3 files changed, 6 insertions, 1 deletions

diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c
index 39afd6743..3fb0cb0aa 100644
--- a/security/nss/lib/pk11wrap/dev3hack.c
+++ b/security/nss/lib/pk11wrap/dev3hack.c
@@ -120,6 +120,10 @@ nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
     /* Grab the slot name from the PKCS#11 fixed-length buffer */
     rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena);
     rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
+    rvSlot->isPresentLock = PZ_NewLock(nssiLockOther);
+    rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock);
+    rvSlot->isPresentThread = NULL;
+    rvSlot->lastTokenPingState = nssSlotLastPingState_Reset;
     return rvSlot;
 }
 
diff --git a/security/nss/lib/pk11wrap/pk11auth.c b/security/nss/lib/pk11wrap/pk11auth.c
index 625fa2dc6..6a3ba40d9 100644
--- a/security/nss/lib/pk11wrap/pk11auth.c
+++ b/security/nss/lib/pk11wrap/pk11auth.c
@@ -636,7 +636,7 @@ PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
             break;
     }
     if (rv == SECSuccess) {
-        if (!PK11_IsFriendly(slot)) {
+        if (!contextSpecific && !PK11_IsFriendly(slot)) {
             nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
                                                   slot->nssToken);
         }
diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h
index 1225661ad..84f5f2a30 100644
--- a/security/nss/lib/pk11wrap/secmodi.h
+++ b/security/nss/lib/pk11wrap/secmodi.h
@@ -164,6 +164,7 @@ CERTCertificate *PK11_MakeCertFromHandle(PK11SlotInfo *slot,
 SECItem *pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen);
 SECItem *pk11_ParamFromIVWithLen(CK_MECHANISM_TYPE type,
                                  SECItem *iv, int keyLen);
+SECItem *pk11_mkcertKeyID(CERTCertificate *cert);
 
 SEC_END_PROTOS