*/
-static int changeTempStorage(Parse *pParse, const char *zStorageType){
-  int ts = getTempStore(zStorageType);
-  sqlite3 *db = pParse->db;
-  if( db->temp_store==ts ) return SQLITE_OK;
-  if( invalidateTempStorage( pParse ) != SQLITE_OK ){
-    return SQLITE_ERROR;
-  }
-  db->temp_store = ts;
-  return SQLITE_OK;
-}
-#endif /* SQLITE_PAGER_PRAGMAS */
-
-/*
-** Generate code to return a single integer value.
-*/
-static void returnSingleInt(Parse *pParse, const char *zLabel, int value){
-  Vdbe *v = sqlite3GetVdbe(pParse);
-  sqlite3VdbeAddOp(v, OP_Integer, value, 0);
-  if( pParse->explain==0 ){
-    sqlite3VdbeSetNumCols(v, 1);
-    sqlite3VdbeSetColName(v, 0, zLabel, P3_STATIC);
-  }
-  sqlite3VdbeAddOp(v, OP_Callback, 1, 0);
-}
-
-#ifndef SQLITE_OMIT_FLAG_PRAGMAS
-/*
-** Check to see if zRight and zLeft refer to a pragma that queries
-** or changes one of the flags in db->flags.  Return 1 if so and 0 if not.
-** Also, implement the pragma.
-*/
-static int flagPragma(Parse *pParse, const char *zLeft, const char *zRight){
-  static const struct sPragmaType {
-    const char *zName;  /* Name of the pragma */
-    int mask;           /* Mask for the db->flags value */
-  } aPragma[] = {
-    { "vdbe_trace",               SQLITE_VdbeTrace     },
-    { "sql_trace",                SQLITE_SqlTrace      },
-    { "vdbe_listing",             SQLITE_VdbeListing   },
-    { "full_column_names",        SQLITE_FullColNames  },
-    { "short_column_names",       SQLITE_ShortColNames },
-    { "count_changes",            SQLITE_CountRows     },
-    { "empty_result_callbacks",   SQLITE_NullCallback  },
-    /* The following is VERY experimental */
-    { "writable_schema",          SQLITE_WriteSchema   },
-    { "omit_readlock",            SQLITE_NoReadlock    },
-  };
-  int i;
-  const struct sPragmaType *p;
-  for(i=0, p=aPragma; i<sizeof(aPragma)/sizeof(aPragma[0]); i++, p++){
-    if( sqlite3StrICmp(zLeft, p->zName)==0 ){
-      sqlite3 *db = pParse->db;
-      Vdbe *v;
-      v = sqlite3GetVdbe(pParse);
-      if( v ){
-        if( zRight==0 ){
-          returnSingleInt(pParse, p->zName, (db->flags & p->mask)!=0 );
-        }else{
-          if( getBoolean(zRight) ){
-            db->flags |= p->mask;
-          }else{
-            db->flags &= ~p->mask;
-          }
-        }
-        /* If one of these pragmas is executed, any prepared statements
-        ** need to be recompiled.
-        */
-        sqlite3VdbeAddOp(v, OP_Expire, 0, 0);
-      }
-      return 1;
-    }
-  }
-  return 0;
-}
-#endif /* SQLITE_OMIT_FLAG_PRAGMAS */
-
-/*
-** Process a pragma statement.  
-**
-** Pragmas are of this form:
-**
-**      PRAGMA [database.]id [= value]
-**
-** The identifier might also be a string.  The value is a string, and
-** identifier, or a number.  If minusFlag is true, then the value is
-** a number that was preceded by a minus sign.
-**
-** If the left side is "database.id" then pId1 is the database name
-** and pId2 is the id.  If the left side is just "id" then pId1 is the
-** id and pId2 is any empty string.
-*/
-void sqlite3Pragma(
-  Parse *pParse, 
-  Token *pId1,        /* First part of [database.]id field */
-  Token *pId2,        /* Second part of [database.]id field, or NULL */
-  Token *pValue,      /* Token for <value>, or NULL */
-  int minusFlag       /* True if a '-' sign preceded <value> */
-){
-  char *zLeft = 0;       /* Nul-terminated UTF-8 string <id> */
-  char *zRight = 0;      /* Nul-terminated UTF-8 string <value>, or NULL */
-  const char *zDb = 0;   /* The database name */
-  Token *pId;            /* Pointer to <id> token */
-  int iDb;               /* Database index for <database> */
-  sqlite3 *db = pParse->db;
-  Db *pDb;
-  Vdbe *v = sqlite3GetVdbe(pParse);
-  if( v==0 ) return;
-
-  /* Interpret the [database.] part of the pragma statement. iDb is the
-  ** index of the database this pragma is being applied to in db.aDb[]. */
-  iDb = sqlite3TwoPartName(pParse, pId1, pId2, &pId);
-  if( iDb<0 ) return;
-  pDb = &db->aDb[iDb];
-
-  zLeft = sqlite3NameFromToken(pId);
-  if( !zLeft ) return;
-  if( minusFlag ){
-    zRight = sqlite3MPrintf("-%T", pValue);
-  }else{
-    zRight = sqlite3NameFromToken(pValue);
-  }
-
-  zDb = ((iDb>0)?pDb->zName:0);
-  if( sqlite3AuthCheck(pParse, SQLITE_PRAGMA, zLeft, zRight, zDb) ){
-    goto pragma_out;
-  }
- 
-#ifndef SQLITE_OMIT_PAGER_PRAGMAS
-  /*
-  **  PRAGMA [database.]default_cache_size
-  **  PRAGMA [database.]default_cache_size=N
-  **
-  ** The first form reports the current persistent setting for the
-  ** page cache size.  The value returned is the maximum number of
-  ** pages in the page cache.  The second form sets both the current
-  ** page cache size value and the persistent page cache size value
-  ** stored in the database file.
-  **
-  ** The default cache size is stored in meta-value 2 of page 1 of the
-  ** database file.  The cache size is actually the absolute value of
-  ** this memory location.  The sign of meta-value 2 determines the
-  ** synchronous setting.  A negative value means synchronous is off
-  ** and a positive value means synchronous is on.
-  */
-  if( sqlite3StrICmp(zLeft,"default_cache_size")==0 ){
-    static const VdbeOpList getCacheSize[] = {
-      { OP_ReadCookie,  0, 2,        0},  /* 0 */
-      { OP_AbsValue,    0, 0,        0},
-      { OP_Dup,         0, 0,        0},
-      { OP_Integer,     0, 0,        0},
-      { OP_Ne,          0, 6,        0},
-      { OP_Integer,     0, 0,        0},  /* 5 */
-      { OP_Callback,    1, 0,        0},
-    };
-    int addr;
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    if( !zRight ){
-      sqlite3VdbeSetNumCols(v, 1);
-      sqlite3VdbeSetColName(v, 0, "cache_size", P3_STATIC);
-      addr = sqlite3VdbeAddOpList(v, ArraySize(getCacheSize), getCacheSize);
-      sqlite3VdbeChangeP1(v, addr, iDb);
-      sqlite3VdbeChangeP1(v, addr+5, MAX_PAGES);
-    }else{
-      int size = atoi(zRight);
-      if( size<0 ) size = -size;
-      sqlite3BeginWriteOperation(pParse, 0, iDb);
-      sqlite3VdbeAddOp(v, OP_Integer, size, 0);
-      sqlite3VdbeAddOp(v, OP_ReadCookie, iDb, 2);
-      addr = sqlite3VdbeAddOp(v, OP_Integer, 0, 0);
-      sqlite3VdbeAddOp(v, OP_Ge, 0, addr+3);
-      sqlite3VdbeAddOp(v, OP_Negative, 0, 0);
-      sqlite3VdbeAddOp(v, OP_SetCookie, iDb, 2);
-      pDb->cache_size = size;
-      sqlite3BtreeSetCacheSize(pDb->pBt, pDb->cache_size);
-    }
-  }else
-
-  /*
-  **  PRAGMA [database.]page_size
-  **  PRAGMA [database.]page_size=N
-  **
-  ** The first form reports the current setting for the
-  ** database page size in bytes.  The second form sets the
-  ** database page size value.  The value can only be set if
-  ** the database has not yet been created.
-  */
-  if( sqlite3StrICmp(zLeft,"page_size")==0 ){
-    Btree *pBt = pDb->pBt;
-    if( !zRight ){
-      int size = pBt ? sqlite3BtreeGetPageSize(pBt) : 0;
-      returnSingleInt(pParse, "page_size", size);
-    }else{
-      sqlite3BtreeSetPageSize(pBt, atoi(zRight), -1);
-    }
-  }else
-#endif /* SQLITE_OMIT_PAGER_PRAGMAS */
-
-  /*
-  **  PRAGMA [database.]auto_vacuum
-  **  PRAGMA [database.]auto_vacuum=N
-  **
-  ** Get or set the (boolean) value of the database 'auto-vacuum' parameter.
-  */
-#ifndef SQLITE_OMIT_AUTOVACUUM
-  if( sqlite3StrICmp(zLeft,"auto_vacuum")==0 ){
-    Btree *pBt = pDb->pBt;
-    if( !zRight ){
-      int auto_vacuum = 
-          pBt ? sqlite3BtreeGetAutoVacuum(pBt) : SQLITE_DEFAULT_AUTOVACUUM;
-      returnSingleInt(pParse, "auto_vacuum", auto_vacuum);
-    }else{
-      sqlite3BtreeSetAutoVacuum(pBt, getBoolean(zRight));
-    }
-  }else
-#endif
-
-#ifndef SQLITE_OMIT_PAGER_PRAGMAS
-  /*
-  **  PRAGMA [database.]cache_size
-  **  PRAGMA [database.]cache_size=N
-  **
-  ** The first form reports the current local setting for the
-  ** page cache size.  The local setting can be different from
-  ** the persistent cache size value that is stored in the database
-  ** file itself.  The value returned is the maximum number of
-  ** pages in the page cache.  The second form sets the local
-  ** page cache size value.  It does not change the persistent
-  ** cache size stored on the disk so the cache size will revert
-  ** to its default value when the database is closed and reopened.
-  ** N should be a positive integer.
-  */
-  if( sqlite3StrICmp(zLeft,"cache_size")==0 ){
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    if( !zRight ){
-      returnSingleInt(pParse, "cache_size", pDb->cache_size);
-    }else{
-      int size = atoi(zRight);
-      if( size<0 ) size = -size;
-      pDb->cache_size = size;
-      sqlite3BtreeSetCacheSize(pDb->pBt, pDb->cache_size);
-    }
-  }else
-
-  /*
-  **   PRAGMA temp_store
-  **   PRAGMA temp_store = "default"|"memory"|"file"
-  **
-  ** Return or set the local value of the temp_store flag.  Changing
-  ** the local value does not make changes to the disk file and the default
-  ** value will be restored the next time the database is opened.
-  **
-  ** Note that it is possible for the library compile-time options to
-  ** override this setting
-  */
-  if( sqlite3StrICmp(zLeft, "temp_store")==0 ){
-    if( !zRight ){
-      returnSingleInt(pParse, "temp_store", db->temp_store);
-    }else{
-      changeTempStorage(pParse, zRight);
-    }
-  }else
-
-  /*
-  **   PRAGMA temp_store_directory
-  **   PRAGMA temp_store_directory = ""|"directory_name"
-  **
-  ** Return or set the local value of the temp_store_directory flag.  Changing
-  ** the value sets a specific directory to be used for temporary files.
-  ** Setting to a null string reverts to the default temporary directory search.
-  ** If temporary directory is changed, then invalidateTempStorage.
-  **
-  */
-  if( sqlite3StrICmp(zLeft, "temp_store_directory")==0 ){
-    if( !zRight ){
-      if( sqlite3_temp_directory ){
-        sqlite3VdbeSetNumCols(v, 1);
-        sqlite3VdbeSetColName(v, 0, "temp_store_directory", P3_STATIC);
-        sqlite3VdbeOp3(v, OP_String8, 0, 0, sqlite3_temp_directory, 0);
-        sqlite3VdbeAddOp(v, OP_Callback, 1, 0);
-      }
-    }else{
-      if( zRight[0] && !sqlite3OsIsDirWritable(zRight) ){
-        sqlite3ErrorMsg(pParse, "not a writable directory");
-        goto pragma_out;
-      }
-      if( TEMP_STORE==0
-       || (TEMP_STORE==1 && db->temp_store<=1)
-       || (TEMP_STORE==2 && db->temp_store==1)
-      ){
-        invalidateTempStorage(pParse);
-      }
-      sqliteFree(sqlite3_temp_directory);
-      if( zRight[0] ){
-        sqlite3_temp_directory = zRight;
-        zRight = 0;
-      }else{
-        sqlite3_temp_directory = 0;
-      }
-    }
-  }else
-
-  /*
-  **   PRAGMA [database.]synchronous
-  **   PRAGMA [database.]synchronous=OFF|ON|NORMAL|FULL
-  **
-  ** Return or set the local value of the synchronous flag.  Changing
-  ** the local value does not make changes to the disk file and the
-  ** default value will be restored the next time the database is
-  ** opened.
-  */
-  if( sqlite3StrICmp(zLeft,"synchronous")==0 ){
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    if( !zRight ){
-      returnSingleInt(pParse, "synchronous", pDb->safety_level-1);
-    }else{
-      if( !db->autoCommit ){
-        sqlite3ErrorMsg(pParse, 
-            "Safety level may not be changed inside a transaction");
-      }else{
-        pDb->safety_level = getSafetyLevel(zRight)+1;
-        sqlite3BtreeSetSafetyLevel(pDb->pBt, pDb->safety_level);
-      }
-    }
-  }else
-#endif /* SQLITE_OMIT_PAGER_PRAGMAS */
-
-#ifndef SQLITE_OMIT_FLAG_PRAGMAS
-  if( flagPragma(pParse, zLeft, zRight) ){
-    /* The flagPragma() subroutine also generates any necessary code
-    ** there is nothing more to do here */
-  }else
-#endif /* SQLITE_OMIT_FLAG_PRAGMAS */
-
-#ifndef SQLITE_OMIT_SCHEMA_PRAGMAS
-  /*
-  **   PRAGMA table_info(<table>)
-  **
-  ** Return a single row for each column of the named table. The columns of
-  ** the returned data set are:
-  **
-  ** cid:        Column id (numbered from left to right, starting at 0)
-  ** name:       Column name
-  ** type:       Column declaration type.
-  ** notnull:    True if 'NOT NULL' is part of column declaration
-  ** dflt_value: The default value for the column, if any.
-  */
-  if( sqlite3StrICmp(zLeft, "table_info")==0 && zRight ){
-    Table *pTab;
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    pTab = sqlite3FindTable(db, zRight, zDb);
-    if( pTab ){
-      int i;
-      sqlite3VdbeSetNumCols(v, 6);
-      sqlite3VdbeSetColName(v, 0, "cid", P3_STATIC);
-      sqlite3VdbeSetColName(v, 1, "name", P3_STATIC);
-      sqlite3VdbeSetColName(v, 2, "type", P3_STATIC);
-      sqlite3VdbeSetColName(v, 3, "notnull", P3_STATIC);
-      sqlite3VdbeSetColName(v, 4, "dflt_value", P3_STATIC);
-      sqlite3VdbeSetColName(v, 5, "pk", P3_STATIC);
-      sqlite3ViewGetColumnNames(pParse, pTab);
-      for(i=0; i<pTab->nCol; i++){
-        sqlite3VdbeAddOp(v, OP_Integer, i, 0);
-        sqlite3VdbeOp3(v, OP_String8, 0, 0, pTab->aCol[i].zName, 0);
-        sqlite3VdbeOp3(v, OP_String8, 0, 0,
-           pTab->aCol[i].zType ? pTab->aCol[i].zType : "numeric", 0);
-        sqlite3VdbeAddOp(v, OP_Integer, pTab->aCol[i].notNull, 0);
-        sqlite3ExprCode(pParse, pTab->aCol[i].pDflt);
-        sqlite3VdbeAddOp(v, OP_Integer, pTab->aCol[i].isPrimKey, 0);
-        sqlite3VdbeAddOp(v, OP_Callback, 6, 0);
-      }
-    }
-  }else
-
-  if( sqlite3StrICmp(zLeft, "index_info")==0 && zRight ){
-    Index *pIdx;
-    Table *pTab;
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    pIdx = sqlite3FindIndex(db, zRight, zDb);
-    if( pIdx ){
-      int i;
-      pTab = pIdx->pTable;
-      sqlite3VdbeSetNumCols(v, 3);
-      sqlite3VdbeSetColName(v, 0, "seqno", P3_STATIC);
-      sqlite3VdbeSetColName(v, 1, "cid", P3_STATIC);
-      sqlite3VdbeSetColName(v, 2, "name", P3_STATIC);
-      for(i=0; i<pIdx->nColumn; i++){
-        int cnum = pIdx->aiColumn[i];
-        sqlite3VdbeAddOp(v, OP_Integer, i, 0);
-        sqlite3VdbeAddOp(v, OP_Integer, cnum, 0);
-        assert( pTab->nCol>cnum );
-        sqlite3VdbeOp3(v, OP_String8, 0, 0, pTab->aCol[cnum].zName, 0);
-        sqlite3VdbeAddOp(v, OP_Callback, 3, 0);
-      }
-    }
-  }else
-
-  if( sqlite3StrICmp(zLeft, "index_list")==0 && zRight ){
-    Index *pIdx;
-    Table *pTab;
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    pTab = sqlite3FindTable(db, zRight, zDb);
-    if( pTab ){
-      v = sqlite3GetVdbe(pParse);
-      pIdx = pTab->pIndex;
-      if( pIdx ){
-        int i = 0; 
-        sqlite3VdbeSetNumCols(v, 3);
-        sqlite3VdbeSetColName(v, 0, "seq", P3_STATIC);
-        sqlite3VdbeSetColName(v, 1, "name", P3_STATIC);
-        sqlite3VdbeSetColName(v, 2, "unique", P3_STATIC);
-        while(pIdx){
-          sqlite3VdbeAddOp(v, OP_Integer, i, 0);
-          sqlite3VdbeOp3(v, OP_String8, 0, 0, pIdx->zName, 0);
-          sqlite3VdbeAddOp(v, OP_Integer, pIdx->onError!=OE_None, 0);
-          sqlite3VdbeAddOp(v, OP_Callback, 3, 0);
-          ++i;
-          pIdx = pIdx->pNext;
-        }
-      }
-    }
-  }else
-
-  if( sqlite3StrICmp(zLeft, "database_list")==0 ){
-    int i;
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    sqlite3VdbeSetNumCols(v, 3);
-    sqlite3VdbeSetColName(v, 0, "seq", P3_STATIC);
-    sqlite3VdbeSetColName(v, 1, "name", P3_STATIC);
-    sqlite3VdbeSetColName(v, 2, "file", P3_STATIC);
-    for(i=0; i<db->nDb; i++){
-      if( db->aDb[i].pBt==0 ) continue;
-      assert( db->aDb[i].zName!=0 );
-      sqlite3VdbeAddOp(v, OP_Integer, i, 0);
-      sqlite3VdbeOp3(v, OP_String8, 0, 0, db->aDb[i].zName, 0);
-      sqlite3VdbeOp3(v, OP_String8, 0, 0,
-           sqlite3BtreeGetFilename(db->aDb[i].pBt), 0);
-      sqlite3VdbeAddOp(v, OP_Callback, 3, 0);
-    }
-  }else
-
-  if( sqlite3StrICmp(zLeft, "collation_list")==0 ){
-    int i = 0;
-    HashElem *p;
-    sqlite3VdbeSetNumCols(v, 2);
-    sqlite3VdbeSetColName(v, 0, "seq", P3_STATIC);
-    sqlite3VdbeSetColName(v, 1, "name", P3_STATIC);
-    for(p=sqliteHashFirst(&db->aCollSeq); p; p=sqliteHashNext(p)){
-      CollSeq *pColl = (CollSeq *)sqliteHashData(p);
-      sqlite3VdbeAddOp(v, OP_Integer, i++, 0);
-      sqlite3VdbeOp3(v, OP_String8, 0, 0, pColl->zName, 0);
-      sqlite3VdbeAddOp(v, OP_Callback, 2, 0);
-    }
-  }else
-#endif /* SQLITE_OMIT_SCHEMA_PRAGMAS */
-
-#ifndef SQLITE_OMIT_FOREIGN_KEY
-  if( sqlite3StrICmp(zLeft, "foreign_key_list")==0 && zRight ){
-    FKey *pFK;
-    Table *pTab;
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    pTab = sqlite3FindTable(db, zRight, zDb);
-    if( pTab ){
-      v = sqlite3GetVdbe(pParse);
-      pFK = pTab->pFKey;
-      if( pFK ){
-        int i = 0; 
-        sqlite3VdbeSetNumCols(v, 5);
-        sqlite3VdbeSetColName(v, 0, "id", P3_STATIC);
-        sqlite3VdbeSetColName(v, 1, "seq", P3_STATIC);
-        sqlite3VdbeSetColName(v, 2, "table", P3_STATIC);
-        sqlite3VdbeSetColName(v, 3, "from", P3_STATIC);
-        sqlite3VdbeSetColName(v, 4, "to", P3_STATIC);
-        while(pFK){
-          int j;
-          for(j=0; j<pFK->nCol; j++){
-            sqlite3VdbeAddOp(v, OP_Integer, i, 0);
-            sqlite3VdbeAddOp(v, OP_Integer, j, 0);
-            sqlite3VdbeOp3(v, OP_String8, 0, 0, pFK->zTo, 0);
-            sqlite3VdbeOp3(v, OP_String8, 0, 0,
-                             pTab->aCol[pFK->aCol[j].iFrom].zName, 0);
-            sqlite3VdbeOp3(v, OP_String8, 0, 0, pFK->aCol[j].zCol, 0);
-            sqlite3VdbeAddOp(v, OP_Callback, 5, 0);
-          }
-          ++i;
-          pFK = pFK->pNextFrom;
-        }
-      }
-    }
-  }else
-#endif /* !defined(SQLITE_OMIT_FOREIGN_KEY) */
-
-#ifndef NDEBUG
-  if( sqlite3StrICmp(zLeft, "parser_trace")==0 ){
-    extern void sqlite3ParserTrace(FILE*, char *);
-    if( getBoolean(zRight) ){
-      sqlite3ParserTrace(stdout, "parser: ");
-    }else{
-      sqlite3ParserTrace(0, 0);
-    }
-  }else
-#endif
-
-#ifndef SQLITE_OMIT_INTEGRITY_CHECK
-  if( sqlite3StrICmp(zLeft, "integrity_check")==0 ){
-    int i, j, addr;
-
-    /* Code that initializes the integrity check program.  Set the
-    ** error count 0
-    */
-    static const VdbeOpList initCode[] = {
-      { OP_Integer,     0, 0,        0},
-      { OP_MemStore,    0, 1,        0},
-    };
-
-    /* Code that appears at the end of the integrity check.  If no error
-    ** messages have been generated, output OK.  Otherwise output the
-    ** error message
-    */
-    static const VdbeOpList endCode[] = {
-      { OP_MemLoad,     0, 0,        0},
-      { OP_Integer,     0, 0,        0},
-      { OP_Ne,          0, 0,        0},    /* 2 */
-      { OP_String8,     0, 0,        "ok"},
-      { OP_Callback,    1, 0,        0},
-    };
-
-    /* Initialize the VDBE program */
-    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-    sqlite3VdbeSetNumCols(v, 1);
-    sqlite3VdbeSetColName(v, 0, "integrity_check", P3_STATIC);
-    sqlite3VdbeAddOpList(v, ArraySize(initCode), initCode);
-
-    /* Do an integrity check on each database file */
-    for(i=0; i<db->nDb; i++){
-      HashElem *x;
-      int cnt = 0;
-
-      if( OMIT_TEMPDB && i==1 ) continue;
-
-      sqlite3CodeVerifySchema(pParse, i);
-
-      /* Do an integrity check of the B-Tree
-      */
-      for(x=sqliteHashFirst(&db->aDb[i].tblHash); x; x=sqliteHashNext(x)){
-        Table *pTab = sqliteHashData(x);
-        Index *pIdx;
-        sqlite3VdbeAddOp(v, OP_Integer, pTab->tnum, 0);
-        cnt++;
-        for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
-          if( sqlite3CheckIndexCollSeq(pParse, pIdx) ) goto pragma_out;
-          sqlite3VdbeAddOp(v, OP_Integer, pIdx->tnum, 0);
-          cnt++;
-        }
-      }
-      assert( cnt>0 );
-      sqlite3VdbeAddOp(v, OP_IntegrityCk, cnt, i);
-      sqlite3VdbeAddOp(v, OP_Dup, 0, 1);
-      addr = sqlite3VdbeOp3(v, OP_String8, 0, 0, "ok", P3_STATIC);
-      sqlite3VdbeAddOp(v, OP_Eq, 0, addr+6);
-      sqlite3VdbeOp3(v, OP_String8, 0, 0,
-         sqlite3MPrintf("*** in database %s ***\n", db->aDb[i].zName),
-         P3_DYNAMIC);
-      sqlite3VdbeAddOp(v, OP_Pull, 1, 0);
-      sqlite3VdbeAddOp(v, OP_Concat, 0, 1);
-      sqlite3VdbeAddOp(v, OP_Callback, 1, 0);
-
-      /* Make sure all the indices are constructed correctly.
-      */
-      sqlite3CodeVerifySchema(pParse, i);
-      for(x=sqliteHashFirst(&db->aDb[i].tblHash); x; x=sqliteHashNext(x)){
-        Table *pTab = sqliteHashData(x);
-        Index *pIdx;
-        int loopTop;
-
-        if( pTab->pIndex==0 ) continue;
-        sqlite3OpenTableAndIndices(pParse, pTab, 1, OP_OpenRead);
-        sqlite3VdbeAddOp(v, OP_Integer, 0, 0);
-        sqlite3VdbeAddOp(v, OP_MemStore, 1, 1);
-        loopTop = sqlite3VdbeAddOp(v, OP_Rewind, 1, 0);
-        sqlite3VdbeAddOp(v, OP_MemIncr, 1, 0);
-        for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
-          int jmp2;
-          static const VdbeOpList idxErr[] = {
-            { OP_MemIncr,     0,  0,  0},
-            { OP_String8,     0,  0,  "rowid "},
-            { OP_Rowid,       1,  0,  0},
-            { OP_String8,     0,  0,  " missing from index "},
-            { OP_String8,     0,  0,  0},    /* 4 */
-            { OP_Concat,      2,  0,  0},
-            { OP_Callback,    1,  0,  0},
-          };
-          sqlite3GenerateIndexKey(v, pIdx, 1);
-          jmp2 = sqlite3VdbeAddOp(v, OP_Found, j+2, 0);
-          addr = sqlite3VdbeAddOpList(v, ArraySize(idxErr), idxErr);
-          sqlite3VdbeChangeP3(v, addr+4, pIdx->zName, P3_STATIC);
-          sqlite3VdbeChangeP2(v, jmp2, sqlite3VdbeCurrentAddr(v));
-        }
-        sqlite3VdbeAddOp(v, OP_Next, 1, loopTop+1);
-        sqlite3VdbeChangeP2(v, loopTop, sqlite3VdbeCurrentAddr(v));
-        for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
-          static const VdbeOpList cntIdx[] = {
-             { OP_Integer,      0,  0,  0},
-             { OP_MemStore,     2,  1,  0},
-             { OP_Rewind,       0,  0,  0},  /* 2 */
-             { OP_MemIncr,      2,  0,  0},
-             { OP_Next,         0,  0,  0},  /* 4 */
-             { OP_MemLoad,      1,  0,  0},
-             { OP_MemLoad,      2,  0,  0},
-             { OP_Eq,           0,  0,  0},  /* 7 */
-             { OP_MemIncr,      0,  0,  0},
-             { OP_String8,      0,  0,  "wrong # of entries in index "},
-             { OP_String8,      0,  0,  0},  /* 10 */
-             { OP_Concat,       0,  0,  0},
-             { OP_Callback,     1,  0,  0},
-          };
-          if( pIdx->tnum==0 ) continue;
-          addr = sqlite3VdbeAddOpList(v, ArraySize(cntIdx), cntIdx);
-          sqlite3VdbeChangeP1(v, addr+2, j+2);
-          sqlite3VdbeChangeP2(v, addr+2, addr+5);
-          sqlite3VdbeChangeP1(v, addr+4, j+2);
-          sqlite3VdbeChangeP2(v, addr+4, addr+3);
-          sqlite3VdbeChangeP2(v, addr+7, addr+ArraySize(cntIdx));
-          sqlite3VdbeChangeP3(v, addr+10, pIdx->zName, P3_STATIC);
-        }
-      } 
-    }
-    addr = sqlite3VdbeAddOpList(v, ArraySize(endCode), endCode);
-    sqlite3VdbeChangeP2(v, addr+2, addr+ArraySize(endCode));
-  }else
-#endif /* SQLITE_OMIT_INTEGRITY_CHECK */
-
-#ifndef SQLITE_OMIT_UTF16
-  /*
-  **   PRAGMA encoding
-  **   PRAGMA encoding = "utf-8"|"utf-16"|"utf-16le"|"utf-16be"
-  **
-  ** In it's first form, this pragma returns the encoding of the main
-  ** database. If the database is not initialized, it is initialized now.
-  **
-  ** The second form of this pragma is a no-op if the main database file
-  ** has not already been initialized. In this case it sets the default
-  ** encoding that will be used for the main database file if a new file
-  ** is created. If an existing main database file is opened, then the
-  ** default text encoding for the existing database is used.
-  ** 
-  ** In all cases new databases created using the ATTACH command are
-  ** created to use the same default text encoding as the main database. If
-  ** the main database has not been initialized and/or created when ATTACH
-  ** is executed, this is done before the ATTACH operation.
-  **
-  ** In the second form this pragma sets the text encoding to be used in
-  ** new database files created using this database handle. It is only
-  ** useful if invoked immediately after the main database i
-  */
-  if( sqlite3StrICmp(zLeft, "encoding")==0 ){
-    static struct EncName {
-      char *zName;
-      u8 enc;
-    } encnames[] = {
-      { "UTF-8",    SQLITE_UTF8        },
-      { "UTF8",     SQLITE_UTF8        },
-      { "UTF-16le", SQLITE_UTF16LE     },
-      { "UTF16le",  SQLITE_UTF16LE     },
-      { "UTF-16be", SQLITE_UTF16BE     },
-      { "UTF16be",  SQLITE_UTF16BE     },
-      { "UTF-16",   0 /* Filled in at run-time */ },
-      { "UTF16",    0 /* Filled in at run-time */ },
-      { 0, 0 }
-    };
-    struct EncName *pEnc;
-    encnames[6].enc = encnames[7].enc = SQLITE_UTF16NATIVE;
-    if( !zRight ){    /* "PRAGMA encoding" */
-      if( sqlite3ReadSchema(pParse) ) goto pragma_out;
-      sqlite3VdbeSetNumCols(v, 1);
-      sqlite3VdbeSetColName(v, 0, "encoding", P3_STATIC);
-      sqlite3VdbeAddOp(v, OP_String8, 0, 0);
-      for(pEnc=&encnames[0]; pEnc->zName; pEnc++){
-        if( pEnc->enc==pParse->db->enc ){
-          sqlite3VdbeChangeP3(v, -1, pEnc->zName, P3_STATIC);
-          break;
-        }
-      }
-      sqlite3VdbeAddOp(v, OP_Callback, 1, 0);
-    }else{                        /* "PRAGMA encoding = XXX" */
-      /* Only change the value of sqlite.enc if the database handle is not
-      ** initialized. If the main database exists, the new sqlite.enc value
-      ** will be overwritten when the schema is next loaded. If it does not
-      ** already exists, it will be created to use the new encoding value.
-      */
-      if( !(pParse->db->flags&SQLITE_Initialized) ){
-        for(pEnc=&encnames[0]; pEnc->zName; pEnc++){
-          if( 0==sqlite3StrICmp(zRight, pEnc->zName) ){
-            pParse->db->enc = pEnc->enc;
-            break;
-          }
-        }
-        if( !pEnc->zName ){
-          sqlite3ErrorMsg(pParse, "unsupported encoding: %s", zRight);
-        }
-      }
-    }
-  }else
-#endif /* SQLITE_OMIT_UTF16 */
-
-#ifndef SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS
-  /*
-  **   PRAGMA [database.]schema_version
-  **   PRAGMA [database.]schema_version = <integer>
-  **
-  **   PRAGMA [database.]user_version
-  **   PRAGMA [database.]user_version = <integer>
-  **
-  ** The pragma's schema_version and user_version are used to set or get
-  ** the value of the schema-version and user-version, respectively. Both
-  ** the schema-version and the user-version are 32-bit signed integers
-  ** stored in the database header.
-  **
-  ** The schema-cookie is usually only manipulated internally by SQLite. It
-  ** is incremented by SQLite whenever the database schema is modified (by
-  ** creating or dropping a table or index). The schema version is used by
-  ** SQLite each time a query is executed to ensure that the internal cache
-  ** of the schema used when compiling the SQL query matches the schema of
-  ** the database against which the compiled query is actually executed.
-  ** Subverting this mechanism by using "PRAGMA schema_version" to modify
-  ** the schema-version is potentially dangerous and may lead to program
-  ** crashes or database corruption. Use with caution!
-  **
-  ** The user-version is not used internally by SQLite. It may be used by
-  ** applications for any purpose.
-  */
-  if( sqlite3StrICmp(zLeft, "schema_version")==0 ||
-      sqlite3StrICmp(zLeft, "user_version")==0 ){
-
-    int iCookie;   /* Cookie index. 0 for schema-cookie, 6 for user-cookie. */
-    if( zLeft[0]=='s' || zLeft[0]=='S' ){
-      iCookie = 0;
-    }else{
-      iCookie = 5;
-    }
-
-    if( zRight ){
-      /* Write the specified cookie value */
-      static const VdbeOpList setCookie[] = {
-        { OP_Transaction,    0,  1,  0},    /* 0 */
-        { OP_Integer,        0,  0,  0},    /* 1 */
-        { OP_SetCookie,      0,  0,  0},    /* 2 */
-      };
-      int addr = sqlite3VdbeAddOpList(v, ArraySize(setCookie), setCookie);
-      sqlite3VdbeChangeP1(v, addr, iDb);
-      sqlite3VdbeChangeP1(v, addr+1, atoi(zRight));
-      sqlite3VdbeChangeP1(v, addr+2, iDb);
-      sqlite3VdbeChangeP2(v, addr+2, iCookie);
-    }else{
-      /* Read the specified cookie value */
-      static const VdbeOpList readCookie[] = {
-        { OP_ReadCookie,      0,  0,  0},    /* 0 */
-        { OP_Callback,        1,  0,  0}
-      };
-      int addr = sqlite3VdbeAddOpList(v, ArraySize(readCookie), readCookie);
-      sqlite3VdbeChangeP1(v, addr, iDb);
-      sqlite3VdbeChangeP2(v, addr, iCookie);
-      sqlite3VdbeSetNumCols(v, 1);
-    }
-  }
-#endif /* SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS */
-
-#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
-  /*
-  ** Report the current state of file logs for all databases
-  */
-  if( sqlite3StrICmp(zLeft, "lock_status")==0 ){
-    static const char *const azLockName[] = {
-      "unlocked", "shared", "reserved", "pending", "exclusive"
-    };
-    int i;
-    Vdbe *v = sqlite3GetVdbe(pParse);
-    sqlite3VdbeSetNumCols(v, 2);
-    sqlite3VdbeSetColName(v, 0, "database", P3_STATIC);
-    sqlite3VdbeSetColName(v, 1, "status", P3_STATIC);
-    for(i=0; i<db->nDb; i++){
-      Btree *pBt;
-      Pager *pPager;
-      if( db->aDb[i].zName==0 ) continue;
-      sqlite3VdbeOp3(v, OP_String, 0, 0, db->aDb[i].zName, P3_STATIC);
-      pBt = db->aDb[i].pBt;
-      if( pBt==0 || (pPager = sqlite3BtreePager(pBt))==0 ){
-        sqlite3VdbeOp3(v, OP_String, 0, 0, "closed", P3_STATIC);
-      }else{
-        int j = sqlite3pager_lockstate(pPager);
-        sqlite3VdbeOp3(v, OP_String, 0, 0, 
-            (j>=0 && j<=4) ? azLockName[j] : "unknown", P3_STATIC);
-      }
-      sqlite3VdbeAddOp(v, OP_Callback, 2, 0);
-    }
-  }else
-#endif
-
-#ifdef SQLITE_SSE
-  /*
-  ** Check to see if the sqlite_statements table exists.  Create it
-  ** if it does not.
-  */
-  if( sqlite3StrICmp(zLeft, "create_sqlite_statement_table")==0 ){
-    extern int sqlite3CreateStatementsTable(Parse*);
-    sqlite3CreateStatementsTable(pParse);
-  }else
-#endif
-
-  {}
-
-  if( v ){
-    /* Code an OP_Expire at the end of each PRAGMA program to cause
-    ** the VDBE implementing the pragma to expire. Most (all?) pragmas
-    ** are only valid for a single execution.
-    */
-    sqlite3VdbeAddOp(v, OP_Expire, 1, 0);
-  }
-pragma_out:
-  sqliteFree(zLeft);
-  sqliteFree(zRight);
-}
-
-#endif /* SQLITE_OMIT_PRAGMA || SQLITE_OMIT_PARSER */
--- a/mozilla/security/nss/lib/sqlite/prepare.c
+++ b/mozilla/security/nss/lib/sqlite/prepare.c
@@ -1,529 +0,0 @@
-/*
-** 2005 May 25
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains the implementation of the sqlite3_prepare()
-** interface, and routines that contribute to loading the database schema
-** from disk.
-**
-** $Id: prepare.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include "os.h"
-#include <ctype.h>
-
-/*
-** Fill the InitData structure with an error message that indicates
-** that the database is corrupt.
-*/
-static void corruptSchema(InitData *pData, const char *zExtra){
-  if( !sqlite3_malloc_failed ){
-    sqlite3SetString(pData->pzErrMsg, "malformed database schema",
-       zExtra!=0 && zExtra[0]!=0 ? " - " : (char*)0, zExtra, (char*)0);
-  }
-}
-
-/*
-** This is the callback routine for the code that initializes the
-** database.  See sqlite3Init() below for additional information.
-** This routine is also called from the OP_ParseSchema opcode of the VDBE.
-**
-** Each callback contains the following information:
-**
-**     argv[0] = name of thing being created
-**     argv[1] = root page number for table or index.  NULL for trigger or view.
-**     argv[2] = SQL text for the CREATE statement.
-**     argv[3] = "1" for temporary files, "0" for main database, "2" or more
-**               for auxiliary database files.
-**
-*/
-int sqlite3InitCallback(void *pInit, int argc, char **argv, char **azColName){
-  InitData *pData = (InitData*)pInit;
-  sqlite3 *db = pData->db;
-  int iDb;
-
-  assert( argc==4 );
-  if( argv==0 ) return 0;   /* Might happen if EMPTY_RESULT_CALLBACKS are on */
-  if( argv[1]==0 || argv[3]==0 ){
-    corruptSchema(pData, 0);
-    return 1;
-  }
-  iDb = atoi(argv[3]);
-  assert( iDb>=0 && iDb<db->nDb );
-  if( argv[2] && argv[2][0] ){
-    /* Call the parser to process a CREATE TABLE, INDEX or VIEW.
-    ** But because db->init.busy is set to 1, no VDBE code is generated
-    ** or executed.  All the parser does is build the internal data
-    ** structures that describe the table, index, or view.
-    */
-    char *zErr;
-    int rc;
-    assert( db->init.busy );
-    db->init.iDb = iDb;
-    db->init.newTnum = atoi(argv[1]);
-    rc = sqlite3_exec(db, argv[2], 0, 0, &zErr);
-    db->init.iDb = 0;
-    if( SQLITE_OK!=rc ){
-      corruptSchema(pData, zErr);
-      sqlite3_free(zErr);
-      return rc;
-    }
-  }else{
-    /* If the SQL column is blank it means this is an index that
-    ** was created to be the PRIMARY KEY or to fulfill a UNIQUE
-    ** constraint for a CREATE TABLE.  The index should have already
-    ** been created when we processed the CREATE TABLE.  All we have
-    ** to do here is record the root page number for that index.
-    */
-    Index *pIndex;
-    pIndex = sqlite3FindIndex(db, argv[0], db->aDb[iDb].zName);
-    if( pIndex==0 || pIndex->tnum!=0 ){
-      /* This can occur if there exists an index on a TEMP table which
-      ** has the same name as another index on a permanent index.  Since
-      ** the permanent table is hidden by the TEMP table, we can also
-      ** safely ignore the index on the permanent table.
-      */
-      /* Do Nothing */;
-    }else{
-      pIndex->tnum = atoi(argv[1]);
-    }
-  }
-  return 0;
-}
-
-/*
-** Attempt to read the database schema and initialize internal
-** data structures for a single database file.  The index of the
-** database file is given by iDb.  iDb==0 is used for the main
-** database.  iDb==1 should never be used.  iDb>=2 is used for
-** auxiliary databases.  Return one of the SQLITE_ error codes to
-** indicate success or failure.
-*/
-static int sqlite3InitOne(sqlite3 *db, int iDb, char **pzErrMsg){
-  int rc;
-  BtCursor *curMain;
-  int size;
-  Table *pTab;
-  char const *azArg[5];
-  char zDbNum[30];
-  int meta[10];
-  InitData initData;
-  char const *zMasterSchema;
-  char const *zMasterName = SCHEMA_TABLE(iDb);
-
-  /*
-  ** The master database table has a structure like this
-  */
-  static const char master_schema[] = 
-     "CREATE TABLE sqlite_master(\n"
-     "  type text,\n"
-     "  name text,\n"
-     "  tbl_name text,\n"
-     "  rootpage integer,\n"
-     "  sql text\n"
-     ")"
-  ;
-#ifndef SQLITE_OMIT_TEMPDB
-  static const char temp_master_schema[] = 
-     "CREATE TEMP TABLE sqlite_temp_master(\n"
-     "  type text,\n"
-     "  name text,\n"
-     "  tbl_name text,\n"
-     "  rootpage integer,\n"
-     "  sql text\n"
-     ")"
-  ;
-#else
-  #define temp_master_schema 0
-#endif
-
-  assert( iDb>=0 && iDb<db->nDb );
-
-  /* zMasterSchema and zInitScript are set to point at the master schema
-  ** and initialisation script appropriate for the database being
-  ** initialised. zMasterName is the name of the master table.
-  */
-  if( !OMIT_TEMPDB && iDb==1 ){
-    zMasterSchema = temp_master_schema;
-  }else{
-    zMasterSchema = master_schema;
-  }
-  zMasterName = SCHEMA_TABLE(iDb);
-
-  /* Construct the schema tables.  */
-  sqlite3SafetyOff(db);
-  azArg[0] = zMasterName;
-  azArg[1] = "1";
-  azArg[2] = zMasterSchema;
-  sprintf(zDbNum, "%d", iDb);
-  azArg[3] = zDbNum;
-  azArg[4] = 0;
-  initData.db = db;
-  initData.pzErrMsg = pzErrMsg;
-  rc = sqlite3InitCallback(&initData, 4, (char **)azArg, 0);
-  if( rc!=SQLITE_OK ){
-    sqlite3SafetyOn(db);
-    return rc;
-  }
-  pTab = sqlite3FindTable(db, zMasterName, db->aDb[iDb].zName);
-  if( pTab ){
-    pTab->readOnly = 1;
-  }
-  sqlite3SafetyOn(db);
-
-  /* Create a cursor to hold the database open
-  */
-  if( db->aDb[iDb].pBt==0 ){
-    if( !OMIT_TEMPDB && iDb==1 ) DbSetProperty(db, 1, DB_SchemaLoaded);
-    return SQLITE_OK;
-  }
-  rc = sqlite3BtreeCursor(db->aDb[iDb].pBt, MASTER_ROOT, 0, 0, 0, &curMain);
-  if( rc!=SQLITE_OK && rc!=SQLITE_EMPTY ){
-    sqlite3SetString(pzErrMsg, sqlite3ErrStr(rc), (char*)0);
-    return rc;
-  }
-
-  /* Get the database meta information.
-  **
-  ** Meta values are as follows:
-  **    meta[0]   Schema cookie.  Changes with each schema change.
-  **    meta[1]   File format of schema layer.
-  **    meta[2]   Size of the page cache.
-  **    meta[3]   Use freelist if 0.  Autovacuum if greater than zero.
-  **    meta[4]   Db text encoding. 1:UTF-8 3:UTF-16 LE 4:UTF-16 BE
-  **    meta[5]   The user cookie. Used by the application.
-  **    meta[6]   
-  **    meta[7]
-  **    meta[8]
-  **    meta[9]
-  **
-  ** Note: The hash defined SQLITE_UTF* symbols in sqliteInt.h correspond to
-  ** the possible values of meta[4].
-  */
-  if( rc==SQLITE_OK ){
-    int i;
-    for(i=0; rc==SQLITE_OK && i<sizeof(meta)/sizeof(meta[0]); i++){
-      rc = sqlite3BtreeGetMeta(db->aDb[iDb].pBt, i+1, (u32 *)&meta[i]);
-    }
-    if( rc ){
-      sqlite3SetString(pzErrMsg, sqlite3ErrStr(rc), (char*)0);
-      sqlite3BtreeCloseCursor(curMain);
-      return rc;
-    }
-  }else{
-    memset(meta, 0, sizeof(meta));
-  }
-  db->aDb[iDb].schema_cookie = meta[0];
-
-  /* If opening a non-empty database, check the text encoding. For the
-  ** main database, set sqlite3.enc to the encoding of the main database.
-  ** For an attached db, it is an error if the encoding is not the same
-  ** as sqlite3.enc.
-  */
-  if( meta[4] ){  /* text encoding */
-    if( iDb==0 ){
-      /* If opening the main database, set db->enc. */
-      db->enc = (u8)meta[4];
-      db->pDfltColl = sqlite3FindCollSeq(db, db->enc, "BINARY", 6, 0);
-    }else{
-      /* If opening an attached database, the encoding much match db->enc */
-      if( meta[4]!=db->enc ){
-        sqlite3BtreeCloseCursor(curMain);
-        sqlite3SetString(pzErrMsg, "attached databases must use the same"
-            " text encoding as main database", (char*)0);
-        return SQLITE_ERROR;
-      }
-    }
-  }
-
-  size = meta[2];
-  if( size==0 ){ size = MAX_PAGES; }
-  db->aDb[iDb].cache_size = size;
-
-  if( iDb==0 ){
-    db->file_format = meta[1];
-    if( db->file_format==0 ){
-      /* This happens if the database was initially empty */
-      db->file_format = 1;
-    }
-
-    if( db->file_format==2 || db->file_format==3 ){
-      /* File format 2 is treated exactly as file format 1. New 
-      ** databases are created with file format 1.
-      */ 
-      db->file_format = 1;
-    }
-  }
-
-  /*
-  ** file_format==1    Version 3.0.0.
-  ** file_format==2    Version 3.1.3.
-  ** file_format==3    Version 3.1.4.
-  **
-  ** Version 3.0 can only use files with file_format==1. Version 3.1.3
-  ** can read and write files with file_format==1 or file_format==2.
-  ** Version 3.1.4 can read and write file formats 1, 2 and 3.
-  */
-  if( meta[1]>3 ){
-    sqlite3BtreeCloseCursor(curMain);
-    sqlite3SetString(pzErrMsg, "unsupported file format", (char*)0);
-    return SQLITE_ERROR;
-  }
-
-  sqlite3BtreeSetCacheSize(db->aDb[iDb].pBt, db->aDb[iDb].cache_size);
-
-  /* Read the schema information out of the schema tables
-  */
-  assert( db->init.busy );
-  if( rc==SQLITE_EMPTY ){
-    /* For an empty database, there is nothing to read */
-    rc = SQLITE_OK;
-  }else{
-    char *zSql;
-    zSql = sqlite3MPrintf(
-        "SELECT name, rootpage, sql, '%s' FROM '%q'.%s",
-        zDbNum, db->aDb[iDb].zName, zMasterName);
-    sqlite3SafetyOff(db);
-    rc = sqlite3_exec(db, zSql, sqlite3InitCallback, &initData, 0);
-    sqlite3SafetyOn(db);
-    sqliteFree(zSql);
-    sqlite3BtreeCloseCursor(curMain);
-  }
-  if( sqlite3_malloc_failed ){
-    sqlite3SetString(pzErrMsg, "out of memory", (char*)0);
-    rc = SQLITE_NOMEM;
-    sqlite3ResetInternalSchema(db, 0);
-  }
-  if( rc==SQLITE_OK ){
-    DbSetProperty(db, iDb, DB_SchemaLoaded);
-  }else{
-    sqlite3ResetInternalSchema(db, iDb);
-  }
-  return rc;
-}
-
-/*
-** Initialize all database files - the main database file, the file
-** used to store temporary tables, and any additional database files
-** created using ATTACH statements.  Return a success code.  If an
-** error occurs, write an error message into *pzErrMsg.
-**
-** After the database is initialized, the SQLITE_Initialized
-** bit is set in the flags field of the sqlite structure. 
-*/
-int sqlite3Init(sqlite3 *db, char **pzErrMsg){
-  int i, rc;
-  
-  if( db->init.busy ) return SQLITE_OK;
-  assert( (db->flags & SQLITE_Initialized)==0 );
-  rc = SQLITE_OK;
-  db->init.busy = 1;
-  for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
-    if( DbHasProperty(db, i, DB_SchemaLoaded) || i==1 ) continue;
-    rc = sqlite3InitOne(db, i, pzErrMsg);
-    if( rc ){
-      sqlite3ResetInternalSchema(db, i);
-    }
-  }
-
-  /* Once all the other databases have been initialised, load the schema
-  ** for the TEMP database. This is loaded last, as the TEMP database
-  ** schema may contain references to objects in other databases.
-  */
-#ifndef SQLITE_OMIT_TEMPDB
-  if( rc==SQLITE_OK && db->nDb>1 && !DbHasProperty(db, 1, DB_SchemaLoaded) ){
-    rc = sqlite3InitOne(db, 1, pzErrMsg);
-    if( rc ){
-      sqlite3ResetInternalSchema(db, 1);
-    }
-  }
-#endif
-
-  db->init.busy = 0;
-  if( rc==SQLITE_OK ){
-    db->flags |= SQLITE_Initialized;
-    sqlite3CommitInternalChanges(db);
-  }
-
-  if( rc!=SQLITE_OK ){
-    db->flags &= ~SQLITE_Initialized;
-  }
-  return rc;
-}
-
-/*
-** This routine is a no-op if the database schema is already initialised.
-** Otherwise, the schema is loaded. An error code is returned.
-*/
-int sqlite3ReadSchema(Parse *pParse){
-  int rc = SQLITE_OK;
-  sqlite3 *db = pParse->db;
-  if( !db->init.busy ){
-    if( (db->flags & SQLITE_Initialized)==0 ){
-      rc = sqlite3Init(db, &pParse->zErrMsg);
-    }
-  }
-  assert( rc!=SQLITE_OK || (db->flags & SQLITE_Initialized)||db->init.busy );
-  if( rc!=SQLITE_OK ){
-    pParse->rc = rc;
-    pParse->nErr++;
-  }
-  return rc;
-}
-
-
-/*
-** Check schema cookies in all databases.  If any cookie is out
-** of date, return 0.  If all schema cookies are current, return 1.
-*/
-static int schemaIsValid(sqlite3 *db){
-  int iDb;
-  int rc;
-  BtCursor *curTemp;
-  int cookie;
-  int allOk = 1;
-
-  for(iDb=0; allOk && iDb<db->nDb; iDb++){
-    Btree *pBt;
-    pBt = db->aDb[iDb].pBt;
-    if( pBt==0 ) continue;
-    rc = sqlite3BtreeCursor(pBt, MASTER_ROOT, 0, 0, 0, &curTemp);
-    if( rc==SQLITE_OK ){
-      rc = sqlite3BtreeGetMeta(pBt, 1, (u32 *)&cookie);
-      if( rc==SQLITE_OK && cookie!=db->aDb[iDb].schema_cookie ){
-        allOk = 0;
-      }
-      sqlite3BtreeCloseCursor(curTemp);
-    }
-  }
-  return allOk;
-}
-
-/*
-** Compile the UTF-8 encoded SQL statement zSql into a statement handle.
-*/
-int sqlite3_prepare(
-  sqlite3 *db,              /* Database handle. */
-  const char *zSql,         /* UTF-8 encoded SQL statement. */
-  int nBytes,               /* Length of zSql in bytes. */
-  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
-  const char** pzTail       /* OUT: End of parsed string */
-){
-  Parse sParse;
-  char *zErrMsg = 0;
-  int rc = SQLITE_OK;
-
-  if( sqlite3_malloc_failed ){
-    return SQLITE_NOMEM;
-  }
-
-  assert( ppStmt );
-  *ppStmt = 0;
-  if( sqlite3SafetyOn(db) ){
-    return SQLITE_MISUSE;
-  }
-
-  memset(&sParse, 0, sizeof(sParse));
-  sParse.db = db;
-  sqlite3RunParser(&sParse, zSql, &zErrMsg);
-
-  if( sqlite3_malloc_failed ){
-    rc = SQLITE_NOMEM;
-    sqlite3RollbackAll(db);
-    sqlite3ResetInternalSchema(db, 0);
-    db->flags &= ~SQLITE_InTrans;
-    goto prepare_out;
-  }
-  if( sParse.rc==SQLITE_DONE ) sParse.rc = SQLITE_OK;
-  if( sParse.rc!=SQLITE_OK && sParse.checkSchema && !schemaIsValid(db) ){
-    sParse.rc = SQLITE_SCHEMA;
-  }
-  if( sParse.rc==SQLITE_SCHEMA ){
-    sqlite3ResetInternalSchema(db, 0);
-  }
-  if( pzTail ) *pzTail = sParse.zTail;
-  rc = sParse.rc;
-
-#ifndef SQLITE_OMIT_EXPLAIN
-  if( rc==SQLITE_OK && sParse.pVdbe && sParse.explain ){
-    sqlite3VdbeSetNumCols(sParse.pVdbe, 5);
-    sqlite3VdbeSetColName(sParse.pVdbe, 0, "addr", P3_STATIC);
-    sqlite3VdbeSetColName(sParse.pVdbe, 1, "opcode", P3_STATIC);
-    sqlite3VdbeSetColName(sParse.pVdbe, 2, "p1", P3_STATIC);
-    sqlite3VdbeSetColName(sParse.pVdbe, 3, "p2", P3_STATIC);
-    sqlite3VdbeSetColName(sParse.pVdbe, 4, "p3", P3_STATIC);
-  } 
-#endif
-
-prepare_out:
-  if( sqlite3SafetyOff(db) ){
-    rc = SQLITE_MISUSE;
-  }
-  if( rc==SQLITE_OK ){
-    *ppStmt = (sqlite3_stmt*)sParse.pVdbe;
-  }else if( sParse.pVdbe ){
-    sqlite3_finalize((sqlite3_stmt*)sParse.pVdbe);
-  }
-
-  if( zErrMsg ){
-    sqlite3Error(db, rc, "%s", zErrMsg);
-    sqliteFree(zErrMsg);
-  }else{
-    sqlite3Error(db, rc, 0);
-  }
-  return rc;
-}
-
-#ifndef SQLITE_OMIT_UTF16
-/*
-** Compile the UTF-16 encoded SQL statement zSql into a statement handle.
-*/
-int sqlite3_prepare16(
-  sqlite3 *db,              /* Database handle. */ 
-  const void *zSql,         /* UTF-8 encoded SQL statement. */
-  int nBytes,               /* Length of zSql in bytes. */
-  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
-  const void **pzTail       /* OUT: End of parsed string */
-){
-  /* This function currently works by first transforming the UTF-16
-  ** encoded string to UTF-8, then invoking sqlite3_prepare(). The
-  ** tricky bit is figuring out the pointer to return in *pzTail.
-  */
-  char const *zSql8 = 0;
-  char const *zTail8 = 0;
-  int rc;
-  sqlite3_value *pTmp;
-
-  if( sqlite3SafetyCheck(db) ){
-    return SQLITE_MISUSE;
-  }
-  pTmp = sqlite3GetTransientValue(db);
-  sqlite3ValueSetStr(pTmp, -1, zSql, SQLITE_UTF16NATIVE, SQLITE_STATIC);
-  zSql8 = sqlite3ValueText(pTmp, SQLITE_UTF8);
-  if( !zSql8 ){
-    sqlite3Error(db, SQLITE_NOMEM, 0);
-    return SQLITE_NOMEM;
-  }
-  rc = sqlite3_prepare(db, zSql8, -1, ppStmt, &zTail8);
-
-  if( zTail8 && pzTail ){
-    /* If sqlite3_prepare returns a tail pointer, we calculate the
-    ** equivalent pointer into the UTF-16 string by counting the unicode
-    ** characters between zSql8 and zTail8, and then returning a pointer
-    ** the same number of characters into the UTF-16 string.
-    */
-    int chars_parsed = sqlite3utf8CharLen(zSql8, zTail8-zSql8);
-    *pzTail = (u8 *)zSql + sqlite3utf16ByteLen(zSql, chars_parsed);
-  }
- 
-  return rc;
-}
-#endif /* SQLITE_OMIT_UTF16 */
-
--- a/mozilla/security/nss/lib/sqlite/printf.c
+++ b/mozilla/security/nss/lib/sqlite/printf.c
@@ -1,831 +0,0 @@
-/*
-** The "printf" code that follows dates from the 1980's.  It is in
-** the public domain.  The original comments are included here for
-** completeness.  They are very out-of-date but might be useful as
-** an historical reference.  Most of the "enhancements" have been backed
-** out so that the functionality is now the same as standard printf().
-**
-**************************************************************************
-**
-** The following modules is an enhanced replacement for the "printf" subroutines
-** found in the standard C library.  The following enhancements are
-** supported:
-**
-**      +  Additional functions.  The standard set of "printf" functions
-**         includes printf, fprintf, sprintf, vprintf, vfprintf, and
-**         vsprintf.  This module adds the following:
-**
-**           *  snprintf -- Works like sprintf, but has an extra argument
-**                          which is the size of the buffer written to.
-**
-**           *  mprintf --  Similar to sprintf.  Writes output to memory
-**                          obtained from malloc.
-**
-**           *  xprintf --  Calls a function to dispose of output.
-**
-**           *  nprintf --  No output, but returns the number of characters
-**                          that would have been output by printf.
-**
-**           *  A v- version (ex: vsnprintf) of every function is also
-**              supplied.
-**
-**      +  A few extensions to the formatting notation are supported:
-**
-**           *  The "=" flag (similar to "-") causes the output to be
-**              be centered in the appropriately sized field.
-**
-**           *  The %b field outputs an integer in binary notation.
-**
-**           *  The %c field now accepts a precision.  The character output
-**              is repeated by the number of times the precision specifies.
-**
-**           *  The %' field works like %c, but takes as its character the
-**              next character of the format string, instead of the next
-**              argument.  For example,  printf("%.78'-")  prints 78 minus
-**              signs, the same as  printf("%.78c",'-').
-**
-**      +  When compiled using GCC on a SPARC, this version of printf is
-**         faster than the library printf for SUN OS 4.1.
-**
-**      +  All functions are fully reentrant.
-**
-*/
-#include "sqliteInt.h"
-
-/*
-** Conversion types fall into various categories as defined by the
-** following enumeration.
-*/
-#define etRADIX       1 /* Integer types.  %d, %x, %o, and so forth */
-#define etFLOAT       2 /* Floating point.  %f */
-#define etEXP         3 /* Exponentional notation. %e and %E */
-#define etGENERIC     4 /* Floating or exponential, depending on exponent. %g */
-#define etSIZE        5 /* Return number of characters processed so far. %n */
-#define etSTRING      6 /* Strings. %s */
-#define etDYNSTRING   7 /* Dynamically allocated strings. %z */
-#define etPERCENT     8 /* Percent symbol. %% */
-#define etCHARX       9 /* Characters. %c */
-#define etERROR      10 /* Used to indicate no such conversion type */
-/* The rest are extensions, not normally found in printf() */
-#define etCHARLIT    11 /* Literal characters.  %' */
-#define etSQLESCAPE  12 /* Strings with '\'' doubled.  %q */
-#define etSQLESCAPE2 13 /* Strings with '\'' doubled and enclosed in '',
-                          NULL pointers replaced by SQL NULL.  %Q */
-#define etTOKEN      14 /* a pointer to a Token structure */
-#define etSRCLIST    15 /* a pointer to a SrcList */
-#define etPOINTER    16 /* The %p conversion */
-
-
-/*
-** An "etByte" is an 8-bit unsigned value.
-*/
-typedef unsigned char etByte;
-
-/*
-** Each builtin conversion character (ex: the 'd' in "%d") is described
-** by an instance of the following structure
-*/
-typedef struct et_info {   /* Information about each format field */
-  char fmttype;            /* The format field code letter */
-  etByte base;             /* The base for radix conversion */
-  etByte flags;            /* One or more of FLAG_ constants below */
-  etByte type;             /* Conversion paradigm */
-  etByte charset;          /* Offset into aDigits[] of the digits string */
-  etByte prefix;           /* Offset into aPrefix[] of the prefix string */
-} et_info;
-
-/*
-** Allowed values for et_info.flags
-*/
-#define FLAG_SIGNED  1     /* True if the value to convert is signed */
-#define FLAG_INTERN  2     /* True if for internal use only */
-#define FLAG_STRING  4     /* Allow infinity precision */
-
-
-/*
-** The following table is searched linearly, so it is good to put the
-** most frequently used conversion types first.
-*/
-static const char aDigits[] = "0123456789ABCDEF0123456789abcdef";
-static const char aPrefix[] = "-x0\000X0";
-static const et_info fmtinfo[] = {
-  {  'd', 10, 1, etRADIX,      0,  0 },
-  {  's',  0, 4, etSTRING,     0,  0 },
-  {  'z',  0, 6, etDYNSTRING,  0,  0 },
-  {  'q',  0, 4, etSQLESCAPE,  0,  0 },
-  {  'Q',  0, 4, etSQLESCAPE2, 0,  0 },
-  {  'c',  0, 0, etCHARX,      0,  0 },
-  {  'o',  8, 0, etRADIX,      0,  2 },
-  {  'u', 10, 0, etRADIX,      0,  0 },
-  {  'x', 16, 0, etRADIX,      16, 1 },
-  {  'X', 16, 0, etRADIX,      0,  4 },
-  {  'f',  0, 1, etFLOAT,      0,  0 },
-  {  'e',  0, 1, etEXP,        30, 0 },
-  {  'E',  0, 1, etEXP,        14, 0 },
-  {  'g',  0, 1, etGENERIC,    30, 0 },
-  {  'G',  0, 1, etGENERIC,    14, 0 },
-  {  'i', 10, 1, etRADIX,      0,  0 },
-  {  'n',  0, 0, etSIZE,       0,  0 },
-  {  '%',  0, 0, etPERCENT,    0,  0 },
-  {  'p', 16, 0, etPOINTER,    0,  1 },
-  {  'T',  0, 2, etTOKEN,      0,  0 },
-  {  'S',  0, 2, etSRCLIST,    0,  0 },
-};
-#define etNINFO  (sizeof(fmtinfo)/sizeof(fmtinfo[0]))
-
-/*
-** If NOFLOATINGPOINT is defined, then none of the floating point
-** conversions will work.
-*/
-#ifndef etNOFLOATINGPOINT
-/*
-** "*val" is a double such that 0.1 <= *val < 10.0
-** Return the ascii code for the leading digit of *val, then
-** multiply "*val" by 10.0 to renormalize.
-**
-** Example:
-**     input:     *val = 3.14159
-**     output:    *val = 1.4159    function return = '3'
-**
-** The counter *cnt is incremented each time.  After counter exceeds
-** 16 (the number of significant digits in a 64-bit float) '0' is
-** always returned.
-*/
-static int et_getdigit(LONGDOUBLE_TYPE *val, int *cnt){
-  int digit;
-  LONGDOUBLE_TYPE d;
-  if( (*cnt)++ >= 16 ) return '0';
-  digit = (int)*val;
-  d = digit;
-  digit += '0';
-  *val = (*val - d)*10.0;
-  return digit;
-}
-#endif
-
-#define etBUFSIZE 1000  /* Size of the output buffer */
-
-/*
-** The root program.  All variations call this core.
-**
-** INPUTS:
-**   func   This is a pointer to a function taking three arguments
-**            1. A pointer to anything.  Same as the "arg" parameter.
-**            2. A pointer to the list of characters to be output
-**               (Note, this list is NOT null terminated.)
-**            3. An integer number of characters to be output.
-**               (Note: This number might be zero.)
-**
-**   arg    This is the pointer to anything which will be passed as the
-**          first argument to "func".  Use it for whatever you like.
-**
-**   fmt    This is the format string, as in the usual print.
-**
-**   ap     This is a pointer to a list of arguments.  Same as in
-**          vfprint.
-**
-** OUTPUTS:
-**          The return value is the total number of characters sent to
-**          the function "func".  Returns -1 on a error.
-**
-** Note that the order in which automatic variables are declared below
-** seems to make a big difference in determining how fast this beast
-** will run.
-*/
-static int vxprintf(
-  void (*func)(void*,const char*,int),     /* Consumer of text */
-  void *arg,                         /* First argument to the consumer */
-  int useExtended,                   /* Allow extended %-conversions */
-  const char *fmt,                   /* Format string */
-  va_list ap                         /* arguments */
-){
-  int c;                     /* Next character in the format string */
-  char *bufpt;               /* Pointer to the conversion buffer */
-  int precision;             /* Precision of the current field */
-  int length;                /* Length of the field */
-  int idx;                   /* A general purpose loop counter */
-  int count;                 /* Total number of characters output */
-  int width;                 /* Width of the current field */
-  etByte flag_leftjustify;   /* True if "-" flag is present */
-  etByte flag_plussign;      /* True if "+" flag is present */
-  etByte flag_blanksign;     /* True if " " flag is present */
-  etByte flag_alternateform; /* True if "#" flag is present */
-  etByte flag_zeropad;       /* True if field width constant starts with zero */
-  etByte flag_long;          /* True if "l" flag is present */
-  etByte flag_longlong;      /* True if the "ll" flag is present */
-  UINT64_TYPE longvalue;     /* Value for integer types */
-  LONGDOUBLE_TYPE realvalue; /* Value for real types */
-  const et_info *infop;      /* Pointer to the appropriate info structure */
-  char buf[etBUFSIZE];       /* Conversion buffer */
-  char prefix;               /* Prefix character.  "+" or "-" or " " or '\0'. */
-  etByte errorflag = 0;      /* True if an error is encountered */
-  etByte xtype;              /* Conversion paradigm */
-  char *zExtra;              /* Extra memory used for etTCLESCAPE conversions */
-  static const char spaces[] =
-   "                                                                         ";
-#define etSPACESIZE (sizeof(spaces)-1)
-#ifndef etNOFLOATINGPOINT
-  int  exp;                  /* exponent of real numbers */
-  double rounder;            /* Used for rounding floating point values */
-  etByte flag_dp;            /* True if decimal point should be shown */
-  etByte flag_rtz;           /* True if trailing zeros should be removed */
-  etByte flag_exp;           /* True to force display of the exponent */
-  int nsd;                   /* Number of significant digits returned */
-#endif
-
-  func(arg,"",0);
-  count = length = 0;
-  bufpt = 0;
-  for(; (c=(*fmt))!=0; ++fmt){
-    if( c!='%' ){
-      int amt;
-      bufpt = (char *)fmt;
-      amt = 1;
-      while( (c=(*++fmt))!='%' && c!=0 ) amt++;
-      (*func)(arg,bufpt,amt);
-      count += amt;
-      if( c==0 ) break;
-    }
-    if( (c=(*++fmt))==0 ){
-      errorflag = 1;
-      (*func)(arg,"%",1);
-      count++;
-      break;
-    }
-    /* Find out what flags are present */
-    flag_leftjustify = flag_plussign = flag_blanksign = 
-     flag_alternateform = flag_zeropad = 0;
-    do{
-      switch( c ){
-        case '-':   flag_leftjustify = 1;     c = 0;   break;
-        case '+':   flag_plussign = 1;        c = 0;   break;
-        case ' ':   flag_blanksign = 1;       c = 0;   break;
-        case '#':   flag_alternateform = 1;   c = 0;   break;
-        case '0':   flag_zeropad = 1;         c = 0;   break;
-        default:                                       break;
-      }
-    }while( c==0 && (c=(*++fmt))!=0 );
-    /* Get the field width */
-    width = 0;
-    if( c=='*' ){
-      width = va_arg(ap,int);
-      if( width<0 ){
-        flag_leftjustify = 1;
-        width = -width;
-      }
-      c = *++fmt;
-    }else{
-      while( c>='0' && c<='9' ){
-        width = width*10 + c - '0';
-        c = *++fmt;
-      }
-    }
-    if( width > etBUFSIZE-10 ){
-      width = etBUFSIZE-10;
-    }
-    /* Get the precision */
-    if( c=='.' ){
-      precision = 0;
-      c = *++fmt;
-      if( c=='*' ){
-        precision = va_arg(ap,int);
-        if( precision<0 ) precision = -precision;
-        c = *++fmt;
-      }else{
-        while( c>='0' && c<='9' ){
-          precision = precision*10 + c - '0';
-          c = *++fmt;
-        }
-      }
-    }else{
-      precision = -1;
-    }
-    /* Get the conversion type modifier */
-    if( c=='l' ){
-      flag_long = 1;
-      c = *++fmt;
-      if( c=='l' ){
-        flag_longlong = 1;
-        c = *++fmt;
-      }else{
-        flag_longlong = 0;
-      }
-    }else{
-      flag_long = flag_longlong = 0;
-    }
-    /* Fetch the info entry for the field */
-    infop = 0;
-    xtype = etERROR;
-    for(idx=0; idx<etNINFO; idx++){
-      if( c==fmtinfo[idx].fmttype ){
-        infop = &fmtinfo[idx];
-        if( useExtended || (infop->flags & FLAG_INTERN)==0 ){
-          xtype = infop->type;
-        }
-        break;
-      }
-    }
-    zExtra = 0;
-
-    /* Limit the precision to prevent overflowing buf[] during conversion */
-    if( precision>etBUFSIZE-40 && (infop->flags & FLAG_STRING)==0 ){
-      precision = etBUFSIZE-40;
-    }
-
-    /*
-    ** At this point, variables are initialized as follows:
-    **
-    **   flag_alternateform          TRUE if a '#' is present.
-    **   flag_plussign               TRUE if a '+' is present.
-    **   flag_leftjustify            TRUE if a '-' is present or if the
-    **                               field width was negative.
-    **   flag_zeropad                TRUE if the width began with 0.
-    **   flag_long                   TRUE if the letter 'l' (ell) prefixed
-    **                               the conversion character.
-    **   flag_longlong               TRUE if the letter 'll' (ell ell) prefixed
-    **                               the conversion character.
-    **   flag_blanksign              TRUE if a ' ' is present.
-    **   width                       The specified field width.  This is
-    **                               always non-negative.  Zero is the default.
-    **   precision                   The specified precision.  The default
-    **                               is -1.
-    **   xtype                       The class of the conversion.
-    **   infop                       Pointer to the appropriate info struct.
-    */
-    switch( xtype ){
-      case etPOINTER:
-        flag_longlong = sizeof(char*)==sizeof(i64);
-        flag_long = sizeof(char*)==sizeof(long int);
-        /* Fall through into the next case */
-      case etRADIX:
-        if( infop->flags & FLAG_SIGNED ){
-          i64 v;
-          if( flag_longlong )   v = va_arg(ap,i64);
-          else if( flag_long )  v = va_arg(ap,long int);
-          else                  v = va_arg(ap,int);
-          if( v<0 ){
-            longvalue = -v;
-            prefix = '-';
-          }else{
-            longvalue = v;
-            if( flag_plussign )        prefix = '+';
-            else if( flag_blanksign )  prefix = ' ';
-            else                       prefix = 0;
-          }
-        }else{
-          if( flag_longlong )   longvalue = va_arg(ap,u64);
-          else if( flag_long )  longvalue = va_arg(ap,unsigned long int);
-          else                  longvalue = va_arg(ap,unsigned int);
-          prefix = 0;
-        }
-        if( longvalue==0 ) flag_alternateform = 0;
-        if( flag_zeropad && precision<width-(prefix!=0) ){
-          precision = width-(prefix!=0);
-        }
-        bufpt = &buf[etBUFSIZE-1];
-        {
-          register const char *cset;      /* Use registers for speed */
-          register int base;
-          cset = &aDigits[infop->charset];
-          base = infop->base;
-          do{                                           /* Convert to ascii */
-            *(--bufpt) = cset[longvalue%base];
-            longvalue = longvalue/base;
-          }while( longvalue>0 );
-        }
-        length = &buf[etBUFSIZE-1]-bufpt;
-        for(idx=precision-length; idx>0; idx--){
-          *(--bufpt) = '0';                             /* Zero pad */
-        }
-        if( prefix ) *(--bufpt) = prefix;               /* Add sign */
-        if( flag_alternateform && infop->prefix ){      /* Add "0" or "0x" */
-          const char *pre;
-          char x;
-          pre = &aPrefix[infop->prefix];
-          if( *bufpt!=pre[0] ){
-            for(; (x=(*pre))!=0; pre++) *(--bufpt) = x;
-          }
-        }
-        length = &buf[etBUFSIZE-1]-bufpt;
-        break;
-      case etFLOAT:
-      case etEXP:
-      case etGENERIC:
-        realvalue = va_arg(ap,double);
-#ifndef etNOFLOATINGPOINT
-        if( precision<0 ) precision = 6;         /* Set default precision */
-        if( precision>etBUFSIZE-10 ) precision = etBUFSIZE-10;
-        if( realvalue<0.0 ){
-          realvalue = -realvalue;
-          prefix = '-';
-        }else{
-          if( flag_plussign )          prefix = '+';
-          else if( flag_blanksign )    prefix = ' ';
-          else                         prefix = 0;
-        }
-        if( infop->type==etGENERIC && precision>0 ) precision--;
-        rounder = 0.0;
-#if 0
-        /* Rounding works like BSD when the constant 0.4999 is used.  Wierd! */
-        for(idx=precision, rounder=0.4999; idx>0; idx--, rounder*=0.1);
-#else
-        /* It makes more sense to use 0.5 */
-        for(idx=precision, rounder=0.5; idx>0; idx--, rounder*=0.1);
-#endif
-        if( infop->type==etFLOAT ) realvalue += rounder;
-        /* Normalize realvalue to within 10.0 > realvalue >= 1.0 */
-        exp = 0;
-        if( realvalue>0.0 ){
-          while( realvalue>=1e8 && exp<=350 ){ realvalue *= 1e-8; exp+=8; }
-          while( realvalue>=10.0 && exp<=350 ){ realvalue *= 0.1; exp++; }
-          while( realvalue<1e-8 && exp>=-350 ){ realvalue *= 1e8; exp-=8; }
-          while( realvalue<1.0 && exp>=-350 ){ realvalue *= 10.0; exp--; }
-          if( exp>350 || exp<-350 ){
-            bufpt = "NaN";
-            length = 3;
-            break;
-          }
-        }
-        bufpt = buf;
-        /*
-        ** If the field type is etGENERIC, then convert to either etEXP
-        ** or etFLOAT, as appropriate.
-        */
-        flag_exp = xtype==etEXP;
-        if( xtype!=etFLOAT ){
-          realvalue += rounder;
-          if( realvalue>=10.0 ){ realvalue *= 0.1; exp++; }
-        }
-        if( xtype==etGENERIC ){
-          flag_rtz = !flag_alternateform;
-          if( exp<-4 || exp>precision ){
-            xtype = etEXP;
-          }else{
-            precision = precision - exp;
-            xtype = etFLOAT;
-          }
-        }else{
-          flag_rtz = 0;
-        }
-        /*
-        ** The "exp+precision" test causes output to be of type etEXP if
-        ** the precision is too large to fit in buf[].
-        */
-        nsd = 0;
-        if( xtype==etFLOAT && exp+precision<etBUFSIZE-30 ){
-          flag_dp = (precision>0 || flag_alternateform);
-          if( prefix ) *(bufpt++) = prefix;         /* Sign */
-          if( exp<0 )  *(bufpt++) = '0';            /* Digits before "." */
-          else for(; exp>=0; exp--) *(bufpt++) = et_getdigit(&realvalue,&nsd);
-          if( flag_dp ) *(bufpt++) = '.';           /* The decimal point */
-          for(exp++; exp<0 && precision>0; precision--, exp++){
-            *(bufpt++) = '0';
-          }
-          while( (precision--)>0 ) *(bufpt++) = et_getdigit(&realvalue,&nsd);
-          *(bufpt--) = 0;                           /* Null terminate */
-          if( flag_rtz && flag_dp ){     /* Remove trailing zeros and "." */
-            while( bufpt>=buf && *bufpt=='0' ) *(bufpt--) = 0;
-            if( bufpt>=buf && *bufpt=='.' ) *(bufpt--) = 0;
-          }
-          bufpt++;                            /* point to next free slot */
-        }else{    /* etEXP or etGENERIC */
-          flag_dp = (precision>0 || flag_alternateform);
-          if( prefix ) *(bufpt++) = prefix;   /* Sign */
-          *(bufpt++) = et_getdigit(&realvalue,&nsd);  /* First digit */
-          if( flag_dp ) *(bufpt++) = '.';     /* Decimal point */
-          while( (precision--)>0 ) *(bufpt++) = et_getdigit(&realvalue,&nsd);
-          bufpt--;                            /* point to last digit */
-          if( flag_rtz && flag_dp ){          /* Remove tail zeros */
-            while( bufpt>=buf && *bufpt=='0' ) *(bufpt--) = 0;
-            if( bufpt>=buf && *bufpt=='.' ) *(bufpt--) = 0;
-          }
-          bufpt++;                            /* point to next free slot */
-          if( exp || flag_exp ){
-            *(bufpt++) = aDigits[infop->charset];
-            if( exp<0 ){ *(bufpt++) = '-'; exp = -exp; } /* sign of exp */
-            else       { *(bufpt++) = '+'; }
-            if( exp>=100 ){
-              *(bufpt++) = (exp/100)+'0';                /* 100's digit */
-              exp %= 100;
-            }
-            *(bufpt++) = exp/10+'0';                     /* 10's digit */
-            *(bufpt++) = exp%10+'0';                     /* 1's digit */
-          }
-        }
-        /* The converted number is in buf[] and zero terminated. Output it.
-        ** Note that the number is in the usual order, not reversed as with
-        ** integer conversions. */
-        length = bufpt-buf;
-        bufpt = buf;
-
-        /* Special case:  Add leading zeros if the flag_zeropad flag is
-        ** set and we are not left justified */
-        if( flag_zeropad && !flag_leftjustify && length < width){
-          int i;
-          int nPad = width - length;
-          for(i=width; i>=nPad; i--){
-            bufpt[i] = bufpt[i-nPad];
-          }
-          i = prefix!=0;
-          while( nPad-- ) bufpt[i++] = '0';
-          length = width;
-        }
-#endif
-        break;
-      case etSIZE:
-        *(va_arg(ap,int*)) = count;
-        length = width = 0;
-        break;
-      case etPERCENT:
-        buf[0] = '%';
-        bufpt = buf;
-        length = 1;
-        break;
-      case etCHARLIT:
-      case etCHARX:
-        c = buf[0] = (xtype==etCHARX ? va_arg(ap,int) : *++fmt);
-        if( precision>=0 ){
-          for(idx=1; idx<precision; idx++) buf[idx] = c;
-          length = precision;
-        }else{
-          length =1;
-        }
-        bufpt = buf;
-        break;
-      case etSTRING:
-      case etDYNSTRING:
-        bufpt = va_arg(ap,char*);
-        if( bufpt==0 ){
-          bufpt = "";
-        }else if( xtype==etDYNSTRING ){
-          zExtra = bufpt;
-        }
-        length = strlen(bufpt);
-        if( precision>=0 && precision<length ) length = precision;
-        break;
-      case etSQLESCAPE:
-      case etSQLESCAPE2:
-        {
-          int i, j, n, c, isnull;
-          int needQuote;
-          char *arg = va_arg(ap,char*);
-          isnull = arg==0;
-          if( isnull ) arg = (xtype==etSQLESCAPE2 ? "NULL" : "(NULL)");
-          for(i=n=0; (c=arg[i])!=0; i++){
-            if( c=='\'' )  n++;
-          }
-          needQuote = !isnull && xtype==etSQLESCAPE2;
-          n += i + 1 + needQuote*2;
-          if( n>etBUFSIZE ){
-            bufpt = zExtra = sqliteMalloc( n );
-            if( bufpt==0 ) return -1;
-          }else{
-            bufpt = buf;
-          }
-          j = 0;
-          if( needQuote ) bufpt[j++] = '\'';
-          for(i=0; (c=arg[i])!=0; i++){
-            bufpt[j++] = c;
-            if( c=='\'' ) bufpt[j++] = c;
-          }
-          if( needQuote ) bufpt[j++] = '\'';
-          bufpt[j] = 0;
-          length = j;
-          if( precision>=0 && precision<length ) length = precision;
-        }
-        break;
-      case etTOKEN: {
-        Token *pToken = va_arg(ap, Token*);
-        if( pToken && pToken->z ){
-          (*func)(arg, pToken->z, pToken->n);
-        }
-        length = width = 0;
-        break;
-      }
-      case etSRCLIST: {
-        SrcList *pSrc = va_arg(ap, SrcList*);
-        int k = va_arg(ap, int);
-        struct SrcList_item *pItem = &pSrc->a[k];
-        assert( k>=0 && k<pSrc->nSrc );
-        if( pItem->zDatabase && pItem->zDatabase[0] ){
-          (*func)(arg, pItem->zDatabase, strlen(pItem->zDatabase));
-          (*func)(arg, ".", 1);
-        }
-        (*func)(arg, pItem->zName, strlen(pItem->zName));
-        length = width = 0;
-        break;
-      }
-      case etERROR:
-        buf[0] = '%';
-        buf[1] = c;
-        errorflag = 0;
-        idx = 1+(c!=0);
-        (*func)(arg,"%",idx);
-        count += idx;
-        if( c==0 ) fmt--;
-        break;
-    }/* End switch over the format type */
-    /*
-    ** The text of the conversion is pointed to by "bufpt" and is
-    ** "length" characters long.  The field width is "width".  Do
-    ** the output.
-    */
-    if( !flag_leftjustify ){
-      register int nspace;
-      nspace = width-length;
-      if( nspace>0 ){
-        count += nspace;
-        while( nspace>=etSPACESIZE ){
-          (*func)(arg,spaces,etSPACESIZE);
-          nspace -= etSPACESIZE;
-        }
-        if( nspace>0 ) (*func)(arg,spaces,nspace);
-      }
-    }
-    if( length>0 ){
-      (*func)(arg,bufpt,length);
-      count += length;
-    }
-    if( flag_leftjustify ){
-      register int nspace;
-      nspace = width-length;
-      if( nspace>0 ){
-        count += nspace;
-        while( nspace>=etSPACESIZE ){
-          (*func)(arg,spaces,etSPACESIZE);
-          nspace -= etSPACESIZE;
-        }
-        if( nspace>0 ) (*func)(arg,spaces,nspace);
-      }
-    }
-    if( zExtra ){
-      sqliteFree(zExtra);
-    }
-  }/* End for loop over the format string */
-  return errorflag ? -1 : count;
-} /* End of function */
-
-
-/* This structure is used to store state information about the
-** write to memory that is currently in progress.
-*/
-struct sgMprintf {
-  char *zBase;     /* A base allocation */
-  char *zText;     /* The string collected so far */
-  int  nChar;      /* Length of the string so far */
-  int  nTotal;     /* Output size if unconstrained */
-  int  nAlloc;     /* Amount of space allocated in zText */
-  void *(*xRealloc)(void*,int);  /* Function used to realloc memory */
-};
-
-/* 
-** This function implements the callback from vxprintf. 
-**
-** This routine add nNewChar characters of text in zNewText to
-** the sgMprintf structure pointed to by "arg".
-*/
-static void mout(void *arg, const char *zNewText, int nNewChar){
-  struct sgMprintf *pM = (struct sgMprintf*)arg;
-  pM->nTotal += nNewChar;
-  if( pM->nChar + nNewChar + 1 > pM->nAlloc ){
-    if( pM->xRealloc==0 ){
-      nNewChar =  pM->nAlloc - pM->nChar - 1;
-    }else{
-      pM->nAlloc = pM->nChar + nNewChar*2 + 1;
-      if( pM->zText==pM->zBase ){
-        pM->zText = pM->xRealloc(0, pM->nAlloc);
-        if( pM->zText && pM->nChar ){
-          memcpy(pM->zText, pM->zBase, pM->nChar);
-        }
-      }else{
-        pM->zText = pM->xRealloc(pM->zText, pM->nAlloc);
-      }
-    }
-  }
-  if( pM->zText ){
-    if( nNewChar>0 ){
-      memcpy(&pM->zText[pM->nChar], zNewText, nNewChar);
-      pM->nChar += nNewChar;
-    }
-    pM->zText[pM->nChar] = 0;
-  }
-}
-
-/*
-** This routine is a wrapper around xprintf() that invokes mout() as
-** the consumer.  
-*/
-static char *base_vprintf(
-  void *(*xRealloc)(void*,int),   /* Routine to realloc memory. May be NULL */
-  int useInternal,                /* Use internal %-conversions if true */
-  char *zInitBuf,                 /* Initially write here, before mallocing */
-  int nInitBuf,                   /* Size of zInitBuf[] */
-  const char *zFormat,            /* format string */
-  va_list ap                      /* arguments */
-){
-  struct sgMprintf sM;
-  sM.zBase = sM.zText = zInitBuf;
-  sM.nChar = sM.nTotal = 0;
-  sM.nAlloc = nInitBuf;
-  sM.xRealloc = xRealloc;
-  vxprintf(mout, &sM, useInternal, zFormat, ap);
-  if( xRealloc ){
-    if( sM.zText==sM.zBase ){
-      sM.zText = xRealloc(0, sM.nChar+1);
-      if( sM.zText ){
-        memcpy(sM.zText, sM.zBase, sM.nChar+1);
-      }
-    }else if( sM.nAlloc>sM.nChar+10 ){
-      sM.zText = xRealloc(sM.zText, sM.nChar+1);
-    }
-  }
-  return sM.zText;
-}
-
-/*
-** Realloc that is a real function, not a macro.
-*/
-static void *printf_realloc(void *old, int size){
-  return sqliteRealloc(old,size);
-}
-
-/*
-** Print into memory obtained from sqliteMalloc().  Use the internal
-** %-conversion extensions.
-*/
-char *sqlite3VMPrintf(const char *zFormat, va_list ap){
-  char zBase[1000];
-  return base_vprintf(printf_realloc, 1, zBase, sizeof(zBase), zFormat, ap);
-}
-
-/*
-** Print into memory obtained from sqliteMalloc().  Use the internal
-** %-conversion extensions.
-*/
-char *sqlite3MPrintf(const char *zFormat, ...){
-  va_list ap;
-  char *z;
-  char zBase[1000];
-  va_start(ap, zFormat);
-  z = base_vprintf(printf_realloc, 1, zBase, sizeof(zBase), zFormat, ap);
-  va_end(ap);
-  return z;
-}
-
-/*
-** Print into memory obtained from malloc().  Do not use the internal
-** %-conversion extensions.  This routine is for use by external users.
-*/
-char *sqlite3_mprintf(const char *zFormat, ...){
-  va_list ap;
-  char *z;
-  char zBuf[200];
-
-  va_start(ap,zFormat);
-  z = base_vprintf((void*(*)(void*,int))realloc, 0, 
-                   zBuf, sizeof(zBuf), zFormat, ap);
-  va_end(ap);
-  return z;
-}
-
-/* This is the varargs version of sqlite3_mprintf.  
-*/
-char *sqlite3_vmprintf(const char *zFormat, va_list ap){
-  char zBuf[200];
-  return base_vprintf((void*(*)(void*,int))realloc, 0,
-                      zBuf, sizeof(zBuf), zFormat, ap);
-}
-
-/*
-** sqlite3_snprintf() works like snprintf() except that it ignores the
-** current locale settings.  This is important for SQLite because we
-** are not able to use a "," as the decimal point in place of "." as
-** specified by some locales.
-*/
-char *sqlite3_snprintf(int n, char *zBuf, const char *zFormat, ...){
-  char *z;
-  va_list ap;
-
-  va_start(ap,zFormat);
-  z = base_vprintf(0, 0, zBuf, n, zFormat, ap);
-  va_end(ap);
-  return z;
-}
-
-#if defined(SQLITE_TEST) || defined(SQLITE_DEBUG)
-/*
-** A version of printf() that understands %lld.  Used for debugging.
-** The printf() built into some versions of windows does not understand %lld
-** and segfaults if you give it a long long int.
-*/
-void sqlite3DebugPrintf(const char *zFormat, ...){
-  extern int getpid(void);
-  va_list ap;
-  char zBuf[500];
-  va_start(ap, zFormat);
-  base_vprintf(0, 0, zBuf, sizeof(zBuf), zFormat, ap);
-  va_end(ap);
-  fprintf(stdout,"%d: %s", getpid(), zBuf);
-  fflush(stdout);
-}
-#endif
--- a/mozilla/security/nss/lib/sqlite/random.c
+++ b/mozilla/security/nss/lib/sqlite/random.c
@@ -1,100 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains code to implement a pseudo-random number
-** generator (PRNG) for SQLite.
-**
-** Random numbers are used by some of the database backends in order
-** to generate random integer keys for tables or random filenames.
-**
-** $Id: random.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include "os.h"
-
-
-/*
-** Get a single 8-bit random value from the RC4 PRNG.  The Mutex
-** must be held while executing this routine.
-**
-** Why not just use a library random generator like lrand48() for this?
-** Because the OP_NewRowid opcode in the VDBE depends on having a very
-** good source of random numbers.  The lrand48() library function may
-** well be good enough.  But maybe not.  Or maybe lrand48() has some
-** subtle problems on some systems that could cause problems.  It is hard
-** to know.  To minimize the risk of problems due to bad lrand48()
-** implementations, SQLite uses this random number generator based
-** on RC4, which we know works very well.
-**
-** (Later):  Actually, OP_NewRowid does not depend on a good source of
-** randomness any more.  But we will leave this code in all the same.
-*/
-static int randomByte(){
-  unsigned char t;
-
-  /* All threads share a single random number generator.
-  ** This structure is the current state of the generator.
-  */
-  static struct {
-    unsigned char isInit;          /* True if initialized */
-    unsigned char i, j;            /* State variables */
-    unsigned char s[256];          /* State variables */
-  } prng;
-
-  /* Initialize the state of the random number generator once,
-  ** the first time this routine is called.  The seed value does
-  ** not need to contain a lot of randomness since we are not
-  ** trying to do secure encryption or anything like that...
-  **
-  ** Nothing in this file or anywhere else in SQLite does any kind of
-  ** encryption.  The RC4 algorithm is being used as a PRNG (pseudo-random
-  ** number generator) not as an encryption device.
-  */
-  if( !prng.isInit ){
-    int i;
-    char k[256];
-    prng.j = 0;
-    prng.i = 0;
-    sqlite3OsRandomSeed(k);
-    for(i=0; i<256; i++){
-      prng.s[i] = i;
-    }
-    for(i=0; i<256; i++){
-      prng.j += prng.s[i] + k[i];
-      t = prng.s[prng.j];
-      prng.s[prng.j] = prng.s[i];
-      prng.s[i] = t;
-    }
-    prng.isInit = 1;
-  }
-
-  /* Generate and return single random byte
-  */
-  prng.i++;
-  t = prng.s[prng.i];
-  prng.j += t;
-  prng.s[prng.i] = prng.s[prng.j];
-  prng.s[prng.j] = t;
-  t += prng.s[prng.i];
-  return prng.s[t];
-}
-
-/*
-** Return N random bytes.
-*/
-void sqlite3Randomness(int N, void *pBuf){
-  unsigned char *zBuf = pBuf;
-  sqlite3OsEnterMutex();
-  while( N-- ){
-    *(zBuf++) = randomByte();
-  }
-  sqlite3OsLeaveMutex();
-}
--- a/mozilla/security/nss/lib/sqlite/select.c
+++ b/mozilla/security/nss/lib/sqlite/select.c
--- a/mozilla/security/nss/lib/sqlite/shell.c
+++ b/mozilla/security/nss/lib/sqlite/shell.c
--- a/mozilla/security/nss/lib/sqlite/sqlite.def
+++ b/mozilla/security/nss/lib/sqlite/sqlite.def
@@ -1,153 +0,0 @@
-;+#
-;+# ***** BEGIN LICENSE BLOCK *****
-;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-;+#
-;+# The contents of this file are subject to the Mozilla Public License Version
-;+# 1.1 (the "License"); you may not use this file except in compliance with
-;+# the License. You may obtain a copy of the License at
-;+# http://www.mozilla.org/MPL/
-;+#
-;+# Software distributed under the License is distributed on an "AS IS" basis,
-;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-;+# for the specific language governing rights and limitations under the
-;+# License.
-;+#
-;+# The Original Code is the Netscape security libraries.
-;+#
-;+# The Initial Developer of the Original Code is
-;+# Netscape Communications Corporation.
-;+# Portions created by the Initial Developer are Copyright (C) 2000
-;+# the Initial Developer. All Rights Reserved.
-;+#
-;+# Contributor(s):
-;+#
-;+# Alternatively, the contents of this file may be used under the terms of
-;+# either the GNU General Public License Version 2 or later (the "GPL"), or
-;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-;+# in which case the provisions of the GPL or the LGPL are applicable instead
-;+# of those above. If you wish to allow use of your version of this file only
-;+# under the terms of either the GPL or the LGPL, and not to allow others to
-;+# use your version of this file under the terms of the MPL, indicate your
-;+# decision by deleting the provisions above and replace them with the notice
-;+# and other provisions required by the GPL or the LGPL. If you do not delete
-;+# the provisions above, a recipient may use your version of this file under
-;+# the terms of any one of the MPL, the GPL or the LGPL.
-;+#
-;+# ***** END LICENSE BLOCK *****
-;+#
-;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
-;+#   1. For all unix platforms, the string ";-"  means "remove this line"
-;+#   2. For all unix platforms, the string " DATA " will be removed from any 
-;+#     line on which it occurs.
-;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
-;+#      On AIX, lines containing ";+" will be removed.
-;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
-;+#   5. For all unix platforms, after the above processing has taken place,
-;+#    all characters after the first ";" on the line will be removed.
-;+#    And for AIX, the first ";" will also be removed.
-;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
-;+#   directives are hidden behind ";", ";+", and ";-"
-;+
-;+SQLITE_3.3.2 {       # SQLITE 3.3.2
-;+    global:
-LIBRARY sqlite3 ;-
-EXPORTS ;-
-sqlite3_aggregate_context;
-sqlite3_aggregate_count;
-sqlite3_bind_blob;
-sqlite3_bind_double;
-sqlite3_bind_int;
-sqlite3_bind_int64;
-sqlite3_bind_null;
-sqlite3_bind_parameter_count;
-sqlite3_bind_parameter_index;
-sqlite3_bind_parameter_name;
-sqlite3_bind_text;
-sqlite3_bind_text16;
-sqlite3_busy_handler;
-sqlite3_busy_timeout;
-sqlite3_changes;
-sqlite3_close;
-sqlite3_collation_needed;
-sqlite3_collation_needed16;
-sqlite3_column_blob;
-sqlite3_column_bytes;
-sqlite3_column_bytes16;
-sqlite3_column_count;
-sqlite3_column_decltype;
-sqlite3_column_decltype16;
-sqlite3_column_double;
-sqlite3_column_int;
-sqlite3_column_int64;
-sqlite3_column_name;
-sqlite3_column_name16;
-sqlite3_column_text;
-sqlite3_column_text16;
-sqlite3_column_type;
-sqlite3_commit_hook;
-sqlite3_complete;
-sqlite3_complete16;
-sqlite3_create_collation;
-sqlite3_create_collation16;
-sqlite3_create_function;
-sqlite3_create_function16;
-sqlite3_data_count;
-sqlite3_db_handle;
-sqlite3_errcode;
-sqlite3_errmsg;
-sqlite3_errmsg16;
-sqlite3_exec;
-sqlite3_expired;
-sqlite3_finalize;
-sqlite3_free;
-sqlite3_free_table;
-sqlite3_get_autocommit;
-sqlite3_get_auxdata;
-sqlite3_get_table;
-sqlite3_global_recover;
-sqlite3_interrupt;
-sqlite3_last_insert_rowid;
-sqlite3_libversion;
-sqlite3_libversion_number;
-sqlite3_mprintf;
-sqlite3_open;
-sqlite3_open16;
-sqlite3_prepare;
-sqlite3_prepare16;
-sqlite3_progress_handler;
-sqlite3_reset;
-sqlite3_result_blob;
-sqlite3_result_double;
-sqlite3_result_error;
-sqlite3_result_error16;
-sqlite3_result_int;
-sqlite3_result_int64;
-sqlite3_result_null;
-sqlite3_result_text;
-sqlite3_result_text16;
-sqlite3_result_text16be;
-sqlite3_result_text16le;
-sqlite3_result_value;
-sqlite3_set_authorizer;
-sqlite3_set_auxdata;
-sqlite3_snprintf;
-sqlite3_step;
-sqlite3_total_changes;
-sqlite3_trace;
-sqlite3_transfer_bindings;
-sqlite3_user_data;
-sqlite3_value_blob;
-sqlite3_value_bytes;
-sqlite3_value_bytes16;
-sqlite3_value_double;
-sqlite3_value_int;
-sqlite3_value_int64;
-sqlite3_value_text;
-sqlite3_value_text16;
-sqlite3_value_text16be;
-sqlite3_value_text16le;
-sqlite3_value_type;
-sqlite3_vmprintf;
-;+    local:
-;+*;
-;+};
--- a/mozilla/security/nss/lib/sqlite/sqlite.rc
+++ b/mozilla/security/nss/lib/sqlite/sqlite.rc
@@ -1,101 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2001
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nss.h"
-#include <winver.h>
-
-#define MY_LIBNAME "sqlite"
-#define MY_FILEDESCRIPTION "SQL Lite Library"
-
-#define STRINGIZE(x) #x
-#define STRINGIZE2(x) STRINGIZE(x)
-#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
-
-#ifdef _DEBUG
-#define MY_DEBUG_STR " (debug)"
-#define MY_FILEFLAGS_1 VS_FF_DEBUG
-#else
-#define MY_DEBUG_STR ""
-#define MY_FILEFLAGS_1 0x0L
-#endif
-#if NSS_BETA
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
-#else
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
-#endif
-
-#ifdef WINNT
-#define MY_FILEOS VOS_NT_WINDOWS32
-#else
-#define MY_FILEOS VOS__WINDOWS32
-#endif
-
-#define MY_INTERNAL_NAME MY_LIBNAME "3"
-
-/////////////////////////////////////////////////////////////////////////////
-//
-// Version-information resource
-//
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,3,2,0
- PRODUCTVERSION 3,3,2,0
- FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
- FILEFLAGS MY_FILEFLAGS_2
- FILEOS MY_FILEOS
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L // not used
-
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
-        BEGIN
-            VALUE "CompanyName", "Mozilla foundation\0"
-            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
-            VALUE "FileVersion", "3.2.2" "\0"
-            VALUE "InternalName", MY_INTERNAL_NAME "\0"
-            VALUE "LegalCopyright", "None"
-            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
-            VALUE "ProductName", "SQL Lite\0"
-            VALUE "ProductVersion", "3.2.2" "\0"
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 1200
-    END
-END
--- a/mozilla/security/nss/lib/sqlite/sqlite3.h
+++ b/mozilla/security/nss/lib/sqlite/sqlite3.h
--- a/mozilla/security/nss/lib/sqlite/sqliteInt.h
+++ b/mozilla/security/nss/lib/sqlite/sqliteInt.h
--- a/mozilla/security/nss/lib/sqlite/table.c
+++ b/mozilla/security/nss/lib/sqlite/table.c
@@ -1,195 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains the sqlite3_get_table() and sqlite3_free_table()
-** interface routines.  These are just wrappers around the main
-** interface routine of sqlite3_exec().
-**
-** These routines are in a separate files so that they will not be linked
-** if they are not used.
-*/
-#include <stdlib.h>
-#include <string.h>
-#include "sqliteInt.h"
-
-/*
-** This structure is used to pass data from sqlite3_get_table() through
-** to the callback function is uses to build the result.
-*/
-typedef struct TabResult {
-  char **azResult;
-  char *zErrMsg;
-  int nResult;
-  int nAlloc;
-  int nRow;
-  int nColumn;
-  int nData;
-  int rc;
-} TabResult;
-
-/*
-** This routine is called once for each row in the result table.  Its job
-** is to fill in the TabResult structure appropriately, allocating new
-** memory as necessary.
-*/
-static int sqlite3_get_table_cb(void *pArg, int nCol, char **argv, char **colv){
-  TabResult *p = (TabResult*)pArg;
-  int need;
-  int i;
-  char *z;
-
-  /* Make sure there is enough space in p->azResult to hold everything
-  ** we need to remember from this invocation of the callback.
-  */
-  if( p->nRow==0 && argv!=0 ){
-    need = nCol*2;
-  }else{
-    need = nCol;
-  }
-  if( p->nData + need >= p->nAlloc ){
-    char **azNew;
-    p->nAlloc = p->nAlloc*2 + need + 1;
-    azNew = realloc( p->azResult, sizeof(char*)*p->nAlloc );
-    if( azNew==0 ) goto malloc_failed;
-    p->azResult = azNew;
-  }
-
-  /* If this is the first row, then generate an extra row containing
-  ** the names of all columns.
-  */
-  if( p->nRow==0 ){
-    p->nColumn = nCol;
-    for(i=0; i<nCol; i++){
-      if( colv[i]==0 ){
-        z = 0;
-      }else{
-        z = malloc( strlen(colv[i])+1 );
-        if( z==0 ) goto malloc_failed;
-        strcpy(z, colv[i]);
-      }
-      p->azResult[p->nData++] = z;
-    }
-  }else if( p->nColumn!=nCol ){
-    sqlite3SetString(&p->zErrMsg,
-       "sqlite3_get_table() called with two or more incompatible queries",
-       (char*)0);
-    p->rc = SQLITE_ERROR;
-    return 1;
-  }
-
-  /* Copy over the row data
-  */
-  if( argv!=0 ){
-    for(i=0; i<nCol; i++){
-      if( argv[i]==0 ){
-        z = 0;
-      }else{
-        z = malloc( strlen(argv[i])+1 );
-        if( z==0 ) goto malloc_failed;
-        strcpy(z, argv[i]);
-      }
-      p->azResult[p->nData++] = z;
-    }
-    p->nRow++;
-  }
-  return 0;
-
-malloc_failed:
-  p->rc = SQLITE_NOMEM;
-  return 1;
-}
-
-/*
-** Query the database.  But instead of invoking a callback for each row,
-** malloc() for space to hold the result and return the entire results
-** at the conclusion of the call.
-**
-** The result that is written to ***pazResult is held in memory obtained
-** from malloc().  But the caller cannot free this memory directly.  
-** Instead, the entire table should be passed to sqlite3_free_table() when
-** the calling procedure is finished using it.
-*/
-int sqlite3_get_table(
-  sqlite3 *db,                /* The database on which the SQL executes */
-  const char *zSql,           /* The SQL to be executed */
-  char ***pazResult,          /* Write the result table here */
-  int *pnRow,                 /* Write the number of rows in the result here */
-  int *pnColumn,              /* Write the number of columns of result here */
-  char **pzErrMsg             /* Write error messages here */
-){
-  int rc;
-  TabResult res;
-  if( pazResult==0 ){ return SQLITE_ERROR; }
-  *pazResult = 0;
-  if( pnColumn ) *pnColumn = 0;
-  if( pnRow ) *pnRow = 0;
-  res.zErrMsg = 0;
-  res.nResult = 0;
-  res.nRow = 0;
-  res.nColumn = 0;
-  res.nData = 1;
-  res.nAlloc = 20;
-  res.rc = SQLITE_OK;
-  res.azResult = malloc( sizeof(char*)*res.nAlloc );
-  if( res.azResult==0 ) return SQLITE_NOMEM;
-  res.azResult[0] = 0;
-  rc = sqlite3_exec(db, zSql, sqlite3_get_table_cb, &res, pzErrMsg);
-  if( res.azResult ){
-    res.azResult[0] = (char*)res.nData;
-  }
-  if( rc==SQLITE_ABORT ){
-    sqlite3_free_table(&res.azResult[1]);
-    if( res.zErrMsg ){
-      if( pzErrMsg ){
-        free(*pzErrMsg);
-        *pzErrMsg = sqlite3_mprintf("%s",res.zErrMsg);
-      }
-      sqliteFree(res.zErrMsg);
-    }
-    db->errCode = res.rc;
-    return res.rc;
-  }
-  sqliteFree(res.zErrMsg);
-  if( rc!=SQLITE_OK ){
-    sqlite3_free_table(&res.azResult[1]);
-    return rc;
-  }
-  if( res.nAlloc>res.nData ){
-    char **azNew;
-    azNew = realloc( res.azResult, sizeof(char*)*(res.nData+1) );
-    if( azNew==0 ){
-      sqlite3_free_table(&res.azResult[1]);
-      return SQLITE_NOMEM;
-    }
-    res.nAlloc = res.nData+1;
-    res.azResult = azNew;
-  }
-  *pazResult = &res.azResult[1];
-  if( pnColumn ) *pnColumn = res.nColumn;
-  if( pnRow ) *pnRow = res.nRow;
-  return rc;
-}
-
-/*
-** This routine frees the space the sqlite3_get_table() malloced.
-*/
-void sqlite3_free_table(
-  char **azResult            /* Result returned from from sqlite3_get_table() */
-){
-  if( azResult ){
-    int i, n;
-    azResult--;
-    if( azResult==0 ) return;
-    n = (int)azResult[0];
-    for(i=1; i<n; i++){ if( azResult[i] ) free(azResult[i]); }
-    free(azResult);
-  }
-}
--- a/mozilla/security/nss/lib/sqlite/tclsqlite.c
+++ b/mozilla/security/nss/lib/sqlite/tclsqlite.c
--- a/mozilla/security/nss/lib/sqlite/tokenize.c
+++ b/mozilla/security/nss/lib/sqlite/tokenize.c
@@ -1,670 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** An tokenizer for SQL
-**
-** This file contains C code that splits an SQL input string up into
-** individual tokens and sends those tokens one-by-one over to the
-** parser for analysis.
-**
-** $Id: tokenize.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include "os.h"
-#include <ctype.h>
-#include <stdlib.h>
-
-/*
-** The sqlite3KeywordCode function looks up an identifier to determine if
-** it is a keyword.  If it is a keyword, the token code of that keyword is 
-** returned.  If the input is not a keyword, TK_ID is returned.
-**
-** The implementation of this routine was generated by a program,
-** mkkeywordhash.h, located in the tool subdirectory of the distribution.
-** The output of the mkkeywordhash.c program is written into a file
-** named keywordhash.h and then included into this source file by
-** the #include below.
-*/
-#include "keywordhash.h"
-
-
-/*
-** If X is a character that can be used in an identifier and
-** X&0x80==0 then isIdChar[X] will be 1.  If X&0x80==0x80 then
-** X is always an identifier character.  (Hence all UTF-8
-** characters can be part of an identifier).  isIdChar[X] will
-** be 0 for every character in the lower 128 ASCII characters
-** that cannot be used as part of an identifier.
-**
-** In this implementation, an identifier can be a string of
-** alphabetic characters, digits, and "_" plus any character
-** with the high-order bit set.  The latter rule means that
-** any sequence of UTF-8 characters or characters taken from
-** an extended ISO8859 character set can form an identifier.
-**
-** Ticket #1066.  the SQL standard does not allow '$' in the
-** middle of identfiers.  But many SQL implementations do. 
-** SQLite will allow '$' in identifiers for compatibility.
-** But the feature is undocumented.
-*/
-static const char isIdChar[] = {
-/* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF */
-    0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  /* 2x */
-    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,  /* 3x */
-    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,  /* 4x */
-    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,  /* 5x */
-    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,  /* 6x */
-    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,  /* 7x */
-};
-
-#define IdChar(C)  (((c=C)&0x80)!=0 || (c>0x1f && isIdChar[c-0x20]))
-
-/*
-** Return the length of the token that begins at z[0]. 
-** Store the token type in *tokenType before returning.
-*/
-static int getToken(const unsigned char *z, int *tokenType){
-  int i, c;
-  switch( *z ){
-    case ' ': case '\t': case '\n': case '\f': case '\r': {
-      for(i=1; isspace(z[i]); i++){}
-      *tokenType = TK_SPACE;
-      return i;
-    }
-    case '-': {
-      if( z[1]=='-' ){
-        for(i=2; (c=z[i])!=0 && c!='\n'; i++){}
-        *tokenType = TK_COMMENT;
-        return i;
-      }
-      *tokenType = TK_MINUS;
-      return 1;
-    }
-    case '(': {
-      *tokenType = TK_LP;
-      return 1;
-    }
-    case ')': {
-      *tokenType = TK_RP;
-      return 1;
-    }
-    case ';': {
-      *tokenType = TK_SEMI;
-      return 1;
-    }
-    case '+': {
-      *tokenType = TK_PLUS;
-      return 1;
-    }
-    case '*': {
-      *tokenType = TK_STAR;
-      return 1;
-    }
-    case '/': {
-      if( z[1]!='*' || z[2]==0 ){
-        *tokenType = TK_SLASH;
-        return 1;
-      }
-      for(i=3, c=z[2]; (c!='*' || z[i]!='/') && (c=z[i])!=0; i++){}
-      if( c ) i++;
-      *tokenType = TK_COMMENT;
-      return i;
-    }
-    case '%': {
-      *tokenType = TK_REM;
-      return 1;
-    }
-    case '=': {
-      *tokenType = TK_EQ;
-      return 1 + (z[1]=='=');
-    }
-    case '<': {
-      if( (c=z[1])=='=' ){
-        *tokenType = TK_LE;
-        return 2;
-      }else if( c=='>' ){
-        *tokenType = TK_NE;
-        return 2;
-      }else if( c=='<' ){
-        *tokenType = TK_LSHIFT;
-        return 2;
-      }else{
-        *tokenType = TK_LT;
-        return 1;
-      }
-    }
-    case '>': {
-      if( (c=z[1])=='=' ){
-        *tokenType = TK_GE;
-        return 2;
-      }else if( c=='>' ){
-        *tokenType = TK_RSHIFT;
-        return 2;
-      }else{
-        *tokenType = TK_GT;
-        return 1;
-      }
-    }
-    case '!': {
-      if( z[1]!='=' ){
-        *tokenType = TK_ILLEGAL;
-        return 2;
-      }else{
-        *tokenType = TK_NE;
-        return 2;
-      }
-    }
-    case '|': {
-      if( z[1]!='|' ){
-        *tokenType = TK_BITOR;
-        return 1;
-      }else{
-        *tokenType = TK_CONCAT;
-        return 2;
-      }
-    }
-    case ',': {
-      *tokenType = TK_COMMA;
-      return 1;
-    }
-    case '&': {
-      *tokenType = TK_BITAND;
-      return 1;
-    }
-    case '~': {
-      *tokenType = TK_BITNOT;
-      return 1;
-    }
-    case '#': {
-      for(i=1; isdigit(z[i]) || (i==1 && z[1]=='-'); i++){}
-      *tokenType = TK_REGISTER;
-      return i;
-    }
-    case '\'': case '"': {
-      int delim = z[0];
-      for(i=1; (c=z[i])!=0; i++){
-        if( c==delim ){
-          if( z[i+1]==delim ){
-            i++;
-          }else{
-            break;
-          }
-        }
-      }
-      if( c ) i++;
-      *tokenType = TK_STRING;
-      return i;
-    }
-    case '.': {
-      *tokenType = TK_DOT;
-      return 1;
-    }
-    case '0': case '1': case '2': case '3': case '4':
-    case '5': case '6': case '7': case '8': case '9': {
-      *tokenType = TK_INTEGER;
-      for(i=1; isdigit(z[i]); i++){}
-#ifndef SQLITE_OMIT_FLOATING_POINT
-      if( z[i]=='.' && isdigit(z[i+1]) ){
-        i += 2;
-        while( isdigit(z[i]) ){ i++; }
-        *tokenType = TK_FLOAT;
-      }
-      if( (z[i]=='e' || z[i]=='E') &&
-           ( isdigit(z[i+1]) 
-            || ((z[i+1]=='+' || z[i+1]=='-') && isdigit(z[i+2]))
-           )
-      ){
-        i += 2;
-        while( isdigit(z[i]) ){ i++; }
-        *tokenType = TK_FLOAT;
-      }
-#endif
-      return i;
-    }
-    case '[': {
-      for(i=1, c=z[0]; c!=']' && (c=z[i])!=0; i++){}
-      *tokenType = TK_ID;
-      return i;
-    }
-    case '?': {
-      *tokenType = TK_VARIABLE;
-      for(i=1; isdigit(z[i]); i++){}
-      return i;
-    }
-    case ':': {
-      for(i=1; IdChar(z[i]); i++){}
-      *tokenType = i>1 ? TK_VARIABLE : TK_ILLEGAL;
-      return i;
-    }
-#ifndef SQLITE_OMIT_TCL_VARIABLE
-    case '$': {
-      *tokenType = TK_VARIABLE;
-      if( z[1]=='{' ){
-        int nBrace = 1;
-        for(i=2; (c=z[i])!=0 && nBrace; i++){
-          if( c=='{' ){
-            nBrace++;
-          }else if( c=='}' ){
-            nBrace--;
-          }
-        }
-        if( c==0 ) *tokenType = TK_ILLEGAL;
-      }else{
-        int n = 0;
-        for(i=1; (c=z[i])!=0; i++){
-          if( isalnum(c) || c=='_' ){
-            n++;
-          }else if( c=='(' && n>0 ){
-            do{
-              i++;
-            }while( (c=z[i])!=0 && !isspace(c) && c!=')' );
-            if( c==')' ){
-              i++;
-            }else{
-              *tokenType = TK_ILLEGAL;
-            }
-            break;
-          }else if( c==':' && z[i+1]==':' ){
-            i++;
-          }else{
-            break;
-          }
-        }
-        if( n==0 ) *tokenType = TK_ILLEGAL;
-      }
-      return i;
-    }
-#endif
-#ifndef SQLITE_OMIT_BLOB_LITERAL
-    case 'x': case 'X': {
-      if( (c=z[1])=='\'' || c=='"' ){
-        int delim = c;
-        *tokenType = TK_BLOB;
-        for(i=2; (c=z[i])!=0; i++){
-          if( c==delim ){
-            if( i%2 ) *tokenType = TK_ILLEGAL;
-            break;
-          }
-          if( !isxdigit(c) ){
-            *tokenType = TK_ILLEGAL;
-            return i;
-          }
-        }
-        if( c ) i++;
-        return i;
-      }
-      /* Otherwise fall through to the next case */
-    }
-#endif
-    default: {
-      if( !IdChar(*z) ){
-        break;
-      }
-      for(i=1; IdChar(z[i]); i++){}
-      *tokenType = keywordCode((char*)z, i);
-      return i;
-    }
-  }
-  *tokenType = TK_ILLEGAL;
-  return 1;
-}
-int sqlite3GetToken(const unsigned char *z, int *tokenType){
-  return getToken(z, tokenType);
-}
-
-/*
-** Run the parser on the given SQL string.  The parser structure is
-** passed in.  An SQLITE_ status code is returned.  If an error occurs
-** and pzErrMsg!=NULL then an error message might be written into 
-** memory obtained from malloc() and *pzErrMsg made to point to that
-** error message.  Or maybe not.
-*/
-int sqlite3RunParser(Parse *pParse, const char *zSql, char **pzErrMsg){
-  int nErr = 0;
-  int i;
-  void *pEngine;
-  int tokenType;
-  int lastTokenParsed = -1;
-  sqlite3 *db = pParse->db;
-  extern void *sqlite3ParserAlloc(void*(*)(int));
-  extern void sqlite3ParserFree(void*, void(*)(void*));
-  extern int sqlite3Parser(void*, int, Token, Parse*);
-
-  db->flags &= ~SQLITE_Interrupt;
-  pParse->rc = SQLITE_OK;
-  i = 0;
-  pEngine = sqlite3ParserAlloc((void*(*)(int))sqlite3MallocX);
-  if( pEngine==0 ){
-    sqlite3SetString(pzErrMsg, "out of memory", (char*)0);
-    return SQLITE_NOMEM;
-  }
-  assert( pParse->sLastToken.dyn==0 );
-  assert( pParse->pNewTable==0 );
-  assert( pParse->pNewTrigger==0 );
-  assert( pParse->nVar==0 );
-  assert( pParse->nVarExpr==0 );
-  assert( pParse->nVarExprAlloc==0 );
-  assert( pParse->apVarExpr==0 );
-  pParse->zTail = pParse->zSql = zSql;
-  while( sqlite3_malloc_failed==0 && zSql[i]!=0 ){
-    assert( i>=0 );
-    pParse->sLastToken.z = &zSql[i];
-    assert( pParse->sLastToken.dyn==0 );
-    pParse->sLastToken.n = getToken((unsigned char*)&zSql[i],&tokenType);
-    i += pParse->sLastToken.n;
-    switch( tokenType ){
-      case TK_SPACE:
-      case TK_COMMENT: {
-        if( (db->flags & SQLITE_Interrupt)!=0 ){
-          pParse->rc = SQLITE_INTERRUPT;
-          sqlite3SetString(pzErrMsg, "interrupt", (char*)0);
-          goto abort_parse;
-        }
-        break;
-      }
-      case TK_ILLEGAL: {
-        if( pzErrMsg ){
-          sqliteFree(*pzErrMsg);
-          *pzErrMsg = sqlite3MPrintf("unrecognized token: \"%T\"",
-                          &pParse->sLastToken);
-        }
-        nErr++;
-        goto abort_parse;
-      }
-      case TK_SEMI: {
-        pParse->zTail = &zSql[i];
-        /* Fall thru into the default case */
-      }
-      default: {
-        sqlite3Parser(pEngine, tokenType, pParse->sLastToken, pParse);
-        lastTokenParsed = tokenType;
-        if( pParse->rc!=SQLITE_OK ){
-          goto abort_parse;
-        }
-        break;
-      }
-    }
-  }
-abort_parse:
-  if( zSql[i]==0 && nErr==0 && pParse->rc==SQLITE_OK ){
-    if( lastTokenParsed!=TK_SEMI ){
-      sqlite3Parser(pEngine, TK_SEMI, pParse->sLastToken, pParse);
-      pParse->zTail = &zSql[i];
-    }
-    sqlite3Parser(pEngine, 0, pParse->sLastToken, pParse);
-  }
-  sqlite3ParserFree(pEngine, sqlite3FreeX);
-  if( sqlite3_malloc_failed ){
-    pParse->rc = SQLITE_NOMEM;
-  }
-  if( pParse->rc!=SQLITE_OK && pParse->rc!=SQLITE_DONE && pParse->zErrMsg==0 ){
-    sqlite3SetString(&pParse->zErrMsg, sqlite3ErrStr(pParse->rc),
-                    (char*)0);
-  }
-  if( pParse->zErrMsg ){
-    if( pzErrMsg && *pzErrMsg==0 ){
-      *pzErrMsg = pParse->zErrMsg;
-    }else{
-      sqliteFree(pParse->zErrMsg);
-    }
-    pParse->zErrMsg = 0;
-    if( !nErr ) nErr++;
-  }
-  if( pParse->pVdbe && pParse->nErr>0 && pParse->nested==0 ){
-    sqlite3VdbeDelete(pParse->pVdbe);
-    pParse->pVdbe = 0;
-  }
-  sqlite3DeleteTable(pParse->db, pParse->pNewTable);
-  sqlite3DeleteTrigger(pParse->pNewTrigger);
-  sqliteFree(pParse->apVarExpr);
-  if( nErr>0 && (pParse->rc==SQLITE_OK || pParse->rc==SQLITE_DONE) ){
-    pParse->rc = SQLITE_ERROR;
-  }
-  return nErr;
-}
-
-/* The sqlite3_complete() API may be omitted (to save code space) by
-** defining the following symbol.
-*/
-#ifndef SQLITE_OMIT_COMPLETE
-
-/*
-** Token types used by the sqlite3_complete() routine.  See the header
-** comments on that procedure for additional information.
-*/
-#define tkSEMI    0
-#define tkWS      1
-#define tkOTHER   2
-#define tkEXPLAIN 3
-#define tkCREATE  4
-#define tkTEMP    5
-#define tkTRIGGER 6
-#define tkEND     7
-
-/*
-** Return TRUE if the given SQL string ends in a semicolon.
-**
-** Special handling is require for CREATE TRIGGER statements.
-** Whenever the CREATE TRIGGER keywords are seen, the statement
-** must end with ";END;".
-**
-** This implementation uses a state machine with 7 states:
-**
-**   (0) START     At the beginning or end of an SQL statement.  This routine
-**                 returns 1 if it ends in the START state and 0 if it ends
-**                 in any other state.
-**
-**   (1) NORMAL    We are in the middle of statement which ends with a single
-**                 semicolon.
-**
-**   (2) EXPLAIN   The keyword EXPLAIN has been seen at the beginning of 
-**                 a statement.
-**
-**   (3) CREATE    The keyword CREATE has been seen at the beginning of a
-**                 statement, possibly preceeded by EXPLAIN and/or followed by
-**                 TEMP or TEMPORARY
-**
-**   (4) TRIGGER   We are in the middle of a trigger definition that must be
-**                 ended by a semicolon, the keyword END, and another semicolon.
-**
-**   (5) SEMI      We've seen the first semicolon in the ";END;" that occurs at
-**                 the end of a trigger definition.
-**
-**   (6) END       We've seen the ";END" of the ";END;" that occurs at the end
-**                 of a trigger difinition.
-**
-** Transitions between states above are determined by tokens extracted
-** from the input.  The following tokens are significant:
-**
-**   (0) tkSEMI      A semicolon.
-**   (1) tkWS        Whitespace
-**   (2) tkOTHER     Any other SQL token.
-**   (3) tkEXPLAIN   The "explain" keyword.
-**   (4) tkCREATE    The "create" keyword.
-**   (5) tkTEMP      The "temp" or "temporary" keyword.
-**   (6) tkTRIGGER   The "trigger" keyword.
-**   (7) tkEND       The "end" keyword.
-**
-** Whitespace never causes a state transition and is always ignored.
-**
-** If we compile with SQLITE_OMIT_TRIGGER, all of the computation needed
-** to recognize the end of a trigger can be omitted.  All we have to do
-** is look for a semicolon that is not part of an string or comment.
-*/
-int sqlite3_complete(const char *zSql){
-  u8 state = 0;   /* Current state, using numbers defined in header comment */
-  u8 token;       /* Value of the next token */
-
-#ifndef SQLITE_OMIT_TRIGGER
-  /* A complex statement machine used to detect the end of a CREATE TRIGGER
-  ** statement.  This is the normal case.
-  */
-  static const u8 trans[7][8] = {
-                     /* Token:                                                */
-     /* State:       **  SEMI  WS  OTHER EXPLAIN  CREATE  TEMP  TRIGGER  END  */
-     /* 0   START: */ {    0,  0,     1,      2,      3,    1,       1,   1,  },
-     /* 1  NORMAL: */ {    0,  1,     1,      1,      1,    1,       1,   1,  },
-     /* 2 EXPLAIN: */ {    0,  2,     1,      1,      3,    1,       1,   1,  },
-     /* 3  CREATE: */ {    0,  3,     1,      1,      1,    3,       4,   1,  },
-     /* 4 TRIGGER: */ {    5,  4,     4,      4,      4,    4,       4,   4,  },
-     /* 5    SEMI: */ {    5,  5,     4,      4,      4,    4,       4,   6,  },
-     /* 6     END: */ {    0,  6,     4,      4,      4,    4,       4,   4,  },
-  };
-#else
-  /* If triggers are not suppored by this compile then the statement machine
-  ** used to detect the end of a statement is much simplier
-  */
-  static const u8 trans[2][3] = {
-                     /* Token:           */
-     /* State:       **  SEMI  WS  OTHER */
-     /* 0   START: */ {    0,  0,     1, },
-     /* 1  NORMAL: */ {    0,  1,     1, },
-  };
-#endif /* SQLITE_OMIT_TRIGGER */
-
-  while( *zSql ){
-    switch( *zSql ){
-      case ';': {  /* A semicolon */
-        token = tkSEMI;
-        break;
-      }
-      case ' ':
-      case '\r':
-      case '\t':
-      case '\n':
-      case '\f': {  /* White space is ignored */
-        token = tkWS;
-        break;
-      }
-      case '/': {   /* C-style comments */
-        if( zSql[1]!='*' ){
-          token = tkOTHER;
-          break;
-        }
-        zSql += 2;
-        while( zSql[0] && (zSql[0]!='*' || zSql[1]!='/') ){ zSql++; }
-        if( zSql[0]==0 ) return 0;
-        zSql++;
-        token = tkWS;
-        break;
-      }
-      case '-': {   /* SQL-style comments from "--" to end of line */
-        if( zSql[1]!='-' ){
-          token = tkOTHER;
-          break;
-        }
-        while( *zSql && *zSql!='\n' ){ zSql++; }
-        if( *zSql==0 ) return state==0;
-        token = tkWS;
-        break;
-      }
-      case '[': {   /* Microsoft-style identifiers in [...] */
-        zSql++;
-        while( *zSql && *zSql!=']' ){ zSql++; }
-        if( *zSql==0 ) return 0;
-        token = tkOTHER;
-        break;
-      }
-      case '"':     /* single- and double-quoted strings */
-      case '\'': {
-        int c = *zSql;
-        zSql++;
-        while( *zSql && *zSql!=c ){ zSql++; }
-        if( *zSql==0 ) return 0;
-        token = tkOTHER;
-        break;
-      }
-      default: {
-        int c;
-        if( IdChar((u8)*zSql) ){
-          /* Keywords and unquoted identifiers */
-          int nId;
-          for(nId=1; IdChar(zSql[nId]); nId++){}
-#ifdef SQLITE_OMIT_TRIGGER
-          token = tkOTHER;
-#else
-          switch( *zSql ){
-            case 'c': case 'C': {
-              if( nId==6 && sqlite3StrNICmp(zSql, "create", 6)==0 ){
-                token = tkCREATE;
-              }else{
-                token = tkOTHER;
-              }
-              break;
-            }
-            case 't': case 'T': {
-              if( nId==7 && sqlite3StrNICmp(zSql, "trigger", 7)==0 ){
-                token = tkTRIGGER;
-              }else if( nId==4 && sqlite3StrNICmp(zSql, "temp", 4)==0 ){
-                token = tkTEMP;
-              }else if( nId==9 && sqlite3StrNICmp(zSql, "temporary", 9)==0 ){
-                token = tkTEMP;
-              }else{
-                token = tkOTHER;
-              }
-              break;
-            }
-            case 'e':  case 'E': {
-              if( nId==3 && sqlite3StrNICmp(zSql, "end", 3)==0 ){
-                token = tkEND;
-              }else
-#ifndef SQLITE_OMIT_EXPLAIN
-              if( nId==7 && sqlite3StrNICmp(zSql, "explain", 7)==0 ){
-                token = tkEXPLAIN;
-              }else
-#endif
-              {
-                token = tkOTHER;
-              }
-              break;
-            }
-            default: {
-              token = tkOTHER;
-              break;
-            }
-          }
-#endif /* SQLITE_OMIT_TRIGGER */
-          zSql += nId-1;
-        }else{
-          /* Operators and special symbols */
-          token = tkOTHER;
-        }
-        break;
-      }
-    }
-    state = trans[state][token];
-    zSql++;
-  }
-  return state==0;
-}
-
-#ifndef SQLITE_OMIT_UTF16
-/*
-** This routine is the same as the sqlite3_complete() routine described
-** above, except that the parameter is required to be UTF-16 encoded, not
-** UTF-8.
-*/
-int sqlite3_complete16(const void *zSql){
-  sqlite3_value *pVal;
-  char const *zSql8;
-  int rc = 0;
-
-  pVal = sqlite3ValueNew();
-  sqlite3ValueSetStr(pVal, -1, zSql, SQLITE_UTF16NATIVE, SQLITE_STATIC);
-  zSql8 = sqlite3ValueText(pVal, SQLITE_UTF8);
-  if( zSql8 ){
-    rc = sqlite3_complete(zSql8);
-  }
-  sqlite3ValueFree(pVal);
-  return rc;
-}
-#endif /* SQLITE_OMIT_UTF16 */
-#endif /* SQLITE_OMIT_COMPLETE */
--- a/mozilla/security/nss/lib/sqlite/trigger.c
+++ b/mozilla/security/nss/lib/sqlite/trigger.c
@@ -1,802 +0,0 @@
-/*
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-*
-*/
-#include "sqliteInt.h"
-
-#ifndef SQLITE_OMIT_TRIGGER
-/*
-** Delete a linked list of TriggerStep structures.
-*/
-void sqlite3DeleteTriggerStep(TriggerStep *pTriggerStep){
-  while( pTriggerStep ){
-    TriggerStep * pTmp = pTriggerStep;
-    pTriggerStep = pTriggerStep->pNext;
-
-    if( pTmp->target.dyn ) sqliteFree((char*)pTmp->target.z);
-    sqlite3ExprDelete(pTmp->pWhere);
-    sqlite3ExprListDelete(pTmp->pExprList);
-    sqlite3SelectDelete(pTmp->pSelect);
-    sqlite3IdListDelete(pTmp->pIdList);
-
-    sqliteFree(pTmp);
-  }
-}
-
-/*
-** This is called by the parser when it sees a CREATE TRIGGER statement
-** up to the point of the BEGIN before the trigger actions.  A Trigger
-** structure is generated based on the information available and stored
-** in pParse->pNewTrigger.  After the trigger actions have been parsed, the
-** sqlite3FinishTrigger() function is called to complete the trigger
-** construction process.
-*/
-void sqlite3BeginTrigger(
-  Parse *pParse,      /* The parse context of the CREATE TRIGGER statement */
-  Token *pName1,      /* The name of the trigger */
-  Token *pName2,      /* The name of the trigger */
-  int tr_tm,          /* One of TK_BEFORE, TK_AFTER, TK_INSTEAD */
-  int op,             /* One of TK_INSERT, TK_UPDATE, TK_DELETE */
-  IdList *pColumns,   /* column list if this is an UPDATE OF trigger */
-  SrcList *pTableName,/* The name of the table/view the trigger applies to */
-  int foreach,        /* One of TK_ROW or TK_STATEMENT */
-  Expr *pWhen,        /* WHEN clause */
-  int isTemp          /* True if the TEMPORARY keyword is present */
-){
-  Trigger *pTrigger = 0;
-  Table *pTab;
-  char *zName = 0;        /* Name of the trigger */
-  sqlite3 *db = pParse->db;
-  int iDb;                /* The database to store the trigger in */
-  Token *pName;           /* The unqualified db name */
-  DbFixer sFix;
-
-  if( isTemp ){
-    /* If TEMP was specified, then the trigger name may not be qualified. */
-    if( pName2 && pName2->n>0 ){
-      sqlite3ErrorMsg(pParse, "temporary trigger may not have qualified name");
-      goto trigger_cleanup;
-    }
-    iDb = 1;
-    pName = pName1;
-  }else{
-    /* Figure out the db that the the trigger will be created in */
-    iDb = sqlite3TwoPartName(pParse, pName1, pName2, &pName);
-    if( iDb<0 ){
-      goto trigger_cleanup;
-    }
-  }
-
-  /* If the trigger name was unqualified, and the table is a temp table,
-  ** then set iDb to 1 to create the trigger in the temporary database.
-  ** If sqlite3SrcListLookup() returns 0, indicating the table does not
-  ** exist, the error is caught by the block below.
-  */
-  if( !pTableName || sqlite3_malloc_failed ) goto trigger_cleanup;
-  pTab = sqlite3SrcListLookup(pParse, pTableName);
-  if( pName2->n==0 && pTab && pTab->iDb==1 ){
-    iDb = 1;
-  }
-
-  /* Ensure the table name matches database name and that the table exists */
-  if( sqlite3_malloc_failed ) goto trigger_cleanup;
-  assert( pTableName->nSrc==1 );
-  if( sqlite3FixInit(&sFix, pParse, iDb, "trigger", pName) && 
-      sqlite3FixSrcList(&sFix, pTableName) ){
-    goto trigger_cleanup;
-  }
-  pTab = sqlite3SrcListLookup(pParse, pTableName);
-  if( !pTab ){
-    /* The table does not exist. */
-    goto trigger_cleanup;
-  }
-
-  /* Check that the trigger name is not reserved and that no trigger of the
-  ** specified name exists */
-  zName = sqlite3NameFromToken(pName);
-  if( !zName || SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){
-    goto trigger_cleanup;
-  }
-  if( sqlite3HashFind(&(db->aDb[iDb].trigHash), zName,pName->n+1) ){
-    sqlite3ErrorMsg(pParse, "trigger %T already exists", pName);
-    goto trigger_cleanup;
-  }
-
-  /* Do not create a trigger on a system table */
-  if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 ){
-    sqlite3ErrorMsg(pParse, "cannot create trigger on system table");
-    pParse->nErr++;
-    goto trigger_cleanup;
-  }
-
-  /* INSTEAD of triggers are only for views and views only support INSTEAD
-  ** of triggers.
-  */
-  if( pTab->pSelect && tr_tm!=TK_INSTEAD ){
-    sqlite3ErrorMsg(pParse, "cannot create %s trigger on view: %S", 
-        (tr_tm == TK_BEFORE)?"BEFORE":"AFTER", pTableName, 0);
-    goto trigger_cleanup;
-  }
-  if( !pTab->pSelect && tr_tm==TK_INSTEAD ){
-    sqlite3ErrorMsg(pParse, "cannot create INSTEAD OF"
-        " trigger on table: %S", pTableName, 0);
-    goto trigger_cleanup;
-  }
-
-#ifndef SQLITE_OMIT_AUTHORIZATION
-  {
-    int code = SQLITE_CREATE_TRIGGER;
-    const char *zDb = db->aDb[pTab->iDb].zName;
-    const char *zDbTrig = isTemp ? db->aDb[1].zName : zDb;
-    if( pTab->iDb==1 || isTemp ) code = SQLITE_CREATE_TEMP_TRIGGER;
-    if( sqlite3AuthCheck(pParse, code, zName, pTab->zName, zDbTrig) ){
-      goto trigger_cleanup;
-    }
-    if( sqlite3AuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(pTab->iDb),0,zDb)){
-      goto trigger_cleanup;
-    }
-  }
-#endif
-
-  /* INSTEAD OF triggers can only appear on views and BEFORE triggers
-  ** cannot appear on views.  So we might as well translate every
-  ** INSTEAD OF trigger into a BEFORE trigger.  It simplifies code
-  ** elsewhere.
-  */
-  if (tr_tm == TK_INSTEAD){
-    tr_tm = TK_BEFORE;
-  }
-
-  /* Build the Trigger object */
-  pTrigger = (Trigger*)sqliteMalloc(sizeof(Trigger));
-  if( pTrigger==0 ) goto trigger_cleanup;
-  pTrigger->name = zName;
-  zName = 0;
-  pTrigger->table = sqliteStrDup(pTableName->a[0].zName);
-  pTrigger->iDb = iDb;
-  pTrigger->iTabDb = pTab->iDb;
-  pTrigger->op = op;
-  pTrigger->tr_tm = tr_tm==TK_BEFORE ? TRIGGER_BEFORE : TRIGGER_AFTER;
-  pTrigger->pWhen = sqlite3ExprDup(pWhen);
-  pTrigger->pColumns = sqlite3IdListDup(pColumns);
-  pTrigger->foreach = foreach;
-  sqlite3TokenCopy(&pTrigger->nameToken,pName);
-  assert( pParse->pNewTrigger==0 );
-  pParse->pNewTrigger = pTrigger;
-
-trigger_cleanup:
-  sqliteFree(zName);
-  sqlite3SrcListDelete(pTableName);
-  sqlite3IdListDelete(pColumns);
-  sqlite3ExprDelete(pWhen);
-  if( !pParse->pNewTrigger ){
-    sqlite3DeleteTrigger(pTrigger);
-  }else{
-    assert( pParse->pNewTrigger==pTrigger );
-  }
-}
-
-/*
-** This routine is called after all of the trigger actions have been parsed
-** in order to complete the process of building the trigger.
-*/
-void sqlite3FinishTrigger(
-  Parse *pParse,          /* Parser context */
-  TriggerStep *pStepList, /* The triggered program */
-  Token *pAll             /* Token that describes the complete CREATE TRIGGER */
-){
-  Trigger *pTrig = 0;     /* The trigger whose construction is finishing up */
-  sqlite3 *db = pParse->db;  /* The database */
-  DbFixer sFix;
-
-  pTrig = pParse->pNewTrigger;
-  pParse->pNewTrigger = 0;
-  if( pParse->nErr || pTrig==0 ) goto triggerfinish_cleanup;
-  pTrig->step_list = pStepList;
-  while( pStepList ){
-    pStepList->pTrig = pTrig;
-    pStepList = pStepList->pNext;
-  }
-  if( sqlite3FixInit(&sFix, pParse, pTrig->iDb, "trigger", &pTrig->nameToken) 
-          && sqlite3FixTriggerStep(&sFix, pTrig->step_list) ){
-    goto triggerfinish_cleanup;
-  }
-
-  /* if we are not initializing, and this trigger is not on a TEMP table, 
-  ** build the sqlite_master entry
-  */
-  if( !db->init.busy ){
-    static const VdbeOpList insertTrig[] = {
-      { OP_NewRowid,   0, 0,  0          },
-      { OP_String8,    0, 0,  "trigger"  },
-      { OP_String8,    0, 0,  0          },  /* 2: trigger name */
-      { OP_String8,    0, 0,  0          },  /* 3: table name */
-      { OP_Integer,    0, 0,  0          },
-      { OP_String8,    0, 0,  "CREATE TRIGGER "},
-      { OP_String8,    0, 0,  0          },  /* 6: SQL */
-      { OP_Concat,     0, 0,  0          }, 
-      { OP_MakeRecord, 5, 0,  "tttit"    },
-      { OP_Insert,     0, 0,  0          },
-    };
-    int addr;
-    Vdbe *v;
-
-    /* Make an entry in the sqlite_master table */
-    v = sqlite3GetVdbe(pParse);
-    if( v==0 ) goto triggerfinish_cleanup;
-    sqlite3BeginWriteOperation(pParse, 0, pTrig->iDb);
-    sqlite3OpenMasterTable(v, pTrig->iDb);
-    addr = sqlite3VdbeAddOpList(v, ArraySize(insertTrig), insertTrig);
-    sqlite3VdbeChangeP3(v, addr+2, pTrig->name, 0); 
-    sqlite3VdbeChangeP3(v, addr+3, pTrig->table, 0); 
-    sqlite3VdbeChangeP3(v, addr+6, pAll->z, pAll->n);
-    sqlite3ChangeCookie(db, v, pTrig->iDb);
-    sqlite3VdbeAddOp(v, OP_Close, 0, 0);
-    sqlite3VdbeOp3(v, OP_ParseSchema, pTrig->iDb, 0, 
-       sqlite3MPrintf("type='trigger' AND name='%q'", pTrig->name), P3_DYNAMIC);
-  }
-
-  if( db->init.busy ){
-    Table *pTab;
-    Trigger *pDel;
-    pDel = sqlite3HashInsert(&db->aDb[pTrig->iDb].trigHash, 
-                     pTrig->name, strlen(pTrig->name)+1, pTrig);
-    if( pDel ){
-      assert( sqlite3_malloc_failed && pDel==pTrig );
-      goto triggerfinish_cleanup;
-    }
-    pTab = sqlite3LocateTable(pParse,pTrig->table,db->aDb[pTrig->iTabDb].zName);
-    assert( pTab!=0 );
-    pTrig->pNext = pTab->pTrigger;
-    pTab->pTrigger = pTrig;
-    pTrig = 0;
-  }
-
-triggerfinish_cleanup:
-  sqlite3DeleteTrigger(pTrig);
-  assert( !pParse->pNewTrigger );
-  sqlite3DeleteTriggerStep(pStepList);
-}
-
-/*
-** Make a copy of all components of the given trigger step.  This has
-** the effect of copying all Expr.token.z values into memory obtained
-** from sqliteMalloc().  As initially created, the Expr.token.z values
-** all point to the input string that was fed to the parser.  But that
-** string is ephemeral - it will go away as soon as the sqlite3_exec()
-** call that started the parser exits.  This routine makes a persistent
-** copy of all the Expr.token.z strings so that the TriggerStep structure
-** will be valid even after the sqlite3_exec() call returns.
-*/
-static void sqlitePersistTriggerStep(TriggerStep *p){
-  if( p->target.z ){
-    p->target.z = sqliteStrNDup(p->target.z, p->target.n);
-    p->target.dyn = 1;
-  }
-  if( p->pSelect ){
-    Select *pNew = sqlite3SelectDup(p->pSelect);
-    sqlite3SelectDelete(p->pSelect);
-    p->pSelect = pNew;
-  }
-  if( p->pWhere ){
-    Expr *pNew = sqlite3ExprDup(p->pWhere);
-    sqlite3ExprDelete(p->pWhere);
-    p->pWhere = pNew;
-  }
-  if( p->pExprList ){
-    ExprList *pNew = sqlite3ExprListDup(p->pExprList);
-    sqlite3ExprListDelete(p->pExprList);
-    p->pExprList = pNew;
-  }
-  if( p->pIdList ){
-    IdList *pNew = sqlite3IdListDup(p->pIdList);
-    sqlite3IdListDelete(p->pIdList);
-    p->pIdList = pNew;
-  }
-}
-
-/*
-** Turn a SELECT statement (that the pSelect parameter points to) into
-** a trigger step.  Return a pointer to a TriggerStep structure.
-**
-** The parser calls this routine when it finds a SELECT statement in
-** body of a TRIGGER.  
-*/
-TriggerStep *sqlite3TriggerSelectStep(Select *pSelect){
-  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
-  if( pTriggerStep==0 ) return 0;
-
-  pTriggerStep->op = TK_SELECT;
-  pTriggerStep->pSelect = pSelect;
-  pTriggerStep->orconf = OE_Default;
-  sqlitePersistTriggerStep(pTriggerStep);
-
-  return pTriggerStep;
-}
-
-/*
-** Build a trigger step out of an INSERT statement.  Return a pointer
-** to the new trigger step.
-**
-** The parser calls this routine when it sees an INSERT inside the
-** body of a trigger.
-*/
-TriggerStep *sqlite3TriggerInsertStep(
-  Token *pTableName,  /* Name of the table into which we insert */
-  IdList *pColumn,    /* List of columns in pTableName to insert into */
-  ExprList *pEList,   /* The VALUE clause: a list of values to be inserted */
-  Select *pSelect,    /* A SELECT statement that supplies values */
-  int orconf          /* The conflict algorithm (OE_Abort, OE_Replace, etc.) */
-){
-  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
-
-  assert(pEList == 0 || pSelect == 0);
-  assert(pEList != 0 || pSelect != 0);
-
-  if( pTriggerStep ){
-    pTriggerStep->op = TK_INSERT;
-    pTriggerStep->pSelect = pSelect;
-    pTriggerStep->target  = *pTableName;
-    pTriggerStep->pIdList = pColumn;
-    pTriggerStep->pExprList = pEList;
-    pTriggerStep->orconf = orconf;
-    sqlitePersistTriggerStep(pTriggerStep);
-  }else{
-    sqlite3IdListDelete(pColumn);
-    sqlite3ExprListDelete(pEList);
-    sqlite3SelectDup(pSelect);
-  }
-
-  return pTriggerStep;
-}
-
-/*
-** Construct a trigger step that implements an UPDATE statement and return
-** a pointer to that trigger step.  The parser calls this routine when it
-** sees an UPDATE statement inside the body of a CREATE TRIGGER.
-*/
-TriggerStep *sqlite3TriggerUpdateStep(
-  Token *pTableName,   /* Name of the table to be updated */
-  ExprList *pEList,    /* The SET clause: list of column and new values */
-  Expr *pWhere,        /* The WHERE clause */
-  int orconf           /* The conflict algorithm. (OE_Abort, OE_Ignore, etc) */
-){
-  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
-  if( pTriggerStep==0 ) return 0;
-
-  pTriggerStep->op = TK_UPDATE;
-  pTriggerStep->target  = *pTableName;
-  pTriggerStep->pExprList = pEList;
-  pTriggerStep->pWhere = pWhere;
-  pTriggerStep->orconf = orconf;
-  sqlitePersistTriggerStep(pTriggerStep);
-
-  return pTriggerStep;
-}
-
-/*
-** Construct a trigger step that implements a DELETE statement and return
-** a pointer to that trigger step.  The parser calls this routine when it
-** sees a DELETE statement inside the body of a CREATE TRIGGER.
-*/
-TriggerStep *sqlite3TriggerDeleteStep(Token *pTableName, Expr *pWhere){
-  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
-  if( pTriggerStep==0 ) return 0;
-
-  pTriggerStep->op = TK_DELETE;
-  pTriggerStep->target  = *pTableName;
-  pTriggerStep->pWhere = pWhere;
-  pTriggerStep->orconf = OE_Default;
-  sqlitePersistTriggerStep(pTriggerStep);
-
-  return pTriggerStep;
-}
-
-/* 
-** Recursively delete a Trigger structure
-*/
-void sqlite3DeleteTrigger(Trigger *pTrigger){
-  if( pTrigger==0 ) return;
-  sqlite3DeleteTriggerStep(pTrigger->step_list);
-  sqliteFree(pTrigger->name);
-  sqliteFree(pTrigger->table);
-  sqlite3ExprDelete(pTrigger->pWhen);
-  sqlite3IdListDelete(pTrigger->pColumns);
-  if( pTrigger->nameToken.dyn ) sqliteFree((char*)pTrigger->nameToken.z);
-  sqliteFree(pTrigger);
-}
-
-/*
-** This function is called to drop a trigger from the database schema. 
-**
-** This may be called directly from the parser and therefore identifies
-** the trigger by name.  The sqlite3DropTriggerPtr() routine does the
-** same job as this routine except it takes a pointer to the trigger
-** instead of the trigger name.
-**/
-void sqlite3DropTrigger(Parse *pParse, SrcList *pName){
-  Trigger *pTrigger = 0;
-  int i;
-  const char *zDb;
-  const char *zName;
-  int nName;
-  sqlite3 *db = pParse->db;
-
-  if( sqlite3_malloc_failed ) goto drop_trigger_cleanup;
-  if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
-    goto drop_trigger_cleanup;
-  }
-
-  assert( pName->nSrc==1 );
-  zDb = pName->a[0].zDatabase;
-  zName = pName->a[0].zName;
-  nName = strlen(zName);
-  for(i=OMIT_TEMPDB; i<db->nDb; i++){
-    int j = (i<2) ? i^1 : i;  /* Search TEMP before MAIN */
-    if( zDb && sqlite3StrICmp(db->aDb[j].zName, zDb) ) continue;
-    pTrigger = sqlite3HashFind(&(db->aDb[j].trigHash), zName, nName+1);
-    if( pTrigger ) break;
-  }
-  if( !pTrigger ){
-    sqlite3ErrorMsg(pParse, "no such trigger: %S", pName, 0);
-    goto drop_trigger_cleanup;
-  }
-  sqlite3DropTriggerPtr(pParse, pTrigger, 0);
-
-drop_trigger_cleanup:
-  sqlite3SrcListDelete(pName);
-}
-
-/*
-** Return a pointer to the Table structure for the table that a trigger
-** is set on.
-*/
-static Table *tableOfTrigger(sqlite3 *db, Trigger *pTrigger){
-  return sqlite3FindTable(db,pTrigger->table,db->aDb[pTrigger->iTabDb].zName);
-}
-
-
-/*
-** Drop a trigger given a pointer to that trigger.  If nested is false,
-** then also generate code to remove the trigger from the SQLITE_MASTER
-** table.
-*/
-void sqlite3DropTriggerPtr(Parse *pParse, Trigger *pTrigger, int nested){
-  Table   *pTable;
-  Vdbe *v;
-  sqlite3 *db = pParse->db;
-  int iDb;
-
-  iDb = pTrigger->iDb;
-  assert( iDb>=0 && iDb<db->nDb );
-  pTable = tableOfTrigger(db, pTrigger);
-  assert(pTable);
-  assert( pTable->iDb==iDb || iDb==1 );
-#ifndef SQLITE_OMIT_AUTHORIZATION
-  {
-    int code = SQLITE_DROP_TRIGGER;
-    const char *zDb = db->aDb[iDb].zName;
-    const char *zTab = SCHEMA_TABLE(iDb);
-    if( iDb==1 ) code = SQLITE_DROP_TEMP_TRIGGER;
-    if( sqlite3AuthCheck(pParse, code, pTrigger->name, pTable->zName, zDb) ||
-      sqlite3AuthCheck(pParse, SQLITE_DELETE, zTab, 0, zDb) ){
-      return;
-    }
-  }
-#endif
-
-  /* Generate code to destroy the database record of the trigger.
-  */
-  if( pTable!=0 && (v = sqlite3GetVdbe(pParse))!=0 ){
-    int base;
-    static const VdbeOpList dropTrigger[] = {
-      { OP_Rewind,     0, ADDR(9),  0},
-      { OP_String8,    0, 0,        0}, /* 1 */
-      { OP_Column,     0, 1,        0},
-      { OP_Ne,         0, ADDR(8),  0},
-      { OP_String8,    0, 0,        "trigger"},
-      { OP_Column,     0, 0,        0},
-      { OP_Ne,         0, ADDR(8),  0},
-      { OP_Delete,     0, 0,        0},
-      { OP_Next,       0, ADDR(1),  0}, /* 8 */
-    };
-
-    sqlite3BeginWriteOperation(pParse, 0, iDb);
-    sqlite3OpenMasterTable(v, iDb);
-    base = sqlite3VdbeAddOpList(v,  ArraySize(dropTrigger), dropTrigger);
-    sqlite3VdbeChangeP3(v, base+1, pTrigger->name, 0);
-    sqlite3ChangeCookie(db, v, iDb);
-    sqlite3VdbeAddOp(v, OP_Close, 0, 0);
-    sqlite3VdbeOp3(v, OP_DropTrigger, iDb, 0, pTrigger->name, 0);
-  }
-}
-
-/*
-** Remove a trigger from the hash tables of the sqlite* pointer.
-*/
-void sqlite3UnlinkAndDeleteTrigger(sqlite3 *db, int iDb, const char *zName){
-  Trigger *pTrigger;
-  int nName = strlen(zName);
-  pTrigger = sqlite3HashInsert(&(db->aDb[iDb].trigHash), zName, nName+1, 0);
-  if( pTrigger ){
-    Table *pTable = tableOfTrigger(db, pTrigger);
-    assert( pTable!=0 );
-    if( pTable->pTrigger == pTrigger ){
-      pTable->pTrigger = pTrigger->pNext;
-    }else{
-      Trigger *cc = pTable->pTrigger;
-      while( cc ){ 
-        if( cc->pNext == pTrigger ){
-          cc->pNext = cc->pNext->pNext;
-          break;
-        }
-        cc = cc->pNext;
-      }
-      assert(cc);
-    }
-    sqlite3DeleteTrigger(pTrigger);
-    db->flags |= SQLITE_InternChanges;
-  }
-}
-
-/*
-** pEList is the SET clause of an UPDATE statement.  Each entry
-** in pEList is of the format <id>=<expr>.  If any of the entries
-** in pEList have an <id> which matches an identifier in pIdList,
-** then return TRUE.  If pIdList==NULL, then it is considered a
-** wildcard that matches anything.  Likewise if pEList==NULL then
-** it matches anything so always return true.  Return false only
-** if there is no match.
-*/
-static int checkColumnOverLap(IdList *pIdList, ExprList *pEList){
-  int e;
-  if( !pIdList || !pEList ) return 1;
-  for(e=0; e<pEList->nExpr; e++){
-    if( sqlite3IdListIndex(pIdList, pEList->a[e].zName)>=0 ) return 1;
-  }
-  return 0; 
-}
-
-/*
-** Return a bit vector to indicate what kind of triggers exist for operation
-** "op" on table pTab.  If pChanges is not NULL then it is a list of columns
-** that are being updated.  Triggers only match if the ON clause of the
-** trigger definition overlaps the set of columns being updated.
-**
-** The returned bit vector is some combination of TRIGGER_BEFORE and
-** TRIGGER_AFTER.
-*/
-int sqlite3TriggersExist(
-  Parse *pParse,          /* Used to check for recursive triggers */
-  Table *pTab,            /* The table the contains the triggers */
-  int op,                 /* one of TK_DELETE, TK_INSERT, TK_UPDATE */
-  ExprList *pChanges      /* Columns that change in an UPDATE statement */
-){
-  Trigger *pTrigger = pTab->pTrigger;
-  int mask = 0;
-
-  while( pTrigger ){
-    if( pTrigger->op==op && checkColumnOverLap(pTrigger->pColumns, pChanges) ){
-      TriggerStack *ss;
-      ss = pParse->trigStack;
-      while( ss && ss->pTrigger!=pTab->pTrigger ){
-	ss = ss->pNext;
-      }
-      if( ss==0 ){
-        mask |= pTrigger->tr_tm;
-      }
-    }
-    pTrigger = pTrigger->pNext;
-  }
-  return mask;
-}
-
-/*
-** Convert the pStep->target token into a SrcList and return a pointer
-** to that SrcList.
-**
-** This routine adds a specific database name, if needed, to the target when
-** forming the SrcList.  This prevents a trigger in one database from
-** referring to a target in another database.  An exception is when the
-** trigger is in TEMP in which case it can refer to any other database it
-** wants.
-*/
-static SrcList *targetSrcList(
-  Parse *pParse,       /* The parsing context */
-  TriggerStep *pStep   /* The trigger containing the target token */
-){
-  Token sDb;           /* Dummy database name token */
-  int iDb;             /* Index of the database to use */
-  SrcList *pSrc;       /* SrcList to be returned */
-
-  iDb = pStep->pTrig->iDb;
-  if( iDb==0 || iDb>=2 ){
-    assert( iDb<pParse->db->nDb );
-    sDb.z = pParse->db->aDb[iDb].zName;
-    sDb.n = strlen(sDb.z);
-    pSrc = sqlite3SrcListAppend(0, &sDb, &pStep->target);
-  } else {
-    pSrc = sqlite3SrcListAppend(0, &pStep->target, 0);
-  }
-  return pSrc;
-}
-
-/*
-** Generate VDBE code for zero or more statements inside the body of a
-** trigger.  
-*/
-static int codeTriggerProgram(
-  Parse *pParse,            /* The parser context */
-  TriggerStep *pStepList,   /* List of statements inside the trigger body */
-  int orconfin              /* Conflict algorithm. (OE_Abort, etc) */  
-){
-  TriggerStep * pTriggerStep = pStepList;
-  int orconf;
-  Vdbe *v = pParse->pVdbe;
-
-  assert( pTriggerStep!=0 );
-  assert( v!=0 );
-  sqlite3VdbeAddOp(v, OP_ContextPush, 0, 0);
-  VdbeComment((v, "# begin trigger %s", pStepList->pTrig->name));
-  while( pTriggerStep ){
-    orconf = (orconfin == OE_Default)?pTriggerStep->orconf:orconfin;
-    pParse->trigStack->orconf = orconf;
-    switch( pTriggerStep->op ){
-      case TK_SELECT: {
-	Select * ss = sqlite3SelectDup(pTriggerStep->pSelect);		  
-	assert(ss);
-	assert(ss->pSrc);
-        sqlite3SelectResolve(pParse, ss, 0);
-	sqlite3Select(pParse, ss, SRT_Discard, 0, 0, 0, 0, 0);
-	sqlite3SelectDelete(ss);
-	break;
-      }
-      case TK_UPDATE: {
-        SrcList *pSrc;
-        pSrc = targetSrcList(pParse, pTriggerStep);
-        sqlite3VdbeAddOp(v, OP_ResetCount, 0, 0);
-        sqlite3Update(pParse, pSrc,
-		sqlite3ExprListDup(pTriggerStep->pExprList), 
-		sqlite3ExprDup(pTriggerStep->pWhere), orconf);
-        sqlite3VdbeAddOp(v, OP_ResetCount, 1, 0);
-        break;
-      }
-      case TK_INSERT: {
-        SrcList *pSrc;
-        pSrc = targetSrcList(pParse, pTriggerStep);
-        sqlite3VdbeAddOp(v, OP_ResetCount, 0, 0);
-        sqlite3Insert(pParse, pSrc,
-          sqlite3ExprListDup(pTriggerStep->pExprList), 
-          sqlite3SelectDup(pTriggerStep->pSelect), 
-          sqlite3IdListDup(pTriggerStep->pIdList), orconf);
-        sqlite3VdbeAddOp(v, OP_ResetCount, 1, 0);
-        break;
-      }
-      case TK_DELETE: {
-        SrcList *pSrc;
-        sqlite3VdbeAddOp(v, OP_ResetCount, 0, 0);
-        pSrc = targetSrcList(pParse, pTriggerStep);
-        sqlite3DeleteFrom(pParse, pSrc, sqlite3ExprDup(pTriggerStep->pWhere));
-        sqlite3VdbeAddOp(v, OP_ResetCount, 1, 0);
-        break;
-      }
-      default:
-        assert(0);
-    } 
-    pTriggerStep = pTriggerStep->pNext;
-  }
-  sqlite3VdbeAddOp(v, OP_ContextPop, 0, 0);
-  VdbeComment((v, "# end trigger %s", pStepList->pTrig->name));
-
-  return 0;
-}
-
-/*
-** This is called to code FOR EACH ROW triggers.
-**
-** When the code that this function generates is executed, the following 
-** must be true:
-**
-** 1. No cursors may be open in the main database.  (But newIdx and oldIdx
-**    can be indices of cursors in temporary tables.  See below.)
-**
-** 2. If the triggers being coded are ON INSERT or ON UPDATE triggers, then
-**    a temporary vdbe cursor (index newIdx) must be open and pointing at
-**    a row containing values to be substituted for new.* expressions in the
-**    trigger program(s).
-**
-** 3. If the triggers being coded are ON DELETE or ON UPDATE triggers, then
-**    a temporary vdbe cursor (index oldIdx) must be open and pointing at
-**    a row containing values to be substituted for old.* expressions in the
-**    trigger program(s).
-**
-*/
-int sqlite3CodeRowTrigger(
-  Parse *pParse,       /* Parse context */
-  int op,              /* One of TK_UPDATE, TK_INSERT, TK_DELETE */
-  ExprList *pChanges,  /* Changes list for any UPDATE OF triggers */
-  int tr_tm,           /* One of TRIGGER_BEFORE, TRIGGER_AFTER */
-  Table *pTab,         /* The table to code triggers from */
-  int newIdx,          /* The indice of the "new" row to access */
-  int oldIdx,          /* The indice of the "old" row to access */
-  int orconf,          /* ON CONFLICT policy */
-  int ignoreJump       /* Instruction to jump to for RAISE(IGNORE) */
-){
-  Trigger *pTrigger;
-  TriggerStack *pStack;
-  TriggerStack trigStackEntry;
-
-  assert(op == TK_UPDATE || op == TK_INSERT || op == TK_DELETE);
-  assert(tr_tm == TRIGGER_BEFORE || tr_tm == TRIGGER_AFTER );
-
-  assert(newIdx != -1 || oldIdx != -1);
-
-  pTrigger = pTab->pTrigger;
-  while( pTrigger ){
-    int fire_this = 0;
-
-    /* determine whether we should code this trigger */
-    if( pTrigger->op == op && pTrigger->tr_tm == tr_tm ){
-      fire_this = 1;
-      for(pStack=pParse->trigStack; pStack; pStack=pStack->pNext){
-        if( pStack->pTrigger==pTrigger ){
-	  fire_this = 0;
-	}
-      }
-      if( op == TK_UPDATE && pTrigger->pColumns &&
-          !checkColumnOverLap(pTrigger->pColumns, pChanges) ){
-        fire_this = 0;
-      }
-    }
- 
-    if( fire_this ){
-      int endTrigger;
-      Expr * whenExpr;
-      AuthContext sContext;
-      NameContext sNC;
-
-      memset(&sNC, 0, sizeof(sNC));
-      sNC.pParse = pParse;
-
-      /* Push an entry on to the trigger stack */
-      trigStackEntry.pTrigger = pTrigger;
-      trigStackEntry.newIdx = newIdx;
-      trigStackEntry.oldIdx = oldIdx;
-      trigStackEntry.pTab = pTab;
-      trigStackEntry.pNext = pParse->trigStack;
-      trigStackEntry.ignoreJump = ignoreJump;
-      pParse->trigStack = &trigStackEntry;
-      sqlite3AuthContextPush(pParse, &sContext, pTrigger->name);
-
-      /* code the WHEN clause */
-      endTrigger = sqlite3VdbeMakeLabel(pParse->pVdbe);
-      whenExpr = sqlite3ExprDup(pTrigger->pWhen);
-      if( sqlite3ExprResolveNames(&sNC, whenExpr) ){
-        pParse->trigStack = trigStackEntry.pNext;
-        sqlite3ExprDelete(whenExpr);
-        return 1;
-      }
-      sqlite3ExprIfFalse(pParse, whenExpr, endTrigger, 1);
-      sqlite3ExprDelete(whenExpr);
-
-      codeTriggerProgram(pParse, pTrigger->step_list, orconf); 
-
-      /* Pop the entry off the trigger stack */
-      pParse->trigStack = trigStackEntry.pNext;
-      sqlite3AuthContextPop(&sContext);
-
-      sqlite3VdbeResolveLabel(pParse->pVdbe, endTrigger);
-    }
-    pTrigger = pTrigger->pNext;
-  }
-  return 0;
-}
-#endif /* !defined(SQLITE_OMIT_TRIGGER) */
--- a/mozilla/security/nss/lib/sqlite/update.c
+++ b/mozilla/security/nss/lib/sqlite/update.c
@@ -1,505 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains C code routines that are called by the parser
-** to handle UPDATE statements.
-**
-** $Id: update.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-
-/*
-** The most recently coded instruction was an OP_Column to retrieve column
-** 'i' of table pTab. This routine sets the P3 parameter of the 
-** OP_Column to the default value, if any.
-**
-** The default value of a column is specified by a DEFAULT clause in the 
-** column definition. This was either supplied by the user when the table
-** was created, or added later to the table definition by an ALTER TABLE
-** command. If the latter, then the row-records in the table btree on disk
-** may not contain a value for the column and the default value, taken
-** from the P3 parameter of the OP_Column instruction, is returned instead.
-** If the former, then all row-records are guaranteed to include a value
-** for the column and the P3 value is not required.
-**
-** Column definitions created by an ALTER TABLE command may only have 
-** literal default values specified: a number, null or a string. (If a more
-** complicated default expression value was provided, it is evaluated 
-** when the ALTER TABLE is executed and one of the literal values written
-** into the sqlite_master table.)
-**
-** Therefore, the P3 parameter is only required if the default value for
-** the column is a literal number, string or null. The sqlite3ValueFromExpr()
-** function is capable of transforming these types of expressions into
-** sqlite3_value objects.
-*/
-void sqlite3ColumnDefault(Vdbe *v, Table *pTab, int i){
-  if( pTab && !pTab->pSelect ){
-    sqlite3_value *pValue;
-    u8 enc = sqlite3VdbeDb(v)->enc;
-    Column *pCol = &pTab->aCol[i];
-    sqlite3ValueFromExpr(pCol->pDflt, enc, pCol->affinity, &pValue);
-    sqlite3VdbeChangeP3(v, -1, (const char *)pValue, P3_MEM);
-  }
-}
-
-/*
-** Process an UPDATE statement.
-**
-**   UPDATE OR IGNORE table_wxyz SET a=b, c=d WHERE e<5 AND f NOT NULL;
-**          \_______/ \________/     \______/       \________________/
-*            onError   pTabList      pChanges             pWhere
-*/
-void sqlite3Update(
-  Parse *pParse,         /* The parser context */
-  SrcList *pTabList,     /* The table in which we should change things */
-  ExprList *pChanges,    /* Things to be changed */
-  Expr *pWhere,          /* The WHERE clause.  May be null */
-  int onError            /* How to handle constraint errors */
-){
-  int i, j;              /* Loop counters */
-  Table *pTab;           /* The table to be updated */
-  int addr = 0;          /* VDBE instruction address of the start of the loop */
-  WhereInfo *pWInfo;     /* Information about the WHERE clause */
-  Vdbe *v;               /* The virtual database engine */
-  Index *pIdx;           /* For looping over indices */
-  int nIdx;              /* Number of indices that need updating */
-  int nIdxTotal;         /* Total number of indices */
-  int iCur;              /* VDBE Cursor number of pTab */
-  sqlite3 *db;           /* The database structure */
-  Index **apIdx = 0;     /* An array of indices that need updating too */
-  char *aIdxUsed = 0;    /* aIdxUsed[i]==1 if the i-th index is used */
-  int *aXRef = 0;        /* aXRef[i] is the index in pChanges->a[] of the
-                         ** an expression for the i-th column of the table.
-                         ** aXRef[i]==-1 if the i-th column is not changed. */
-  int chngRowid;         /* True if the record number is being changed */
-  Expr *pRowidExpr = 0;  /* Expression defining the new record number */
-  int openAll = 0;       /* True if all indices need to be opened */
-  AuthContext sContext;  /* The authorization context */
-  NameContext sNC;       /* The name-context to resolve expressions in */
-
-#ifndef SQLITE_OMIT_TRIGGER
-  int isView;                  /* Trying to update a view */
-  int triggers_exist = 0;      /* True if any row triggers exist */
-#endif
-
-  int newIdx      = -1;  /* index of trigger "new" temp table       */
-  int oldIdx      = -1;  /* index of trigger "old" temp table       */
-
-  sContext.pParse = 0;
-  if( pParse->nErr || sqlite3_malloc_failed ) goto update_cleanup;
-  db = pParse->db;
-  assert( pTabList->nSrc==1 );
-
-  /* Locate the table which we want to update. 
-  */
-  pTab = sqlite3SrcListLookup(pParse, pTabList);
-  if( pTab==0 ) goto update_cleanup;
-
-  /* Figure out if we have any triggers and if the table being
-  ** updated is a view
-  */
-#ifndef SQLITE_OMIT_TRIGGER
-  triggers_exist = sqlite3TriggersExist(pParse, pTab, TK_UPDATE, pChanges);
-  isView = pTab->pSelect!=0;
-#else
-# define triggers_exist 0
-# define isView 0
-#endif
-#ifdef SQLITE_OMIT_VIEW
-# undef isView
-# define isView 0
-#endif
-
-  if( sqlite3IsReadOnly(pParse, pTab, triggers_exist) ){
-    goto update_cleanup;
-  }
-  if( isView ){
-    if( sqlite3ViewGetColumnNames(pParse, pTab) ){
-      goto update_cleanup;
-    }
-  }
-  aXRef = sqliteMallocRaw( sizeof(int) * pTab->nCol );
-  if( aXRef==0 ) goto update_cleanup;
-  for(i=0; i<pTab->nCol; i++) aXRef[i] = -1;
-
-  /* If there are FOR EACH ROW triggers, allocate cursors for the
-  ** special OLD and NEW tables
-  */
-  if( triggers_exist ){
-    newIdx = pParse->nTab++;
-    oldIdx = pParse->nTab++;
-  }
-
-  /* Allocate a cursors for the main database table and for all indices.
-  ** The index cursors might not be used, but if they are used they
-  ** need to occur right after the database cursor.  So go ahead and
-  ** allocate enough space, just in case.
-  */
-  pTabList->a[0].iCursor = iCur = pParse->nTab++;
-  for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
-    pParse->nTab++;
-  }
-
-  /* Initialize the name-context */
-  memset(&sNC, 0, sizeof(sNC));
-  sNC.pParse = pParse;
-  sNC.pSrcList = pTabList;
-
-  /* Resolve the column names in all the expressions of the
-  ** of the UPDATE statement.  Also find the column index
-  ** for each column to be updated in the pChanges array.  For each
-  ** column to be updated, make sure we have authorization to change
-  ** that column.
-  */
-  chngRowid = 0;
-  for(i=0; i<pChanges->nExpr; i++){
-    if( sqlite3ExprResolveNames(&sNC, pChanges->a[i].pExpr) ){
-      goto update_cleanup;
-    }
-    for(j=0; j<pTab->nCol; j++){
-      if( sqlite3StrICmp(pTab->aCol[j].zName, pChanges->a[i].zName)==0 ){
-        if( j==pTab->iPKey ){
-          chngRowid = 1;
-          pRowidExpr = pChanges->a[i].pExpr;
-        }
-        aXRef[j] = i;
-        break;
-      }
-    }
-    if( j>=pTab->nCol ){
-      if( sqlite3IsRowid(pChanges->a[i].zName) ){
-        chngRowid = 1;
-        pRowidExpr = pChanges->a[i].pExpr;
-      }else{
-        sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
-        goto update_cleanup;
-      }
-    }
-#ifndef SQLITE_OMIT_AUTHORIZATION
-    {
-      int rc;
-      rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,
-                           pTab->aCol[j].zName, db->aDb[pTab->iDb].zName);
-      if( rc==SQLITE_DENY ){
-        goto update_cleanup;
-      }else if( rc==SQLITE_IGNORE ){
-        aXRef[j] = -1;
-      }
-    }
-#endif
-  }
-
-  /* Allocate memory for the array apIdx[] and fill it with pointers to every
-  ** index that needs to be updated.  Indices only need updating if their
-  ** key includes one of the columns named in pChanges or if the record
-  ** number of the original table entry is changing.
-  */
-  for(nIdx=nIdxTotal=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, nIdxTotal++){
-    if( chngRowid ){
-      i = 0;
-    }else {
-      for(i=0; i<pIdx->nColumn; i++){
-        if( aXRef[pIdx->aiColumn[i]]>=0 ) break;
-      }
-    }
-    if( i<pIdx->nColumn ) nIdx++;
-  }
-  if( nIdxTotal>0 ){
-    apIdx = sqliteMallocRaw( sizeof(Index*) * nIdx + nIdxTotal );
-    if( apIdx==0 ) goto update_cleanup;
-    aIdxUsed = (char*)&apIdx[nIdx];
-  }
-  for(nIdx=j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
-    if( chngRowid ){
-      i = 0;
-    }else{
-      for(i=0; i<pIdx->nColumn; i++){
-        if( aXRef[pIdx->aiColumn[i]]>=0 ) break;
-      }
-    }
-    if( i<pIdx->nColumn ){
-      if( sqlite3CheckIndexCollSeq(pParse, pIdx) ) goto update_cleanup;
-      apIdx[nIdx++] = pIdx;
-      aIdxUsed[j] = 1;
-    }else{
-      aIdxUsed[j] = 0;
-    }
-  }
-
-  /* Resolve the column names in all the expressions in the
-  ** WHERE clause.
-  */
-  if( sqlite3ExprResolveNames(&sNC, pWhere) ){
-    goto update_cleanup;
-  }
-
-  /* Start the view context
-  */
-  if( isView ){
-    sqlite3AuthContextPush(pParse, &sContext, pTab->zName);
-  }
-
-  /* Begin generating code.
-  */
-  v = sqlite3GetVdbe(pParse);
-  if( v==0 ) goto update_cleanup;
-  if( pParse->nested==0 ) sqlite3VdbeCountChanges(v);
-  sqlite3BeginWriteOperation(pParse, 1, pTab->iDb);
-
-  /* If we are trying to update a view, construct that view into
-  ** a temporary table.
-  */
-  if( isView ){
-    Select *pView;
-    pView = sqlite3SelectDup(pTab->pSelect);
-    sqlite3Select(pParse, pView, SRT_TempTable, iCur, 0, 0, 0, 0);
-    sqlite3SelectDelete(pView);
-  }
-
-  /* Begin the database scan
-  */
-  pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, 0);
-  if( pWInfo==0 ) goto update_cleanup;
-
-  /* Remember the index of every item to be updated.
-  */
-  sqlite3VdbeAddOp(v, OP_Rowid, iCur, 0);
-  sqlite3VdbeAddOp(v, OP_ListWrite, 0, 0);
-
-  /* End the database scan loop.
-  */
-  sqlite3WhereEnd(pWInfo);
-
-  /* Initialize the count of updated rows
-  */
-  if( db->flags & SQLITE_CountRows && !pParse->trigStack ){
-    sqlite3VdbeAddOp(v, OP_Integer, 0, 0);
-  }
-
-  if( triggers_exist ){
-    /* Create pseudo-tables for NEW and OLD
-    */
-    sqlite3VdbeAddOp(v, OP_OpenPseudo, oldIdx, 0);
-    sqlite3VdbeAddOp(v, OP_SetNumColumns, oldIdx, pTab->nCol);
-    sqlite3VdbeAddOp(v, OP_OpenPseudo, newIdx, 0);
-    sqlite3VdbeAddOp(v, OP_SetNumColumns, newIdx, pTab->nCol);
-
-    /* The top of the update loop for when there are triggers.
-    */
-    sqlite3VdbeAddOp(v, OP_ListRewind, 0, 0);
-    addr = sqlite3VdbeAddOp(v, OP_ListRead, 0, 0);
-
-    if( !isView ){
-      sqlite3VdbeAddOp(v, OP_Dup, 0, 0);
-      sqlite3VdbeAddOp(v, OP_Dup, 0, 0);
-      /* Open a cursor and make it point to the record that is
-      ** being updated.
-      */
-      sqlite3OpenTableForReading(v, iCur, pTab);
-    }
-    sqlite3VdbeAddOp(v, OP_MoveGe, iCur, 0);
-
-    /* Generate the OLD table
-    */
-    sqlite3VdbeAddOp(v, OP_Rowid, iCur, 0);
-    sqlite3VdbeAddOp(v, OP_RowData, iCur, 0);
-    sqlite3VdbeAddOp(v, OP_Insert, oldIdx, 0);
-
-    /* Generate the NEW table
-    */
-    if( chngRowid ){
-      sqlite3ExprCodeAndCache(pParse, pRowidExpr);
-    }else{
-      sqlite3VdbeAddOp(v, OP_Rowid, iCur, 0);
-    }
-    for(i=0; i<pTab->nCol; i++){
-      if( i==pTab->iPKey ){
-        sqlite3VdbeAddOp(v, OP_Null, 0, 0);
-        continue;
-      }
-      j = aXRef[i];
-      if( j<0 ){
-        sqlite3VdbeAddOp(v, OP_Column, iCur, i);
-        sqlite3ColumnDefault(v, pTab, i);
-      }else{
-        sqlite3ExprCodeAndCache(pParse, pChanges->a[j].pExpr);
-      }
-    }
-    sqlite3VdbeAddOp(v, OP_MakeRecord, pTab->nCol, 0);
-    if( !isView ){
-      sqlite3TableAffinityStr(v, pTab);
-    }
-    if( pParse->nErr ) goto update_cleanup;
-    sqlite3VdbeAddOp(v, OP_Insert, newIdx, 0);
-    if( !isView ){
-      sqlite3VdbeAddOp(v, OP_Close, iCur, 0);
-    }
-
-    /* Fire the BEFORE and INSTEAD OF triggers
-    */
-    if( sqlite3CodeRowTrigger(pParse, TK_UPDATE, pChanges, TRIGGER_BEFORE, pTab,
-          newIdx, oldIdx, onError, addr) ){
-      goto update_cleanup;
-    }
-  }
-
-  if( !isView ){
-    /* 
-    ** Open every index that needs updating.  Note that if any
-    ** index could potentially invoke a REPLACE conflict resolution 
-    ** action, then we need to open all indices because we might need
-    ** to be deleting some records.
-    */
-    sqlite3VdbeAddOp(v, OP_Integer, pTab->iDb, 0);
-    sqlite3VdbeAddOp(v, OP_OpenWrite, iCur, pTab->tnum);
-    sqlite3VdbeAddOp(v, OP_SetNumColumns, iCur, pTab->nCol);
-    if( onError==OE_Replace ){
-      openAll = 1;
-    }else{
-      openAll = 0;
-      for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
-        if( pIdx->onError==OE_Replace ){
-          openAll = 1;
-          break;
-        }
-      }
-    }
-    for(i=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, i++){
-      if( openAll || aIdxUsed[i] ){
-        sqlite3VdbeAddOp(v, OP_Integer, pIdx->iDb, 0);
-        sqlite3VdbeOp3(v, OP_OpenWrite, iCur+i+1, pIdx->tnum,
-                       (char*)&pIdx->keyInfo, P3_KEYINFO);
-        assert( pParse->nTab>iCur+i+1 );
-      }
-    }
-
-    /* Loop over every record that needs updating.  We have to load
-    ** the old data for each record to be updated because some columns
-    ** might not change and we will need to copy the old value.
-    ** Also, the old data is needed to delete the old index entires.
-    ** So make the cursor point at the old record.
-    */
-    if( !triggers_exist ){
-      sqlite3VdbeAddOp(v, OP_ListRewind, 0, 0);
-      addr = sqlite3VdbeAddOp(v, OP_ListRead, 0, 0);
-      sqlite3VdbeAddOp(v, OP_Dup, 0, 0);
-    }
-    sqlite3VdbeAddOp(v, OP_NotExists, iCur, addr);
-
-    /* If the record number will change, push the record number as it
-    ** will be after the update. (The old record number is currently
-    ** on top of the stack.)
-    */
-    if( chngRowid ){
-      sqlite3ExprCode(pParse, pRowidExpr);
-      sqlite3VdbeAddOp(v, OP_MustBeInt, 0, 0);
-    }
-
-    /* Compute new data for this record.  
-    */
-    for(i=0; i<pTab->nCol; i++){
-      if( i==pTab->iPKey ){
-        sqlite3VdbeAddOp(v, OP_Null, 0, 0);
-        continue;
-      }
-      j = aXRef[i];
-      if( j<0 ){
-        sqlite3VdbeAddOp(v, OP_Column, iCur, i);
-        sqlite3ColumnDefault(v, pTab, i);
-      }else{
-        sqlite3ExprCode(pParse, pChanges->a[j].pExpr);
-      }
-    }
-
-    /* Do constraint checks
-    */
-    sqlite3GenerateConstraintChecks(pParse, pTab, iCur, aIdxUsed, chngRowid, 1,
-                                   onError, addr);
-
-    /* Delete the old indices for the current record.
-    */
-    sqlite3GenerateRowIndexDelete(db, v, pTab, iCur, aIdxUsed);
-
-    /* If changing the record number, delete the old record.
-    */
-    if( chngRowid ){
-      sqlite3VdbeAddOp(v, OP_Delete, iCur, 0);
-    }
-
-    /* Create the new index entries and the new record.
-    */
-    sqlite3CompleteInsertion(pParse, pTab, iCur, aIdxUsed, chngRowid, 1, -1);
-  }
-
-  /* Increment the row counter 
-  */
-  if( db->flags & SQLITE_CountRows && !pParse->trigStack){
-    sqlite3VdbeAddOp(v, OP_AddImm, 1, 0);
-  }
-
-  /* If there are triggers, close all the cursors after each iteration
-  ** through the loop.  The fire the after triggers.
-  */
-  if( triggers_exist ){
-    if( !isView ){
-      for(i=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, i++){
-        if( openAll || aIdxUsed[i] )
-          sqlite3VdbeAddOp(v, OP_Close, iCur+i+1, 0);
-      }
-      sqlite3VdbeAddOp(v, OP_Close, iCur, 0);
-    }
-    if( sqlite3CodeRowTrigger(pParse, TK_UPDATE, pChanges, TRIGGER_AFTER, pTab, 
-          newIdx, oldIdx, onError, addr) ){
-      goto update_cleanup;
-    }
-  }
-
-  /* Repeat the above with the next record to be updated, until
-  ** all record selected by the WHERE clause have been updated.
-  */
-  sqlite3VdbeAddOp(v, OP_Goto, 0, addr);
-  sqlite3VdbeChangeP2(v, addr, sqlite3VdbeCurrentAddr(v));
-  sqlite3VdbeAddOp(v, OP_ListReset, 0, 0);
-
-  /* Close all tables if there were no FOR EACH ROW triggers */
-  if( !triggers_exist ){
-    for(i=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, i++){
-      if( openAll || aIdxUsed[i] ){
-        sqlite3VdbeAddOp(v, OP_Close, iCur+i+1, 0);
-      }
-    }
-    sqlite3VdbeAddOp(v, OP_Close, iCur, 0);
-  }else{
-    sqlite3VdbeAddOp(v, OP_Close, newIdx, 0);
-    sqlite3VdbeAddOp(v, OP_Close, oldIdx, 0);
-  }
-
-  /*
-  ** Return the number of rows that were changed. If this routine is 
-  ** generating code because of a call to sqlite3NestedParse(), do not
-  ** invoke the callback function.
-  */
-  if( db->flags & SQLITE_CountRows && !pParse->trigStack && pParse->nested==0 ){
-    sqlite3VdbeAddOp(v, OP_Callback, 1, 0);
-    sqlite3VdbeSetNumCols(v, 1);
-    sqlite3VdbeSetColName(v, 0, "rows updated", P3_STATIC);
-  }
-
-update_cleanup:
-  sqlite3AuthContextPop(&sContext);
-  sqliteFree(apIdx);
-  sqliteFree(aXRef);
-  sqlite3SrcListDelete(pTabList);
-  sqlite3ExprListDelete(pChanges);
-  sqlite3ExprDelete(pWhere);
-  return;
-}
--- a/mozilla/security/nss/lib/sqlite/utf.c
+++ b/mozilla/security/nss/lib/sqlite/utf.c
@@ -1,570 +0,0 @@
-/*
-** 2004 April 13
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains routines used to translate between UTF-8, 
-** UTF-16, UTF-16BE, and UTF-16LE.
-**
-** $Id: utf.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-**
-** Notes on UTF-8:
-**
-**   Byte-0    Byte-1    Byte-2    Byte-3    Value
-**  0xxxxxxx                                 00000000 00000000 0xxxxxxx
-**  110yyyyy  10xxxxxx                       00000000 00000yyy yyxxxxxx
-**  1110zzzz  10yyyyyy  10xxxxxx             00000000 zzzzyyyy yyxxxxxx
-**  11110uuu  10uuzzzz  10yyyyyy  10xxxxxx   000uuuuu zzzzyyyy yyxxxxxx
-**
-**
-** Notes on UTF-16:  (with wwww+1==uuuuu)
-**
-**      Word-0               Word-1          Value
-**  110110ww wwzzzzyy   110111yy yyxxxxxx    000uuuuu zzzzyyyy yyxxxxxx
-**  zzzzyyyy yyxxxxxx                        00000000 zzzzyyyy yyxxxxxx
-**
-**
-** BOM or Byte Order Mark:
-**     0xff 0xfe   little-endian utf-16 follows
-**     0xfe 0xff   big-endian utf-16 follows
-**
-**
-** Handling of malformed strings:
-**
-** SQLite accepts and processes malformed strings without an error wherever
-** possible. However this is not possible when converting between UTF-8 and
-** UTF-16.
-**
-** When converting malformed UTF-8 strings to UTF-16, one instance of the
-** replacement character U+FFFD for each byte that cannot be interpeted as
-** part of a valid unicode character.
-**
-** When converting malformed UTF-16 strings to UTF-8, one instance of the
-** replacement character U+FFFD for each pair of bytes that cannot be
-** interpeted as part of a valid unicode character.
-**
-** This file contains the following public routines:
-**
-** sqlite3VdbeMemTranslate() - Translate the encoding used by a Mem* string.
-** sqlite3VdbeMemHandleBom() - Handle byte-order-marks in UTF16 Mem* strings.
-** sqlite3utf16ByteLen()     - Calculate byte-length of a void* UTF16 string.
-** sqlite3utf8CharLen()      - Calculate char-length of a char* UTF8 string.
-** sqlite3utf8LikeCompare()  - Do a LIKE match given two UTF8 char* strings.
-**
-*/
-#include "sqliteInt.h"
-#include <assert.h>
-#include "vdbeInt.h"
-
-/*
-** This table maps from the first byte of a UTF-8 character to the number
-** of trailing bytes expected. A value '255' indicates that the table key
-** is not a legal first byte for a UTF-8 character.
-*/
-static const u8 xtra_utf8_bytes[256]  = {
-/* 0xxxxxxx */
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
-
-/* 10wwwwww */
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-
-/* 110yyyyy */
-1, 1, 1, 1, 1, 1, 1, 1,     1, 1, 1, 1, 1, 1, 1, 1,
-1, 1, 1, 1, 1, 1, 1, 1,     1, 1, 1, 1, 1, 1, 1, 1,
-
-/* 1110zzzz */
-2, 2, 2, 2, 2, 2, 2, 2,     2, 2, 2, 2, 2, 2, 2, 2,
-
-/* 11110yyy */
-3, 3, 3, 3, 3, 3, 3, 3,     255, 255, 255, 255, 255, 255, 255, 255,
-};
-
-/*
-** This table maps from the number of trailing bytes in a UTF-8 character
-** to an integer constant that is effectively calculated for each character
-** read by a naive implementation of a UTF-8 character reader. The code
-** in the READ_UTF8 macro explains things best.
-*/
-static const int xtra_utf8_bits[4] =  {
-0,
-12416,          /* (0xC0 << 6) + (0x80) */
-925824,         /* (0xE0 << 12) + (0x80 << 6) + (0x80) */
-63447168        /* (0xF0 << 18) + (0x80 << 12) + (0x80 << 6) + 0x80 */
-};
-
-#define READ_UTF8(zIn, c) { \
-  int xtra;                                            \
-  c = *(zIn)++;                                        \
-  xtra = xtra_utf8_bytes[c];                           \
-  switch( xtra ){                                      \
-    case 255: c = (int)0xFFFD; break;                  \
-    case 3: c = (c<<6) + *(zIn)++;                     \
-    case 2: c = (c<<6) + *(zIn)++;                     \
-    case 1: c = (c<<6) + *(zIn)++;                     \
-    c -= xtra_utf8_bits[xtra];                         \
-  }                                                    \
-}
-int sqlite3ReadUtf8(const unsigned char *z){
-  int c;
-  READ_UTF8(z, c);
-  return c;
-}
-
-#define SKIP_UTF8(zIn) {                               \
-  zIn += (xtra_utf8_bytes[*(u8 *)zIn] + 1);            \
-}
-
-#define WRITE_UTF8(zOut, c) {                          \
-  if( c<0x00080 ){                                     \
-    *zOut++ = (c&0xFF);                                \
-  }                                                    \
-  else if( c<0x00800 ){                                \
-    *zOut++ = 0xC0 + ((c>>6)&0x1F);                    \
-    *zOut++ = 0x80 + (c & 0x3F);                       \
-  }                                                    \
-  else if( c<0x10000 ){                                \
-    *zOut++ = 0xE0 + ((c>>12)&0x0F);                   \
-    *zOut++ = 0x80 + ((c>>6) & 0x3F);                  \
-    *zOut++ = 0x80 + (c & 0x3F);                       \
-  }else{                                               \
-    *zOut++ = 0xF0 + ((c>>18) & 0x07);                 \
-    *zOut++ = 0x80 + ((c>>12) & 0x3F);                 \
-    *zOut++ = 0x80 + ((c>>6) & 0x3F);                  \
-    *zOut++ = 0x80 + (c & 0x3F);                       \
-  }                                                    \
-}
-
-#define WRITE_UTF16LE(zOut, c) {                                \
-  if( c<=0xFFFF ){                                              \
-    *zOut++ = (c&0x00FF);                                       \
-    *zOut++ = ((c>>8)&0x00FF);                                  \
-  }else{                                                        \
-    *zOut++ = (((c>>10)&0x003F) + (((c-0x10000)>>10)&0x00C0));  \
-    *zOut++ = (0x00D8 + (((c-0x10000)>>18)&0x03));              \
-    *zOut++ = (c&0x00FF);                                       \
-    *zOut++ = (0x00DC + ((c>>8)&0x03));                         \
-  }                                                             \
-}
-
-#define WRITE_UTF16BE(zOut, c) {                                \
-  if( c<=0xFFFF ){                                              \
-    *zOut++ = ((c>>8)&0x00FF);                                  \
-    *zOut++ = (c&0x00FF);                                       \
-  }else{                                                        \
-    *zOut++ = (0x00D8 + (((c-0x10000)>>18)&0x03));              \
-    *zOut++ = (((c>>10)&0x003F) + (((c-0x10000)>>10)&0x00C0));  \
-    *zOut++ = (0x00DC + ((c>>8)&0x03));                         \
-    *zOut++ = (c&0x00FF);                                       \
-  }                                                             \
-}
-
-#define READ_UTF16LE(zIn, c){                                         \
-  c = (*zIn++);                                                       \
-  c += ((*zIn++)<<8);                                                 \
-  if( c>=0xD800 && c<=0xE000 ){                                       \
-    int c2 = (*zIn++);                                                \
-    c2 += ((*zIn++)<<8);                                              \
-    c = (c2&0x03FF) + ((c&0x003F)<<10) + (((c&0x03C0)+0x0040)<<10);   \
-  }                                                                   \
-}
-
-#define READ_UTF16BE(zIn, c){                                         \
-  c = ((*zIn++)<<8);                                                  \
-  c += (*zIn++);                                                      \
-  if( c>=0xD800 && c<=0xE000 ){                                       \
-    int c2 = ((*zIn++)<<8);                                           \
-    c2 += (*zIn++);                                                   \
-    c = (c2&0x03FF) + ((c&0x003F)<<10) + (((c&0x03C0)+0x0040)<<10);   \
-  }                                                                   \
-}
-
-#define SKIP_UTF16BE(zIn){                                            \
-  if( *zIn>=0xD8 && (*zIn<0xE0 || (*zIn==0xE0 && *(zIn+1)==0x00)) ){  \
-    zIn += 4;                                                         \
-  }else{                                                              \
-    zIn += 2;                                                         \
-  }                                                                   \
-}
-#define SKIP_UTF16LE(zIn){                                            \
-  zIn++;                                                              \
-  if( *zIn>=0xD8 && (*zIn<0xE0 || (*zIn==0xE0 && *(zIn-1)==0x00)) ){  \
-    zIn += 3;                                                         \
-  }else{                                                              \
-    zIn += 1;                                                         \
-  }                                                                   \
-}
-
-#define RSKIP_UTF16LE(zIn){                                            \
-  if( *zIn>=0xD8 && (*zIn<0xE0 || (*zIn==0xE0 && *(zIn-1)==0x00)) ){  \
-    zIn -= 4;                                                         \
-  }else{                                                              \
-    zIn -= 2;                                                         \
-  }                                                                   \
-}
-#define RSKIP_UTF16BE(zIn){                                            \
-  zIn--;                                                              \
-  if( *zIn>=0xD8 && (*zIn<0xE0 || (*zIn==0xE0 && *(zIn+1)==0x00)) ){  \
-    zIn -= 3;                                                         \
-  }else{                                                              \
-    zIn -= 1;                                                         \
-  }                                                                   \
-}
-
-/*
-** If the TRANSLATE_TRACE macro is defined, the value of each Mem is
-** printed on stderr on the way into and out of sqlite3VdbeMemTranslate().
-*/ 
-/* #define TRANSLATE_TRACE 1 */
-
-#ifndef SQLITE_OMIT_UTF16
-/*
-** This routine transforms the internal text encoding used by pMem to
-** desiredEnc. It is an error if the string is already of the desired
-** encoding, or if *pMem does not contain a string value.
-*/
-int sqlite3VdbeMemTranslate(Mem *pMem, u8 desiredEnc){
-  unsigned char zShort[NBFS]; /* Temporary short output buffer */
-  int len;                    /* Maximum length of output string in bytes */
-  unsigned char *zOut;                  /* Output buffer */
-  unsigned char *zIn;                   /* Input iterator */
-  unsigned char *zTerm;                 /* End of input */
-  unsigned char *z;                     /* Output iterator */
-  int c;
-
-  assert( pMem->flags&MEM_Str );
-  assert( pMem->enc!=desiredEnc );
-  assert( pMem->enc!=0 );
-  assert( pMem->n>=0 );
-
-#if defined(TRANSLATE_TRACE) && defined(SQLITE_DEBUG)
-  {
-    char zBuf[100];
-    sqlite3VdbeMemPrettyPrint(pMem, zBuf, 100);
-    fprintf(stderr, "INPUT:  %s\n", zBuf);
-  }
-#endif
-
-  /* If the translation is between UTF-16 little and big endian, then 
-  ** all that is required is to swap the byte order. This case is handled
-  ** differently from the others.
-  */
-  if( pMem->enc!=SQLITE_UTF8 && desiredEnc!=SQLITE_UTF8 ){
-    u8 temp;
-    int rc;
-    rc = sqlite3VdbeMemMakeWriteable(pMem);
-    if( rc!=SQLITE_OK ){
-      assert( rc==SQLITE_NOMEM );
-      return SQLITE_NOMEM;
-    }
-    zIn = pMem->z;
-    zTerm = &zIn[pMem->n];
-    while( zIn<zTerm ){
-      temp = *zIn;
-      *zIn = *(zIn+1);
-      zIn++;
-      *zIn++ = temp;
-    }
-    pMem->enc = desiredEnc;
-    goto translate_out;
-  }
-
-  /* Set len to the maximum number of bytes required in the output buffer. */
-  if( desiredEnc==SQLITE_UTF8 ){
-    /* When converting from UTF-16, the maximum growth results from
-    ** translating a 2-byte character to a 3-byte UTF-8 character (i.e.
-    ** code-point 0xFFFC). A single byte is required for the output string
-    ** nul-terminator.
-    */
-    len = (pMem->n/2) * 3 + 1;
-  }else{
-    /* When converting from UTF-8 to UTF-16 the maximum growth is caused
-    ** when a 1-byte UTF-8 character is translated into a 2-byte UTF-16
-    ** character. Two bytes are required in the output buffer for the
-    ** nul-terminator.
-    */
-    len = pMem->n * 2 + 2;
-  }
-
-  /* Set zIn to point at the start of the input buffer and zTerm to point 1
-  ** byte past the end.
-  **
-  ** Variable zOut is set to point at the output buffer. This may be space
-  ** obtained from malloc(), or Mem.zShort, if it large enough and not in
-  ** use, or the zShort array on the stack (see above).
-  */
-  zIn = pMem->z;
-  zTerm = &zIn[pMem->n];
-  if( len>NBFS ){
-    zOut = sqliteMallocRaw(len);
-    if( !zOut ) return SQLITE_NOMEM;
-  }else{
-    zOut = zShort;
-  }
-  z = zOut;
-
-  if( pMem->enc==SQLITE_UTF8 ){
-    if( desiredEnc==SQLITE_UTF16LE ){
-      /* UTF-8 -> UTF-16 Little-endian */
-      while( zIn<zTerm ){
-        READ_UTF8(zIn, c); 
-        WRITE_UTF16LE(z, c);
-      }
-    }else{
-      assert( desiredEnc==SQLITE_UTF16BE );
-      /* UTF-8 -> UTF-16 Big-endian */
-      while( zIn<zTerm ){
-        READ_UTF8(zIn, c); 
-        WRITE_UTF16BE(z, c);
-      }
-    }
-    pMem->n = z - zOut;
-    *z++ = 0;
-  }else{
-    assert( desiredEnc==SQLITE_UTF8 );
-    if( pMem->enc==SQLITE_UTF16LE ){
-      /* UTF-16 Little-endian -> UTF-8 */
-      while( zIn<zTerm ){
-        READ_UTF16LE(zIn, c); 
-        WRITE_UTF8(z, c);
-      }
-    }else{
-      /* UTF-16 Little-endian -> UTF-8 */
-      while( zIn<zTerm ){
-        READ_UTF16BE(zIn, c); 
-        WRITE_UTF8(z, c);
-      }
-    }
-    pMem->n = z - zOut;
-  }
-  *z = 0;
-  assert( (pMem->n+(desiredEnc==SQLITE_UTF8?1:2))<=len );
-
-  sqlite3VdbeMemRelease(pMem);
-  pMem->flags &= ~(MEM_Static|MEM_Dyn|MEM_Ephem|MEM_Short);
-  pMem->enc = desiredEnc;
-  if( zOut==zShort ){
-    memcpy(pMem->zShort, zOut, len);
-    zOut = pMem->zShort;
-    pMem->flags |= (MEM_Term|MEM_Short);
-  }else{
-    pMem->flags |= (MEM_Term|MEM_Dyn);
-  }
-  pMem->z = zOut;
-
-translate_out:
-#if defined(TRANSLATE_TRACE) && defined(SQLITE_DEBUG)
-  {
-    char zBuf[100];
-    sqlite3VdbeMemPrettyPrint(pMem, zBuf, 100);
-    fprintf(stderr, "OUTPUT: %s\n", zBuf);
-  }
-#endif
-  return SQLITE_OK;
-}
-
-/*
-** This routine checks for a byte-order mark at the beginning of the 
-** UTF-16 string stored in *pMem. If one is present, it is removed and
-** the encoding of the Mem adjusted. This routine does not do any
-** byte-swapping, it just sets Mem.enc appropriately.
-**
-** The allocation (static, dynamic etc.) and encoding of the Mem may be
-** changed by this function.
-*/
-int sqlite3VdbeMemHandleBom(Mem *pMem){
-  int rc = SQLITE_OK;
-  u8 bom = 0;
-
-  if( pMem->n<0 || pMem->n>1 ){
-    u8 b1 = *(u8 *)pMem->z;
-    u8 b2 = *(((u8 *)pMem->z) + 1);
-    if( b1==0xFE && b2==0xFF ){
-      bom = SQLITE_UTF16BE;
-    }
-    if( b1==0xFF && b2==0xFE ){
-      bom = SQLITE_UTF16LE;
-    }
-  }
-  
-  if( bom ){
-    /* This function is called as soon as a string is stored in a Mem*,
-    ** from within sqlite3VdbeMemSetStr(). At that point it is not possible
-    ** for the string to be stored in Mem.zShort, or for it to be stored
-    ** in dynamic memory with no destructor.
-    */
-    assert( !(pMem->flags&MEM_Short) );
-    assert( !(pMem->flags&MEM_Dyn) || pMem->xDel );
-    if( pMem->flags & MEM_Dyn ){
-      void (*xDel)(void*) = pMem->xDel;
-      char *z = pMem->z;
-      pMem->z = 0;
-      pMem->xDel = 0;
-      rc = sqlite3VdbeMemSetStr(pMem, &z[2], pMem->n-2, bom, SQLITE_TRANSIENT);
-      xDel(z);
-    }else{
-      rc = sqlite3VdbeMemSetStr(pMem, &pMem->z[2], pMem->n-2, bom, 
-          SQLITE_TRANSIENT);
-    }
-  }
-  return rc;
-}
-#endif /* SQLITE_OMIT_UTF16 */
-
-/*
-** pZ is a UTF-8 encoded unicode string. If nByte is less than zero,
-** return the number of unicode characters in pZ up to (but not including)
-** the first 0x00 byte. If nByte is not less than zero, return the
-** number of unicode characters in the first nByte of pZ (or up to 
-** the first 0x00, whichever comes first).
-*/
-int sqlite3utf8CharLen(const char *z, int nByte){
-  int r = 0;
-  const char *zTerm;
-  if( nByte>=0 ){
-    zTerm = &z[nByte];
-  }else{
-    zTerm = (const char *)(-1);
-  }
-  assert( z<=zTerm );
-  while( *z!=0 && z<zTerm ){
-    SKIP_UTF8(z);
-    r++;
-  }
-  return r;
-}
-
-#ifndef SQLITE_OMIT_UTF16
-/*
-** pZ is a UTF-16 encoded unicode string. If nChar is less than zero,
-** return the number of bytes up to (but not including), the first pair
-** of consecutive 0x00 bytes in pZ. If nChar is not less than zero,
-** then return the number of bytes in the first nChar unicode characters
-** in pZ (or up until the first pair of 0x00 bytes, whichever comes first).
-*/
-int sqlite3utf16ByteLen(const void *zIn, int nChar){
-  int c = 1;
-  char const *z = zIn;
-  int n = 0;
-  if( SQLITE_UTF16NATIVE==SQLITE_UTF16BE ){
-    while( c && ((nChar<0) || n<nChar) ){
-      READ_UTF16BE(z, c);
-      n++;
-    }
-  }else{
-    while( c && ((nChar<0) || n<nChar) ){
-      READ_UTF16LE(z, c);
-      n++;
-    }
-  }
-  return (z-(char const *)zIn)-((c==0)?2:0);
-}
-
-/*
-** UTF-16 implementation of the substr()
-*/
-void sqlite3utf16Substr(
-  sqlite3_context *context,
-  int argc,
-  sqlite3_value **argv
-){
-  int y, z;
-  unsigned char const *zStr;
-  unsigned char const *zStrEnd;
-  unsigned char const *zStart;
-  unsigned char const *zEnd;
-  int i;
-
-  zStr = (unsigned char const *)sqlite3_value_text16(argv[0]);
-  zStrEnd = &zStr[sqlite3_value_bytes16(argv[0])];
-  y = sqlite3_value_int(argv[1]);
-  z = sqlite3_value_int(argv[2]);
-
-  if( y>0 ){
-    y = y-1;
-    zStart = zStr;
-    if( SQLITE_UTF16BE==SQLITE_UTF16NATIVE ){
-      for(i=0; i<y && zStart<zStrEnd; i++) SKIP_UTF16BE(zStart);
-    }else{
-      for(i=0; i<y && zStart<zStrEnd; i++) SKIP_UTF16LE(zStart);
-    }
-  }else{
-    zStart = zStrEnd;
-    if( SQLITE_UTF16BE==SQLITE_UTF16NATIVE ){
-      for(i=y; i<0 && zStart>zStr; i++) RSKIP_UTF16BE(zStart);
-    }else{
-      for(i=y; i<0 && zStart>zStr; i++) RSKIP_UTF16LE(zStart);
-    }
-    for(; i<0; i++) z -= 1;
-  }
-
-  zEnd = zStart;
-  if( SQLITE_UTF16BE==SQLITE_UTF16NATIVE ){
-    for(i=0; i<z && zEnd<zStrEnd; i++) SKIP_UTF16BE(zEnd);
-  }else{
-    for(i=0; i<z && zEnd<zStrEnd; i++) SKIP_UTF16LE(zEnd);
-  }
-
-  sqlite3_result_text16(context, zStart, zEnd-zStart, SQLITE_TRANSIENT);
-}
-
-#if defined(SQLITE_TEST)
-/*
-** This routine is called from the TCL test function "translate_selftest".
-** It checks that the primitives for serializing and deserializing
-** characters in each encoding are inverses of each other.
-*/
-void sqlite3utfSelfTest(){
-  int i;
-  unsigned char zBuf[20];
-  unsigned char *z;
-  int n;
-  int c;
-
-  for(i=0; i<0x00110000; i++){
-    z = zBuf;
-    WRITE_UTF8(z, i);
-    n = z-zBuf;
-    z = zBuf;
-    READ_UTF8(z, c);
-    assert( c==i );
-    assert( (z-zBuf)==n );
-  }
-  for(i=0; i<0x00110000; i++){
-    if( i>=0xD800 && i<=0xE000 ) continue;
-    z = zBuf;
-    WRITE_UTF16LE(z, i);
-    n = z-zBuf;
-    z = zBuf;
-    READ_UTF16LE(z, c);
-    assert( c==i );
-    assert( (z-zBuf)==n );
-  }
-  for(i=0; i<0x00110000; i++){
-    if( i>=0xD800 && i<=0xE000 ) continue;
-    z = zBuf;
-    WRITE_UTF16BE(z, i);
-    n = z-zBuf;
-    z = zBuf;
-    READ_UTF16BE(z, c);
-    assert( c==i );
-    assert( (z-zBuf)==n );
-  }
-}
-#endif /* SQLITE_TEST */
-#endif /* SQLITE_OMIT_UTF16 */
--- a/mozilla/security/nss/lib/sqlite/util.c
+++ b/mozilla/security/nss/lib/sqlite/util.c
@@ -1,964 +0,0 @@
-/*
-** 2001 September 15
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** Utility functions used throughout sqlite.
-**
-** This file contains functions for allocating memory, comparing
-** strings, and stuff like that.
-**
-** $Id: util.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include <stdarg.h>
-#include <ctype.h>
-
-#if SQLITE_MEMDEBUG>2 && defined(__GLIBC__)
-#include <execinfo.h>
-void print_stack_trace(){
-  void *bt[30];
-  int i;
-  int n = backtrace(bt, 30);
-
-  fprintf(stderr, "STACK: ");
-  for(i=0; i<n;i++){
-    fprintf(stderr, "%p ", bt[i]);
-  }
-  fprintf(stderr, "\n");
-}
-#else
-#define print_stack_trace()
-#endif
-
-/*
-** If malloc() ever fails, this global variable gets set to 1.
-** This causes the library to abort and never again function.
-*/
-int sqlite3_malloc_failed = 0;
-
-/*
-** If SQLITE_MEMDEBUG is defined, then use versions of malloc() and
-** free() that track memory usage and check for buffer overruns.
-*/
-#ifdef SQLITE_MEMDEBUG
-
-/*
-** For keeping track of the number of mallocs and frees.   This
-** is used to check for memory leaks.  The iMallocFail and iMallocReset
-** values are used to simulate malloc() failures during testing in 
-** order to verify that the library correctly handles an out-of-memory
-** condition.
-*/
-int sqlite3_nMalloc;         /* Number of sqliteMalloc() calls */
-int sqlite3_nFree;           /* Number of sqliteFree() calls */
-int sqlite3_iMallocFail;     /* Fail sqliteMalloc() after this many calls */
-int sqlite3_iMallocReset = -1; /* When iMallocFail reaches 0, set to this */
-#if SQLITE_MEMDEBUG>1
-static int memcnt = 0;
-#endif
-
-/*
-** Number of 32-bit guard words.  This should probably be a multiple of
-** 2 since on 64-bit machines we want the value returned by sqliteMalloc()
-** to be 8-byte aligned.
-*/
-#define N_GUARD 2
-
-/*
-** Allocate new memory and set it to zero.  Return NULL if
-** no memory is available.
-*/
-void *sqlite3Malloc_(int n, int bZero, char *zFile, int line){
-  void *p;
-  int *pi;
-  int i, k;
-  if( sqlite3_iMallocFail>=0 ){
-    sqlite3_iMallocFail--;
-    if( sqlite3_iMallocFail==0 ){
-      sqlite3_malloc_failed++;
-#if SQLITE_MEMDEBUG>1
-      fprintf(stderr,"**** failed to allocate %d bytes at %s:%d\n",
-              n, zFile,line);
-#endif
-      sqlite3_iMallocFail = sqlite3_iMallocReset;
-      return 0;
-    }
-  }
-  if( n==0 ) return 0;
-  k = (n+sizeof(int)-1)/sizeof(int);
-  pi = malloc( (N_GUARD*2+1+k)*sizeof(int));
-  if( pi==0 ){
-    if( n>0 ) sqlite3_malloc_failed++;
-    return 0;
-  }
-  sqlite3_nMalloc++;
-  for(i=0; i<N_GUARD; i++) pi[i] = 0xdead1122;
-  pi[N_GUARD] = n;
-  for(i=0; i<N_GUARD; i++) pi[k+1+N_GUARD+i] = 0xdead3344;
-  p = &pi[N_GUARD+1];
-  memset(p, bZero==0, n);
-#if SQLITE_MEMDEBUG>1
-  print_stack_trace();
-  fprintf(stderr,"%06d malloc %d bytes at 0x%x from %s:%d\n",
-      ++memcnt, n, (int)p, zFile,line);
-#endif
-  return p;
-}
-
-/*
-** This version of malloc is always a real function, never a macro
-*/
-void *sqlite3MallocX(int n){
-  return sqlite3Malloc_(n, 0, __FILE__, __LINE__);
-}
-
-/*
-** Check to see if the given pointer was obtained from sqliteMalloc()
-** and is able to hold at least N bytes.  Raise an exception if this
-** is not the case.
-**
-** This routine is used for testing purposes only.
-*/
-void sqlite3CheckMemory(void *p, int N){
-  int *pi = p;
-  int n, i, k;
-  pi -= N_GUARD+1;
-  for(i=0; i<N_GUARD; i++){
-    assert( pi[i]==0xdead1122 );
-  }
-  n = pi[N_GUARD];
-  assert( N>=0 && N<n );
-  k = (n+sizeof(int)-1)/sizeof(int);
-  for(i=0; i<N_GUARD; i++){
-    assert( pi[k+N_GUARD+1+i]==0xdead3344 );
-  }
-}
-
-/*
-** Free memory previously obtained from sqliteMalloc()
-*/
-void sqlite3Free_(void *p, char *zFile, int line){
-  if( p ){
-    int *pi, i, k, n;
-    pi = p;
-    pi -= N_GUARD+1;
-    sqlite3_nFree++;
-    for(i=0; i<N_GUARD; i++){
-      if( pi[i]!=0xdead1122 ){
-        fprintf(stderr,"Low-end memory corruption at 0x%x\n", (int)p);
-        return;
-      }
-    }
-    n = pi[N_GUARD];
-    k = (n+sizeof(int)-1)/sizeof(int);
-    for(i=0; i<N_GUARD; i++){
-      if( pi[k+N_GUARD+1+i]!=0xdead3344 ){
-        fprintf(stderr,"High-end memory corruption at 0x%x\n", (int)p);
-        return;
-      }
-    }
-    memset(pi, 0xff, (k+N_GUARD*2+1)*sizeof(int));
-#if SQLITE_MEMDEBUG>1
-    fprintf(stderr,"%06d free %d bytes at 0x%x from %s:%d\n",
-         ++memcnt, n, (int)p, zFile,line);
-#endif
-    free(pi);
-  }
-}
-
-/*
-** Resize a prior allocation.  If p==0, then this routine
-** works just like sqliteMalloc().  If n==0, then this routine
-** works just like sqliteFree().
-*/
-void *sqlite3Realloc_(void *oldP, int n, char *zFile, int line){
-  int *oldPi, *pi, i, k, oldN, oldK;
-  void *p;
-  if( oldP==0 ){
-    return sqlite3Malloc_(n,1,zFile,line);
-  }
-  if( n==0 ){
-    sqlite3Free_(oldP,zFile,line);
-    return 0;
-  }
-  oldPi = oldP;
-  oldPi -= N_GUARD+1;
-  if( oldPi[0]!=0xdead1122 ){
-    fprintf(stderr,"Low-end memory corruption in realloc at 0x%x\n", (int)oldP);
-    return 0;
-  }
-  oldN = oldPi[N_GUARD];
-  oldK = (oldN+sizeof(int)-1)/sizeof(int);
-  for(i=0; i<N_GUARD; i++){
-    if( oldPi[oldK+N_GUARD+1+i]!=0xdead3344 ){
-      fprintf(stderr,"High-end memory corruption in realloc at 0x%x\n",
-              (int)oldP);
-      return 0;
-    }
-  }
-  k = (n + sizeof(int) - 1)/sizeof(int);
-  pi = malloc( (k+N_GUARD*2+1)*sizeof(int) );
-  if( pi==0 ){
-    if( n>0 ) sqlite3_malloc_failed++;
-    return 0;
-  }
-  for(i=0; i<N_GUARD; i++) pi[i] = 0xdead1122;
-  pi[N_GUARD] = n;
-  for(i=0; i<N_GUARD; i++) pi[k+N_GUARD+1+i] = 0xdead3344;
-  p = &pi[N_GUARD+1];
-  memcpy(p, oldP, n>oldN ? oldN : n);
-  if( n>oldN ){
-    memset(&((char*)p)[oldN], 0x55, n-oldN);
-  }
-  memset(oldPi, 0xab, (oldK+N_GUARD+2)*sizeof(int));
-  free(oldPi);
-#if SQLITE_MEMDEBUG>1
-  print_stack_trace();
-  fprintf(stderr,"%06d realloc %d to %d bytes at 0x%x to 0x%x at %s:%d\n",
-    ++memcnt, oldN, n, (int)oldP, (int)p, zFile, line);
-#endif
-  return p;
-}
-
-/*
-** Make a copy of a string in memory obtained from sqliteMalloc()
-*/
-char *sqlite3StrDup_(const char *z, char *zFile, int line){
-  char *zNew;
-  if( z==0 ) return 0;
-  zNew = sqlite3Malloc_(strlen(z)+1, 0, zFile, line);
-  if( zNew ) strcpy(zNew, z);
-  return zNew;
-}
-char *sqlite3StrNDup_(const char *z, int n, char *zFile, int line){
-  char *zNew;
-  if( z==0 ) return 0;
-  zNew = sqlite3Malloc_(n+1, 0, zFile, line);
-  if( zNew ){
-    memcpy(zNew, z, n);
-    zNew[n] = 0;
-  }
-  return zNew;
-}
-
-/*
-** A version of sqliteFree that is always a function, not a macro.
-*/
-void sqlite3FreeX(void *p){
-  sqliteFree(p);
-}
-#endif /* SQLITE_MEMDEBUG */
-
-/*
-** The following versions of malloc() and free() are for use in a
-** normal build.
-*/
-#if !defined(SQLITE_MEMDEBUG)
-
-/*
-** Allocate new memory and set it to zero.  Return NULL if
-** no memory is available.  See also sqliteMallocRaw().
-*/
-void *sqlite3Malloc(int n){
-  void *p;
-  if( (p = malloc(n))==0 ){
-    if( n>0 ) sqlite3_malloc_failed++;
-  }else{
-    memset(p, 0, n);
-  }
-  return p;
-}
-
-/*
-** Allocate new memory but do not set it to zero.  Return NULL if
-** no memory is available.  See also sqliteMalloc().
-*/
-void *sqlite3MallocRaw(int n){
-  void *p;
-  if( (p = malloc(n))==0 ){
-    if( n>0 ) sqlite3_malloc_failed++;
-  }
-  return p;
-}
-
-/*
-** Free memory previously obtained from sqliteMalloc()
-*/
-void sqlite3FreeX(void *p){
-  if( p ){
-    free(p);
-  }
-}
-
-/*
-** Resize a prior allocation.  If p==0, then this routine
-** works just like sqliteMalloc().  If n==0, then this routine
-** works just like sqliteFree().
-*/
-void *sqlite3Realloc(void *p, int n){
-  void *p2;
-  if( p==0 ){
-    return sqliteMalloc(n);
-  }
-  if( n==0 ){
-    sqliteFree(p);
-    return 0;
-  }
-  p2 = realloc(p, n);
-  if( p2==0 ){
-    if( n>0 ) sqlite3_malloc_failed++;
-  }
-  return p2;
-}
-
-/*
-** Make a copy of a string in memory obtained from sqliteMalloc()
-*/
-char *sqlite3StrDup(const char *z){
-  char *zNew;
-  if( z==0 ) return 0;
-  zNew = sqliteMallocRaw(strlen(z)+1);
-  if( zNew ) strcpy(zNew, z);
-  return zNew;
-}
-char *sqlite3StrNDup(const char *z, int n){
-  char *zNew;
-  if( z==0 ) return 0;
-  zNew = sqliteMallocRaw(n+1);
-  if( zNew ){
-    memcpy(zNew, z, n);
-    zNew[n] = 0;
-  }
-  return zNew;
-}
-#endif /* !defined(SQLITE_MEMDEBUG) */
-
-/*
-** Create a string from the 2nd and subsequent arguments (up to the
-** first NULL argument), store the string in memory obtained from
-** sqliteMalloc() and make the pointer indicated by the 1st argument
-** point to that string.  The 1st argument must either be NULL or 
-** point to memory obtained from sqliteMalloc().
-*/
-void sqlite3SetString(char **pz, ...){
-  va_list ap;
-  int nByte;
-  const char *z;
-  char *zResult;
-
-  if( pz==0 ) return;
-  nByte = 1;
-  va_start(ap, pz);
-  while( (z = va_arg(ap, const char*))!=0 ){
-    nByte += strlen(z);
-  }
-  va_end(ap);
-  sqliteFree(*pz);
-  *pz = zResult = sqliteMallocRaw( nByte );
-  if( zResult==0 ){
-    return;
-  }
-  *zResult = 0;
-  va_start(ap, pz);
-  while( (z = va_arg(ap, const char*))!=0 ){
-    strcpy(zResult, z);
-    zResult += strlen(zResult);
-  }
-  va_end(ap);
-#ifdef SQLITE_DEBUG
-#if SQLITE_DEBUG>1
-  fprintf(stderr,"string at 0x%x is %s\n", (int)*pz, *pz);
-#endif
-#endif
-}
-
-/*
-** Set the most recent error code and error string for the sqlite
-** handle "db". The error code is set to "err_code".
-**
-** If it is not NULL, string zFormat specifies the format of the
-** error string in the style of the printf functions: The following
-** format characters are allowed:
-**
-**      %s      Insert a string
-**      %z      A string that should be freed after use
-**      %d      Insert an integer
-**      %T      Insert a token
-**      %S      Insert the first element of a SrcList
-**
-** zFormat and any string tokens that follow it are assumed to be
-** encoded in UTF-8.
-**
-** To clear the most recent error for sqlite handle "db", sqlite3Error
-** should be called with err_code set to SQLITE_OK and zFormat set
-** to NULL.
-*/
-void sqlite3Error(sqlite3 *db, int err_code, const char *zFormat, ...){
-  if( db && (db->pErr || (db->pErr = sqlite3ValueNew())) ){
-    db->errCode = err_code;
-    if( zFormat ){
-      char *z;
-      va_list ap;
-      va_start(ap, zFormat);
-      z = sqlite3VMPrintf(zFormat, ap);
-      va_end(ap);
-      sqlite3ValueSetStr(db->pErr, -1, z, SQLITE_UTF8, sqlite3FreeX);
-    }else{
-      sqlite3ValueSetStr(db->pErr, 0, 0, SQLITE_UTF8, SQLITE_STATIC);
-    }
-  }
-}
-
-/*
-** Add an error message to pParse->zErrMsg and increment pParse->nErr.
-** The following formatting characters are allowed:
-**
-**      %s      Insert a string
-**      %z      A string that should be freed after use
-**      %d      Insert an integer
-**      %T      Insert a token
-**      %S      Insert the first element of a SrcList
-**
-** This function should be used to report any error that occurs whilst
-** compiling an SQL statement (i.e. within sqlite3_prepare()). The
-** last thing the sqlite3_prepare() function does is copy the error
-** stored by this function into the database handle using sqlite3Error().
-** Function sqlite3Error() should be used during statement execution
-** (sqlite3_step() etc.).
-*/
-void sqlite3ErrorMsg(Parse *pParse, const char *zFormat, ...){
-  va_list ap;
-  pParse->nErr++;
-  sqliteFree(pParse->zErrMsg);
-  va_start(ap, zFormat);
-  pParse->zErrMsg = sqlite3VMPrintf(zFormat, ap);
-  va_end(ap);
-}
-
-/*
-** Convert an SQL-style quoted string into a normal string by removing
-** the quote characters.  The conversion is done in-place.  If the
-** input does not begin with a quote character, then this routine
-** is a no-op.
-**
-** 2002-Feb-14: This routine is extended to remove MS-Access style
-** brackets from around identifers.  For example:  "[a-b-c]" becomes
-** "a-b-c".
-*/
-void sqlite3Dequote(char *z){
-  int quote;
-  int i, j;
-  if( z==0 ) return;
-  quote = z[0];
-  switch( quote ){
-    case '\'':  break;
-    case '"':   break;
-    case '[':   quote = ']';  break;
-    default:    return;
-  }
-  for(i=1, j=0; z[i]; i++){
-    if( z[i]==quote ){
-      if( z[i+1]==quote ){
-        z[j++] = quote;
-        i++;
-      }else{
-        z[j++] = 0;
-        break;
-      }
-    }else{
-      z[j++] = z[i];
-    }
-  }
-}
-
-/* An array to map all upper-case characters into their corresponding
-** lower-case character. 
-*/
-const unsigned char sqlite3UpperToLower[] = {
-      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15, 16, 17,
-     18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35,
-     36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
-     54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 97, 98, 99,100,101,102,103,
-    104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,
-    122, 91, 92, 93, 94, 95, 96, 97, 98, 99,100,101,102,103,104,105,106,107,
-    108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,
-    126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,
-    144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,
-    162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,
-    180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,
-    198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,
-    216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,
-    234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,
-    252,253,254,255
-};
-#define UpperToLower sqlite3UpperToLower
-
-/*
-** Some systems have stricmp().  Others have strcasecmp().  Because
-** there is no consistency, we will define our own.
-*/
-int sqlite3StrICmp(const char *zLeft, const char *zRight){
-  register unsigned char *a, *b;
-  a = (unsigned char *)zLeft;
-  b = (unsigned char *)zRight;
-  while( *a!=0 && UpperToLower[*a]==UpperToLower[*b]){ a++; b++; }
-  return UpperToLower[*a] - UpperToLower[*b];
-}
-int sqlite3StrNICmp(const char *zLeft, const char *zRight, int N){
-  register unsigned char *a, *b;
-  a = (unsigned char *)zLeft;
-  b = (unsigned char *)zRight;
-  while( N-- > 0 && *a!=0 && UpperToLower[*a]==UpperToLower[*b]){ a++; b++; }
-  return N<0 ? 0 : UpperToLower[*a] - UpperToLower[*b];
-}
-
-/*
-** Return TRUE if z is a pure numeric string.  Return FALSE if the
-** string contains any character which is not part of a number. If
-** the string is numeric and contains the '.' character, set *realnum
-** to TRUE (otherwise FALSE).
-**
-** An empty string is considered non-numeric.
-*/
-int sqlite3IsNumber(const char *z, int *realnum, u8 enc){
-  int incr = (enc==SQLITE_UTF8?1:2);
-  if( enc==SQLITE_UTF16BE ) z++;
-  if( *z=='-' || *z=='+' ) z += incr;
-  if( !isdigit(*(u8*)z) ){
-    return 0;
-  }
-  z += incr;
-  if( realnum ) *realnum = 0;
-  while( isdigit(*(u8*)z) ){ z += incr; }
-  if( *z=='.' ){
-    z += incr;
-    if( !isdigit(*(u8*)z) ) return 0;
-    while( isdigit(*(u8*)z) ){ z += incr; }
-    if( realnum ) *realnum = 1;
-  }
-  if( *z=='e' || *z=='E' ){
-    z += incr;
-    if( *z=='+' || *z=='-' ) z += incr;
-    if( !isdigit(*(u8*)z) ) return 0;
-    while( isdigit(*(u8*)z) ){ z += incr; }
-    if( realnum ) *realnum = 1;
-  }
-  return *z==0;
-}
-
-/*
-** The string z[] is an ascii representation of a real number.
-** Convert this string to a double.
-**
-** This routine assumes that z[] really is a valid number.  If it
-** is not, the result is undefined.
-**
-** This routine is used instead of the library atof() function because
-** the library atof() might want to use "," as the decimal point instead
-** of "." depending on how locale is set.  But that would cause problems
-** for SQL.  So this routine always uses "." regardless of locale.
-*/
-double sqlite3AtoF(const char *z, const char **pzEnd){
-  int sign = 1;
-  LONGDOUBLE_TYPE v1 = 0.0;
-  if( *z=='-' ){
-    sign = -1;
-    z++;
-  }else if( *z=='+' ){
-    z++;
-  }
-  while( isdigit(*(u8*)z) ){
-    v1 = v1*10.0 + (*z - '0');
-    z++;
-  }
-  if( *z=='.' ){
-    LONGDOUBLE_TYPE divisor = 1.0;
-    z++;
-    while( isdigit(*(u8*)z) ){
-      v1 = v1*10.0 + (*z - '0');
-      divisor *= 10.0;
-      z++;
-    }
-    v1 /= divisor;
-  }
-  if( *z=='e' || *z=='E' ){
-    int esign = 1;
-    int eval = 0;
-    LONGDOUBLE_TYPE scale = 1.0;
-    z++;
-    if( *z=='-' ){
-      esign = -1;
-      z++;
-    }else if( *z=='+' ){
-      z++;
-    }
-    while( isdigit(*(u8*)z) ){
-      eval = eval*10 + *z - '0';
-      z++;
-    }
-    while( eval>=64 ){ scale *= 1.0e+64; eval -= 64; }
-    while( eval>=16 ){ scale *= 1.0e+16; eval -= 16; }
-    while( eval>=4 ){ scale *= 1.0e+4; eval -= 4; }
-    while( eval>=1 ){ scale *= 1.0e+1; eval -= 1; }
-    if( esign<0 ){
-      v1 /= scale;
-    }else{
-      v1 *= scale;
-    }
-  }
-  if( pzEnd ) *pzEnd = z;
-  return sign<0 ? -v1 : v1;
-}
-
-/*
-** Return TRUE if zNum is a 64-bit signed integer and write
-** the value of the integer into *pNum.  If zNum is not an integer
-** or is an integer that is too large to be expressed with 64 bits,
-** then return false.  If n>0 and the integer is string is not
-** exactly n bytes long, return false.
-**
-** When this routine was originally written it dealt with only
-** 32-bit numbers.  At that time, it was much faster than the
-** atoi() library routine in RedHat 7.2.
-*/
-int sqlite3atoi64(const char *zNum, i64 *pNum){
-  i64 v = 0;
-  int neg;
-  int i, c;
-  if( *zNum=='-' ){
-    neg = 1;
-    zNum++;
-  }else if( *zNum=='+' ){
-    neg = 0;
-    zNum++;
-  }else{
-    neg = 0;
-  }
-  for(i=0; (c=zNum[i])>='0' && c<='9'; i++){
-    v = v*10 + c - '0';
-  }
-  *pNum = neg ? -v : v;
-  return c==0 && i>0 && 
-      (i<19 || (i==19 && memcmp(zNum,"9223372036854775807",19)<=0));
-}
-
-/*
-** The string zNum represents an integer.  There might be some other
-** information following the integer too, but that part is ignored.
-** If the integer that the prefix of zNum represents will fit in a
-** 32-bit signed integer, return TRUE.  Otherwise return FALSE.
-**
-** This routine returns FALSE for the string -2147483648 even that
-** that number will in fact fit in a 32-bit integer.  But positive
-** 2147483648 will not fit in 32 bits.  So it seems safer to return
-** false.
-*/
-static int sqlite3FitsIn32Bits(const char *zNum){
-  int i, c;
-  if( *zNum=='-' || *zNum=='+' ) zNum++;
-  for(i=0; (c=zNum[i])>='0' && c<='9'; i++){}
-  return i<10 || (i==10 && memcmp(zNum,"2147483647",10)<=0);
-}
-
-/*
-** If zNum represents an integer that will fit in 32-bits, then set
-** *pValue to that integer and return true.  Otherwise return false.
-*/
-int sqlite3GetInt32(const char *zNum, int *pValue){
-  if( sqlite3FitsIn32Bits(zNum) ){
-    *pValue = atoi(zNum);
-    return 1;
-  }
-  return 0;
-}
-
-/*
-** The string zNum represents an integer.  There might be some other
-** information following the integer too, but that part is ignored.
-** If the integer that the prefix of zNum represents will fit in a
-** 64-bit signed integer, return TRUE.  Otherwise return FALSE.
-**
-** This routine returns FALSE for the string -9223372036854775808 even that
-** that number will, in theory fit in a 64-bit integer.  Positive
-** 9223373036854775808 will not fit in 64 bits.  So it seems safer to return
-** false.
-*/
-int sqlite3FitsIn64Bits(const char *zNum){
-  int i, c;
-  if( *zNum=='-' || *zNum=='+' ) zNum++;
-  for(i=0; (c=zNum[i])>='0' && c<='9'; i++){}
-  return i<19 || (i==19 && memcmp(zNum,"9223372036854775807",19)<=0);
-}
-
-
-/*
-** Change the sqlite.magic from SQLITE_MAGIC_OPEN to SQLITE_MAGIC_BUSY.
-** Return an error (non-zero) if the magic was not SQLITE_MAGIC_OPEN
-** when this routine is called.
-**
-** This routine is a attempt to detect if two threads use the
-** same sqlite* pointer at the same time.  There is a race 
-** condition so it is possible that the error is not detected.
-** But usually the problem will be seen.  The result will be an
-** error which can be used to debug the application that is
-** using SQLite incorrectly.
-**
-** Ticket #202:  If db->magic is not a valid open value, take care not
-** to modify the db structure at all.  It could be that db is a stale
-** pointer.  In other words, it could be that there has been a prior
-** call to sqlite3_close(db) and db has been deallocated.  And we do
-** not want to write into deallocated memory.
-*/
-int sqlite3SafetyOn(sqlite3 *db){
-  if( db->magic==SQLITE_MAGIC_OPEN ){
-    db->magic = SQLITE_MAGIC_BUSY;
-    return 0;
-  }else if( db->magic==SQLITE_MAGIC_BUSY || db->magic==SQLITE_MAGIC_ERROR ){
-    db->magic = SQLITE_MAGIC_ERROR;
-    db->flags |= SQLITE_Interrupt;
-  }
-  return 1;
-}
-
-/*
-** Change the magic from SQLITE_MAGIC_BUSY to SQLITE_MAGIC_OPEN.
-** Return an error (non-zero) if the magic was not SQLITE_MAGIC_BUSY
-** when this routine is called.
-*/
-int sqlite3SafetyOff(sqlite3 *db){
-  if( db->magic==SQLITE_MAGIC_BUSY ){
-    db->magic = SQLITE_MAGIC_OPEN;
-    return 0;
-  }else if( db->magic==SQLITE_MAGIC_OPEN || db->magic==SQLITE_MAGIC_ERROR ){
-    db->magic = SQLITE_MAGIC_ERROR;
-    db->flags |= SQLITE_Interrupt;
-  }
-  return 1;
-}
-
-/*
-** Check to make sure we have a valid db pointer.  This test is not
-** foolproof but it does provide some measure of protection against
-** misuse of the interface such as passing in db pointers that are
-** NULL or which have been previously closed.  If this routine returns
-** TRUE it means that the db pointer is invalid and should not be
-** dereferenced for any reason.  The calling function should invoke
-** SQLITE_MISUSE immediately.
-*/
-int sqlite3SafetyCheck(sqlite3 *db){
-  int magic;
-  if( db==0 ) return 1;
-  magic = db->magic;
-  if( magic!=SQLITE_MAGIC_CLOSED &&
-         magic!=SQLITE_MAGIC_OPEN &&
-         magic!=SQLITE_MAGIC_BUSY ) return 1;
-  return 0;
-}
-
-/*
-** The variable-length integer encoding is as follows:
-**
-** KEY:
-**         A = 0xxxxxxx    7 bits of data and one flag bit
-**         B = 1xxxxxxx    7 bits of data and one flag bit
-**         C = xxxxxxxx    8 bits of data
-**
-**  7 bits - A
-** 14 bits - BA
-** 21 bits - BBA
-** 28 bits - BBBA
-** 35 bits - BBBBA
-** 42 bits - BBBBBA
-** 49 bits - BBBBBBA
-** 56 bits - BBBBBBBA
-** 64 bits - BBBBBBBBC
-*/
-
-/*
-** Write a 64-bit variable-length integer to memory starting at p[0].
-** The length of data write will be between 1 and 9 bytes.  The number
-** of bytes written is returned.
-**
-** A variable-length integer consists of the lower 7 bits of each byte
-** for all bytes that have the 8th bit set and one byte with the 8th
-** bit clear.  Except, if we get to the 9th byte, it stores the full
-** 8 bits and is the last byte.
-*/
-int sqlite3PutVarint(unsigned char *p, u64 v){
-  int i, j, n;
-  u8 buf[10];
-  if( v & (((u64)0xff000000)<<32) ){
-    p[8] = v;
-    v >>= 8;
-    for(i=7; i>=0; i--){
-      p[i] = (v & 0x7f) | 0x80;
-      v >>= 7;
-    }
-    return 9;
-  }    
-  n = 0;
-  do{
-    buf[n++] = (v & 0x7f) | 0x80;
-    v >>= 7;
-  }while( v!=0 );
-  buf[0] &= 0x7f;
-  assert( n<=9 );
-  for(i=0, j=n-1; j>=0; j--, i++){
-    p[i] = buf[j];
-  }
-  return n;
-}
-
-/*
-** Read a 64-bit variable-length integer from memory starting at p[0].
-** Return the number of bytes read.  The value is stored in *v.
-*/
-int sqlite3GetVarint(const unsigned char *p, u64 *v){
-  u32 x;
-  u64 x64;
-  int n;
-  unsigned char c;
-  if( ((c = p[0]) & 0x80)==0 ){
-    *v = c;
-    return 1;
-  }
-  x = c & 0x7f;
-  if( ((c = p[1]) & 0x80)==0 ){
-    *v = (x<<7) | c;
-    return 2;
-  }
-  x = (x<<7) | (c&0x7f);
-  if( ((c = p[2]) & 0x80)==0 ){
-    *v = (x<<7) | c;
-    return 3;
-  }
-  x = (x<<7) | (c&0x7f);
-  if( ((c = p[3]) & 0x80)==0 ){
-    *v = (x<<7) | c;
-    return 4;
-  }
-  x64 = (x<<7) | (c&0x7f);
-  n = 4;
-  do{
-    c = p[n++];
-    if( n==9 ){
-      x64 = (x64<<8) | c;
-      break;
-    }
-    x64 = (x64<<7) | (c&0x7f);
-  }while( (c & 0x80)!=0 );
-  *v = x64;
-  return n;
-}
-
-/*
-** Read a 32-bit variable-length integer from memory starting at p[0].
-** Return the number of bytes read.  The value is stored in *v.
-*/
-int sqlite3GetVarint32(const unsigned char *p, u32 *v){
-  u32 x;
-  int n;
-  unsigned char c;
-  if( ((signed char*)p)[0]>=0 ){
-    *v = p[0];
-    return 1;
-  }
-  x = p[0] & 0x7f;
-  if( ((signed char*)p)[1]>=0 ){
-    *v = (x<<7) | p[1];
-    return 2;
-  }
-  x = (x<<7) | (p[1] & 0x7f);
-  n = 2;
-  do{
-    x = (x<<7) | ((c = p[n++])&0x7f);
-  }while( (c & 0x80)!=0 && n<9 );
-  *v = x;
-  return n;
-}
-
-/*
-** Return the number of bytes that will be needed to store the given
-** 64-bit integer.
-*/
-int sqlite3VarintLen(u64 v){
-  int i = 0;
-  do{
-    i++;
-    v >>= 7;
-  }while( v!=0 && i<9 );
-  return i;
-}
-
-#if !defined(SQLITE_OMIT_BLOB_LITERAL) || defined(SQLITE_HAS_CODEC) \
-    || defined(SQLITE_TEST)
-/*
-** Translate a single byte of Hex into an integer.
-*/
-static int hexToInt(int h){
-  if( h>='0' && h<='9' ){
-    return h - '0';
-  }else if( h>='a' && h<='f' ){
-    return h - 'a' + 10;
-  }else{
-    assert( h>='A' && h<='F' );
-    return h - 'A' + 10;
-  }
-}
-#endif /* !SQLITE_OMIT_BLOB_LITERAL || SQLITE_HAS_CODEC || SQLITE_TEST */
-
-#if !defined(SQLITE_OMIT_BLOB_LITERAL) || defined(SQLITE_HAS_CODEC)
-/*
-** Convert a BLOB literal of the form "x'hhhhhh'" into its binary
-** value.  Return a pointer to its binary value.  Space to hold the
-** binary value has been obtained from malloc and must be freed by
-** the calling routine.
-*/
-void *sqlite3HexToBlob(const char *z){
-  char *zBlob;
-  int i;
-  int n = strlen(z);
-  if( n%2 ) return 0;
-
-  zBlob = (char *)sqliteMalloc(n/2);
-  for(i=0; i<n; i+=2){
-    zBlob[i/2] = (hexToInt(z[i])<<4) | hexToInt(z[i+1]);
-  }
-  return zBlob;
-}
-#endif /* !SQLITE_OMIT_BLOB_LITERAL || SQLITE_HAS_CODEC */
-
-#if defined(SQLITE_TEST)
-/*
-** Convert text generated by the "%p" conversion format back into
-** a pointer.
-*/
-void *sqlite3TextToPtr(const char *z){
-  void *p;
-  u64 v;
-  u32 v2;
-  if( z[0]=='0' && z[1]=='x' ){
-    z += 2;
-  }
-  v = 0;
-  while( *z ){
-    v = (v<<4) + hexToInt(*z);
-    z++;
-  }
-  if( sizeof(p)==sizeof(v) ){
-    p = *(void**)&v;
-  }else{
-    assert( sizeof(p)==sizeof(v2) );
-    v2 = (u32)v;
-    p = *(void**)&v2;
-  }
-  return p;
-}
-#endif
--- a/mozilla/security/nss/lib/sqlite/vacuum.c
+++ b/mozilla/security/nss/lib/sqlite/vacuum.c
@@ -1,310 +0,0 @@
-/*
-** 2003 April 6
-**
-** The author disclaims copyright to this source code.  In place of
-** a legal notice, here is a blessing:
-**
-**    May you do good and not evil.
-**    May you find forgiveness for yourself and forgive others.
-**    May you share freely, never taking more than you give.
-**
-*************************************************************************
-** This file contains code used to implement the VACUUM command.
-**
-** Most of the code in this file may be omitted by defining the
-** SQLITE_OMIT_VACUUM macro.
-**
-** $Id: vacuum.c,v 1.1.2.1 2005-06-20 23:27:49 relyea%netscape.com Exp $
-*/
-#include "sqliteInt.h"
-#include "os.h"
-
-#ifndef SQLITE_OMIT_VACUUM
-/*
-** Generate a random name of 20 character in length.
-*/
-static void randomName(unsigned char *zBuf){
-  static const unsigned char zChars[] =
-    "abcdefghijklmnopqrstuvwxyz"
-    "0123456789";
-  int i;
-  sqlite3Randomness(20, zBuf);
-  for(i=0; i<20; i++){
-    zBuf[i] = zChars[ zBuf[i]%(sizeof(zChars)-1) ];
-  }
-}
-
-/*
-** Execute zSql on database db. Return an error code.
-*/
-static int execSql(sqlite3 *db, const char *zSql){
-  sqlite3_stmt *pStmt;
-  if( SQLITE_OK!=sqlite3_prepare(db, zSql, -1, &pStmt, 0) ){
-    return sqlite3_errcode(db);
-  }
-  while( SQLITE_ROW==sqlite3_step(pStmt) );
-  return sqlite3_finalize(pStmt);
-}
-
-/*
-** Execute zSql on database db. The statement returns exactly
-** one column. Execute this as SQL on the same database.
-*/
-static int execExecSql(sqlite3 *db, const char *zSql){
-  sqlite3_stmt *pStmt;
-  int rc;
-
-  rc = sqlite3_prepare(db, zSql, -1, &pStmt, 0);
-  if( rc!=SQLITE_OK ) return rc;
-
-  while( SQLITE_ROW==sqlite3_step(pStmt) ){
-    rc = execSql(db, sqlite3_column_text(pStmt, 0));
-    if( rc!=SQLITE_OK ){
-      sqlite3_finalize(pStmt);
-      return rc;
-    }
-  }
-
-  return sqlite3_finalize(pStmt);
-}
-
-#endif
-
-/*
-** The non-standard VACUUM command is used to clean up the database,
-** collapse free space, etc.  It is modelled after the VACUUM command
-** in PostgreSQL.
-**
-** In version 1.0.x of SQLite, the VACUUM command would call
-** gdbm_reorganize() on all the database tables.  But beginning
-** with 2.0.0, SQLite no longer uses GDBM so this command has
-** become a no-op.
-*/
-void sqlite3Vacuum(Parse *pParse, Token *pTableName){
-  Vdbe *v = sqlite3GetVdbe(pParse);
-  if( v ){
-    sqlite3VdbeAddOp(v, OP_Vacuum, 0, 0);
-  }
-  return;
-}
-
-/*
-** This routine implements the OP_Vacuum opcode of the VDBE.
-*/
-int sqlite3RunVacuum(char **pzErrMsg, sqlite3 *db){
-  int rc = SQLITE_OK;     /* Return code from service routines */
-#ifndef SQLITE_OMIT_VACUUM
-  const char *zFilename;  /* full pathname of the database file */
-  int nFilename;          /* number of characters  in zFilename[] */
-  char *zTemp = 0;        /* a temporary file in same directory as zFilename */
-  Btree *pMain;           /* The database being vacuumed */
-  Btree *pTemp;
-  char *zSql = 0;
-  int writeschema_flag;   /* Saved value of the write-schema flag */
-
-  /* Save the current value of the write-schema flag before setting it. */
-  writeschema_flag = db->flags&SQLITE_WriteSchema;
-  db->flags |= SQLITE_WriteSchema;
-
-  if( !db->autoCommit ){
-    sqlite3SetString(pzErrMsg, "cannot VACUUM from within a transaction", 
-       (char*)0);
-    rc = SQLITE_ERROR;
-    goto end_of_vacuum;
-  }
-
-  /* Get the full pathname of the database file and create a
-  ** temporary filename in the same directory as the original file.
-  */
-  pMain = db->aDb[0].pBt;
-  zFilename = sqlite3BtreeGetFilename(pMain);
-  assert( zFilename );
-  if( zFilename[0]=='\0' ){
-    /* The in-memory database. Do nothing. Return directly to avoid causing
-    ** an error trying to DETACH the vacuum_db (which never got attached)
-    ** in the exit-handler.
-    */
-    return SQLITE_OK;
-  }
-  nFilename = strlen(zFilename);
-  zTemp = sqliteMalloc( nFilename+100 );
-  if( zTemp==0 ){
-    rc = SQLITE_NOMEM;
-    goto end_of_vacuum;
-  }
-  strcpy(zTemp, zFilename);
-
-  /* The randomName() procedure in the following loop uses an excellent
-  ** source of randomness to generate a name from a space of 1.3e+31 
-  ** possibilities.  So unless the directory already contains on the order
-  ** of 1.3e+31 files, the probability that the following loop will
-  ** run more than once or twice is vanishingly small.  We are certain
-  ** enough that this loop will always terminate (and terminate quickly)
-  ** that we don't even bother to set a maximum loop count.
-  */
-  do {
-    zTemp[nFilename] = '-';
-    randomName((unsigned char*)&zTemp[nFilename+1]);
-  } while( sqlite3OsFileExists(zTemp) );
-
-  /* Attach the temporary database as 'vacuum_db'. The synchronous pragma
-  ** can be set to 'off' for this file, as it is not recovered if a crash
-  ** occurs anyway. The integrity of the database is maintained by a
-  ** (possibly synchronous) transaction opened on the main database before
-  ** sqlite3BtreeCopyFile() is called.
-  **
-  ** An optimisation would be to use a non-journaled pager.
-  */
-  zSql = sqlite3MPrintf("ATTACH '%q' AS vacuum_db;", zTemp);
-  if( !zSql ){
-    rc = SQLITE_NOMEM;
-    goto end_of_vacuum;
-  }
-  rc = execSql(db, zSql);
-  sqliteFree(zSql);
-  zSql = 0;
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-  assert( strcmp(db->aDb[db->nDb-1].zName,"vacuum_db")==0 );
-  pTemp = db->aDb[db->nDb-1].pBt;
-  sqlite3BtreeSetPageSize(pTemp, sqlite3BtreeGetPageSize(pMain),
-     sqlite3BtreeGetReserve(pMain));
-  assert( sqlite3BtreeGetPageSize(pTemp)==sqlite3BtreeGetPageSize(pMain) );
-  execSql(db, "PRAGMA vacuum_db.synchronous=OFF");
-
-#ifndef SQLITE_OMIT_AUTOVACUUM
-  sqlite3BtreeSetAutoVacuum(pTemp, sqlite3BtreeGetAutoVacuum(pMain));
-#endif
-
-  /* Begin a transaction */
-  rc = execSql(db, "BEGIN;");
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-
-  /* Query the schema of the main database. Create a mirror schema
-  ** in the temporary database.
-  */
-  rc = execExecSql(db, 
-      "SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14,100000000) "
-      "  FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence'");
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-  rc = execExecSql(db, 
-      "SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14,100000000)"
-      "  FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' ");
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-  rc = execExecSql(db, 
-      "SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21,100000000) "
-      "  FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'");
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-  rc = execExecSql(db, 
-      "SELECT 'CREATE VIEW vacuum_db.' || substr(sql,13,100000000) "
-      "  FROM sqlite_master WHERE type='view'"
-  );
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-
-  /* Loop through the tables in the main database. For each, do
-  ** an "INSERT INTO vacuum_db.xxx SELECT * FROM xxx;" to copy
-  ** the contents to the temporary database.
-  */
-  rc = execExecSql(db, 
-      "SELECT 'INSERT INTO vacuum_db.' || quote(name) "
-      "|| ' SELECT * FROM ' || quote(name) || ';'"
-      "FROM sqlite_master "
-      "WHERE type = 'table' AND name!='sqlite_sequence';"
-  );
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-
-  /* Copy over the sequence table
-  */
-  rc = execExecSql(db, 
-      "SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' "
-      "FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' "
-  );
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-  rc = execExecSql(db, 
-      "SELECT 'INSERT INTO vacuum_db.' || quote(name) "
-      "|| ' SELECT * FROM ' || quote(name) || ';' "
-      "FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';"
-  );
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-
-
-  /* Copy the triggers from the main database to the temporary database.
-  ** This was deferred before in case the triggers interfered with copying
-  ** the data. It's possible the indices should be deferred until this
-  ** point also.
-  */
-  rc = execExecSql(db, 
-      "SELECT 'CREATE TRIGGER  vacuum_db.' || substr(sql, 16, 1000000) "
-      "FROM sqlite_master WHERE type='trigger'"
-  );
-  if( rc!=SQLITE_OK ) goto end_of_vacuum;
-
-
-  /* At this point, unless the main db was completely empty, there is now a
-  ** transaction open on the vacuum database, but not on the main database.
-  ** Open a btree level transaction on the main database. This allows a
-  ** call to sqlite3BtreeCopyFile(). The main database btree level
-  ** transaction is then committed, so the SQL level never knows it was
-  ** opened for writing. This way, the SQL transaction used to create the
-  ** temporary database never needs to be committed.
-  */
-  if( sqlite3BtreeIsInTrans(pTemp) ){
-    u32 meta;
-    int i;
-
-    /* This array determines which meta meta values are preserved in the
-    ** vacuum.  Even entries are the meta value number and odd entries
-    ** are an increment to apply to the meta value after the vacuum.
-    ** The increment is used to increase the schema cookie so that other
-    ** connections to the same database will know to reread the schema.
-    */
-    static const unsigned char aCopy[] = {
-       1, 1,    /* Add one to the old schema cookie */
-       3, 0,    /* Preserve the default page cache size */
-       5, 0,    /* Preserve the default text encoding */
-       6, 0,    /* Preserve the user version */
-    };
-
-    assert( 0==sqlite3BtreeIsInTrans(pMain) );
-    rc = sqlite3BtreeBeginTrans(pMain, 1);
-    if( rc!=SQLITE_OK ) goto end_of_vacuum;
-
-    /* Copy Btree meta values */
-    for(i=0; i<sizeof(aCopy)/sizeof(aCopy[0]); i+=2){
-      rc = sqlite3BtreeGetMeta(pMain, aCopy[i], &meta);
-      if( rc!=SQLITE_OK ) goto end_of_vacuum;
-      rc = sqlite3BtreeUpdateMeta(pTemp, aCopy[i], meta+aCopy[i+1]);
-    }
-
-    rc = sqlite3BtreeCopyFile(pMain, pTemp);
-    if( rc!=SQLITE_OK ) goto end_of_vacuum;
-    rc = sqlite3BtreeCommit(pMain);
-  }
-
-end_of_vacuum:
-  /* Restore the original value of the write-schema flag. */
-  db->flags &= ~SQLITE_WriteSchema;
-  db->flags |= writeschema_flag;
-
-  /* Currently there is an SQL level transaction open on the vacuum
-  ** database. No locks are held on any other files (since the main file
-  ** was committed at the btree level). So it safe to end the transaction
-  ** by manually setting the autoCommit flag to true and detaching the
-  ** vacuum database. The vacuum_db journal file is deleted when the pager
-  ** is closed by the DETACH.
-  */
-  db->autoCommit = 1;
-  if( rc==SQLITE_OK ){
-    rc = execSql(db, "DETACH vacuum_db;");
-  }else{
-    execSql(db, "DETACH vacuum_db;");
-  }
-  if( zTemp ){
-    sqlite3OsDelete(zTemp);
-    sqliteFree(zTemp);
-  }
-  if( zSql ) sqliteFree( zSql );
-  sqlite3ResetInternalSchema(db, 0);
-#endif
-
-  return rc;
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
dkl%redhat.com	8c591d53e2	Removed some remaining SelectVisible calls in favor of CanSeeBug git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@121533 18797224-902f-48f8-a5cc-f745e15eee43	2002-05-15 18:36:31 +00:00
dkl%redhat.com	c1aa983fd5	Update to HEAD 2002/05/13 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@121401 18797224-902f-48f8-a5cc-f745e15eee43	2002-05-13 21:56:49 +00:00
dkl%redhat.com	3551227412	forgot one git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@121393 18797224-902f-48f8-a5cc-f745e15eee43	2002-05-13 20:49:00 +00:00
dkl%redhat.com	d0cc91f285	Fixed some template inconsistencies with current 2.16 Stable Branch git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@121392 18797224-902f-48f8-a5cc-f745e15eee43	2002-05-13 20:46:50 +00:00
(no author)	65ff7d56b3	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@121370 18797224-902f-48f8-a5cc-f745e15eee43	2002-05-13 06:24:51 +00:00
dkl%redhat.com	800eccde9a	Merge with HEAD 2002/04/26 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@119979 18797224-902f-48f8-a5cc-f745e15eee43	2002-04-26 18:59:37 +00:00
(no author)	5360e5b008	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@119975 18797224-902f-48f8-a5cc-f745e15eee43	2002-04-26 18:12:55 +00:00
dkl%redhat.com	da759055dd	Sync to HEAD 2002/03/21 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@117156 18797224-902f-48f8-a5cc-f745e15eee43	2002-03-22 05:16:48 +00:00
(no author)	1f960bb1bd	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@116669 18797224-902f-48f8-a5cc-f745e15eee43	2002-03-15 23:23:14 +00:00
dkl%redhat.com	e0f4b89db1	Update to HEAD 2002/02/26 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@115395 18797224-902f-48f8-a5cc-f745e15eee43	2002-02-27 01:11:14 +00:00
(no author)	025b6e8e46	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@115298 18797224-902f-48f8-a5cc-f745e15eee43	2002-02-24 09:28:23 +00:00
dkl%redhat.com	704f46aa53	Update to HEAD 2002/02/04 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@113607 18797224-902f-48f8-a5cc-f745e15eee43	2002-02-04 15:56:15 +00:00
(no author)	f26338df7e	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@113575 18797224-902f-48f8-a5cc-f745e15eee43	2002-02-03 09:28:50 +00:00
dkl%redhat.com	58548c3f0d	Update to HEAD 2002/01/30 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@113247 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-30 23:00:13 +00:00
(no author)	9a6b4393ad	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@113166 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-29 23:26:38 +00:00
dkl%redhat.com	4316819604	Fix runtests.sh error on processmail git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@112507 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-21 23:27:24 +00:00
dkl%redhat.com	9d93dfabb8	Fix botched earlier sync with HEAD git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@112499 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-21 20:42:30 +00:00
dkl%redhat.com	d2ddb07675	Update to HEAD 01/18/2002 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@112473 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-18 23:06:43 +00:00
dkl%redhat.com	66d426dc97	Lost the pgsetup.pl file somewhere along the line. Adding back properly. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@111575 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-08 16:13:05 +00:00
dkl%redhat.com	b7e91cb3b6	Changes to CanSeeBug to allow multiple checks in one call for buglist.cgi git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@111509 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-07 23:20:15 +00:00
dkl%redhat.com	5ac0899827	Update to HEAD 2002-01-07 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@111508 18797224-902f-48f8-a5cc-f745e15eee43	2002-01-07 23:14:41 +00:00
dkl%redhat.com	4f49e57a3b	Merge 3 with HEAD: 2001/12/26 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@111103 18797224-902f-48f8-a5cc-f745e15eee43	2001-12-27 07:26:12 +00:00
dkl%redhat.com	38c27be28f	Merge 2 with HEAD: 2001/12/26 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@111102 18797224-902f-48f8-a5cc-f745e15eee43	2001-12-27 06:02:04 +00:00
dkl%redhat.com	d60d3d6121	Merge fix. This is frustrating. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@111101 18797224-902f-48f8-a5cc-f745e15eee43	2001-12-27 05:29:04 +00:00
dkl%redhat.com	db0b87fb6c	Merge with HEAD on 2001/12/26 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@111100 18797224-902f-48f8-a5cc-f745e15eee43	2001-12-27 05:09:43 +00:00
(no author)	6e2791a4b7	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@110404 18797224-902f-48f8-a5cc-f745e15eee43	2001-12-12 22:41:21 +00:00
dkl%redhat.com	14542c62c7	Update to HEAD 2001-12-03 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@109510 18797224-902f-48f8-a5cc-f745e15eee43	2001-12-03 04:06:19 +00:00
dkl%redhat.com	38ebcba576	Fixed error in AddFDef git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@108598 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-20 18:40:38 +00:00
dkl%redhat.com	a5502157a9	Update to HEAD - November 18, 2001 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@108470 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-19 05:57:30 +00:00
(no author)	ba69b37618	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@108456 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-18 22:20:21 +00:00
dkl%redhat.com	22b863a5e9	Synced up with CVS HEAD and created Bugzilla_PgSQL_branch_sync tag git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@107700 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-08 23:03:10 +00:00
dkl%redhat.com	3e54979994	Fixed conflict in Bug.pm, removal of tabs from lots of files. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@107385 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-06 01:21:11 +00:00
dkl%redhat.com	d73ca44c76	Add new cpan module dependencies git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@107356 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-05 21:43:11 +00:00
dkl%redhat.com	a4fc52b12e	Updates and bug fixes git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@107354 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-05 21:10:15 +00:00
dkl%redhat.com	353baca797	New SQL utility functions. Changes in buglist.cgi to improve queries. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@106967 18797224-902f-48f8-a5cc-f745e15eee43	2001-11-01 15:35:03 +00:00
dkl%redhat.com	4618ab6c36	Initial checkin of pgsetup.pl. Utility for setting up Bugzilla database in PostgreSQL. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@106569 18797224-902f-48f8-a5cc-f745e15eee43	2001-10-29 20:15:50 +00:00
justdave%syndicomm.com	faaed9c15f	initial commit of PgSQL megapatch v0.2 git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@106532 18797224-902f-48f8-a5cc-f745e15eee43	2001-10-29 07:49:05 +00:00
(no author)	675f64d0ae	This commit was manufactured by cvs2svn to create branch 'Bugzilla_PgSQL_branch'. git-svn-id: svn://10.0.0.236/branches/Bugzilla_PgSQL_branch@106501 18797224-902f-48f8-a5cc-f745e15eee43	2001-10-28 03:41:01 +00:00