? mozilla/security/nss/cmd/crmf-cgi/~Makefile
? mozilla/security/nss/lib/ckfw/builtins/qa.der
Index: mozilla/security/nss/lib/nss/config.mk
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/nss/config.mk,v
retrieving revision 1.26.2.1
diff -u -p -r1.26.2.1 config.mk
--- mozilla/security/nss/lib/nss/config.mk	17 Nov 2006 01:33:15 -0000	1.26.2.1
+++ mozilla/security/nss/lib/nss/config.mk	12 Jun 2007 01:29:35 -0000
@@ -53,7 +53,6 @@ RESNAME = $(LIBRARY_NAME).rc
 ifdef NS_USE_GCC
 EXTRA_SHARED_LIBS += \
 	-L$(DIST)/lib \
-	-lsoftokn3 \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
@@ -61,7 +60,6 @@ EXTRA_SHARED_LIBS += \
 	$(NULL)
 else # ! NS_USE_GCC
 EXTRA_SHARED_LIBS += \
-	$(DIST)/lib/softokn3.lib \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
@@ -74,7 +72,6 @@ else
 # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
 EXTRA_SHARED_LIBS += \
 	-L$(DIST)/lib \
-	-lsoftokn3 \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
Index: mozilla/security/nss/lib/pk11wrap/manifest.mn
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/manifest.mn,v
retrieving revision 1.16.2.1
diff -u -p -r1.16.2.1 manifest.mn
--- mozilla/security/nss/lib/pk11wrap/manifest.mn	2 Jun 2007 02:23:37 -0000	1.16.2.1
+++ mozilla/security/nss/lib/pk11wrap/manifest.mn	12 Jun 2007 01:29:35 -0000
@@ -82,6 +82,13 @@ REQUIRES = dbm
 
 LIBRARY_NAME = pk11wrap
 
+LIBRARY_VERSION = 3
+SOFTOKEN_LIBRARY_VERSION = 3
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \
+        -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \
+        -DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\"
+
 # only add module debugging in opt builds if DEBUG_PKCS11 is set
 ifdef DEBUG_PKCS11
   DEFINES += -DDEBUG_MODULE -DFORCE_PR_LOG
Index: mozilla/security/nss/lib/pk11wrap/pk11load.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
retrieving revision 1.17
diff -u -p -r1.17 pk11load.c
--- mozilla/security/nss/lib/pk11wrap/pk11load.c	20 Sep 2005 20:56:07 -0000	1.17
+++ mozilla/security/nss/lib/pk11wrap/pk11load.c	12 Jun 2007 01:29:35 -0000
@@ -47,10 +47,6 @@
 #include "nssilock.h"
 #include "secerr.h"
 
-extern void FC_GetFunctionList(void);
-extern void NSC_GetFunctionList(void);
-extern void NSC_ModuleDBFunc(void);
-
 #ifdef DEBUG
 #define DEBUG_MODULE 1
 #endif
@@ -221,6 +217,196 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, 
     }
 }
 
+static const char* nss_name =
+    SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
+static const char* softoken_default_name =
+    SHLIB_PREFIX"softokn"SOFTOKEN_SHLIB_VERSION"."SHLIB_SUFFIX;
+static PRCallOnceType loadSoftokenOnce;
+static PRLibrary* softokenLib;
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#define BL_MAXSYMLINKS 20
+
+/* ### Copied from freebl/loader.c and freebl changed to softoken. */
+/*
+ * If 'link' is a symbolic link, this function follows the symbolic links
+ * and returns the pathname of the ultimate source of the symbolic links.
+ * If 'link' is not a symbolic link, this function returns NULL.
+ * The caller should call PR_Free to free the string returned by this
+ * function.
+ */
+static char* st_GetOriginalPathname(const char* link)
+{
+    char* resolved = NULL;
+    char* input = NULL;
+    PRUint32 iterations = 0;
+    PRInt32 len = 0, retlen = 0;
+    if (!link) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+    len = PR_MAX(1024, strlen(link) + 1);
+    resolved = PR_Malloc(len);
+    input = PR_Malloc(len);
+    if (!resolved || !input) {
+        if (resolved) {
+            PR_Free(resolved);
+        }
+        if (input) {
+            PR_Free(input);
+        }
+        return NULL;
+    }
+    strcpy(input, link);
+    while ( (iterations++ < BL_MAXSYMLINKS) &&
+            ( (retlen = readlink(input, resolved, len - 1)) > 0) ) {
+        char* tmp = input;
+        resolved[retlen] = '\0'; /* NULL termination */
+        input = resolved;
+        resolved = tmp;
+    }
+    PR_Free(resolved);
+    if (iterations == 1 && retlen < 0) {
+        PR_Free(input);
+        input = NULL;
+    }
+    return input;
+}
+#endif /* XP_UNIX */
+
+/*
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded 
+ * shared lib that contains this function, and then do a PR_LoadLibrary
+ * with an absolute pathname for the softoken shared library.
+ */
+
+#include "prio.h"
+#include "prprf.h"
+#include <stdio.h>
+#include "prsystem.h"
+
+/* ### Copied from freebl/loader.c and freebl changed to softoken,
+ *     and softoken changed to nss.
+ */
+/*
+ * Load the softoken library with the file name 'name' residing in the same
+ * directory as libnss, whose pathname is 'nssPath'.
+ */
+static PRLibrary *
+st_LoadSoftokenLibInNssDir(const char *nssPath, const char *name)
+{
+    PRLibrary *dlh = NULL;
+    char *fullName = NULL;
+    char* c;
+    PRLibSpec libSpec;
+
+    /* Remove "libnss" from the pathname and add the softoken libname */
+    c = strrchr(nssPath, PR_GetDirectorySeparator());
+    if (c) {
+        size_t nssPathSize = 1 + c - nssPath;
+        fullName = (char*) PORT_Alloc(strlen(name) + nssPathSize + 1);
+        if (fullName) {
+            memcpy(fullName, nssPath, nssPathSize);
+            strcpy(fullName + nssPathSize, name); 
+#ifdef DEBUG_LOADER
+            PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n", 
+                       fullName);
+#endif
+            libSpec.type = PR_LibSpec_Pathname;
+            libSpec.value.pathname = fullName;
+            dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+            PORT_Free(fullName);
+        }
+    }
+    return dlh;
+}
+
+/* ### Copied from freebl/loader.c and freebl changed to softoken,
+ *     and softoken changed to nss.
+ */
+static PRLibrary *
+st_LoadLibrary(const char *name)
+{
+    PRLibrary *lib = NULL;
+    PRFuncPtr fn_addr;
+    char* nssPath = NULL;
+    PRLibSpec libSpec;
+
+    /* Get the pathname for the loaded libnss, i.e. /usr/lib/libnss3.so
+     * PR_GetLibraryFilePathname works with either the base library name or a
+     * function pointer, depending on the platform. We can't query an exported
+     * symbol such as NSC_GetFunctionList, because on some platforms we can't
+     * find symbols in loaded implicit dependencies such as libnss.
+     * But we can just get the address of this function !
+     */
+    fn_addr = (PRFuncPtr) &st_LoadLibrary;
+    nssPath = PR_GetLibraryFilePathname(nss_name, fn_addr);
+
+    if (nssPath) {
+        lib = st_LoadSoftokenLibInNssDir(nssPath, name);
+#ifdef XP_UNIX
+        if (!lib) {
+            /*
+             * If nssPath is a symbolic link, resolve the symbolic
+             * link and try again.
+             */
+            char* originalNssPath = st_GetOriginalPathname(nssPath);
+            if (originalNssPath) {
+                PR_Free(nssPath);
+                nssPath = originalNssPath;
+                lib = st_LoadSoftokenLibInNssDir(nssPath, name);
+            }
+        }
+#endif
+        PR_Free(nssPath);
+    }
+    if (!lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nAttempting to load %s\n", name);
+#endif
+        libSpec.type = PR_LibSpec_Pathname;
+        libSpec.value.pathname = name;
+        lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+    }
+    if (NULL == lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nLoading failed : %s.\n", name);
+#endif
+    }
+    return lib;
+}
+
+/* This function must be run only once. */
+/*  determine if hybrid platform, then actually load the DSO. */
+static PRStatus
+softoken_LoadDSO( void ) 
+{
+  PRLibrary *  handle;
+  const char * name = softoken_default_name;
+
+  if (!name) {
+    PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
+    return PR_FAILURE;
+  }
+
+  handle = st_LoadLibrary(name);
+  if (handle) {
+    softokenLib = handle;
+    return PR_SUCCESS;
+  }
+  return PR_FAILURE;
+}
+
+static PRStatus
+softoken_RunLoaderOnce( void )
+{
+  PRStatus status;
+
+  status = PR_CallOnce(&loadSoftokenOnce, &softoken_LoadDSO);
+  return status;
+}
+
 /*
  * load a new module into our address space and initialize it.
  */
@@ -238,6 +424,11 @@ SECMOD_LoadPKCS11Module(SECMODModule *mo
 
     /* intenal modules get loaded from their internal list */
     if (mod->internal) {
+#if 0
+    /*
+     * Original NSS code that uses a softoken library
+     * linked in statically. Deactivated. 
+     */
 	/* internal, statically get the C_GetFunctionList function */
 	if (mod->isFIPS) {
 	    entry = (CK_C_GetFunctionList) FC_GetFunctionList;
@@ -251,6 +442,35 @@ SECMOD_LoadPKCS11Module(SECMODModule *mo
 	    mod->loaded = PR_TRUE;
 	    return SECSuccess;
 	}
+#else
+    /*
+     * Workaround code that loads softoken as a dynamic library,
+     * even though the rest of NSS assumes this as the "internal" module.
+     */
+    if (!softokenLib && PR_SUCCESS != softoken_RunLoaderOnce())
+        return SECFailure;
+
+    if (mod->isFIPS) {
+        entry = (CK_C_GetFunctionList) 
+                    PR_FindSymbol(softokenLib, "FC_GetFunctionList");
+    } else {
+        entry = (CK_C_GetFunctionList) 
+                    PR_FindSymbol(softokenLib, "NSC_GetFunctionList");
+    }
+
+    if (!entry)
+        return SECFailure;
+
+    if (mod->isModuleDB) {
+        mod->moduleDBFunc = (CK_C_GetFunctionList) 
+                    PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
+    }
+
+    if (mod->moduleDBOnly) {
+        mod->loaded = PR_TRUE;
+        return SECSuccess;
+    }
+#endif
     } else {
 	/* Not internal, load the DLL and look up C_GetFunctionList */
 	if (mod->dllName == NULL) {