[tbb-commits] [tor-browser/esr24] Bug 1020695 - Upgrade NSS to version 3.16.2 RTM. r=wtc, a=abillings

mikeperry at torproject.org mikeperry at torproject.org
Fri Aug 29 05:27:39 UTC 2014


commit 843684595ec97b3a5bf911256665be575a9c5d29
Author: Ryan VanderMeulen <ryanvm at gmail.com>
Date:   Fri Jun 27 15:15:30 2014 -0400

    Bug 1020695 - Upgrade NSS to version 3.16.2 RTM. r=wtc, a=abillings
---
 configure.in                                       |    2 +-
 security/nss/Makefile                              |    3 +
 security/nss/TAG-INFO                              |    2 +-
 .../nss/automation/buildbot-slave/bbenv-example.sh |    2 -
 security/nss/automation/buildbot-slave/build.sh    |    2 +-
 security/nss/cmd/atob/atob.c                       |   46 +-
 security/nss/cmd/bltest/blapitest.c                |  107 +-
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext1  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 |    3 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 |    3 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 |    4 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 |    3 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 |    3 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 |    4 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext2  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 |    3 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 |    3 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 |    4 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext3  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext4  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext5  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext6  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext7  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext8  |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/ciphertext9  |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/iv1          |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/iv10         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv11         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv12         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv13         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv14         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv15         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv16         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv17         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv18         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv19         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv2          |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/iv20         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv21         |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/iv22         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv23         |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/iv24         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv3          |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/iv4          |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/iv5          |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/iv6          |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/iv7          |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv8          |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/iv9          |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key1         |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key10        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key11        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key12        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key13        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key14        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key15        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key16        |  Bin 0 -> 24 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key17        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key18        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key19        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key2         |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key20        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key21        |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/key22        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key23        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key24        |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key3         |  Bin 0 -> 24 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key4         |  Bin 0 -> 24 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key5         |  Bin 0 -> 32 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key6         |  Bin 0 -> 32 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key7         |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_cbc/key8         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/key9         |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/mktst.sh     |   11 +
 security/nss/cmd/bltest/tests/aes_cbc/numtests     |    2 +-
 security/nss/cmd/bltest/tests/aes_cbc/plaintext1   |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext10  |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext11  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext12  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext13  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext14  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext15  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext16  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext17  |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext18  |  Bin 0 -> 160 bytes
 security/nss/cmd/bltest/tests/aes_cbc/plaintext19  |  Bin 0 -> 32 bytes
 security/nss/cmd/bltest/tests/aes_cbc/plaintext2   |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext20  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext21  |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext22  |  Bin 0 -> 128 bytes
 security/nss/cmd/bltest/tests/aes_cbc/plaintext23  |  Bin 0 -> 144 bytes
 security/nss/cmd/bltest/tests/aes_cbc/plaintext24  |  Bin 0 -> 160 bytes
 security/nss/cmd/bltest/tests/aes_cbc/plaintext3   |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext4   |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext5   |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext6   |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext7   |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext8   |    1 +
 security/nss/cmd/bltest/tests/aes_cbc/plaintext9   |    2 +
 security/nss/cmd/bltest/tests/aes_cbc/test1.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test10.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test11.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test12.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test13.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test14.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test15.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test16.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test17.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test18.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test19.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test2.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test20.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test21.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test22.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test23.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test24.txt   |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test3.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test4.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test5.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test6.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test7.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test8.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_cbc/test9.txt    |    5 +
 security/nss/cmd/bltest/tests/aes_ecb/ciphertext1  |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/ciphertext2  |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/ciphertext3  |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/ciphertext4  |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/ciphertext5  |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/ciphertext6  |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/key1         |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_ecb/key2         |  Bin 0 -> 16 bytes
 security/nss/cmd/bltest/tests/aes_ecb/key3         |  Bin 0 -> 24 bytes
 security/nss/cmd/bltest/tests/aes_ecb/key4         |  Bin 0 -> 24 bytes
 security/nss/cmd/bltest/tests/aes_ecb/key5         |  Bin 0 -> 32 bytes
 security/nss/cmd/bltest/tests/aes_ecb/key6         |  Bin 0 -> 32 bytes
 security/nss/cmd/bltest/tests/aes_ecb/mktst.sh     |   10 +
 security/nss/cmd/bltest/tests/aes_ecb/numtests     |    2 +-
 security/nss/cmd/bltest/tests/aes_ecb/plaintext1   |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/plaintext2   |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/plaintext3   |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/plaintext4   |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/plaintext5   |    2 +
 security/nss/cmd/bltest/tests/aes_ecb/plaintext6   |    1 +
 security/nss/cmd/bltest/tests/aes_ecb/test1.txt    |    4 +
 security/nss/cmd/bltest/tests/aes_ecb/test2.txt    |    4 +
 security/nss/cmd/bltest/tests/aes_ecb/test3.txt    |    4 +
 security/nss/cmd/bltest/tests/aes_ecb/test4.txt    |    4 +
 security/nss/cmd/bltest/tests/aes_ecb/test5.txt    |    4 +
 security/nss/cmd/bltest/tests/aes_ecb/test6.txt    |    4 +
 security/nss/cmd/btoa/btoa.c                       |   20 +-
 security/nss/cmd/certutil/certext.c                |  346 ++-
 security/nss/cmd/certutil/certutil.c               |  290 ++-
 security/nss/cmd/certutil/certutil.h               |    7 +-
 security/nss/cmd/certutil/keystuff.c               |   10 +-
 security/nss/cmd/fipstest/fipstest.c               |   10 +-
 security/nss/cmd/httpserv/httpserv.c               |    4 +-
 security/nss/cmd/lib/secutil.c                     |   41 +-
 security/nss/cmd/lib/secutil.h                     |    3 +
 .../nss/cmd/libpkix/pkix/params/test_buildparams.c |  179 --
 security/nss/cmd/libpkix/pkixutil/pkixutil.c       |    3 -
 security/nss/cmd/modutil/install.c                 |    2 +-
 security/nss/cmd/modutil/modutil.c                 |    5 +
 security/nss/cmd/modutil/modutil.h                 |   12 +-
 security/nss/cmd/modutil/pk11.c                    |  110 +-
 security/nss/cmd/platlibs.mk                       |    4 -
 security/nss/cmd/pp/pp.c                           |   50 +-
 security/nss/cmd/selfserv/selfserv.c               |   46 +-
 security/nss/cmd/ssltap/ssltap.c                   |    6 +-
 security/nss/cmd/strsclnt/strsclnt.c               |   24 +-
 security/nss/cmd/tstclnt/tstclnt.c                 |   24 +-
 security/nss/cmd/vfychain/vfychain.c               |    2 +
 security/nss/cmd/vfyserv/vfyserv.c                 |    2 +-
 security/nss/cmd/vfyserv/vfyutil.c                 |   24 +-
 security/nss/coreconf/Linux.mk                     |   16 +-
 security/nss/coreconf/WIN32.mk                     |   13 +-
 security/nss/coreconf/config.mk                    |   13 +-
 security/nss/coverage/cov.sh                       |    1 -
 security/nss/doc/certutil.xml                      |   16 +-
 security/nss/doc/cmsutil.xml                       |   24 +-
 security/nss/doc/crlutil.xml                       |   83 +-
 security/nss/doc/html/certutil.html                |   14 +-
 security/nss/doc/html/cmsutil.html                 |    9 +-
 security/nss/doc/html/crlutil.html                 |   39 +-
 security/nss/doc/html/modutil.html                 |   12 +-
 security/nss/doc/html/pk12util.html                |   25 +-
 security/nss/doc/html/pp.html                      |    6 +-
 security/nss/doc/html/signtool.html                |   40 +-
 security/nss/doc/html/signver.html                 |    8 +-
 security/nss/doc/html/ssltap.html                  |   27 +-
 security/nss/doc/html/vfychain.html                |    2 +-
 security/nss/doc/html/vfyserv.html                 |    2 +-
 security/nss/doc/modutil.xml                       |   10 +-
 security/nss/doc/nroff/certutil.1                  |   24 +-
 security/nss/doc/nroff/cmsutil.1                   |   17 +-
 security/nss/doc/nroff/crlutil.1                   |   61 +-
 security/nss/doc/nroff/modutil.1                   |   18 +-
 security/nss/doc/nroff/pk12util.1                  |  127 +-
 security/nss/doc/nroff/pp.1                        |    4 +-
 security/nss/doc/nroff/signtool.1                  |   26 +-
 security/nss/doc/nroff/signver.1                   |    8 +-
 security/nss/doc/nroff/ssltap.1                    |   50 +-
 security/nss/doc/nroff/vfychain.1                  |    4 +-
 security/nss/doc/nroff/vfyserv.1                   |    4 +-
 security/nss/doc/pk12util.xml                      |  208 +-
 security/nss/doc/signtool.xml                      |   93 +-
 security/nss/doc/signver.xml                       |    2 +-
 security/nss/doc/ssltap.xml                        |   60 +-
 security/nss/lib/certdb/alg1485.c                  |   10 +-
 security/nss/lib/certdb/cert.h                     |    7 -
 security/nss/lib/certdb/certdb.c                   |   15 +-
 security/nss/lib/certdb/certdb.h                   |   20 +-
 security/nss/lib/certdb/certi.h                    |   22 +
 security/nss/lib/certdb/certt.h                    |    1 +
 security/nss/lib/certdb/genname.c                  |  114 +-
 security/nss/lib/certdb/genname.h                  |    3 +
 security/nss/lib/certhigh/certvfy.c                |   58 +-
 security/nss/lib/certhigh/ocsp.c                   |   19 +-
 security/nss/lib/ckfw/builtins/certdata.txt        | 1249 ++++++-----
 security/nss/lib/ckfw/builtins/nssckbi.h           |    4 +-
 security/nss/lib/ckfw/capi/cobject.c               |    2 +-
 security/nss/lib/cryptohi/cryptohi.h               |    4 +-
 security/nss/lib/cryptohi/keyhi.h                  |   16 +-
 security/nss/lib/cryptohi/seckey.c                 |   91 +-
 security/nss/lib/cryptohi/secsign.c                |    2 +-
 security/nss/lib/dbm/include/mcom_db.h             |    4 +
 security/nss/lib/freebl/Makefile                   |   42 +-
 security/nss/lib/freebl/aeskeywrap.c               |    1 +
 security/nss/lib/freebl/arcfour.c                  |    2 +-
 security/nss/lib/freebl/blapi.h                    |   16 +-
 security/nss/lib/freebl/blapii.h                   |    2 +-
 security/nss/lib/freebl/blapit.h                   |    2 +-
 security/nss/lib/freebl/config.mk                  |    4 +-
 security/nss/lib/freebl/ctr.c                      |   76 +-
 security/nss/lib/freebl/ctr.h                      |    7 +
 security/nss/lib/freebl/ec.c                       |   40 +-
 security/nss/lib/freebl/ecdecode.c                 |  610 ++++++
 security/nss/lib/freebl/intel-aes-x64-masm.asm     |  971 +++++++++
 security/nss/lib/freebl/intel-aes-x86-masm.asm     |  949 ++++++++
 security/nss/lib/freebl/intel-aes.h                |   23 +
 security/nss/lib/freebl/intel-gcm-wrap.c           |  117 +-
 security/nss/lib/freebl/intel-gcm-x64-masm.asm     | 1295 +++++++++++
 security/nss/lib/freebl/intel-gcm-x86-masm.asm     | 1209 +++++++++++
 security/nss/lib/freebl/intel-gcm.h                |    2 +-
 security/nss/lib/freebl/ldvector.c                 |   12 +-
 security/nss/lib/freebl/loader.c                   |   30 +-
 security/nss/lib/freebl/loader.h                   |   13 +-
 security/nss/lib/freebl/manifest.mn                |    3 +-
 security/nss/lib/freebl/mpi/mpi.h                  |    6 +-
 security/nss/lib/freebl/mpi/target.mk              |    4 +-
 security/nss/lib/freebl/rijndael.c                 |   50 +-
 security/nss/lib/freebl/rsa.c                      |   75 +-
 security/nss/lib/freebl/rsapkcs.c                  |   10 +-
 security/nss/lib/freebl/sha-fast-amd64-sun.s       |   41 +
 security/nss/lib/freebl/stubs.c                    |   27 +-
 security/nss/lib/freebl/stubs.h                    |    4 +-
 security/nss/lib/freebl/sysrand.c                  |    5 +-
 security/nss/lib/freebl/win_rand.c                 |  251 +--
 security/nss/lib/jar/jarver.c                      |    5 -
 .../nss/lib/libpkix/include/pkix_errorstrings.h    |    4 +-
 security/nss/lib/libpkix/include/pkix_pl_pki.h     |    8 +-
 .../nss/lib/libpkix/include/pkix_sample_modules.h  |    2 +
 .../lib/libpkix/pkix/certsel/pkix_certselector.c   |    8 +-
 .../nss/lib/libpkix/pkix/checker/pkix_crlchecker.c |    6 +-
 .../pkix/checker/pkix_nameconstraintschecker.c     |    9 +-
 .../nss/lib/libpkix/pkix/params/pkix_buildparams.c |  284 ---
 .../nss/lib/libpkix/pkix/params/pkix_buildparams.h |   32 -
 .../nss/lib/libpkix/pkix/params/pkix_trustanchor.c |    6 +-
 security/nss/lib/libpkix/pkix/top/pkix_build.c     |  124 +-
 security/nss/lib/libpkix/pkix/top/pkix_build.h     |    7 +-
 security/nss/lib/libpkix/pkix/top/pkix_validate.c  |   12 +-
 .../nss/lib/libpkix/pkix_pl_nss/module/config.mk   |   20 +
 .../nss/lib/libpkix/pkix_pl_nss/module/manifest.mn |   12 +-
 .../libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c    |   25 +
 .../libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h    |    4 +
 .../nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c |    8 +-
 .../libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c   |    4 +
 .../libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h   |    2 +
 .../libpkix/pkix_pl_nss/system/pkix_pl_common.h    |    4 +
 .../libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c |    2 +
 .../libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h |    2 +
 .../lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c   |   21 +-
 security/nss/lib/nss/nss.def                       |   17 +
 security/nss/lib/nss/nss.h                         |    8 +-
 security/nss/lib/nss/nssinit.c                     |   18 +-
 security/nss/lib/pk11wrap/pk11akey.c               |   10 +-
 security/nss/lib/pk11wrap/pk11cert.c               |    7 +
 security/nss/lib/pk11wrap/pk11cxt.c                |    3 +
 security/nss/lib/pk11wrap/pk11load.c               |   37 +-
 security/nss/lib/pk11wrap/pk11obj.c                |  116 +-
 security/nss/lib/pk11wrap/pk11pk12.c               |  110 +
 security/nss/lib/pk11wrap/pk11pub.h                |   48 +-
 security/nss/lib/pk11wrap/pk11skey.c               |    4 +-
 security/nss/lib/pk11wrap/pk11slot.c               |   18 +-
 security/nss/lib/pk11wrap/pk11util.c               |    4 +-
 security/nss/lib/pk11wrap/secmod.h                 |    2 +
 security/nss/lib/pk11wrap/secmodi.h                |    1 -
 security/nss/lib/pk11wrap/secmodt.h                |    8 +-
 security/nss/lib/pkcs12/p12creat.c                 |    2 +-
 security/nss/lib/pki/tdcache.c                     |    3 +-
 security/nss/lib/smime/smime.def                   |    6 +
 security/nss/lib/softoken/config.mk                |    4 -
 security/nss/lib/softoken/ecdecode.c               |  606 ------
 security/nss/lib/softoken/fipstest.c               |    8 +-
 security/nss/lib/softoken/fipstokn.c               |   33 -
 security/nss/lib/softoken/legacydb/config.mk       |    4 -
 security/nss/lib/softoken/legacydb/keydb.c         |   16 +-
 security/nss/lib/softoken/legacydb/lgattr.c        |   26 +-
 security/nss/lib/softoken/legacydb/lgcreate.c      |   20 +-
 security/nss/lib/softoken/legacydb/lgutil.c        |    2 +-
 security/nss/lib/softoken/legacydb/lowcert.c       |    4 +-
 security/nss/lib/softoken/legacydb/lowkey.c        |   12 +-
 security/nss/lib/softoken/legacydb/lowkeyi.h       |    6 +-
 security/nss/lib/softoken/legacydb/lowkeyti.h      |    4 +-
 security/nss/lib/softoken/legacydb/pcertdb.c       |    7 +-
 security/nss/lib/softoken/legacydb/pcertt.h        |   24 +-
 security/nss/lib/softoken/lowkey.c                 |   18 +-
 security/nss/lib/softoken/lowkeyi.h                |    4 +-
 security/nss/lib/softoken/lowkeyti.h               |    4 +-
 security/nss/lib/softoken/manifest.mn              |    1 -
 security/nss/lib/softoken/pkcs11.c                 |  175 +-
 security/nss/lib/softoken/pkcs11c.c                |  144 +-
 security/nss/lib/softoken/pkcs11u.c                |    8 +-
 security/nss/lib/softoken/sdb.c                    |   12 +-
 security/nss/lib/softoken/softkver.h               |    8 +-
 security/nss/lib/softoken/softoken.h               |   13 -
 security/nss/lib/sqlite/config.mk                  |    4 -
 security/nss/lib/ssl/SSLerrs.h                     |    6 +
 security/nss/lib/ssl/derive.c                      |   16 +-
 security/nss/lib/ssl/dtlscon.c                     |  547 ++---
 security/nss/lib/ssl/ssl.h                         |   33 +-
 security/nss/lib/ssl/ssl3con.c                     |  281 ++-
 security/nss/lib/ssl/ssl3ecc.c                     |  818 +++----
 security/nss/lib/ssl/ssl3ext.c                     | 2168 +++++++++++--------
 security/nss/lib/ssl/ssl3prot.h                    |  145 +-
 security/nss/lib/ssl/sslcon.c                      |    4 +-
 security/nss/lib/ssl/sslenum.c                     |   48 +-
 security/nss/lib/ssl/sslerr.h                      |  269 +--
 security/nss/lib/ssl/sslgathr.c                    |   28 -
 security/nss/lib/ssl/sslimpl.h                     |   31 +-
 security/nss/lib/ssl/sslinfo.c                     |   28 +-
 security/nss/lib/ssl/sslnonce.c                    |   22 +-
 security/nss/lib/ssl/sslproto.h                    |  296 +--
 security/nss/lib/ssl/sslsecur.c                    |    4 +-
 security/nss/lib/ssl/sslsnce.c                     |    1 -
 security/nss/lib/ssl/sslsock.c                     | 2261 ++++++++++----------
 security/nss/lib/ssl/sslt.h                        |    6 +-
 security/nss/lib/util/nssutil.h                    |    6 +-
 security/nss/lib/util/secdig.h                     |    2 +-
 security/nss/lib/util/secdigt.h                    |    4 +-
 security/nss/lib/util/secerr.h                     |  356 +--
 security/nss/lib/util/utilmod.c                    |  107 +-
 security/nss/lib/util/utilmodt.h                   |    3 +-
 security/nss/lib/zlib/config.mk                    |    4 +
 security/nss/tests/all.sh                          |   12 +-
 security/nss/tests/cert/cert.sh                    |  232 +-
 .../nss/tests/chains/scenarios/nameconstraints.cfg |  139 ++
 security/nss/tests/cipher/cipher.sh                |   10 +-
 security/nss/tests/common/cleanup.sh               |    3 +
 .../tests/libpkix/certs/NameConstraints.ca.cert    |  Bin 626 -> 626 bytes
 .../certs/NameConstraints.dcissallowed.cert        |  Bin 0 -> 888 bytes
 .../certs/NameConstraints.dcissblocked.cert        |  Bin 0 -> 889 bytes
 .../libpkix/certs/NameConstraints.dcisscopy.cert   |  Bin 0 -> 957 bytes
 .../certs/NameConstraints.intermediate.cert        |  Bin 662 -> 662 bytes
 .../certs/NameConstraints.intermediate2.cert       |  Bin 0 -> 644 bytes
 .../certs/NameConstraints.intermediate3.cert       |  Bin 0 -> 716 bytes
 .../certs/NameConstraints.intermediate4.cert       |  Bin 0 -> 607 bytes
 .../certs/NameConstraints.intermediate5.cert       |  Bin 0 -> 612 bytes
 .../certs/NameConstraints.intermediate6.cert       |  Bin 0 -> 611 bytes
 .../tests/libpkix/certs/NameConstraints.ncca.cert  |  Bin 0 -> 672 bytes
 .../libpkix/certs/NameConstraints.server1.cert     |  Bin 660 -> 660 bytes
 .../libpkix/certs/NameConstraints.server10.cert    |  Bin 0 -> 560 bytes
 .../libpkix/certs/NameConstraints.server11.cert    |  Bin 0 -> 585 bytes
 .../libpkix/certs/NameConstraints.server12.cert    |  Bin 0 -> 562 bytes
 .../libpkix/certs/NameConstraints.server13.cert    |  Bin 0 -> 574 bytes
 .../libpkix/certs/NameConstraints.server14.cert    |  Bin 0 -> 574 bytes
 .../libpkix/certs/NameConstraints.server15.cert    |  Bin 0 -> 634 bytes
 .../libpkix/certs/NameConstraints.server16.cert    |  Bin 0 -> 612 bytes
 .../libpkix/certs/NameConstraints.server17.cert    |  Bin 0 -> 630 bytes
 .../libpkix/certs/NameConstraints.server2.cert     |  Bin 643 -> 643 bytes
 .../libpkix/certs/NameConstraints.server3.cert     |  Bin 660 -> 660 bytes
 .../libpkix/certs/NameConstraints.server4.cert     |  Bin 0 -> 663 bytes
 .../libpkix/certs/NameConstraints.server5.cert     |  Bin 0 -> 646 bytes
 .../libpkix/certs/NameConstraints.server6.cert     |  Bin 0 -> 663 bytes
 .../libpkix/certs/NameConstraints.server7.cert     |  Bin 0 -> 578 bytes
 .../libpkix/certs/NameConstraints.server8.cert     |  Bin 0 -> 564 bytes
 .../libpkix/certs/NameConstraints.server9.cert     |  Bin 0 -> 551 bytes
 security/nss/tests/libpkix/certs/make-nc           |  407 +++-
 security/nss/tests/remote/Makefile                 |    2 +-
 security/nss/tests/smime/smime.sh                  |    4 +-
 security/nss/tests/ssl/ssl.sh                      |   16 +-
 security/nss/tests/tools/tools.sh                  |    4 +-
 397 files changed, 13680 insertions(+), 7128 deletions(-)

diff --git a/configure.in b/configure.in
index 54a881d..1327054 100644
--- a/configure.in
+++ b/configure.in
@@ -3944,7 +3944,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.15.4, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.16.2, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_NATIVE_NSS"; then
diff --git a/security/nss/Makefile b/security/nss/Makefile
index 85c62be..6d01a1d 100644
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -61,6 +61,9 @@ endif
 ifdef BUILD_OPT
 NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize
 endif
+ifdef USE_X32
+NSPR_CONFIGURE_OPTS += --enable-x32
+endif
 ifdef USE_64
 NSPR_CONFIGURE_OPTS += --enable-64bit
 endif
diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO
index 57c5efe..7569d69 100644
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1 +1 @@
-NSS_3_15_4_RTM
+NSS_3_16_2_RTM
diff --git a/security/nss/automation/buildbot-slave/bbenv-example.sh b/security/nss/automation/buildbot-slave/bbenv-example.sh
index 1d0dd01..c76e5d6 100644
--- a/security/nss/automation/buildbot-slave/bbenv-example.sh
+++ b/security/nss/automation/buildbot-slave/bbenv-example.sh
@@ -19,8 +19,6 @@ ARCH=$(uname -s)
 
 ulimit -c unlimited 2> /dev/null
 
-export NSS_ENABLE_ECC=1
-export NSS_ECC_MORE_THAN_SUITE_B=1
 export NSPR_LOG_MODULES="pkix:1"
 
 #export JAVA_HOME_32=
diff --git a/security/nss/automation/buildbot-slave/build.sh b/security/nss/automation/buildbot-slave/build.sh
index 286a735..605293e 100755
--- a/security/nss/automation/buildbot-slave/build.sh
+++ b/security/nss/automation/buildbot-slave/build.sh
@@ -288,7 +288,7 @@ prepare()
     mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
     mkdir -p ${OUTPUTDIR}
 
-    if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
+    if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
         cd ${HGDIR}/nss
         ECF="lib/freebl/ecl/ecl-curve.h"
 	print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"
diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c
index c438d60..cdc9dd6 100644
--- a/security/nss/cmd/atob/atob.c
+++ b/security/nss/cmd/atob/atob.c
@@ -35,13 +35,24 @@ output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
     return nb;
 }
 
+static PRBool
+isBase64Char(char c)
+{
+    return ((c >= 'A' && c <= 'Z')
+	    || (c >= 'a' && c <= 'z')
+	    || (c >= '0' && c <= '9')
+	    || c == '+'
+	    || c == '/'
+	    || c == '=');
+}
+
 static SECStatus
 decode_file(FILE *outFile, FILE *inFile)
 {
     NSSBase64Decoder *cx;
-    int nb;
     SECStatus status = SECFailure;
     char ibuf[4096];
+    const char *ptr;
 
     cx = NSSBase64Decoder_Create(output_binary, outFile);
     if (!cx) {
@@ -50,19 +61,29 @@ decode_file(FILE *outFile, FILE *inFile)
 
     for (;;) {
 	if (feof(inFile)) break;
-	nb = fread(ibuf, 1, sizeof(ibuf), inFile);
-	if (nb != sizeof(ibuf)) {
-	    if (nb == 0) {
-		if (ferror(inFile)) {
-		    PORT_SetError(SEC_ERROR_IO);
-		    goto loser;
-		}
-		/* eof */
-		break;
+	if (!fgets(ibuf, sizeof(ibuf), inFile)) {
+	    if (ferror(inFile)) {
+		PORT_SetError(SEC_ERROR_IO);
+		goto loser;
 	    }
+	    /* eof */
+	    break;
+	}
+	for (ptr = ibuf; *ptr; ++ptr) {
+	    char c = *ptr;
+	    if (c == '\n' || c == '\r') {
+		break; /* found end of line */
+	    }
+	    if (!isBase64Char(c)) {
+	      ptr = ibuf; /* ignore line */
+	      break;
+	    }
+	}
+	if (ibuf == ptr) {
+	    continue; /* skip empty or non-base64 line */
 	}
 
-	status = NSSBase64Decoder_Update(cx, ibuf, nb);
+	status = NSSBase64Decoder_Update(cx, ibuf, ptr-ibuf);
 	if (status != SECSuccess) goto loser;
     }
 
@@ -99,10 +120,11 @@ int main(int argc, char **argv)
     progName = progName ? progName+1 : argv[0];
 
     /* Parse command line arguments */
-    optstate = PL_CreateOptState(argc, argv, "i:o:");
+    optstate = PL_CreateOptState(argc, argv, "?hi:o:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
+	  case 'h':
 	    Usage(progName);
 	    break;
 
diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c
index 469ada8..7761918 100644
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -21,7 +21,7 @@
 #include "secoid.h"
 #include "nssutil.h"
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #include "ecl-curve.h"
 SECStatus EC_DecodeParams(const SECItem *encodedParams, 
 	ECParams **ecparams);
@@ -133,7 +133,7 @@ static void Usage()
     PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
     PRINTUSAGE("",	"", "[-i plaintext] [-o signature] [-k key]");
     PRINTUSAGE("",	"", "[-b bufsize]");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PRINTUSAGE("",	"", "[-n curvename]");
 #endif
     PRINTUSAGE("",	"", "[-p repetitions | -5 time_interval] [-4 th_num]");
@@ -141,7 +141,7 @@ static void Usage()
     PRINTUSAGE("",	"-i", "file which contains input buffer");
     PRINTUSAGE("",	"-o", "file for signature");
     PRINTUSAGE("",	"-k", "file which contains key");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PRINTUSAGE("",	"-n", "name of curve for EC key generation; one of:");
     PRINTUSAGE("",  "",   "  sect163k1, nistk163, sect163r1, sect163r2,");
     PRINTUSAGE("",  "",   "  nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
@@ -390,7 +390,7 @@ dsakey_from_filedata(SECItem *filedata)
     return key;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static ECPrivateKey *
 eckey_from_filedata(SECItem *filedata)
 {
@@ -544,7 +544,7 @@ getECParams(const char *curve)
 
     return ecparams;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 static void
 dump_pqg(PQGParams *pqg)
@@ -562,7 +562,7 @@ dump_dsakey(DSAPrivateKey *key)
     SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static void
 dump_ecp(ECParams *ecp)
 {
@@ -651,7 +651,7 @@ typedef enum {
     bltestRSA,            /* Public Key Ciphers    */
     bltestRSA_OAEP,       /* . (Public Key Enc.)   */
     bltestRSA_PSS,        /* . (Public Key Sig.)   */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     bltestECDSA,          /* . (Public Key Sig.)   */
 #endif
     bltestDSA,            /* . (Public Key Sig.)   */
@@ -690,7 +690,7 @@ static char *mode_strings[] =
     "rsa",
     "rsa_oaep",
     "rsa_pss",
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     "ecdsa",
 #endif
     /*"pqg",*/
@@ -744,7 +744,7 @@ typedef struct
     PQGParams *pqg;
 } bltestDSAParams;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 typedef struct
 {
     char      *curveName;
@@ -763,7 +763,7 @@ typedef struct
     union {
         bltestRSAParams rsa;
         bltestDSAParams dsa;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
         bltestECDSAParams ecdsa;
 #endif
     } cipherParams;
@@ -1266,7 +1266,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
     return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 SECStatus
 ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
 {
@@ -1720,7 +1720,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
     return SECSuccess;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 SECStatus
 bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
@@ -2077,7 +2077,7 @@ finish:
 
 SECStatus
 pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	      int keysize, int exponent, char *curveName)
 #else
 	      int keysize, int exponent)
@@ -2090,7 +2090,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
     RSAPrivateKey **rsaKey = NULL;
     bltestDSAParams *dsap;
     DSAPrivateKey **dsaKey = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECItem *tmpECParamsDER;
     ECParams *tmpECParams = NULL;
     SECItem ecSerialize[3];
@@ -2132,7 +2132,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
 	    dsap->keysize = (*dsaKey)->params.prime.len*8;
 	}
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case bltestECDSA:
 	ecKey = (ECPrivateKey **)&asymk->privKey;
 	if (curveName != NULL) {
@@ -2244,7 +2244,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
 	}
 	return bltest_dsa_init(cipherInfo, encrypt);
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case bltestECDSA:
 	if (encrypt) {
 		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
@@ -2494,7 +2494,7 @@ cipherFinish(bltestCipherInfo *cipherInfo)
     case bltestRSA_PSS:  /* will be freed with it. */
     case bltestRSA_OAEP:
     case bltestDSA:
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case bltestECDSA:
 #endif
     case bltestMD2: /* hash contexts are ephemeral */
@@ -2674,7 +2674,7 @@ print_td:
               fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
           }
           break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
       case bltestECDSA:
           if (td) {
               fprintf(stdout, "%12s", "ec_curve");
@@ -2906,7 +2906,7 @@ get_params(PLArenaPool *arena, bltestParams *params,
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
 	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case bltestECDSA:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
 	load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
@@ -2938,46 +2938,62 @@ SECStatus
 verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode,
 		 PRBool forward, SECStatus sigstatus)
 {
-    int res;
+    PRBool equal;
     char *modestr = mode_strings[mode];
-    res = SECITEM_CompareItem(&result->pBuf, &cmp->buf);
+    equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf);
     if (is_sigCipher(mode)) {
 	if (forward) {
-	    if (res == 0) {
+	    if (equal) {
 		printf("Signature self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Signature self-test for %s failed!\n", modestr);
 	    }
+	    return equal ? SECSuccess : SECFailure;
 	} else {
 	    if (sigstatus == SECSuccess) {
 		printf("Verification self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Verification self-test for %s failed!\n", modestr);
 	    }
+	    return sigstatus;
 	}
-	return sigstatus;
     } else if (is_hashCipher(mode)) {
-	if (res == 0) {
+	if (equal) {
 	    printf("Hash self-test for %s passed.\n", modestr);
 	} else {
 	    printf("Hash self-test for %s failed!\n", modestr);
 	}
     } else {
 	if (forward) {
-	    if (res == 0) {
+	    if (equal) {
 		printf("Encryption self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Encryption self-test for %s failed!\n", modestr);
 	    }
 	} else {
-	    if (res == 0) {
+	    if (equal) {
 		printf("Decryption self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Decryption self-test for %s failed!\n", modestr);
 	    }
 	}
     }
-    return (res != 0);
+    return equal ? SECSuccess : SECFailure;
+}
+
+static SECStatus
+ReadFileToItem(SECItem *dst, const char *filename)
+{
+    PRFileDesc *file;
+    SECStatus rv;
+
+    file = PR_Open(filename, PR_RDONLY, 00660);
+    if (!file) {
+	return SECFailure;
+    }
+    rv = SECU_FileToItem(dst, file);
+    PR_Close(file);
+    return rv;
 }
 
 static SECStatus
@@ -2991,19 +3007,16 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
     int i, j, nummodes, numtests;
     char *modestr;
     char filename[256];
-    PRFileDesc *file;
     PLArenaPool *arena;
     SECItem item;
-    PRBool finished;
     SECStatus rv = SECSuccess, srv;
 
     PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo));
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     cipherInfo.arena = arena;
 
-    finished = PR_FALSE;
     nummodes = (numModes == 0) ? NUMMODES : numModes;
-    for (i=0; i < nummodes && !finished; i++) {
+    for (i=0; i < nummodes; i++) {
 	if (numModes > 0)
 	    mode = modes[i];
 	else
@@ -3017,13 +3030,11 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
 	params = &cipherInfo.params;
 	/* get the number of tests in the directory */
 	sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
-	file = PR_Open(filename, PR_RDONLY, 00660);
-	if (!file) {
-	    fprintf(stderr, "%s: File %s does not exist.\n", progName,filename);
-	    return SECFailure;
+	if (ReadFileToItem(&item, filename) != SECSuccess) {
+	    fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename);
+	    rv = SECFailure;
+	    continue;
 	}
-	rv = SECU_FileToItem(&item, file);
-	PR_Close(file);
 	/* loop over the tests in the directory */
 	numtests = 0;
 	for (j=0; j<item.len; j++) {
@@ -3048,8 +3059,6 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
 	    ** Align the input buffer (plaintext) according to request
 	    ** then perform operation and compare to ciphertext
 	    */
-	    /* XXX for now */
-	    rv = SECSuccess;
 	    if (encrypt) {
 		bltestCopyIO(arena, &cipherInfo.input, &pt);
 		misalignBuffer(arena, &cipherInfo.input, inoff);
@@ -3059,11 +3068,10 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
 		rv |= cipherDoOp(&cipherInfo);
 		rv |= cipherFinish(&cipherInfo);
 		rv |= verify_self_test(&cipherInfo.output, 
-		                       &ct, mode, PR_TRUE, 0);
+		                       &ct, mode, PR_TRUE, SECSuccess);
 		/* If testing hash, only one op to test */
 		if (is_hashCipher(mode))
 		    continue;
-		/*if (rv) return rv;*/
 		if (is_sigCipher(mode)) {
 		    /* Verify operations support detached signature files. For
 		    ** consistency between tests that run Sign/Verify back to
@@ -3079,8 +3087,6 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
 	    }
 	    if (!decrypt)
 		continue;
-	    /* XXX for now */
-	    rv = SECSuccess;
 	    /* Reverse Operation (Decrypt/Verify)
 	    ** Align the input buffer (ciphertext) according to request
 	    ** then perform operation and compare to plaintext
@@ -3100,7 +3106,6 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
 	    rv |= cipherFinish(&cipherInfo);
 	    rv |= verify_self_test(&cipherInfo.output, 
 	                           &pt, mode, PR_FALSE, srv);
-	    /*if (rv) return rv;*/
 	}
     }
     return rv;
@@ -3128,7 +3133,7 @@ dump_file(bltestCipherMode mode, char *filename)
 	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
 	key = dsakey_from_filedata(&keydata.buf);
 	dump_dsakey(key);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     } else if (mode == bltestECDSA) {
 	ECPrivateKey *key;
 	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
@@ -3373,7 +3378,7 @@ enum {
     opt_Key,
     opt_HexWSpc,
     opt_Mode,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     opt_CurveName,
 #endif
     opt_Output,
@@ -3426,7 +3431,7 @@ static secuCommandFlag bltest_options[] =
     { /* opt_Key	  */ 'k', PR_TRUE,  0, PR_FALSE },
     { /* opt_HexWSpc	  */ 'l', PR_FALSE, 0, PR_FALSE },
     { /* opt_Mode	  */ 'm', PR_TRUE,  0, PR_FALSE },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     { /* opt_CurveName	  */ 'n', PR_TRUE,  0, PR_FALSE },
 #endif
     { /* opt_Output	  */ 'o', PR_TRUE,  0, PR_FALSE },
@@ -3461,7 +3466,7 @@ int main(int argc, char **argv)
     bltestCipherInfo    *cipherInfoListHead, *cipherInfo;
     bltestIOMode        ioMode;
     int                 bufsize, exponent, curThrdNum;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     char		*curveName = NULL;
 #endif
     int			 i, commandsEntered;
@@ -3605,7 +3610,7 @@ int main(int argc, char **argv)
 	rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
 	                    encrypt, decrypt);
 	PORT_Free(cipherInfo);
-	return rv;
+	return rv == SECSuccess ? 0 : 1;
     }
 
     /* Do FIPS self-test */
@@ -3695,7 +3700,7 @@ int main(int argc, char **argv)
     else
 	exponent = 65537;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (bltest.options[opt_CurveName].activated)
 	curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
     else
@@ -3783,7 +3788,7 @@ int main(int argc, char **argv)
                 file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
             }
             params->key.mode = bltestBase64Encoded;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
             pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName);
 #else
             pubkeyInitKey(cipherInfo, file, keysize, exponent);
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1
new file mode 100644
index 0000000..1126bbf
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1
@@ -0,0 +1 @@
+AzZ2PpZtkllaVnzJzlN/Xg==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10
new file mode 100644
index 0000000..c3d443f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10
@@ -0,0 +1,3 @@
+eykx9YVfcXFF4A8VKp9HlDWbH/yz5V9ZTjMJi1HCOmx0oGwdlP3tf9KuQsfbesrv
+WETLM67dxoUlhe0AIKZpnSy1OAnO/RaRSM5CKSr6sGNEOXgwbFgsGLnODaPQhM5N
+PEgs/Y/PGoUITon7iLQKCE1elyRm0HZmEm+3YfhAePI=
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11
new file mode 100644
index 0000000..ae00d8b
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11
@@ -0,0 +1,3 @@
+sJUS8+/57Q2FiQmDpz2tu3w2eNUlgb5kqKj8WG9JDyUhKXpHigWYBA69D1UJ+vsJ
+afnZ5gDq7zOxuT7tmWh7Fn+JpQZarEOc5G87jSLTCGXmTkXvjNMLaYQ1OoRKEcjN
+YNug6IZrPuMNJLP6imQ7MoNT4GAQ+oJzyP1U7woraTDlUgquXNWQL5uGozWSykNl
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12
new file mode 100644
index 0000000..605a1ba
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12
@@ -0,0 +1,4 @@
+a+ihKABFWjIFOIU+DLoxvS2A6gyFFkpMXCYa5IVBfZPv/i68DQoLUdbqGGM9IQz2
+PAxN28J2B/LoHtkRMZHvhtVvO5m+bEFaQVApn7hGznFgtAtjuvEXnRknWi6DaYN2
+0ouSVIxo4G5tmU4sFQHtKXAU5wLN7+4vZWRHcGAJYU2AHeHKr3P4t/pWzxupS2MZ
+M7vld2JDgIUPEXQ1oDVbKw==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13
new file mode 100644
index 0000000..2abf369
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13
@@ -0,0 +1 @@
+UdRHefkNQKgASCdsA1y0nKKke8ubnPcnC5FEeTeH1T8=
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14
new file mode 100644
index 0000000..f16428a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14
@@ -0,0 +1,2 @@
+1fVYl2C/nHYiKP3iNt4fot0trUSNs/qb4MQZbv1Go1yE3RrHfZ21jJWRjLMXpkMK
+CNL7ao6LDxybcsejRNw0nw==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15
new file mode 100644
index 0000000..ed1cecd
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15
@@ -0,0 +1,2 @@
+dTlZdL0ys2ZWVKbI45a4iuNLEjV1hyp6tofY52tG35EailkM0B0vXDML46Zibp3T
+ql4Q7RTo/4KYEbb+1Q8/UzykOFocvKePXEdE5Q8vg1kWXCSF0TJOdsPq52oMysYp
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16
new file mode 100644
index 0000000..8fa8952
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16
@@ -0,0 +1,3 @@
+gVjiFCDyW1nWrpQ/ocvyHwLpefQZ2rASanIbfu9Vvumtl/XM/30jkFe7wZqMN4FC
+92cvHV5+F9e+vLAHDoNVys5mYBcaU7YYFq6CSm72nORwtv/TtbtLQ4h02R0nhU07
+byWGDTholY3jMH1isTOb3duKMYwM4PM8F8rw6fYECCA=
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17
new file mode 100644
index 0000000..8ca864c
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17
@@ -0,0 +1,3 @@
+km2ySMwbog8MV2MafIrvCU95GTe5BZSeNGAkDov6b6SDEVobMQtuQ2nK68UmKIg3
+ex3apYAOpJaivf8PmhAx5xKcmiDjViHn8Li6yg2HAw8q58qFk8hZlnegb9SyYAnq
+0I/srCTKqc8srTtHDIInQVp7Hg8uqz+tltcKIJyLsmxidnfiUxuUNcpuPERNGVtf
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18
new file mode 100644
index 0000000..9b42740
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18
@@ -0,0 +1,4 @@
+yCzyxHbeqMtqbmB6QNLwORvoLqnshKU3poIPmvuZe3Y5fQBUJPqmp03E6MeqSokA
+aQ+JS20dyoBnU5PSJDrax2LxWTAeNX6YtyR2IxDNWnuv4cKgMNukb9k6n9uJzBMs
+qcF9xyAx7Ggi7lqdmdvKZseEwBsIhcu2LinZeAGSfsQVpdIVFY0yX57miUN60bdo
+StM8DZJzlFGsh/Of+MMbhA==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19
new file mode 100644
index 0000000..39bf937
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19
@@ -0,0 +1 @@
+L6Dfciqf07ZMsY+ys9tV/yJnQidXKJQT+PZXUHQSpkw=
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2
new file mode 100644
index 0000000..ec069ab
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2
@@ -0,0 +1 @@
+qaFjG/SZaVTrwJOVeyNFiQ==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20
new file mode 100644
index 0000000..d74f0e0
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20
@@ -0,0 +1,2 @@
+BdXHdylCGwi3N+QRGfpEONH1cMx3Kk1sPff/7aA4TvhCiM43/ExMfRElpJmwUTZM
+OJ/WOb3aZH2qO9rasutVlA==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21
new file mode 100644
index 0000000..9f3b9ea
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21
@@ -0,0 +1,2 @@
+rD1tuv4uD3QGMv2eggv2BEzVsVUcu5zAPAslw5zLfzO4Oqz8pAoyZfK7/4eRU0SK
+ysuI/Ps7t7EP5GOmjAEJ8Cg4Lj5VexrfAu1kira7iV3wIF0m67+ppf2M69jkvuPc
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22
new file mode 100644
index 0000000..b9b5b5c
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22
@@ -0,0 +1,3 @@
+kLe5YwojePU/UBq3vv8DkVUAgHG8hDjniZMs/T6xKZGVRl5mM4SUY/20Q3Unji/b
+ExCCHmSSz4D/Fct3JQn7Qm867uJ71JOIgv0q5rW9nZH6SkOxe7Q5675ZwEIxAWOo
+Kl/lOIeW7uNaGBoScfAL4puFLY+nWbrQH/RnjwEFlM0=
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23
new file mode 100644
index 0000000..e7710c1
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23
@@ -0,0 +1,3 @@
+AlSyNGO8q+xaOV63TI+w6xN6B7xvXp9h7AsFfeMFcU+PopQiHJGhWcMVk5uB4wDu
+kCGS7F8VJUQo2HcveTJOxDKYyiHACzcCc+5eXtkOQ++h4FpdFxIJ/jT58pI326Km
+cmZQ/TsTIXR9EgiGPGw8az4th5q18leC8Iuo8qu+Y+C+20oifoGvs2u2ZFUINW00
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24
new file mode 100644
index 0000000..d5234aa
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24
@@ -0,0 +1,4 @@
+/Fhz5Q3o+vTGuEunB7CFTp25qy6ffXB/u6M4xoQ6GPxvrOuvZj0mKW+zKbTSbxhJ
+THngnneWR/m6+odIljDXn0MBYQwjAMGdvzFIt8rIxPSUQQJ1TzMukrb3xedbxhee
+uHegeNRxkAkCF0TBTxP9KlWiucRNGAAGhahFpPYyx8VqdzBu+maiTQXQiNzXwT/i
+T8RHJ1ll255NN/vJMERIzQ==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3
new file mode 100644
index 0000000..82c4cd2
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3
@@ -0,0 +1 @@
+J1z8BBPYzLcFE8OFmx0Pcg==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4
new file mode 100644
index 0000000..81714bd
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4
@@ -0,0 +1 @@
+ybgTX/G1rcQT39BTshvZbQ==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5
new file mode 100644
index 0000000..ce9672a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5
@@ -0,0 +1 @@
+XJ2ETtRvmIUIXl1qT5TH1w==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6
new file mode 100644
index 0000000..fc53a4f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6
@@ -0,0 +1 @@
+qf91vXz2YT03Mcd8O20MBA==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7
new file mode 100644
index 0000000..1d6d84b
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7
@@ -0,0 +1 @@
+xNxh2XJZZ6MCAQSpc48jhoUnzoOaqxdS/YvblagsTQA=
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8
new file mode 100644
index 0000000..7191a64
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8
@@ -0,0 +1,2 @@
+Gblgl3LGPzOGCL9utSyhC+ZQl/icHgkFxCQB/Ud5GuLFRAstRzEWyni9n/L7YBXP
+0xZSTq59y5Wuc46+roSkZw==
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9
new file mode 100644
index 0000000..232a691
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9
@@ -0,0 +1,2 @@
+O4YRv8SXPFzY6YKwc7MxhM0mEQFZFy5EmI61/1ZhoeFvrWclj8v+5VRpJnoS3DdI
+k7TjUz029WNMMJVYNZbxNaqM0RONyJi8VlHuNakuv4mrautTZmU7xgpw4AdPwR7+
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv1 b/security/nss/cmd/bltest/tests/aes_cbc/iv1
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv1 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv10 b/security/nss/cmd/bltest/tests/aes_cbc/iv10
new file mode 100644
index 0000000..58d7a2d
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv10
@@ -0,0 +1 @@
+žù4”n\Ю—½XS,´“
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv11 b/security/nss/cmd/bltest/tests/aes_cbc/iv11
new file mode 100644
index 0000000..6847886
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv11
@@ -0,0 +1 @@
+$_&[vëëÂíÊÄ¢ø
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv12 b/security/nss/cmd/bltest/tests/aes_cbc/iv12
new file mode 100644
index 0000000..15040cd
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv12
@@ -0,0 +1 @@
+»ë/«´H¯„—–$J×
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv13 b/security/nss/cmd/bltest/tests/aes_cbc/iv13
new file mode 100644
index 0000000..1bef08a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv13
@@ -0,0 +1 @@
+óÖf~My`÷P[£ƒë
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv14 b/security/nss/cmd/bltest/tests/aes_cbc/iv14
new file mode 100644
index 0000000..099828f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv14
@@ -0,0 +1 @@
+‹YÉ œRœ¨9ŸÀÎ<8
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv15 b/security/nss/cmd/bltest/tests/aes_cbc/iv15
new file mode 100644
index 0000000..d7a44d9
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv15
@@ -0,0 +1 @@
+6긃¯ï“lÏc(FÍ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv16 b/security/nss/cmd/bltest/tests/aes_cbc/iv16
new file mode 100644
index 0000000..678bb8d
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv16
@@ -0,0 +1 @@
+ãțЗëÝöOHÛm¿â
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv17 b/security/nss/cmd/bltest/tests/aes_cbc/iv17
new file mode 100644
index 0000000..7ff21ab
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv17
@@ -0,0 +1 @@
+’¤(3ñE¤½Æè<
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv18 b/security/nss/cmd/bltest/tests/aes_cbc/iv18
new file mode 100644
index 0000000..244b502
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv18
@@ -0,0 +1 @@
+$@€8,Êà{›¶cUÁ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv19 b/security/nss/cmd/bltest/tests/aes_cbc/iv19
new file mode 100644
index 0000000..919e165
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv19
@@ -0,0 +1 @@
+ýê¡4È×7EquýWÓü
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv2 b/security/nss/cmd/bltest/tests/aes_cbc/iv2
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv2 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv20 b/security/nss/cmd/bltest/tests/aes_cbc/iv20
new file mode 100644
index 0000000..c49bf8f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv20
@@ -0,0 +1 @@
+ÀÍ+ëÌ»lI’ÕH*ÇVè
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv21 b/security/nss/cmd/bltest/tests/aes_cbc/iv21
new file mode 100644
index 0000000..6452e3d
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv21
@@ -0,0 +1,2 @@
+³Ë—¨
+S™¸ÂE;“•
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv22 b/security/nss/cmd/bltest/tests/aes_cbc/iv22
new file mode 100644
index 0000000..42b7bd3
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv22
@@ -0,0 +1 @@
+LïüYcÔY`&u>–I
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv23 b/security/nss/cmd/bltest/tests/aes_cbc/iv23
new file mode 100644
index 0000000..99b2249
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv23 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv24 b/security/nss/cmd/bltest/tests/aes_cbc/iv24
new file mode 100644
index 0000000..0104daf
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv24
@@ -0,0 +1 @@
+ÖՁ¸ÏëӶ꡵?~á
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv3 b/security/nss/cmd/bltest/tests/aes_cbc/iv3
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv3 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv4 b/security/nss/cmd/bltest/tests/aes_cbc/iv4
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv4 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv5 b/security/nss/cmd/bltest/tests/aes_cbc/iv5
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv5 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv6 b/security/nss/cmd/bltest/tests/aes_cbc/iv6
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv6 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv7 b/security/nss/cmd/bltest/tests/aes_cbc/iv7
new file mode 100644
index 0000000..524d1b9
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv7
@@ -0,0 +1 @@
+ªÑX<Ùeã»/40Ðe»
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv8 b/security/nss/cmd/bltest/tests/aes_cbc/iv8
new file mode 100644
index 0000000..f58e954
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv8
@@ -0,0 +1 @@
+È	]‹± `iŸ|—J 
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv9 b/security/nss/cmd/bltest/tests/aes_cbc/iv9
new file mode 100644
index 0000000..d6c4782
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv9
@@ -0,0 +1 @@
+eµî60¾Ö¸BÙ¹z
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key1 b/security/nss/cmd/bltest/tests/aes_cbc/key1
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key1 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key10 b/security/nss/cmd/bltest/tests/aes_cbc/key10
new file mode 100644
index 0000000..3cdff7a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key10
@@ -0,0 +1 @@
+Ä‘Ê1ùEŽ)©%ìUx
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key11 b/security/nss/cmd/bltest/tests/aes_cbc/key11
new file mode 100644
index 0000000..4a13040
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key11
@@ -0,0 +1 @@
+öè}q°Mn°jhÜjqô˜
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key12 b/security/nss/cmd/bltest/tests/aes_cbc/key12
new file mode 100644
index 0000000..0a0103d
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key12
@@ -0,0 +1 @@
+,A7QÃ'0W£6xk
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key13 b/security/nss/cmd/bltest/tests/aes_cbc/key13
new file mode 100644
index 0000000..87ae208
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key13
@@ -0,0 +1 @@
+ê³±œX¨sᘃ«ƒ»øQû.k!
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key14 b/security/nss/cmd/bltest/tests/aes_cbc/key14
new file mode 100644
index 0000000..de4da4d
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key14
@@ -0,0 +1 @@
+{±{M÷…i~¬Ï–˜âËuæy|é5Ë
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key15 b/security/nss/cmd/bltest/tests/aes_cbc/key15
new file mode 100644
index 0000000..b13351f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key15
@@ -0,0 +1 @@
+ãþÌuðZ	³ƒßÓ‰£Ó<ɸT³²TÀô
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key16 b/security/nss/cmd/bltest/tests/aes_cbc/key16
new file mode 100644
index 0000000..71afcb3
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key16 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key17 b/security/nss/cmd/bltest/tests/aes_cbc/key17
new file mode 100644
index 0000000..291b89b
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key17
@@ -0,0 +1 @@
+¼¦ú<gý)N•fþ‹ÖOEô(õ¼Ž—3§
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key18 b/security/nss/cmd/bltest/tests/aes_cbc/key18
new file mode 100644
index 0000000..9c28957
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key18
@@ -0,0 +1 @@
+*ÕæJªUWíÁk,jMK^î
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key19 b/security/nss/cmd/bltest/tests/aes_cbc/key19
new file mode 100644
index 0000000..f0ca408
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key19
@@ -0,0 +1 @@
+ÜâlkLû(eÚNìÒÏþlßC3Û›_w´`g›Ô®
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key2 b/security/nss/cmd/bltest/tests/aes_cbc/key2
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key2 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key20 b/security/nss/cmd/bltest/tests/aes_cbc/key20
new file mode 100644
index 0000000..ce28587
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key20
@@ -0,0 +1 @@
+“ÿcq¯j[Ž¬ßZ=K¯Ñ¯µs¾zÞž†‚æcå
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key21 b/security/nss/cmd/bltest/tests/aes_cbc/key21
new file mode 100644
index 0000000..1b1a9bc
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key21
@@ -0,0 +1,2 @@
+s¸úð3¬™…\öùéä…i
+Y¤†MÏHÒ‚ú®*
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key22 b/security/nss/cmd/bltest/tests/aes_cbc/key22
new file mode 100644
index 0000000..4b23daa
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key22
@@ -0,0 +1 @@
+E‹g¿!- ó¥Î9 eX-Îûóª"”Ÿƒ8«R&
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key23 b/security/nss/cmd/bltest/tests/aes_cbc/key23
new file mode 100644
index 0000000..cc1b48f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key23
@@ -0,0 +1 @@
+ÒA-°„]„ås+‹½d)WG;û™Ê‹ÿpç’ÁÛì‰
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key24 b/security/nss/cmd/bltest/tests/aes_cbc/key24
new file mode 100644
index 0000000..cf579fc
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key24
@@ -0,0 +1 @@
+H¾Y~c,w#$ÈÓúœZžÍì];þÃvÅS+
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key3 b/security/nss/cmd/bltest/tests/aes_cbc/key3
new file mode 100644
index 0000000..4ac5fc6
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key3 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key4 b/security/nss/cmd/bltest/tests/aes_cbc/key4
new file mode 100644
index 0000000..4ac5fc6
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key4 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key5 b/security/nss/cmd/bltest/tests/aes_cbc/key5
new file mode 100644
index 0000000..4e4e493
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key5 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key6 b/security/nss/cmd/bltest/tests/aes_cbc/key6
new file mode 100644
index 0000000..4e4e493
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key6 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key7 b/security/nss/cmd/bltest/tests/aes_cbc/key7
new file mode 100644
index 0000000..c1e46ce
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key7 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key8 b/security/nss/cmd/bltest/tests/aes_cbc/key8
new file mode 100644
index 0000000..804b8d4
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key8
@@ -0,0 +1 @@
+·óÉWnݶ>¬+š9
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key9 b/security/nss/cmd/bltest/tests/aes_cbc/key9
new file mode 100644
index 0000000..193a2a1
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key9
@@ -0,0 +1 @@
+»ç·ºOñ®|4þ‹F^
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh b/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh
new file mode 100644
index 0000000..443167e
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+    file="test$i.txt"
+    grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i
+    grep "IV = "  $file | sed -e 's;IV = ;;' | hex > iv$i
+    grep "PLAINTEXT = "  $file | sed -e 's;PLAINTEXT = ;;' | hex  > plaintext$i
+    grep "CIPHERTEXT = "  $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin
+    btoa < ciphertext$i.bin > ciphertext$i
+    rm ciphertext$i.bin
+done
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/numtests b/security/nss/cmd/bltest/tests/aes_cbc/numtests
index d00491f..7273c0f 100644
--- a/security/nss/cmd/bltest/tests/aes_cbc/numtests
+++ b/security/nss/cmd/bltest/tests/aes_cbc/numtests
@@ -1 +1 @@
-1
+25
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext1 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext1
new file mode 100644
index 0000000..8bac1b7
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext1
@@ -0,0 +1 @@
+óDì<Æ'ºÍ]Ãûòsæ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext10 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext10
new file mode 100644
index 0000000..779400b
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext10
@@ -0,0 +1,2 @@
+Ëjx~ìVù¡e•¯3l¦´…Ùé@“ÆQRdŸˆ.‡My¬^{Ò§L宍.èTöSž
+”ykÔÉüÛÇšËïMvÑŠ÷â¤üGÝfßlM¾PäfTšG¶6¼Ç³¦$•µk¶{mE_ëÙ¿ï켦Çó5ÏΛE˝
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext11 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext11
new file mode 100644
index 0000000..c226c29
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext11
@@ -0,0 +1 @@
+ø+ï<s¦÷ø²…rmi¶¿UîÂZ…; àD_&¹»;£цnMØòåøì´ämt§§Œ Íü{ÌžG›§ Êº”8#ŠÐÀQÕٍãÝÎnkKÔ«ÏžŽØ®ß¡Ï–;“ g¹}wm·n~‘?tHã‚DPŸ¯6½‚áS6Ó\ŸÔä‰?Û„O‡)
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext12 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext12
new file mode 100644
index 0000000..357fd2c
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext12
@@ -0,0 +1 @@
+@Ù0ù S4فo♜?‚ ?jW¨ÄuÉESÑÑi:Üa€Ið§i¢îÖ¦ËÀ>ÅÌͼìLå`ÏÒ"W	2mM甎TÖÐ×þ×Rû#ñªD”û°0éÞÔç~7Ày-‚€@Ã%±¥ïÑ_ÈBä@ÊCt¿8óÃü>ã's;Šî¼ÐUw/Ü`?{,¦Ÿöb6+à¡q»Üê]?
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext13 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext13
new file mode 100644
index 0000000..88c5250
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext13
@@ -0,0 +1 @@
+NLÌÑh#!…mðiãñÆú9:Ÿ°-YÛtÁ@³¬Ä
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext14 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext14
new file mode 100644
index 0000000..c42aec2
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext14
@@ -0,0 +1 @@
+Û7…¨‰´½8wTÚ"/L-+þyà[Éû©A¾ê0ñ#ž¬ðFìÃhé†ü¦·ÅŽIyÒ–½y†ïõO
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext15 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext15
new file mode 100644
index 0000000..1266255
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext15
@@ -0,0 +1 @@
+“/_:X Õ:kêªd1:4ˆôë°õµ~ø8áW–#;Öæ€wS‹.Qïp<IVC.ŠŽæ£NB²jؽ®l*ù¦Ç™o;`ÒgAñÉôà=JR° eJ3óMÎ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext16 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext16
new file mode 100644
index 0000000..6348620
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext16
@@ -0,0 +1 @@
+Á£vƒû(”gÝ,‰ïº»Òî$ÏѝDYmí&‚Çš/qz2¿j$ºÝ2¤îc|s·¤¦%†5e‘ûŸúE½ü<±"bA³ÞÎØ™j¥¨Óèpà¤KÀWÔ†# Ö"©?©Ú)ªíõÙèvÉF ”_øìÈ?'7žÕ\ôÅy'
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext17 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext17
new file mode 100644
index 0000000..6343a1a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext17
@@ -0,0 +1,2 @@
+[ì¼1ؾ­m6®JXcÑJCkUÒž¦ºªArqqm³£;.PkE †ß搃JÂÞ0¼A%NÅ@Ä}B7Çy/ÜבMŠò±ufBÕŒu©/kÅ=2j饷á±
+—VWF’“M™9ü9ž ?~ߎ~d‚êÝ1 @pè—´ŒkÊ+ at E“P€é3w5ŒB ôÞÞ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext18 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext18
new file mode 100644
index 0000000..4858130
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext18 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext19 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext19
new file mode 100644
index 0000000..0d6ad5e
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext19 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext2 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext2
new file mode 100644
index 0000000..b2153e2
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext2
@@ -0,0 +1 @@
+—˜Äd­uÇÃ"}¹Nr
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext20 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext20
new file mode 100644
index 0000000..6873047
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext20
@@ -0,0 +1 @@
+‹7ùô»%•kæ1sÈÜXê—ÿI¶C{4É¿ð–©OíÖ‚5&«ÂzŽanî%J´V}ÖŽŒÍL8¬V;cœ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext21 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext21
new file mode 100644
index 0000000..22bfbac
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext21
@@ -0,0 +1 @@
+:Þ¦ànBÄðA‘òw^ö7Œ°ˆ$^ÜOdHâ2[`Ð4[Ÿœxße–ì"·¹çn<v³-]g'?ƒþzoÃÝ<I‘púW³¾¬a´ð©á?„F@ÄPšÓzß°®
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext22 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext22
new file mode 100644
index 0000000..a36a7f9
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext22 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext23 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext23
new file mode 100644
index 0000000..5201604
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext23 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext24 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext24
new file mode 100644
index 0000000..42c59ea
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext24 differ
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext3 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext3
new file mode 100644
index 0000000..b565f3a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext3
@@ -0,0 +1 @@
+zjô·ù‚)Þxmu¶9
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext4 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext4
new file mode 100644
index 0000000..9ef1cbb
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext4
@@ -0,0 +1 @@
+œ-ˆBåôWd‚Óš#šñ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext5 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext5
new file mode 100644
index 0000000..767e9f4
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext5
@@ -0,0 +1,2 @@
+G0ø
+Æ%þ„ð&ÆýT}
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext6 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext6
new file mode 100644
index 0000000..e8537b6
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext6
@@ -0,0 +1 @@
+$¯6<äf_(%×´tœ˜
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext7 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext7
new file mode 100644
index 0000000..b3b7284
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext7
@@ -0,0 +1 @@
+‹%Ç¿±ø½ÔÏÉöÿÅÝÇ&¡—ðå÷ ÷092y¾‘
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext8 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext8
new file mode 100644
index 0000000..32b0833
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext8
@@ -0,0 +1 @@
+šÁ™TγTÓ"`÷7?Ó6$ýän¿í.yZn½ÄiÞÀA‡r+„Ú¼²,è¡FWÚ 
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext9 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext9
new file mode 100644
index 0000000..ba4b455
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext9
@@ -0,0 +1,2 @@
+*­,CV‹­tGFÓÚÀT4m&þݼš½‘‘@´yKâ© 
+QšQ¥µ@ôí'5H²CN™©»`þSv7%¶(ÕsšQ·î:ï¯Å´Á¿Ddgç¿_xó÷Êñ‡
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test1.txt b/security/nss/cmd/bltest/tests/aes_cbc/test1.txt
new file mode 100644
index 0000000..1d46380
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test1.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 00000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6
+CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test10.txt b/security/nss/cmd/bltest/tests/aes_cbc/test10.txt
new file mode 100644
index 0000000..e220c90
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test10.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = c491ca31f91708458e29a925ec558d78
+IV = 9ef934946e5cd0ae97bd58532cb49381
+PLAINTEXT = cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d
+CIPHERTEXT = 7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test11.txt b/security/nss/cmd/bltest/tests/aes_cbc/test11.txt
new file mode 100644
index 0000000..4eb4383b
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test11.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = f6e87d71b0104d6eb06a68dc6a71f498
+IV = 1c245f26195b76ebebc2edcac412a2f8
+PLAINTEXT = f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729
+CIPHERTEXT = b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test12.txt b/security/nss/cmd/bltest/tests/aes_cbc/test12.txt
new file mode 100644
index 0000000..1b2c7aa
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test12.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 2c14413751c31e2730570ba3361c786b
+IV = 1dbbeb2f19abb448af849796244a19d7
+PLAINTEXT = 40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f
+CIPHERTEXT = 6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test13.txt b/security/nss/cmd/bltest/tests/aes_cbc/test13.txt
new file mode 100644
index 0000000..344157f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test13.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21
+IV = f3d6667e8d4d791e60f7505ba383eb05
+PLAINTEXT = 9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4
+CIPHERTEXT = 51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test14.txt b/security/nss/cmd/bltest/tests/aes_cbc/test14.txt
new file mode 100644
index 0000000..c548ceb
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test14.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = 067bb17b4df785697eaccf961f98e212cb75e6797ce935cb
+IV = 8b59c9209c529ca8391c9fc0ce033c38
+PLAINTEXT = db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f
+CIPHERTEXT = d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test15.txt b/security/nss/cmd/bltest/tests/aes_cbc/test15.txt
new file mode 100644
index 0000000..71e0f1c
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test15.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4
+IV = 36eab883afef936cc38f63284619cd19
+PLAINTEXT = 931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce
+CIPHERTEXT = 75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test16.txt b/security/nss/cmd/bltest/tests/aes_cbc/test16.txt
new file mode 100644
index 0000000..60e6e58
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test16.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = fb09cf9e00dbf883689d079c920077c0073c31890b55bab5
+IV = e3c89bd097c3abddf64f4881db6dbfe2
+PLAINTEXT = c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27
+CIPHERTEXT = 8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test17.txt b/security/nss/cmd/bltest/tests/aes_cbc/test17.txt
new file mode 100644
index 0000000..262b055
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test17.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7
+IV = 92a47f2833f1450d1da41717bdc6e83c
+PLAINTEXT = 5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede
+CIPHERTEXT = 926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test18.txt b/security/nss/cmd/bltest/tests/aes_cbc/test18.txt
new file mode 100644
index 0000000..50a2966
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test18.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee
+IV = 24408038161a2ccae07b029bb66355c1
+PLAINTEXT = be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae
+CIPHERTEXT = c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test19.txt b/security/nss/cmd/bltest/tests/aes_cbc/test19.txt
new file mode 100644
index 0000000..a38ed01
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test19.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae
+IV = fdeaa134c8d7379d457175fd1a57d3fc
+PLAINTEXT = 50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00
+CIPHERTEXT = 2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test2.txt b/security/nss/cmd/bltest/tests/aes_cbc/test2.txt
new file mode 100644
index 0000000..d9b681b
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test2.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 00000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 9798c4640bad75c7c3227db910174e72
+CIPHERTEXT = a9a1631bf4996954ebc093957b234589
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test20.txt b/security/nss/cmd/bltest/tests/aes_cbc/test20.txt
new file mode 100644
index 0000000..a0586e1
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test20.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = 0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5
+IV = c0cd2bebccbb6c49920bd5482ac756e8
+PLAINTEXT = 8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c
+CIPHERTEXT = 05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test21.txt b/security/nss/cmd/bltest/tests/aes_cbc/test21.txt
new file mode 100644
index 0000000..06abcde
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test21.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = 73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a
+IV = b3cb97a80a539912b8c21f450d3b9395
+PLAINTEXT = 3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10
+CIPHERTEXT = ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test22.txt b/security/nss/cmd/bltest/tests/aes_cbc/test22.txt
new file mode 100644
index 0000000..991068f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test22.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = 458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d
+IV = 4c12effc5963d40459602675153e9649
+PLAINTEXT = 256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa
+CIPHERTEXT = 90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test23.txt b/security/nss/cmd/bltest/tests/aes_cbc/test23.txt
new file mode 100644
index 0000000..aa6b7d0
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test23.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89
+IV = 51c619fcf0b23f0c7925f400a6cacb6d
+PLAINTEXT = 026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803
+CIPHERTEXT = 0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test24.txt b/security/nss/cmd/bltest/tests/aes_cbc/test24.txt
new file mode 100644
index 0000000..231fcd1
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test24.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b
+IV = d6d581b8cf04ebd3b6eaa1b53f047ee1
+PLAINTEXT = 0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8
+CIPHERTEXT = fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test3.txt b/security/nss/cmd/bltest/tests/aes_cbc/test3.txt
new file mode 100644
index 0000000..bdbc91b
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test3.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 1b077a6af4b7f98229de786d7516b639
+CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test4.txt b/security/nss/cmd/bltest/tests/aes_cbc/test4.txt
new file mode 100644
index 0000000..764b095
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test4.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1
+CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test5.txt b/security/nss/cmd/bltest/tests/aes_cbc/test5.txt
new file mode 100644
index 0000000..8a58240
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test5.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 014730f80ac625fe84f026c60bfd547d
+CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test6.txt b/security/nss/cmd/bltest/tests/aes_cbc/test6.txt
new file mode 100644
index 0000000..aa97489
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test6.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98
+CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test7.txt b/security/nss/cmd/bltest/tests/aes_cbc/test7.txt
new file mode 100644
index 0000000..734c8c2
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test7.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 0700d603a1c514e46b6191ba430a3a0c
+IV = aad1583cd91365e3bb2f0c3430d065bb
+PLAINTEXT = 068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91
+CIPHERTEXT = c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test8.txt b/security/nss/cmd/bltest/tests/aes_cbc/test8.txt
new file mode 100644
index 0000000..ed628c9
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test8.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = b7f3c9576e12dd0db63e8f8fac2b9a39
+IV = c80f095d8bb1a060699f7c19974a1aa0
+PLAINTEXT = 9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e
+CIPHERTEXT = 19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467
diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test9.txt b/security/nss/cmd/bltest/tests/aes_cbc/test9.txt
new file mode 100644
index 0000000..16bc6d6
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test9.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = bbe7b7ba07124ff1ae7c3416fe8b465e
+IV = 7f65b5ee3630bed6b84202d97fb97a1e
+PLAINTEXT = 2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187
+CIPHERTEXT = 3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext1 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext1
new file mode 100644
index 0000000..1126bbf
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext1
@@ -0,0 +1 @@
+AzZ2PpZtkllaVnzJzlN/Xg==
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext2 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext2
new file mode 100644
index 0000000..ec069ab
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext2
@@ -0,0 +1 @@
+qaFjG/SZaVTrwJOVeyNFiQ==
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext3 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext3
new file mode 100644
index 0000000..82c4cd2
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext3
@@ -0,0 +1 @@
+J1z8BBPYzLcFE8OFmx0Pcg==
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext4 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext4
new file mode 100644
index 0000000..81714bd
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext4
@@ -0,0 +1 @@
+ybgTX/G1rcQT39BTshvZbQ==
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext5 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext5
new file mode 100644
index 0000000..ce9672a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext5
@@ -0,0 +1 @@
+XJ2ETtRvmIUIXl1qT5TH1w==
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext6 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext6
new file mode 100644
index 0000000..fc53a4f
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext6
@@ -0,0 +1 @@
+qf91vXz2YT03Mcd8O20MBA==
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key1 b/security/nss/cmd/bltest/tests/aes_ecb/key1
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key1 differ
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key2 b/security/nss/cmd/bltest/tests/aes_ecb/key2
new file mode 100644
index 0000000..01d633b
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key2 differ
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key3 b/security/nss/cmd/bltest/tests/aes_ecb/key3
new file mode 100644
index 0000000..4ac5fc6
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key3 differ
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key4 b/security/nss/cmd/bltest/tests/aes_ecb/key4
new file mode 100644
index 0000000..4ac5fc6
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key4 differ
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key5 b/security/nss/cmd/bltest/tests/aes_ecb/key5
new file mode 100644
index 0000000..4e4e493
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key5 differ
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key6 b/security/nss/cmd/bltest/tests/aes_ecb/key6
new file mode 100644
index 0000000..4e4e493
Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key6 differ
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/mktst.sh b/security/nss/cmd/bltest/tests/aes_ecb/mktst.sh
new file mode 100644
index 0000000..6d46509
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/mktst.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+for i in 1 2 3 4 5 6
+do
+    file="test$i.txt"
+    grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i
+    grep "PLAINTEXT = "  $file | sed -e 's;PLAINTEXT = ;;' | hex  > plaintext$i
+    grep "CIPHERTEXT = "  $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin
+    btoa < ciphertext$i.bin > ciphertext$i
+    rm ciphertext$i.bin
+done
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/numtests b/security/nss/cmd/bltest/tests/aes_ecb/numtests
index d00491f..7f8f011 100644
--- a/security/nss/cmd/bltest/tests/aes_ecb/numtests
+++ b/security/nss/cmd/bltest/tests/aes_ecb/numtests
@@ -1 +1 @@
-1
+7
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext1 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext1
new file mode 100644
index 0000000..8bac1b7
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext1
@@ -0,0 +1 @@
+óDì<Æ'ºÍ]Ãûòsæ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext2 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext2
new file mode 100644
index 0000000..b2153e2
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext2
@@ -0,0 +1 @@
+—˜Äd­uÇÃ"}¹Nr
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext3 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext3
new file mode 100644
index 0000000..b565f3a
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext3
@@ -0,0 +1 @@
+zjô·ù‚)Þxmu¶9
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext4 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext4
new file mode 100644
index 0000000..9ef1cbb
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext4
@@ -0,0 +1 @@
+œ-ˆBåôWd‚Óš#šñ
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext5 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext5
new file mode 100644
index 0000000..767e9f4
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext5
@@ -0,0 +1,2 @@
+G0ø
+Æ%þ„ð&ÆýT}
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext6 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext6
new file mode 100644
index 0000000..e8537b6
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext6
@@ -0,0 +1 @@
+$¯6<äf_(%×´tœ˜
\ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test1.txt b/security/nss/cmd/bltest/tests/aes_ecb/test1.txt
new file mode 100644
index 0000000..96a2adb
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test1.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 00000000000000000000000000000000
+PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6
+CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test2.txt b/security/nss/cmd/bltest/tests/aes_ecb/test2.txt
new file mode 100644
index 0000000..a01daae
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test2.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 00000000000000000000000000000000
+PLAINTEXT = 9798c4640bad75c7c3227db910174e72
+CIPHERTEXT = a9a1631bf4996954ebc093957b234589
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test3.txt b/security/nss/cmd/bltest/tests/aes_ecb/test3.txt
new file mode 100644
index 0000000..803c23c
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test3.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 000000000000000000000000000000000000000000000000
+PLAINTEXT = 1b077a6af4b7f98229de786d7516b639
+CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test4.txt b/security/nss/cmd/bltest/tests/aes_ecb/test4.txt
new file mode 100644
index 0000000..e567fab
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test4.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 000000000000000000000000000000000000000000000000
+PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1
+CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test5.txt b/security/nss/cmd/bltest/tests/aes_ecb/test5.txt
new file mode 100644
index 0000000..c96940e
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test5.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+PLAINTEXT = 014730f80ac625fe84f026c60bfd547d
+CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7
diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test6.txt b/security/nss/cmd/bltest/tests/aes_ecb/test6.txt
new file mode 100644
index 0000000..d8d0058
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test6.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98
+CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04
diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c
index 7cee58a..9416feb 100644
--- a/security/nss/cmd/btoa/btoa.c
+++ b/security/nss/cmd/btoa/btoa.c
@@ -92,6 +92,10 @@ static void Usage(char *progName)
 	    "-i input");
     fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
 	    "-o output");
+    fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n",
+	    "-w suffix");
+    fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n",
+	    "");
     exit(-1);
 }
 
@@ -102,6 +106,7 @@ int main(int argc, char **argv)
     FILE *inFile, *outFile;
     PLOptState *optstate;
     PLOptStatus status;
+    char *suffix = NULL;
 
     inFile = 0;
     outFile = 0;
@@ -111,7 +116,7 @@ int main(int argc, char **argv)
     progName = progName ? progName+1 : argv[0];
 
     /* Parse command line arguments */
-    optstate = PL_CreateOptState(argc, argv, "i:o:");
+    optstate = PL_CreateOptState(argc, argv, "i:o:w:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  default:
@@ -135,6 +140,13 @@ int main(int argc, char **argv)
 		return -1;
 	    }
 	    break;
+	
+	  case 'w':
+	    if (!strcmp(optstate->value, "c"))
+		suffix = strdup("CERTIFICATE");
+	    else
+		suffix = strdup(optstate->value);
+	    break;
 	}
     }
     if (status == PL_OPT_BAD)
@@ -171,11 +183,17 @@ int main(int argc, char **argv)
 #endif
     	outFile = stdout;
     }
+    if (suffix) {
+	fprintf(outFile, "-----BEGIN %s-----\n", suffix);
+    }
     rv = encode_file(outFile, inFile);
     if (rv != SECSuccess) {
 	fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
 		progName, PORT_GetError(), errno);
 	return -1;
     }
+    if (suffix) {
+	fprintf(outFile, "-----END %s-----\n", suffix);
+    }
     return 0;
 }
diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c
index ea42370..a87b4b1 100644
--- a/security/nss/cmd/certutil/certext.c
+++ b/security/nss/cmd/certutil/certext.c
@@ -27,6 +27,8 @@
 #include "xconst.h"
 #include "prprf.h"
 #include "certutil.h"
+#include "genname.h"
+#include "prnetdb.h"
 
 #define GEN_BREAK(e) rv=e; break;
 
@@ -665,53 +667,213 @@ AddNscpCertType (void *extHandle, const char *userSuppliedValue)
 
 }
 
+SECStatus
+GetOidFromString(PLArenaPool *arena, SECItem *to,
+                 const char *from, size_t fromLen)
+{
+    SECStatus rv;
+    SECOidTag tag;
+    SECOidData *coid;
+
+    /* try dotted form first */
+    rv = SEC_StringToOID(arena, to, from, fromLen);
+    if (rv == SECSuccess) {
+        return rv;
+    }
+
+    /* Check to see if it matches a name in our oid table.
+     * SECOID_FindOIDByTag returns NULL if tag is out of bounds.
+     */
+    tag = SEC_OID_UNKNOWN;
+    coid = SECOID_FindOIDByTag(tag);
+    for ( ; coid; coid = SECOID_FindOIDByTag(++tag)) {
+        if (PORT_Strncasecmp(from, coid->desc, fromLen) == 0) {
+            break;
+        }
+    }
+    if (coid == NULL) {
+        /* none found */
+        return SECFailure;
+    }
+    return SECITEM_CopyItem(arena, to, &coid->oid);
+}
+
 static SECStatus 
 AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
-                   const char *names, CERTGeneralNameType type)
+                   const char *constNames, CERTGeneralNameType type)
 {
     CERTGeneralName *nameList = NULL;
     CERTGeneralName *current = NULL;
     PRCList *prev = NULL;
-    const char *cp;
-    char *tbuf;
+    char *cp, *nextName = NULL;
     SECStatus rv = SECSuccess;
+    PRBool readTypeFromName = (PRBool) (type == 0);
+    char *names = NULL;
+    
+    if (constNames)
+        names = PORT_Strdup(constNames);
+
+    if (names == NULL) {
+        return SECFailure;
+    }
 
     /*
      * walk down the comma separated list of names. NOTE: there is
      * no sanity checks to see if the email address look like
      * email addresses.
+     *
+     * Each name may optionally be prefixed with a type: string.
+     * If it isn't, the type from the previous name will be used.
+     * If there wasn't a previous name yet, the type given
+     * as a parameter to this function will be used.
+     * If the type value is zero (undefined), we'll fail.
      */
-    for (cp=names; cp; cp = PORT_Strchr(cp,',')) {
+    for (cp=names; cp; cp=nextName) {
         int len;
-        char *end;
-
+        char *oidString;
+        char *nextComma;
+        CERTName *name;
+        PRStatus status;
+        unsigned char *data;
+        PRNetAddr addr;
+
+        nextName = NULL;
         if (*cp == ',') {
             cp++;
         }
-        end = PORT_Strchr(cp,',');
-        len = end ? end-cp : PORT_Strlen(cp);
-        if (len <= 0) {
+        nextComma = PORT_Strchr(cp, ',');
+        if (nextComma) {
+            *nextComma = 0;
+            nextName = nextComma+1;
+        }
+        if ((*cp) == 0) {
             continue;
         }
-        tbuf = PORT_ArenaAlloc(arena,len+1);
-        PORT_Memcpy(tbuf,cp,len);
-        tbuf[len] = 0;
-        current = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName));
+        if (readTypeFromName) {
+            char *save=cp;
+            /* Because we already replaced nextComma with end-of-string,
+             * a found colon belongs to the current name */
+            cp = PORT_Strchr(cp, ':');
+            if (cp) {
+                *cp = 0;
+                cp++;
+                type = CERT_GetGeneralNameTypeFromString(save);
+                if (*cp == 0) {
+                    continue;
+                }
+            } else {
+                if (type == 0) {
+                    /* no type known yet */
+                    rv = SECFailure;
+                    break;
+                }
+                cp = save;
+            }
+        }
+
+        current = PORT_ArenaZNew(arena, CERTGeneralName);
         if (!current) {
             rv = SECFailure;
             break;
         }
+
+        current->type = type;
+        switch (type) {
+        /* string types */
+        case certRFC822Name:
+        case certDNSName:
+        case certURI:
+            current->name.other.data =
+                (unsigned char *) PORT_ArenaStrdup(arena,cp);
+            current->name.other.len = PORT_Strlen(cp);
+            break;
+        /* unformated data types */
+        case certX400Address:
+        case certEDIPartyName:
+            /* turn a string into a data and len */
+            rv = SECFailure; /* punt on these for now */
+            fprintf(stderr,"EDI Party Name and X.400 Address not supported\n");
+            break;
+        case certDirectoryName:
+            /* certDirectoryName */
+            name = CERT_AsciiToName(cp);
+            if (name == NULL) {
+                rv = SECFailure;
+                fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp);
+                break;
+            }
+            rv = CERT_CopyName(arena,&current->name.directoryName,name);
+            CERT_DestroyName(name);
+            break;
+        /* types that require more processing */
+        case certIPAddress:
+            /* convert the string to an ip address */
+            status = PR_StringToNetAddr(cp, &addr);
+            if (status != PR_SUCCESS) {
+                rv = SECFailure;
+                fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp);
+                break;
+            }
+
+            if (PR_NetAddrFamily(&addr) == PR_AF_INET) {
+                len = sizeof(addr.inet.ip);
+                data = (unsigned char *)&addr.inet.ip;
+            } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) {
+                len = sizeof(addr.ipv6.ip);
+                data = (unsigned char *)&addr.ipv6.ip;
+            } else {
+                fprintf(stderr, "Invalid IP Family\n");
+                rv = SECFailure;
+                break;
+            }
+            current->name.other.data =  PORT_ArenaAlloc(arena, len);
+            if (current->name.other.data == NULL) {
+                rv = SECFailure;
+                break;
+            }
+            current->name.other.len = len;
+            PORT_Memcpy(current->name.other.data,data, len);
+            break;
+        case certRegisterID:
+            rv = GetOidFromString(arena, &current->name.other, cp, strlen(cp));
+            break;
+        case certOtherName:
+            oidString = cp;
+            cp = PORT_Strchr(cp,';');
+            if (cp == NULL) {
+                rv = SECFailure;
+                fprintf(stderr, "missing name in other name\n");
+                break;
+            }
+            *cp++ = 0;
+            current->name.OthName.name.data =
+                (unsigned char *) PORT_ArenaStrdup(arena,cp);
+            if (current->name.OthName.name.data == NULL) {
+                rv = SECFailure;
+                break;
+            }
+            current->name.OthName.name.len = PORT_Strlen(cp);
+            rv = GetOidFromString(arena, &current->name.OthName.oid,
+                                  oidString, strlen(oidString));
+            break;
+        default:
+            rv = SECFailure;
+            fprintf(stderr, "Missing or invalid Subject Alternate Name type\n");
+            break;
+        }
+        if (rv == SECFailure) {
+            break;
+        }
+        
         if (prev) {
             current->l.prev = prev;
             prev->next = &(current->l);
         } else {
             nameList = current;
         }
-        current->type = type;
-        current->name.other.data = (unsigned char *)tbuf;
-        current->name.other.len = PORT_Strlen(tbuf);
         prev = &(current->l);
     }
+    PORT_Free(names);
     /* at this point nameList points to the head of a doubly linked,
      * but not yet circular, list and current points to its tail. */
     if (rv == SECSuccess && nameList) {
@@ -749,6 +911,12 @@ AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
     return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName);
 }
 
+static SECStatus 
+AddGeneralSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
+                     const char *altNames)
+{
+    return AddSubjectAltNames(arena, existingListp, altNames, 0);
+}
 
 static SECStatus 
 AddBasicConstraint(void *extHandle)
@@ -1746,12 +1914,73 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
     return (rv);
 }
 
+/* Example of valid input:
+ *     1.2.3.4:critical:/tmp/abc,5.6.7.8:not-critical:/tmp/xyz
+ */
+static SECStatus
+parseNextGenericExt(const char *nextExtension, const char **oid, int *oidLen,
+                    const char **crit, int *critLen,
+                    const char **filename, int *filenameLen,
+                    const char **next)
+{
+    const char *nextColon;
+    const char *nextComma;
+    const char *iter = nextExtension;
+    
+    if (!iter || !*iter)
+        return SECFailure;
+
+    /* Require colons at earlier positions than nextComma (or end of string ) */
+    nextComma = strchr(iter, ',');
+
+    *oid = iter;
+    nextColon = strchr(iter, ':');
+    if (!nextColon || (nextComma && nextColon > nextComma))
+        return SECFailure;
+    *oidLen = (nextColon - *oid);
+
+    if (!*oidLen)
+        return SECFailure;
+
+    iter = nextColon;
+    ++iter;
+
+    *crit = iter;
+    nextColon = strchr(iter, ':');
+    if (!nextColon || (nextComma && nextColon > nextComma))
+        return SECFailure;
+    *critLen = (nextColon - *crit);
+
+    if (!*critLen)
+        return SECFailure;
+
+    iter = nextColon;
+    ++iter;
+
+    *filename = iter;
+    if (nextComma) {
+        *filenameLen = (nextComma - *filename);
+        iter = nextComma;
+        ++iter;
+        *next = iter;
+    } else {
+        *filenameLen = strlen(*filename);
+        *next = NULL;
+    }
+
+    if (!*filenameLen)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
 SECStatus
 AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
-              certutilExtnList extList)
+              certutilExtnList extList, const char *extGeneric)
 {
     SECStatus rv = SECSuccess;
     char *errstring = NULL;
+    const char *nextExtension = NULL;
     
     do {
         /* Add key usage extension */
@@ -1864,7 +2093,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
 	    }
         }
 
-        if (emailAddrs || dnsNames) {
+        if (emailAddrs || dnsNames || extList[ext_subjectAltName].activated) {
             PLArenaPool *arena;
             CERTGeneralName *namelist = NULL;
             SECItem item = { 0, NULL, 0 };
@@ -1874,10 +2103,21 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
                 rv = SECFailure;
                 break;
             }
+            
+            rv = SECSuccess;
+
+            if (emailAddrs) {
+                rv |= AddEmailSubjectAlt(arena, &namelist, emailAddrs);
+            }
 
-            rv = AddEmailSubjectAlt(arena, &namelist, emailAddrs);
+            if (dnsNames) {
+                rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames);
+            }
 
-            rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames);
+            if (extList[ext_subjectAltName].activated) {
+                rv |= AddGeneralSubjectAlt(arena, &namelist, 
+                                           extList[ext_subjectAltName].arg);
+            }
 
             if (rv == SECSuccess) {
 		rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
@@ -1898,5 +2138,71 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
     if (rv != SECSuccess) {
         SECU_PrintError(progName, "Problem creating %s extension", errstring);
     }
+
+    nextExtension = extGeneric;
+    while (nextExtension && *nextExtension) {
+        SECItem oid_item, value;
+        PRBool isCritical;
+        const char *oid, *crit, *filename, *next;
+        int oidLen, critLen, filenameLen;
+        PRFileDesc *inFile = NULL;
+        char *zeroTerminatedFilename = NULL;
+
+        rv = parseNextGenericExt(nextExtension, &oid, &oidLen, &crit, &critLen,
+                                 &filename, &filenameLen, &next);
+        if (rv!= SECSuccess) {
+            SECU_PrintError(progName,
+                            "error parsing generic extension parameter %s",
+                            nextExtension);
+            break;
+        }
+        oid_item.data = NULL;
+        oid_item.len = 0;
+        rv = GetOidFromString(NULL, &oid_item, oid, oidLen);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "malformed extension OID %s", nextExtension);
+            break;
+        }
+        if (!strncmp("critical", crit, critLen)) {
+            isCritical = PR_TRUE;
+        } else if (!strncmp("not-critical", crit, critLen)) {
+            isCritical = PR_FALSE;
+        } else {
+            rv = SECFailure;
+            SECU_PrintError(progName, "expected 'critical' or 'not-critical'");
+            break;
+        }
+        zeroTerminatedFilename = PL_strndup(filename, filenameLen);
+        if (!zeroTerminatedFilename) {
+            rv = SECFailure;
+            SECU_PrintError(progName, "out of memory");
+            break;
+        }
+        rv = SECFailure;
+        inFile = PR_Open(zeroTerminatedFilename, PR_RDONLY, 0);
+        if (inFile) {
+            rv = SECU_ReadDERFromFile(&value, inFile, PR_FALSE, PR_FALSE);
+            PR_Close(inFile);
+            inFile = NULL;
+        }
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "unable to read file %s",
+                            zeroTerminatedFilename);
+        }
+        PL_strfree(zeroTerminatedFilename);
+        if (rv != SECSuccess) {
+            break;
+        }
+        rv = CERT_AddExtensionByOID(extHandle, &oid_item, &value, isCritical,
+                                    PR_FALSE /*copyData*/);
+        if (rv != SECSuccess) {
+            SECITEM_FreeItem(&oid_item, PR_FALSE);
+            SECITEM_FreeItem(&value, PR_FALSE);
+            SECU_PrintError(progName, "failed to add extension %s", nextExtension);
+            break;
+        }
+        nextExtension = next;
+    }
+
     return rv;
 }
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index c815693..b2f12f3 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -182,7 +182,7 @@ static SECStatus
 CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
         SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, 
 	const char *emailAddrs, const char *dnsNames,
-        certutilExtnList extnList,
+        certutilExtnList extnList, const char *extGeneric,
         /*out*/ SECItem *result)
 {
     CERTSubjectPublicKeyInfo *spki;
@@ -220,7 +220,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
         PORT_FreeArena (arena, PR_FALSE);
 	return SECFailure;
     }
-    if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList)
+    if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric)
                   != SECSuccess) {
         PORT_FreeArena (arena, PR_FALSE);
         return SECFailure;
@@ -420,12 +420,65 @@ DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii)
 }
 
 static SECStatus
-listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot,
-          PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg)
+outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii,
+                      SECItem *extensionOID, PRFileDesc *outfile)
 {
     SECItem data;
     PRInt32 numBytes;
     SECStatus rv = SECFailure;
+    if (extensionOID) {
+	int i;
+	PRBool found = PR_FALSE;
+	for (i=0; the_cert->extensions[i] != NULL; i++) {
+	    CERTCertExtension *extension = the_cert->extensions[i];
+	    if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) {
+		found = PR_TRUE;
+		numBytes = PR_Write(outfile, extension->value.data,
+				    extension->value.len);
+		rv = SECSuccess;
+		if (numBytes != (PRInt32) extension->value.len) {
+		    SECU_PrintSystemError(progName, "error writing extension");
+		    rv = SECFailure;
+		}
+		rv = SECSuccess;
+		break;
+	    }
+	}
+	if (!found) {
+	    SECU_PrintSystemError(progName, "extension not found");
+	    rv = SECFailure;
+	}
+    } else {
+	data.data = the_cert->derCert.data;
+	data.len = the_cert->derCert.len;
+	if (ascii) {
+	    PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, 
+		    BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
+	    rv = SECSuccess;
+	} else if (raw) {
+	    numBytes = PR_Write(outfile, data.data, data.len);
+	    rv = SECSuccess;
+	    if (numBytes != (PRInt32) data.len) {
+		SECU_PrintSystemError(progName, "error writing raw cert");
+		rv = SECFailure;
+	    }
+	} else {
+	    rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
+	    if (rv != SECSuccess) {
+		SECU_PrintError(progName, "problem printing certificate");
+	    }
+	}
+    }
+    return rv;
+}
+
+static SECStatus
+listCerts(CERTCertDBHandle *handle, char *name, char *email,
+	  PK11SlotInfo *slot, PRBool raw, PRBool ascii,
+	  SECItem *extensionOID,
+	  PRFileDesc *outfile, void *pwarg)
+{
+    SECStatus rv = SECFailure;
     CERTCertList *certs;
     CERTCertListNode *node;
 
@@ -461,34 +514,13 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot,
 	}
 	for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs);
 						node = CERT_LIST_NEXT(node)) {
-	    the_cert = node->cert;
-	    /* now get the subjectList that matches this cert */
-	    data.data = the_cert->derCert.data;
-	    data.len = the_cert->derCert.len;
-	    if (ascii) {
-		PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, 
-		        BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
-		rv = SECSuccess;
-	    } else if (raw) {
-		numBytes = PR_Write(outfile, data.data, data.len);
-		if (numBytes != (PRInt32) data.len) {
-		   SECU_PrintSystemError(progName, "error writing raw cert");
-		    rv = SECFailure;
-		}
-		rv = SECSuccess;
-	    } else {
-		rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
-		if (rv != SECSuccess) {
-		    SECU_PrintError(progName, "problem printing certificate");
-		}
-
-	    }
+	    rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
+                                       outfile);
 	    if (rv != SECSuccess) {
 		break;
 	    }
 	}
     } else if (email) {
-	CERTCertificate *the_cert;
 	certs = PK11_FindCertsFromEmailAddress(email, NULL);
 	if (!certs) {
 	    SECU_PrintError(progName, 
@@ -498,28 +530,8 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot,
 	}
 	for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs);
 						node = CERT_LIST_NEXT(node)) {
-	    the_cert = node->cert;
-	    /* now get the subjectList that matches this cert */
-	    data.data = the_cert->derCert.data;
-	    data.len  = the_cert->derCert.len;
-	    if (ascii) {
-		PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, 
-		           BTOA_DataToAscii(data.data, data.len), 
-			   NS_CERT_TRAILER);
-		rv = SECSuccess;
-	    } else if (raw) {
-		numBytes = PR_Write(outfile, data.data, data.len);
-		rv = SECSuccess;
-		if (numBytes != (PRInt32) data.len) {
-		    SECU_PrintSystemError(progName, "error writing raw cert");
-		    rv = SECFailure;
-		}
-	    } else {
-		rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
-		if (rv != SECSuccess) {
-		    SECU_PrintError(progName, "problem printing certificate");
-		}
-	    }
+	    rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
+                                       outfile);
 	    if (rv != SECSuccess) {
 		break;
 	    }
@@ -547,8 +559,9 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot,
 
 static SECStatus
 ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, 
-          PK11SlotInfo *slot, PRBool raw, PRBool ascii, PRFileDesc *outfile, 
-	  secuPWData *pwdata)
+          PK11SlotInfo *slot, PRBool raw, PRBool ascii,
+	  SECItem *extensionOID,
+	  PRFileDesc *outfile, secuPWData *pwdata)
 {
     SECStatus rv;
 
@@ -569,7 +582,8 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, char *email,
 	CERT_DestroyCertList(list);
 	return SECSuccess;
     } 
-    rv = listCerts(handle, nickname, email, slot, raw, ascii, outfile, pwdata);
+    rv = listCerts(handle, nickname, email, slot, raw, ascii,
+                   extensionOID, outfile, pwdata);
     return rv;
 }
 
@@ -615,6 +629,15 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
 	case 'O':
 	    usage = certificateUsageStatusResponder;
 	    break;
+	case 'L':
+	    usage = certificateUsageSSLCA;
+	    break;
+	case 'A':
+	    usage = certificateUsageAnyCA;
+	    break;
+	case 'Y':
+	    usage = certificateUsageVerifyCA;
+	    break;
 	case 'C':
 	    usage = certificateUsageSSLClient;
 	    break;
@@ -968,7 +991,7 @@ PrintSyntax(char *progName)
 	"\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
     FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
 	"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
 	"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
     FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n", 
@@ -976,7 +999,7 @@ PrintSyntax(char *progName)
 #else
     FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n", 
 	progName);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
     FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n",
 	progName);
@@ -989,7 +1012,7 @@ PrintSyntax(char *progName)
     FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n");
     FPS "\t%s -L [-n cert-name] [--email email-address] [-X] [-r] [-a]\n",
 	progName);
-    FPS "\t\t [-d certdir] [-P dbprefix]\n");
+    FPS "\t\t [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n");
     FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
 	progName);
     FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName);
@@ -1008,7 +1031,8 @@ PrintSyntax(char *progName)
         "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n"
         "\t\t [-8 DNS-names]\n"
         "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n"
-        "\t\t [--extSKID] [--extNC]\n", progName);
+        "\t\t [--extSKID] [--extNC] [--extSAN type:name[,type:name]...]\n"
+	"\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName);
     FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName);
     exit(1);
 }
@@ -1155,7 +1179,7 @@ static void luG(enum usage_level ul, const char *command)
         return;
     FPS "%-20s Name of token in which to generate key (default is internal)\n",
         "   -h token-name");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
         "   -k key-type");
     FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
@@ -1165,7 +1189,7 @@ static void luG(enum usage_level ul, const char *command)
         "   -k key-type");
     FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
         "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
         "   -y exp");
     FPS "%-20s Specify the password file\n",
@@ -1174,7 +1198,7 @@ static void luG(enum usage_level ul, const char *command)
         "   -z noisefile");
     FPS "%-20s read PQG value from pqgfile (dsa only)\n",
         "   -q pqgfile");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
     FPS "%-20s One of nistp256, nistp384, nistp521\n", "");
@@ -1286,7 +1310,7 @@ static void luK(enum usage_level ul, const char *command)
         "   -h token-name ");
 
     FPS "%-20s Key type (\"all\" (default), \"dsa\","
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
                                                     " \"ec\","
 #endif
                                                     " \"rsa\")\n",
@@ -1308,7 +1332,7 @@ static void luL(enum usage_level ul, const char *command)
 {
     int is_my_command = (command && 0 == strcmp(command, "L"));
     if (ul == usage_all || !command || is_my_command)
-    FPS "%-15s List all certs, or print out a single named cert\n",
+    FPS "%-15s List all certs, or print out a single named cert (or a subset)\n",
         "-L");
     if (ul == usage_selected && !is_my_command)
         return;
@@ -1327,6 +1351,9 @@ static void luL(enum usage_level ul, const char *command)
         "   -r");
     FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n",
         "   -a");
+    FPS "%-20s \n"
+              "%-20s For single cert, print binary DER encoding of extension OID\n",
+        "   --dump-ext-val OID", "");
     FPS "\n");
 }
 
@@ -1418,11 +1445,11 @@ static void luR(enum usage_level ul, const char *command)
         "   -s subject");
     FPS "%-20s Output the cert request to this file\n",
         "   -o output-req");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
 #else
     FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
         "   -k key-type-or-id");
     FPS "%-20s or nickname of the cert key to use \n",
         "");
@@ -1432,12 +1459,12 @@ static void luR(enum usage_level ul, const char *command)
         "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
     FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
         "   -q pqgfile");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
     FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
         "");
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     FPS "%-20s Specify the password file\n",
         "   -f pwfile");
     FPS "%-20s Key database directory (default is ~/.netscape)\n",
@@ -1472,6 +1499,9 @@ static void luV(enum usage_level ul, const char *command)
     FPS "%-20s Specify certificate usage:\n", "   -u certusage");
     FPS "%-25s C \t SSL Client\n", "");
     FPS "%-25s V \t SSL Server\n", "");
+    FPS "%-25s L \t SSL CA\n", "");
+    FPS "%-25s A \t Any CA\n", "");
+    FPS "%-25s Y \t Verify CA\n", "");
     FPS "%-25s S \t Email signer\n", "");
     FPS "%-25s R \t Email Recipient\n", "");   
     FPS "%-25s O \t OCSP status responder\n", "");   
@@ -1570,11 +1600,11 @@ static void luS(enum usage_level ul, const char *command)
         "   -c issuer-name");
     FPS "%-20s Set the certificate trust attributes (see -A above)\n",
         "   -t trustargs");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
 #else
     FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
         "   -k key-type-or-id");
     FPS "%-20s Name of token in which to generate key (default is internal)\n",
         "   -h token-name");
@@ -1582,12 +1612,12 @@ static void luS(enum usage_level ul, const char *command)
         "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
     FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
         "   -q pqgfile");
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
     FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
         "");
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     FPS "%-20s Self sign\n",
         "   -x");
     FPS "%-20s Cert serial number\n",
@@ -1638,6 +1668,18 @@ static void luS(enum usage_level ul, const char *command)
         "   See -G for available key flag options");
     FPS "%-20s Create a name constraints extension\n",
         "   --extNC ");
+    FPS "%-20s \n"
+        "%-20s Create a Subject Alt Name extension with one or multiple names\n",
+	"   --extSAN type:name[,type:name]...", "");
+    FPS "%-20s - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,\n", "");
+    FPS "%-20s         other, registerid, rfc822, uri, x400, x400addr\n", "");
+    FPS "%-20s \n"
+        "%-20s Add one or multiple extensions that certutil cannot encode yet,\n"
+	"%-20s by loading their encodings from external files.\n",
+        "   --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...", "", "");
+    FPS "%-20s - OID (example): 1.2.3.4\n", "");
+    FPS "%-20s - critical-flag: critical or not-critical\n", "");
+    FPS "%-20s - filename: full path to a file containing an encoded extension\n", "");
     FPS "\n");
 }
 
@@ -1736,7 +1778,8 @@ MakeV1Cert(	CERTCertDBHandle *	handle,
 static SECStatus
 SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, 
          SECOidTag hashAlgTag,
-         SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg)
+         SECKEYPrivateKey *privKey, char *issuerNickName,
+         int certVersion, void *pwarg)
 {
     SECItem der;
     SECKEYPrivateKey *caPrivateKey = NULL;    
@@ -1776,9 +1819,23 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
 	goto done;
     }
 
-    /* we only deal with cert v3 here */
-    *(cert->version.data) = 2;
-    cert->version.len = 1;
+    switch(certVersion) {
+      case (SEC_CERTIFICATE_VERSION_1):
+        /* The initial version for x509 certificates is version one
+         * and this default value must be an implicit DER encoding. */
+        cert->version.data = NULL;
+        cert->version.len = 0;
+        break;
+      case (SEC_CERTIFICATE_VERSION_2):
+      case (SEC_CERTIFICATE_VERSION_3):
+      case 3: /* unspecified format (would be version 4 certificate). */
+        *(cert->version.data) = certVersion;
+        cert->version.len = 1;
+        break;
+      default:
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
 
     der.len = 0;
     der.data = NULL;
@@ -1821,6 +1878,8 @@ CreateCert(
 	PRBool ascii,
 	PRBool  selfsign,
 	certutilExtnList extnList,
+	const char *extGeneric,
+        int certVersion,
 	SECItem * certDER)
 {
     void *	extHandle;
@@ -1848,7 +1907,7 @@ CreateCert(
 	    GEN_BREAK (SECFailure)
 	}
         
-        rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList);
+        rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric);
         if (rv != SECSuccess) {
 	    GEN_BREAK (SECFailure)
 	}
@@ -1880,7 +1939,8 @@ CreateCert(
 	}
 
 	rv = SignCert(handle, subjectCert, selfsign, hashAlgTag,
-		      *selfsignprivkey, issuerNickName, pwarg);
+		      *selfsignprivkey, issuerNickName,
+                      certVersion, pwarg);
 	if (rv != SECSuccess)
 	    break;
 
@@ -2194,6 +2254,10 @@ enum certutilOpts {
     opt_KeyOpFlagsOff,
     opt_KeyAttrFlags,
     opt_EmptyPassword,
+    opt_CertVersion,
+    opt_AddSubjectAltNameExt,
+    opt_DumpExtensionValue,
+    opt_GenericExtensions,
     opt_Help
 };
 
@@ -2303,6 +2367,13 @@ secuCommandFlag options_init[] =
                                                    "keyAttrFlags"},
 	{ /* opt_EmptyPassword       */  0,   PR_FALSE, 0, PR_FALSE, 
                                                    "empty-password"},
+        { /* opt_CertVersion         */  0,   PR_FALSE, 0, PR_FALSE,
+                                                   "certVersion"},
+	{ /* opt_AddSubjectAltExt    */  0,   PR_TRUE,  0, PR_FALSE, "extSAN"},
+	{ /* opt_DumpExtensionValue  */  0,   PR_TRUE, 0, PR_FALSE, 
+                                                   "dump-ext-val"},
+	{ /* opt_GenericExtensions   */  0,   PR_TRUE, 0, PR_FALSE, 
+                                                   "extGeneric"},
 };
 #define NUM_OPTIONS ((sizeof options_init)  / (sizeof options_init[0]))
 
@@ -2341,6 +2412,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
     SECOidTag   hashAlgTag      = SEC_OID_UNKNOWN;
     int	        keysize	        = DEFAULT_KEY_BITS;
     int         publicExponent  = 0x010001;
+    int         certVersion     = SEC_CERTIFICATE_VERSION_3;
     unsigned int serialNumber   = 0;
     int         warpmonths      = 0;
     int         validityMonths  = 3;
@@ -2427,12 +2499,12 @@ certutil_main(int argc, char **argv, PRBool initialize)
 		       progName, MIN_KEY_BITS, MAX_KEY_BITS);
 	    return 255;
 	}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	if (keytype == ecKey) {
 	    PR_fprintf(PR_STDERR, "%s -g:  Not for ec keys.\n", progName);
 	    return 255;
 	}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     }
 
@@ -2462,10 +2534,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
 	    keytype = rsaKey;
 	} else if (PL_strcmp(arg, "dsa") == 0) {
 	    keytype = dsaKey;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	} else if (PL_strcmp(arg, "ec") == 0) {
 	    keytype = ecKey;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	} else if (PL_strcmp(arg, "all") == 0) {
 	    keytype = nullKey;
 	} else {
@@ -2518,7 +2590,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
 
     /*  -q PQG file or curve name */
     if (certutil.options[opt_PQGFile].activated) {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	if ((keytype != dsaKey) && (keytype != ecKey)) {
 	    PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \
 		       " (-k dsa) or a named curve for EC keys (-k ec)\n)",
@@ -2527,7 +2599,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
 	if (keytype != dsaKey) {
 	    PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
 	               progName);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	    return 255;
 	}
     }
@@ -2569,6 +2641,19 @@ certutil_main(int argc, char **argv, PRBool initialize)
 	}
     }
 
+    /*  --certVersion */
+    if (certutil.options[opt_CertVersion].activated) {
+        certVersion = PORT_Atoi(certutil.options[opt_CertVersion].arg);
+        if (certVersion < 1 || certVersion > 4) {
+            PR_fprintf(PR_STDERR, "%s -certVersion: incorrect certificate version %d.",
+                                   progName, certVersion);
+            PR_fprintf(PR_STDERR, "Must be 1, 2, 3 or 4.\n");
+            return 255;
+        }
+        certVersion = certVersion - 1;
+    }
+
+
     /*  Check number of commands entered.  */
     commandsEntered = 0;
     for (i=0; i< certutil.numCommands; i++) {
@@ -2629,9 +2714,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
 	return 255;
     }
 
-    /*  if -L is given raw or ascii mode, it must be for only one cert.  */
+    /*  if -L is given raw, ascii or dump mode, it must be for only one cert. */
     if (certutil.commands[cmd_ListCerts].activated &&
         (certutil.options[opt_ASCIIForIO].activated ||
+         certutil.options[opt_DumpExtensionValue].activated ||
          certutil.options[opt_BinaryDER].activated) &&
         !certutil.options[opt_Nickname].activated) {
 	PR_fprintf(PR_STDERR, 
@@ -2951,10 +3037,29 @@ merge_fail:
 
     /*  List certs (-L)  */
     if (certutil.commands[cmd_ListCerts].activated) {
-	rv = ListCerts(certHandle, name, email, slot,
-	               certutil.options[opt_BinaryDER].activated,
-	               certutil.options[opt_ASCIIForIO].activated, 
-		       outFile, &pwdata);
+	if (certutil.options[opt_DumpExtensionValue].activated) {
+	    const char *oid_str;
+	    SECItem oid_item;
+            SECStatus srv;
+	    oid_item.data = NULL;
+	    oid_item.len = 0;
+	    oid_str = certutil.options[opt_DumpExtensionValue].arg;
+	    srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str));
+	    if (srv != SECSuccess) {
+         	SECU_PrintError(progName, "malformed extension OID %s",
+				oid_str);
+		goto shutdown;
+	    }
+	    rv = ListCerts(certHandle, name, email, slot,
+			   PR_TRUE /*binary*/, PR_FALSE /*ascii*/,
+			   &oid_item,
+			   outFile, &pwdata);
+	} else {
+	    rv = ListCerts(certHandle, name, email, slot,
+			   certutil.options[opt_BinaryDER].activated,
+			   certutil.options[opt_ASCIIForIO].activated,
+			   NULL, outFile, &pwdata);
+	}
 	goto shutdown;
     }
     if (certutil.commands[cmd_DumpChain].activated) {
@@ -3145,6 +3250,12 @@ merge_fail:
             certutil_extns[ext_extKeyUsage].arg =
                 certutil.options[opt_AddCmdExtKeyUsageExt].arg;
         }
+        certutil_extns[ext_subjectAltName].activated =
+                certutil.options[opt_AddSubjectAltNameExt].activated;
+        if (certutil_extns[ext_subjectAltName].activated) {
+            certutil_extns[ext_subjectAltName].arg =
+                certutil.options[opt_AddSubjectAltNameExt].arg;
+        }
 
         certutil_extns[ext_authInfoAcc].activated =
 				certutil.options[opt_AddAuthInfoAccExt].activated;
@@ -3184,6 +3295,8 @@ merge_fail:
 		     certutil.options[opt_ExtendedEmailAddrs].arg,
 		     certutil.options[opt_ExtendedDNSNames].arg,
                      certutil_extns,
+		     (certutil.options[opt_GenericExtensions].activated ?
+		         certutil.options[opt_GenericExtensions].arg : NULL),
                      &certReqDER);
 	if (rv)
 	    goto shutdown;
@@ -3206,6 +3319,8 @@ merge_fail:
 		     NULL,
 		     NULL,
                      nullextnlist,
+		     (certutil.options[opt_GenericExtensions].activated ?
+		         certutil.options[opt_GenericExtensions].arg : NULL),
 		     &certReqDER);
 	if (rv) 
 	    goto shutdown;
@@ -3225,6 +3340,9 @@ merge_fail:
 			    certutil.commands[cmd_CreateNewCert].activated,
 	                certutil.options[opt_SelfSign].activated,
 	                certutil_extns,
+			(certutil.options[opt_GenericExtensions].activated ?
+			    certutil.options[opt_GenericExtensions].arg : NULL),
+                        certVersion,
 			&certDER);
 	if (rv) 
 	    goto shutdown;
diff --git a/security/nss/cmd/certutil/certutil.h b/security/nss/cmd/certutil/certutil.h
index d4388fc..9286649 100644
--- a/security/nss/cmd/certutil/certutil.h
+++ b/security/nss/cmd/certutil/certutil.h
@@ -35,6 +35,7 @@ enum certutilExtns {
     ext_inhibitAnyPolicy,
     ext_subjectKeyID,
     ext_nameConstraints,
+    ext_subjectAltName,
     ext_End
 };
 
@@ -47,7 +48,11 @@ typedef ExtensionEntry certutilExtnList[ext_End];
 
 extern SECStatus
 AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
-              certutilExtnList extList);
+              certutilExtnList extList, const char *extGeneric);
+
+extern SECStatus
+GetOidFromString(PLArenaPool *arena, SECItem *to,
+                 const char *from, size_t fromLen);
 
 #endif	/* _CERTUTIL_H */
 
diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c
index 48d784b..2665dd4 100644
--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -356,7 +356,7 @@ CERTUTIL_FileForRNG(const char *noise)
     return SECSuccess;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 typedef struct curveNameTagPairStr {
     char *curveName;
     SECOidTag curveOidTag;
@@ -484,7 +484,7 @@ getECParams(const char *curve)
 
     return ecparams;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 SECKEYPrivateKey *
 CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
@@ -545,14 +545,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
 	    params = (void *)&default_pqg_params;
 	}
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case ecKey:
 	mechanism = CKM_EC_KEY_PAIR_GEN;
 	/* For EC keys, PQGFile determines EC parameters */
 	if ((params = (void *) getECParams(pqgFile)) == NULL)
 	    return NULL;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	return NULL;
     }
@@ -567,7 +567,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
     switch (keytype) {
     case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams); 
 	                                                      break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break;
 #endif
     default: /* nothing to free */                            break;
diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c
index f921c9a..cdd6b1a 100644
--- a/security/nss/cmd/fipstest/fipstest.c
+++ b/security/nss/cmd/fipstest/fipstest.c
@@ -22,7 +22,7 @@
 #include "../../lib/freebl/mpi/mpi.h"
 #endif
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 extern SECStatus
 EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
 extern SECStatus
@@ -1849,7 +1849,7 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp)
     return (c == EOF) ? -1 : ignore;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 typedef struct curveNameTagPairStr {
     char *curveName;
     SECOidTag curveOidTag;
@@ -2530,7 +2530,7 @@ loser:
     }
     fclose(ecdsareq);
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 
 /*
@@ -5327,7 +5327,7 @@ int main(int argc, char **argv)
             /* Signature Verification Test */
             dsa_sigver_test(argv[3]);
         }
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /*************/
     /*   ECDSA   */
     /*************/
@@ -5346,7 +5346,7 @@ int main(int argc, char **argv)
 	    /* Signature Verification Test */
 	    ecdsa_sigver_test(argv[3]);
 	}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     /*************/
     /*   RNG     */
     /*************/
diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c
index 6f37e42..875b62b 100644
--- a/security/nss/cmd/httpserv/httpserv.c
+++ b/security/nss/cmd/httpserv/httpserv.c
@@ -1312,8 +1312,10 @@ main(int argc, char **argv)
 	      inFile = PR_Open(revoInfo->crlFilename, PR_RDONLY, 0);
 	      if (inFile) {
 		rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+		PR_Close(inFile);
+		inFile = NULL;
 	      }
-	      if (!inFile || rv != SECSuccess) {
+	      if (rv != SECSuccess) {
 		  fprintf(stderr, "unable to read crl file %s\n",
 			  revoInfo->crlFilename);
 		  exit(1);
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 652f2eb..0767be9 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -52,6 +52,19 @@ static char consoleName[] =  {
 #include "ssl.h"
 #include "sslproto.h"
 
+static PRBool utf8DisplayEnabled = PR_FALSE;
+
+void
+SECU_EnableUtf8Display(PRBool enable)
+{
+    utf8DisplayEnabled = enable;
+}
+
+PRBool
+SECU_GetUtf8DisplayEnabled(void)
+{
+    return utf8DisplayEnabled;
+}
 
 static void
 secu_ClearPassword(char *p)
@@ -609,12 +622,22 @@ secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m,
 
     for (i = 0; i < si->len; i++) {
 	unsigned char val = si->data[i];
+	unsigned char c;
 	if (SECU_GetWrapEnabled() && column > 76) {
 	    SECU_Newline(out);
 	    SECU_Indent(out, level); column = level*INDENT_MULT;
 	}
 
-	fprintf(out,"%c", printable[val]); column++;
+	if (utf8DisplayEnabled) {
+	    if (val < 32)
+		c = '.';
+	    else
+		c = val;
+	} else {
+	    c = printable[val];
+	}
+	fprintf(out,"%c", c);
+	column++;
     }
 
     if (quotes) {
@@ -1364,7 +1387,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
     }
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static void
 secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
 {
@@ -1382,7 +1405,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
 	SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
     }
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 void
 SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
@@ -1426,7 +1449,7 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
 	    SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
 	    break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	case ecKey:
 	    secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
 	    break;
@@ -2441,19 +2464,19 @@ loser:
 int
 SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level)
 {
-    unsigned char fingerprint[20];
+    unsigned char fingerprint[SHA256_LENGTH];
     char *fpStr = NULL;
     int err     = PORT_GetError();
     SECStatus rv;
     SECItem fpItem;
 
-    /* print MD5 fingerprint */
+    /* Print SHA-256 fingerprint */
     memset(fingerprint, 0, sizeof fingerprint);
-    rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len);
+    rv = PK11_HashBuf(SEC_OID_SHA256, fingerprint, derCert->data, derCert->len);
     fpItem.data = fingerprint;
-    fpItem.len = MD5_LENGTH;
+    fpItem.len = SHA256_LENGTH;
     fpStr = CERT_Hexify(&fpItem, 1);
-    SECU_Indent(out, level);  fprintf(out, "%s (MD5):", m);
+    SECU_Indent(out, level);  fprintf(out, "%s (SHA-256):", m);
     if (SECU_GetWrapEnabled()) {
 	fprintf(out, "\n");
 	SECU_Indent(out, level+1);
diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h
index 71a7f59..2a29991 100644
--- a/security/nss/cmd/lib/secutil.h
+++ b/security/nss/cmd/lib/secutil.h
@@ -139,6 +139,9 @@ SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
 extern PRBool SECU_GetWrapEnabled(void);
 extern void SECU_EnableWrap(PRBool enable);
 
+extern PRBool SECU_GetUtf8DisplayEnabled(void);
+extern void SECU_EnableUtf8Display(PRBool enable);
+
 /* revalidate the cert and print information about cert verification
  * failure at time == now */
 extern void
diff --git a/security/nss/cmd/libpkix/pkix/params/test_buildparams.c b/security/nss/cmd/libpkix/pkix/params/test_buildparams.c
deleted file mode 100644
index 5584384..0000000
--- a/security/nss/cmd/libpkix/pkix/params/test_buildparams.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * test_buildparams.c
- *
- * Test BuildParams Type
- *
- */
-
-#include "testutil.h"
-#include "testutil_nss.h"
-
-static void *plContext = NULL;
-
-static void
-testDestroy(void *goodObject, void *equalObject, void *diffObject)
-{
-        PKIX_TEST_STD_VARS();
-
-        subTest("PKIX_BuildParams_Destroy");
-
-        PKIX_TEST_DECREF_BC(goodObject);
-        PKIX_TEST_DECREF_BC(equalObject);
-        PKIX_TEST_DECREF_BC(diffObject);
-
-cleanup:
-
-        PKIX_TEST_RETURN();
-
-}
-
-static
-void testGetProcParams(
-        PKIX_BuildParams *goodObject,
-        PKIX_BuildParams *equalObject){
-
-        PKIX_ProcessingParams *goodProcParams = NULL;
-        PKIX_ProcessingParams *equalProcParams = NULL;
-
-        PKIX_TEST_STD_VARS();
-        subTest("PKIX_BuildParams_GetProcessingParams");
-
-        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams
-                (goodObject, &goodProcParams, NULL));
-
-        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams
-                (equalObject, &equalProcParams, NULL));
-
-        testEqualsHelper
-                ((PKIX_PL_Object *)goodProcParams,
-                (PKIX_PL_Object *)equalProcParams,
-                PKIX_TRUE,
-                plContext);
-
-cleanup:
-
-        PKIX_TEST_DECREF_AC(goodProcParams);
-        PKIX_TEST_DECREF_AC(equalProcParams);
-
-        PKIX_TEST_RETURN();
-}
-
-static
-void printUsage(char *pName){
-        printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
-}
-
-int test_buildparams(int argc, char *argv[]) {
-
-        PKIX_BuildParams *goodObject = NULL;
-        PKIX_BuildParams *equalObject = NULL;
-        PKIX_BuildParams *diffObject = NULL;
-        PKIX_UInt32 actualMinorVersion;
-        PKIX_UInt32 j = 0;
-
-        char *dataCentralDir = NULL;
-        char *goodInput = "yassir2yassir";
-        char *diffInput = "yassir2bcn";
-
-        char *expectedAscii =
-                "[\n"
-                "\tProcessing Params: \n"
-                "\t********BEGIN PROCESSING PARAMS********\n"
-                "\t\t"
-                "[\n"
-                "\tTrust Anchors: \n"
-                "\t********BEGIN LIST OF TRUST ANCHORS********\n"
-                "\t\t"
-"([\n"
-                "\tTrusted CA Name:         "
-                "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
-                "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
-                "\tInitial Name Constraints:(null)\n"
-                "]\n"
-                ", [\n"
-                "\tTrusted CA Name:         OU=bcn,OU=east,O=sun,C=us\n"
-                "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
-                "\tInitial Name Constraints:(null)\n"
-                "]\n"
-                ")\n"
-                "\t********END LIST OF TRUST ANCHORS********\n"
-                "\tDate:    \t\t(null)\n"
-                "\tTarget Constraints:    (null)\n"
-                "\tInitial Policies:      (null)\n"
-                "\tQualifiers Rejected:   FALSE\n"
-                "\tCert Stores:           (EMPTY)\n"
-                "\tResource Limits:       (null)\n"
-                "\tCRL Checking Enabled:  0\n"
-                "]\n"
-                "\n"
-                "\t********END PROCESSING PARAMS********\n"
-                "]\n";
-
-        PKIX_TEST_STD_VARS();
-
-        startTests("BuildParams");
-
-        PKIX_TEST_EXPECT_NO_ERROR(
-            PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
-        if (argc < 2){
-                printUsage(argv[0]);
-                return (0);
-        }
-
-        dataCentralDir = argv[j+1];
-
-        subTest("PKIX_BuildParams_Create");
-
-        goodObject = createBuildParams
-                (dataCentralDir,
-                goodInput,
-                diffInput,
-                NULL,
-                NULL,
-                PKIX_FALSE,
-                plContext);
-
-        equalObject = createBuildParams
-                (dataCentralDir,
-                goodInput,
-                diffInput,
-                NULL,
-                NULL,
-                PKIX_FALSE,
-                plContext);
-
-        diffObject = createBuildParams
-                (dataCentralDir,
-                diffInput,
-                goodInput,
-                NULL,
-                NULL,
-                PKIX_FALSE,
-                plContext);
-
-        testGetProcParams(goodObject, equalObject);
-
-        PKIX_TEST_EQ_HASH_TOSTR_DUP
-                (goodObject,
-                equalObject,
-                diffObject,
-                expectedAscii,
-                BuildParams,
-                PKIX_FALSE);
-
-        testDestroy(goodObject, equalObject, diffObject);
-
-cleanup:
-
-        PKIX_Shutdown(plContext);
-
-        PKIX_TEST_RETURN();
-
-        endTests("BuildParams");
-
-        return (0);
-}
diff --git a/security/nss/cmd/libpkix/pkixutil/pkixutil.c b/security/nss/cmd/libpkix/pkixutil/pkixutil.c
index 4d10804..0cd832a 100644
--- a/security/nss/cmd/libpkix/pkixutil/pkixutil.c
+++ b/security/nss/cmd/libpkix/pkixutil/pkixutil.c
@@ -26,8 +26,6 @@ extern int test_certchainchecker(int argc, char *argv[]);
 extern int test_comcrlselparams(int argc, char *argv[]);
 extern int test_crlselector(int argc, char *argv[]);
 
-/* This test fails to build. Need to fix                */
-/* extern int test_buildparams(int argc, char *argv[]); */
 extern int test_procparams(int argc, char *argv[]);
 extern int test_resourcelimits(int argc, char *argv[]);
 extern int test_trustanchor(int argc, char *argv[]);
@@ -104,7 +102,6 @@ testFunctionRef testFnRefTable[] = {
     {"test_certchainchecker",          test_certchainchecker},
     {"test_comcrlselparams",           test_comcrlselparams},
     {"test_crlselector",               test_crlselector},
-/*  {"test_buildparams",               test_buildparams}*/
     {"test_procparams",                test_procparams},
     {"test_resourcelimits",            test_resourcelimits},
     {"test_trustanchor",               test_trustanchor},
diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c
index 0665608..839cf40 100644
--- a/security/nss/cmd/modutil/install.c
+++ b/security/nss/cmd/modutil/install.c
@@ -777,7 +777,7 @@ loser:
 	if(tempname) {
 		PRFileInfo info;
 		if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
-			if((info.type == PR_FILE_DIRECTORY)) {
+			if(info.type == PR_FILE_DIRECTORY) {
 				/* Recursively remove temporary directory */
 				if(rm_dash_r(tempname)) {
 					error(PK11_INSTALL_REMOVE_DIR,
diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c
index 2cc9a13..ba07bba 100644
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -832,6 +832,11 @@ main(int argc, char *argv[])
 		goto loser;
 	}
 
+	errcode = LoadMechanismList();
+	if (errcode != SUCCESS) {
+		goto loser;
+	}
+
 	/* Execute the command */
 	switch(command) {
 	case ADD_COMMAND:
diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h
index 2505f2e..529d60e 100644
--- a/security/nss/cmd/modutil/modutil.h
+++ b/security/nss/cmd/modutil/modutil.h
@@ -6,20 +6,22 @@
 #define MODUTIL_H
 
 #include <stdio.h>
+#include <string.h>
+
 #include <prio.h>
 #include <prprf.h>
 #include <prinit.h>
+#include <prlock.h>
 #include <prmem.h>
 #include <plarena.h>
-#include <string.h>
-#include <seccomon.h>
-#include <secmod.h>
-#include <secutil.h>
 
-#include <prlock.h>
+#include "seccomon.h"
+#include "secmod.h"
+#include "secutil.h"
 
 #include "error.h"
 
+Error LoadMechanismList(void);
 Error FipsMode(char *arg);
 Error ChkFipsMode(char *arg);
 Error AddModule(char *moduleName, char *libFile, char *ciphers,
diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c
index fc3e722..d630e4e 100644
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -2,17 +2,13 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-/* To edit this file, set TABSTOPS to 4 spaces. 
- * This is not the normal NSS convention. 
+/* To edit this file, set TABSTOPS to 4 spaces.
+ * This is not the normal NSS convention.
  */
 
 #include "modutil.h"
-/* #include "secmodti.h"  */
 #include "pk11func.h"
 
-static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
-static int pk11_DefaultArraySize = 0;
-
 /*************************************************************************
  *
  * F i p s M o d e
@@ -110,32 +106,9 @@ ChkFipsMode(char *arg)
 
 typedef struct {
     const char *name;
-    const unsigned long mask;
+    unsigned long mask;
 } MaskString;
 
-static const MaskString mechanismStrings[] = {
-    {"RSA", PUBLIC_MECH_RSA_FLAG},
-    {"DSA", PUBLIC_MECH_DSA_FLAG},
-    {"RC2", PUBLIC_MECH_RC2_FLAG},
-    {"RC4", PUBLIC_MECH_RC4_FLAG},
-    {"RC5", PUBLIC_MECH_RC5_FLAG},
-    {"DES", PUBLIC_MECH_DES_FLAG},
-    {"DH", PUBLIC_MECH_DH_FLAG},
-    {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG},
-    {"SHA1", PUBLIC_MECH_SHA1_FLAG},
-    {"MD5", PUBLIC_MECH_MD5_FLAG},
-    {"MD2", PUBLIC_MECH_MD2_FLAG},
-    {"SSL", PUBLIC_MECH_SSL_FLAG},
-    {"TLS", PUBLIC_MECH_TLS_FLAG},
-    {"AES", PUBLIC_MECH_AES_FLAG},
-    {"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG},
-    {"SHA256", PUBLIC_MECH_SHA256_FLAG},
-    {"SHA512", PUBLIC_MECH_SHA512_FLAG},
-    {"RANDOM", PUBLIC_MECH_RANDOM_FLAG},
-    {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG}
-};
-static const int numMechanismStrings =
-    sizeof(mechanismStrings) / sizeof(mechanismStrings[0]);
 
 static const MaskString cipherStrings[] = {
     {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
@@ -143,10 +116,68 @@ static const MaskString cipherStrings[] = {
 static const int numCipherStrings =
     sizeof(cipherStrings) / sizeof(cipherStrings[0]);
 
-/* Maximum length of a colon-separated list of all the strings in an 
+/* Initialized by LoadMechanismList */
+static MaskString *mechanismStrings =  NULL;
+static int numMechanismStrings = 0;
+const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
+static int pk11_DefaultArraySize = 0;
+
+/* Maximum length of a colon-separated list of all the strings in an
  * array. */
 #define MAX_STRING_LIST_LEN 240    /* or less */
 
+
+Error
+LoadMechanismList(void)
+{
+    int i;
+
+    if (pk11_DefaultArray == NULL) {
+        pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
+        if (pk11_DefaultArray == NULL) {
+            /* should assert. This shouldn't happen */
+            return UNSPECIFIED_ERR;
+        }
+    }
+    if (mechanismStrings != NULL) {
+	return SUCCESS;
+    }
+
+    /* build the mechanismStrings array */
+    mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize);
+    if (mechanismStrings == NULL) {
+	return OUT_OF_MEM_ERR;
+    }
+    numMechanismStrings = pk11_DefaultArraySize;
+    for (i = 0; i < numMechanismStrings; i++) {
+	const char *name = pk11_DefaultArray[i].name;
+	unsigned long flag = pk11_DefaultArray[i].flag;
+	/* map new name to old */
+	switch (flag) {
+	case SECMOD_FORTEZZA_FLAG:
+	    name = "FORTEZZA";
+	    break;
+	case SECMOD_SHA1_FLAG:
+	    name = "SHA1";
+	    break;
+	case SECMOD_CAMELLIA_FLAG:
+	    name = "CAMELLIA";
+	    break;
+	case SECMOD_RANDOM_FLAG:
+	    name = "RANDOM";
+	    break;
+	case SECMOD_FRIENDLY_FLAG:
+	    name = "FRIENDLY";
+	    break;
+	default:
+	    break;
+	}
+	mechanismStrings[i].name = name;
+	mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag);
+    }
+    return SUCCESS;
+}
+
 /************************************************************************
  * 
  * g e t F l a g s F r o m S t r i n g
@@ -816,14 +847,6 @@ SetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
     PRBool found = PR_FALSE;
     Error errcode = UNSPECIFIED_ERR;
 
-    if (pk11_DefaultArray == NULL) {
-	pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
-	if (pk11_DefaultArray == NULL) {
-	    /* should assert. This shouldn't happen */
-	    goto loser;
-	}
-    }
-
     mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);
 
     module = SECMOD_FindModule(moduleName);
@@ -894,15 +917,6 @@ UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
     PRBool found = PR_FALSE;
     Error rv;
 
-    if (pk11_DefaultArray == NULL) {
-	pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
-	if (pk11_DefaultArray == NULL) {
-	    /* should assert. This shouldn't happen */
-	    rv = UNSPECIFIED_ERR;
-            goto loser;
-	}
-    }
-
     mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);
 
     module = SECMOD_FindModule(moduleName);
diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk
index 0f07910..833952a 100644
--- a/security/nss/cmd/platlibs.mk
+++ b/security/nss/cmd/platlibs.mk
@@ -146,10 +146,6 @@ EXTRA_SHARED_LIBS += \
 	$(NULL)
 endif
 
-ifeq ($(OS_TARGET), SunOS)
-OS_LIBS += -lbsm
-endif
-
 else # USE_STATIC_LIBS
 # can't do this in manifest.mn because OS_ARCH isn't defined there.
 ifeq ($(OS_ARCH), WINNT)
diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c
index c97b3e7..a739a91 100644
--- a/security/nss/cmd/pp/pp.c
+++ b/security/nss/cmd/pp/pp.c
@@ -22,22 +22,27 @@ extern int fprintf(FILE *, char *, ...);
 static void Usage(char *progName)
 {
     fprintf(stderr,
-	    "Usage:  %s -t type [-a] [-i input] [-o output] [-w]\n",
+	    "Usage:  %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n",
 	    progName);
-    fprintf(stderr, "%-20s Specify the input type (must be one of %s,\n",
+    fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n");
+    fprintf(stderr, "%-14s Specify input and display type: %s (sk),\n",
 	    "-t type", SEC_CT_PRIVATE_KEY);
-    fprintf(stderr, "%-20s %s, %s, %s,\n", "", SEC_CT_PUBLIC_KEY,
+    fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY,
 	    SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST);
-    fprintf(stderr, "%-20s %s, %s, %s or %s)\n", "", SEC_CT_CERTIFICATE_ID,
+    fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID,
             SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME);
-    fprintf(stderr, "%-20s Input is in ascii encoded form (RFC1113)\n",
+    fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "", SEC_CT_CERTIFICATE_ID,
+            SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME);
+    fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n",
 	    "-a");
-    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+    fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n",
 	    "-i input");
-    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+    fprintf(stderr, "%-14s Define an output file to use (default is stdout)\n",
 	    "-o output");
-    fprintf(stderr, "%-20s Don't wrap long output lines\n",
+    fprintf(stderr, "%-14s Don't wrap long output lines\n",
 	    "-w");
+    fprintf(stderr, "%-14s Use UTF-8 (default is to show non-ascii as .)\n",
+	    "-u");
     exit(-1);
 }
 
@@ -59,7 +64,7 @@ int main(int argc, char **argv)
     inFile = 0;
     outFile = 0;
     typeTag = 0;
-    optstate = PL_CreateOptState(argc, argv, "at:i:o:w");
+    optstate = PL_CreateOptState(argc, argv, "at:i:o:uw");
     while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) {
 	switch (optstate->option) {
 	  case '?':
@@ -92,6 +97,10 @@ int main(int argc, char **argv)
 	    typeTag = strdup(optstate->value);
 	    break;
 
+	  case 'u':
+	    SECU_EnableUtf8Display(PR_TRUE);
+	    break;
+
 	  case 'w':
 	    wrap = PR_FALSE;
 	    break;
@@ -125,27 +134,34 @@ int main(int argc, char **argv)
     SECU_EnableWrap(wrap);
 
     /* Pretty print it */
-    if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) {
+    if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 ||
+        PORT_Strcmp(typeTag, "c") == 0) {
 	rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
 			     SECU_PrintCertificate);
-    } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0) {
+    } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 ||
+               PORT_Strcmp(typeTag, "ci") == 0) {
         rv = SECU_PrintSignedContent(outFile, &data, 0, 0,
                                      SECU_PrintDumpDerIssuerAndSerial);
-    } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) {
+    } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0 ||
+               PORT_Strcmp(typeTag, "cr") == 0) {
 	rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
 			     SECU_PrintCertificateRequest);
-    } else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) {
+    } else if (PORT_Strcmp(typeTag, SEC_CT_CRL) == 0) {
 	rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
 #ifdef HAVE_EPV_TEMPLATE
-    } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) {
+    } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0 ||
+               PORT_Strcmp(typeTag, "sk") == 0) {
 	rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
 #endif
-    } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) {
+    } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0 ||
+               PORT_Strcmp (typeTag, "pk") == 0) {
 	rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0);
-    } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) {
+    } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0 ||
+               PORT_Strcmp (typeTag, "p7") == 0) {
 	rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
 					"PKCS #7 Content Info", 0);
-    } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0) {
+    } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0 ||
+               PORT_Strcmp (typeTag, "n") == 0) {
 	rv = SECU_PrintDERName(outFile, &data, "Name", 0);
     } else {
 	fprintf(stderr, "%s: don't know how to print out '%s' files\n",
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
index 11f3015..d87f0de 100644
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -107,30 +107,30 @@ const int ssl2CipherSuites[] = {
 const int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, 	 * o */
-    -1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 * p */
-    -1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 * q */
-    -1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA,	 * r */
-    -1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA,	 * s */
+    -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 * p */
+    -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 * q */
+    -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA,	 * r */
+    -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA,	 * s */
     -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA,	 * t */
     -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA,	 * u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA,	 * w */
     -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA,	 * x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
@@ -160,11 +160,11 @@ PrintUsageHeader(const char *progName)
 "         [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
 "         [-V [min-version]:[max-version]] [-a sni_name]\n"
 "         [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 "         [-C SSLCacheEntries] [-e ec_nickname]\n"
 #else
 "         [-C SSLCacheEntries]\n"
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
         ,progName);
 }
 
@@ -1932,9 +1932,9 @@ server_main(
      * would like it to be. Turn this cipher on.
      */
 
-    secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+    secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE);
     if ( secStatus != SECSuccess ) {
-	errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
+	errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
     }
 
     if (expectedHostNameVal) {
@@ -2133,7 +2133,7 @@ main(int argc, char **argv)
 {
     char *               progName    = NULL;
     char *               nickName    = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     char *               ecNickName   = NULL;
 #endif
     const char *         fileName    = NULL;
@@ -2246,9 +2246,9 @@ main(int argc, char **argv)
 
 	case 'd': dir = optstate->value; break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	case 'e': ecNickName = PORT_Strdup(optstate->value); break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 	case 'f':
             pwdata.source = PW_FROMFILE;
@@ -2362,7 +2362,7 @@ main(int argc, char **argv)
     }
 
     if ((nickName == NULL)
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
 						&& (ecNickName == NULL)
  #endif
     ) {
@@ -2593,7 +2593,7 @@ main(int argc, char **argv)
 	setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
 			&pwdata);
     }
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (ecNickName) {
 	cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
 	if (cert[kt_ecdh] == NULL) {
@@ -2620,7 +2620,7 @@ main(int argc, char **argv)
 	setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh,
 			&pwdata);
     }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     if (testbypass)
 	goto cleanup;
@@ -2691,7 +2691,7 @@ cleanup:
     if (certPrefix && certPrefix != emptyString) {                            
         PORT_Free(certPrefix);
     }
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
     if (ecNickName) {
         PORT_Free(ecNickName);
     }
diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c
index b1eaaa6..9614f05 100644
--- a/security/nss/cmd/ssltap/ssltap.c
+++ b/security/nss/cmd/ssltap/ssltap.c
@@ -493,13 +493,13 @@ const char * helloExtensionNameString(int ex_num)
 
 static int isNULLmac(int cs_int)
 {
-    return (cs_int == SSL_NULL_WITH_NULL_NULL); 
+    return (cs_int == TLS_NULL_WITH_NULL_NULL);
 }
 
 static int isNULLcipher(int cs_int)
 {
- return ((cs_int == SSL_RSA_WITH_NULL_MD5) ||
-         (cs_int == SSL_RSA_WITH_NULL_SHA) ||
+ return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
+         (cs_int == TLS_RSA_WITH_NULL_SHA) ||
          (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c
index 26b8f92..43d121e 100644
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -59,30 +59,30 @@ int ssl2CipherSuites[] = {
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
-    SSL_RSA_WITH_RC4_128_MD5,                   /* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
-    SSL_RSA_WITH_DES_CBC_SHA,                   /* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
+    TLS_RSA_WITH_RC4_128_MD5,                   /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,                   /* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
-    SSL_RSA_WITH_NULL_MD5,                      /* i */
+    TLS_RSA_WITH_NULL_MD5,                      /* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,         /* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,              /* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,		/* m */
-    SSL_RSA_WITH_RC4_128_SHA,                   /* n */
+    TLS_RSA_WITH_RC4_128_SHA,                   /* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c
index 2e6c068..b92dcb1 100644
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -68,30 +68,30 @@ int ssl2CipherSuites[] = {
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c
index 4d41be8..216fa36 100644
--- a/security/nss/cmd/vfychain/vfychain.c
+++ b/security/nss/cmd/vfychain/vfychain.c
@@ -719,6 +719,8 @@ breakout:
                 if (node->cert)
                     CERT_DestroyCertificate(node->cert);
             }
+            log.head = log.tail = NULL;
+            log.count = 0;
             rv = 1;
         } else {
             fprintf(stderr, "Chain is good!\n");
diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c
index 768224c..d83fc39 100644
--- a/security/nss/cmd/vfyserv/vfyserv.c
+++ b/security/nss/cmd/vfyserv/vfyserv.c
@@ -497,7 +497,7 @@ main(int argc, char **argv)
 	/* All cipher suites except RSA_NULL_MD5 are enabled by 
 	 * Domestic Policy. */
 	NSS_SetDomesticPolicy();
-	SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+	SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
 
 	/* all the SSL2 and SSL3 cipher suites are enabled by default. */
 	if (cipherString) {
diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c
index fb6ac6b..15f0d97 100644
--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -27,30 +27,30 @@ int ssl2CipherSuites[] = {
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk
index a586e5e..6567f25 100644
--- a/security/nss/coreconf/Linux.mk
+++ b/security/nss/coreconf/Linux.mk
@@ -55,11 +55,18 @@ else
 ifeq ($(OS_TEST),x86_64)
 ifeq ($(USE_64),1)
 	CPU_ARCH	= x86_64
+	ARCHFLAG	= -m64
+else
+ifeq ($(USE_X32),1)
+	CPU_ARCH	= x86_64
+	ARCHFLAG	= -mx32
+	64BIT_TAG	= _x32
 else
 	OS_REL_CFLAGS	= -Di386
 	CPU_ARCH	= x86
 	ARCHFLAG	= -m32
 endif
+endif
 else
 ifeq ($(OS_TEST),sparc64)
 	CPU_ARCH        = sparc
@@ -123,12 +130,7 @@ ifeq ($(USE_PTHREADS),1)
 OS_PTHREAD = -lpthread 
 endif
 
-# See bug 537829, in particular comment 23.
-# Place -ansi and *_SOURCE before $(DSO_CFLAGS) so DSO_CFLAGS can override
-# -ansi on platforms like Android where the system headers are C99 and do
-# not build with -ansi.
-STANDARDS_CFLAGS	= -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE
-OS_CFLAGS		= $(STANDARDS_CFLAGS) $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR
 OS_LIBS			= $(OS_PTHREAD) -ldl -lc
 
 ifdef USE_PTHREADS
@@ -138,7 +140,7 @@ endif
 ARCH			= linux
 
 DSO_CFLAGS		= -fPIC
-DSO_LDOPTS		= -shared $(ARCHFLAG)
+DSO_LDOPTS		= -shared $(ARCHFLAG) -Wl,--gc-sections
 # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
 # incorrectly reports undefined references in the libraries we link with, so
 # we don't use -z defs there.
diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk
index eeab70d..afece49 100644
--- a/security/nss/coreconf/WIN32.mk
+++ b/security/nss/coreconf/WIN32.mk
@@ -41,6 +41,11 @@ else
 	_CC_BUILD   := $(word 4,$(_CC_VERSION_WORDS))
 	_MSC_VER     = $(_CC_VMAJOR)$(_CC_VMINOR)
 	_MSC_VER_6   = 1200
+	# VC10 (2010) is 16.00.30319.01, VC10SP1 is 16.00.40219.01.
+	_MSC_VER_GE_10SP1 := $(shell expr $(_MSC_VER) \> 1600 \| \
+		$(_MSC_VER) = 1600 \& $(_CC_RELEASE) \>= 40219)
+	# VC12 (2013).
+	_MSC_VER_GE_12 := $(shell expr $(_MSC_VER) \>= 1800)
 	ifeq ($(_CC_VMAJOR),14)
 	    # -DYNAMICBASE is only supported on VC8SP1 or newer,
 	    # so be very specific here!
@@ -171,6 +176,10 @@ ifneq ($(_MSC_VER),$(_MSC_VER_6))
     OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 -we4013 \
      -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \
      -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715
+
+    ifeq ($(_MSC_VER_GE_12),1)
+	OS_CFLAGS += -FS
+    endif
 endif # !MSVC6
 endif # NS_USE_GCC
 
@@ -213,10 +222,10 @@ ifdef NS_USE_GCC
 else
 ifdef USE_64
 	AS	= ml64.exe
-	ASFLAGS = -Cp -Sn -Zi $(INCLUDES)
+	ASFLAGS = -nologo -Cp -Sn -Zi $(INCLUDES)
 else
 	AS	= ml.exe
-	ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES)
+	ASFLAGS = -nologo -Cp -Sn -Zi -coff $(INCLUDES)
 endif
 endif
 
diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk
index ea1d04b..99c6ce6 100644
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -146,10 +146,10 @@ endif
 # [16.0] Global environ ment defines
 #######################################################################
 
-ifdef NSS_ENABLE_ECC
-DEFINES += -DNSS_ENABLE_ECC
+ifdef NSS_DISABLE_ECC
+DEFINES += -DNSS_DISABLE_ECC
 endif
-
+ 
 ifdef NSS_ECC_MORE_THAN_SUITE_B
 DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B
 endif
@@ -166,6 +166,10 @@ ifdef NSS_DISABLE_DBM
 DEFINES += -DNSS_DISABLE_DBM
 endif
 
+ifdef NSS_PKIX_NO_LDAP
+DEFINES += -DNSS_PKIX_NO_LDAP
+endif
+
 # Avoid building object leak test code for optimized library
 ifndef BUILD_OPT
 ifdef PKIX_OBJECT_LEAK_TEST
@@ -181,3 +185,6 @@ USE_UTIL_DIRECTLY = 1
 
 # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
 DEFINES += -DNO_NSPR_10_SUPPORT
+
+# Hide old, deprecated, TLS cipher suite names when building NSS
+DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
diff --git a/security/nss/coverage/cov.sh b/security/nss/coverage/cov.sh
index 5158751..d2a6894 100755
--- a/security/nss/coverage/cov.sh
+++ b/security/nss/coverage/cov.sh
@@ -32,7 +32,6 @@ CVS_CHECKOUT_BRANCH="cvs_checkout_${BRANCH}"
 export HOST=`hostname`
 export DOMSUF=red.iplanet.com
 
-export NSS_ENABLE_ECC=1
 export NSS_ECC_MORE_THAN_SUITE_B=1
 export IOPR_HOSTADDR_LIST="dochinups.red.iplanet.com"
 export NSS_AIA_PATH="/share/builds/mccrel3/security/aia_certs"
diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml
index 32eaf18..8728067 100644
--- a/security/nss/doc/certutil.xml
+++ b/security/nss/doc/certutil.xml
@@ -196,10 +196,10 @@ If this option is not used, the validity check defaults to the current system ti
           <para><command>certutil</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). </para>
           <para>NSS recognizes the following prefixes:</para>
           <itemizedlist>
-            <listitem><para><command>sql: requests the newer database</command></para></listitem>
-	    <listitem><para><command>dbm: requests the legacy database</command></para></listitem>
+            <listitem><para><command>sql:</command> requests the newer database</para></listitem>
+	    <listitem><para><command>dbm:</command> requests the legacy database</para></listitem>
           </itemizedlist>
-          <para>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.</para>
+          <para>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <command>dbm:</command> is the default.</para>
         </listitem>
       </varlistentry>
 
@@ -222,7 +222,7 @@ If this option is not used, the validity check defaults to the current system ti
 
       <varlistentry>
         <term>-g keysize</term>
-        <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 8192 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</para></listitem>
+        <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</para></listitem>
       </varlistentry>
 
 
@@ -360,7 +360,7 @@ of the attribute codes:
 	<para>
 		The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:
 	</para>
-<para><command>-t "TCu,Cu,Tuw"</command></para>
+<para><command>-t "TCu,Cu,Tu"</command></para>
 	<para>
 	Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </para></listitem>
       </varlistentry>
@@ -432,11 +432,11 @@ of the attribute codes:
 
       <varlistentry>
         <term>-1 | --keyUsage keyword,keyword</term>
-        <listitem><para>Set a Netscape Certificate Type Extension in the certificate. There are several available keywords:</para>
+        <listitem><para>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</para>
 	<itemizedlist>
 	<listitem>
 	<para>
-		digital signature
+		digitalSignature
 	</para>
 	</listitem>
 	<listitem>
@@ -498,7 +498,7 @@ of the attribute codes:
 
       <varlistentry>
         <term>-5 | --nsCertType keyword,keyword</term>
-        <listitem><para>Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</para>
+        <listitem><para>Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</para>
 	<itemizedlist>
 	<listitem>
 	<para>
diff --git a/security/nss/doc/cmsutil.xml b/security/nss/doc/cmsutil.xml
index ba45b99..c7d2408 100644
--- a/security/nss/doc/cmsutil.xml
+++ b/security/nss/doc/cmsutil.xml
@@ -62,16 +62,16 @@ The options and arguments for the cmsutil command are defined as follows:
     </para>
     <variablelist>
       <varlistentry>
-        <term>-D </term>
-        <listitem><para>Decode a message.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
         <term>-C</term>
         <listitem><para>Encrypt a message.</para></listitem>
       </varlistentry>
     
       <varlistentry>
+        <term>-D </term>
+        <listitem><para>Decode a message.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term>-E </term>
         <listitem><para>Envelope a message.</para></listitem>
       </varlistentry>
@@ -267,23 +267,11 @@ cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [
 
   </refsection>
 
-  <refsection>
+  <refsection id="seealso">
     <title>See also</title>
     <para>certutil(1)</para>
   </refsection>
 
-
-  <refsection id="seealso">
-    <title>See Also</title>
-    <para></para>
-	<para>
-	</para>
-	<para>
-	</para>
-	<para>
-	</para>
-  </refsection>
-
 <!-- don't change -->
   <refsection id="resources">
     <title>Additional Resources</title>
diff --git a/security/nss/doc/crlutil.xml b/security/nss/doc/crlutil.xml
index a6dddd4..e77570e 100644
--- a/security/nss/doc/crlutil.xml
+++ b/security/nss/doc/crlutil.xml
@@ -76,15 +76,6 @@ The options and arguments for the crlutil command are defined as follows:
 
   <variablelist>
     <varlistentry>
-      <term>-G </term>
-        <listitem>
-          <para>
-Create new Certificate Revocation List(CRL).
-          </para>
-        </listitem>
-      </varlistentry>
-
-    <varlistentry>
       <term>-D </term>
         <listitem>
           <para>
@@ -93,40 +84,38 @@ Delete Certificate Revocation List from cert database.
         </listitem>
       </varlistentry>
 
-
     <varlistentry>
-      <term>-I </term>
+      <term>-E </term>
         <listitem>
           <para>
-Import a CRL to the cert database
+Erase all CRLs of specified type from the cert database
           </para>
         </listitem>
       </varlistentry>
 
     <varlistentry>
-      <term>-E </term>
+      <term>-G </term>
         <listitem>
           <para>
-Erase all CRLs of specified type from the cert database
+Create new Certificate Revocation List (CRL).
           </para>
         </listitem>
       </varlistentry>
 
-
     <varlistentry>
-      <term>-L </term>
+      <term>-I </term>
         <listitem>
           <para>
-List existing CRL located in cert database file.
+Import a CRL to the cert database
           </para>
         </listitem>
       </varlistentry>
 
     <varlistentry>
-      <term>-S </term>
+      <term>-L </term>
         <listitem>
           <para>
-Show contents of a CRL file which isn't stored in the database.
+List existing CRL located in cert database file.
           </para>
         </listitem>
       </varlistentry>
@@ -141,43 +130,34 @@ Modify existing CRL which can be located in cert db or in arbitrary file. If loc
       </varlistentry>
 
     <varlistentry>
-      <term>-G </term>
+      <term>-S </term>
         <listitem>
           <para>
-
+Show contents of a CRL file which isn't stored in the database.
           </para>
         </listitem>
       </varlistentry>
   </variablelist>
 
   <para><command>Arguments</command></para>
-  <para>Option arguments modify an action and are lowercase.</para>
+  <para>Option arguments modify an action.</para>
 
   <variablelist>
 
       <varlistentry>
-        <term>-B </term>
-        <listitem>
-          <para>
-Bypass CA signature checks.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-P dbprefix </term>
+        <term>-a </term>
         <listitem>
           <para>
-Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.
+Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113.
           </para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-a </term>
+        <term>-B </term>
         <listitem>
           <para>
-Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113.
+Bypass CA signature checks.
           </para>
         </listitem>
       </varlistentry>
@@ -204,19 +184,19 @@ The NSS database files must reside in the same directory.
       </varlistentry>
 
       <varlistentry>
-        <term>-i crl-file </term>
+        <term>-f password-file </term>
         <listitem>
           <para>
-Specify the file which contains the CRL to import or show.
+Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.
           </para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-f password-file </term>
+        <term>-i crl-file </term>
         <listitem>
           <para>
-Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.
+Specify the file which contains the CRL to import or show.
           </para>
         </listitem>
       </varlistentry>
@@ -249,6 +229,15 @@ Specify the output file name for new CRL. Bracket the output-file string with qu
       </varlistentry>
 
       <varlistentry>
+        <term>-P dbprefix </term>
+        <listitem>
+          <para>
+Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term>-t crl-type </term>
         <listitem>
           <para>
@@ -355,7 +344,7 @@ Implemented Extensions
     * Add The Authority Key Identifier extension:
      </para>
      <para>
-      The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.
+The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.
      </para>
      <para>
           authKeyId critical [key-id | dn cert-serial]
@@ -504,21 +493,9 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr
     </programlisting>
   </refsection>
 
-  <refsection>
-    <title>See also</title>
-    <para>certutil(1)</para>
-  </refsection>
-
-
   <refsection id="seealso">
     <title>See Also</title>
-    <para></para>
-	<para>
-	</para>
-	<para>
-	</para>
-	<para>
-	</para>
+    <para>certutil(1)</para>
   </refsection>
 
 <!-- don't change -->
diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html
index 968a9d2..c99513f 100644
--- a/security/nss/doc/html/certutil.html
+++ b/security/nss/doc/html/certutil.html
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm224672048528"></a><h2>STATUS</h2><p>This documentation is still work 
 in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233261230240"></a><h2>STATUS</h2><p>This documentation is still work 
 in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Database Tool, <span class="command"><strong>certutil</strong></span>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</p><p>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <span class="command"><strong>modutil</strong></span> manpage.</p></div><div class="refsection"><a name="options"></a><h2>Command Options and Arguments</h2><p>Running <span class="command"><strong>certutil</strong></span> always 
 requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <code class="option">-H</code> will list all the command options and their relevant arguments.</p><p><span class="command"><strong>Command Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A </span></dt><dd><p>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</p></dd><dt><span class="term">-B</span></dt><dd><p>Run a series of commands from the specified batch file. This requires the <code class="option">-i</code> argument.</p></dd><dt><span class="term">-C </span></dt><dd><p>Create a new binary certificate file from a binary certificate request file. Use the <code class="option">-i</code> argument to specify the certificate request file. If this argum
 ent is not used, <span class="command"><strong>certutil</strong></span> prompts for a filename. </p></dd><dt><span class="term">-D </span></dt><dd><p>Delete a certificate from the certificate database.</p></dd><dt><span class="term">-E </span></dt><dd><p>Add an email certificate to the certificate database.</p></dd><dt><span class="term">-F</span></dt><dd><p>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the 
 <code class="option">-d</code> argument. Use the <code class="option">-k</code> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <code class="option">-k</code> argument, the option looks for an RSA key matching the specified nickname. 
 </p><p>
@@ -10,9 +10,9 @@ For certificate requests, ASCII output defaults to standard output unless redire
 </p><p>
 If this option is not used, the validity check defaults to the current system time.</p></dd><dt><span class="term">-c issuer</span></dt><dd><p>Identify the certificate of the CA from which a new certificate will derive its authenticity. 
  Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string 
- with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql: requests the newer database</strong></span></p></li><li class="listitem"><p><span class="command"><strong>dbm: requests the legacy database</strong></span></p></li></ul></div><p>If no prefix is specified the
  default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate 
+ with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql:</strong></span> requests the newer database</p></li><li class="listitem"><p><span class="command"><strong>dbm:</strong></span> requests the legacy database</p></li></ul></div><p>If no prefix is specified the
  default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <span class="command"><strong>dbm:</strong></span> is the default.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate 
  or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent 
- unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 8192 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p>
+ unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p>
            The valid key type options are rsa, dsa, ec, or all. The default 
            value is rsa. Specifying the type of key can avoid mistakes caused by
            duplicate nicknames. Giving a key type generates a new key pair; 
@@ -53,14 +53,14 @@ of the attribute codes:
 		<span class="command"><strong>u</strong></span> - user
 	</p></li></ul></div><p>
 		The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:
-	</p><p><span class="command"><strong>-t "TCu,Cu,Tuw"</strong></span></p><p>
+	</p><p><span class="command"><strong>-t "TCu,Cu,Tu"</strong></span></p><p>
 	Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Specify a usage context to apply when validating a certificate with the -V option.</p><p>The contexts are the following:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>C</strong></span> (as an SSL client)</p></li><li class="listitem"><p><span class="command"><strong>V</strong></span> (as an SSL server)</p></li><li class="listitem"><p><span class="command"><strong>S</strong></span> (as an email signer)</p></li><li class="listitem"><p><span class="command"><strong>R</strong></span> (as an email recipient)</p></li><li class="listitem"><p><span class="command"><strong>O</strong></span> (as an OCSP status responder)</p></li><li class="listitem"><p><span class="command"><strong>J</strong></span> (as an object signer)</p></li></u
 l></div></dd><dt><span class="term">-v valid-months</span></dt><dd><p>Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the <code class="option">-w</code> option. If this argument is not used, the default validity period is three months. </p></dd><dt><span class="term">-w offset-months</span></dt><dd><p>Set an offset from the current system time, in months, 
  for the beginning of a certificate's validity period. Use when creating 
  the certificate or adding it to a database. Express the offset in integers, 
  using a minus sign (-) to indicate a negative offset. If this argument is 
  not used, the validity period begins at the current system time. The length 
- of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually crea
 te a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set a Netscape Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
-		digital signature
+ of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually crea
 te a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		digitalSignature
 	</p></li><li class="listitem"><p>
 		nonRepudiation
 	</p></li><li class="listitem"><p>
@@ -75,7 +75,7 @@ of the attribute codes:
 		crlSigning
 	</p></li><li class="listitem"><p>
 		critical
-	</p></li></ul></div></dd><dt><span class="term">-2 </span></dt><dd><p>Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. <span class="command"><strong>certutil</strong></span> prompts for the certificate constraint extension to select.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-3 </span></dt><dd><p>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-4 </span></dt><dd><p>Add a CRL distribution point extension to a certifica
 te that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). <span class="command"><strong>certutil</strong></span> prompts for the URL.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-5 | --nsCertType keyword,keyword</span></dt><dd><p>Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+	</p></li></ul></div></dd><dt><span class="term">-2 </span></dt><dd><p>Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. <span class="command"><strong>certutil</strong></span> prompts for the certificate constraint extension to select.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-3 </span></dt><dd><p>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-4 </span></dt><dd><p>Add a CRL distribution point extension to a certifica
 te that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). <span class="command"><strong>certutil</strong></span> prompts for the URL.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-5 | --nsCertType keyword,keyword</span></dt><dd><p>Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 		sslClient
 	</p></li><li class="listitem"><p>
 		sslServer
diff --git a/security/nss/doc/html/cmsutil.html b/security/nss/doc/html/cmsutil.html
index 2b5249c..1bed3fe 100644
--- a/security/nss/doc/html/cmsutil.html
+++ b/security/nss/doc/html/cmsutil.html
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CMSUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CMSUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CMSUTIL</th></tr></table><hr></div><div class="refentry"><a name="cmsutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>cmsutil — Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">cmsutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm207695361776"></a><h2>S
 TATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CMSUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CMSUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CMSUTIL</th></tr></table><hr></div><div class="refentry"><a name="cmsutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>cmsutil — Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">cmsutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233266717696"></a><h2>S
 TATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The <span class="command"><strong>cmsutil</strong></span> command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.
 	</p><p>
 To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. 
@@ -8,7 +8,7 @@ To see a usage string, issue the command without options.
 	</p><p><span class="command"><strong>Options</strong></span></p><p>
 Options specify an action. Option arguments modify an action. 
 The options and arguments for the cmsutil command are defined as follows:
-    </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-D </span></dt><dd><p>Decode a message.</p></dd><dt><span class="term">-C</span></dt><dd><p>Encrypt a message.</p></dd><dt><span class="term">-E </span></dt><dd><p>Envelope a message.</p></dd><dt><span class="term">-O </span></dt><dd><p>Create a certificates-only message.</p></dd><dt><span class="term">-S </span></dt><dd><p>Sign a message.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b </span></dt><dd><p>Decode a batch of files named in infile.</p></dd><dt><span class="term">-c content </span></dt><dd><p>Use this detached content (decode only).</p></dd><dt><span class="term">-d dbdir</span></dt><dd><p>Specify the key/certificate database directory (default is ".")</p></dd><dt><span class="term">-e envfile</span></dt><dd><p>Specify a file containing an e
 nveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</p></dd><dt><span class="term">-f pwfile</span></dt><dd><p>Use password file to set password on all PKCS#11 tokens.</p></dd><dt><span class="term">-G</span></dt><dd><p>Include a signing time attribute (sign only).</p></dd><dt><span class="term">-H hash</span></dt><dd><p>Use specified hash algorithm (default:SHA1).</p></dd><dt><span class="term">-h num</span></dt><dd><p>Generate email headers with info about CMS message (decode only).</p></dd><dt><span class="term">-i infile</span></dt><dd><p>Use infile as a source of data (default is stdin).</p></dd><dt><span class="term">-k</span></dt><dd><p>Keep decoded encryption certs in permanent cert db.</p></dd><dt><span class="term">-N nickname</span></dt><dd><p>Specify nickname of cert
 ificate to sign with (sign only).</p></dd><dt><span class="term">-n </span></dt><dd><p>Suppress output of contents (decode only).</p></dd><dt><span class="term">-o outfile</span></dt><dd><p>Use outfile as a destination of data (default is stdout).</p></dd><dt><span class="term">-P</span></dt><dd><p>Include an S/MIME capabilities attribute.</p></dd><dt><span class="term">-p password</span></dt><dd><p>Use password as key database password.</p></dd><dt><span class="term">-r recipient1,recipient2, ...</span></dt><dd><p>
+    </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-C</span></dt><dd><p>Encrypt a message.</p></dd><dt><span class="term">-D </span></dt><dd><p>Decode a message.</p></dd><dt><span class="term">-E </span></dt><dd><p>Envelope a message.</p></dd><dt><span class="term">-O </span></dt><dd><p>Create a certificates-only message.</p></dd><dt><span class="term">-S </span></dt><dd><p>Sign a message.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b </span></dt><dd><p>Decode a batch of files named in infile.</p></dd><dt><span class="term">-c content </span></dt><dd><p>Use this detached content (decode only).</p></dd><dt><span class="term">-d dbdir</span></dt><dd><p>Specify the key/certificate database directory (default is ".")</p></dd><dt><span class="term">-e envfile</span></dt><dd><p>Specify a file containing an e
 nveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</p></dd><dt><span class="term">-f pwfile</span></dt><dd><p>Use password file to set password on all PKCS#11 tokens.</p></dd><dt><span class="term">-G</span></dt><dd><p>Include a signing time attribute (sign only).</p></dd><dt><span class="term">-H hash</span></dt><dd><p>Use specified hash algorithm (default:SHA1).</p></dd><dt><span class="term">-h num</span></dt><dd><p>Generate email headers with info about CMS message (decode only).</p></dd><dt><span class="term">-i infile</span></dt><dd><p>Use infile as a source of data (default is stdin).</p></dd><dt><span class="term">-k</span></dt><dd><p>Keep decoded encryption certs in permanent cert db.</p></dd><dt><span class="term">-N nickname</span></dt><dd><p>Specify nickname of cert
 ificate to sign with (sign only).</p></dd><dt><span class="term">-n </span></dt><dd><p>Suppress output of contents (decode only).</p></dd><dt><span class="term">-o outfile</span></dt><dd><p>Use outfile as a destination of data (default is stdout).</p></dd><dt><span class="term">-P</span></dt><dd><p>Include an S/MIME capabilities attribute.</p></dd><dt><span class="term">-p password</span></dt><dd><p>Use password as key database password.</p></dd><dt><span class="term">-r recipient1,recipient2, ...</span></dt><dd><p>
 Specify list of recipients (email addresses) for an encrypted or enveloped message. 
 For certificates-only message, list of certificates to send.
           </p></dd><dt><span class="term">-T</span></dt><dd><p>Suppress content in CMS message (sign only).</p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Set type of cert usage (default is certUsageEmailSigner).</p></dd><dt><span class="term">-v</span></dt><dd><p>Print debugging information.</p></dd><dt><span class="term">-Y ekprefnick</span></dt><dd><p>Specify an encryption key preference by nickname.</p></dd></dl></div></div><div class="refsection"><a name="usage"></a><h2>Usage</h2><p>Encrypt Example</p><pre class="programlisting">
@@ -21,10 +21,7 @@ cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,reci
 cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."
       </pre><p>Sign Message Example</p><pre class="programlisting">
 cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
-      </pre></div><div class="refsection"><a name="idm207694289248"></a><h2>See also</h2><p>certutil(1)</p></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p></p><p>
-	</p><p>
-	</p><p>
-	</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+      </pre></div><div class="refsection"><a name="seealso"></a><h2>See also</h2><p>certutil(1)</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
 	Authors: Elio Maldonado <emaldona at redhat.com>, Deon Lackey <dlackey at redhat.com>.
     </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
     </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/security/nss/doc/html/crlutil.html b/security/nss/doc/html/crlutil.html
index 3f39545..c27a06e 100644
--- a/security/nss/doc/html/crlutil.html
+++ b/security/nss/doc/html/crlutil.html
@@ -1,6 +1,6 @@
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CRLUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CRLUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CRLUTIL</th></tr></table><hr></div><div class="refentry"><a name="crlutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>crlutil — 
 List, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.
-    </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">crlutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm207693223392"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">crlutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233261315520"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Revocation List (CRL) Management Tool, <span class="command"><strong>crlutil</strong></span>, is a command-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.
     </p><p>
 The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database(see certutil tool) and continues with certificates expiration or revocation.
@@ -16,44 +16,42 @@ where options and arguments are combinations of the options and arguments listed
 	</p><p><span class="command"><strong>Options</strong></span></p><p>
 Options specify an action. Option arguments modify an action. 
 The options and arguments for the crlutil command are defined as follows:
-    </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-G </span></dt><dd><p>
-Create new Certificate Revocation List(CRL).
-          </p></dd><dt><span class="term">-D </span></dt><dd><p>
+    </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-D </span></dt><dd><p>
 Delete Certificate Revocation List from cert database.
-          </p></dd><dt><span class="term">-I </span></dt><dd><p>
-Import a CRL to the cert database
           </p></dd><dt><span class="term">-E </span></dt><dd><p>
 Erase all CRLs of specified type from the cert database
+          </p></dd><dt><span class="term">-G </span></dt><dd><p>
+Create new Certificate Revocation List (CRL).
+          </p></dd><dt><span class="term">-I </span></dt><dd><p>
+Import a CRL to the cert database
           </p></dd><dt><span class="term">-L </span></dt><dd><p>
 List existing CRL located in cert database file.
-          </p></dd><dt><span class="term">-S </span></dt><dd><p>
-Show contents of a CRL file which isn't stored in the database.
           </p></dd><dt><span class="term">-M </span></dt><dd><p>
 Modify existing CRL which can be located in cert db or in arbitrary file. If located in file it should be encoded in ASN.1 encode format.
-          </p></dd><dt><span class="term">-G </span></dt><dd><p>
-
-          </p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action and are lowercase.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-B </span></dt><dd><p>
-Bypass CA signature checks.
-          </p></dd><dt><span class="term">-P dbprefix </span></dt><dd><p>
-Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.
-          </p></dd><dt><span class="term">-a </span></dt><dd><p>
+          </p></dd><dt><span class="term">-S </span></dt><dd><p>
+Show contents of a CRL file which isn't stored in the database.
+          </p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-a </span></dt><dd><p>
 Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113.
+          </p></dd><dt><span class="term">-B </span></dt><dd><p>
+Bypass CA signature checks.
           </p></dd><dt><span class="term">-c crl-gen-file </span></dt><dd><p>
 Specify script file that will be used to control crl generation/modification. See crl-cript-file format below. If options -M|-G is used and -c crl-script-file is not specified, crlutil will read script data from standard input.
           </p></dd><dt><span class="term">-d directory </span></dt><dd><p>
 Specify the database directory containing the certificate and key database files. On Unix the Certificate Database Tool defaults to $HOME/.netscape (that is, ~/.netscape). On Windows NT the default is the current directory.
           </p><p>
 The NSS database files must reside in the same directory.
-          </p></dd><dt><span class="term">-i crl-file </span></dt><dd><p>
-Specify the file which contains the CRL to import or show.
           </p></dd><dt><span class="term">-f password-file </span></dt><dd><p>
 Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.
+          </p></dd><dt><span class="term">-i crl-file </span></dt><dd><p>
+Specify the file which contains the CRL to import or show.
           </p></dd><dt><span class="term">-l algorithm-name </span></dt><dd><p>
 Specify a specific signature algorithm. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512
           </p></dd><dt><span class="term">-n nickname </span></dt><dd><p>
 Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.
           </p></dd><dt><span class="term">-o output-file </span></dt><dd><p>
 Specify the output file name for new CRL. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.
+          </p></dd><dt><span class="term">-P dbprefix </span></dt><dd><p>
+Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.
           </p></dd><dt><span class="term">-t crl-type </span></dt><dd><p>
 Specify type of CRL. possible types are: 0 - SEC_KRL_TYPE, 1 - SEC_CRL_TYPE. This option is obsolete
           </p></dd><dt><span class="term">-u url </span></dt><dd><p>
@@ -103,7 +101,7 @@ Implemented Extensions
      </p><p>
     * Add The Authority Key Identifier extension:
      </p><p>
-      The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.
+The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.
      </p><p>
           authKeyId critical [key-id | dn cert-serial]
      </p><p>
@@ -200,10 +198,7 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr
     * Import CRL from file:
     </p><pre class="programlisting">
           crlutil -I -i crl [-t crlType] [-u url] [-d keydir] [-P dbprefix] [-B] 
-    </pre></div><div class="refsection"><a name="idm207692123648"></a><h2>See also</h2><p>certutil(1)</p></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p></p><p>
-	</p><p>
-	</p><p>
-	</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+    </pre></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil(1)</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
 	Authors: Elio Maldonado <emaldona at redhat.com>, Deon Lackey <dlackey at redhat.com>.
     </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
     </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/security/nss/doc/html/modutil.html b/security/nss/doc/html/modutil.html
index e67fde2..5c53b0a 100644
--- a/security/nss/doc/html/modutil.html
+++ b/security/nss/doc/html/modutil.html
@@ -1,7 +1,7 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>MODUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="MODUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">MODUTIL</th></tr></table><hr></div><div class="refentry"><a name="modutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>modutil — Manage PKCS #11 module information within the security module database.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">modutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm224666099264"></a><h2>STATUS</h2><p>This documentation is still work in pr
 ogress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>MODUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="MODUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">MODUTIL</th></tr></table><hr></div><div class="refentry"><a name="modutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>modutil — Manage PKCS #11 module information within the security module database.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">modutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233245929376"></a><h2>STATUS</h2><p>This documentation is still work in pr
 ogress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Security Module Database Tool, <span class="command"><strong>modutil</strong></span>, is a command-line utility for managing PKCS #11 module information both within <code class="filename">secmod.db</code> files and within hardware tokens. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><p>
 		Running <span class="command"><strong>modutil</strong></span> always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments.
-	</p><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-add modulename</span></dt><dd><p>Add the named PKCS #11 module to the database. Use this option with the <code class="option">-libfile</code>, <code class="option">-ciphers</code>, and <code class="option">-mechanisms</code> arguments.</p></dd><dt><span class="term">-changepw tokenname</span></dt><dd><p>Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the <code class="option">-pwfile</code> and <code class="option">-newpwfile</code> arguments. A <span class="emphasis"><em>password</em></span> is equivalent to a personal identification number (PIN).</p></dd><dt><span class="term">-chkfips</span></dt><dd><p>Verify whether the module is in the given FIPS mode. <span class="command"><strong>true</strong></span> means to verify that the module is in FIPS mode, wh
 ile <span class="command"><strong>false</strong></span> means to verify that the module is not in FIPS mode.</p></dd><dt><span class="term">-create</span></dt><dd><p>Create new certificate, key, and module databases. Use the <code class="option">-dbdir</code> directory argument to specify a directory. If any of these databases already exist in a specified directory, <span class="command"><strong>modutil</strong></span> returns an error message.</p></dd><dt><span class="term">-default modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd><dt><span class="term">-delete modulename</span></dt><dd><p>Delete the named module. The default NSS PKCS #11 module cannot be deleted.</p></dd><dt><span class="term">-disable modulename</span></dt><dd><p>Disable all slots on the named module. Use the <code class="option">-slot</code> a
 rgument to disable a specific slot.</p></dd><dt><span class="term">-enable modulename</span></dt><dd><p>Enable all slots on the named module. Use the <code class="option">-slot</code> argument to enable a specific slot.</p></dd><dt><span class="term">-fips [true | false]</span></dt><dd><p>Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.</p></dd><dt><span class="term">-force</span></dt><dd><p>Disable <span class="command"><strong>modutil</strong></span>'s interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.</p></dd><dt><span class="term">-jar JAR-file</span></dt><dd><p>Add a new PKCS #11 module to the database using the named JAR file. Use this command with the <code class="option">-installdir</code> and <code class="option">-tempdir</code> arguments. The JAR file
  uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with <span class="command"><strong>modutil</strong></span>. </p></dd><dt><span class="term">-list [modulename]</span></dt><dd><p>Display basic information about the contents of the <code class="filename">secmod.db</code> file. Specifying a <span class="emphasis"><em>modulename</em></span> displays detailed information about a particular module and its slots and tokens.</p></dd><dt><span class="term">-rawadd</span></dt><dd><p>Add the module spec string to the <code class="filename">secmod.db</code> database.</p></dd><dt><span class="term">-rawlist</span>
 </dt><dd><p>Display the module specs for a specified module or for all loadable modules.</p></dd><dt><span class="term">-undefault modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">MODULE</span></dt><dd><p>Give the security module to access.</p></dd><dt><span class="term">MODULESPEC</span></dt><dd><p>Give the security module spec to load into the security database.</p></dd><dt><span class="term">-ciphers cipher-enable-list</span></dt><dd><p>Enable specific ciphers in a module that is being added to the database. The <span class="emphasis"><em>cipher-enable-list</em></span> is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains 
 spaces.</p></dd><dt><span class="term">-dbdir [sql:]directory</span></dt><dd><p>Specify the database directory in which to access or create security module database files.</p><p><span class="command"><strong>modutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">--dbprefix prefix</span></dt><dd><p>Specify the prefix used on the database files, such as <code class="filename">my_</code> for <code class="filename">my_cert8.db</code>. This option is provided as a special case. Changing the names of the certi
 ficate and key databases is not recommended.</p></dd><dt><span class="term">-installdir root-installation-directory</span></dt><dd><p>Specify the root installation directory relative to which files will be installed by the <code class="option">-jar</code> option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.</p></dd><dt><span class="term">-libfile library-file</span></dt><dd><p>Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.</p></dd><dt><span class="term">-mechanisms mechanism-list</span></dt><dd><p>Specify the security mechanisms for which a particular module will be flagged as a default provider. The <span class="emphasis"><em>mechanism-list</em></span> is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.</p><p>The module becomes a default provider for the listed mec
 hanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.</p><p><span class="command"><strong>modutil</strong></span> supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).</p></dd><dt><span class="term">-newpwfile new-password-file</span></dt><dd><p>Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the <code class="option">-changepw</code> option.</p></dd><dt><span class="term">-nocertdb</span></dt><dd><p>Do not open the certificate or key databases. This has several effects:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>With the <code class="option">-create</code> command, only a module
  security file is created; certificate and key databases are not created.</p></li><li class="listitem"><p>With the <code class="option">-jar</code> command, signatures on the JAR file are not checked.</p></li><li class="listitem"><p>With the <code class="option">-changepw</code> command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.</p></li></ul></div></dd><dt><span class="term">-pwfile old-password-file</span></dt><dd><p>Specify a text file containing a token's existing password so that a password can be entered automatically when the <code class="option">-changepw</code> option is used to change passwords.</p></dd><dt><span class="term">-secmod secmodname</span></dt><dd><p>Give the name of the security module database (like <code class="filename">secmod.db</code>) to load.</p></dd><dt><span class="term">-slot slotname</span></dt><dd><p>Specify a particular slot to be enabled or disabled with the <code class="op
 tion">-enable</code> or <code class="option">-disable</code> options.</p></dd><dt><span class="term">-string CONFIG_STRING</span></dt><dd><p>Pass a configuration string for the module being added to the database.</p></dd><dt><span class="term">-tempdir temporary-directory</span></dt><dd><p>Give a directory location where temporary files are created during the installation by the <code class="option">-jar</code> option. If no temporary directory is specified, the current directory is used.</p></dd></dl></div></div><div class="refsection"><a name="usage-and-examples"></a><h2>Usage and Examples</h2><p><span class="command"><strong>Creating Database Files</strong></span></p><p>Before any operations can be performed, there must be a set of security databases available. <span class="command"><strong>modutil</strong></span> can be used to create these files. The only required argument is the database that where the databases will be located.</p><pre class="programlisting">modutil -create -
 dbdir [sql:]directory</pre><p><span class="command"><strong>Adding a Cryptographic Module</strong></span></p><p>Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through <span class="command"><strong>modutil</strong></span> directly or by running a JAR file and install script. For the most basic case, simply upload the library:</p><pre class="programlisting">modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] </pre><p>For example:
+	</p><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-add modulename</span></dt><dd><p>Add the named PKCS #11 module to the database. Use this option with the <code class="option">-libfile</code>, <code class="option">-ciphers</code>, and <code class="option">-mechanisms</code> arguments.</p></dd><dt><span class="term">-changepw tokenname</span></dt><dd><p>Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the <code class="option">-pwfile</code> and <code class="option">-newpwfile</code> arguments. A <span class="emphasis"><em>password</em></span> is equivalent to a personal identification number (PIN).</p></dd><dt><span class="term">-chkfips</span></dt><dd><p>Verify whether the module is in the given FIPS mode. <span class="command"><strong>true</strong></span> means to verify that the module is in FIPS mode, wh
 ile <span class="command"><strong>false</strong></span> means to verify that the module is not in FIPS mode.</p></dd><dt><span class="term">-create</span></dt><dd><p>Create new certificate, key, and module databases. Use the <code class="option">-dbdir</code> directory argument to specify a directory. If any of these databases already exist in a specified directory, <span class="command"><strong>modutil</strong></span> returns an error message.</p></dd><dt><span class="term">-default modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd><dt><span class="term">-delete modulename</span></dt><dd><p>Delete the named module. The default NSS PKCS #11 module cannot be deleted.</p></dd><dt><span class="term">-disable modulename</span></dt><dd><p>Disable all slots on the named module. Use the <code class="option">-slot</code> a
 rgument to disable a specific slot.</p><p>The internal NSS PKCS #11 module cannot be disabled.</p></dd><dt><span class="term">-enable modulename</span></dt><dd><p>Enable all slots on the named module. Use the <code class="option">-slot</code> argument to enable a specific slot.</p></dd><dt><span class="term">-fips [true | false]</span></dt><dd><p>Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.</p></dd><dt><span class="term">-force</span></dt><dd><p>Disable <span class="command"><strong>modutil</strong></span>'s interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.</p></dd><dt><span class="term">-jar JAR-file</span></dt><dd><p>Add a new PKCS #11 module to the database using the named JAR file. Use this command with the <code class="option">-installdir</code> and <
 code class="option">-tempdir</code> arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with <span class="command"><strong>modutil</strong></span>. </p></dd><dt><span class="term">-list [modulename]</span></dt><dd><p>Display basic information about the contents of the <code class="filename">secmod.db</code> file. Specifying a <span class="emphasis"><em>modulename</em></span> displays detailed information about a particular module and its slots and tokens.</p></dd><dt><span class="term">-rawadd</span></dt><dd><p>Add the module spec string to the <code class="filename">secmod.db</cod
 e> database.</p></dd><dt><span class="term">-rawlist</span></dt><dd><p>Display the module specs for a specified module or for all loadable modules.</p></dd><dt><span class="term">-undefault modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">MODULE</span></dt><dd><p>Give the security module to access.</p></dd><dt><span class="term">MODULESPEC</span></dt><dd><p>Give the security module spec to load into the security database.</p></dd><dt><span class="term">-ciphers cipher-enable-list</span></dt><dd><p>Enable specific ciphers in a module that is being added to the database. The <span class="emphasis"><em>cipher-enable-list</em></span> is a colon-delimited list of cipher 
 names. Enclose this list in quotation marks if it contains spaces.</p></dd><dt><span class="term">-dbdir [sql:]directory</span></dt><dd><p>Specify the database directory in which to access or create security module database files.</p><p><span class="command"><strong>modutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">--dbprefix prefix</span></dt><dd><p>Specify the prefix used on the database files, such as <code class="filename">my_</code> for <code class="filename">my_cert8.db</code>. This option is 
 provided as a special case. Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-installdir root-installation-directory</span></dt><dd><p>Specify the root installation directory relative to which files will be installed by the <code class="option">-jar</code> option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.</p></dd><dt><span class="term">-libfile library-file</span></dt><dd><p>Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.</p></dd><dt><span class="term">-mechanisms mechanism-list</span></dt><dd><p>Specify the security mechanisms for which a particular module will be flagged as a default provider. The <span class="emphasis"><em>mechanism-list</em></span> is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.</p>
 <p>The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.</p><p><span class="command"><strong>modutil</strong></span> supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).</p></dd><dt><span class="term">-newpwfile new-password-file</span></dt><dd><p>Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the <code class="option">-changepw</code> option.</p></dd><dt><span class="term">-nocertdb</span></dt><dd><p>Do not open the certificate or key databases. This has several effects:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>With the
  <code class="option">-create</code> command, only a module security file is created; certificate and key databases are not created.</p></li><li class="listitem"><p>With the <code class="option">-jar</code> command, signatures on the JAR file are not checked.</p></li><li class="listitem"><p>With the <code class="option">-changepw</code> command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.</p></li></ul></div></dd><dt><span class="term">-pwfile old-password-file</span></dt><dd><p>Specify a text file containing a token's existing password so that a password can be entered automatically when the <code class="option">-changepw</code> option is used to change passwords.</p></dd><dt><span class="term">-secmod secmodname</span></dt><dd><p>Give the name of the security module database (like <code class="filename">secmod.db</code>) to load.</p></dd><dt><span class="term">-slot slotname</span></dt><dd><p>Specify a particu
 lar slot to be enabled or disabled with the <code class="option">-enable</code> or <code class="option">-disable</code> options.</p></dd><dt><span class="term">-string CONFIG_STRING</span></dt><dd><p>Pass a configuration string for the module being added to the database.</p></dd><dt><span class="term">-tempdir temporary-directory</span></dt><dd><p>Give a directory location where temporary files are created during the installation by the <code class="option">-jar</code> option. If no temporary directory is specified, the current directory is used.</p></dd></dl></div></div><div class="refsection"><a name="usage-and-examples"></a><h2>Usage and Examples</h2><p><span class="command"><strong>Creating Database Files</strong></span></p><p>Before any operations can be performed, there must be a set of security databases available. <span class="command"><strong>modutil</strong></span> can be used to create these files. The only required argument is the database that where the databases will b
 e located.</p><pre class="programlisting">modutil -create -dbdir [sql:]directory</pre><p><span class="command"><strong>Adding a Cryptographic Module</strong></span></p><p>Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through <span class="command"><strong>modutil</strong></span> directly or by running a JAR file and install script. For the most basic case, simply upload the library:</p><pre class="programlisting">modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] </pre><p>For example:
 </p><pre class="programlisting">modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
 
 Using database directory ... 
@@ -211,7 +211,8 @@ MD2:                   0x00000400
 RANDOM:                0x08000000
 FRIENDLY:              0x10000000
 OWN_PW_DEFAULTS:       0x20000000
-DISABLE:               0x40000000</pre><p><span class="command"><strong>CipherEnableFlags</strong></span> specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the <code class="option">-cipher</code> argument with the <code class="option">-add</code> command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the <span class="command"><strong>CipherEnableFlags</strong></span> entry is omitted, the value defaults to 0x0.</p><p><span class="command"><strong>EquivalentPlatform</strong></span> specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.</p><p><span class="command"><strong>Per-File Keys</strong></span></p><p>Some keys have meaning only within the value list of an entry in a <span class="command"><strong>Files</strong></span> l
 ist.</p><p>Each file requires a path key the identifies where the file is. Either <span class="command"><strong>RelativePath</strong></span> or <span class="command"><strong>AbsolutePath</strong></span> must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.</p><p><span class="command"><strong>RelativePath</strong></span> specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: <span class="command"><strong>%root%</strong></span> and <span class="command"><strong>%temp%</strong></span>. <span class="command"><strong>%root%</strong></span> is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The <span class="command"><strong>%temp%</strong></span> directory is created at the beginning of
  the installation and destroyed at the end. The purpose of <span class="command"><strong>%temp%</strong></span> is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.</p><p><span class="command"><strong>AbsolutePath</strong></span> specifies the destination directory of the file as an absolute path. </p><p><span class="command"><strong>Executable</strong></span> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</p><p><span class="command"><strong>FilePermissions</strong></span> sets
  permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</p><pre class="programlisting">user read:                0400
+DISABLE:               0x40000000</pre><p><span class="command"><strong>CipherEnableFlags</strong></span> specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the <code class="option">-cipher</code> argument with the <code class="option">-add</code> command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the <span class="command"><strong>CipherEnableFlags</strong></span> entry is omitted, the value defaults to 0x0.</p><p><span class="command"><strong>EquivalentPlatform</strong></span> specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.</p><p><span class="command"><strong>Per-File Keys</strong></span></p><p>Some keys have meaning only within the value list of an entry in a <span class="command"><strong>Files</strong></span> l
 ist.</p><p>Each file requires a path key the identifies where the file is. Either <span class="command"><strong>RelativePath</strong></span> or <span class="command"><strong>AbsolutePath</strong></span> must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.</p><p><span class="command"><strong>RelativePath</strong></span> specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: <span class="command"><strong>%root%</strong></span> and <span class="command"><strong>%temp%</strong></span>. <span class="command"><strong>%root%</strong></span> is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The <span class="command"><strong>%temp%</strong></span> directory is created at the beginning of
  the installation and destroyed at the end. The purpose of <span class="command"><strong>%temp%</strong></span> is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.</p><p><span class="command"><strong>AbsolutePath</strong></span> specifies the destination directory of the file as an absolute path. </p><p><span class="command"><strong>Executable</strong></span> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</p><p><span class="command"><strong>FilePermissions</strong></span> sets
  permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</p><pre class="programlisting">
+user read:                0400
 user write:               0200
 user execute:             0100
 group read:               0040
@@ -219,7 +220,8 @@ group write:              0020
 group execute:            0010
 other read:               0004
 other write:              0002
-other execute:       0001</pre><p>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
+other execute:            0001
+</pre><p>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
 The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			cert8.db for certificates
 		</p></li><li class="listitem"><p>
@@ -236,7 +238,7 @@ BerkleyDB. These new databases provide more accessibility and performance:</p><d
 		</p></li><li class="listitem"><p>
 			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
 		</p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. 
-Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting">modutil -create -dbdir sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting">modutil -create -dbdir sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be added to the <code class="filename">~/.bashrc</code> file to make the change permanent for the user.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB
 		</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>pk12util (1)</p><p>signtool (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
diff --git a/security/nss/doc/html/pk12util.html b/security/nss/doc/html/pk12util.html
index 2663bcf..fe516dd 100644
--- a/security/nss/doc/html/pk12util.html
+++ b/security/nss/doc/html/pk12util.html
@@ -1,13 +1,9 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code>  [-i p12File [-h tokenname] [-v] [common-options] ] [
-        -l p12File [-h tokenname] [-r] [common-options] ] [
-        -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] ] [
-
-common-options are:
-[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] 
-      ]</p></div></div><div class="refsection"><a name="idm224682436944"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
-    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS#12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS#12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS#12 file.</p></dd></dl></div><p><span class="command"><strong>Argume
 nts</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificat
 e and key databases. This option is provided as a special case. 
-          Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the key cert (overall package) encryption algorithm.</p></dd><dt><span cl
 ass="term">-m | --key-len  keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len  certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></l
 i><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch
  error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS#12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token).
-    </p><pre class="programlisting">pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</pre><p>For example:</p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code>  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsecti
 on"><a name="idm233250345408"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS#12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS#12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS#12 file.</p></dd></dl></div><p><span class="command"><strong>Argume
 nts</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the key cert (overall package) encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old forma
 t.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len  keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len  certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+          Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"
 ><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 
 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS#12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</c
 ode> for a directory or <code class="option">-h</code> for a token).
+    </p><p>
+    pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
+    </p><p>For example:</p><p> </p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
 
 Enter a password which will be used to encrypt your keys.
 The password should be at least 8 characters long,
@@ -17,10 +13,10 @@ Enter new password:
 Re-enter password: 
 Enter password for PKCS12 file: 
 pk12util: PKCS12 IMPORT SUCCESSFUL</pre><p><span class="command"><strong>Exporting Keys and Certificates</strong></span></p><p>Using the <span class="command"><strong>pk12util</strong></span> command to export certificates and keys requires both the name of the certificate to extract from the database (<code class="option">-n</code>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
-    </p><pre class="programlisting">pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</pre><p>For example:</p><pre class="programlisting"># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
+    </p><p>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example:</p><pre class="programlisting"># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
 Enter password for PKCS12 file: 
 Re-enter password: </pre><p><span class="command"><strong>Listing Keys and Certificates</strong></span></p><p>The information in a <code class="filename">.p12</code> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <code class="filename">.p12</code> file.
-    </p><pre class="programlisting">pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</pre><p>For example, this prints the default ASCII output:</p><pre class="programlisting"># pk12util -l certs.p12
+    </p><p>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example, this prints the default ASCII output:</p><pre class="programlisting"># pk12util -l certs.p12
 
 Enter password for PKCS12 file: 
 Key(shrouded):
@@ -39,7 +35,7 @@ Certificate:
         Issuer: "E=personal-freemail at thawte.com,CN=Thawte Personal Freemail C
             A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
             own,ST=Western Cape,C=ZA"
-....</pre><p>Alternatively, the <code class="option">-r</code> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <code class="filename">.p12</code> files. Each certificate is written to a sequentially-number file, beginning with <code class="filename">file0001.der</code> and continuing through <code class="filename">file000N.der</code>, incrementing the number for every certificate:</p><pre class="programlisting"># pk12util -l test.p12 -r
+    </pre><p>Alternatively, the <code class="option">-r</code> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <code class="filename">.p12</code> files. Each certificate is written to a sequentially-number file, beginning with <code class="filename">file0001.der</code> and continuing through <code class="filename">file000N.der</code>, incrementing the number for every certificate:</p><pre class="programlisting">pk12util -l test.p12 -r
 Enter password for PKCS12 file: 
 Key(shrouded):
     Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
@@ -51,7 +47,8 @@ Key(shrouded):
             Iteration Count: 1 (0x1)
 Certificate    Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
 
-Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID</pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</strong></span> for private key encryption. <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</strong></span> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><
 dt><span class="term">Symmetric CBC ciphers for PKCS#5 V2</span></dt><dd><p>DES_CBC</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>RC2-CBC</p></li><li class="listitem"><p>RC5-CBCPad</p></li><li class="listitem"><p>DES-EDE3-CBC (the default for key encryption)</p></li><li class="listitem"><p>AES-128-CBC</p></li><li class="listitem"><p>AES-192-CBC</p></li><li class="listitem"><p>AES-256-CBC</p></li><li class="listitem"><p>CAMELLIA-128-CBC</p></li><li class="listitem"><p>CAMELLIA-192-CBC</p></li><li class="listitem"><p>CAMELLIA-256-CBC</p></li></ul></div></dd><dt><span class="term">PKCS#12 PBE ciphers</span></dt><dd><p>PKCS #12 PBE with Sha1 and 128 Bit RC4</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and Triple DES CBC</p></li><li class="listitem"><p>PKCS #12 PBE with
  Sha1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</p></li></ul></div></dd><dt><span class="term">PKCS#5 PBE ciphers</span></dt><dd><p>PKCS #5 Password Based Encryption with MD2 and DES CBC</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #5 Password Based Encryption with MD5 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with SHA1 and DES CBC</p></li></ul></div>
 </dd></dl></div><p>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
+Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+    </pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</strong></span> for private key encryption. <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</strong></span> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Symmetric CBC ciphers for PKCS#5 V2</span></dt><dd><div clas
 s="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>DES-CBC</p></li><li class="listitem"><p>RC2-CBC</p></li><li class="listitem"><p>RC5-CBCPad</p></li><li class="listitem"><p>DES-EDE3-CBC (the default for key encryption)</p></li><li class="listitem"><p>AES-128-CBC</p></li><li class="listitem"><p>AES-192-CBC</p></li><li class="listitem"><p>AES-256-CBC</p></li><li class="listitem"><p>CAMELLIA-128-CBC</p></li><li class="listitem"><p>CAMELLIA-192-CBC</p></li><li class="listitem"><p>CAMELLIA-256-CBC</p></li></ul></div></dd><dt><span class="term">PKCS#12 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and Triple DES CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</p><
 /li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</p></li></ul></div></dd><dt><span class="term">PKCS#5 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #5 Password Based Encryption with MD2 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with MD5 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with SHA1 and DES CBC</p></li></ul></div></dd
 ></dl></div><p>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
 The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			cert8.db for certificates
 		</p></li><li class="listitem"><p>
diff --git a/security/nss/doc/html/pp.html b/security/nss/doc/html/pp.html
index 5b2e234..4407ef7 100644
--- a/security/nss/doc/html/pp.html
+++ b/security/nss/doc/html/pp.html
@@ -1,7 +1,7 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PP</th></tr></table><hr></div><div class="refentry"><a name="pp"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pp — Prints certificates, keys, crls, and pkcs7 files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pp -t type [-a] [-i input] [-o output]</code> </p></div></div><div class="refsection"><a name="idm224681757664"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477
 " target="_top">Mozilla NSS bug 836477</a>
-    </p></div><div class="refsection"><a name="idm224678000880"></a><h2>Description</h2><p><span class="command"><strong>pp </strong></span>pretty-prints private and public key, certificate, certificate-request,
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PP</th></tr></table><hr></div><div class="refentry"><a name="pp"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pp — Prints certificates, keys, crls, and pkcs7 files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pp -t type [-a] [-i input] [-o output]</code> </p></div></div><div class="refsection"><a name="idm233254308544"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477
 " target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="idm233250605968"></a><h2>Description</h2><p><span class="command"><strong>pp </strong></span>pretty-prints private and public key, certificate, certificate-request,
                      pkcs7 or crl files
-    </p></div><div class="refsection"><a name="idm224677998992"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-t </code> <em class="replaceable"><code>type</code></em></span></dt><dd><p class="simpara">specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</p><p class="simpara"></p></dd><dt><span class="term"><code class="option">-a </code></span></dt><dd>Input is in ascii encoded form (RFC1113)</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>inputfile</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>outputfile</code></em></span></dt><dd>Define an output file to use (default is stdout)</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunctio
 n with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel at redhat.com and pki-users at redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+    </p></div><div class="refsection"><a name="idm233250603984"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-t </code> <em class="replaceable"><code>type</code></em></span></dt><dd><p class="simpara">specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</p><p class="simpara"></p></dd><dt><span class="term"><code class="option">-a </code></span></dt><dd>Input is in ascii encoded form (RFC1113)</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>inputfile</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>outputfile</code></em></span></dt><dd>Define an output file to use (default is stdout)</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunctio
 n with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel at redhat.com and pki-users at redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
 	Authors: Elio Maldonado <emaldona at redhat.com>, Deon Lackey <dlackey at redhat.com>.
     </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
     </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/security/nss/doc/html/signtool.html b/security/nss/doc/html/signtool.html
index 1e33a47..84568e1 100644
--- a/security/nss/doc/html/signtool.html
+++ b/security/nss/doc/html/signtool.html
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>signtool</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="signtool"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">signtool</th></tr></table><hr></div><div class="refentry"><a name="signtool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signtool — Digitally sign objects and files.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code>  [-k keyName] [[-h]] [[-H]] [[-l]] [[-L]] [[-M]] [[-v]] [[-w]] [[-G nickname]] [[--keysize | -s size]] [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-i installer script] ] [[-m metafile] ] [[-x name] ] [[-f filename] ] [[-t|--token tokenname] ] [[-e e
 xtension] ] [[-o] ] [[-z] ] [[-X] ] [[--outfile] ] [[--verbose value] ] [[--norecurse] ] [[--leavearc] ] [[-j directory] ] [[-Z jarfile] ] [[-O] ] [[-p password] ] [directory-tree] [archive]</p></div></div><div class="refsection"><a name="idm224666150896"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>signtool</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="signtool"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">signtool</th></tr></table><hr></div><div class="refentry"><a name="signtool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signtool — Digitally sign objects and files.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code>  [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-e extension] ] [[-f filename] ] [[-i installer script] ] [[-h]] [[-H]] [[-v]] [[-w]] [[-G nickname]] [[-J]] [[-j directory] ] [-k keyName] [[--keysize | -s size]] [[-l]] [[-L]] [[-M]] [[-m metafile] ] [[
 --norecurse] ] [[-O] ] [[-o] ] [[--outfile] ] [[-p password] ] [[-t|--token tokenname] ] [[-z] ] [[-X] ] [[-x name] ] [[--verbose value] ] [[--leavearc] ] [[-Z jarfile] ] [directory-tree] [archive]</p></div></div><div class="refsection"><a name="idm233257546416"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signing Tool, <span class="command"><strong>signtool</strong></span>, creates digital signatures and uses a Java Archive (JAR) file to associate the signatures with files in a directory. Electronic software distribution over any network involves potential security problems. To help address some of these problems, you can associate digital signatures with the files in a JAR archive. Digital signatures allow SSL-enabled clients to perform two important operations:</p><p>* Confirm the identity of the individual, company, or other entity whose digital signature is associated with the files</p><p>* Check whether the files have been tampered with since being signed</p><p>If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file. An object-signing certificate is a special kind of certificate that allows you to associate your digital si
 gnature with one or more files.</p><p>An individual file can potentially be signed with multiple digital signatures. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company. A network administrator manager might sign the same files with an additional digital signature based on a company-generated certificate to indicate that the product is approved for use within the company.</p><p>The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have signed a file, it is difficult to claim later that you didn't sign it. In some situations, a digital signature may be considered as legally binding as a handwritten signature. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute.</p><p>For example, if you are a software developer, you should test your code to make sure it is virus-fre
 e before signing it. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it.</p><p>Before you can use Netscape Signing Tool to sign files, you must have an object-signing certificate, which is a special certificate whose associated private key is used to create digital signatures. For testing purposes only, you can create an object-signing certificate with Netscape Signing Tool 1.3. When testing is finished and you are ready to disitribute your software, you should obtain an object-signing certificate from one of two kinds of sources:</p><p>* An independent certificate authority (CA) that authenticates your identity and charges you a fee. You typically get a certificate from an independent CA if you want to sign software that will be distributed over the Internet.</p><p>* CA server software running on your cor
 porate intranet or extranet. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object-signing certificates.</p><p>You must also have a certificate for the CA that issues your signing certificate before you can sign files. If the certificate authority's certificate isn't already installed in your copy of Communicator, you typically install it by clicking the appropriate link on the certificate authority's web site, for example on the page from which you initiated enrollment for your signing certificate. This is the case for some test certificates, as well as certificates issued by Netscape Certificate Management System: you must download the the CA certificate in addition to obtaining your own signing certificate. CA certificates for several certificate authorities are preinstalled in the Communicator certificate database.</p><p>When you receive an object-signing certificate for 
 your own use, it is automatically installed in your copy of the Communicator client software. Communicator supports the public-key cryptography standard known as PKCS #12, which governs key portability. You can, for example, move an object-signing certificate and its associated private key from one computer to another on a credit-card-sized device called a smart card.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b basename</span></dt><dd><p>Specifies the base filename for the .rsa and .sf files in the META-INF directory to conform with the JAR format. For example, <span class="emphasis"><em>-b signatures</em></span> causes the files to be named signatures.rsa and signatures.sf. The default is signtool.</p></dd><dt><span class="term">-c#</span></dt><dd><p>
 	Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes.
 
@@ -11,18 +11,6 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v
 	Tells signtool to sign only files with the given extension; for example, use -e".class" to sign only Java class files. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify multiple file types or classes to include.
 </p></dd><dt><span class="term">-f commandfile</span></dt><dd><p>
 	Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques".
-</p></dd><dt><span class="term">-i scriptname</span></dt><dd><p>
-	Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script.
-</p></dd><dt><span class="term">-j directory</span></dt><dd><p>
-	Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT.
-</p></dd><dt><span class="term">-k key ... directory</span></dt><dd><p>
-	Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write
-
-signtool -k MyCert -d . signdir
-
-You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform.
-
-It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate.
 </p></dd><dt><span class="term">-G nickname</span></dt><dd><p>
 	Generates a new private-public key pair and corresponding object-signing certificate with the given nickname.
 
@@ -30,19 +18,31 @@ The newly generated keys and certificate are installed into the key and certific
 
 Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects.
 
-The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241.
-</p></dd><dt><span class="term">-l</span></dt><dd><p>
-	Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate.
-
-The -l option is available in Netscape Signing Tool 1.0 and later versions only.
-</p></dd><dt><span class="term">-J</span></dt><dd><p>
-	Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once.
+The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token.
+        </p></dd><dt><span class="term">-i scriptname</span></dt><dd><p>
+Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script.
+        </p></dd><dt><span class="term">-J</span></dt><dd><p>
+Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once.
 
 The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option.
 
 If the -c# option is not used with the -J option, the default compression value is 6.
 
 Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages.
+          </p></dd><dt><span class="term">-j directory</span></dt><dd><p>
+	Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT.
+</p></dd><dt><span class="term">-k key ... directory</span></dt><dd><p>
+	Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write
+
+signtool -k MyCert -d . signdir
+
+You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform.
+
+It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate.
+</p></dd><dt><span class="term">-l</span></dt><dd><p>
+	Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate.
+
+The -l option is available in Netscape Signing Tool 1.0 and later versions only.
 </p></dd><dt><span class="term">-L</span></dt><dd><p>
 	Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool.
 </p></dd><dt><span class="term">--leavearc</span></dt><dd><p>
diff --git a/security/nss/doc/html/signver.html b/security/nss/doc/html/signver.html
index 4e6573d..ade57de 100644
--- a/security/nss/doc/html/signver.html
+++ b/security/nss/doc/html/signver.html
@@ -1,7 +1,7 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SIGNVER</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SIGNVER"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SIGNVER</th></tr></table><hr></div><div class="refentry"><a name="signver"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signver — Verify a detached PKCS#7 signature for a file.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code>    -A  |   -V    -d <em class="replaceable"><code>directory</code></em>  [-a] [-i <em class="replaceable"><code>input_file</code></em>] [-o <em class="replaceable"><code>output_file</code></em>] [-s <em class="replaceable"><code>signature_file</code></em>] [
 -v]</p></div></div><div class="refsection"><a name="idm224680848704"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
-    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signature Verification Tool, <span class="command"><strong>signver</strong></span>, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A</span></dt><dd><p>Displays all of the information in the PKCS#7 signature.</p></dd><dt><span class="term">-V</span></dt><dd><p>Verifies the digital signature.</p></dd><dt><span class="term">-d [sql:]<span class="emphasis"><em>directory</em></span></span></dt><dd><p>Specify the database directory which contains the certificates and keys.</p><p><span class="command"><strong>signver</strong></span> supports two types of database
 s: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-a</span></dt><dd><p>Sets that the given signature file is in ASCII format.</p></dd><dt><span class="term">-i <span class="emphasis"><em>input_file</em></span></span></dt><dd><p>Gives the input file for the object with signed data.</p></dd><dt><span class="term">-o <span class="emphasis"><em>output_file</em></span></span></dt><dd><p>Gives the output file to which to write the results.</p></dd><dt><span class="term">-s <span class="emphasis"><em>signature_file</em></span></span></dt><dd><p>Gives the inpu
 t file for the digital signature.</p></dd><dt><span class="term">-v</span></dt><dd><p>Enables verbose output.</p></dd></dl></div></div><div class="refsection"><a name="examples"></a><h2>Extended Examples</h2><div class="refsection"><a name="idm224681951616"></a><h3>Verifying a Signature</h3><p>The <code class="option">-V</code> option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).</p><pre class="programlisting">signver -V -s <em class="replaceable"><code>signature_file</code></em> -i <em class="replaceable"><code>signed_file</code></em> -d sql:/home/my/sharednssdb
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SIGNVER</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SIGNVER"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SIGNVER</th></tr></table><hr></div><div class="refentry"><a name="signver"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signver — Verify a detached PKCS#7 signature for a file.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code>    -A  |   -V    -d <em class="replaceable"><code>directory</code></em>  [-a] [-i <em class="replaceable"><code>input_file</code></em>] [-o <em class="replaceable"><code>output_file</code></em>] [-s <em class="replaceable"><code>signature_file</code></em>] [
 -v]</p></div></div><div class="refsection"><a name="idm233257229808"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signature Verification Tool, <span class="command"><strong>signver</strong></span>, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A</span></dt><dd><p>Displays all of the information in the PKCS#7 signature.</p></dd><dt><span class="term">-V</span></dt><dd><p>Verifies the digital signature.</p></dd><dt><span class="term">-d [sql:]<span class="emphasis"><em>directory</em></span></span></dt><dd><p>Specify the database directory which contains the certificates and keys.</p><p><span class="command"><strong>signver</strong></span> supports two types of database
 s: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-a</span></dt><dd><p>Sets that the given signature file is in ASCII format.</p></dd><dt><span class="term">-i <span class="emphasis"><em>input_file</em></span></span></dt><dd><p>Gives the input file for the object with signed data.</p></dd><dt><span class="term">-o <span class="emphasis"><em>output_file</em></span></span></dt><dd><p>Gives the output file to which to write the results.</p></dd><dt><span class="term">-s <span class="emphasis"><em>signature_file</em></span></span></dt><dd><p>Gives the inpu
 t file for the digital signature.</p></dd><dt><span class="term">-v</span></dt><dd><p>Enables verbose output.</p></dd></dl></div></div><div class="refsection"><a name="examples"></a><h2>Extended Examples</h2><div class="refsection"><a name="idm233261091008"></a><h3>Verifying a Signature</h3><p>The <code class="option">-V</code> option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).</p><pre class="programlisting">signver -V -s <em class="replaceable"><code>signature_file</code></em> -i <em class="replaceable"><code>signed_file</code></em> -d sql:/home/my/sharednssdb
 
-signatureValid=yes</pre></div><div class="refsection"><a name="idm224679496656"></a><h3>Printing Signature Data</h3><p>
+signatureValid=yes</pre></div><div class="refsection"><a name="idm233261087840"></a><h3>Printing Signature Data</h3><p>
 			The <code class="option">-A</code> option prints all of the information contained in a signature file. Using the <code class="option">-o</code> option prints the signature file information to the given output file rather than stdout.
 		</p><pre class="programlisting">signver -A -s <em class="replaceable"><code>signature_file</code></em> -o <em class="replaceable"><code>output_file</code></em></pre></div></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
 The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
@@ -20,7 +20,7 @@ BerkleyDB. These new databases provide more accessibility and performance:</p><d
 		</p></li><li class="listitem"><p>
 			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
 		</p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. 
-Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># signver -A -s <em class="replaceable"><code>signature</code></em> -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem
 "><p>
+Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># signver -A -s <em class="replaceable"><code>signature</code></em> -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be added to the <code class="filename">~/.bashrc</code> file to make the change permanent for the user.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class=
 "listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB
 		</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>signtool (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Setting up the shared NSS database</p><p>https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
diff --git a/security/nss/doc/html/ssltap.html b/security/nss/doc/html/ssltap.html
index 61b701a..e69b375 100644
--- a/security/nss/doc/html/ssltap.html
+++ b/security/nss/doc/html/ssltap.html
@@ -1,18 +1,9 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SSLTAP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SSLTAP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SSLTAP</th></tr></table><hr></div><div class="refentry"><a name="ssltap"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ssltap — Tap into SSL connections and display the data going by </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">libssltap</code>  [-vhfsxl] [-p port] [hostname:port]</p></div></div><div class="refsection"><a name="idm224680842512"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.
 mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
-    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The SSL Debugging Tool <span class="command"><strong>ssltap</strong></span> is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-v </span></dt><dd><p>Print a version string for the tool.</p></dd><dt><span class="term">-h </span></dt><dd><p>
-Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. 
-        </p></dd><dt><span class="term">-f </span></dt><dd><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SSLTAP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SSLTAP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SSLTAP</th></tr></table><hr></div><div class="refentry"><a name="ssltap"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ssltap — Tap into SSL connections and display the data going by </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ssltap</code>  [-fhlsvx] [-p port] [hostname:port]</p></div></div><div class="refsection"><a name="idm233258230400"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.moz
 illa.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The SSL Debugging Tool <span class="command"><strong>ssltap</strong></span> is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-f </span></dt><dd><p>
 Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. 
-        </p></dd><dt><span class="term">-s </span></dt><dd><p>
-Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures.
-	  </p><p>
-If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate.
-	  </p><p>
-If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output.
-          </p></dd><dt><span class="term">-x  </span></dt><dd><p>
-Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. 
-This option uses the same output format as the -h option.
-            </p></dd><dt><span class="term">-l  prefix</span></dt><dd><p>
+        </p></dd><dt><span class="term">-h </span></dt><dd><p>
+Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. 
+        </p></dd><dt><span class="term">-l  prefix</span></dt><dd><p>
 Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete.
           </p></dd><dt><span class="term">-p  port</span></dt><dd><p>Change the default rendezvous port (1924) to another port.</p><p>The following are well-known port numbers:</p><p>
           * HTTP   80
@@ -30,7 +21,13 @@ Turn on looping; that is, continue to accept connections rather than stopping af
           * NNTP   119
           </p><p>
           * NNTPS  563 (NNTP over SSL) 
-          </p></dd></dl></div></div><div class="refsection"><a name="basic-usage"></a><h2>Usage and Examples</h2><p>
+          </p></dd><dt><span class="term">-s </span></dt><dd><p>
+Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures.
+	  </p><p>
+If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate.
+	  </p><p>
+If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output.
+          </p></dd><dt><span class="term">-v </span></dt><dd><p>Print a version string for the tool.</p></dd><dt><span class="term">-x </span></dt><dd><p>Turn on extra SSL hex dumps.</p></dd></dl></div></div><div class="refsection"><a name="basic-usage"></a><h2>Usage and Examples</h2><p>
 You can use the SSL Debugging Tool to intercept any connection information. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful. For example, assume your development machine is called intercept. The simplest way to use the debugging tool is to execute the following command from a command shell:
       </p><pre class="programlisting">$ ssltap www.netscape.com</pre><p>
 The program waits for an incoming connection on the default port 1924. In your browser window, enter the URL http://intercept:1924. The browser retrieves the requested page from the server at www.netscape.com, but the page is intercepted and passed on to the browser by the debugging tool on intercept. On its way to the browser, the data is printed to the command shell from which you issued the command. Data sent from the client to the server is surrounded by the following symbols: --> [ data ] Data sent from the server to the client is surrounded by the following symbols: 
diff --git a/security/nss/doc/html/vfychain.html b/security/nss/doc/html/vfychain.html
index 49ee65f..a360836 100644
--- a/security/nss/doc/html/vfychain.html
+++ b/security/nss/doc/html/vfychain.html
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYCHAIN</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYCHAIN"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYCHAIN</th></tr></table><hr></div><div class="refentry"><a name="vfychain"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfychain  — vfychain [options] [revocation options] certfile [[options] certfile] ...</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfychain</code> </p></div></div><div class="refsection"><a name="idm224658292400"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.
 org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYCHAIN</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYCHAIN"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYCHAIN</th></tr></table><hr></div><div class="refentry"><a name="vfychain"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfychain  — vfychain [options] [revocation options] certfile [[options] certfile] ...</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfychain</code> </p></div></div><div class="refsection"><a name="idm233261246224"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.
 org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The verification Tool, <span class="command"><strong>vfychain</strong></span>, verifies certificate chains. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-a</code></span></dt><dd>the following certfile is base64 encoded</dd><dt><span class="term"><c
 ode class="option">-b </code> <em class="replaceable"><code>YYMMDDHHMMZ</code></em></span></dt><dd>Validate date (default: now)</dd><dt><span class="term"><code class="option">-d </code> <em class="replaceable"><code>directory</code></em></span></dt><dd>database directory</dd><dt><span class="term"><code class="option">-f </code> </span></dt><dd>Enable cert fetching from AIA URL</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>oid</code></em></span></dt><dd>Set policy OID for cert validation(Format OID.1.2.3)</dd><dt><span class="term"><code class="option">-p </code></span></dt><dd><p class="simpara">Use PKIX Library to validate certificate by calling:</p><p class="simpara">	   * CERT_VerifyCertificate if specified once,</p><p class="simpara">	   * CERT_PKIXVerifyCert if specified twice and more.</p></dd><dt><span class="term"><code class="option">-r </code></span></dt><dd>Following certfile is raw binary DER (default)</dd><dt><span class="ter
 m"><code class="option">-t</code></span></dt><dd>Following cert is explicitly trusted (overrides db trust)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>usage</code></em></span></dt><dd><p>
 	 	 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,
 	     4=Email signer, 5=Email recipient, 6=Object signer,
diff --git a/security/nss/doc/html/vfyserv.html b/security/nss/doc/html/vfyserv.html
index 58e227a..dec6dcb 100644
--- a/security/nss/doc/html/vfyserv.html
+++ b/security/nss/doc/html/vfyserv.html
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYSERV</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYSERV"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYSERV</th></tr></table><hr></div><div class="refentry"><a name="vfyserv"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfyserv  — TBD</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfyserv</code> </p></div></div><div class="refsection"><a name="idm224662974480"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYSERV</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYSERV"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYSERV</th></tr></table><hr></div><div class="refentry"><a name="vfyserv"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfyserv  — TBD</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfyserv</code> </p></div></div><div class="refsection"><a name="idm233266435200"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The <span class="command"><strong>vfyserv </strong></span> tool verifies a certificate chain</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option"></code> <em class="replaceable"><code></code></em></span></dt><dd><p class="simpara"></p><p class="simpara"></p></dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class=
 "refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
 	Authors: Elio Maldonado <emaldona at redhat.com>, Deon Lackey <dlackey at redhat.com>.
     </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/security/nss/doc/modutil.xml b/security/nss/doc/modutil.xml
index 24b24e6..142aa69 100644
--- a/security/nss/doc/modutil.xml
+++ b/security/nss/doc/modutil.xml
@@ -86,7 +86,7 @@
 
       <varlistentry>
         <term>-disable modulename</term>
-	  <listitem><para>Disable all slots on the named module. Use the <option>-slot</option> argument to disable a specific slot.</para></listitem>
+	  <listitem><para>Disable all slots on the named module. Use the <option>-slot</option> argument to disable a specific slot.</para><para>The internal NSS PKCS #11 module cannot be disabled.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -625,7 +625,8 @@ DISABLE:               0x40000000</programlisting>
 	<para><command>Executable</command> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</para>
 	<para><command>FilePermissions</command> sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</para>
 
-<programlisting>user read:                0400
+<programlisting>
+user read:                0400
 user write:               0200
 user execute:             0100
 group read:               0040
@@ -633,7 +634,8 @@ group write:              0020
 group execute:            0010
 other read:               0004
 other write:              0002
-other execute:       0001</programlisting>
+other execute:            0001
+</programlisting>
 
 <para>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</para>
   </refsection>
@@ -693,7 +695,7 @@ Using the SQLite databases must be manually specified by using the <command>sql:
 <para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para>
 <programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting>
 
-<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para>
+<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para>
 
 <para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para>
 <itemizedlist>
diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1
index 00746cd..1d7f247 100644
--- a/security/nss/doc/nroff/certutil.1
+++ b/security/nss/doc/nroff/certutil.1
@@ -2,12 +2,12 @@
 .\"     Title: CERTUTIL
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "CERTUTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "CERTUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -229,7 +229,8 @@ NSS recognizes the following prefixes:
 .sp -1
 .IP \(bu 2.3
 .\}
-\fBsql: requests the newer database\fR
+\fBsql:\fR
+requests the newer database
 .RE
 .sp
 .RS 4
@@ -240,10 +241,13 @@ NSS recognizes the following prefixes:
 .sp -1
 .IP \(bu 2.3
 .\}
-\fBdbm: requests the legacy database\fR
+\fBdbm:\fR
+requests the legacy database
 .RE
 .sp
-If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default\&.
+If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then
+\fBdbm:\fR
+is the default\&.
 .RE
 .PP
 \-e
@@ -263,7 +267,7 @@ Specify a file that will automatically supply the password to include in a certi
 .PP
 \-g keysize
 .RS 4
-Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 8192 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&.
+Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&.
 .RE
 .PP
 \-h tokenname
@@ -414,7 +418,7 @@ for each trust setting\&. In each category position, use none, any, or all of th
 .sp
 The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks\&. For example:
 .sp
-\fB\-t "TCu,Cu,Tuw"\fR
+\fB\-t "TCu,Cu,Tu"\fR
 .sp
 Use the \-L option to see a list of the current certificates and trust attributes in a certificate database\&.
 .RE
@@ -543,7 +547,7 @@ Set a site security officer password on a token\&.
 .PP
 \-1 | \-\-keyUsage keyword,keyword
 .RS 4
-Set a Netscape Certificate Type Extension in the certificate\&. There are several available keywords:
+Set an X\&.509 V3 Certificate Type Extension in the certificate\&. There are several available keywords:
 .sp
 .RS 4
 .ie n \{\
@@ -553,7 +557,7 @@ Set a Netscape Certificate Type Extension in the certificate\&. There are severa
 .sp -1
 .IP \(bu 2.3
 .\}
-digital signature
+digitalSignature
 .RE
 .sp
 .RS 4
@@ -661,7 +665,7 @@ X\&.509 certificate extensions are described in RFC 5280\&.
 .PP
 \-5 | \-\-nsCertType keyword,keyword
 .RS 4
-Add a Netscape certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords:
+Add an X\&.509 V3 certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords:
 .sp
 .RS 4
 .ie n \{\
diff --git a/security/nss/doc/nroff/cmsutil.1 b/security/nss/doc/nroff/cmsutil.1
index 2093d67..9c0bb48 100644
--- a/security/nss/doc/nroff/cmsutil.1
+++ b/security/nss/doc/nroff/cmsutil.1
@@ -2,12 +2,12 @@
 .\"     Title: CMSUTIL
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 19 July 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "CMSUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools"
+.TH "CMSUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,14 +50,14 @@ To run cmsutil, type the command cmsutil option [arguments] where option and arg
 .PP
 Options specify an action\&. Option arguments modify an action\&. The options and arguments for the cmsutil command are defined as follows:
 .PP
-\-D
+\-C
 .RS 4
-Decode a message\&.
+Encrypt a message\&.
 .RE
 .PP
-\-C
+\-D
 .RS 4
-Encrypt a message\&.
+Decode a message\&.
 .RE
 .PP
 \-E
@@ -247,11 +247,6 @@ cmsutil \-S [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-N nickname[\
 .SH "SEE ALSO"
 .PP
 certutil(1)
-.SH "SEE ALSO"
-.PP
-.PP
-.PP
-.PP
 .SH "ADDITIONAL RESOURCES"
 .PP
 For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
diff --git a/security/nss/doc/nroff/crlutil.1 b/security/nss/doc/nroff/crlutil.1
index 3e2c3ee..866bded 100644
--- a/security/nss/doc/nroff/crlutil.1
+++ b/security/nss/doc/nroff/crlutil.1
@@ -2,12 +2,12 @@
 .\"     Title: CRLUTIL
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 19 July 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "CRLUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools"
+.TH "CRLUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -57,34 +57,29 @@ where options and arguments are combinations of the options and arguments listed
 .PP
 Options specify an action\&. Option arguments modify an action\&. The options and arguments for the crlutil command are defined as follows:
 .PP
-\-G
-.RS 4
-Create new Certificate Revocation List(CRL)\&.
-.RE
-.PP
 \-D
 .RS 4
 Delete Certificate Revocation List from cert database\&.
 .RE
 .PP
-\-I
+\-E
 .RS 4
-Import a CRL to the cert database
+Erase all CRLs of specified type from the cert database
 .RE
 .PP
-\-E
+\-G
 .RS 4
-Erase all CRLs of specified type from the cert database
+Create new Certificate Revocation List (CRL)\&.
 .RE
 .PP
-\-L
+\-I
 .RS 4
-List existing CRL located in cert database file\&.
+Import a CRL to the cert database
 .RE
 .PP
-\-S
+\-L
 .RS 4
-Show contents of a CRL file which isn\*(Aqt stored in the database\&.
+List existing CRL located in cert database file\&.
 .RE
 .PP
 \-M
@@ -92,27 +87,23 @@ Show contents of a CRL file which isn\*(Aqt stored in the database\&.
 Modify existing CRL which can be located in cert db or in arbitrary file\&. If located in file it should be encoded in ASN\&.1 encode format\&.
 .RE
 .PP
-\-G
+\-S
 .RS 4
+Show contents of a CRL file which isn\*(Aqt stored in the database\&.
 .RE
 .PP
 \fBArguments\fR
 .PP
-Option arguments modify an action and are lowercase\&.
-.PP
-\-B
-.RS 4
-Bypass CA signature checks\&.
-.RE
+Option arguments modify an action\&.
 .PP
-\-P dbprefix
+\-a
 .RS 4
-Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
+Use ASCII format or allow the use of ASCII format for input and output\&. This formatting follows RFC #1113\&.
 .RE
 .PP
-\-a
+\-B
 .RS 4
-Use ASCII format or allow the use of ASCII format for input and output\&. This formatting follows RFC #1113\&.
+Bypass CA signature checks\&.
 .RE
 .PP
 \-c crl\-gen\-file
@@ -127,14 +118,14 @@ Specify the database directory containing the certificate and key database files
 The NSS database files must reside in the same directory\&.
 .RE
 .PP
-\-i crl\-file
+\-f password\-file
 .RS 4
-Specify the file which contains the CRL to import or show\&.
+Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&.
 .RE
 .PP
-\-f password\-file
+\-i crl\-file
 .RS 4
-Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&.
+Specify the file which contains the CRL to import or show\&.
 .RE
 .PP
 \-l algorithm\-name
@@ -152,6 +143,11 @@ Specify the nickname of a certificate or key to list, create, add to a database,
 Specify the output file name for new CRL\&. Bracket the output\-file string with quotation marks if it contains spaces\&. If this argument is not used the output destination defaults to standard output\&.
 .RE
 .PP
+\-P dbprefix
+.RS 4
+Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
+.RE
+.PP
 \-t crl\-type
 .RS 4
 Specify type of CRL\&. possible types are: 0 \- SEC_KRL_TYPE, 1 \- SEC_CRL_TYPE\&. This option is obsolete
@@ -369,11 +365,6 @@ crlutil \-G|\-M \-c crl\-gen\-file \-n nickname [\-i crl] [\-u url] [\-d keydir]
 .SH "SEE ALSO"
 .PP
 certutil(1)
-.SH "SEE ALSO"
-.PP
-.PP
-.PP
-.PP
 .SH "ADDITIONAL RESOURCES"
 .PP
 For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
diff --git a/security/nss/doc/nroff/modutil.1 b/security/nss/doc/nroff/modutil.1
index 09cd45d..1ce9ab2 100644
--- a/security/nss/doc/nroff/modutil.1
+++ b/security/nss/doc/nroff/modutil.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: MODUTIL
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets v1.77.1 <http://docbook.sf.net/>
-.\"      Date: 15 February 2013
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "MODUTIL" "1" "15 February 2013" "nss-tools" "NSS Security Tools"
+.TH "MODUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -109,6 +109,8 @@ Delete the named module\&. The default NSS PKCS #11 module cannot be deleted\&.
 Disable all slots on the named module\&. Use the
 \fB\-slot\fR
 argument to disable a specific slot\&.
+.sp
+The internal NSS PKCS #11 module cannot be disabled\&.
 .RE
 .PP
 \-enable modulename
@@ -1248,7 +1250,7 @@ group write:              0020
 group execute:            0010
 other read:               0004
 other write:              0002
-other execute:       0001
+other execute:            0001
 .fi
 .if n \{\
 .RE
@@ -1366,9 +1368,9 @@ export NSS_DEFAULT_DB_TYPE="sql"
 .RE
 .\}
 .PP
-This line can be set added to the
+This line can be added to the
 ~/\&.bashrc
-file to make the change permanent\&.
+file to make the change permanent for the user\&.
 .PP
 Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:
 .sp
@@ -1436,12 +1438,12 @@ Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
 IRC: Freenode at #dogtag\-pki
 .SH "AUTHORS"
 .PP
-The NSS tools were written and maintained by developers with Netscape, Red Hat, and Sun\&.
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
 .PP
 Authors: Elio Maldonado <emaldona at redhat\&.com>, Deon Lackey <dlackey at redhat\&.com>\&.
 .SH "LICENSE"
 .PP
-Licensed under the Mozilla Public License, version 1\&.1, and/or the GNU General Public License, version 2 or later, and/or the GNU Lesser General Public License, version 2\&.1 or later\&.
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
 .SH "NOTES"
 .IP " 1." 4
 Mozilla NSS bug 836477
diff --git a/security/nss/doc/nroff/pk12util.1 b/security/nss/doc/nroff/pk12util.1
index 55ae2e6..c4fa972 100644
--- a/security/nss/doc/nroff/pk12util.1
+++ b/security/nss/doc/nroff/pk12util.1
@@ -2,12 +2,12 @@
 .\"     Title: PK12UTIL
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "PK12UTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pk12util \- Export and import keys and certificate to or from a PKCS #12 file and the NSS database
 .SH "SYNOPSIS"
 .HP \w'\fBpk12util\fR\ 'u
-\fBpk12util\fR [\-i\ p12File\ [\-h\ tokenname]\ [\-v]\ [common\-options]] [\-l\ p12File\ [\-h\ tokenname]\ [\-r]\ [common\-options]] [\-o\ p12File\ \-n\ certname\ [\-c\ keyCipher]\ [\-C\ certCipher]\ [\-m|\-\-key_len\ keyLen]\ [\-n|\-\-cert_key_len\ certKeyLen]\ [common\-options]] [common\-options\ are:\ [\-d\ [sql:]directory]\ [\-P\ dbprefix]\ [\-k\ slotPasswordFile|\-K\ slotPassword]\ [\-w\ p12filePasswordFile|\-W\ p12filePassword]]
+\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-d\ [sql:]directory] [\-h\ tokenname] [\-P\ dbprefix] [\-r] [\-v] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword]
 .SH "STATUS"
 .PP
 This documentation is still work in progress\&. Please contribute to the initial review in
@@ -61,9 +61,14 @@ Export keys and certificates from the security database to a PKCS#12 file\&.
 .PP
 \fBArguments\fR
 .PP
-\-n certname
+\-c keyCipher
 .RS 4
-Specify the nickname of the cert and private key to export\&.
+Specify the key encryption algorithm\&.
+.RE
+.PP
+\-C certCipher
+.RS 4
+Specify the key cert (overall package) encryption algorithm\&.
 .RE
 .PP
 \-d [sql:]directory
@@ -80,21 +85,11 @@ pkcs11\&.txt)\&. If the prefix
 is not used, then the tool assumes that the given databases are in the old format\&.
 .RE
 .PP
-\-P prefix
-.RS 4
-Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
-.RE
-.PP
 \-h tokenname
 .RS 4
 Specify the name of the token to import into or export from\&.
 .RE
 .PP
-\-v
-.RS 4
-Enable debug logging when importing\&.
-.RE
-.PP
 \-k slotPasswordFile
 .RS 4
 Specify the text file containing the slot\*(Aqs password\&.
@@ -105,39 +100,44 @@ Specify the text file containing the slot\*(Aqs password\&.
 Specify the slot\*(Aqs password\&.
 .RE
 .PP
-\-w p12filePasswordFile
+\-m | \-\-key\-len keyLength
 .RS 4
-Specify the text file containing the pkcs #12 file password\&.
+Specify the desired length of the symmetric key to be used to encrypt the private key\&.
 .RE
 .PP
-\-W p12filePassword
+\-n | \-\-cert\-key\-len certKeyLength
 .RS 4
-Specify the pkcs #12 file password\&.
+Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&.
 .RE
 .PP
-\-c keyCipher
+\-n certname
 .RS 4
-Specify the key encryption algorithm\&.
+Specify the nickname of the cert and private key to export\&.
 .RE
 .PP
-\-C certCipher
+\-P prefix
 .RS 4
-Specify the key cert (overall package) encryption algorithm\&.
+Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
 .RE
 .PP
-\-m | \-\-key\-len keyLength
+\-r
 .RS 4
-Specify the desired length of the symmetric key to be used to encrypt the private key\&.
+Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&.
 .RE
 .PP
-\-n | \-\-cert\-key\-len certKeyLength
+\-v
 .RS 4
-Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&.
+Enable debug logging when importing\&.
 .RE
 .PP
-\-r
+\-w p12filePasswordFile
 .RS 4
-Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&.
+Specify the text file containing the pkcs #12 file password\&.
+.RE
+.PP
+\-W p12filePassword
+.RS 4
+Specify the pkcs #12 file password\&.
 .RE
 .SH "RETURN CODES"
 .sp
@@ -437,18 +437,12 @@ for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and som
 for a directory or
 \fB\-h\fR
 for a token)\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
+.PP
 pk12util \-i p12File [\-h tokenname] [\-v] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
-.fi
-.if n \{\
-.RE
-.\}
 .PP
 For example:
+.PP
+
 .sp
 .if n \{\
 .RS 4
@@ -474,16 +468,8 @@ pk12util: PKCS12 IMPORT SUCCESSFUL
 Using the
 \fBpk12util\fR
 command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
+.PP
 pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
-.fi
-.if n \{\
-.RE
-.\}
 .PP
 For example:
 .sp
@@ -506,16 +492,8 @@ The information in a
 file are not human\-readable\&. The certificates and keys in the file can be printed (listed) in a human\-readable pretty\-print format that shows information for every certificate and any public keys in the
 \&.p12
 file\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
+.PP
 pk12util \-l p12File [\-h tokenname] [\-r] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
-.fi
-.if n \{\
-.RE
-.\}
 .PP
 For example, this prints the default ASCII output:
 .sp
@@ -542,7 +520,7 @@ Certificate:
         Issuer: "E=personal\-freemail at thawte\&.com,CN=Thawte Personal Freemail C
             A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
             own,ST=Western Cape,C=ZA"
-\&.\&.\&.\&.
+    
 .fi
 .if n \{\
 .RE
@@ -561,7 +539,7 @@ file000N\&.der, incrementing the number for every certificate:
 .RS 4
 .\}
 .nf
-# pk12util \-l test\&.p12 \-r
+pk12util \-l test\&.p12 \-r
 Enter password for PKCS12 file: 
 Key(shrouded):
     Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
@@ -574,6 +552,7 @@ Key(shrouded):
 Certificate    Friendly Name: Thawte Personal Freemail Issuing CA \- Thawte Consulting
 
 Certificate    Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
+    
 .fi
 .if n \{\
 .RE
@@ -592,7 +571,17 @@ Several types of ciphers are supported\&.
 .PP
 Symmetric CBC ciphers for PKCS#5 V2
 .RS 4
-DES_CBC
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+DES\-CBC
+.RE
 .sp
 .RS 4
 .ie n \{\
@@ -696,7 +685,17 @@ CAMELLIA\-256\-CBC
 .PP
 PKCS#12 PBE ciphers
 .RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
 PKCS #12 PBE with Sha1 and 128 Bit RC4
+.RE
 .sp
 .RS 4
 .ie n \{\
@@ -811,7 +810,17 @@ PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC
 .PP
 PKCS#5 PBE ciphers
 .RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
 PKCS #5 Password Based Encryption with MD2 and DES CBC
+.RE
 .sp
 .RS 4
 .ie n \{\
diff --git a/security/nss/doc/nroff/pp.1 b/security/nss/doc/nroff/pp.1
index 6a8eb63..2c9aa5a6 100644
--- a/security/nss/doc/nroff/pp.1
+++ b/security/nss/doc/nroff/pp.1
@@ -2,12 +2,12 @@
 .\"     Title: PP
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "PP" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "PP" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/security/nss/doc/nroff/signtool.1 b/security/nss/doc/nroff/signtool.1
index e78f77b..3a91ce6 100644
--- a/security/nss/doc/nroff/signtool.1
+++ b/security/nss/doc/nroff/signtool.1
@@ -2,12 +2,12 @@
 .\"     Title: signtool
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "SIGNTOOL" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "SIGNTOOL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 signtool \- Digitally sign objects and files\&.
 .SH "SYNOPSIS"
 .HP \w'\fBsigntool\fR\ 'u
-\fBsigntool\fR [\-k\ keyName] [[\-h]] [[\-H]] [[\-l]] [[\-L]] [[\-M]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-\-keysize\ |\ \-s\ size]] [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-i\ installer\ script]] [[\-m\ metafile]] [[\-x\ name]] [[\-f\ filename]] [[\-t|\-\-token\ tokenname]] [[\-e\ extension]] [[\-o]] [[\-z]] [[\-X]] [[\-\-outfile]] [[\-\-verbose\ value]] [[\-\-norecurse]] [[\-\-leavearc]] [[\-j\ directory]] [[\-Z\ jarfile]] [[\-O]] [[\-p\ password]] [directory\-tree] [archive]
+\fBsigntool\fR [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-e\ extension]] [[\-f\ filename]] [[\-i\ installer\ script]] [[\-h]] [[\-H]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-J]] [[\-j\ directory]] [\-k\ keyName] [[\-\-keysize\ |\ \-s\ size]] [[\-l]] [[\-L]] [[\-M]] [[\-m\ metafile]] [[\-\-norecurse]] [[\-O]] [[\-o]] [[\-\-outfile]] [[\-p\ password]] [[\-t|\-\-token\ tokenname]] [[\-z]] [[\-X]] [[\-x\ name]] [[\-\-verbose\ value]] [[\-\-leavearc]] [[\-Z\ jarfile]] [directory\-tree] [archive]
 .SH "STATUS"
 .PP
 This documentation is still work in progress\&. Please contribute to the initial review in
@@ -91,11 +91,21 @@ Tells signtool to sign only files with the given extension; for example, use \-e
 Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format\&. All options and arguments can be expressed through this file\&. For more information about the syntax used with this file, see "Tips and Techniques"\&.
 .RE
 .PP
+\-G nickname
+.RS 4
+Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognize
 d certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&.
+.RE
+.PP
 \-i scriptname
 .RS 4
 Specifies the name of an installer script for SmartUpdate\&. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature\&. For more details, see the description of \-m that follows\&. The \-i option provides a straightforward way to provide this information if you don\*(Aqt need to specify any metadata other than an installer script\&.
 .RE
 .PP
+\-J
+.RS 4
+Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&.
+.RE
+.PP
 \-j directory
 .RS 4
 Specifies a special JavaScript directory\&. This option causes the specified directory to be signed and tags its entries as inline JavaScript\&. This special type of entry does not have to appear in the JAR file itself\&. Instead, it is located in the HTML page containing the inline scripts\&. When you use signtool \-v, these entries are displayed with the string NOT PRESENT\&.
@@ -106,21 +116,11 @@ Specifies a special JavaScript directory\&. This option causes the specified dir
 Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory\&. The directory to sign is always specified as the last command\-line argument\&. Thus, it is possible to write signtool \-k MyCert \-d \&. signdir You may have trouble if the nickname contains a single quotation mark\&. To avoid problems, escape the quotation mark using the escape conventions for your platform\&. It\*(Aqs also possible to use the \-k option without signing any files or specifying a directory\&. For example, you can use it with the \-l option to get detailed information about a particular signing certificate\&.
 .RE
 .PP
-\-G nickname
-.RS 4
-Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognize
 d certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&. For more information about the use of the \-G option, see "Generating Test Object\-Signing Certificates""Generating Test Object\-Signing Certificates" on page 1241\&.
-.RE
-.PP
 \-l
 .RS 4
 Lists signing certificates, including issuing CAs\&. If any of your certificates are expired or invalid, the list will so specify\&. This option can be used with the \-k option to list detailed information about a particular signing certificate\&. The \-l option is available in Netscape Signing Tool 1\&.0 and later versions only\&.
 .RE
 .PP
-\-J
-.RS 4
-Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&.
-.RE
-.PP
 \-L
 .RS 4
 Lists the certificates in your database\&. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool\&.
diff --git a/security/nss/doc/nroff/signver.1 b/security/nss/doc/nroff/signver.1
index c327c8a..ad92c11 100644
--- a/security/nss/doc/nroff/signver.1
+++ b/security/nss/doc/nroff/signver.1
@@ -2,12 +2,12 @@
 .\"     Title: SIGNVER
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "SIGNVER" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "SIGNVER" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -236,9 +236,9 @@ export NSS_DEFAULT_DB_TYPE="sql"
 .RE
 .\}
 .PP
-This line can be set added to the
+This line can be added to the
 ~/\&.bashrc
-file to make the change permanent\&.
+file to make the change permanent for the user\&.
 .PP
 Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:
 .sp
diff --git a/security/nss/doc/nroff/ssltap.1 b/security/nss/doc/nroff/ssltap.1
index 950f20b..69129ec 100644
--- a/security/nss/doc/nroff/ssltap.1
+++ b/security/nss/doc/nroff/ssltap.1
@@ -2,12 +2,12 @@
 .\"     Title: SSLTAP
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "SSLTAP" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "SSLTAP" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -30,8 +30,8 @@
 .SH "NAME"
 ssltap \- Tap into SSL connections and display the data going by
 .SH "SYNOPSIS"
-.HP \w'\fBlibssltap\fR\ 'u
-\fBlibssltap\fR [\-vhfsxl] [\-p\ port] [hostname:port]
+.HP \w'\fBssltap\fR\ 'u
+\fBssltap\fR [\-fhlsvx] [\-p\ port] [hostname:port]
 .SH "STATUS"
 .PP
 This documentation is still work in progress\&. Please contribute to the initial review in
@@ -43,33 +43,14 @@ The SSL Debugging Tool
 is an SSL\-aware command\-line proxy\&. It watches TCP connections and displays the data going by\&. If a connection is SSL, the data display includes interpreted SSL records and handshaking
 .SH "OPTIONS"
 .PP
-\-v
-.RS 4
-Print a version string for the tool\&.
-.RE
-.PP
-\-h
-.RS 4
-Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&.
-.RE
-.PP
 \-f
 .RS 4
 Turn on fancy printing\&. Output is printed in colored HTML\&. Data sent from the client to the server is in blue; the server\*(Aqs reply is in red\&. When used with looping mode, the different connections are separated with horizontal lines\&. You can use this option to upload the output into a browser\&.
 .RE
 .PP
-\-s
-.RS 4
-Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&.
-.sp
-If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&.
-.sp
-If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&.
-.RE
-.PP
-\-x
+\-h
 .RS 4
-Turn on hex/ASCII printing of undecoded data inside parsed SSL records\&. Used only with the \-s option\&. This option uses the same output format as the \-h option\&.
+Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&.
 .RE
 .PP
 \-l prefix
@@ -99,6 +80,25 @@ The following are well\-known port numbers:
 .sp
 * NNTPS 563 (NNTP over SSL)
 .RE
+.PP
+\-s
+.RS 4
+Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&.
+.sp
+If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&.
+.sp
+If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&.
+.RE
+.PP
+\-v
+.RS 4
+Print a version string for the tool\&.
+.RE
+.PP
+\-x
+.RS 4
+Turn on extra SSL hex dumps\&.
+.RE
 .SH "USAGE AND EXAMPLES"
 .PP
 You can use the SSL Debugging Tool to intercept any connection information\&. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful\&. For example, assume your development machine is called intercept\&. The simplest way to use the debugging tool is to execute the following command from a command shell:
diff --git a/security/nss/doc/nroff/vfychain.1 b/security/nss/doc/nroff/vfychain.1
index 487b7f9..d5e37e4 100644
--- a/security/nss/doc/nroff/vfychain.1
+++ b/security/nss/doc/nroff/vfychain.1
@@ -2,12 +2,12 @@
 .\"     Title: VFYCHAIN
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "VFYCHAIN" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/security/nss/doc/nroff/vfyserv.1 b/security/nss/doc/nroff/vfyserv.1
index f991ce2..ffe5f36 100644
--- a/security/nss/doc/nroff/vfyserv.1
+++ b/security/nss/doc/nroff/vfyserv.1
@@ -2,12 +2,12 @@
 .\"     Title: VFYSERV
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 12 November 2013
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "VFYSERV" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "VFYSERV" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/security/nss/doc/pk12util.xml b/security/nss/doc/pk12util.xml
index 590aec8..03ee356 100644
--- a/security/nss/doc/pk12util.xml
+++ b/security/nss/doc/pk12util.xml
@@ -27,16 +27,14 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>pk12util</command>
-      <arg>-i p12File [-h tokenname] [-v] [common-options] </arg>
-      <arg>
-        -l p12File [-h tokenname] [-r] [common-options] </arg>
-      <arg>
-        -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] </arg>
-       <arg>
-
-common-options are:
-[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] 
-      </arg>
+      <arg>-i p12File|-l p12File|-o p12File</arg>
+      <arg>-d [sql:]directory</arg>
+      <arg>-h tokenname</arg>
+      <arg>-P dbprefix</arg>
+      <arg>-r</arg>
+      <arg>-v</arg>
+      <arg>-k slotPasswordFile|-K slotPassword</arg>
+      <arg>-w p12filePasswordFile|-W p12filePassword</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -73,22 +71,20 @@ common-options are:
 
     <para><command>Arguments</command></para>
     <variablelist>
-    
       <varlistentry>
-        <term>-n certname</term>
-        <listitem><para>Specify the nickname of the cert and private key to export.</para></listitem>
+        <term>-c keyCipher</term>
+        <listitem><para>Specify the key encryption algorithm.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-d [sql:]directory</term>
-        <listitem><para>Specify the database directory into which to import to or export from certificates and keys.</para>
-	<para><command>pk12util</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>sql:</command> is not used, then the tool assumes that the given databases are in the old format.</para></listitem>
+        <term>-C certCipher</term>
+        <listitem><para>Specify the key cert (overall package) encryption algorithm.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-P prefix</term>
-        <listitem><para>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
-          Changing the names of the certificate and key databases is not recommended.</para></listitem>
+        <term>-d [sql:]directory</term>
+        <listitem><para>Specify the database directory into which to import to or export from certificates and keys.</para>
+	<para><command>pk12util</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>sql:</command> is not used, then the tool assumes that the given databases are in the old format.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -97,11 +93,6 @@ common-options are:
       </varlistentry>
 
       <varlistentry>
-        <term>-v </term>
-        <listitem><para>Enable debug logging when importing.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
         <term>-k slotPasswordFile</term>
         <listitem><para>Specify the text file containing the slot's password.</para></listitem>
       </varlistentry>
@@ -112,39 +103,46 @@ common-options are:
       </varlistentry>
 
       <varlistentry>
-        <term>-w p12filePasswordFile</term>
-        <listitem><para>Specify the text file containing the pkcs #12 file password.</para></listitem>
+        <term>-m | --key-len  keyLength</term>
+        <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the private key.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-W p12filePassword</term>
-        <listitem><para>Specify the pkcs #12 file password.</para></listitem>
+        <term>-n | --cert-key-len  certKeyLength</term>
+        <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-c keyCipher</term>
-        <listitem><para>Specify the key encryption algorithm.</para></listitem>
+        <term>-n certname</term>
+        <listitem><para>Specify the nickname of the cert and private key to export.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-C certCipher</term>
-        <listitem><para>Specify the key cert (overall package) encryption algorithm.</para></listitem>
+        <term>-P prefix</term>
+        <listitem><para>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+          Changing the names of the certificate and key databases is not recommended.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-m | --key-len  keyLength</term>
-        <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the private key.</para></listitem>
+        <term>-r</term>
+        <listitem><para>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-n | --cert-key-len  certKeyLength</term>
-        <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</para></listitem>
+        <term>-v </term>
+        <listitem><para>Enable debug logging when importing.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>-r</term>
-        <listitem><para>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</para></listitem>
+        <term>-w p12filePasswordFile</term>
+        <listitem><para>Specify the text file containing the pkcs #12 file password.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-W p12filePassword</term>
+        <listitem><para>Specify the pkcs #12 file password.</para></listitem>
       </varlistentry>
+
     </variablelist>
   </refsection>
 
@@ -237,9 +235,12 @@ common-options are:
     <para><command>Importing Keys and Certificates</command></para>
     <para>The most basic usage of <command>pk12util</command> for importing a certificate or key is the PKCS#12 input file (<option>-i</option>) and some way to specify the security database being accessed (either <option>-d</option> for a directory or <option>-h</option> for a token).
     </para>
-<programlisting>pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</programlisting>
+    <para>
+    pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
+    </para>
     <para>For example:</para>
-<programlisting># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
+    <para> </para>
+    <programlisting># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
 
 Enter a password which will be used to encrypt your keys.
 The password should be at least 8 characters long,
@@ -253,18 +254,18 @@ pk12util: PKCS12 IMPORT SUCCESSFUL</programlisting>
     <para><command>Exporting Keys and Certificates</command></para>
     <para>Using the <command>pk12util</command> command to export certificates and keys requires both the name of the certificate to extract from the database (<option>-n</option>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
     </para>
-<programlisting>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</programlisting>
+    <para>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para>
     <para>For example:</para>
-<programlisting># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
+    <programlisting># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
 Enter password for PKCS12 file: 
 Re-enter password: </programlisting>
 
     <para><command>Listing Keys and Certificates</command></para>
     <para>The information in a <filename>.p12</filename> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <filename>.p12</filename> file.
     </para>
-<programlisting>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</programlisting>
+    <para>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para>
     <para>For example, this prints the default ASCII output:</para>
-<programlisting># pk12util -l certs.p12
+    <programlisting># pk12util -l certs.p12
 
 Enter password for PKCS12 file: 
 Key(shrouded):
@@ -283,9 +284,9 @@ Certificate:
         Issuer: "E=personal-freemail at thawte.com,CN=Thawte Personal Freemail C
             A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
             own,ST=Western Cape,C=ZA"
-....</programlisting>
+    </programlisting>
     <para>Alternatively, the <option>-r</option> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <filename>.p12</filename> files. Each certificate is written to a sequentially-number file, beginning with <filename>file0001.der</filename> and continuing through <filename>file000N.der</filename>, incrementing the number for every certificate:</para>
-<programlisting># pk12util -l test.p12 -r
+    <programlisting>pk12util -l test.p12 -r
 Enter password for PKCS12 file: 
 Key(shrouded):
     Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
@@ -297,7 +298,8 @@ Key(shrouded):
             Iteration Count: 1 (0x1)
 Certificate    Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
 
-Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID</programlisting>
+Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+    </programlisting>
   </refsection>
 
   <refsection id="encryption">
@@ -309,86 +311,48 @@ Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) L
     
       <varlistentry>
         <term>Symmetric CBC ciphers for PKCS#5 V2</term>
-        <listitem><para>DES_CBC</para>
-	<itemizedlist>
-	<listitem>
-        <para>RC2-CBC</para>
-	</listitem>
-	<listitem>
-        <para>RC5-CBCPad</para>
-	</listitem>
-	<listitem>
-        <para>DES-EDE3-CBC (the default for key encryption)</para>
-	</listitem>
-	<listitem>
-        <para>AES-128-CBC</para>
-	</listitem>
-	<listitem>
-        <para>AES-192-CBC</para>
-	</listitem>
-	<listitem>
-        <para>AES-256-CBC</para>
-	</listitem>
-	<listitem>
-        <para>CAMELLIA-128-CBC</para>
-	</listitem>
-	<listitem>
-        <para>CAMELLIA-192-CBC</para>
-	</listitem>
-	<listitem>
-        <para>CAMELLIA-256-CBC</para></listitem>
-	</itemizedlist>
-	</listitem>
+        <listitem>
+	     <itemizedlist>
+	       <listitem><para>DES-CBC</para></listitem>
+	       <listitem><para>RC2-CBC</para></listitem>
+	       <listitem><para>RC5-CBCPad</para></listitem>
+	       <listitem><para>DES-EDE3-CBC (the default for key encryption)</para></listitem>
+	       <listitem><para>AES-128-CBC</para></listitem>
+	       <listitem><para>AES-192-CBC</para></listitem>
+	       <listitem><para>AES-256-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-128-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-192-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-256-CBC</para></listitem>
+	     </itemizedlist>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>PKCS#12 PBE ciphers</term>
-        <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para>
-	<itemizedlist>
-	<listitem>
-        <para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para>
-	</listitem>
-	<listitem>
-        <para>PKCS #12 PBE with Sha1 and Triple DES CBC</para>
-	</listitem>
-	<listitem>
-        <para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para>
-	</listitem>
-	<listitem>
-        <para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para>
-	</listitem>
-	<listitem>
-        <para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para>
-	</listitem>
-	<listitem>
-        <para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para>
-	</listitem>
-	<listitem>
-        <para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para>
-	</listitem>
-	<listitem>
-        <para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para>
-	</listitem>
-	<listitem>
-        <para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para>
-	</listitem>
-	<listitem>
-        <para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem>
-	</itemizedlist>
-	</listitem>
+        <listitem>
+	     <itemizedlist>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and Triple DES CBC</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem>
+	     </itemizedlist>
+        </listitem>
       </varlistentry>
-
-      <varlistentry>
-        <term>PKCS#5 PBE ciphers</term>
-        <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para>
-	<itemizedlist>
-	<listitem>
-        <para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para>
-	</listitem>
-	<listitem>
-        <para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem>
-	</itemizedlist>
-	</listitem>
+        <varlistentry><term>PKCS#5 PBE ciphers</term>
+        <listitem>
+	     <itemizedlist>
+	       <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para></listitem>
+	       <listitem><para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para></listitem>
+	       <listitem><para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem>
+	     </itemizedlist>
+        </listitem>
       </varlistentry>
     </variablelist>
     <para>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para>
diff --git a/security/nss/doc/signtool.xml b/security/nss/doc/signtool.xml
index 9f9da68..3a6c208 100644
--- a/security/nss/doc/signtool.xml
+++ b/security/nss/doc/signtool.xml
@@ -27,36 +27,37 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>signtool</command>
-      <arg>-k keyName</arg>
+      <arg>[-b basename]</arg>
+      <arg>[-c Compression Level] </arg>
+      <arg>[-d cert-dir] </arg>
+      <arg>[-e extension] </arg>
+      <arg>[-f filename] </arg>
+      <arg>[-i installer script] </arg>
       <arg>[-h]</arg>
       <arg>[-H]</arg>
-      <arg>[-l]</arg>
-      <arg>[-L]</arg>
-      <arg>[-M]</arg>
       <arg>[-v]</arg>
       <arg>[-w]</arg>
       <arg>[-G nickname]</arg>
+      <arg>[-J]</arg>
+      <arg>[-j directory] </arg>
+      <arg>-k keyName</arg>
       <arg>[--keysize | -s size]</arg>
-      <arg>[-b basename]</arg>
-      <arg>[-c Compression Level] </arg>
-      <arg>[-d cert-dir] </arg>
-      <arg>[-i installer script] </arg>
+      <arg>[-l]</arg>
+      <arg>[-L]</arg>
+      <arg>[-M]</arg>
       <arg>[-m metafile] </arg>
-      <arg>[-x name] </arg>
-      <arg>[-f filename] </arg>
-      <arg>[-t|--token tokenname] </arg>
-      <arg>[-e extension] </arg>
+      <arg>[--norecurse] </arg>
+      <arg>[-O] </arg>
       <arg>[-o] </arg>
+      <arg>[--outfile] </arg>
+      <arg>[-p password] </arg>
+      <arg>[-t|--token tokenname] </arg>
       <arg>[-z] </arg>
       <arg>[-X] </arg>
-      <arg>[--outfile] </arg>
+      <arg>[-x name] </arg>
       <arg>[--verbose value] </arg>
-      <arg>[--norecurse] </arg>
       <arg>[--leavearc] </arg>
-      <arg>[-j directory] </arg>
       <arg>[-Z jarfile] </arg>
-      <arg>[-O] </arg>
-      <arg>[-p password] </arg>
       <arg>directory-tree</arg>
       <arg>archive</arg>
 <!-- this isn't the ideal formatting, since docbook can handle reqiored/optional formatting automatically, but let's make it explicit -->
@@ -97,7 +98,7 @@
       </varlistentry>
       <varlistentry>
         <term>-c#</term>
-			<listitem><para>
+	<listitem><para>
 	Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes.
 
 If the -c# option is not used with either the -J or the -Z option, the default compression value used by both the -J and -Z options is 6.
@@ -124,10 +125,36 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v
 </para></listitem>
       </varlistentry>
       <varlistentry>
+        <term>-G nickname</term>
+        <listitem><para>
+	Generates a new private-public key pair and corresponding object-signing certificate with the given nickname.
+
+The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert.
+
+Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects.
+
+The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token.
+        </para></listitem>
+      </varlistentry>
+      <varlistentry>
         <term>-i scriptname</term>
-			<listitem><para>
-	Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script.
-</para></listitem>
+        <listitem><para>
+Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script.
+        </para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-J</term>
+        <listitem>
+          <para>
+Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once.
+
+The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option.
+
+If the -c# option is not used with the -J option, the default compression value is 6.
+
+Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages.
+          </para>
+        </listitem>
       </varlistentry>
       <varlistentry>
         <term>-j directory</term>
@@ -148,18 +175,6 @@ It's also possible to use the -k option without signing any files or specifying
 </para></listitem>
       </varlistentry>
       <varlistentry>
-        <term>-G nickname</term>
-			<listitem><para>
-	Generates a new private-public key pair and corresponding object-signing certificate with the given nickname.
-
-The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert.
-
-Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects.
-
-The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241.
-</para></listitem>
-      </varlistentry>
-      <varlistentry>
         <term>-l</term>
 			<listitem><para>
 	Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate.
@@ -168,18 +183,6 @@ The -l option is available in Netscape Signing Tool 1.0 and later versions only.
 </para></listitem>
       </varlistentry>
       <varlistentry>
-        <term>-J</term>
-			<listitem><para>
-	Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once.
-
-The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option.
-
-If the -c# option is not used with the -J option, the default compression value is 6.
-
-Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages.
-</para></listitem>
-      </varlistentry>
-      <varlistentry>
         <term>-L</term>
 			<listitem><para>
 	Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool.
diff --git a/security/nss/doc/signver.xml b/security/nss/doc/signver.xml
index 7c598d8..e645e91 100644
--- a/security/nss/doc/signver.xml
+++ b/security/nss/doc/signver.xml
@@ -163,7 +163,7 @@ Using the SQLite databases must be manually specified by using the <command>sql:
 <para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para>
 <programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting>
 
-<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para>
+<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para>
 
 <para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para>
 <itemizedlist>
diff --git a/security/nss/doc/ssltap.xml b/security/nss/doc/ssltap.xml
index e66a493..32b9e2f 100644
--- a/security/nss/doc/ssltap.xml
+++ b/security/nss/doc/ssltap.xml
@@ -26,8 +26,8 @@
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>libssltap</command>
-      <arg choice="opt">-vhfsxl</arg>
+      <command>ssltap</command>
+      <arg choice="opt">-fhlsvx</arg>
       <arg choice="opt">-p port</arg>
       <arg choice="opt">hostname:port</arg>
     </cmdsynopsis>
@@ -48,8 +48,10 @@
     <title>Options</title>
     <variablelist>
       <varlistentry>
-        <term>-v </term>
-        <listitem><para>Print a version string for the tool.</para></listitem>
+        <term>-f </term>
+        <listitem><para>
+Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. 
+        </para></listitem>
       </varlistentry>
       <varlistentry>
         <term>-h </term>
@@ -58,34 +60,6 @@ Turn on hex/ASCII printing. Instead of outputting raw data, the command interpre
         </para></listitem>
       </varlistentry>
       <varlistentry>
-        <term>-f </term>
-        <listitem><para>
-Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. 
-        </para></listitem>
-      </varlistentry>
-             <varlistentry><term>-s </term>
-        <listitem>
-          <para>
-Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures.
-	  </para>
-	  <para>
-If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate.
-	  </para>
-	  <para>
-If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output.
-          </para>
-        </listitem>
-      </varlistentry>
-        <varlistentry>
-        <term>-x  </term>
-          <listitem>
-            <para>
-Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. 
-This option uses the same output format as the -h option.
-            </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
         <term>-l  prefix</term>
         <listitem>
           <para>
@@ -124,6 +98,28 @@ Turn on looping; that is, continue to accept connections rather than stopping af
           </para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term>-s </term>
+        <listitem>
+          <para>
+Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures.
+	  </para>
+	  <para>
+If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate.
+	  </para>
+	  <para>
+If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-v </term>
+        <listitem><para>Print a version string for the tool.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-x </term>
+        <listitem><para>Turn on extra SSL hex dumps.</para></listitem>
+      </varlistentry>
     </variablelist>
   </refsection>
 
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c
index edb95af..ea1621b 100644
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -28,12 +28,12 @@ static const NameToKind name2kinds[] = {
  * (See: http://www.iana.org/assignments/ldap-parameters) 
  */
 /* RFC 3280, 4630 MUST SUPPORT */
-    { "CN",             64, SEC_OID_AVA_COMMON_NAME,    SEC_ASN1_DS},
+    { "CN",            640, SEC_OID_AVA_COMMON_NAME,    SEC_ASN1_DS},
     { "ST",            128, SEC_OID_AVA_STATE_OR_PROVINCE,
 							SEC_ASN1_DS},
-    { "O",              64, SEC_OID_AVA_ORGANIZATION_NAME,
+    { "O",             128, SEC_OID_AVA_ORGANIZATION_NAME,
 							SEC_ASN1_DS},
-    { "OU",             64, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
+    { "OU",            128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
                                                         SEC_ASN1_DS},
     { "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING},
     { "C",               2, SEC_OID_AVA_COUNTRY_NAME, SEC_ASN1_PRINTABLE_STRING},
@@ -377,7 +377,7 @@ ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr)
     char      sep   = 0;
 
     char tagBuf[32];
-    char valBuf[384];
+    char valBuf[1024];
 
     PORT_Assert(arena);
     if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) ||
@@ -889,7 +889,7 @@ get_hex_string(SECItem *data)
 static SECStatus
 AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict)
 {
-#define TMPBUF_LEN 384
+#define TMPBUF_LEN 2048
     const NameToKind *pn2k   = name2kinds;
     SECItem     *avaValue    = NULL;
     char        *unknownTag  = NULL;
diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h
index 1d4fe9c..4ebdf33 100644
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@@ -79,13 +79,6 @@ extern CERTRDN *CERT_CreateRDN(PLArenaPool *arena, CERTAVA *avas, ...);
 extern SECStatus CERT_CopyRDN(PLArenaPool *arena, CERTRDN *dest, CERTRDN *src);
 
 /*
-** Destory an RDN object.
-**	"rdn" the RDN to destroy
-**	"freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void CERT_DestroyRDN(CERTRDN *rdn, PRBool freeit);
-
-/*
 ** Add an AVA to an RDN.
 **	"rdn" the RDN to add to
 **	"ava" the AVA to add
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
index b7d22bd..4330437 100644
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1381,7 +1381,7 @@ cert_TestHostName(char * cn, const char * hn)
 	    return rv;
 	}
     } else {
-	/* New approach conforms to RFC 2818. */
+	/* New approach conforms to RFC 6125. */
 	char *wildcard    = PORT_Strchr(cn, '*');
 	char *firstcndot  = PORT_Strchr(cn, '.');
 	char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL;
@@ -1390,14 +1390,17 @@ cert_TestHostName(char * cn, const char * hn)
 	/* For a cn pattern to be considered valid, the wildcard character...
 	 * - may occur only in a DNS name with at least 3 components, and
 	 * - may occur only as last character in the first component, and
-	 * - may be preceded by additional characters
+	 * - may be preceded by additional characters, and
+	 * - must not be preceded by an IDNA ACE prefix (xn--)
 	 */
 	if (wildcard && secondcndot && secondcndot[1] && firsthndot 
-	    && firstcndot  - wildcard  == 1
-	    && secondcndot - firstcndot > 1
-	    && PORT_Strrchr(cn, '*') == wildcard
+	    && firstcndot  - wildcard  == 1 /* wildcard is last char in first component */
+	    && secondcndot - firstcndot > 1 /* second component is non-empty */
+	    && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
 	    && !PORT_Strncasecmp(cn, hn, wildcard - cn)
-	    && !PORT_Strcasecmp(firstcndot, firsthndot)) {
+	    && !PORT_Strcasecmp(firstcndot, firsthndot)
+	       /* If hn starts with xn--, then cn must start with wildcard */
+	    && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
 	    /* valid wildcard pattern match */
 	    return SECSuccess;
 	}
diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h
index 41e0b91..d0d53c3 100644
--- a/security/nss/lib/certdb/certdb.h
+++ b/security/nss/lib/certdb/certdb.h
@@ -7,16 +7,16 @@
 
 
 /* common flags for all types of certificates */
-#define CERTDB_TERMINAL_RECORD	(1<<0)
-#define CERTDB_TRUSTED		(1<<1)
-#define CERTDB_SEND_WARN	(1<<2)
-#define CERTDB_VALID_CA		(1<<3)
-#define CERTDB_TRUSTED_CA	(1<<4) /* trusted for issuing server certs */
-#define CERTDB_NS_TRUSTED_CA	(1<<5)
-#define CERTDB_USER		(1<<6)
-#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */
-#define CERTDB_INVISIBLE_CA	(1<<8) /* don't show in UI */
-#define CERTDB_GOVT_APPROVED_CA	(1<<9) /* can do strong crypto in export ver */
+#define CERTDB_TERMINAL_RECORD	(1u<<0)
+#define CERTDB_TRUSTED		(1u<<1)
+#define CERTDB_SEND_WARN	(1u<<2)
+#define CERTDB_VALID_CA		(1u<<3)
+#define CERTDB_TRUSTED_CA	(1u<<4) /* trusted for issuing server certs */
+#define CERTDB_NS_TRUSTED_CA	(1u<<5)
+#define CERTDB_USER		(1u<<6)
+#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */
+#define CERTDB_INVISIBLE_CA	(1u<<8) /* don't show in UI */
+#define CERTDB_GOVT_APPROVED_CA	(1u<<9) /* can do strong crypto in export ver */
 
 /* old usage, to keep old programs compiling */
 /* On Windows, Mac, and Linux (and other gcc platforms), we can give compile
diff --git a/security/nss/lib/certdb/certi.h b/security/nss/lib/certdb/certi.h
index 82a372a..f47af1c 100644
--- a/security/nss/lib/certdb/certi.h
+++ b/security/nss/lib/certdb/certi.h
@@ -261,6 +261,28 @@ void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);
  */
 void CERT_MapStanError();
 
+/* Like CERT_VerifyCert, except with an additional argument, flags. The
+ * flags are defined immediately below.
+ */
+SECStatus
+cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
+                         PRBool checkSig, SECCertUsage certUsage, PRTime t,
+                         PRUint32 flags, void *wincx, CERTVerifyLog *log);
+
+/* Use the default settings.
+ * cert_VerifyCertWithFlags(..., CERT_VERIFYCERT_USE_DEFAULTS, ...) is
+ * equivalent to CERT_VerifyCert(...);
+ */
+#define CERT_VERIFYCERT_USE_DEFAULTS 0
+
+/* Skip all the OCSP checks during certificate verification, regardless of
+ * the global OCSP settings. By default, certificate |cert| will have its
+ * revocation status checked via OCSP according to the global OCSP settings.
+ *
+ * OCSP checking is always skipped when certUsage is certUsageStatusResponder.
+ */
+#define CERT_VERIFYCERT_SKIP_OCSP 1
+
 /* Interface function for libpkix cert validation engine:
  * cert_verify wrapper. */
 SECStatus
diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h
index 25c87e0..9ab00fd 100644
--- a/security/nss/lib/certdb/certt.h
+++ b/security/nss/lib/certdb/certt.h
@@ -342,6 +342,7 @@ struct CERTCertListStr {
 };
 
 #define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list))
+#define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list))
 #define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next)
 #define CERT_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
 #define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l)
diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c
index b0d35cc..1b0cc97 100644
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -137,6 +137,39 @@ const SEC_ASN1Template CERT_GeneralNamesTemplate[] = {
 };
 
 
+static struct {
+    CERTGeneralNameType type;
+    char *name;
+} typesArray[] = {
+    { certOtherName, "other" },
+    { certRFC822Name, "email" },
+    { certRFC822Name, "rfc822" },
+    { certDNSName, "dns" },
+    { certX400Address, "x400" },
+    { certX400Address, "x400addr" },
+    { certDirectoryName, "directory" },
+    { certDirectoryName, "dn" },
+    { certEDIPartyName, "edi" },
+    { certEDIPartyName, "ediparty" },
+    { certURI, "uri" },
+    { certIPAddress, "ip" },
+    { certIPAddress, "ipaddr" },
+    { certRegisterID, "registerid" }
+};
+
+CERTGeneralNameType
+CERT_GetGeneralNameTypeFromString(const char *string)
+{
+    int types_count = sizeof(typesArray)/sizeof(typesArray[0]);
+    int i;
+
+    for (i=0; i < types_count; i++) {
+        if (PORT_Strcasecmp(string, typesArray[i].name) == 0) {
+            return typesArray[i].type;
+        }
+    }
+    return 0;
+}
 
 CERTGeneralName *
 CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type)
@@ -1523,6 +1556,75 @@ done:
     return rv;
 }
 
+/* Add name constraints to certain certs that do not include name constraints
+ * This is the core of the implementation for bug 952572.
+ */
+
+static SECStatus
+getNameExtensionsBuiltIn(CERTCertificate  *cert,
+                         SECItem *extensions)
+{
+  const char constraintFranceGov[] = "\x30\x5D" /* sequence len = 93*/
+                                     "\xA0\x5B" /* element len =91 */
+                                     "\x30\x05" /* sequence len 5 */
+                                     "\x82\x03" /* entry len 3 */
+                                     ".fr"
+                                     "\x30\x05\x82\x03" /* sequence len5, entry len 3 */
+                                     ".gp"
+                                     "\x30\x05\x82\x03"
+                                     ".gf"
+                                     "\x30\x05\x82\x03"
+                                     ".mq"
+                                     "\x30\x05\x82\x03"
+                                     ".re"
+                                     "\x30\x05\x82\x03"
+                                     ".yt"
+                                     "\x30\x05\x82\x03"
+                                     ".pm"
+                                     "\x30\x05\x82\x03"
+                                     ".bl"
+                                     "\x30\x05\x82\x03"
+                                     ".mf"
+                                     "\x30\x05\x82\x03"
+                                     ".wf"
+                                     "\x30\x05\x82\x03"
+                                     ".pf"
+                                     "\x30\x05\x82\x03"
+                                     ".nc"
+                                     "\x30\x05\x82\x03"
+                                     ".tf";
+
+  /* The stringified value for the subject is:
+     E=igca at sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
+   */
+  const char rawANSSISubject[] = "\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04"
+                                 "\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03"
+                                 "\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65"
+                                 "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05"
+                                 "\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03"
+                                 "\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44"
+                                 "\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13"
+                                 "\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06"
+                                 "\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41"
+                                 "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7"
+                                 "\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40"
+                                 "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75"
+                                 "\x76\x2E\x66\x72";
+
+  const SECItem anssi_subject = {0, (unsigned char *) rawANSSISubject,
+                                 sizeof(rawANSSISubject)-1};
+  const SECItem permitFranceGovNC = {0, (unsigned char *) constraintFranceGov,
+                                     sizeof(constraintFranceGov)-1};
+
+  if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) {
+    SECStatus rv;
+    rv = SECITEM_CopyItem(NULL, extensions, &permitFranceGovNC);
+    return rv;
+  }
+  PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+  return SECFailure;
+}
+
 /* Extract the name constraints extension from the CA cert. */
 SECStatus
 CERT_FindNameConstraintsExten(PLArenaPool      *arena,
@@ -1538,10 +1640,16 @@ CERT_FindNameConstraintsExten(PLArenaPool      *arena,
     rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS, 
                                 &constraintsExtension);
     if (rv != SECSuccess) {
-        if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
-            rv = SECSuccess;
+        if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
+            return rv;
+        }
+        rv = getNameExtensionsBuiltIn(cert, &constraintsExtension);
+        if (rv != SECSuccess) {
+          if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
+            return SECSuccess;
+          }
+          return rv;
         }
-        return rv;
     }
 
     mark = PORT_ArenaMark(arena);
diff --git a/security/nss/lib/certdb/genname.h b/security/nss/lib/certdb/genname.h
index 091c82c..1d94376 100644
--- a/security/nss/lib/certdb/genname.h
+++ b/security/nss/lib/certdb/genname.h
@@ -26,6 +26,9 @@ cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName);
 extern SECStatus
 cert_DestroyGeneralNames(CERTGeneralName *name);
 
+extern CERTGeneralNameType
+CERT_GetGeneralNameTypeFromString(const char *string);
+
 extern SECStatus 
 cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
 			   SECItem *dest);
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index fbed385..3141163 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -506,7 +506,18 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
 	    PORT_SetError (SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID);
 	    LOG_ERROR_OR_EXIT(log, issuerCert, count+1, pathLengthLimit);
 	}
-	
+
+        /* make sure that the entire chain is within the name space of the
+         * current issuer certificate.
+         */
+        rv = CERT_CompareNameSpace(issuerCert, namesList, certsList,
+                                   arena, &badCert);
+        if (rv != SECSuccess || badCert != NULL) {
+            PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE);
+            LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0);
+            goto loser;
+        }
+
 	/* XXX - the error logging may need to go down into CRL stuff at some
 	 * point
 	 */
@@ -628,16 +639,6 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
 	    }
 	}
 
-	/* make sure that the entire chain is within the name space of the 
-	** current issuer certificate.
-	*/
-	rv = CERT_CompareNameSpace(issuerCert, namesList, certsList, 
-	                           arena, &badCert);
-	if (rv != SECSuccess || badCert != NULL) {
-	    PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE);
-            LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0);
-	    goto loser;
-	}
 	/* make sure that the issuer is not self signed.  If it is, then
 	 * stop here to prevent looping.
 	 */
@@ -1200,7 +1201,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
 
         /*
          * Check OCSP revocation status, but only if the cert we are checking
-         * is not a status reponder itself.  We only do this in the case
+         * is not a status responder itself. We only do this in the case
          * where we checked the cert chain (above); explicit trust "wins"
          * (avoids status checking, just as it avoids CRL checking) by
          * bypassing this code.
@@ -1235,10 +1236,19 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
 		PRBool checkSig, SECCertUsage certUsage, PRTime t,
 		void *wincx, CERTVerifyLog *log)
 {
+    return cert_VerifyCertWithFlags(handle, cert, checkSig, certUsage, t,
+                                    CERT_VERIFYCERT_USE_DEFAULTS, wincx, log);
+}
+
+SECStatus
+cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
+                         PRBool checkSig, SECCertUsage certUsage, PRTime t,
+                         PRUint32 flags, void *wincx, CERTVerifyLog *log)
+{
     SECStatus rv;
     unsigned int requiredKeyUsage;
     unsigned int requiredCertType;
-    unsigned int flags;
+    unsigned int failedFlags;
     unsigned int certType;
     PRBool       trusted;
     PRBool       allowOverride;
@@ -1307,10 +1317,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
 	LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType);
     }
 
-    rv = cert_CheckLeafTrust(cert,certUsage, &flags, &trusted);
+    rv = cert_CheckLeafTrust(cert, certUsage, &failedFlags, &trusted);
     if (rv  == SECFailure) {
 	PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
-	LOG_ERROR_OR_EXIT(log,cert,0,flags);
+	LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags);
     } else if (trusted) {
 	goto done;
     }
@@ -1323,15 +1333,17 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
     }
 
     /*
-     * Check revocation status, but only if the cert we are checking
-     * is not a status reponder itself.  We only do this in the case
-     * where we checked the cert chain (above); explicit trust "wins"
-     * (avoids status checking, just as it avoids CRL checking, which
-     * is all done inside VerifyCertChain) by bypassing this code.
+     * Check revocation status, but only if the cert we are checking is not a
+     * status responder itself and the caller did not ask us to skip the check.
+     * We only do this in the case where we checked the cert chain (above);
+     * explicit trust "wins" (avoids status checking, just as it avoids CRL
+     * checking, which is all done inside VerifyCertChain) by bypassing this
+     * code.
      */
-    statusConfig = CERT_GetStatusConfig(handle);
-    if (certUsage != certUsageStatusResponder && statusConfig != NULL) {
-	if (statusConfig->statusChecker != NULL) {
+    if (!(flags & CERT_VERIFYCERT_SKIP_OCSP) &&
+	certUsage != certUsageStatusResponder) {
+	statusConfig = CERT_GetStatusConfig(handle);
+	if (statusConfig && statusConfig->statusChecker) {
 	    rv = (* statusConfig->statusChecker)(handle, cert,
 							 t, wincx);
 	    if (rv != SECSuccess) {
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
index d9c3289..59b341f 100644
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -18,6 +18,7 @@
 #include "secasn1.h"
 #include "secder.h"
 #include "cert.h"
+#include "certi.h"
 #include "xconst.h"
 #include "secerr.h"
 #include "secoid.h"
@@ -2576,9 +2577,8 @@ loser:
 static SECStatus
 ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes)
 {
-    PORT_Assert(rbytes != NULL);		/* internal error, really */
     if (rbytes == NULL) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);	/* XXX set better error? */
+	PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
 	return SECFailure;
     }
 
@@ -4184,8 +4184,9 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
         } else {
             certUsage = certUsageStatusResponder;
         }
-        rv = CERT_VerifyCert(handle, signerCert, PR_TRUE,
-                             certUsage, producedAt, pwArg, NULL);
+        rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage,
+                                      producedAt, CERT_VERIFYCERT_SKIP_OCSP,
+                                      pwArg, NULL);
         if (rv != SECSuccess) {
             PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
             goto finish;
@@ -4227,8 +4228,7 @@ finish:
  * algorithm was used.
  */
 static PRBool
-ocsp_CertIDsMatch(CERTCertDBHandle *handle,
-		  CERTOCSPCertID *requestCertID,
+ocsp_CertIDsMatch(CERTOCSPCertID *requestCertID,
 		  CERTOCSPCertID *responseCertID)
 {
     PRBool match = PR_FALSE;
@@ -4285,7 +4285,7 @@ ocsp_CertIDsMatch(CERTCertDBHandle *handle,
 	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- 	return SECFailure;
+ 	return PR_FALSE;
     }
 
     if ((keyHash != NULL)
@@ -4319,7 +4319,7 @@ ocsp_GetSingleResponseForCertID(CERTOCSPSingleResponse **responses,
 
     for (i = 0; responses[i] != NULL; i++) {
 	single = responses[i];
-	if (ocsp_CertIDsMatch(handle, certID, single->certID)) {
+	if (ocsp_CertIDsMatch(certID, single->certID)) {
 	    return single;
 	}
     }
@@ -5086,6 +5086,9 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
     }
     if (cachedResponseFreshness == ocspFresh) {
         CERT_DestroyOCSPCertID(certID);
+        if (rvOcsp != SECSuccess) {
+            PORT_SetError(cachedErrorCode);
+        }
         return rvOcsp;
     }
 
diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt
index c584218..ca4c66b 100644
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -607,6 +607,34 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
+# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 1407252 (0x157914)
+# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
+# Not Valid Before: Mon Feb 01 14:54:04 2010
+# Not Valid After : Tue Sep 30 00:00:00 2014
+# Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC
+# Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
+\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
+\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
+\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\025\171\024
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
 #
 # Certificate "Digital Signature Trust Co. Global CA 1"
 #
@@ -2585,6 +2613,118 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
+# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34
+# Subject: CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
+# Not Valid Before: Sun May 18 00:00:00 2008
+# Not Valid After : Thu May 17 23:59:59 2018
+# Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D
+# Fingerprint (SHA1): 6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\114\000\066\033\345\010\053\251\252\316\164\012\005\076
+\373\064
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51
+# Subject: CN=Egypt Trust Class 3 Managed PKI Operational Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
+# Not Valid Before: Sun May 18 00:00:00 2008
+# Not Valid After : Thu May 17 23:59:59 2018
+# Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34
+# Fingerprint (SHA1): 9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\014\236\207\151\252\225\134\352\043\330\105\236\324
+\133\121
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76
+# Subject: CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
+# Not Valid Before: Sun May 18 00:00:00 2008
+# Not Valid After : Thu May 17 23:59:59 2018
+# Fingerprint (MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E
+# Fingerprint (SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\022\275\046\242\256\063\300\177\044\173\152\130\151\362
+\012\166
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
 #
 # Certificate "Verisign Class 4 Public Primary Certification Authority - G3"
 #
@@ -7236,157 +7376,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "TDC OCES Root CA"
-#
-# Issuer: CN=TDC OCES CA,O=TDC,C=DK
-# Serial Number: 1044954564 (0x3e48bdc4)
-# Subject: CN=TDC OCES CA,O=TDC,C=DK
-# Not Valid Before: Tue Feb 11 08:39:30 2003
-# Not Valid After : Wed Feb 11 09:09:30 2037
-# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
-# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TDC OCES Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061
-\014\060\012\006\003\125\004\012\023\003\124\104\103\061\024\060
-\022\006\003\125\004\003\023\013\124\104\103\040\117\103\105\123
-\040\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061
-\014\060\012\006\003\125\004\012\023\003\124\104\103\061\024\060
-\022\006\003\125\004\003\023\013\124\104\103\040\117\103\105\123
-\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\076\110\275\304
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\031\060\202\004\001\240\003\002\001\002\002\004\076
-\110\275\304\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\061\061\013\060\011\006\003\125\004\006\023\002\104
-\113\061\014\060\012\006\003\125\004\012\023\003\124\104\103\061
-\024\060\022\006\003\125\004\003\023\013\124\104\103\040\117\103
-\105\123\040\103\101\060\036\027\015\060\063\060\062\061\061\060
-\070\063\071\063\060\132\027\015\063\067\060\062\061\061\060\071
-\060\071\063\060\132\060\061\061\013\060\011\006\003\125\004\006
-\023\002\104\113\061\014\060\012\006\003\125\004\012\023\003\124
-\104\103\061\024\060\022\006\003\125\004\003\023\013\124\104\103
-\040\117\103\105\123\040\103\101\060\202\001\042\060\015\006\011
-\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
-\060\202\001\012\002\202\001\001\000\254\142\366\141\040\262\317
-\300\306\205\327\343\171\346\314\355\362\071\222\244\227\056\144
-\243\204\133\207\234\114\375\244\363\304\137\041\275\126\020\353
-\333\056\141\354\223\151\343\243\314\275\231\303\005\374\006\270
-\312\066\034\376\220\216\111\114\304\126\232\057\126\274\317\173
-\014\361\157\107\246\015\103\115\342\351\035\071\064\315\215\054
-\331\022\230\371\343\341\301\112\174\206\070\304\251\304\141\210
-\322\136\257\032\046\115\325\344\240\042\107\204\331\144\267\031
-\226\374\354\031\344\262\227\046\116\112\114\313\217\044\213\124
-\030\034\110\141\173\325\210\150\332\135\265\352\315\032\060\301
-\200\203\166\120\252\117\321\324\335\070\360\357\026\364\341\014
-\120\006\277\352\373\172\111\241\050\053\034\366\374\025\062\243
-\164\152\217\251\303\142\051\161\061\345\073\244\140\027\136\164
-\346\332\023\355\351\037\037\033\321\262\150\163\306\020\064\165
-\106\020\020\343\220\000\166\100\313\213\267\103\011\041\377\253
-\116\223\306\130\351\245\202\333\167\304\072\231\261\162\225\111
-\004\360\267\053\372\173\131\216\335\002\003\001\000\001\243\202
-\002\067\060\202\002\063\060\017\006\003\125\035\023\001\001\377
-\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001
-\377\004\004\003\002\001\006\060\201\354\006\003\125\035\040\004
-\201\344\060\201\341\060\201\336\006\010\052\201\120\201\051\001
-\001\001\060\201\321\060\057\006\010\053\006\001\005\005\007\002
-\001\026\043\150\164\164\160\072\057\057\167\167\167\056\143\145
-\162\164\151\146\151\153\141\164\056\144\153\057\162\145\160\157
-\163\151\164\157\162\171\060\201\235\006\010\053\006\001\005\005
-\007\002\002\060\201\220\060\012\026\003\124\104\103\060\003\002
-\001\001\032\201\201\103\145\162\164\151\146\151\153\141\164\145
-\162\040\146\162\141\040\144\145\156\156\145\040\103\101\040\165
-\144\163\164\145\144\145\163\040\165\156\144\145\162\040\117\111
-\104\040\061\056\062\056\062\060\070\056\061\066\071\056\061\056
-\061\056\061\056\040\103\145\162\164\151\146\151\143\141\164\145
-\163\040\146\162\157\155\040\164\150\151\163\040\103\101\040\141
-\162\145\040\151\163\163\165\145\144\040\165\156\144\145\162\040
-\117\111\104\040\061\056\062\056\062\060\070\056\061\066\071\056
-\061\056\061\056\061\056\060\021\006\011\140\206\110\001\206\370
-\102\001\001\004\004\003\002\000\007\060\201\201\006\003\125\035
-\037\004\172\060\170\060\110\240\106\240\104\244\102\060\100\061
-\013\060\011\006\003\125\004\006\023\002\104\113\061\014\060\012
-\006\003\125\004\012\023\003\124\104\103\061\024\060\022\006\003
-\125\004\003\023\013\124\104\103\040\117\103\105\123\040\103\101
-\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060
-\054\240\052\240\050\206\046\150\164\164\160\072\057\057\143\162
-\154\056\157\143\145\163\056\143\145\162\164\151\146\151\153\141
-\164\056\144\153\057\157\143\145\163\056\143\162\154\060\053\006
-\003\125\035\020\004\044\060\042\200\017\062\060\060\063\060\062
-\061\061\060\070\063\071\063\060\132\201\017\062\060\063\067\060
-\062\061\061\060\071\060\071\063\060\132\060\037\006\003\125\035
-\043\004\030\060\026\200\024\140\265\205\354\126\144\176\022\031
-\047\147\035\120\025\113\163\256\073\371\022\060\035\006\003\125
-\035\016\004\026\004\024\140\265\205\354\126\144\176\022\031\047
-\147\035\120\025\113\163\256\073\371\022\060\035\006\011\052\206
-\110\206\366\175\007\101\000\004\020\060\016\033\010\126\066\056
-\060\072\064\056\060\003\002\004\220\060\015\006\011\052\206\110
-\206\367\015\001\001\005\005\000\003\202\001\001\000\012\272\046
-\046\106\323\163\250\011\363\153\013\060\231\375\212\341\127\172
-\021\323\270\224\327\011\020\156\243\261\070\003\321\266\362\103
-\101\051\142\247\162\330\373\174\005\346\061\160\047\124\030\116
-\212\174\116\345\321\312\214\170\210\317\033\323\220\213\346\043
-\370\013\016\063\103\175\234\342\012\031\217\311\001\076\164\135
-\164\311\213\034\003\345\030\310\001\114\077\313\227\005\135\230
-\161\246\230\157\266\174\275\067\177\276\341\223\045\155\157\360
-\012\255\027\030\341\003\274\007\051\310\255\046\350\370\141\360
-\375\041\011\176\232\216\251\150\175\110\142\162\275\000\352\001
-\231\270\006\202\121\201\116\361\365\264\221\124\271\043\172\000
-\232\237\135\215\340\074\144\271\032\022\222\052\307\202\104\162
-\071\334\342\074\306\330\125\365\025\116\310\005\016\333\306\320
-\142\246\354\025\264\265\002\202\333\254\214\242\201\360\233\231
-\061\365\040\040\250\210\141\012\007\237\224\374\320\327\033\314
-\056\027\363\004\047\166\147\353\124\203\375\244\220\176\006\075
-\004\243\103\055\332\374\013\142\352\057\137\142\123
-END
-
-# Trust for Certificate "TDC OCES Root CA"
-# Issuer: CN=TDC OCES CA,O=TDC,C=DK
-# Serial Number: 1044954564 (0x3e48bdc4)
-# Subject: CN=TDC OCES CA,O=TDC,C=DK
-# Not Valid Before: Tue Feb 11 08:39:30 2003
-# Not Valid After : Wed Feb 11 09:09:30 2037
-# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
-# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TDC OCES Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\207\201\302\132\226\275\302\373\114\145\006\117\371\071\013\046
-\004\212\016\001
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\223\177\220\034\355\204\147\027\244\145\137\233\313\060\002\227
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061
-\014\060\012\006\003\125\004\012\023\003\124\104\103\061\024\060
-\022\006\003\125\004\003\023\013\124\104\103\040\117\103\105\123
-\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\076\110\275\304
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "UTN DATACorp SGC Root CA"
 #
 # Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
@@ -9915,163 +9904,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Firmaprofesional Root CA"
-#
-# Issuer: E=ca at firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
-# Serial Number: 1 (0x1)
-# Subject: E=ca at firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
-# Not Valid Before: Wed Oct 24 22:00:00 2001
-# Not Valid After : Thu Oct 24 22:00:00 2013
-# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF
-# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Firmaprofesional Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123
-\061\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165
-\156\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145
-\154\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101
-\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164
-\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160
-\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101
-\066\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206
-\110\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155
-\141\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123
-\061\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165
-\156\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145
-\154\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101
-\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164
-\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160
-\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101
-\066\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206
-\110\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155
-\141\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\127\060\202\003\077\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123\061
-\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165\156
-\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145\154
-\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101\165
-\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151
-\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160\162
-\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101\066
-\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206\110
-\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155\141
-\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155\060
-\036\027\015\060\061\061\060\062\064\062\062\060\060\060\060\132
-\027\015\061\063\061\060\062\064\062\062\060\060\060\060\132\060
-\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123\061
-\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165\156
-\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145\154
-\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101\165
-\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151
-\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160\162
-\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101\066
-\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206\110
-\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155\141
-\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155\060
-\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001
-\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000
-\347\043\003\157\157\043\245\136\170\316\225\054\355\224\036\156
-\012\236\001\307\352\060\321\054\235\335\067\350\233\230\171\126
-\323\374\163\337\320\212\336\125\217\121\371\132\352\336\265\160
-\304\355\244\355\377\243\015\156\017\144\120\061\257\001\047\130
-\256\376\154\247\112\057\027\055\323\163\325\023\034\217\131\245
-\064\054\035\124\004\105\315\150\270\240\300\003\245\317\205\102
-\107\225\050\133\317\357\200\154\340\220\227\212\001\074\035\363
-\207\020\060\046\110\175\327\374\351\235\221\161\377\101\232\251
-\100\265\067\234\051\040\117\037\122\343\240\175\023\155\124\267
-\012\336\351\152\116\007\254\254\031\137\334\176\142\164\366\262
-\005\000\272\205\240\375\035\070\156\313\132\273\206\274\224\147
-\063\065\203\054\037\043\315\370\310\221\161\314\227\213\357\256
-\017\334\051\003\033\300\071\353\160\355\301\156\016\330\147\013
-\211\251\274\065\344\357\266\064\264\245\266\304\055\245\276\320
-\303\224\044\110\333\337\226\323\000\265\146\032\213\146\005\017
-\335\077\077\313\077\252\136\232\112\370\264\112\357\225\067\033
-\002\003\001\000\001\243\201\237\060\201\234\060\052\006\003\125
-\035\021\004\043\060\041\206\037\150\164\164\160\072\057\057\167
-\167\167\056\146\151\162\155\141\160\162\157\146\145\163\151\157
-\156\141\154\056\143\157\155\060\022\006\003\125\035\023\001\001
-\377\004\010\060\006\001\001\377\002\001\001\060\053\006\003\125
-\035\020\004\044\060\042\200\017\062\060\060\061\061\060\062\064
-\062\062\060\060\060\060\132\201\017\062\060\061\063\061\060\062
-\064\062\062\060\060\060\060\132\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016\004
-\026\004\024\063\013\240\146\321\352\332\316\336\142\223\004\050
-\122\265\024\177\070\150\267\060\015\006\011\052\206\110\206\367
-\015\001\001\005\005\000\003\202\001\001\000\107\163\376\215\047
-\124\360\365\324\167\234\047\171\127\127\267\025\126\354\307\330
-\130\267\001\002\364\063\355\223\120\210\236\174\106\261\275\077
-\024\157\361\263\107\110\213\214\227\006\327\352\176\243\134\052
-\273\115\057\107\342\370\071\006\311\234\056\061\032\003\170\364
-\274\070\306\042\213\063\061\360\026\004\004\175\371\166\344\113
-\327\300\346\203\354\131\314\077\336\377\117\153\267\147\176\246
-\206\201\062\043\003\235\310\367\137\301\112\140\245\222\251\261
-\244\240\140\303\170\207\263\042\363\052\353\133\251\355\005\253
-\067\017\261\342\323\225\166\143\126\164\214\130\162\033\067\345
-\144\241\276\115\014\223\230\014\227\366\207\155\263\077\347\313
-\200\246\355\210\307\137\120\142\002\350\231\164\026\320\346\264
-\071\361\047\313\310\100\326\343\206\020\251\043\022\222\340\151
-\101\143\247\257\045\013\300\305\222\313\036\230\243\132\272\305
-\063\017\240\227\001\335\177\340\173\326\006\124\317\241\342\115
-\070\353\113\120\265\313\046\364\312\332\160\112\152\241\342\171
-\252\341\247\063\366\375\112\037\366\331\140
-END
-
-# Trust for Certificate "Firmaprofesional Root CA"
-# Issuer: E=ca at firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
-# Serial Number: 1 (0x1)
-# Subject: E=ca at firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
-# Not Valid Before: Wed Oct 24 22:00:00 2001
-# Not Valid After : Thu Oct 24 22:00:00 2013
-# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF
-# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Firmaprofesional Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\251\142\217\113\230\251\033\110\065\272\322\301\106\062\206\273
-\146\144\152\214
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\021\222\171\100\074\261\203\100\345\253\146\112\147\222\200\337
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123
-\061\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165
-\156\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145
-\154\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101
-\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164
-\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160
-\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101
-\066\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206
-\110\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155
-\141\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "Swisscom Root CA 1"
 #
 # Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
@@ -21854,188 +21686,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Bogus kuix.de"
-#
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0
-# Subject: CN=kuix.de,OU=Comodo Trial SSL,OU=TEST USE ONLY - NO WARRANTY ATTACHED,OU=For Testing Purposes Only,O=Kai Engert,STREET=Test Street,L=Test City,ST=Test State,postalCode=12345,C=DE
-# Not Valid Before: Thu Mar 17 00:00:00 2011
-# Not Valid After : Sat Apr 16 23:59:59 2011
-# Fingerprint (MD5): F7:5F:98:BC:D8:64:0C:16:E5:AE:EE:AA:00:F6:1F:07
-# Fingerprint (SHA1): 82:61:4B:EC:97:48:15:DE:CC:9A:CC:6E:84:21:71:79:B2:64:20:40
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus kuix.de"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\361\061\013\060\011\006\003\125\004\006\023\002\104\105
-\061\016\060\014\006\003\125\004\021\023\005\061\062\063\064\065
-\061\023\060\021\006\003\125\004\010\023\012\124\145\163\164\040
-\123\164\141\164\145\061\022\060\020\006\003\125\004\007\023\011
-\124\145\163\164\040\103\151\164\171\061\024\060\022\006\003\125
-\004\011\023\013\124\145\163\164\040\123\164\162\145\145\164\061
-\023\060\021\006\003\125\004\012\023\012\113\141\151\040\105\156
-\147\145\162\164\061\042\060\040\006\003\125\004\013\023\031\106
-\157\162\040\124\145\163\164\151\156\147\040\120\165\162\160\157
-\163\145\163\040\117\156\154\171\061\055\060\053\006\003\125\004
-\013\023\044\124\105\123\124\040\125\123\105\040\117\116\114\131
-\040\055\040\116\117\040\127\101\122\122\101\116\124\131\040\101
-\124\124\101\103\110\105\104\061\031\060\027\006\003\125\004\013
-\023\020\103\157\155\157\144\157\040\124\162\151\141\154\040\123
-\123\114\061\020\060\016\006\003\125\004\003\023\007\153\165\151
-\170\056\144\145
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\162\003\041\005\305\014\010\127\075\216\245\060\116\376
-\350\260
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\154\060\202\004\124\240\003\002\001\002\002\020\162
-\003\041\005\305\014\010\127\075\216\245\060\116\376\350\260\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
-\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
-\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
-\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
-\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
-\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
-\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
-\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
-\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
-\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
-\061\067\060\060\060\060\060\060\132\027\015\061\061\060\064\061
-\066\062\063\065\071\065\071\132\060\201\361\061\013\060\011\006
-\003\125\004\006\023\002\104\105\061\016\060\014\006\003\125\004
-\021\023\005\061\062\063\064\065\061\023\060\021\006\003\125\004
-\010\023\012\124\145\163\164\040\123\164\141\164\145\061\022\060
-\020\006\003\125\004\007\023\011\124\145\163\164\040\103\151\164
-\171\061\024\060\022\006\003\125\004\011\023\013\124\145\163\164
-\040\123\164\162\145\145\164\061\023\060\021\006\003\125\004\012
-\023\012\113\141\151\040\105\156\147\145\162\164\061\042\060\040
-\006\003\125\004\013\023\031\106\157\162\040\124\145\163\164\151
-\156\147\040\120\165\162\160\157\163\145\163\040\117\156\154\171
-\061\055\060\053\006\003\125\004\013\023\044\124\105\123\124\040
-\125\123\105\040\117\116\114\131\040\055\040\116\117\040\127\101
-\122\122\101\116\124\131\040\101\124\124\101\103\110\105\104\061
-\031\060\027\006\003\125\004\013\023\020\103\157\155\157\144\157
-\040\124\162\151\141\154\040\123\123\114\061\020\060\016\006\003
-\125\004\003\023\007\153\165\151\170\056\144\145\060\201\237\060
-\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201
-\215\000\060\201\211\002\201\201\000\270\252\216\365\227\107\007
-\137\345\170\166\156\223\153\216\337\113\074\333\231\057\161\123
-\051\156\245\363\044\117\110\045\043\100\001\354\012\025\013\354
-\156\310\236\046\043\146\373\351\333\330\050\205\041\117\036\337
-\173\114\345\143\301\013\262\142\126\224\123\313\277\234\241\115
-\331\207\305\151\110\074\261\277\245\150\122\041\035\172\334\224
-\117\104\156\107\045\035\237\234\222\322\067\035\371\133\133\262
-\335\076\030\327\363\207\146\255\243\364\316\217\321\157\360\271
-\264\357\261\352\025\143\012\316\201\002\003\001\000\001\243\202
-\001\332\060\202\001\326\060\037\006\003\125\035\043\004\030\060
-\026\200\024\241\162\137\046\033\050\230\103\225\135\007\067\325
-\205\226\235\113\322\303\105\060\035\006\003\125\035\016\004\026
-\004\024\100\217\071\046\234\114\206\043\231\306\121\011\246\346
-\362\301\376\247\366\267\060\016\006\003\125\035\017\001\001\377
-\004\004\003\002\005\240\060\014\006\003\125\035\023\001\001\377
-\004\002\060\000\060\035\006\003\125\035\045\004\026\060\024\006
-\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
-\007\003\002\060\106\006\003\125\035\040\004\077\060\075\060\073
-\006\014\053\006\001\004\001\262\061\001\002\001\003\004\060\053
-\060\051\006\010\053\006\001\005\005\007\002\001\026\035\150\164
-\164\160\163\072\057\057\163\145\143\165\162\145\056\143\157\155
-\157\144\157\056\143\157\155\057\103\120\123\060\173\006\003\125
-\035\037\004\164\060\162\060\070\240\066\240\064\206\062\150\164
-\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157\143
-\141\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151
-\162\163\164\055\110\141\162\144\167\141\162\145\056\143\162\154
-\060\066\240\064\240\062\206\060\150\164\164\160\072\057\057\143
-\162\154\056\143\157\155\157\144\157\056\156\145\164\057\125\124
-\116\055\125\123\105\122\106\151\162\163\164\055\110\141\162\144
-\167\141\162\145\056\143\162\154\060\161\006\010\053\006\001\005
-\005\007\001\001\004\145\060\143\060\073\006\010\053\006\001\005
-\005\007\060\002\206\057\150\164\164\160\072\057\057\143\162\164
-\056\143\157\155\157\144\157\143\141\056\143\157\155\057\125\124
-\116\101\144\144\124\162\165\163\164\123\145\162\166\145\162\103
-\101\056\143\162\164\060\044\006\010\053\006\001\005\005\007\060
-\001\206\030\150\164\164\160\072\057\057\157\143\163\160\056\143
-\157\155\157\144\157\143\141\056\143\157\155\060\037\006\003\125
-\035\021\004\030\060\026\202\007\153\165\151\170\056\144\145\202
-\013\167\167\167\056\153\165\151\170\056\144\145\060\015\006\011
-\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
-\216\141\036\046\036\242\331\031\320\360\324\275\211\371\352\222
-\021\171\152\136\173\174\237\176\071\163\011\126\121\346\206\124
-\307\155\106\166\122\312\152\250\064\300\140\076\003\316\263\311
-\110\227\321\237\246\241\152\017\376\167\321\036\020\263\127\200
-\251\006\046\204\246\373\172\067\023\316\204\314\167\171\011\056
-\342\104\276\037\254\167\156\167\106\101\333\260\262\151\221\164
-\321\200\226\141\061\014\057\012\317\265\320\334\010\055\353\366
-\165\202\336\212\056\272\075\007\220\140\071\126\203\341\202\312
-\043\254\337\343\317\115\160\127\301\270\267\223\232\355\334\213
-\336\112\240\125\050\002\253\103\014\124\227\150\030\242\353\071
-\341\271\374\277\163\200\144\063\022\173\207\140\002\347\076\160
-\311\207\312\251\066\074\005\361\006\136\161\012\016\012\066\231
-\260\207\347\151\132\261\240\060\116\175\141\130\313\306\250\226
-\200\136\175\301\052\377\233\112\112\353\051\147\212\017\157\346
-\031\355\202\317\201\127\341\044\255\242\321\372\332\024\227\260
-\154\174\107\306\327\224\021\041\354\326\132\322\335\217\177\221
-END
-
-# Trust for Certificate "Bogus kuix.de"
-# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0
-# Subject: CN=kuix.de,OU=Comodo Trial SSL,OU=TEST USE ONLY - NO WARRANTY ATTACHED,OU=For Testing Purposes Only,O=Kai Engert,STREET=Test Street,L=Test City,ST=Test State,postalCode=12345,C=DE
-# Not Valid Before: Thu Mar 17 00:00:00 2011
-# Not Valid After : Sat Apr 16 23:59:59 2011
-# Fingerprint (MD5): F7:5F:98:BC:D8:64:0C:16:E5:AE:EE:AA:00:F6:1F:07
-# Fingerprint (SHA1): 82:61:4B:EC:97:48:15:DE:CC:9A:CC:6E:84:21:71:79:B2:64:20:40
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Bogus kuix.de"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\202\141\113\354\227\110\025\336\314\232\314\156\204\041\161\171
-\262\144\040\100
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\367\137\230\274\330\144\014\026\345\256\356\252\000\366\037\007
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
-\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\110\141\162\144\167\141\162\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\162\003\041\005\305\014\010\127\075\216\245\060\116\376
-\350\260
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "Go Daddy Root Certificate Authority - G2"
 #
 # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -28969,3 +28619,622 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TeliaSonera Root CA v1"
+#
+# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96
+# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Not Valid Before: Thu Oct 18 12:00:50 2007
+# Not Valid After : Mon Oct 18 12:00:50 2032
+# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C
+# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TeliaSonera Root CA v1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154
+\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004
+\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122
+\157\157\164\040\103\101\040\166\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154
+\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004
+\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122
+\157\157\164\040\103\101\040\166\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372
+\213\315\226
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\070\060\202\003\040\240\003\002\001\002\002\021\000
+\225\276\026\240\367\056\106\361\173\071\202\162\372\213\315\226
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154\151
+\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004\003
+\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122\157
+\157\164\040\103\101\040\166\061\060\036\027\015\060\067\061\060
+\061\070\061\062\060\060\065\060\132\027\015\063\062\061\060\061
+\070\061\062\060\060\065\060\132\060\067\061\024\060\022\006\003
+\125\004\012\014\013\124\145\154\151\141\123\157\156\145\162\141
+\061\037\060\035\006\003\125\004\003\014\026\124\145\154\151\141
+\123\157\156\145\162\141\040\122\157\157\164\040\103\101\040\166
+\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\302\276\353\047\360\041\243\363\151\046\125\176\235\305
+\125\026\221\134\375\357\041\277\123\200\172\055\322\221\214\143
+\061\360\354\044\360\303\245\322\162\174\020\155\364\067\267\345
+\346\174\171\352\214\265\202\213\256\110\266\254\000\334\145\165
+\354\052\115\137\301\207\365\040\145\053\201\250\107\076\211\043
+\225\060\026\220\177\350\127\007\110\347\031\256\277\105\147\261
+\067\033\006\052\376\336\371\254\175\203\373\136\272\344\217\227
+\147\276\113\216\215\144\007\127\070\125\151\064\066\075\023\110
+\357\117\342\323\146\036\244\317\032\267\136\066\063\324\264\006
+\275\030\001\375\167\204\120\000\105\365\214\135\350\043\274\176
+\376\065\341\355\120\173\251\060\215\031\323\011\216\150\147\135
+\277\074\227\030\123\273\051\142\305\312\136\162\301\307\226\324
+\333\055\240\264\037\151\003\354\352\342\120\361\014\074\360\254
+\363\123\055\360\034\365\355\154\071\071\163\200\026\310\122\260
+\043\315\340\076\334\335\074\107\240\273\065\212\342\230\150\213
+\276\345\277\162\356\322\372\245\355\022\355\374\230\030\251\046
+\166\334\050\113\020\040\034\323\177\026\167\055\355\157\200\367
+\111\273\123\005\273\135\150\307\324\310\165\026\077\211\132\213
+\367\027\107\324\114\361\322\211\171\076\115\075\230\250\141\336
+\072\036\322\370\136\003\340\301\311\034\214\323\215\115\323\225
+\066\263\067\137\143\143\233\063\024\360\055\046\153\123\174\211
+\214\062\302\156\354\075\041\000\071\311\241\150\342\120\203\056
+\260\072\053\363\066\240\254\057\344\157\141\302\121\011\071\076
+\213\123\271\273\147\332\334\123\271\166\131\066\235\103\345\040
+\340\075\062\140\205\042\121\267\307\063\273\335\025\057\244\170
+\246\007\173\201\106\066\004\206\335\171\065\307\225\054\073\260
+\243\027\065\345\163\037\264\134\131\357\332\352\020\145\173\172
+\320\177\237\263\264\052\067\073\160\213\233\133\271\053\267\354
+\262\121\022\227\123\051\132\324\360\022\020\334\117\002\273\022
+\222\057\142\324\077\151\103\174\015\326\374\130\165\001\210\235
+\130\026\113\336\272\220\377\107\001\211\006\152\366\137\262\220
+\152\263\002\246\002\210\277\263\107\176\052\331\325\372\150\170
+\065\115\002\003\001\000\001\243\077\060\075\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016
+\004\026\004\024\360\217\131\070\000\263\365\217\232\226\014\325
+\353\372\173\252\027\350\023\022\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\002\001\000\276\344\134\142
+\116\044\364\014\010\377\360\323\014\150\344\223\111\042\077\104
+\047\157\273\155\336\203\146\316\250\314\015\374\365\232\006\345
+\167\024\221\353\235\101\173\231\052\204\345\377\374\041\301\135
+\360\344\037\127\267\165\251\241\137\002\046\377\327\307\367\116
+\336\117\370\367\034\106\300\172\117\100\054\042\065\360\031\261
+\320\153\147\054\260\250\340\300\100\067\065\366\204\134\134\343
+\257\102\170\376\247\311\015\120\352\015\204\166\366\121\357\203
+\123\306\172\377\016\126\111\056\217\172\326\014\346\047\124\343
+\115\012\140\162\142\315\221\007\326\245\277\310\231\153\355\304
+\031\346\253\114\021\070\305\157\061\342\156\111\310\077\166\200
+\046\003\046\051\340\066\366\366\040\123\343\027\160\064\027\235
+\143\150\036\153\354\303\115\206\270\023\060\057\135\106\015\107
+\103\325\033\252\131\016\271\134\215\006\110\255\164\207\137\307
+\374\061\124\101\023\342\307\041\016\236\340\036\015\341\300\173
+\103\205\220\305\212\130\306\145\012\170\127\362\306\043\017\001
+\331\040\113\336\017\373\222\205\165\052\134\163\215\155\173\045
+\221\312\356\105\256\006\113\000\314\323\261\131\120\332\072\210
+\073\051\103\106\136\227\053\124\316\123\157\215\112\347\226\372
+\277\161\016\102\213\174\375\050\240\320\110\312\332\304\201\114
+\273\242\163\223\046\310\353\014\326\046\210\266\300\044\317\273
+\275\133\353\165\175\351\010\216\206\063\054\171\167\011\151\245
+\211\374\263\160\220\207\166\217\323\042\273\102\316\275\163\013
+\040\046\052\320\233\075\160\036\044\154\315\207\166\251\027\226
+\267\317\015\222\373\216\030\251\230\111\321\236\376\140\104\162
+\041\271\031\355\302\365\061\361\071\110\210\220\044\165\124\026
+\255\316\364\370\151\024\144\071\373\243\270\272\160\100\307\047
+\034\277\304\126\123\372\143\145\320\363\034\016\026\365\153\206
+\130\115\030\324\344\015\216\245\235\133\221\334\166\044\120\077
+\306\052\373\331\267\234\265\326\346\320\331\350\031\213\025\161
+\110\255\267\352\330\131\210\324\220\277\026\263\331\351\254\131
+\141\124\310\034\272\312\301\312\341\271\040\114\217\072\223\211
+\245\240\314\277\323\366\165\244\165\226\155\126
+END
+
+# Trust for "TeliaSonera Root CA v1"
+# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96
+# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Not Valid Before: Thu Oct 18 12:00:50 2007
+# Not Valid After : Mon Oct 18 12:00:50 2032
+# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C
+# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TeliaSonera Root CA v1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\103\023\273\226\361\325\206\233\301\116\152\222\366\317\366\064
+\151\207\202\067
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\067\101\111\033\030\126\232\046\365\255\302\146\373\100\245\114
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154
+\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004
+\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122
+\157\157\164\040\103\101\040\166\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372
+\213\315\226
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "E-Tugra Certification Authority"
+#
+# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:6a:68:3e:9c:51:9b:cb:53
+# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Tue Mar 05 12:09:48 2013
+# Not Valid After : Fri Mar 03 12:09:48 2023
+# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49
+# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Tugra Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
+\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
+\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
+\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
+\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
+\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
+\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
+\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
+\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
+\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
+\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
+\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
+\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
+\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
+\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\152\150\076\234\121\233\313\123
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\113\060\202\004\063\240\003\002\001\002\002\010\152
+\150\076\234\121\233\313\123\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\060\201\262\061\013\060\011\006\003\125
+\004\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014
+\006\101\156\153\141\162\141\061\100\060\076\006\003\125\004\012
+\014\067\105\055\124\165\304\237\162\141\040\105\102\107\040\102
+\151\154\151\305\237\151\155\040\124\145\153\156\157\154\157\152
+\151\154\145\162\151\040\166\145\040\110\151\172\155\145\164\154
+\145\162\151\040\101\056\305\236\056\061\046\060\044\006\003\125
+\004\013\014\035\105\055\124\165\147\162\141\040\123\145\162\164
+\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172
+\151\061\050\060\046\006\003\125\004\003\014\037\105\055\124\165
+\147\162\141\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061
+\063\060\063\060\065\061\062\060\071\064\070\132\027\015\062\063
+\060\063\060\063\061\062\060\071\064\070\132\060\201\262\061\013
+\060\011\006\003\125\004\006\023\002\124\122\061\017\060\015\006
+\003\125\004\007\014\006\101\156\153\141\162\141\061\100\060\076
+\006\003\125\004\012\014\067\105\055\124\165\304\237\162\141\040
+\105\102\107\040\102\151\154\151\305\237\151\155\040\124\145\153
+\156\157\154\157\152\151\154\145\162\151\040\166\145\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\061\046
+\060\044\006\003\125\004\013\014\035\105\055\124\165\147\162\141
+\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040\115
+\145\162\153\145\172\151\061\050\060\046\006\003\125\004\003\014
+\037\105\055\124\165\147\162\141\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\342\365\077\223\005\121\036\205\142\124\136\172\013\365\030
+\007\203\256\176\257\174\367\324\212\153\245\143\103\071\271\113
+\367\303\306\144\211\075\224\056\124\200\122\071\071\007\113\113
+\335\205\007\166\207\314\277\057\225\114\314\175\247\075\274\107
+\017\230\160\370\214\205\036\164\216\222\155\033\100\321\231\015
+\273\165\156\310\251\153\232\300\204\061\257\312\103\313\353\053
+\064\350\217\227\153\001\233\325\016\112\010\252\133\222\164\205
+\103\323\200\256\241\210\133\256\263\352\136\313\026\232\167\104
+\310\241\366\124\150\316\336\217\227\053\272\133\100\002\014\144
+\027\300\265\223\315\341\361\023\146\316\014\171\357\321\221\050
+\253\137\240\022\122\060\163\031\216\217\341\214\007\242\303\273
+\112\360\352\037\025\250\356\045\314\244\106\370\033\042\357\263
+\016\103\272\054\044\270\305\054\134\324\034\370\135\144\275\303
+\223\136\050\247\077\047\361\216\036\323\052\120\005\243\125\331
+\313\347\071\123\300\230\236\214\124\142\213\046\260\367\175\215
+\174\344\306\236\146\102\125\202\107\347\262\130\215\146\367\007
+\174\056\066\346\120\034\077\333\103\044\305\277\206\107\171\263
+\171\034\367\132\364\023\354\154\370\077\342\131\037\225\356\102
+\076\271\255\250\062\205\111\227\106\376\113\061\217\132\313\255
+\164\107\037\351\221\267\337\050\004\042\240\324\017\135\342\171
+\117\352\154\205\206\275\250\246\316\344\372\303\341\263\256\336
+\074\121\356\313\023\174\001\177\204\016\135\121\224\236\023\014
+\266\056\245\114\371\071\160\066\157\226\312\056\014\104\125\305
+\312\372\135\002\243\337\326\144\214\132\263\001\012\251\265\012
+\107\027\377\357\221\100\052\216\241\106\072\061\230\345\021\374
+\314\273\111\126\212\374\271\320\141\232\157\145\154\346\303\313
+\076\165\111\376\217\247\342\211\305\147\327\235\106\023\116\061
+\166\073\044\263\236\021\145\206\253\177\357\035\324\370\274\347
+\254\132\134\267\132\107\134\125\316\125\264\042\161\133\133\013
+\360\317\334\240\141\144\352\251\327\150\012\143\247\340\015\077
+\240\257\323\252\322\176\357\121\240\346\121\053\125\222\025\027
+\123\313\267\146\016\146\114\370\371\165\114\220\347\022\160\307
+\105\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035
+\016\004\026\004\024\056\343\333\262\111\320\234\124\171\134\372
+\047\052\376\314\116\322\350\116\124\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035
+\043\004\030\060\026\200\024\056\343\333\262\111\320\234\124\171
+\134\372\047\052\376\314\116\322\350\116\124\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\005
+\067\072\364\115\267\105\342\105\165\044\217\266\167\122\350\034
+\330\020\223\145\363\362\131\006\244\076\036\051\354\135\321\320
+\253\174\340\012\220\110\170\355\116\230\003\231\376\050\140\221
+\035\060\035\270\143\174\250\346\065\265\372\323\141\166\346\326
+\007\113\312\151\232\262\204\172\167\223\105\027\025\237\044\320
+\230\023\022\377\273\240\056\375\116\114\207\370\316\134\252\230
+\033\005\340\000\106\112\202\200\245\063\213\050\334\355\070\323
+\337\345\076\351\376\373\131\335\141\204\117\322\124\226\023\141
+\023\076\217\200\151\276\223\107\265\065\103\322\132\273\075\134
+\357\263\102\107\315\073\125\023\006\260\011\333\375\143\366\072
+\210\012\231\157\176\341\316\033\123\152\104\146\043\121\010\173
+\274\133\122\242\375\006\067\070\100\141\217\112\226\270\220\067
+\370\146\307\170\220\000\025\056\213\255\121\065\123\007\250\153
+\150\256\371\116\074\007\046\315\010\005\160\314\071\077\166\275
+\245\323\147\046\001\206\246\123\322\140\073\174\103\177\125\212
+\274\225\032\301\050\071\114\037\103\322\221\364\162\131\212\271
+\126\374\077\264\235\332\160\234\166\132\214\103\120\356\216\060
+\162\115\337\377\111\367\306\251\147\331\155\254\002\021\342\072
+\026\045\247\130\010\313\157\123\101\234\110\070\107\150\063\321
+\327\307\217\324\164\041\324\303\005\220\172\377\316\226\210\261
+\025\051\135\043\253\320\140\241\022\117\336\364\027\315\062\345
+\311\277\310\103\255\375\056\216\361\257\342\364\230\372\022\037
+\040\330\300\247\014\205\305\220\364\073\055\226\046\261\054\276
+\114\253\353\261\322\212\311\333\170\023\017\036\011\235\155\217
+\000\237\002\332\301\372\037\172\172\011\304\112\346\210\052\227
+\237\211\213\375\067\137\137\072\316\070\131\206\113\257\161\013
+\264\330\362\160\117\237\062\023\343\260\247\127\345\332\332\103
+\313\204\064\362\050\304\352\155\364\052\357\301\153\166\332\373
+\176\273\205\074\322\123\302\115\276\161\341\105\321\375\043\147
+\015\023\165\373\317\145\147\042\235\256\260\011\321\011\377\035
+\064\277\376\043\227\067\322\071\372\075\015\006\013\264\333\073
+\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044
+END
+
+# Trust for "E-Tugra Certification Authority"
+# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:6a:68:3e:9c:51:9b:cb:53
+# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Tue Mar 05 12:09:48 2013
+# Not Valid After : Fri Mar 03 12:09:48 2023
+# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49
+# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Tugra Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\121\306\347\010\111\006\156\363\222\324\134\240\015\155\243\142
+\217\303\122\071
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\270\241\003\143\260\275\041\161\160\212\157\023\072\273\171\111
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
+\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
+\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
+\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
+\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
+\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
+\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
+\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\152\150\076\234\121\233\313\123
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "T-TeleSec GlobalRoot Class 2"
+#
+# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:40:14 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
+# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164
+\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123
+\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
+\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060
+\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145
+\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141
+\163\163\040\062\060\036\027\015\060\070\061\060\060\061\061\060
+\064\060\061\064\132\027\015\063\063\061\060\060\061\062\063\065
+\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124
+\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162
+\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142
+\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171
+\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164
+\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124
+\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157
+\164\040\103\154\141\163\163\040\062\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\252\137\332\033\137\350
+\163\221\345\332\134\364\242\346\107\345\363\150\125\140\005\035
+\002\244\263\233\131\363\036\212\257\064\255\374\015\302\331\110
+\031\356\151\217\311\040\374\041\252\007\031\355\260\134\254\145
+\307\137\355\002\174\173\174\055\033\326\272\271\200\302\030\202
+\026\204\372\146\260\010\306\124\043\201\344\315\271\111\077\366
+\117\156\067\110\050\070\017\305\276\347\150\160\375\071\227\115
+\322\307\230\221\120\252\304\104\263\043\175\071\107\351\122\142
+\326\022\223\136\267\061\226\102\005\373\166\247\036\243\365\302
+\374\351\172\305\154\251\161\117\352\313\170\274\140\257\307\336
+\364\331\313\276\176\063\245\156\224\203\360\064\372\041\253\352
+\216\162\240\077\244\336\060\133\357\206\115\152\225\133\103\104
+\250\020\025\034\345\001\127\305\230\361\346\006\050\221\252\040
+\305\267\123\046\121\103\262\013\021\225\130\341\300\017\166\331
+\300\215\174\201\363\162\160\236\157\376\032\216\331\137\065\306
+\262\157\064\174\276\110\117\342\132\071\327\330\235\170\236\237
+\206\076\003\136\031\213\104\242\325\307\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\277
+\131\040\066\000\171\240\240\042\153\214\325\362\141\322\270\054
+\313\202\112\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\061\003\242\141\013\037\164\350\162
+\066\306\155\371\115\236\372\042\250\341\201\126\317\315\273\237
+\352\253\221\031\070\257\252\174\025\115\363\266\243\215\245\364
+\216\366\104\251\247\350\041\225\255\076\000\142\026\210\360\002
+\272\374\141\043\346\063\233\060\172\153\066\142\173\255\004\043
+\204\130\145\342\333\053\212\347\045\123\067\142\123\137\274\332
+\001\142\051\242\246\047\161\346\072\042\176\301\157\035\225\160
+\040\112\007\064\337\352\377\025\200\345\272\327\172\330\133\165
+\174\005\172\051\107\176\100\250\061\023\167\315\100\073\264\121
+\107\172\056\021\343\107\021\336\235\146\320\213\325\124\146\372
+\203\125\352\174\302\051\211\033\351\157\263\316\342\005\204\311
+\057\076\170\205\142\156\311\137\301\170\143\164\130\300\110\030
+\014\231\071\353\244\314\032\265\171\132\215\025\234\330\024\015
+\366\172\007\127\307\042\203\005\055\074\233\045\046\075\030\263
+\251\103\174\310\310\253\144\217\016\243\277\234\033\235\060\333
+\332\320\031\056\252\074\361\373\063\200\166\344\315\255\031\117
+\005\047\216\023\241\156\302
+END
+
+# Trust for "T-TeleSec GlobalRoot Class 2"
+# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:40:14 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
+# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\131\015\055\175\210\117\100\056\141\176\245\142\062\027\145\317
+\027\330\224\351
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\053\233\236\344\173\154\037\000\162\032\314\301\167\171\337\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Atos TrustedRoot 2011"
+#
+# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Serial Number:5c:33:cb:62:2c:5f:b3:32
+# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Not Valid Before: Thu Jul 07 14:58:30 2011
+# Not Valid After : Tue Dec 31 23:59:59 2030
+# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56
+# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Atos TrustedRoot 2011"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157
+\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060
+\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157
+\163\061\013\060\011\006\003\125\004\006\023\002\104\105
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157
+\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060
+\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157
+\163\061\013\060\011\006\003\125\004\006\023\002\104\105
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\134\063\313\142\054\137\263\062
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\167\060\202\002\137\240\003\002\001\002\002\010\134
+\063\313\142\054\137\263\062\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\060\074\061\036\060\034\006\003\125\004
+\003\014\025\101\164\157\163\040\124\162\165\163\164\145\144\122
+\157\157\164\040\062\060\061\061\061\015\060\013\006\003\125\004
+\012\014\004\101\164\157\163\061\013\060\011\006\003\125\004\006
+\023\002\104\105\060\036\027\015\061\061\060\067\060\067\061\064
+\065\070\063\060\132\027\015\063\060\061\062\063\061\062\063\065
+\071\065\071\132\060\074\061\036\060\034\006\003\125\004\003\014
+\025\101\164\157\163\040\124\162\165\163\164\145\144\122\157\157
+\164\040\062\060\061\061\061\015\060\013\006\003\125\004\012\014
+\004\101\164\157\163\061\013\060\011\006\003\125\004\006\023\002
+\104\105\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\225\205\073\227\157\052\073\056\073\317\246\363\051
+\065\276\317\030\254\076\252\331\370\115\240\076\032\107\271\274
+\232\337\362\376\314\076\107\350\172\226\302\044\216\065\364\251
+\014\374\202\375\155\301\162\142\047\275\352\153\353\347\212\314
+\124\076\220\120\317\200\324\225\373\350\265\202\324\024\305\266
+\251\125\045\127\333\261\120\366\260\140\144\131\172\151\317\003
+\267\157\015\276\312\076\157\164\162\352\252\060\052\163\142\276
+\111\221\141\310\021\376\016\003\052\367\152\040\334\002\025\015
+\136\025\152\374\343\202\301\265\305\235\144\011\154\243\131\230
+\007\047\307\033\226\053\141\164\161\154\103\361\367\065\211\020
+\340\236\354\125\241\067\042\242\207\004\005\054\107\175\264\034
+\271\142\051\146\050\312\267\341\223\365\244\224\003\231\271\160
+\205\265\346\110\352\215\120\374\331\336\314\157\007\016\335\013
+\162\235\200\060\026\007\225\077\050\016\375\305\165\117\123\326
+\164\232\264\044\056\216\002\221\317\166\305\233\036\125\164\234
+\170\041\261\360\055\361\013\237\302\325\226\030\037\360\124\042
+\172\214\007\002\003\001\000\001\243\175\060\173\060\035\006\003
+\125\035\016\004\026\004\024\247\245\006\261\054\246\011\140\356
+\321\227\351\160\256\274\073\031\154\333\041\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003
+\125\035\043\004\030\060\026\200\024\247\245\006\261\054\246\011
+\140\356\321\227\351\160\256\274\073\031\154\333\041\060\030\006
+\003\125\035\040\004\021\060\017\060\015\006\013\053\006\001\004
+\001\260\055\003\004\001\001\060\016\006\003\125\035\017\001\001
+\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\003\202\001\001\000\046\167\064\333\224
+\110\206\052\101\235\054\076\006\220\140\304\214\254\013\124\270
+\037\271\173\323\007\071\344\372\076\173\262\075\116\355\237\043
+\275\227\363\153\134\357\356\375\100\246\337\241\223\241\012\206
+\254\357\040\320\171\001\275\170\367\031\330\044\061\064\004\001
+\246\272\025\232\303\047\334\330\117\017\314\030\143\377\231\017
+\016\221\153\165\026\341\041\374\330\046\307\107\267\246\317\130
+\162\161\176\272\341\115\225\107\073\311\257\155\241\264\301\354
+\211\366\264\017\070\265\342\144\334\045\317\246\333\353\232\134
+\231\241\305\010\336\375\346\332\325\326\132\105\014\304\267\302
+\265\024\357\264\021\377\016\025\265\365\365\333\306\275\353\132
+\247\360\126\042\251\074\145\124\306\025\250\275\206\236\315\203
+\226\150\172\161\201\211\341\013\341\352\021\033\150\010\314\151
+\236\354\236\101\236\104\062\046\172\342\207\012\161\075\353\344
+\132\244\322\333\305\315\306\336\140\177\271\363\117\104\222\357
+\052\267\030\076\247\031\331\013\175\261\067\101\102\260\272\140
+\035\362\376\011\021\260\360\207\173\247\235
+END
+
+# Trust for "Atos TrustedRoot 2011"
+# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Serial Number:5c:33:cb:62:2c:5f:b3:32
+# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Not Valid Before: Thu Jul 07 14:58:30 2011
+# Not Valid After : Tue Dec 31 23:59:59 2030
+# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56
+# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Atos TrustedRoot 2011"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\053\261\365\076\125\014\035\305\361\324\346\267\152\106\113\125
+\006\002\254\041
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\256\271\304\062\113\254\177\135\146\314\167\224\273\052\167\126
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157
+\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060
+\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157
+\163\061\013\060\011\006\003\125\004\006\023\002\104\105
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\134\063\313\142\054\137\263\062
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h
index 370c1b3..ba43e70 100644
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -45,8 +45,8 @@
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96
-#define NSS_BUILTINS_LIBRARY_VERSION "1.96"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 98
+#define NSS_BUILTINS_LIBRARY_VERSION "1.98"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
diff --git a/security/nss/lib/ckfw/capi/cobject.c b/security/nss/lib/ckfw/capi/cobject.c
index eba1652..1da5f7d 100644
--- a/security/nss/lib/ckfw/capi/cobject.c
+++ b/security/nss/lib/ckfw/capi/cobject.c
@@ -2157,7 +2157,7 @@ nss_ckcapi_CreatePrivateKey
     return (ckcapiInternalObject *)NULL;
   }
   containerName = ckcapi_getContainer(pError, &keyID);
-  if ((char *)NULL == providerName ) {
+  if ((char *)NULL == containerName) {
     goto loser;
   }
   rc = CryptAcquireContext(&hProv, containerName, providerName, 
diff --git a/security/nss/lib/cryptohi/cryptohi.h b/security/nss/lib/cryptohi/cryptohi.h
index 09297ea..6661b66 100644
--- a/security/nss/lib/cryptohi/cryptohi.h
+++ b/security/nss/lib/cryptohi/cryptohi.h
@@ -1,5 +1,5 @@
 /*
- * crypto.h - public data structures and prototypes for the crypto library
+ * cryptohi.h - public prototypes for the crypto library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -56,7 +56,7 @@ extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len);
 
 /*
 ** Create a new signature context used for signing a data stream.
-**	"alg" the signature algorithm to use (e.g. SEC_OID_RSA_WITH_MD5)
+**      "alg" the signature algorithm to use (e.g. SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION)
 **	"privKey" the private key to use
 */
 extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey);
diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h
index 3793b57..88a77f1 100644
--- a/security/nss/lib/cryptohi/keyhi.h
+++ b/security/nss/lib/cryptohi/keyhi.h
@@ -90,17 +90,7 @@ SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param,
 ** Create a subject-public-key-info based on a public key.
 */
 extern CERTSubjectPublicKeyInfo *
-SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *k);
-
-/*
-** Decode a DER encoded public key into an SECKEYPublicKey structure.
-*/
-extern SECKEYPublicKey *SECKEY_DecodeDERPublicKey(const SECItem *pubkder);
-
-/*
-** Convert a base64 ascii encoded DER public key to our internal format.
-*/
-extern SECKEYPublicKey *SECKEY_ConvertAndDecodePublicKey(const char *pubkstr);
+SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k);
 
 /*
 ** Convert a base64 ascii encoded DER public key and challenge to spki,
@@ -115,7 +105,7 @@ SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
 ** DER encoded subject public key info. 
 */
 SECItem *
-SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk);
+SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk);
 
 /*
 ** Decode a DER encoded subject public key info into a
@@ -208,7 +198,7 @@ KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey);
 
 /*
  * Creates a PublicKey from its DER encoding.
- * Currently only supports RSA and DSA keys.
+ * Currently only supports RSA, DSA, and DH keys.
  */
 SECKEYPublicKey*
 SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type);
diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c
index f63d150..16d2a49 100644
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -1213,18 +1213,13 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
     return NULL;
 }
 
-CERTSubjectPublicKeyInfo *
-SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
+static CERTSubjectPublicKeyInfo *
+seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk)
 {
     CERTSubjectPublicKeyInfo *spki;
     PLArenaPool *arena;
     SECItem params = { siBuffer, NULL, 0 };
 
-    if (!pubk) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -1332,78 +1327,36 @@ SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
     return NULL;
 }
 
-void
-SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki)
-{
-    if (spki && spki->arena) {
-	PORT_FreeArena(spki->arena, PR_FALSE);
-    }
-}
-
-/*
- * this only works for RSA keys... need to do something
- * similiar to CERT_ExtractPublicKey for other key times.
- */
-SECKEYPublicKey *
-SECKEY_DecodeDERPublicKey(const SECItem *pubkder)
+CERTSubjectPublicKeyInfo *
+SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *pubk)
 {
-    PLArenaPool *arena;
-    SECKEYPublicKey *pubk;
-    SECStatus rv;
-    SECItem newPubkder;
+    CERTSubjectPublicKeyInfo *spki;
+    SECKEYPublicKey *tempKey;
 
-    arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) {
-	PORT_SetError (SEC_ERROR_NO_MEMORY);
-	return NULL;
+    if (!pubk) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
     }
 
-    pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPublicKey));
-    if (pubk != NULL) {
-	pubk->arena = arena;
-	pubk->pkcs11Slot = NULL;
-	pubk->pkcs11ID = 0;
-	prepare_rsa_pub_key_for_asn1(pubk);
-        /* copy the DER into the arena, since Quick DER returns data that points
-           into the DER input, which may get freed by the caller */
-        rv = SECITEM_CopyItem(arena, &newPubkder, pubkder);
-        if ( rv == SECSuccess ) {
-	    rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate,
-				&newPubkder);
-        }
-	if (rv == SECSuccess)
-	    return pubk;
-	SECKEY_DestroyPublicKey (pubk);
-    } else {
-	PORT_SetError (SEC_ERROR_NO_MEMORY);
+    tempKey = SECKEY_CopyPublicKey(pubk);
+    if (!tempKey) {
+        return NULL;
     }
-
-    PORT_FreeArena (arena, PR_FALSE);
-    return NULL;
+    spki = seckey_CreateSubjectPublicKeyInfo_helper(tempKey);
+    SECKEY_DestroyPublicKey(tempKey);
+    return spki;
 }
 
-/*
- * Decode a base64 ascii encoded DER encoded public key.
- */
-SECKEYPublicKey *
-SECKEY_ConvertAndDecodePublicKey(const char *pubkstr)
+void
+SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki)
 {
-    SECKEYPublicKey *pubk;
-    SECStatus rv;
-    SECItem der;
-
-    rv = ATOB_ConvertAsciiToItem (&der, pubkstr);
-    if (rv != SECSuccess)
-	return NULL;
-
-    pubk = SECKEY_DecodeDERPublicKey (&der);
-
-    PORT_Free (der.data);
-    return pubk;
+    if (spki && spki->arena) {
+	PORT_FreeArena(spki->arena, PR_FALSE);
+    }
 }
 
 SECItem *
-SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
+SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk)
 {
     CERTSubjectPublicKeyInfo *spki=NULL;
     SECItem *spkiDER=NULL;
@@ -1757,7 +1710,7 @@ SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type)
 finish:
     if (rv != SECSuccess) {
         if (arena != NULL) {
-            PORT_FreeArena(arena, PR_TRUE);
+            PORT_FreeArena(arena, PR_FALSE);
         }
         pubk = NULL;
     }
diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c
index b93ace4..2ea337b 100644
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -37,7 +37,7 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
      * PKCS #7 algTag if we were just going to change here you might
      * ask. Well the answer is for some cards we may have to do the
      * hashing on card. It may not support CKM_RSA_PKCS sign algorithm,
-     * it may just support CKM_RSA_PKCS_WITH_SHA1 and/or CKM_RSA_PKCS_WITH_MD5.
+     * it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS.
      */
     /* we have a private key, not a public key, so don't pass it in */
     rv =  sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
diff --git a/security/nss/lib/dbm/include/mcom_db.h b/security/nss/lib/dbm/include/mcom_db.h
index e3b9ccd..f204484 100644
--- a/security/nss/lib/dbm/include/mcom_db.h
+++ b/security/nss/lib/dbm/include/mcom_db.h
@@ -45,7 +45,11 @@ typedef PRUintn uint;
 #endif
 typedef PRUint8 uint8;
 typedef PRUint16 uint16;
+/* On AIX 5.2, sys/inttypes.h (which is included by sys/types.h)
+ * defines the types int8, int16, int32, and int64. */
+#if !defined(AIX)
 typedef PRInt32 int32;
+#endif
 typedef PRUint32 uint32;
 
 #include <limits.h>
diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile
index 0d293f1..ec6a769 100644
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -95,7 +95,7 @@ endif
 # NSS_X86_OR_X64 means the target is either x86 or x64
 ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
         DEFINES += -DNSS_X86_OR_X64
-ifdef USE_64
+ifneq (,$(USE_64)$(USE_X32))
         DEFINES += -DNSS_X64
 else
         DEFINES += -DNSS_X86
@@ -135,6 +135,13 @@ else
     ifdef BUILD_OPT
 	OPTIMIZER += -Ox  # maximum optimization for freebl
     endif
+    # The Intel AES assembly code requires Visual C++ 2010.
+    # if $(_MSC_VER) >= 1600 (Visual C++ 2010)
+    ifeq ($(firstword $(sort $(_MSC_VER) 1600)),1600)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+    endif
 endif
 else
     # -DMP_NO_MP_WORD
@@ -150,6 +157,13 @@ else
     ASFILES  = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm
     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
     DEFINES += -DNSS_USE_COMBA
+    # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv
+    # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1.
+    ifeq ($(_MSC_VER_GE_10SP1),1)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+    endif
     MPI_SRCS += mpi_amd64.c
 endif
 endif
@@ -180,13 +194,13 @@ endif # Darwin
 ifeq ($(OS_TARGET),Linux)
 ifeq ($(CPU_ARCH),x86_64)
     ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
-    ASFLAGS += -m64 -fPIC -Wa,--noexecstack
+    ASFLAGS += -fPIC -Wa,--noexecstack
     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
     DEFINES += -DNSS_USE_COMBA
     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
 #   DEFINES += -DMPI_AMD64_ADD
-    # comment the next two lines to turn off intel HW accelleration
-    DEFINES += -DUSE_HW_AES
+    # comment the next four lines to turn off Intel HW acceleration.
+    DEFINES += -DUSE_HW_AES -DINTEL_GCM
     ASFILES += intel-aes.s intel-gcm.s
     EXTRA_SRCS += intel-gcm-wrap.c
     INTEL_GCM = 1
@@ -195,7 +209,7 @@ endif
 ifeq ($(CPU_ARCH),x86)
     ASFILES  = mpi_x86.s
     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
-    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT
     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
     # The floating point ECC code doesn't work on Linux x86 (bug 311432).
     #ECL_USE_FP = 1
@@ -419,6 +433,11 @@ else
 	    ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
 	    ASFLAGS += -march=opteron -m64 -fPIC
 	    MPI_SRCS += mp_comba.c
+	    # comment the next four lines to turn off Intel HW acceleration
+	    ASFILES += intel-gcm.s
+	    EXTRA_SRCS += intel-gcm-wrap.c
+	    INTEL_GCM = 1
+	    DEFINES += -DINTEL_GCM
 	else
 	    ASFILES  = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s
  	    ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s
@@ -426,14 +445,13 @@ else
             SOL_CFLAGS += -xprefetch=no
 	    SHA_SRCS =
  	    MPCPU_SRCS =
+	    # Intel acceleration for GCM does not build currently with Studio
 	endif
 	DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
 	DEFINES += -DNSS_USE_COMBA -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
-	# comment the next two lines to turn off intel HW accelleration
+	# comment the next two lines to turn off Intel HW acceleration
 	DEFINES += -DUSE_HW_AES
-	ASFILES += intel-aes.s intel-gcm.s
-        EXTRA_SRCS += intel-gcm-wrap.c
-        INTEL_GCM = 1
+	ASFILES += intel-aes.s
 	MPI_SRCS += mpi_amd64.c
     else
 	# Solaris x86
@@ -449,14 +467,14 @@ else
 endif # Solaris for non-sparc family CPUs
 endif # target == SunOS
 
-ifdef NSS_ENABLE_ECC
+ifndef NSS_DISABLE_ECC
     ifdef ECL_USE_FP
 	#enable floating point ECC code	
 	DEFINES  += -DECL_USE_FP
 	ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c
 	ECL_HDRS += ecp_fp.h
     endif
-endif # NSS_ENABLE_ECC
+endif
 
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
@@ -646,7 +664,7 @@ $(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
 # symbolic names to registers, for example,
 #     .set  Htbl, %rdi
 # So we can't use Clang's integrated assembler with intel-gcm.s.
-ifneq (,$(findstring clang,$(AS)))
+ifneq (,$(findstring clang,$(shell $(AS) --version)))
 $(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): ASFLAGS += -no-integrated-as
 endif
 endif
diff --git a/security/nss/lib/freebl/aeskeywrap.c b/security/nss/lib/freebl/aeskeywrap.c
index 16804f5..c1c95b3 100644
--- a/security/nss/lib/freebl/aeskeywrap.c
+++ b/security/nss/lib/freebl/aeskeywrap.c
@@ -369,6 +369,7 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
 	    if (pOutputLen)
 		*pOutputLen = outLen;
 	} else {
+	    s = SECFailure;
 	    PORT_SetError(SEC_ERROR_BAD_DATA);
 	    if (pOutputLen) 
 		*pOutputLen = 0;
diff --git a/security/nss/lib/freebl/arcfour.c b/security/nss/lib/freebl/arcfour.c
index d89684c..abc9857 100644
--- a/security/nss/lib/freebl/arcfour.c
+++ b/security/nss/lib/freebl/arcfour.c
@@ -30,7 +30,7 @@
 #define USE_WORD
 #endif
 
-#if (defined(IS_64))
+#if defined(IS_64) || defined(NSS_BEVAND_ARCFOUR)
 typedef PRUint64 WORD;
 #else
 typedef PRUint32 WORD;
diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h
index 0f50130..8324714 100644
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1,5 +1,5 @@
 /*
- * crypto.h - public data structures and prototypes for the crypto library
+ * blapi.h - public prototypes for the freebl library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *  key,
 /*
 ** Perform a check of private key parameters for consistency.
 */
-extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key);
+extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
 
 /*
 ** Given only minimal private key parameters, fill in the rest of the
@@ -1576,6 +1576,18 @@ extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
 
 extern void BL_SetForkState(PRBool forked);
 
+#ifndef NSS_DISABLE_ECC
+/*
+** pepare an ECParam structure from DEREncoded params
+ */
+extern SECStatus EC_FillParams(PLArenaPool *arena,
+                               const SECItem *encodedParams, ECParams *params);
+extern SECStatus EC_DecodeParams(const SECItem *encodedParams,
+                                 ECParams **ecparams);
+extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                               const ECParams *srcParams);
+#endif
+
 SEC_END_PROTOS
 
 #endif /* _BLAPI_H_ */
diff --git a/security/nss/lib/freebl/blapii.h b/security/nss/lib/freebl/blapii.h
index 3ba7b7c..4840fc7 100644
--- a/security/nss/lib/freebl/blapii.h
+++ b/security/nss/lib/freebl/blapii.h
@@ -1,5 +1,5 @@
 /*
- * blapii.h - private data structures and prototypes for the crypto library
+ * blapii.h - private data structures and prototypes for the freebl library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h
index b533743..8e172d4 100644
--- a/security/nss/lib/freebl/blapit.h
+++ b/security/nss/lib/freebl/blapit.h
@@ -1,5 +1,5 @@
 /*
- * blapit.h - public data structures for the crypto library
+ * blapit.h - public data structures for the freebl library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk
index cf76b49..918a663 100644
--- a/security/nss/lib/freebl/config.mk
+++ b/security/nss/lib/freebl/config.mk
@@ -54,9 +54,9 @@ RES     = $(OBJDIR)/$(LIBRARY_NAME).res
 RESNAME = freebl.rc
 
 ifdef NS_USE_GCC
-OS_LIBS += -lshell32
+OS_LIBS += -ladvapi32
 else
-OS_LIBS += shell32.lib
+OS_LIBS += advapi32.lib
 endif
 
 ifdef NS_USE_GCC
diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c
index 3a2f1a6..1cbf30c 100644
--- a/security/nss/lib/freebl/ctr.c
+++ b/security/nss/lib/freebl/ctr.c
@@ -12,6 +12,11 @@
 #include "pkcs11t.h"
 #include "secerr.h"
 
+#ifdef USE_HW_AES
+#include "intel-aes.h"
+#include "rijndael.h"
+#endif
+
 SECStatus
 CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher,
 		const unsigned char *param, unsigned int blocksize)
@@ -77,7 +82,7 @@ CTR_DestroyContext(CTRContext *ctr, PRBool freeit)
  */
 static void
 ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits,
-		unsigned int blocksize)
+	       unsigned int blocksize)
 {
     unsigned char *counterPtr = counter + blocksize - 1;
     unsigned char mask, count;
@@ -101,7 +106,7 @@ ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits,
 
 static void
 ctr_xor(unsigned char *target, const unsigned char *x,
-	 const unsigned char *y, unsigned int count)
+	const unsigned char *y, unsigned int count)
 {
     unsigned int i;
     for (i=0; i < count; i++) {
@@ -111,9 +116,9 @@ ctr_xor(unsigned char *target, const unsigned char *x,
 
 SECStatus
 CTR_Update(CTRContext *ctr, unsigned char *outbuf,
-		unsigned int *outlen, unsigned int maxout,
-		const unsigned char *inbuf, unsigned int inlen,
-		unsigned int blocksize)
+	   unsigned int *outlen, unsigned int maxout,
+	   const unsigned char *inbuf, unsigned int inlen,
+	   unsigned int blocksize)
 {
     unsigned int tmp;
     SECStatus rv;
@@ -126,7 +131,7 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf,
     *outlen = 0;
     if (ctr->bufPtr != blocksize) {
 	unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen);
-	ctr_xor(outbuf, inbuf, ctr->buffer+ctr->bufPtr, needed);
+	ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
 	ctr->bufPtr += needed;
 	outbuf += needed;
 	inbuf += needed;
@@ -137,7 +142,7 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf,
 	}
 	PORT_Assert(ctr->bufPtr == blocksize);
     }
-	
+
     while (inlen >= blocksize) {
 	rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
 			ctr->counter, blocksize, blocksize);
@@ -165,3 +170,60 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf,
     *outlen += inlen;
     return SECSuccess;
 }
+
+#if defined(USE_HW_AES) && defined(_MSC_VER)
+SECStatus
+CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
+		  unsigned int *outlen, unsigned int maxout,
+		  const unsigned char *inbuf, unsigned int inlen,
+		  unsigned int blocksize)
+{
+    unsigned int fullblocks;
+    unsigned int tmp;
+    SECStatus rv;
+
+    if (maxout < inlen) {
+	*outlen = inlen;
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return SECFailure;
+    }
+    *outlen = 0;
+    if (ctr->bufPtr != blocksize) {
+	unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen);
+	ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
+	ctr->bufPtr += needed;
+	outbuf += needed;
+	inbuf += needed;
+	*outlen += needed;
+	inlen -= needed;
+	if (inlen == 0) {
+	    return SECSuccess;
+	}
+	PORT_Assert(ctr->bufPtr == blocksize);
+    }
+
+    intel_aes_ctr_worker(((AESContext*)(ctr->context))->Nr)(
+	ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize);
+    /* XXX intel_aes_ctr_worker should set *outlen. */
+    PORT_Assert(*outlen == 0);
+    fullblocks = (inlen/blocksize)*blocksize;
+    *outlen += fullblocks;
+    outbuf += fullblocks;
+    inbuf += fullblocks;
+    inlen -= fullblocks;
+
+    if (inlen == 0) {
+	return SECSuccess;
+    }
+    rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
+			ctr->counter, blocksize, blocksize);
+    ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
+    if (rv != SECSuccess) {
+	return SECFailure;
+    }
+    ctr_xor(outbuf, inbuf, ctr->buffer, inlen);
+    ctr->bufPtr = inlen;
+    *outlen += inlen;
+    return SECSuccess;
+}
+#endif
diff --git a/security/nss/lib/freebl/ctr.h b/security/nss/lib/freebl/ctr.h
index 69ef150..e7645a2 100644
--- a/security/nss/lib/freebl/ctr.h
+++ b/security/nss/lib/freebl/ctr.h
@@ -41,4 +41,11 @@ SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf,
 			const unsigned char *inbuf, unsigned int inlen,
 			unsigned int blocksize);
 
+#ifdef USE_HW_AES
+SECStatus CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
+			unsigned int *outlen, unsigned int maxout,
+			const unsigned char *inbuf, unsigned int inlen,
+			unsigned int blocksize);
+#endif
+
 #endif
diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
index a8c7832..ca53c1a 100644
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -16,7 +16,7 @@
 #include "ec.h"
 #include "ecl.h"
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 
 /* 
  * Returns true if pointP is the point at infinity, false otherwise
@@ -192,7 +192,7 @@ cleanup:
 
     return rv;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a supplied
  * value and the public key is the result of performing a scalar 
@@ -203,7 +203,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
     const unsigned char *privKeyBytes, int privKeyLen)
 {
     SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PLArenaPool *arena;
     ECPrivateKey *key;
     mp_int k;
@@ -301,7 +301,7 @@ cleanup:
 #endif
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 
@@ -317,15 +317,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
     const unsigned char *seed, int seedlen)
 {
     SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     rv = ec_NewKey(ecParams, privKey, seed, seedlen);
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     return rv;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
  * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
  * random number generator.
@@ -381,7 +381,7 @@ cleanup:
     }
     return privKeyBytes;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a random value and
  * the public key is the result of performing a scalar point multiplication
@@ -391,7 +391,7 @@ SECStatus
 EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
 {
     SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *privKeyBytes = NULL;
 
@@ -416,7 +416,7 @@ cleanup:
 #endif
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     
     return rv;
 }
@@ -430,7 +430,7 @@ cleanup:
 SECStatus 
 EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
 {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     mp_int Px, Py;
     ECGroup *group = NULL;
     SECStatus rv = SECFailure;
@@ -506,7 +506,7 @@ cleanup:
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
     return SECFailure;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 }
 
 /* 
@@ -527,7 +527,7 @@ ECDH_Derive(SECItem  *publicValue,
             SECItem  *derivedSecret)
 {
     SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     unsigned int len = 0;
     SECItem pointQ = {siBuffer, NULL, 0};
     mp_int k; /* to hold the private value */
@@ -596,7 +596,7 @@ cleanup:
     }
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -610,7 +610,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
     const SECItem *digest, const unsigned char *kb, const int kblen)
 {
     SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     mp_int x1;
     mp_int d, k;     /* private key, random integer */
     mp_int r, s;     /* tuple (r, s) is the signature */
@@ -822,7 +822,7 @@ cleanup:
 #endif
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
    return rv;
 }
@@ -835,7 +835,7 @@ SECStatus
 ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
 {
     SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *kBytes= NULL;
 
@@ -863,7 +863,7 @@ cleanup:
 #endif
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -876,7 +876,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
                  const SECItem *digest)
 {
     SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     mp_int r_, s_;           /* tuple (r', s') is received signature) */
     mp_int c, u1, u2, v;     /* intermediate values used in verification */
     mp_int x1;
@@ -1073,7 +1073,7 @@ cleanup:
 #endif
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
diff --git a/security/nss/lib/freebl/ecdecode.c b/security/nss/lib/freebl/ecdecode.c
new file mode 100644
index 0000000..3c0294d
--- /dev/null
+++ b/security/nss/lib/freebl/ecdecode.c
@@ -0,0 +1,610 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSS_DISABLE_ECC
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secerr.h"
+#include "ec.h"
+#include "ecl-curve.h"
+
+#define CHECK_OK(func) if (func == NULL) goto cleanup
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+/*
+ * Initializes a SECItem from a hexadecimal string
+ *
+ * Warning: This function ignores leading 00's, so any leading 00's
+ * in the hexadecimal string must be optional.
+ */
+static SECItem *
+hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
+{
+    int i = 0;
+    int byteval = 0;
+    int tmp = PORT_Strlen(str);
+
+    if ((tmp % 2) != 0) return NULL;
+    
+    /* skip leading 00's unless the hex string is "00" */
+    while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) {
+        str += 2;
+        tmp -= 2;
+    }
+
+    item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2);
+    if (item->data == NULL) return NULL;
+    item->len = tmp/2;
+
+    while (str[i]) {
+        if ((str[i] >= '0') && (str[i] <= '9'))
+	    tmp = str[i] - '0';
+	else if ((str[i] >= 'a') && (str[i] <= 'f'))
+	    tmp = str[i] - 'a' + 10;
+	else if ((str[i] >= 'A') && (str[i] <= 'F'))
+	    tmp = str[i] - 'A' + 10;
+	else
+	    return NULL;
+
+	byteval = byteval * 16 + tmp;
+	if ((i % 2) != 0) {
+	    item->data[i/2] = byteval;
+	    byteval = 0;
+	}
+	i++;
+    }
+
+    return item;
+}
+
+/* Copy all of the fields from srcParams into dstParams
+ */
+SECStatus
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+	      const ECParams *srcParams)
+{
+    SECStatus rv = SECFailure;
+
+    dstParams->arena = arena;
+    dstParams->type = srcParams->type;
+    dstParams->fieldID.size = srcParams->fieldID.size;
+    dstParams->fieldID.type = srcParams->fieldID.type;
+    if (srcParams->fieldID.type == ec_field_GFp) {
+	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
+	    &srcParams->fieldID.u.prime));
+    } else {
+	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
+	    &srcParams->fieldID.u.poly));
+    }
+    dstParams->fieldID.k1 = srcParams->fieldID.k1;
+    dstParams->fieldID.k2 = srcParams->fieldID.k2;
+    dstParams->fieldID.k3 = srcParams->fieldID.k3;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
+	&srcParams->curve.a));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
+	&srcParams->curve.b));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
+	&srcParams->curve.seed));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
+	&srcParams->base));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
+	&srcParams->order));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
+	&srcParams->DEREncoding));
+	dstParams->name = srcParams->name;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
+ 	&srcParams->curveOID));
+    dstParams->cofactor = srcParams->cofactor;
+
+    return SECSuccess;
+
+cleanup:
+    return SECFailure;
+}
+
+static SECStatus
+gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params)
+{
+    SECStatus rv = SECFailure;
+    const ECCurveParams *curveParams;
+    /* 2 ['0'+'4'] + MAX_ECKEY_LEN * 2 [x,y] * 2 [hex string] + 1 ['\0'] */
+    char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
+
+    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup;
+    params->name = name;
+    curveParams = ecCurve_map[params->name];
+    CHECK_OK(curveParams);
+    params->fieldID.size = curveParams->size;
+    params->fieldID.type = field_type;
+    if (field_type == ec_field_GFp) {
+	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime, 
+	    curveParams->irr));
+    } else {
+	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly, 
+	    curveParams->irr));
+    }
+    CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, 
+	curveParams->curvea));
+    CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, 
+	curveParams->curveb));
+    genenc[0] = '0';
+    genenc[1] = '4';
+    genenc[2] = '\0';
+    strcat(genenc, curveParams->genx);
+    strcat(genenc, curveParams->geny);
+    CHECK_OK(hexString2SECItem(params->arena, &params->base, genenc));
+    CHECK_OK(hexString2SECItem(params->arena, &params->order, 
+    	curveParams->order));
+    params->cofactor = curveParams->cofactor;
+
+    rv = SECSuccess;
+
+cleanup:
+    return rv;
+}
+
+SECStatus
+EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
+    ECParams *params)
+{
+    SECStatus rv = SECFailure;
+    SECOidTag tag;
+    SECItem oid = { siBuffer, NULL, 0};
+
+#if EC_DEBUG
+    int i;
+
+    printf("Encoded params in EC_DecodeParams: ");
+    for (i = 0; i < encodedParams->len; i++) {
+	    printf("%02x:", encodedParams->data[i]);
+    }
+    printf("\n");
+#endif
+
+    if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
+	(encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
+	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+	    return SECFailure;
+    };
+
+    oid.len = encodedParams->len - 2;
+    oid.data = encodedParams->data + 2;
+    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
+	((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { 
+	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+	    return SECFailure;
+    }
+
+    params->arena = arena;
+    params->cofactor = 0;
+    params->type = ec_params_named;
+    params->name = ECCurve_noName;
+
+    /* For named curves, fill out curveOID */
+    params->curveOID.len = oid.len;
+    params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len);
+    if (params->curveOID.data == NULL) goto cleanup;
+    memcpy(params->curveOID.data, oid.data, oid.len);
+
+#if EC_DEBUG
+    printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
+#endif
+
+    switch (tag) {
+
+    /* Binary curves */
+
+    case SEC_OID_ANSIX962_EC_C2PNB163V1:
+	/* Populate params for c2pnb163v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB163V2:
+	/* Populate params for c2pnb163v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB163V3:
+	/* Populate params for c2pnb163v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB176V1:
+	/* Populate params for c2pnb176v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB191V1:
+	/* Populate params for c2tnb191v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB191V2:
+	/* Populate params for c2tnb191v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB191V3:
+	/* Populate params for c2tnb191v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB208W1:
+	/* Populate params for c2pnb208w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB239V1:
+	/* Populate params for c2tnb239v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB239V2:
+	/* Populate params for c2tnb239v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB239V3:
+	/* Populate params for c2tnb239v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB272W1:
+	/* Populate params for c2pnb272w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB304W1:
+	/* Populate params for c2pnb304w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB359V1:
+	/* Populate params for c2tnb359v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB368W1:
+	/* Populate params for c2pnb368w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB431R1:
+	/* Populate params for c2tnb431r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m,
+	    params) );
+	break;
+	
+    case SEC_OID_SECG_EC_SECT113R1:
+	/* Populate params for sect113r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT113R2:
+	/* Populate params for sect113r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT131R1:
+	/* Populate params for sect131r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT131R2:
+	/* Populate params for sect131r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT163K1:
+	/* Populate params for sect163k1
+	 * (the NIST K-163 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT163R1:
+	/* Populate params for sect163r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT163R2:
+	/* Populate params for sect163r2
+	 * (the NIST B-163 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT193R1:
+	/* Populate params for sect193r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT193R2:
+	/* Populate params for sect193r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT233K1:
+	/* Populate params for sect233k1
+	 * (the NIST K-233 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT233R1:
+	/* Populate params for sect233r1
+	 * (the NIST B-233 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT239K1:
+	/* Populate params for sect239k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT283K1:
+        /* Populate params for sect283k1
+	 * (the NIST K-283 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT283R1:
+	/* Populate params for sect283r1
+	 * (the NIST B-283 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT409K1:
+	/* Populate params for sect409k1
+	 * (the NIST K-409 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT409R1:
+	/* Populate params for sect409r1
+	 * (the NIST B-409 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT571K1:
+	/* Populate params for sect571k1
+	 * (the NIST K-571 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT571R1:
+	/* Populate params for sect571r1
+	 * (the NIST B-571 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    /* Prime curves */
+
+    case SEC_OID_ANSIX962_EC_PRIME192V1:
+	/* Populate params for prime192v1 aka secp192r1 
+	 * (the NIST P-192 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME192V2:
+	/* Populate params for prime192v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME192V3:
+	/* Populate params for prime192v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp,
+	    params) );
+	break;
+	
+    case SEC_OID_ANSIX962_EC_PRIME239V1:
+	/* Populate params for prime239v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME239V2:
+	/* Populate params for prime239v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME239V3:
+	/* Populate params for prime239v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME256V1:
+	/* Populate params for prime256v1 aka secp256r1
+	 * (the NIST P-256 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP112R1:
+        /* Populate params for secp112r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP112R2:
+        /* Populate params for secp112r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP128R1:
+        /* Populate params for secp128r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP128R2:
+        /* Populate params for secp128r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp,
+	    params) );
+	break;
+	
+    case SEC_OID_SECG_EC_SECP160K1:
+        /* Populate params for secp160k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP160R1:
+        /* Populate params for secp160r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP160R2:
+	/* Populate params for secp160r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP192K1:
+	/* Populate params for secp192k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP224K1:
+	/* Populate params for secp224k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP224R1:
+	/* Populate params for secp224r1 
+	 * (the NIST P-224 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP256K1:
+	/* Populate params for secp256k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP384R1:
+	/* Populate params for secp384r1
+	 * (the NIST P-384 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP521R1:
+	/* Populate params for secp521r1 
+	 * (the NIST P-521 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
+	    params) );
+	break;
+
+    default:
+	break;
+    };
+
+cleanup:
+    if (!params->cofactor) {
+	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+#if EC_DEBUG
+	printf("Unrecognized curve, returning NULL params\n");
+#endif
+    }
+
+    return rv;
+}
+
+SECStatus
+EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
+{
+    PLArenaPool *arena;
+    ECParams *params;
+    SECStatus rv = SECFailure;
+
+    /* Initialize an arena for the ECParams structure */
+    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
+	return SECFailure;
+
+    params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
+    if (!params) {
+	PORT_FreeArena(arena, PR_TRUE);
+	return SECFailure;
+    }
+
+    /* Copy the encoded params */
+    SECITEM_AllocItem(arena, &(params->DEREncoding),
+	encodedParams->len);
+    memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
+
+    /* Fill out the rest of the ECParams structure based on 
+     * the encoded params 
+     */
+    rv = EC_FillParams(arena, encodedParams, params);
+    if (rv == SECFailure) {
+	PORT_FreeArena(arena, PR_TRUE);	
+	return SECFailure;
+    } else {
+	*ecparams = params;;
+	return SECSuccess;
+    }
+}
+
+#endif /* NSS_DISABLE_ECC */
diff --git a/security/nss/lib/freebl/intel-aes-x64-masm.asm b/security/nss/lib/freebl/intel-aes-x64-masm.asm
new file mode 100644
index 0000000..ef5c76b
--- /dev/null
+++ b/security/nss/lib/freebl/intel-aes-x64-masm.asm
@@ -0,0 +1,971 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias at intel.com
+
+
+.DATA
+ALIGN 16
+Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh
+Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h
+Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh
+Lcon1 dd 1,1,1,1
+Lcon2 dd 1bh,1bh,1bh,1bh
+
+.CODE
+
+ctx     textequ <rcx>
+output  textequ <rdx>
+input   textequ <r8>
+inputLen textequ <r9d>
+
+
+aes_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesenc  xmm0, xmm8
+    aesenc  xmm1, xmm8
+    aesenc  xmm2, xmm8
+    aesenc  xmm3, xmm8
+    aesenc  xmm4, xmm8
+    aesenc  xmm5, xmm8
+    aesenc  xmm6, xmm8
+    aesenc  xmm7, xmm8
+    ENDM
+
+aes_last_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesenclast  xmm0, xmm8
+    aesenclast  xmm1, xmm8
+    aesenclast  xmm2, xmm8
+    aesenclast  xmm3, xmm8
+    aesenclast  xmm4, xmm8
+    aesenclast  xmm5, xmm8
+    aesenclast  xmm6, xmm8
+    aesenclast  xmm7, xmm8
+    ENDM
+
+aes_dec_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesdec  xmm0, xmm8
+    aesdec  xmm1, xmm8
+    aesdec  xmm2, xmm8
+    aesdec  xmm3, xmm8
+    aesdec  xmm4, xmm8
+    aesdec  xmm5, xmm8
+    aesdec  xmm6, xmm8
+    aesdec  xmm7, xmm8
+    ENDM
+
+aes_dec_last_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesdeclast  xmm0, xmm8
+    aesdeclast  xmm1, xmm8
+    aesdeclast  xmm2, xmm8
+    aesdeclast  xmm3, xmm8
+    aesdeclast  xmm4, xmm8
+    aesdeclast  xmm5, xmm8
+    aesdeclast  xmm6, xmm8
+    aesdeclast  xmm7, xmm8
+    ENDM
+
+
+gen_aes_ecb_func MACRO enc, rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   bail
+
+        xor     inputLen, inputLen
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+        movdqu  xmm7, [7*16 + input]
+
+        movdqu  xmm8, [0*16 + ctx]
+        pxor    xmm0, xmm8
+        pxor    xmm1, xmm8
+        pxor    xmm2, xmm8
+        pxor    xmm3, xmm8
+        pxor    xmm4, xmm8
+        pxor    xmm5, xmm8
+        pxor    xmm6, xmm8
+        pxor    xmm7, xmm8
+
+IF enc eq 1
+        rnd textequ <aes_rnd>
+        lastrnd textequ <aes_last_rnd>
+        aesinst textequ <aesenc>
+        aeslastinst textequ <aesenclast>
+ELSE
+        rnd textequ <aes_dec_rnd>
+        lastrnd textequ <aes_dec_last_rnd>
+        aesinst textequ <aesdec>
+        aeslastinst textequ <aesdeclast>
+ENDIF
+
+        i = 1
+        WHILE i LT rnds
+            rnd i
+            i = i+1
+            ENDM
+        lastrnd rnds
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesinst  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aeslastinst xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+ENDM
+
+intel_aes_encrypt_ecb_128 PROC
+gen_aes_ecb_func 1, 10
+intel_aes_encrypt_ecb_128 ENDP
+
+intel_aes_encrypt_ecb_192 PROC
+gen_aes_ecb_func 1, 12
+intel_aes_encrypt_ecb_192 ENDP
+
+intel_aes_encrypt_ecb_256 PROC
+gen_aes_ecb_func 1, 14
+intel_aes_encrypt_ecb_256 ENDP
+
+intel_aes_decrypt_ecb_128 PROC
+gen_aes_ecb_func 0, 10
+intel_aes_decrypt_ecb_128 ENDP
+
+intel_aes_decrypt_ecb_192 PROC
+gen_aes_ecb_func 0, 12
+intel_aes_decrypt_ecb_192 ENDP
+
+intel_aes_decrypt_ecb_256 PROC
+gen_aes_ecb_func 0, 14
+intel_aes_decrypt_ecb_256 ENDP
+
+
+KEY textequ <rcx>
+KS  textequ <rdx>
+ITR textequ <r8>
+
+intel_aes_encrypt_init_128  PROC
+
+    movdqu  xmm1, [KEY]
+    movdqu  [KS], xmm1
+    movdqa  xmm2, xmm1
+
+    lea ITR, Lcon1
+    movdqa  xmm0, [ITR]
+    lea ITR, Lmask
+    movdqa  xmm4, [ITR]
+
+    mov ITR, 8
+
+Lenc_128_ks_loop:
+        lea KS, [16 + KS]
+        dec ITR
+
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm3, xmm1
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pxor    xmm1, xmm2
+        movdqu  [KS], xmm1
+        movdqa  xmm2, xmm1
+
+        jne Lenc_128_ks_loop
+
+    lea ITR, Lcon2
+    movdqa  xmm0, [ITR]
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    pslld   xmm0, 1
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [16 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [32 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    ret
+intel_aes_encrypt_init_128  ENDP
+
+
+intel_aes_decrypt_init_128  PROC
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_128
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [10*16 + KS]
+    movdqu  [10*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 5
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(10-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(10-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [5*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [5*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_128  ENDP
+
+
+intel_aes_encrypt_init_192  PROC
+
+    sub     rsp, 16*2
+    movdqu  [16*0 + rsp], xmm6
+    movdqu  [16*1 + rsp], xmm7
+
+    movdqu  xmm1, [KEY]
+    mov     ITR, [16 + KEY]
+    movd    xmm3, ITR
+
+    movdqu  [KS], xmm1
+    movdqa  xmm5, xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask192
+    movdqu  xmm4, [ITR]
+
+    mov ITR, 4
+
+Lenc_192_ks_loop:
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqa  xmm6, xmm1
+        shufpd  xmm5, xmm1, 00h
+        shufpd  xmm6, xmm3, 01h
+
+        movdqu  [16 + KS], xmm5
+        movdqu  [32 + KS], xmm6
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqu  [48 + KS], xmm1
+        movdqa  xmm5, xmm3
+
+        lea KS, [48 + KS]
+
+        dec ITR
+        jnz Lenc_192_ks_loop
+
+    movdqu  [16 + KS], xmm5
+
+    movdqu  xmm7, [16*1 + rsp]
+    movdqu  xmm6, [16*0 + rsp]
+    add rsp, 16*2
+    ret
+intel_aes_encrypt_init_192  ENDP
+
+intel_aes_decrypt_init_192  PROC
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_192
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [12*16 + KS]
+    movdqu  [12*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 6
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(12-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(12-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [6*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [6*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_192  ENDP
+
+
+intel_aes_encrypt_init_256  PROC
+    sub     rsp, 16*2
+    movdqu  [16*0 + rsp], xmm6
+    movdqu  [16*1 + rsp], xmm7
+
+    movdqu  xmm1, [16*0 + KEY]
+    movdqu  xmm3, [16*1 + KEY]
+
+    movdqu  [16*0 + KS], xmm1
+    movdqu  [16*1 + KS], xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask256
+    movdqu  xmm5, [ITR]
+
+    pxor    xmm6, xmm6
+
+    mov ITR, 6
+
+Lenc_256_ks_loop:
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm5
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm4, xmm1
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pxor    xmm1, xmm2
+        movdqu  [16*2 + KS], xmm1
+
+        pshufd  xmm2, xmm1, 0ffh
+        aesenclast  xmm2, xmm6
+        movdqa  xmm4, xmm3
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pxor    xmm3, xmm2
+        movdqu  [16*3 + KS], xmm3
+
+        lea KS, [32 + KS]
+        dec ITR
+        jnz Lenc_256_ks_loop
+
+    movdqa  xmm2, xmm3
+    pshufb  xmm2, xmm5
+    aesenclast  xmm2, xmm0
+    movdqa  xmm4, xmm1
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pxor    xmm1, xmm2
+    movdqu  [16*2 + KS], xmm1
+
+    movdqu  xmm7, [16*1 + rsp]
+    movdqu  xmm6, [16*0 + rsp]
+    add rsp, 16*2
+    ret
+
+intel_aes_encrypt_init_256  ENDP
+
+
+intel_aes_decrypt_init_256  PROC
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_256
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [14*16 + KS]
+    movdqu  [14*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 7
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(14-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(14-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [7*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [7*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_256  ENDP
+
+
+
+gen_aes_cbc_enc_func MACRO rnds
+
+LOCAL   loop1
+LOCAL   bail
+
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+        movdqu  xmm0, [-32+ctx]
+
+        movdqu  xmm2, [0*16 + ctx]
+        movdqu  xmm3, [1*16 + ctx]
+        movdqu  xmm4, [2*16 + ctx]
+        movdqu  xmm5, [3*16 + ctx]
+        movdqu  xmm6, [4*16 + ctx]
+        movdqu  xmm7, [5*16 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm1, [input]
+        pxor    xmm1, xmm2
+        pxor    xmm0, xmm1
+
+        aesenc  xmm0, xmm3
+        aesenc  xmm0, xmm4
+        aesenc  xmm0, xmm5
+        aesenc  xmm0, xmm6
+        aesenc  xmm0, xmm7
+
+        i = 6
+    WHILE i LT rnds
+            movdqu  xmm8, [i*16 + ctx]
+            aesenc  xmm0, xmm8
+            i = i+1
+        ENDM
+        movdqu  xmm8, [rnds*16 + ctx]
+        aesenclast xmm0, xmm8
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32+ctx], xmm0
+
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+
+ENDM
+
+gen_aes_cbc_dec_func MACRO rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   dec1
+LOCAL   bail
+
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      dec1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+        movdqu  xmm7, [7*16 + input]
+
+        movdqu  xmm8, [0*16 + ctx]
+        pxor    xmm0, xmm8
+        pxor    xmm1, xmm8
+        pxor    xmm2, xmm8
+        pxor    xmm3, xmm8
+        pxor    xmm4, xmm8
+        pxor    xmm5, xmm8
+        pxor    xmm6, xmm8
+        pxor    xmm7, xmm8
+
+        i = 1
+        WHILE i LT rnds
+            aes_dec_rnd i
+            i = i+1
+            ENDM
+        aes_dec_last_rnd rnds
+
+        movdqu  xmm8, [-32 + ctx]
+        pxor    xmm0, xmm8
+        movdqu  xmm8, [0*16 + input]
+        pxor    xmm1, xmm8
+        movdqu  xmm8, [1*16 + input]
+        pxor    xmm2, xmm8
+        movdqu  xmm8, [2*16 + input]
+        pxor    xmm3, xmm8
+        movdqu  xmm8, [3*16 + input]
+        pxor    xmm4, xmm8
+        movdqu  xmm8, [4*16 + input]
+        pxor    xmm5, xmm8
+        movdqu  xmm8, [5*16 + input]
+        pxor    xmm6, xmm8
+        movdqu  xmm8, [6*16 + input]
+        pxor    xmm7, xmm8
+        movdqu  xmm8, [7*16 + input]
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+        movdqu  [-32 + ctx], xmm8
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+dec1:
+
+        movdqu  xmm3, [-32 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqa  xmm4, xmm0
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesdec  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesdeclast xmm0, xmm7
+        pxor    xmm3, xmm0
+
+        movdqu  [output], xmm3
+        movdqa  xmm3, xmm4
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32 + ctx], xmm3
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+ENDM
+
+intel_aes_encrypt_cbc_128 PROC
+gen_aes_cbc_enc_func  10
+intel_aes_encrypt_cbc_128 ENDP
+
+intel_aes_encrypt_cbc_192 PROC
+gen_aes_cbc_enc_func  12
+intel_aes_encrypt_cbc_192 ENDP
+
+intel_aes_encrypt_cbc_256 PROC
+gen_aes_cbc_enc_func  14
+intel_aes_encrypt_cbc_256 ENDP
+
+intel_aes_decrypt_cbc_128 PROC
+gen_aes_cbc_dec_func  10
+intel_aes_decrypt_cbc_128 ENDP
+
+intel_aes_decrypt_cbc_192 PROC
+gen_aes_cbc_dec_func  12
+intel_aes_decrypt_cbc_192 ENDP
+
+intel_aes_decrypt_cbc_256 PROC
+gen_aes_cbc_dec_func  14
+intel_aes_decrypt_cbc_256 ENDP
+
+
+
+ctrCtx textequ <r10>
+CTR textequ <r11d>
+CTRSave textequ <eax>
+
+gen_aes_ctr_func MACRO rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   enc1
+LOCAL   bail
+
+        mov     input,      [rsp + 8*1 + 4*8]
+        mov     inputLen,   [rsp + 8*1 + 5*8]
+
+        mov     ctrCtx, ctx
+        mov     ctx, [8+ctrCtx]
+        lea     ctx, [48+ctx]
+
+        sub     rsp, 3*16
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+
+        push    rbp
+        mov     rbp, rsp
+        sub     rsp, 8*16
+        and     rsp, -16
+
+
+        movdqu  xmm0, [16+ctrCtx]
+        mov     CTRSave, DWORD PTR [ctrCtx + 16 + 3*4]
+        bswap   CTRSave
+        movdqu  xmm1, [ctx + 0*16]
+
+        pxor    xmm0, xmm1
+
+        movdqa  [rsp + 0*16], xmm0
+        movdqa  [rsp + 1*16], xmm0
+        movdqa  [rsp + 2*16], xmm0
+        movdqa  [rsp + 3*16], xmm0
+        movdqa  [rsp + 4*16], xmm0
+        movdqa  [rsp + 5*16], xmm0
+        movdqa  [rsp + 6*16], xmm0
+        movdqa  [rsp + 7*16], xmm0
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 1*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 2*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 3*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 4*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 5*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 6*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 7*16 + 3*4], CTR
+
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + rsp]
+        movdqu  xmm1, [1*16 + rsp]
+        movdqu  xmm2, [2*16 + rsp]
+        movdqu  xmm3, [3*16 + rsp]
+        movdqu  xmm4, [4*16 + rsp]
+        movdqu  xmm5, [5*16 + rsp]
+        movdqu  xmm6, [6*16 + rsp]
+        movdqu  xmm7, [7*16 + rsp]
+
+        i = 1
+        WHILE i LE 8
+            aes_rnd i
+
+            inc     CTRSave
+            mov     CTR, CTRSave
+            bswap   CTR
+            xor     CTR, DWORD PTR [ctx + 3*4]
+            mov     DWORD PTR [rsp + (i-1)*16 + 3*4], CTR
+
+            i = i+1
+        ENDM
+        WHILE i LT rnds
+            aes_rnd i
+            i = i+1
+            ENDM
+        aes_last_rnd rnds
+
+        movdqu  xmm8, [0*16 + input]
+        pxor    xmm0, xmm8
+        movdqu  xmm8, [1*16 + input]
+        pxor    xmm1, xmm8
+        movdqu  xmm8, [2*16 + input]
+        pxor    xmm2, xmm8
+        movdqu  xmm8, [3*16 + input]
+        pxor    xmm3, xmm8
+        movdqu  xmm8, [4*16 + input]
+        pxor    xmm4, xmm8
+        movdqu  xmm8, [5*16 + input]
+        pxor    xmm5, xmm8
+        movdqu  xmm8, [6*16 + input]
+        pxor    xmm6, xmm8
+        movdqu  xmm8, [7*16 + input]
+        pxor    xmm7, xmm8
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [rsp]
+        add     rsp, 16
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  xmm7, [input]
+        pxor    xmm0, xmm7
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+
+        movdqu  xmm0, [rsp]
+        movdqu  xmm1, [ctx + 0*16]
+        pxor    xmm0, xmm1
+        movdqu  [16+ctrCtx], xmm0
+
+
+        xor     rax, rax
+        mov     rsp, rbp
+        pop     rbp
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+
+        ret
+ENDM
+
+
+intel_aes_encrypt_ctr_128 PROC
+gen_aes_ctr_func  10
+intel_aes_encrypt_ctr_128 ENDP
+
+intel_aes_encrypt_ctr_192 PROC
+gen_aes_ctr_func  12
+intel_aes_encrypt_ctr_192 ENDP
+
+intel_aes_encrypt_ctr_256 PROC
+gen_aes_ctr_func  14
+intel_aes_encrypt_ctr_256 ENDP
+
+
+END
diff --git a/security/nss/lib/freebl/intel-aes-x86-masm.asm b/security/nss/lib/freebl/intel-aes-x86-masm.asm
new file mode 100644
index 0000000..7d805e7
--- /dev/null
+++ b/security/nss/lib/freebl/intel-aes-x86-masm.asm
@@ -0,0 +1,949 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias at intel.com
+
+
+.MODEL FLAT, C
+.XMM
+
+.DATA
+ALIGN 16
+Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh
+Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h
+Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh
+Lcon1 dd 1,1,1,1
+Lcon2 dd 1bh,1bh,1bh,1bh
+
+.CODE
+
+ctx     textequ <ecx>
+output  textequ <edx>
+input   textequ <eax>
+inputLen textequ <edi>
+
+
+aes_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesenc  xmm0, xmm7
+    aesenc  xmm1, xmm7
+    aesenc  xmm2, xmm7
+    aesenc  xmm3, xmm7
+    aesenc  xmm4, xmm7
+    aesenc  xmm5, xmm7
+    aesenc  xmm6, xmm7
+    ENDM
+
+aes_last_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesenclast  xmm0, xmm7
+    aesenclast  xmm1, xmm7
+    aesenclast  xmm2, xmm7
+    aesenclast  xmm3, xmm7
+    aesenclast  xmm4, xmm7
+    aesenclast  xmm5, xmm7
+    aesenclast  xmm6, xmm7
+    ENDM
+
+aes_dec_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesdec  xmm0, xmm7
+    aesdec  xmm1, xmm7
+    aesdec  xmm2, xmm7
+    aesdec  xmm3, xmm7
+    aesdec  xmm4, xmm7
+    aesdec  xmm5, xmm7
+    aesdec  xmm6, xmm7
+    ENDM
+
+aes_dec_last_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesdeclast  xmm0, xmm7
+    aesdeclast  xmm1, xmm7
+    aesdeclast  xmm2, xmm7
+    aesdeclast  xmm3, xmm7
+    aesdeclast  xmm4, xmm7
+    aesdeclast  xmm5, xmm7
+    aesdeclast  xmm6, xmm7
+    ENDM
+
+
+gen_aes_ecb_func MACRO enc, rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+        pxor    xmm1, xmm7
+        pxor    xmm2, xmm7
+        pxor    xmm3, xmm7
+        pxor    xmm4, xmm7
+        pxor    xmm5, xmm7
+        pxor    xmm6, xmm7
+
+IF enc eq 1
+        rnd textequ <aes_rnd>
+        lastrnd textequ <aes_last_rnd>
+        aesinst textequ <aesenc>
+        aeslastinst textequ <aesenclast>
+ELSE
+        rnd textequ <aes_dec_rnd>
+        lastrnd textequ <aes_dec_last_rnd>
+        aesinst textequ <aesdec>
+        aeslastinst textequ <aesdeclast>
+ENDIF
+
+        i = 1
+        WHILE i LT rnds
+            rnd i
+            i = i+1
+            ENDM
+        lastrnd rnds
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesinst  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aeslastinst xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        xor eax, eax
+        pop     inputLen
+        ret
+
+ENDM
+
+ALIGN 16
+intel_aes_encrypt_ecb_128 PROC
+gen_aes_ecb_func 1, 10
+intel_aes_encrypt_ecb_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ecb_192 PROC
+gen_aes_ecb_func 1, 12
+intel_aes_encrypt_ecb_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ecb_256 PROC
+gen_aes_ecb_func 1, 14
+intel_aes_encrypt_ecb_256 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_128 PROC
+gen_aes_ecb_func 0, 10
+intel_aes_decrypt_ecb_128 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_192 PROC
+gen_aes_ecb_func 0, 12
+intel_aes_decrypt_ecb_192 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_256 PROC
+gen_aes_ecb_func 0, 14
+intel_aes_decrypt_ecb_256 ENDP
+
+
+KEY textequ <ecx>
+KS  textequ <edx>
+ITR textequ <eax>
+
+ALIGN 16
+intel_aes_encrypt_init_128  PROC
+
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+
+    movdqu  xmm1, [KEY]
+    movdqu  [KS], xmm1
+    movdqa  xmm2, xmm1
+
+    lea ITR, Lcon1
+    movdqa  xmm0, [ITR]
+    lea ITR, Lmask
+    movdqa  xmm4, [ITR]
+
+    mov ITR, 8
+
+Lenc_128_ks_loop:
+        lea KS, [16 + KS]
+        dec ITR
+
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm3, xmm1
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pxor    xmm1, xmm2
+        movdqu  [KS], xmm1
+        movdqa  xmm2, xmm1
+
+        jne Lenc_128_ks_loop
+
+    lea ITR, Lcon2
+    movdqa  xmm0, [ITR]
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    pslld   xmm0, 1
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [16 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [32 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    ret
+intel_aes_encrypt_init_128  ENDP
+
+
+ALIGN 16
+intel_aes_decrypt_init_128  PROC
+
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_128
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [10*16 + KS]
+    movdqu  [10*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 5
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(10-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(10-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [5*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [5*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_128  ENDP
+
+
+ALIGN 16
+intel_aes_encrypt_init_192  PROC
+
+    mov     KEY, [esp + 1*4 + 0*4]
+    mov     KS,  [esp + 1*4 + 1*4]
+
+    pxor    xmm3, xmm3
+    movdqu  xmm1, [KEY]
+    pinsrd  xmm3, DWORD PTR [16 + KEY], 0
+    pinsrd  xmm3, DWORD PTR [20 + KEY], 1
+
+    movdqu  [KS], xmm1
+    movdqa  xmm5, xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask192
+    movdqu  xmm4, [ITR]
+
+    mov ITR, 4
+
+Lenc_192_ks_loop:
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqa  xmm6, xmm1
+        shufpd  xmm5, xmm1, 00h
+        shufpd  xmm6, xmm3, 01h
+
+        movdqu  [16 + KS], xmm5
+        movdqu  [32 + KS], xmm6
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqu  [48 + KS], xmm1
+        movdqa  xmm5, xmm3
+
+        lea KS, [48 + KS]
+
+        dec ITR
+        jnz Lenc_192_ks_loop
+
+    movdqu  [16 + KS], xmm5
+ret
+intel_aes_encrypt_init_192  ENDP
+
+ALIGN 16
+intel_aes_decrypt_init_192  PROC
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_192
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [12*16 + KS]
+    movdqu  [12*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 6
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(12-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(12-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [6*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [6*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_192  ENDP
+
+ALIGN 16
+intel_aes_encrypt_init_256  PROC
+
+    mov     KEY,    [esp + 1*4 + 0*4]
+    mov     KS,     [esp + 1*4 + 1*4]
+    movdqu  xmm1, [16*0 + KEY]
+    movdqu  xmm3, [16*1 + KEY]
+
+    movdqu  [16*0 + KS], xmm1
+    movdqu  [16*1 + KS], xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask256
+    movdqu  xmm5, [ITR]
+
+    pxor    xmm6, xmm6
+
+    mov ITR, 6
+
+Lenc_256_ks_loop:
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm5
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm4, xmm1
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pxor    xmm1, xmm2
+        movdqu  [16*2 + KS], xmm1
+
+        pshufd  xmm2, xmm1, 0ffh
+        aesenclast  xmm2, xmm6
+        movdqa  xmm4, xmm3
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pxor    xmm3, xmm2
+        movdqu  [16*3 + KS], xmm3
+
+        lea KS, [32 + KS]
+        dec ITR
+        jnz Lenc_256_ks_loop
+
+    movdqa  xmm2, xmm3
+    pshufb  xmm2, xmm5
+    aesenclast  xmm2, xmm0
+    movdqa  xmm4, xmm1
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pxor    xmm1, xmm2
+    movdqu  [16*2 + KS], xmm1
+
+    ret
+intel_aes_encrypt_init_256  ENDP
+
+ALIGN 16
+intel_aes_decrypt_init_256  PROC
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_256
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [14*16 + KS]
+    movdqu  [14*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 7
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(14-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(14-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [7*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [7*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_256  ENDP
+
+
+
+gen_aes_cbc_enc_func MACRO rnds
+
+LOCAL   loop1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+        movdqu  xmm0, [-32+ctx]
+
+        movdqu  xmm2, [0*16 + ctx]
+        movdqu  xmm3, [1*16 + ctx]
+        movdqu  xmm4, [2*16 + ctx]
+        movdqu  xmm5, [3*16 + ctx]
+        movdqu  xmm6, [4*16 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm1, [input]
+        pxor    xmm1, xmm2
+        pxor    xmm0, xmm1
+
+        aesenc  xmm0, xmm3
+        aesenc  xmm0, xmm4
+        aesenc  xmm0, xmm5
+        aesenc  xmm0, xmm6
+
+        i = 5
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32+ctx], xmm0
+
+        xor eax, eax
+        pop inputLen
+        ret
+
+ENDM
+
+gen_aes_cbc_dec_func MACRO rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   dec1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      dec1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+        pxor    xmm1, xmm7
+        pxor    xmm2, xmm7
+        pxor    xmm3, xmm7
+        pxor    xmm4, xmm7
+        pxor    xmm5, xmm7
+        pxor    xmm6, xmm7
+
+        i = 1
+        WHILE i LT rnds
+            aes_dec_rnd i
+            i = i+1
+            ENDM
+        aes_dec_last_rnd rnds
+
+        movdqu  xmm7, [-32 + ctx]
+        pxor    xmm0, xmm7
+        movdqu  xmm7, [0*16 + input]
+        pxor    xmm1, xmm7
+        movdqu  xmm7, [1*16 + input]
+        pxor    xmm2, xmm7
+        movdqu  xmm7, [2*16 + input]
+        pxor    xmm3, xmm7
+        movdqu  xmm7, [3*16 + input]
+        pxor    xmm4, xmm7
+        movdqu  xmm7, [4*16 + input]
+        pxor    xmm5, xmm7
+        movdqu  xmm7, [5*16 + input]
+        pxor    xmm6, xmm7
+        movdqu  xmm7, [6*16 + input]
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [-32 + ctx], xmm7
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+dec1:
+
+        movdqu  xmm3, [-32 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqa  xmm4, xmm0
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesdec  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesdeclast xmm0, xmm7
+        pxor    xmm3, xmm0
+
+        movdqu  [output], xmm3
+        movdqa  xmm3, xmm4
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32 + ctx], xmm3
+        xor eax, eax
+        pop     inputLen
+        ret
+ENDM
+
+ALIGN 16
+intel_aes_encrypt_cbc_128 PROC
+gen_aes_cbc_enc_func  10
+intel_aes_encrypt_cbc_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_cbc_192 PROC
+gen_aes_cbc_enc_func  12
+intel_aes_encrypt_cbc_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_cbc_256 PROC
+gen_aes_cbc_enc_func  14
+intel_aes_encrypt_cbc_256 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_128 PROC
+gen_aes_cbc_dec_func  10
+intel_aes_decrypt_cbc_128 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_192 PROC
+gen_aes_cbc_dec_func  12
+intel_aes_decrypt_cbc_192 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_256 PROC
+gen_aes_cbc_dec_func  14
+intel_aes_decrypt_cbc_256 ENDP
+
+
+
+ctrCtx textequ <esi>
+CTR textequ <ebx>
+
+gen_aes_ctr_func MACRO rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   enc1
+LOCAL   bail
+
+        push    inputLen
+        push    ctrCtx
+        push    CTR
+        push    ebp
+
+        mov     ctrCtx, [esp + 4*5 + 0*4]
+        mov     output, [esp + 4*5 + 1*4]
+        mov     input,  [esp + 4*5 + 4*4]
+        mov     inputLen, [esp + 4*5 + 5*4]
+
+        mov     ctx, [4+ctrCtx]
+        lea     ctx, [44+ctx]
+
+        mov     ebp, esp
+        sub     esp, 7*16
+        and     esp, -16
+
+        movdqu  xmm0, [8+ctrCtx]
+        mov     ctrCtx, [ctrCtx + 8 + 3*4]
+        bswap   ctrCtx
+        movdqu  xmm1, [ctx + 0*16]
+
+        pxor    xmm0, xmm1
+
+        movdqa  [esp + 0*16], xmm0
+        movdqa  [esp + 1*16], xmm0
+        movdqa  [esp + 2*16], xmm0
+        movdqa  [esp + 3*16], xmm0
+        movdqa  [esp + 4*16], xmm0
+        movdqa  [esp + 5*16], xmm0
+        movdqa  [esp + 6*16], xmm0
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 1*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 2*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 3*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 4*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 5*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 6*16 + 3*4], CTR
+
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + esp]
+        movdqu  xmm1, [1*16 + esp]
+        movdqu  xmm2, [2*16 + esp]
+        movdqu  xmm3, [3*16 + esp]
+        movdqu  xmm4, [4*16 + esp]
+        movdqu  xmm5, [5*16 + esp]
+        movdqu  xmm6, [6*16 + esp]
+
+        i = 1
+        WHILE i LE 7
+            aes_rnd i
+
+            inc     ctrCtx
+            mov     CTR, ctrCtx
+            bswap   CTR
+            xor     CTR, [ctx + 3*4]
+            mov     [esp + (i-1)*16 + 3*4], CTR
+
+            i = i+1
+        ENDM
+        WHILE i LT rnds
+            aes_rnd i
+            i = i+1
+            ENDM
+        aes_last_rnd rnds
+
+        movdqu  xmm7, [0*16 + input]
+        pxor    xmm0, xmm7
+        movdqu  xmm7, [1*16 + input]
+        pxor    xmm1, xmm7
+        movdqu  xmm7, [2*16 + input]
+        pxor    xmm2, xmm7
+        movdqu  xmm7, [3*16 + input]
+        pxor    xmm3, xmm7
+        movdqu  xmm7, [4*16 + input]
+        pxor    xmm4, xmm7
+        movdqu  xmm7, [5*16 + input]
+        pxor    xmm5, xmm7
+        movdqu  xmm7, [6*16 + input]
+        pxor    xmm6, xmm7
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [esp]
+        add     esp, 16
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  xmm7, [input]
+        pxor    xmm0, xmm7
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+
+        mov     ctrCtx, [ebp + 4*5 + 0*4]
+        movdqu  xmm0, [esp]
+        movdqu  xmm1, [ctx + 0*16]
+        pxor    xmm0, xmm1
+        movdqu  [8+ctrCtx], xmm0
+
+
+        xor     eax, eax
+        mov     esp, ebp
+        pop     ebp
+        pop     CTR
+        pop     ctrCtx
+        pop     inputLen
+        ret
+ENDM
+
+
+ALIGN 16
+intel_aes_encrypt_ctr_128 PROC
+gen_aes_ctr_func  10
+intel_aes_encrypt_ctr_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ctr_192 PROC
+gen_aes_ctr_func  12
+intel_aes_encrypt_ctr_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ctr_256 PROC
+gen_aes_ctr_func  14
+intel_aes_encrypt_ctr_256 ENDP
+
+
+END
diff --git a/security/nss/lib/freebl/intel-aes.h b/security/nss/lib/freebl/intel-aes.h
index 1e18007..3b71e5f 100644
--- a/security/nss/lib/freebl/intel-aes.h
+++ b/security/nss/lib/freebl/intel-aes.h
@@ -33,6 +33,12 @@ SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_128(CTRContext *cx, unsigned char *output,
+				    unsigned int *outputLen,
+				    unsigned int maxOutputLen,
+				    const unsigned char *input,
+				    unsigned int inputLen,
+				    unsigned int blocksize);
 SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
 				    unsigned int maxOutputLen,
@@ -57,6 +63,12 @@ SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_192(CTRContext *cx, unsigned char *output,
+				    unsigned int *outputLen,
+				    unsigned int maxOutputLen,
+				    const unsigned char *input,
+				    unsigned int inputLen,
+				    unsigned int blocksize);
 SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
 				    unsigned int maxOutputLen,
@@ -81,6 +93,12 @@ SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output,
+				    unsigned int *outputLen,
+				    unsigned int maxOutputLen,
+				    const unsigned char *input,
+				    unsigned int inputLen,
+				    unsigned int blocksize);
 
 
 #define intel_aes_ecb_worker(encrypt, keysize) \
@@ -102,6 +120,11 @@ SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
       (keysize) == 24 ? intel_aes_decrypt_cbc_192 :	\
       intel_aes_decrypt_cbc_256))
 
+#define intel_aes_ctr_worker(nr) \
+   ((nr) == 10 ? intel_aes_encrypt_ctr_128 :	\
+    (nr) == 12 ? intel_aes_encrypt_ctr_192 :	\
+    intel_aes_encrypt_ctr_256)
+
 
 #define intel_aes_init(encrypt, keysize) \
   do {					 			\
diff --git a/security/nss/lib/freebl/intel-gcm-wrap.c b/security/nss/lib/freebl/intel-gcm-wrap.c
index b2f6f5e..9b0a542 100644
--- a/security/nss/lib/freebl/intel-gcm-wrap.c
+++ b/security/nss/lib/freebl/intel-gcm-wrap.c
@@ -3,7 +3,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* Copyright(c) 2013, Intel Corp. */
 
-/* Wrapper funcions for Intel optimized implementation of AES-GCM */
+/* Wrapper functions for Intel optimized implementation of AES-GCM */
 
 #ifdef USE_HW_AES
 
@@ -24,12 +24,8 @@
 #include "intel-gcm.h"
 #include "rijndael.h"
 
-#if defined(__INTEL_COMPILER)
-#include <ia32intrin.h> 
-#elif defined(__GNUC__)
 #include <emmintrin.h>
 #include <tmmintrin.h>
-#endif
 
 
 struct intel_AES_GCMContextStr{
@@ -43,21 +39,21 @@ struct intel_AES_GCMContextStr{
     unsigned long Mlen;
 };
 
-intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, 
+intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
                freeblCipherFunc cipher,
-               const unsigned char *params, 
+               const unsigned char *params,
                unsigned int blocksize)
 {
     intel_AES_GCMContext *gcm = NULL;
     AESContext *aes = (AESContext*)context;
     const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */
-    
-    int IV_whole_len = gcmParams->ulIvLen&(~0xf);
-    int IV_remainder_len = gcmParams->ulIvLen&0xf;
-    int AAD_whole_len = gcmParams->ulAADLen&(~0xf);
-    int AAD_remainder_len = gcmParams->ulAADLen&0xf;
-    
+
+    unsigned long IV_whole_len = gcmParams->ulIvLen & (~0xful);
+    unsigned int IV_remainder_len = gcmParams->ulIvLen & 0xful;
+    unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful);
+    unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful;
+
     __m128i BSWAP_MASK = _mm_setr_epi8(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
     __m128i ONE = _mm_set_epi32(0,0,0,1);
     unsigned int j;
@@ -68,66 +64,80 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
       return NULL;
     }
     gcm = PORT_ZNew(intel_AES_GCMContext);
-    
+
     if (gcm == NULL) {
         return NULL;
     }
+
     /* initialize context fields */
     gcm->aes_context = aes;
     gcm->tagBits = gcmParams->ulTagBits;
     gcm->Alen = 0;
     gcm->Mlen = 0;
+
     /* first prepare H and its derivatives for ghash */
     intel_aes_gcmINIT(gcm->Htbl, (unsigned char*)aes->expandedKey, aes->Nr);
-    /* Initial TAG value is zero*/
+
+    /* Initial TAG value is zero */
     _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
     _mm_storeu_si128((__m128i*)gcm->X0, _mm_setzero_si128());
+
     /* Init the counter */
-    if(gcmParams->ulIvLen == 12) {
-        _mm_storeu_si128((__m128i*)gcm->CTR, _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0], ((unsigned int*)gcmParams->pIv)[1], ((unsigned int*)gcmParams->pIv)[2], 0x01000000));
+    if (gcmParams->ulIvLen == 12) {
+        _mm_storeu_si128((__m128i*)gcm->CTR,
+                         _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0],
+                                        ((unsigned int*)gcmParams->pIv)[1],
+                                        ((unsigned int*)gcmParams->pIv)[2],
+                                        0x01000000));
     } else {
-        /* If IV size is not 96 bits, then the initial counter value is GHASH of the IV */
+        /* If IV size is not 96 bits, then the initial counter value is GHASH
+         * of the IV */
         intel_aes_gcmAAD(gcm->Htbl, gcmParams->pIv, IV_whole_len, gcm->T);
+
         /* Partial block */
-        if(IV_remainder_len) {
+        if (IV_remainder_len) {
             PORT_Memset(buff, 0, AES_BLOCK_SIZE);
             PORT_Memcpy(buff, gcmParams->pIv + IV_whole_len, IV_remainder_len);
             intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
-         }
-         
-         intel_aes_gcmTAG
-         (
+        }
+
+        intel_aes_gcmTAG(
             gcm->Htbl,
             gcm->T,
             gcmParams->ulIvLen,
             0,
             gcm->X0,
-            gcm->CTR
-         );
+            gcm->CTR);
+
         /* TAG should be zero again */
         _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
     }
-    /* Encrypt the initial counter, will be used to encrypt the GHASH value, in the end */
-    rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR, AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+
+    /* Encrypt the initial counter, will be used to encrypt the GHASH value,
+     * in the end */
+    rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR,
+                   AES_BLOCK_SIZE, AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         goto loser;
     }
+
     /* Promote the counter by 1 */
     _mm_storeu_si128((__m128i*)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)gcm->CTR), BSWAP_MASK)), BSWAP_MASK));
 
-/*     Now hash AAD - it would actually make sense to seperate the context creation from the AAD, 
- *     because that would allow to reuse the H, which only changes when the AES key changes, 
- *     and not every package, like the IV and AAD */
+    /* Now hash AAD - it would actually make sense to seperate the context
+     * creation from the AAD, because that would allow to reuse the H, which
+     * only changes when the AES key changes, and not every package, like the
+     * IV and AAD */
     intel_aes_gcmAAD(gcm->Htbl, gcmParams->pAAD, AAD_whole_len, gcm->T);
-    if(AAD_remainder_len) {
+    if (AAD_remainder_len) {
         PORT_Memset(buff, 0, AES_BLOCK_SIZE);
         PORT_Memcpy(buff, gcmParams->pAAD + AAD_whole_len, AAD_remainder_len);
         intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
     }
     gcm->Alen += gcmParams->ulAADLen;
     return gcm;
-    
-    loser:
+
+loser:
     if (gcm) {
         PORT_Free(gcm);
     }
@@ -141,17 +151,17 @@ void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit)
     }
 }
 
-SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, 
+SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
             unsigned char *outbuf,
-			unsigned int *outlen, unsigned int maxout,
-			const unsigned char *inbuf, unsigned int inlen,
-			unsigned int blocksize)
+            unsigned int *outlen, unsigned int maxout,
+            const unsigned char *inbuf, unsigned int inlen,
+            unsigned int blocksize)
 {
     unsigned int tagBytes;
     unsigned char T[AES_BLOCK_SIZE];
-    int j;
+    unsigned int j;
 
-    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
     if (UINT_MAX - inlen < tagBytes) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
@@ -169,7 +179,7 @@ SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
         inlen);
 
     gcm->Mlen += inlen;
-      
+
     intel_aes_gcmTAG(
         gcm->Htbl,
         gcm->T,
@@ -180,34 +190,39 @@ SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
 
     *outlen = inlen + tagBytes;
 
-    for(j=0; j<tagBytes; j++)
-    {
-        outbuf[inlen+j] = T[j];
+    for (j = 0; j < tagBytes; j++) {
+        outbuf[inlen + j] = T[j];
     }
     return SECSuccess;
 }
 
-SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, 
+SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
             unsigned char *outbuf,
-			unsigned int *outlen, unsigned int maxout,
-			const unsigned char *inbuf, unsigned int inlen,
-			unsigned int blocksize)
+            unsigned int *outlen, unsigned int maxout,
+            const unsigned char *inbuf, unsigned int inlen,
+            unsigned int blocksize)
 {
     unsigned int tagBytes;
     unsigned char T[AES_BLOCK_SIZE];
     const unsigned char *intag;
 
-    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
- 
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+
     /* get the authentication block */
     if (inlen < tagBytes) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
 
     inlen -= tagBytes;
     intag = inbuf + inlen;
 
+    if (maxout < inlen) {
+        *outlen = inlen;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
     intel_aes_gcmDEC(
          inbuf,
          outbuf,
@@ -224,6 +239,8 @@ SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
          T);
 
     if (NSS_SecureMemcmp(T, intag, tagBytes) != 0) {
+        memset(outbuf, 0, inlen);
+        *outlen = 0;
         /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
         PORT_SetError(SEC_ERROR_BAD_DATA);
         return SECFailure;
diff --git a/security/nss/lib/freebl/intel-gcm-x64-masm.asm b/security/nss/lib/freebl/intel-gcm-x64-masm.asm
new file mode 100644
index 0000000..8b68b76
--- /dev/null
+++ b/security/nss/lib/freebl/intel-gcm-x64-masm.asm
@@ -0,0 +1,1295 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias at intel.com
+
+
+.DATA
+ALIGN 16
+Lone            dq 1,0
+Ltwo            dq 2,0
+Lbswap_mask     db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+Lshuff_mask     dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh
+Lpoly           dq 01h, 0c200000000000000h
+
+.CODE
+
+
+GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4
+    vpclmulqdq  TMP1, SRC2, SRC1, 0h
+    vpclmulqdq  TMP4, SRC2, SRC1, 011h
+
+    vpshufd     TMP2, SRC2, 78
+    vpshufd     TMP3, SRC1, 78
+    vpxor       TMP2, TMP2, SRC2
+    vpxor       TMP3, TMP3, SRC1
+
+    vpclmulqdq  TMP2, TMP2, TMP3, 0h
+    vpxor       TMP2, TMP2, TMP1
+    vpxor       TMP2, TMP2, TMP4
+
+    vpslldq     TMP3, TMP2, 8
+    vpsrldq     TMP2, TMP2, 8
+
+    vpxor       TMP1, TMP1, TMP3
+    vpxor       TMP4, TMP4, TMP2
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpxor       DST, TMP1, TMP4
+
+    ENDM
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the final GCM tag
+; void intel_aes_gcmTAG(unsigned char Htbl[16*16],
+;                       unsigned char *Tp,
+;                       unsigned int Mlen,
+;                       unsigned int Alen,
+;                       unsigned char *X0,
+;                       unsigned char *TAG);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmTAG PROC
+
+Htbl    textequ <rcx>
+Tp      textequ <rdx>
+Mlen    textequ <r8>
+Alen    textequ <r9>
+X0      textequ <r10>
+TAG     textequ <r11>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    mov     X0, [rsp + 1*8 + 4*8]
+    mov     TAG, [rsp + 1*8 + 5*8]
+
+    vzeroupper
+    vmovdqu T, XMMWORD PTR[Tp]
+    vpxor   TMP0, TMP0, TMP0
+
+    shl     Mlen, 3
+    shl     Alen, 3
+
+    ;vpinsrq    TMP0, TMP0, Mlen, 0
+    ;vpinsrq    TMP0, TMP0, Alen, 1
+    ; workaround the ml64.exe vpinsrq issue
+    vpinsrd TMP0, TMP0, r8d, 0
+    vpinsrd TMP0, TMP0, r9d, 2
+    shr Mlen, 32
+    shr Alen, 32
+    vpinsrd TMP0, TMP0, r8d, 1
+    vpinsrd TMP0, TMP0, r9d, 3
+
+    vpxor   T, T, TMP0
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+
+    vpshufb T, T, [Lbswap_mask]
+    vpxor   T, T, [X0]
+    vmovdqu XMMWORD PTR[TAG], T
+    vzeroupper
+
+    ret
+
+intel_aes_gcmTAG ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the H table
+; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmINIT PROC
+
+Htbl    textequ <rcx>
+KS      textequ <rdx>
+NR      textequ <r8d>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    vzeroupper
+    ; AES-ENC(0)
+    vmovdqu T, XMMWORD PTR[KS]
+    lea KS, [16 + KS]
+    dec NR
+Lenc_loop:
+        vaesenc T, T, [KS]
+        lea KS, [16 + KS]
+        dec NR
+        jnz Lenc_loop
+
+    vaesenclast T, T, [KS]
+    vpshufb T, T, [Lbswap_mask]
+
+    ;Calculate H` = GFMUL(H, 2)
+    vpsrad  xmm3, T, 31
+    vpshufd xmm3, xmm3, 0ffh
+    vpand   xmm5, xmm3, [Lpoly]
+    vpsrld  xmm3, T, 31
+    vpslld  xmm4, T, 1
+    vpslldq xmm3, xmm3, 4
+    vpxor   T, xmm4, xmm3
+    vpxor   T, T, xmm5
+
+    vmovdqu TMP0, T
+    vmovdqu XMMWORD PTR[Htbl + 0*16], T
+
+    vpshufd xmm2, T, 78
+    vpxor   xmm2, xmm2, T
+    vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2
+
+    i = 1
+    WHILE i LT 8
+        GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+        vmovdqu XMMWORD PTR[Htbl + i*16], T
+        vpshufd xmm2, T, 78
+        vpxor   xmm2, xmm2, T
+        vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2
+        i = i+1
+        ENDM
+    vzeroupper
+    ret
+intel_aes_gcmINIT ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Authenticate only
+; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmAAD PROC
+
+Htbl    textequ <rcx>
+inp     textequ <rdx>
+len     textequ <r8>
+Tp      textequ <r9>
+hlp0    textequ <r10>
+
+DATA    textequ <xmm0>
+T       textequ <xmm1>
+TMP0    textequ <xmm2>
+TMP1    textequ <xmm3>
+TMP2    textequ <xmm4>
+TMP3    textequ <xmm5>
+TMP4    textequ <xmm6>
+Xhi     textequ <xmm7>
+
+KARATSUBA_AAD MACRO i
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 0h
+    vpxor       TMP0, TMP0, TMP3
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + i*16], 0h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+    test  len, len
+    jnz   LbeginAAD
+    ret
+
+LbeginAAD:
+    vzeroupper
+
+    sub rsp, 2*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+
+    vpxor   Xhi, Xhi, Xhi
+
+    vmovdqu T, XMMWORD PTR[Tp]
+    ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+    mov hlp0, len
+    and hlp0, 128-1
+    jz  Lmod_loop
+
+    and len, -128
+    sub hlp0, 16
+
+    ; Prefix block
+    vmovdqu DATA, XMMWORD PTR[inp]
+    vpshufb DATA, DATA, [Lbswap_mask]
+    vpxor   DATA, DATA, T
+
+    vpclmulqdq  TMP0, DATA, [Htbl + hlp0], 0h
+    vpclmulqdq  TMP1, DATA, [Htbl + hlp0], 011h
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + hlp0], 0h
+
+    lea     inp, [inp+16]
+    test    hlp0, hlp0
+    jnz     Lpre_loop
+    jmp     Lred1
+
+    ;hash remaining prefix bocks (up to 7 total prefix blocks)
+Lpre_loop:
+
+        sub hlp0, 16
+
+        vmovdqu DATA, XMMWORD PTR[inp]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 0h
+        vpxor       TMP0, TMP0, TMP3
+        vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 011h
+        vpxor       TMP1, TMP1, TMP3
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + hlp0], 0h
+        vpxor       TMP2, TMP2, TMP3
+
+        test    hlp0, hlp0
+        lea     inp, [inp+16]
+        jnz     Lpre_loop
+
+Lred1:
+
+    vpxor       TMP2, TMP2, TMP0
+    vpxor       TMP2, TMP2, TMP1
+    vpsrldq     TMP3, TMP2, 8
+    vpslldq     TMP2, TMP2, 8
+
+    vpxor       Xhi, TMP1, TMP3
+    vpxor       T, TMP0, TMP2
+
+
+Lmod_loop:
+
+        sub len, 16*8
+        jb  Ldone
+        ; Block #0
+        vmovdqu DATA, XMMWORD PTR[inp + 16*7]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP0, DATA, [Htbl + 0*16], 0h
+        vpclmulqdq  TMP1, DATA, [Htbl + 0*16], 011h
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + 0*16], 0h
+
+        ; Block #1
+        vmovdqu DATA, XMMWORD PTR[inp + 16*6]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 1
+
+        ; Block #2
+        vmovdqu DATA, XMMWORD PTR[inp + 16*5]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h         ;reduction stage 1a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 2
+
+        vpxor       T, T, TMP4                          ;reduction stage 1b
+
+        ; Block #3
+        vmovdqu DATA, XMMWORD PTR[inp + 16*4]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 3
+        ; Block #4
+        vmovdqu DATA, XMMWORD PTR[inp + 16*3]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h        ;reduction stage 2a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 4
+
+        vpxor       T, T, TMP4                          ;reduction stage 2b
+        ; Block #5
+        vmovdqu DATA, XMMWORD PTR[inp + 16*2]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 5
+
+        vpxor   T, T, Xhi                               ;reduction finalize
+        ; Block #6
+        vmovdqu DATA, XMMWORD PTR[inp + 16*1]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 6
+        ; Block #7
+        vmovdqu DATA, XMMWORD PTR[inp + 16*0]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        vpxor   DATA, DATA, T
+        KARATSUBA_AAD 7
+        ; Aggregated 8 blocks, now karatsuba fixup
+        vpxor   TMP2, TMP2, TMP0
+        vpxor   TMP2, TMP2, TMP1
+        vpsrldq TMP3, TMP2, 8
+        vpslldq TMP2, TMP2, 8
+
+        vpxor   Xhi, TMP1, TMP3
+        vpxor   T, TMP0, TMP2
+
+        lea inp, [inp + 16*8]
+        jmp Lmod_loop
+
+Ldone:
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpxor       T, T, Xhi
+    vmovdqu     XMMWORD PTR[Tp], T
+    vzeroupper
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    add rsp, 16*2
+
+    ret
+
+intel_aes_gcmAAD ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Encrypt and Authenticate
+; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmENC PROC
+
+PT      textequ <rcx>
+CT      textequ <rdx>
+Htbl    textequ <r8>
+Gctx    textequ <r8>
+len     textequ <r9>
+KS      textequ <r10>
+NR      textequ <eax>
+
+aluCTR  textequ <r11d>
+aluKSl  textequ <r12d>
+aluTMP  textequ <r13d>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+TMP1    textequ <xmm2>
+TMP2    textequ <xmm3>
+TMP3    textequ <xmm4>
+TMP4    textequ <xmm5>
+TMP5    textequ <xmm6>
+CTR0    textequ <xmm7>
+CTR1    textequ <xmm8>
+CTR2    textequ <xmm9>
+CTR3    textequ <xmm10>
+CTR4    textequ <xmm11>
+CTR5    textequ <xmm12>
+CTR6    textequ <xmm13>
+CTR7    textequ <xmm14>
+BSWAPMASK   textequ <xmm15>
+
+ROUND MACRO i
+    vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+    vaesenc CTR0, CTR0, TMP3
+    vaesenc CTR1, CTR1, TMP3
+    vaesenc CTR2, CTR2, TMP3
+    vaesenc CTR3, CTR3, TMP3
+    vaesenc CTR4, CTR4, TMP3
+    vaesenc CTR5, CTR5, TMP3
+    vaesenc CTR6, CTR6, TMP3
+    vaesenc CTR7, CTR7, TMP3
+ENDM
+ROUNDMUL MACRO i
+    vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+
+    vaesenc CTR0, CTR0, TMP3
+    vaesenc CTR1, CTR1, TMP3
+    vaesenc CTR2, CTR2, TMP3
+    vaesenc CTR3, CTR3, TMP3
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+
+    vaesenc CTR4, CTR4, TMP3
+    vaesenc CTR5, CTR5, TMP3
+    vaesenc CTR6, CTR6, TMP3
+    vaesenc CTR7, CTR7, TMP3
+
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+KARATSUBA MACRO i
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+NEXTCTR MACRO i
+    add aluCTR, 1
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [3*4 + 8*16 + i*16 + rsp], aluTMP
+ENDM
+
+
+    test  len, len
+    jnz   LbeginENC
+    ret
+
+LbeginENC:
+
+    vzeroupper
+    push    r11
+    push    r12
+    push    r13
+    push    rbp
+    sub rsp, 10*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+    vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+    vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+    vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+    vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+    vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+    vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+    vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+    vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+
+    mov rbp, rsp
+    sub rsp, 16*16
+    and rsp, -16
+
+    vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+    mov     KS, [16*16 + 3*16 + Gctx]
+    mov     NR, [4 + KS]
+    lea     KS, [48 + KS]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+
+    mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    mov aluKSl, [3*4 + KS]
+    bswap   aluCTR
+    bswap   aluKSl
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[8*16 + 0*16 + rsp], TMP0
+
+    cmp len, 128
+    jb  LEncDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[8*16 + 1*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 2*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 3*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 4*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 5*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 6*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 7*16 + rsp], TMP0
+
+; Encrypt the initial 8 blocks
+    sub len, 128
+    vpaddd  CTR1, CTR0, XMMWORD PTR[Lone]
+    vpaddd  CTR2, CTR0, XMMWORD PTR[Ltwo]
+    vpaddd  CTR3, CTR2, XMMWORD PTR[Lone]
+    vpaddd  CTR4, CTR2, XMMWORD PTR[Ltwo]
+    vpaddd  CTR5, CTR4, XMMWORD PTR[Lone]
+    vpaddd  CTR6, CTR4, XMMWORD PTR[Ltwo]
+    vpaddd  CTR7, CTR6, XMMWORD PTR[Lone]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+    vpshufb CTR1, CTR1, BSWAPMASK
+    vpshufb CTR2, CTR2, BSWAPMASK
+    vpshufb CTR3, CTR3, BSWAPMASK
+    vpshufb CTR4, CTR4, BSWAPMASK
+    vpshufb CTR5, CTR5, BSWAPMASK
+    vpshufb CTR6, CTR6, BSWAPMASK
+    vpshufb CTR7, CTR7, BSWAPMASK
+
+    vmovdqu TMP3, XMMWORD PTR[0*16 + KS]
+    vpxor   CTR0, CTR0, TMP3
+    vpxor   CTR1, CTR1, TMP3
+    vpxor   CTR2, CTR2, TMP3
+    vpxor   CTR3, CTR3, TMP3
+    vpxor   CTR4, CTR4, TMP3
+    vpxor   CTR5, CTR5, TMP3
+    vpxor   CTR6, CTR6, TMP3
+    vpxor   CTR7, CTR7, TMP3
+
+    ROUND   1
+
+    add aluCTR, 8
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [8*16 + 0*16 + 3*4 + rsp], aluTMP
+
+    ROUND   2
+    NEXTCTR 1
+    ROUND   3
+    NEXTCTR 2
+    ROUND   4
+    NEXTCTR 3
+    ROUND   5
+    NEXTCTR 4
+    ROUND   6
+    NEXTCTR 5
+    ROUND   7
+    NEXTCTR 6
+    ROUND   8
+    NEXTCTR 7
+    ROUND   9
+    vmovdqu TMP5, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu TMP5, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+    vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+    vaesenclast CTR0, CTR0, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+    vaesenclast CTR1, CTR1, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+    vaesenclast CTR2, CTR2, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+    vaesenclast CTR3, CTR3, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+    vaesenclast CTR4, CTR4, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+    vaesenclast CTR5, CTR5, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+    vaesenclast CTR6, CTR6, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+    vaesenclast CTR7, CTR7, TMP3
+
+    vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+    vpshufb CTR0, CTR0, BSWAPMASK
+    vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+    vpshufb CTR1, CTR1, BSWAPMASK
+    vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+    vpshufb CTR2, CTR2, BSWAPMASK
+    vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+    vpshufb CTR3, CTR3, BSWAPMASK
+    vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+    vpshufb CTR4, CTR4, BSWAPMASK
+    vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+    vpshufb CTR5, CTR5, BSWAPMASK
+    vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+    vpshufb CTR6, CTR6, BSWAPMASK
+    vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+    vpshufb TMP5, CTR7, BSWAPMASK
+
+    vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+    vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+    vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+    vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+    vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+    vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+    vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+
+    lea CT, [8*16 + CT]
+    lea PT, [8*16 + PT]
+    jmp LEncDataOctets
+
+LEncDataOctets:
+        cmp len, 128
+        jb  LEndEncOctets
+        sub len, 128
+
+        vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + rsp]
+        vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + rsp]
+        vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + rsp]
+        vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + rsp]
+        vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + rsp]
+        vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + rsp]
+        vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + rsp]
+        vmovdqa CTR7, XMMWORD PTR[8*16 + 7*16 + rsp]
+
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+        ROUNDMUL 1
+        NEXTCTR 0
+        vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+        ROUNDMUL 2
+        NEXTCTR 1
+        vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+        ROUNDMUL 3
+        NEXTCTR 2
+        vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+        ROUNDMUL 4
+        NEXTCTR 3
+        vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+        ROUNDMUL 5
+        NEXTCTR 4
+        vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+        ROUNDMUL 6
+        NEXTCTR 5
+        vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+        ROUNDMUL 7
+        NEXTCTR 6
+
+        ROUND 8
+        NEXTCTR 7
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   T, TMP2, TMP3
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        ROUND 9
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+        vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+        vaesenclast CTR0, CTR0, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+        vaesenclast CTR1, CTR1, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+        vaesenclast CTR2, CTR2, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+        vaesenclast CTR3, CTR3, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+        vaesenclast CTR4, CTR4, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+        vaesenclast CTR5, CTR5, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+        vaesenclast CTR6, CTR6, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+        vaesenclast CTR7, CTR7, TMP3
+
+        vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+        vpshufb CTR0, CTR0, BSWAPMASK
+        vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+        vpshufb CTR1, CTR1, BSWAPMASK
+        vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+        vpshufb CTR2, CTR2, BSWAPMASK
+        vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+        vpshufb CTR3, CTR3, BSWAPMASK
+        vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+        vpshufb CTR4, CTR4, BSWAPMASK
+        vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+        vpshufb CTR5, CTR5, BSWAPMASK
+        vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+        vpshufb CTR6, CTR6, BSWAPMASK
+        vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+        vpshufb TMP5, CTR7, BSWAPMASK
+
+        vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+        vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+        vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+        vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+        vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+        vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+        vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+
+        vpxor   T, T, TMP4
+
+        lea CT, [8*16 + CT]
+        lea PT, [8*16 + PT]
+        jmp LEncDataOctets
+
+LEndEncOctets:
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+    KARATSUBA 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+    KARATSUBA 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+    KARATSUBA 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+    KARATSUBA 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+    KARATSUBA 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+    KARATSUBA 6
+    vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+    KARATSUBA 7
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   T, TMP2, TMP3
+
+    vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+    vpalignr    T,T,T,8
+    vpxor       T, T, TMP1
+
+    vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+    vpalignr    T,T,T,8
+    vpxor       T, T, TMP1
+
+    vpxor       T, T, TMP4
+
+    sub aluCTR, 7
+
+LEncDataSingles:
+
+        cmp len, 16
+        jb  LEncDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[PT]
+        vmovdqu XMMWORD PTR[CT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP1, TMP1, BSWAPMASK
+        vpxor   T, T, TMP1
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+        jmp LEncDataSingles
+
+LEncDataTail:
+
+    test    len, len
+    jz  LEncDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; zero a temp location
+    vpxor   TMP2, TMP2, TMP2
+    vmovdqa XMMWORD PTR[rsp], TMP2
+; copy as many bytes as needed
+    xor KS, KS
+
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [PT + KS]
+        mov [rsp + KS], al
+        inc KS
+        jmp @b
+@@:
+    vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+    vmovdqa XMMWORD PTR[rsp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [rsp + KS]
+        mov [CT + KS], al
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[rsp + KS], 0
+        inc KS
+        jmp @b
+@@:
+BAIL:
+    vmovdqa TMP1, XMMWORD PTR[rsp]
+    vpshufb TMP1, TMP1, BSWAPMASK
+    vpxor   T, T, TMP1
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+LEncDataEnd:
+
+    vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov rsp, rbp
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+    vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+    vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+    vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+    vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+    vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+    vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+    vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+
+    add rsp, 10*16
+    pop rbp
+    pop r13
+    pop r12
+    pop r11
+
+    vzeroupper
+
+    ret
+intel_aes_gcmENC ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Decrypt and Authenticate
+; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmDEC PROC
+
+NEXTCTR MACRO i
+    add aluCTR, 1
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [3*4 + i*16 + rsp], aluTMP
+ENDM
+
+PT      textequ <rdx>
+CT      textequ <rcx>
+
+    test  len, len
+    jnz   LbeginDEC
+    ret
+
+LbeginDEC:
+
+    vzeroupper
+    push    r11
+    push    r12
+    push    r13
+    push    rbp
+    sub rsp, 10*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+    vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+    vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+    vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+    vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+    vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+    vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+    vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+    vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+
+    mov rbp, rsp
+    sub rsp, 8*16
+    and rsp, -16
+
+    vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+    mov     KS, [16*16 + 3*16 + Gctx]
+    mov     NR, [4 + KS]
+    lea     KS, [48 + KS]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+
+    mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    mov aluKSl, [3*4 + KS]
+    bswap   aluCTR
+    bswap   aluKSl
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[0*16 + rsp], TMP0
+
+    cmp len, 128
+    jb  LDecDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[1*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[2*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[3*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[4*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[5*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[6*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[7*16 + rsp], TMP0
+
+    NEXTCTR 1
+    NEXTCTR 2
+    NEXTCTR 3
+    NEXTCTR 4
+    NEXTCTR 5
+    NEXTCTR 6
+    NEXTCTR 7
+
+LDecDataOctets:
+        cmp len, 128
+        jb  LEndDecOctets
+        sub len, 128
+
+        vmovdqa CTR0, XMMWORD PTR[0*16 + rsp]
+        vmovdqa CTR1, XMMWORD PTR[1*16 + rsp]
+        vmovdqa CTR2, XMMWORD PTR[2*16 + rsp]
+        vmovdqa CTR3, XMMWORD PTR[3*16 + rsp]
+        vmovdqa CTR4, XMMWORD PTR[4*16 + rsp]
+        vmovdqa CTR5, XMMWORD PTR[5*16 + rsp]
+        vmovdqa CTR6, XMMWORD PTR[6*16 + rsp]
+        vmovdqa CTR7, XMMWORD PTR[7*16 + rsp]
+
+        vmovdqu TMP5, XMMWORD PTR[7*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[6*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 1
+        NEXTCTR 0
+        vmovdqu TMP5, XMMWORD PTR[5*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 2
+        NEXTCTR 1
+        vmovdqu TMP5, XMMWORD PTR[4*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 3
+        NEXTCTR 2
+        vmovdqu TMP5, XMMWORD PTR[3*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 4
+        NEXTCTR 3
+        vmovdqu TMP5, XMMWORD PTR[2*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 5
+        NEXTCTR 4
+        vmovdqu TMP5, XMMWORD PTR[1*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 6
+        NEXTCTR 5
+        vmovdqu TMP5, XMMWORD PTR[0*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        vpxor   TMP5, TMP5, T
+        ROUNDMUL 7
+        NEXTCTR 6
+
+        ROUND 8
+        NEXTCTR 7
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   T, TMP2, TMP3
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        ROUND 9
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+        vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + CT]
+        vaesenclast CTR0, CTR0, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + CT]
+        vaesenclast CTR1, CTR1, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + CT]
+        vaesenclast CTR2, CTR2, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + CT]
+        vaesenclast CTR3, CTR3, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + CT]
+        vaesenclast CTR4, CTR4, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + CT]
+        vaesenclast CTR5, CTR5, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + CT]
+        vaesenclast CTR6, CTR6, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + CT]
+        vaesenclast CTR7, CTR7, TMP3
+
+        vmovdqu XMMWORD PTR[0*16 + PT], CTR0
+        vmovdqu XMMWORD PTR[1*16 + PT], CTR1
+        vmovdqu XMMWORD PTR[2*16 + PT], CTR2
+        vmovdqu XMMWORD PTR[3*16 + PT], CTR3
+        vmovdqu XMMWORD PTR[4*16 + PT], CTR4
+        vmovdqu XMMWORD PTR[5*16 + PT], CTR5
+        vmovdqu XMMWORD PTR[6*16 + PT], CTR6
+        vmovdqu XMMWORD PTR[7*16 + PT], CTR7
+
+        vpxor   T, T, TMP4
+
+        lea CT, [8*16 + CT]
+        lea PT, [8*16 + PT]
+        jmp LDecDataOctets
+
+LEndDecOctets:
+
+    sub aluCTR, 7
+
+LDecDataSingles:
+
+        cmp len, 16
+        jb  LDecDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+
+        vmovdqu TMP2, XMMWORD PTR[CT]
+        vpxor   TMP1, TMP1, TMP2
+        vmovdqu XMMWORD PTR[PT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP2, TMP2, BSWAPMASK
+        vpxor   T, T, TMP2
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+        jmp LDecDataSingles
+
+LDecDataTail:
+
+    test    len, len
+    jz      LDecDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+    inc aluCTR
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; copy as many bytes as needed
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [CT + KS]
+        mov [rsp + KS], al
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[rsp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    vmovdqa TMP2, XMMWORD PTR[rsp]
+    vpshufb TMP2, TMP2, BSWAPMASK
+    vpxor   T, T, TMP2
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, TMP5, TMP2, TMP3, TMP4
+
+
+    vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+    vmovdqa XMMWORD PTR[rsp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [rsp + KS]
+        mov [PT + KS], al
+        inc KS
+        jmp @b
+@@:
+
+LDecDataEnd:
+
+    vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov rsp, rbp
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+    vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+    vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+    vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+    vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+    vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+    vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+    vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+
+    add rsp, 10*16
+    pop rbp
+    pop r13
+    pop r12
+    pop r11
+
+    vzeroupper
+
+    ret
+ret
+intel_aes_gcmDEC ENDP
+
+
+END
diff --git a/security/nss/lib/freebl/intel-gcm-x86-masm.asm b/security/nss/lib/freebl/intel-gcm-x86-masm.asm
new file mode 100644
index 0000000..6362ad8
--- /dev/null
+++ b/security/nss/lib/freebl/intel-gcm-x86-masm.asm
@@ -0,0 +1,1209 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias at intel.com
+
+
+.MODEL FLAT, C
+.XMM
+
+.DATA
+ALIGN 16
+Lone            dq 1,0
+Ltwo            dq 2,0
+Lbswap_mask     db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+Lshuff_mask     dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh
+Lpoly           dq 01h, 0c200000000000000h
+
+.CODE
+
+
+GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4
+    vpclmulqdq  TMP1, SRC2, SRC1, 0h
+    vpclmulqdq  TMP4, SRC2, SRC1, 011h
+
+    vpshufd     TMP2, SRC2, 78
+    vpshufd     TMP3, SRC1, 78
+    vpxor       TMP2, TMP2, SRC2
+    vpxor       TMP3, TMP3, SRC1
+
+    vpclmulqdq  TMP2, TMP2, TMP3, 0h
+    vpxor       TMP2, TMP2, TMP1
+    vpxor       TMP2, TMP2, TMP4
+
+    vpslldq     TMP3, TMP2, 8
+    vpsrldq     TMP2, TMP2, 8
+
+    vpxor       TMP1, TMP1, TMP3
+    vpxor       TMP4, TMP4, TMP2
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpxor       DST, TMP1, TMP4
+
+    ENDM
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the final GCM tag
+; void intel_aes_gcmTAG(unsigned char Htbl[16*16],
+;                       unsigned char *Tp,
+;                       unsigned int Mlen,
+;                       unsigned int Alen,
+;                       unsigned char* X0,
+;                       unsigned char* TAG);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmTAG PROC
+
+Htbl    textequ <eax>
+Tp      textequ <ecx>
+X0      textequ <edx>
+TAG     textequ <ebx>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    push    ebx
+
+    mov     Htbl,   [esp + 2*4 + 0*4]
+    mov     Tp,     [esp + 2*4 + 1*4]
+    mov     X0,     [esp + 2*4 + 4*4]
+    mov     TAG,    [esp + 2*4 + 5*4]
+
+    vzeroupper
+    vmovdqu T, XMMWORD PTR[Tp]
+
+    vpxor   TMP0, TMP0, TMP0
+    vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 2*4], 0
+    vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 3*4], 2
+    vpsllq  TMP0, TMP0, 3
+
+    vpxor   T, T, TMP0
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+
+    vpshufb T, T, [Lbswap_mask]
+    vpxor   T, T, [X0]
+    vmovdqu XMMWORD PTR[TAG], T
+    vzeroupper
+
+    pop ebx
+
+    ret
+
+intel_aes_gcmTAG ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the H table
+; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmINIT PROC
+
+Htbl    textequ <eax>
+KS      textequ <ecx>
+NR      textequ <edx>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    mov     Htbl,   [esp + 4*1 + 0*4]
+    mov     KS,     [esp + 4*1 + 1*4]
+    mov     NR,     [esp + 4*1 + 2*4]
+
+    vzeroupper
+    ; AES-ENC(0)
+    vmovdqu T, XMMWORD PTR[KS]
+    lea KS, [16 + KS]
+    dec NR
+Lenc_loop:
+        vaesenc T, T, [KS]
+        lea KS, [16 + KS]
+        dec NR
+        jnz Lenc_loop
+
+    vaesenclast T, T, [KS]
+    vpshufb T, T, [Lbswap_mask]
+
+    ;Calculate H` = GFMUL(H, 2)
+    vpsrad  xmm3, T, 31
+    vpshufd xmm3, xmm3, 0ffh
+    vpand   xmm5, xmm3, [Lpoly]
+    vpsrld  xmm3, T, 31
+    vpslld  xmm4, T, 1
+    vpslldq xmm3, xmm3, 4
+    vpxor   T, xmm4, xmm3
+    vpxor   T, T, xmm5
+
+    vmovdqu TMP0, T
+    vmovdqu XMMWORD PTR[Htbl + 0*16], T
+
+    vpshufd xmm2, T, 78
+    vpxor   xmm2, xmm2, T
+    vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2
+
+    i = 1
+    WHILE i LT 8
+        GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+        vmovdqu XMMWORD PTR[Htbl + i*16], T
+        vpshufd xmm2, T, 78
+        vpxor   xmm2, xmm2, T
+        vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2
+        i = i+1
+        ENDM
+    vzeroupper
+    ret
+intel_aes_gcmINIT ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Authenticate only
+; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmAAD PROC
+
+Htbl    textequ <eax>
+inp     textequ <ecx>
+len     textequ <edx>
+Tp      textequ <ebx>
+hlp0    textequ <esi>
+
+DATA    textequ <xmm0>
+T       textequ <xmm1>
+TMP0    textequ <xmm2>
+TMP1    textequ <xmm3>
+TMP2    textequ <xmm4>
+TMP3    textequ <xmm5>
+TMP4    textequ <xmm6>
+Xhi     textequ <xmm7>
+
+KARATSUBA_AAD MACRO i
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 0h
+    vpxor       TMP0, TMP0, TMP3
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + i*16], 0h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+    cmp   DWORD PTR[esp + 1*3 + 2*4], 0
+    jnz   LbeginAAD
+    ret
+
+LbeginAAD:
+    push    ebx
+    push    esi
+
+    mov     Htbl,   [esp + 4*3 + 0*4]
+    mov     inp,    [esp + 4*3 + 1*4]
+    mov     len,    [esp + 4*3 + 2*4]
+    mov     Tp,     [esp + 4*3 + 3*4]
+
+    vzeroupper
+
+    vpxor   Xhi, Xhi, Xhi
+
+    vmovdqu T, XMMWORD PTR[Tp]
+    ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+    mov hlp0, len
+    and hlp0, 128-1
+    jz  Lmod_loop
+
+    and len, -128
+    sub hlp0, 16
+
+    ; Prefix block
+    vmovdqu DATA, XMMWORD PTR[inp]
+    vpshufb DATA, DATA, [Lbswap_mask]
+    vpxor   DATA, DATA, T
+
+    vpclmulqdq  TMP0, DATA, XMMWORD PTR[Htbl + hlp0], 0h
+    vpclmulqdq  TMP1, DATA, XMMWORD PTR[Htbl + hlp0], 011h
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h
+
+    lea     inp, [inp+16]
+    test    hlp0, hlp0
+    jnz     Lpre_loop
+    jmp     Lred1
+
+    ;hash remaining prefix bocks (up to 7 total prefix blocks)
+Lpre_loop:
+
+        sub hlp0, 16
+
+        vmovdqu DATA, XMMWORD PTR[inp]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 0h
+        vpxor       TMP0, TMP0, TMP3
+        vpclmulqdq  TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 011h
+        vpxor       TMP1, TMP1, TMP3
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP3, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h
+        vpxor       TMP2, TMP2, TMP3
+
+        test    hlp0, hlp0
+        lea     inp, [inp+16]
+        jnz     Lpre_loop
+
+Lred1:
+
+    vpxor       TMP2, TMP2, TMP0
+    vpxor       TMP2, TMP2, TMP1
+    vpsrldq     TMP3, TMP2, 8
+    vpslldq     TMP2, TMP2, 8
+
+    vpxor       Xhi, TMP1, TMP3
+    vpxor       T, TMP0, TMP2
+
+Lmod_loop:
+
+        sub len, 16*8
+        jb  Ldone
+        ; Block #0
+        vmovdqu DATA, XMMWORD PTR[inp + 16*7]
+        vpshufb DATA, DATA, XMMWORD PTR[Lbswap_mask]
+
+        vpclmulqdq  TMP0, DATA, XMMWORD PTR[Htbl + 0*16], 0h
+        vpclmulqdq  TMP1, DATA, XMMWORD PTR[Htbl + 0*16], 011h
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + 0*16], 0h
+
+        ; Block #1
+        vmovdqu DATA, XMMWORD PTR[inp + 16*6]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 1
+
+        ; Block #2
+        vmovdqu DATA, XMMWORD PTR[inp + 16*5]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h         ;reduction stage 1a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 2
+
+        vpxor       T, T, TMP4                          ;reduction stage 1b
+
+        ; Block #3
+        vmovdqu DATA, XMMWORD PTR[inp + 16*4]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 3
+        ; Block #4
+        vmovdqu DATA, XMMWORD PTR[inp + 16*3]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h        ;reduction stage 2a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 4
+
+        vpxor       T, T, TMP4                          ;reduction stage 2b
+        ; Block #5
+        vmovdqu DATA, XMMWORD PTR[inp + 16*2]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 5
+
+        vpxor   T, T, Xhi                               ;reduction finalize
+        ; Block #6
+        vmovdqu DATA, XMMWORD PTR[inp + 16*1]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 6
+        ; Block #7
+        vmovdqu DATA, XMMWORD PTR[inp + 16*0]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        vpxor   DATA, DATA, T
+        KARATSUBA_AAD 7
+        ; Aggregated 8 blocks, now karatsuba fixup
+        vpxor   TMP2, TMP2, TMP0
+        vpxor   TMP2, TMP2, TMP1
+        vpsrldq TMP3, TMP2, 8
+        vpslldq TMP2, TMP2, 8
+
+        vpxor   Xhi, TMP1, TMP3
+        vpxor   T, TMP0, TMP2
+
+        lea inp, [inp + 16*8]
+        jmp Lmod_loop
+
+Ldone:
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpxor       T, T, Xhi
+    vmovdqu     XMMWORD PTR[Tp], T
+    vzeroupper
+
+    pop esi
+    pop ebx
+    ret
+
+intel_aes_gcmAAD ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Encrypt and Authenticate
+; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmENC PROC
+
+PT      textequ <eax>
+CT      textequ <ecx>
+Htbl    textequ <edx>
+Gctx    textequ <edx>
+len     textequ <DWORD PTR[ebp + 5*4 + 3*4]>
+KS      textequ <esi>
+NR      textequ <DWORD PTR[-40 + KS]>
+
+aluCTR  textequ <ebx>
+aluTMP  textequ <edi>
+
+T       textequ <XMMWORD PTR[16*16 + 1*16 + Gctx]>
+TMP0    textequ <xmm1>
+TMP1    textequ <xmm2>
+TMP2    textequ <xmm3>
+TMP3    textequ <xmm4>
+TMP4    textequ <xmm5>
+TMP5    textequ <xmm6>
+
+CTR0    textequ <xmm0>
+CTR1    textequ <xmm1>
+CTR2    textequ <xmm2>
+CTR3    textequ <xmm3>
+CTR4    textequ <xmm4>
+CTR5    textequ <xmm5>
+CTR6    textequ <xmm6>
+
+ROUND MACRO i
+    vmovdqu xmm7, XMMWORD PTR[i*16 + KS]
+    vaesenc CTR0, CTR0, xmm7
+    vaesenc CTR1, CTR1, xmm7
+    vaesenc CTR2, CTR2, xmm7
+    vaesenc CTR3, CTR3, xmm7
+    vaesenc CTR4, CTR4, xmm7
+    vaesenc CTR5, CTR5, xmm7
+    vaesenc CTR6, CTR6, xmm7
+ENDM
+
+KARATSUBA MACRO i
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+NEXTCTR MACRO i
+    add     aluCTR, 1
+    mov     aluTMP, aluCTR
+    bswap   aluTMP
+    xor     aluTMP, [3*4 + KS]
+    mov     [3*4 + 8*16 + i*16 + esp], aluTMP
+ENDM
+
+    cmp DWORD PTR[1*4 + 3*4 + esp], 0
+    jne LbeginENC
+    ret
+
+LbeginENC:
+
+    vzeroupper
+    push    ebp
+    push    ebx
+    push    esi
+    push    edi
+
+    mov ebp, esp
+    sub esp, 16*16
+    and esp, -16
+
+    mov PT, [ebp + 5*4 + 0*4]
+    mov CT, [ebp + 5*4 + 1*4]
+    mov Gctx, [ebp + 5*4 + 2*4]
+
+    mov     KS, [16*16 + 3*16 + Gctx]
+    lea     KS, [44 + KS]
+
+    mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    bswap   aluCTR
+
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[8*16 + 0*16 + esp], TMP0
+
+    cmp len, 16*7
+    jb  LEncDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[8*16 + 1*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 2*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 3*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 4*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 5*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 6*16 + esp], TMP0
+
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+; Encrypt the initial 7 blocks
+    sub len, 16*7
+    vpaddd  CTR1, CTR0, XMMWORD PTR[Lone]
+    vpaddd  CTR2, CTR0, XMMWORD PTR[Ltwo]
+    vpaddd  CTR3, CTR2, XMMWORD PTR[Lone]
+    vpaddd  CTR4, CTR2, XMMWORD PTR[Ltwo]
+    vpaddd  CTR5, CTR4, XMMWORD PTR[Lone]
+    vpaddd  CTR6, CTR4, XMMWORD PTR[Ltwo]
+
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR6, CTR6, XMMWORD PTR[Lbswap_mask]
+
+    vmovdqu xmm7, XMMWORD PTR[0*16 + KS]
+    vpxor   CTR0, CTR0, xmm7
+    vpxor   CTR1, CTR1, xmm7
+    vpxor   CTR2, CTR2, xmm7
+    vpxor   CTR3, CTR3, xmm7
+    vpxor   CTR4, CTR4, xmm7
+    vpxor   CTR5, CTR5, xmm7
+    vpxor   CTR6, CTR6, xmm7
+
+    ROUND   1
+
+    add aluCTR, 7
+    mov aluTMP, aluCTR
+    bswap   aluTMP
+    xor aluTMP, [KS + 3*4]
+    mov [8*16 + 0*16 + 3*4 + esp], aluTMP
+
+    ROUND   2
+    NEXTCTR 1
+    ROUND   3
+    NEXTCTR 2
+    ROUND   4
+    NEXTCTR 3
+    ROUND   5
+    NEXTCTR 4
+    ROUND   6
+    NEXTCTR 5
+    ROUND   7
+    NEXTCTR 6
+    ROUND   8
+    ROUND   9
+    vmovdqu xmm7, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu xmm7, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast CTR0, CTR0, xmm7
+    vaesenclast CTR1, CTR1, xmm7
+    vaesenclast CTR2, CTR2, xmm7
+    vaesenclast CTR3, CTR3, xmm7
+    vaesenclast CTR4, CTR4, xmm7
+    vaesenclast CTR5, CTR5, xmm7
+    vaesenclast CTR6, CTR6, xmm7
+
+    vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + PT]
+    vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + PT]
+    vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + PT]
+    vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + PT]
+    vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + PT]
+    vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + PT]
+    vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + PT]
+
+    vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+    vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+    vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+    vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+    vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+    vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+    vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+    vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask]
+
+    vmovdqa XMMWORD PTR[1*16 + esp], CTR5
+    vmovdqa XMMWORD PTR[2*16 + esp], CTR4
+    vmovdqa XMMWORD PTR[3*16 + esp], CTR3
+    vmovdqa XMMWORD PTR[4*16 + esp], CTR2
+    vmovdqa XMMWORD PTR[5*16 + esp], CTR1
+    vmovdqa XMMWORD PTR[6*16 + esp], CTR0
+
+    lea CT, [7*16 + CT]
+    lea PT, [7*16 + PT]
+    jmp LEncData7
+
+LEncData7:
+        cmp len, 16*7
+        jb  LEndEnc7
+        sub len, 16*7
+
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[1*16 + esp]
+        KARATSUBA 1
+        vmovdqu TMP5, XMMWORD PTR[2*16 + esp]
+        KARATSUBA 2
+        vmovdqu TMP5, XMMWORD PTR[3*16 + esp]
+        KARATSUBA 3
+        vmovdqu TMP5, XMMWORD PTR[4*16 + esp]
+        KARATSUBA 4
+        vmovdqu TMP5, XMMWORD PTR[5*16 + esp]
+        KARATSUBA 5
+        vmovdqu TMP5, XMMWORD PTR[6*16 + esp]
+        vpxor   TMP5, TMP5, T
+        KARATSUBA 6
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   TMP5, TMP2, TMP3
+
+        vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+        vpalignr    TMP5,TMP5,TMP5,8
+        vpxor       TMP5, TMP5, TMP1
+
+        vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+        vpalignr    TMP5,TMP5,TMP5,8
+        vpxor       TMP5, TMP5, TMP1
+
+        vpxor       TMP5, TMP5, TMP4
+        vmovdqu     T, TMP5
+
+        vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + esp]
+        vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + esp]
+        vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + esp]
+        vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + esp]
+        vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + esp]
+        vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + esp]
+        vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + esp]
+
+        ROUND 1
+        NEXTCTR 0
+        ROUND 2
+        NEXTCTR 1
+        ROUND 3
+        NEXTCTR 2
+        ROUND 4
+        NEXTCTR 3
+        ROUND 5
+        NEXTCTR 4
+        ROUND 6
+        NEXTCTR 5
+        ROUND 7
+        NEXTCTR 6
+
+        ROUND 8
+        ROUND 9
+
+        vmovdqu     xmm7, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     xmm7, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast CTR0, CTR0, xmm7
+        vaesenclast CTR1, CTR1, xmm7
+        vaesenclast CTR2, CTR2, xmm7
+        vaesenclast CTR3, CTR3, xmm7
+        vaesenclast CTR4, CTR4, xmm7
+        vaesenclast CTR5, CTR5, xmm7
+        vaesenclast CTR6, CTR6, xmm7
+
+        vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + PT]
+        vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + PT]
+        vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + PT]
+        vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + PT]
+        vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + PT]
+        vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + PT]
+        vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + PT]
+
+        vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+        vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+        vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+        vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+        vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+        vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+        vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+
+        vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+        vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask]
+
+        vmovdqa XMMWORD PTR[1*16 + esp], CTR5
+        vmovdqa XMMWORD PTR[2*16 + esp], CTR4
+        vmovdqa XMMWORD PTR[3*16 + esp], CTR3
+        vmovdqa XMMWORD PTR[4*16 + esp], CTR2
+        vmovdqa XMMWORD PTR[5*16 + esp], CTR1
+        vmovdqa XMMWORD PTR[6*16 + esp], CTR0
+
+        lea CT, [7*16 + CT]
+        lea PT, [7*16 + PT]
+        jmp LEncData7
+
+LEndEnc7:
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    vmovdqu TMP5, XMMWORD PTR[1*16 + esp]
+    KARATSUBA 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + esp]
+    KARATSUBA 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + esp]
+    KARATSUBA 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + esp]
+    KARATSUBA 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + esp]
+    KARATSUBA 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + esp]
+    vpxor   TMP5, TMP5, T
+    KARATSUBA 6
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   TMP5, TMP2, TMP3
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpxor       TMP5, TMP5, TMP4
+    vmovdqu     T, TMP5
+
+    sub aluCTR, 6
+
+LEncDataSingles:
+
+        cmp len, 16
+        jb  LEncDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[PT]
+        vmovdqu XMMWORD PTR[CT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+        vpxor   TMP1, TMP1, T
+
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+        vmovdqu T, TMP1
+
+        jmp LEncDataSingles
+
+LEncDataTail:
+
+    cmp len, 0
+    je  LEncDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp]
+
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; zero a temp location
+    vpxor   TMP2, TMP2, TMP2
+    vmovdqa XMMWORD PTR[esp], TMP2
+; copy as many bytes as needed
+    xor KS, KS
+    mov aluTMP, edx
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[PT + KS]
+        mov BYTE PTR[esp + KS], dl
+        inc KS
+        jmp @b
+@@:
+    vpxor   TMP1, TMP1, XMMWORD PTR[esp]
+    vmovdqa XMMWORD PTR[esp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[esp + KS]
+        mov BYTE PTR[CT + KS], dl
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[esp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    mov edx, aluTMP
+    vmovdqa TMP1, XMMWORD PTR[esp]
+    vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP1, TMP1, T
+
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+    vmovdqu T, TMP1
+
+LEncDataEnd:
+    inc     aluCTR
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov esp, ebp
+    pop edi
+    pop esi
+    pop ebx
+    pop ebp
+
+
+    vzeroupper
+
+    ret
+intel_aes_gcmENC ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Decrypt and Authenticate
+; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+
+NEXTCTR MACRO i
+    add     aluCTR, 1
+    mov     aluTMP, aluCTR
+    bswap   aluTMP
+    xor     aluTMP, [3*4 + KS]
+    mov     [3*4 + i*16 + esp], aluTMP
+ENDM
+
+intel_aes_gcmDEC PROC
+
+    cmp DWORD PTR[1*4 + 3*4 + esp], 0
+    jne LbeginDEC
+    ret
+
+LbeginDEC:
+
+    vzeroupper
+    push    ebp
+    push    ebx
+    push    esi
+    push    edi
+
+    mov ebp, esp
+    sub esp, 8*16
+    and esp, -16
+
+    mov CT, [ebp + 5*4 + 0*4]
+    mov PT, [ebp + 5*4 + 1*4]
+    mov Gctx, [ebp + 5*4 + 2*4]
+
+    mov     KS, [16*16 + 3*16 + Gctx]
+    lea     KS, [44 + KS]
+
+    mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    bswap   aluCTR
+
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[0*16 + esp], TMP0
+
+    cmp len, 16*7
+    jb  LDecDataSingles
+    vmovdqu XMMWORD PTR[1*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[2*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[3*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[4*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[5*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[6*16 + esp], TMP0
+    dec aluCTR
+
+LDecData7:
+    cmp len, 16*7
+    jb  LDecData7End
+    sub len, 16*7
+
+    vmovdqu TMP5, XMMWORD PTR[0*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP5, TMP5, T
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[6*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[6*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    NEXTCTR 0
+    vmovdqu TMP5, XMMWORD PTR[1*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 5
+    NEXTCTR 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 4
+    NEXTCTR 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 3
+    NEXTCTR 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 2
+    NEXTCTR 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 1
+    NEXTCTR 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 0
+    NEXTCTR 6
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   TMP5, TMP2, TMP3
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpxor       TMP5, TMP5, TMP4
+    vmovdqu     T, TMP5
+
+    vmovdqa CTR0, XMMWORD PTR[0*16 + esp]
+    vmovdqa CTR1, XMMWORD PTR[1*16 + esp]
+    vmovdqa CTR2, XMMWORD PTR[2*16 + esp]
+    vmovdqa CTR3, XMMWORD PTR[3*16 + esp]
+    vmovdqa CTR4, XMMWORD PTR[4*16 + esp]
+    vmovdqa CTR5, XMMWORD PTR[5*16 + esp]
+    vmovdqa CTR6, XMMWORD PTR[6*16 + esp]
+
+    ROUND   1
+    ROUND   2
+    ROUND   3
+    ROUND   4
+    ROUND   5
+    ROUND   6
+    ROUND   7
+    ROUND   8
+    ROUND   9
+    vmovdqu xmm7, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu xmm7, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast CTR0, CTR0, xmm7
+    vaesenclast CTR1, CTR1, xmm7
+    vaesenclast CTR2, CTR2, xmm7
+    vaesenclast CTR3, CTR3, xmm7
+    vaesenclast CTR4, CTR4, xmm7
+    vaesenclast CTR5, CTR5, xmm7
+    vaesenclast CTR6, CTR6, xmm7
+
+    vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + CT]
+    vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + CT]
+    vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + CT]
+    vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + CT]
+    vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + CT]
+    vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + CT]
+    vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + CT]
+
+    vmovdqu XMMWORD PTR[0*16 + PT], CTR0
+    vmovdqu XMMWORD PTR[1*16 + PT], CTR1
+    vmovdqu XMMWORD PTR[2*16 + PT], CTR2
+    vmovdqu XMMWORD PTR[3*16 + PT], CTR3
+    vmovdqu XMMWORD PTR[4*16 + PT], CTR4
+    vmovdqu XMMWORD PTR[5*16 + PT], CTR5
+    vmovdqu XMMWORD PTR[6*16 + PT], CTR6
+
+    lea CT, [7*16 + CT]
+    lea PT, [7*16 + PT]
+    jmp LDecData7
+
+LDecData7End:
+
+    NEXTCTR 0
+
+LDecDataSingles:
+
+        cmp len, 16
+        jb  LDecDataTail
+        sub len, 16
+
+        vmovdqu TMP1, XMMWORD PTR[CT]
+        vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+        vpxor   TMP1, TMP1, T
+
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+        vmovdqu T, TMP1
+
+        vmovdqa TMP1, XMMWORD PTR[0*16 + esp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[CT]
+        vmovdqu XMMWORD PTR[PT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+        jmp LDecDataSingles
+
+LDecDataTail:
+
+    cmp len, 0
+    je  LDecDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[0*16 + esp]
+    inc aluCTR
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast xmm7, TMP1, TMP2
+
+; copy as many bytes as needed
+    xor KS, KS
+    mov aluTMP, edx
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[CT + KS]
+        mov BYTE PTR[esp + KS], dl
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[esp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    mov edx, aluTMP
+    vmovdqa TMP1, XMMWORD PTR[esp]
+    vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP1, TMP1, T
+
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+    vmovdqu T, TMP1
+
+    vpxor   xmm7, xmm7, XMMWORD PTR[esp]
+    vmovdqa XMMWORD PTR[esp], xmm7
+    xor     KS, KS
+    mov aluTMP, edx
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[esp + KS]
+        mov BYTE PTR[PT + KS], dl
+        inc KS
+        jmp @b
+@@:
+    mov edx, aluTMP
+
+LDecDataEnd:
+
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov esp, ebp
+    pop edi
+    pop esi
+    pop ebx
+    pop ebp
+
+    vzeroupper
+
+    ret
+intel_aes_gcmDEC ENDP
+
+
+END
diff --git a/security/nss/lib/freebl/intel-gcm.h b/security/nss/lib/freebl/intel-gcm.h
index 9360ff1..22f364d 100644
--- a/security/nss/lib/freebl/intel-gcm.h
+++ b/security/nss/lib/freebl/intel-gcm.h
@@ -31,7 +31,7 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFun
 
 void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit);
 
-SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext  *gcm, unsigned char *outbuf,
+SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
 			unsigned int *outlen, unsigned int maxout,
 			const unsigned char *inbuf, unsigned int inlen,
 			unsigned int blocksize);
diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c
index 36239e3..deb6770 100644
--- a/security/nss/lib/freebl/ldvector.c
+++ b/security/nss/lib/freebl/ldvector.c
@@ -280,12 +280,18 @@ static const struct FREEBLVectorStr vector =
     RSA_CheckSignPSS,
     RSA_Sign,
     RSA_CheckSign,
-    RSA_CheckSignRecover
+    RSA_CheckSignRecover,
 
     /* End of Version 3.016 */
+
+    EC_FillParams,
+    EC_DecodeParams,
+    EC_CopyParams
+
+    /* End of Version 3.017 */
 };
 
-const FREEBLVector * 
+const FREEBLVector *
 FREEBL_GetVector(void)
 {
     extern const char __nss_freebl_rcsid[];
@@ -294,7 +300,7 @@ FREEBL_GetVector(void)
     /* force a reference that won't get optimized away */
     volatile char c;
 
-    c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; 
+    c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0];
 #ifdef FREEBL_NO_DEPEND
     FREEBL_InitStubs();
 #endif
diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c
index 374c472..5eb50de 100644
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -80,6 +80,8 @@ getLibName(void)
 }
 
 #elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64)
+#include <unistd.h>
+
 /* This code tests to see if we're running on a PA2.x CPU.
 ** It returns true (1) if so, and false (0) otherwise.
 */
@@ -212,7 +214,7 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
 }
 
 SECStatus
-RSA_PrivateKeyCheck(RSAPrivateKey *key)
+RSA_PrivateKeyCheck(const RSAPrivateKey *key)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
@@ -2091,3 +2093,29 @@ SECStatus RSA_CheckSignRecover(RSAPublicKey *key,
   return (vector->p_RSA_CheckSignRecover)(key, output, outputLen, maxOutputLen,
                                           sig, sigLen);
 }
+
+SECStatus EC_FillParams(PLArenaPool *arena,
+                        const SECItem *encodedParams,
+                        ECParams *params)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_FillParams)(arena, encodedParams, params);
+}
+
+SECStatus EC_DecodeParams(const SECItem *encodedParams,
+                          ECParams **ecparams)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_DecodeParams)(encodedParams, ecparams);
+}
+
+SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                        const ECParams *srcParams)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_CopyParams)(arena, dstParams,  srcParams);
+}
+
diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h
index c51669f..65cfd76 100644
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -10,7 +10,7 @@
 
 #include "blapi.h"
 
-#define FREEBL_VERSION 0x0310
+#define FREEBL_VERSION 0x0311
 
 struct FREEBLVectorStr {
 
@@ -229,7 +229,7 @@ struct FREEBLVectorStr {
                               unsigned char *output,
                               const unsigned char *input);
 
-  SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key);
+  SECStatus (* p_RSA_PrivateKeyCheck)(const RSAPrivateKey *key);
 
   void (* p_BL_Cleanup)(void);
 
@@ -698,6 +698,15 @@ struct FREEBLVectorStr {
 
   /* Version 3.016 came to here */
 
+ SECStatus (* p_EC_FillParams)(PLArenaPool *arena,
+                               const SECItem *encodedParams, ECParams *params);
+ SECStatus (* p_EC_DecodeParams)(const SECItem *encodedParams,
+                               ECParams **ecparams);
+ SECStatus (* p_EC_CopyParams)(PLArenaPool *arena, ECParams *dstParams,
+                               const ECParams *srcParams);
+
+  /* Version 3.017 came to here */
+
   /* Add new function pointers at the end of this struct and bump
    * FREEBL_VERSION at the beginning of this file. */
  };
diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn
index eb4f8b1..1137e85 100644
--- a/security/nss/lib/freebl/manifest.mn
+++ b/security/nss/lib/freebl/manifest.mn
@@ -69,7 +69,7 @@ MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
 
 
 ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h
-ifdef NSS_ENABLE_ECC
+ifndef NSS_DISABLE_ECC
 ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \
 	ecp_aff.c ecp_jac.c ecp_mont.c \
 	ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \
@@ -110,6 +110,7 @@ CSRCS = \
 	camellia.c \
 	dh.c \
 	ec.c \
+	ecdecode.c \
 	pqg.c \
 	dsa.c \
 	rsa.c \
diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h
index ba215ba..a556c17 100644
--- a/security/nss/lib/freebl/mpi/mpi.h
+++ b/security/nss/lib/freebl/mpi/mpi.h
@@ -56,11 +56,11 @@ typedef int               mp_err;
 #error "USHRT_MAX not defined"
 #endif
 
-#if defined(ULONG_LONG_MAX)			/* GCC, HPUX */
-#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
-#elif defined(ULLONG_MAX)			/* Solaris */
+#if defined(ULLONG_MAX)				/* C99, Solaris */
 #define MP_ULONG_LONG_MAX ULLONG_MAX
 /* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */
+#elif defined(ULONG_LONG_MAX)			/* HPUX */
+#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
 #elif defined(ULONGLONG_MAX)			/* IRIX, AIX */
 #define MP_ULONG_LONG_MAX ULONGLONG_MAX
 #endif
diff --git a/security/nss/lib/freebl/mpi/target.mk b/security/nss/lib/freebl/mpi/target.mk
index 2392faf..dbd2fb9 100644
--- a/security/nss/lib/freebl/mpi/target.mk
+++ b/security/nss/lib/freebl/mpi/target.mk
@@ -205,7 +205,7 @@ ifeq ($(TARGET),WIN32)
 ifeq ($(CPU_ARCH),x86_64)
 AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm
 CFLAGS  = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
-CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC -DNSS_ENABLE_ECC 
+CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC
 CFLAGS += $(MPICMN)
 
 $(AS_OBJS): %.obj : %.asm
@@ -220,7 +220,7 @@ MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE
 MPICMN += -DMP_MONT_USE_MP_MUL 
 MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
 CFLAGS  = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
-CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC -DNSS_ENABLE_ECC 
+CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC
 CFLAGS += $(MPICMN)
 
 $(AS_OBJS): %.obj : %.asm
diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c
index 8bb8905..4e4be79 100644
--- a/security/nss/lib/freebl/rijndael.c
+++ b/security/nss/lib/freebl/rijndael.c
@@ -18,17 +18,20 @@
 #include "ctr.h"
 #include "gcm.h"
 
-#if USE_HW_AES
-#include "intel-gcm.h"
+#ifdef USE_HW_AES
 #include "intel-aes.h"
 #include "mpi.h"
 
 static int has_intel_aes = 0;
+static PRBool use_hw_aes = PR_FALSE;
+
+#ifdef INTEL_GCM
+#include "intel-gcm.h"
 static int has_intel_avx = 0;
 static int has_intel_clmul = 0;
-static PRBool use_hw_aes = PR_FALSE;
 static PRBool use_hw_gcm = PR_FALSE;
 #endif
+#endif  /* USE_HW_AES */
 
 /*
  * There are currently five ways to build this code, varying in performance
@@ -833,7 +836,6 @@ rijndael_encryptECB(AESContext *cx, unsigned char *output,
     SECStatus rv;
     AESBlockFunc *encryptor;
 
-
     encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) 
 				  ? &rijndael_encryptBlock128 
 				  : &rijndael_encryptBlock;
@@ -966,17 +968,28 @@ AESContext * AES_AllocateContext(void)
 }
 
 
-#if USE_HW_AES
+#ifdef INTEL_GCM
 /*
  * Adapted from the example code in "How to detect New Instruction support in
  * the 4th generation Intel Core processor family" by Max Locktyukhin.
+ *
+ * XGETBV:
+ *   Reads an extended control register (XCR) specified by ECX into EDX:EAX.
  */
 static PRBool
 check_xcr0_ymm()
 {
     PRUint32 xcr0;
 #if defined(_MSC_VER)
+#if defined(_M_IX86)
+    __asm {
+        mov ecx, 0
+        xgetbv
+        mov xcr0, eax
+    }
+#else
     xcr0 = (PRUint32)_xgetbv(0);  /* Requires VS2010 SP1 or later. */
+#endif
 #else
     __asm__ ("xgetbv" : "=a" (xcr0) : "c" (0) : "%edx");
 #endif
@@ -1022,7 +1035,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
     	return SECFailure;
     }
-#if USE_HW_AES
+#ifdef USE_HW_AES
     if (has_intel_aes == 0) {
 	unsigned long eax, ebx, ecx, edx;
 	char *disable_hw_aes = getenv("NSS_DISABLE_HW_AES");
@@ -1030,6 +1043,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
 	if (disable_hw_aes == NULL) {
 	    freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
 	    has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
+#ifdef INTEL_GCM
 	    has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1;
 	    if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 &&
 		check_xcr0_ymm()) {
@@ -1037,17 +1051,22 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
 	    } else {
 		has_intel_avx = -1;
 	    }
+#endif
 	} else {
 	    has_intel_aes = -1;
+#ifdef INTEL_GCM
 	    has_intel_avx = -1;
 	    has_intel_clmul = -1;
+#endif
 	}
     }
     use_hw_aes = (PRBool)
 		(has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
+#ifdef INTEL_GCM
     use_hw_gcm = (PRBool)
 		(use_hw_aes && has_intel_avx>0 && has_intel_clmul>0);
 #endif
+#endif  /* USE_HW_AES */
     /* Nb = (block size in bits) / 32 */
     cx->Nb = blocksize / 4;
     /* Nk = (key size in bits) / 32 */
@@ -1057,23 +1076,27 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
     /* copy in the iv, if neccessary */
     if (mode == NSS_AES_CBC) {
 	memcpy(cx->iv, iv, blocksize);
-#if USE_HW_AES
+#ifdef USE_HW_AES
 	if (use_hw_aes) {
 	    cx->worker = (freeblCipherFunc)
 				intel_aes_cbc_worker(encrypt, keysize);
 	} else
 #endif
+	{
 	    cx->worker = (freeblCipherFunc) (encrypt
 			  ? &rijndael_encryptCBC : &rijndael_decryptCBC);
+	}
     } else {
-#if  USE_HW_AES
+#ifdef  USE_HW_AES
 	if (use_hw_aes) {
 	    cx->worker = (freeblCipherFunc) 
 				intel_aes_ecb_worker(encrypt, keysize);
 	} else
 #endif
+	{
 	    cx->worker = (freeblCipherFunc) (encrypt
 			  ? &rijndael_encryptECB : &rijndael_decryptECB);
+	}
     }
     PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
     if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
@@ -1152,7 +1175,7 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
 	cx->isBlock = PR_FALSE;
 	break;
     case NSS_AES_GCM:
-#if USE_HW_AES
+#ifdef INTEL_GCM
 	if(use_hw_gcm) {
         	cx->worker_cx = intel_AES_GCM_CreateContext(cx, cx->worker, iv, blocksize);
 		cx->worker = (freeblCipherFunc)
@@ -1171,7 +1194,14 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
 	break;
     case NSS_AES_CTR:
 	cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize);
-	cx->worker = (freeblCipherFunc) CTR_Update ;
+#if defined(USE_HW_AES) && defined(_MSC_VER)
+	if (use_hw_aes) {
+	    cx->worker = (freeblCipherFunc) CTR_Update_HW_AES;
+	} else
+#endif
+	{
+	    cx->worker = (freeblCipherFunc) CTR_Update;
+	}
 	cx->destroy = (freeblDestroyFunc) CTR_DestroyContext;
 	cx->isBlock = PR_FALSE;
 	break;
diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c
index 8a9a112..cc7d4fe 100644
--- a/security/nss/lib/freebl/rsa.c
+++ b/security/nss/lib/freebl/rsa.c
@@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
     return rsa_PrivateKeyOp(key, output, input, PR_TRUE);
 }
 
-static SECStatus
-swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer)
-{
-    int len;
-    mp_err err = MP_OKAY;
-    memset(buffer->data, 0, buffer->len);
-    len = mp_unsigned_octet_size(mpval);
-    if (len <= 0) return SECFailure;
-    if ((unsigned int)len <= buffer->len) {
-	/* The new value is no longer than the old buffer, so use it */
-	err = mp_to_unsigned_octets(mpval, buffer->data, len);
-	if (err >= 0) err = MP_OKAY;
-	buffer->len = len;
-    } else if (arena) {
-	/* The new value is longer, but working within an arena */
-	(void)SECITEM_AllocItem(arena, buffer, len);
-	err = mp_to_unsigned_octets(mpval, buffer->data, len);
-	if (err >= 0) err = MP_OKAY;
-    } else {
-	/* The new value is longer, no arena, can't handle this key */
-	return SECFailure;
-    }
-    return (err == MP_OKAY) ? SECSuccess : SECFailure;
-}
-
 SECStatus
-RSA_PrivateKeyCheck(RSAPrivateKey *key)
+RSA_PrivateKeyCheck(const RSAPrivateKey *key)
 {
     mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res;
     mp_err   err = MP_OKAY;
@@ -1406,6 +1381,17 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
     CHECK_MPI_OK( mp_init(&d_q)  );
     CHECK_MPI_OK( mp_init(&qInv) );
     CHECK_MPI_OK( mp_init(&res)  );
+
+    if (!key->modulus.data || !key->prime1.data || !key->prime2.data ||
+        !key->publicExponent.data || !key->privateExponent.data ||
+        !key->exponent1.data || !key->exponent2.data ||
+        !key->coefficient.data) {
+        /* call RSA_PopulatePrivateKey first, if the application wishes to
+         * recover these parameters */
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
     SECITEM_TO_MPINT(key->modulus,         &n);
     SECITEM_TO_MPINT(key->prime1,          &p);
     SECITEM_TO_MPINT(key->prime2,          &q);
@@ -1414,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
     SECITEM_TO_MPINT(key->exponent1,       &d_p);
     SECITEM_TO_MPINT(key->exponent2,       &d_q);
     SECITEM_TO_MPINT(key->coefficient,     &qInv);
-    /* p > q  */
+    /* p > q */
     if (mp_cmp(&p, &q) <= 0) {
-	/* mind the p's and q's (and d_p's and d_q's) */
-	SECItem tmp;
-	mp_exch(&p, &q);
-	mp_exch(&d_p,&d_q);
-	tmp = key->prime1;
-	key->prime1 = key->prime2;
-	key->prime2 = tmp;
-	tmp = key->exponent1;
-	key->exponent1 = key->exponent2;
-	key->exponent2 = tmp;
+	rv = SECFailure;
+	goto cleanup;
     }
 #define VERIFY_MPI_EQUAL(m1, m2) \
     if (mp_cmp(m1, m2) != 0) {   \
@@ -1437,9 +1415,6 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
 	rv = SECFailure;         \
 	goto cleanup;            \
     }
-    /*
-     * The following errors cannot be recovered from.
-     */
     /* n == p * q */
     CHECK_MPI_OK( mp_mul(&p, &q, &res) );
     VERIFY_MPI_EQUAL(&res, &n);
@@ -1457,28 +1432,16 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
     /* d*e == 1 mod q-1 */
     CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) );
     VERIFY_MPI_EQUAL_1(&res);
-    /*
-     * The following errors can be recovered from.
-     */
     /* d_p == d mod p-1 */
     CHECK_MPI_OK( mp_mod(&d, &psub1, &res) );
-    if (mp_cmp(&d_p, &res) != 0) {
-	/* swap in the correct value */
-	CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) );
-    }
+    VERIFY_MPI_EQUAL(&res, &d_p);
     /* d_q == d mod q-1 */
     CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) );
-    if (mp_cmp(&d_q, &res) != 0) {
-	/* swap in the correct value */
-	CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) );
-    }
+    VERIFY_MPI_EQUAL(&res, &d_q);
     /* q * q**-1 == 1 mod p */
     CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) );
-    if (mp_cmp_d(&res, 1) != 0) {
-	/* compute the correct value */
-	CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) );
-	CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) );
-    }
+    VERIFY_MPI_EQUAL_1(&res);
+
 cleanup:
     mp_clear(&n);
     mp_clear(&p);
diff --git a/security/nss/lib/freebl/rsapkcs.c b/security/nss/lib/freebl/rsapkcs.c
index a28e6c6..c1e3d54 100644
--- a/security/nss/lib/freebl/rsapkcs.c
+++ b/security/nss/lib/freebl/rsapkcs.c
@@ -24,16 +24,14 @@
 /*
  * RSA block types
  *
- * The actual values are important -- they are fixed, *not* arbitrary.
- * The explicit value assignments are not needed (because C would give
- * us those same values anyway) but are included as a reminder...
+ * The values of RSA_BlockPrivate and RSA_BlockPublic are fixed.
+ * The value of RSA_BlockRaw isn't fixed by definition, but we are keeping
+ * the value that NSS has been using in the past.
  */
 typedef enum {
-    RSA_BlockUnused = 0,    /* unused */
     RSA_BlockPrivate = 1,   /* pad for a private-key operation */
     RSA_BlockPublic = 2,    /* pad for a public-key operation */
-    RSA_BlockRaw = 4,       /* simply justify the block appropriately */
-    RSA_BlockTotal
+    RSA_BlockRaw = 4        /* simply justify the block appropriately */
 } RSA_BlockType;
 
 /* Needed for RSA-PSS functions */
diff --git a/security/nss/lib/freebl/sha-fast-amd64-sun.s b/security/nss/lib/freebl/sha-fast-amd64-sun.s
index 71996f0..6430469 100644
--- a/security/nss/lib/freebl/sha-fast-amd64-sun.s
+++ b/security/nss/lib/freebl/sha-fast-amd64-sun.s
@@ -1907,7 +1907,10 @@ SHA1_End:
 /NO_APP
 	movq	(%rsp), %rbx
 	movl	%eax, 16(%r13)
+        cmpq    $0, %r14
+        je      .L133
 	movl	$20, (%r14)
+.L133:
 	movq	16(%rsp), %r13
 	movq	24(%rsp), %r14
 	leave
@@ -2108,3 +2111,41 @@ SHA1_TraceState:
 	jmp	PORT_SetError_Util at PLT
 .LFE16:
 	.size	SHA1_TraceState, .-SHA1_TraceState
+	.align 16
+.globl SHA1_EndRaw
+        .type   SHA1_EndRaw, @function
+SHA1_EndRaw:
+.LFB50:
+        movq    72(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, (%rsi)
+        movq    80(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, 4(%rsi)
+        movq    88(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, 8(%rsi)
+        movq    96(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, 12(%rsi)
+        movq    104(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        testq   %rdx, %rdx
+        movl    %eax, 16(%rsi)
+        je      .L14
+        movl    $20, (%rdx)
+.L14:
+        rep
+        ret
+.LFE50:
+        .size   SHA1_EndRaw, .-SHA1_EndRaw
diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c
index 163f07f..1de9b49 100644
--- a/security/nss/lib/freebl/stubs.c
+++ b/security/nss/lib/freebl/stubs.c
@@ -105,6 +105,7 @@
 
 
 STUB_DECLARE(void *,PORT_Alloc_Util,(size_t len));
+STUB_DECLARE(void *,PORT_ArenaAlloc_Util,(PLArenaPool *arena, size_t size));
 STUB_DECLARE(void *,PORT_ArenaZAlloc_Util,(PLArenaPool *arena, size_t size));
 STUB_DECLARE(void ,PORT_Free_Util,(void *ptr));
 STUB_DECLARE(void ,PORT_FreeArena_Util,(PLArenaPool *arena, PRBool zero));
@@ -141,12 +142,13 @@ STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar,
 
 STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena,
 			SECItem *item,unsigned int len));
-STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a, 
+STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a,
 			const SECItem *b));
 STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PLArenaPool *arena,
 			SECItem *to,const SECItem *from));
 STUB_DECLARE(void,SECITEM_FreeItem_Util,(SECItem *zap, PRBool freeit));
 STUB_DECLARE(void,SECITEM_ZfreeItem_Util,(SECItem *zap, PRBool freeit));
+STUB_DECLARE(SECOidTag,SECOID_FindOIDTag_Util,(const SECItem *oid));
 STUB_DECLARE(int, NSS_SecureMemcmp,(const void *a, const void *b, size_t n));
 
 
@@ -212,7 +214,7 @@ PR_Free_stub(void *ptr)
  *
  */
 extern PLArenaPool *
-PORT_NewArena_stub(unsigned long chunksize) 
+PORT_NewArena_stub(unsigned long chunksize)
 {
     STUB_SAFE_CALL1(PORT_NewArena_Util, chunksize);
     abort();
@@ -220,6 +222,15 @@ PORT_NewArena_stub(unsigned long chunksize)
 }
 
 extern void *
+PORT_ArenaAlloc_stub(PLArenaPool *arena, size_t size)
+{
+
+    STUB_SAFE_CALL2(PORT_ArenaZAlloc_Util, arena, size);
+    abort();
+    return NULL;
+}
+
+extern void *
 PORT_ArenaZAlloc_stub(PLArenaPool *arena, size_t size)
 {
 
@@ -500,7 +511,7 @@ SECITEM_CompareItem_stub(const SECItem *a, const SECItem *b)
     return SECEqual;
 }
 
-extern SECStatus 
+extern SECStatus
 SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from)
 {
     STUB_SAFE_CALL3(SECITEM_CopyItem_Util, arena, to, from);
@@ -508,6 +519,14 @@ SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from)
     return SECFailure;
 }
 
+extern SECOidTag
+SECOID_FindOIDTag_stub(const SECItem *oid)
+{
+    STUB_SAFE_CALL1(SECOID_FindOIDTag_Util, oid);
+    abort();
+    return SEC_OID_UNKNOWN;
+}
+
 extern void
 SECITEM_ZfreeItem_stub(SECItem *zap, PRBool freeit)
 {
@@ -560,6 +579,7 @@ freebl_InitNSSUtil(void *lib)
     STUB_FETCH_FUNCTION(PORT_ZAlloc_Util);
     STUB_FETCH_FUNCTION(PORT_ZFree_Util);
     STUB_FETCH_FUNCTION(PORT_NewArena_Util);
+    STUB_FETCH_FUNCTION(PORT_ArenaAlloc_Util);
     STUB_FETCH_FUNCTION(PORT_ArenaZAlloc_Util);
     STUB_FETCH_FUNCTION(PORT_FreeArena_Util);
     STUB_FETCH_FUNCTION(PORT_GetError_Util);
@@ -569,6 +589,7 @@ freebl_InitNSSUtil(void *lib)
     STUB_FETCH_FUNCTION(SECITEM_CompareItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_CopyItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util);
+    STUB_FETCH_FUNCTION(SECOID_FindOIDTag_Util);
     STUB_FETCH_FUNCTION(NSS_SecureMemcmp);
     return SECSuccess;
 }
diff --git a/security/nss/lib/freebl/stubs.h b/security/nss/lib/freebl/stubs.h
index 8f77e01..72f3000 100644
--- a/security/nss/lib/freebl/stubs.h
+++ b/security/nss/lib/freebl/stubs.h
@@ -14,13 +14,14 @@
 #ifdef _LIBUTIL_H_
 /* must be included before util */
 /*#error stubs.h included too late */
-#define MP_DIGITES(x) "stubs included too late" 
+#define MP_DIGITES(x) "stubs included too late"
 #endif
 
 /* hide libutil rename */
 #define _LIBUTIL_H_ 1
 
 #define PORT_Alloc PORT_Alloc_stub
+#define PORT_ArenaAlloc  PORT_ArenaAlloc_stub
 #define PORT_ArenaZAlloc  PORT_ArenaZAlloc_stub
 #define PORT_Free PORT_Free_stub
 #define PORT_FreeArena  PORT_FreeArena_stub
@@ -35,6 +36,7 @@
 #define SECITEM_CopyItem  SECITEM_CopyItem_stub
 #define SECITEM_FreeItem  SECITEM_FreeItem_stub
 #define SECITEM_ZfreeItem  SECITEM_ZfreeItem_stub
+#define SECOID_FindOIDTag  SECOID_FindOIDTag_stub
 #define NSS_SecureMemcmp NSS_SecureMemcmp_stub
 
 #define PR_Assert  PR_Assert_stub
diff --git a/security/nss/lib/freebl/sysrand.c b/security/nss/lib/freebl/sysrand.c
index 0dfb081..e6dd56a 100644
--- a/security/nss/lib/freebl/sysrand.c
+++ b/security/nss/lib/freebl/sysrand.c
@@ -8,7 +8,9 @@
 
 #include "seccomon.h"
 
+#ifndef XP_WIN
 static size_t rng_systemFromNoise(unsigned char *dest, size_t maxLen);
+#endif
 
 #if defined(XP_UNIX) || defined(XP_BEOS)
 #include "unix_rand.c"
@@ -20,6 +22,7 @@ static size_t rng_systemFromNoise(unsigned char *dest, size_t maxLen);
 #include "os2_rand.c"
 #endif
 
+#ifndef XP_WIN
 /*
  * Normal RNG_SystemRNG() isn't available, use the system noise to collect
  * the required amount of entropy.
@@ -43,4 +46,4 @@ rng_systemFromNoise(unsigned char *dest, size_t maxLen)
    }
    return retBytes;
 }
-
+#endif
diff --git a/security/nss/lib/freebl/win_rand.c b/security/nss/lib/freebl/win_rand.c
index 2ddac8d..2918d58 100644
--- a/security/nss/lib/freebl/win_rand.c
+++ b/security/nss/lib/freebl/win_rand.c
@@ -3,24 +3,10 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "secrng.h"
-#include "secerr.h"
 
 #ifdef XP_WIN
 #include <windows.h>
-#include <shlobj.h>     /* for CSIDL constants */
 #include <time.h>
-#include <io.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdio.h>
-#include "prio.h"
-#include "prerror.h"
-
-static PRInt32  filesToRead;
-static DWORD    totalFileBytes;
-static DWORD    maxFileBytes	= 250000;	/* 250 thousand */
-static DWORD    dwNumFiles, dwReadEvery, dwFileToRead;
-static PRBool   usedWindowsPRNG;
 
 static BOOL
 CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
@@ -84,168 +70,6 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
     return n;
 }
 
-typedef PRInt32 (* Handler)(const PRUnichar *);
-#define MAX_DEPTH 2
-#define MAX_FOLDERS 4
-#define MAX_FILES 1024
-
-static void
-EnumSystemFilesInFolder(Handler func, PRUnichar* szSysDir, int maxDepth) 
-{
-    int                 iContinue;
-    unsigned int        uFolders  = 0;
-    unsigned int        uFiles    = 0;
-    HANDLE              lFindHandle;
-    WIN32_FIND_DATAW    fdData;
-    PRUnichar           szFileName[_MAX_PATH];
-
-    if (maxDepth < 0)
-    	return;
-    // append *.* so we actually look for files.
-    _snwprintf(szFileName, _MAX_PATH, L"%s\\*.*", szSysDir);
-    szFileName[_MAX_PATH - 1] = L'\0';
-
-    lFindHandle = FindFirstFileW(szFileName, &fdData);
-    if (lFindHandle == INVALID_HANDLE_VALUE)
-        return;
-    do {
-	iContinue = 1;
-	if (wcscmp(fdData.cFileName, L".") == 0 ||
-            wcscmp(fdData.cFileName, L"..") == 0) {
-	    // skip "." and ".."
-	} else {
-	    // pass the full pathname to the callback
-	    _snwprintf(szFileName, _MAX_PATH, L"%s\\%s", szSysDir, 
-		       fdData.cFileName);
-	    szFileName[_MAX_PATH - 1] = L'\0';
-	    if (fdData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
-		if (++uFolders <= MAX_FOLDERS)
-		    EnumSystemFilesInFolder(func, szFileName, maxDepth - 1);
-	    } else {
-		iContinue = (++uFiles <= MAX_FILES) && !(*func)(szFileName);
-	    }
-	}
-	if (iContinue)
-	    iContinue = FindNextFileW(lFindHandle, &fdData);
-    } while (iContinue);
-    FindClose(lFindHandle);
-}
-
-static BOOL
-EnumSystemFiles(Handler func)
-{
-    PRUnichar szSysDir[_MAX_PATH];
-    static const int folders[] = {
-    	CSIDL_BITBUCKET,  
-	CSIDL_RECENT,
-	CSIDL_INTERNET_CACHE, 
-	CSIDL_HISTORY,
-	0
-    };
-    int i = 0;
-    if (_MAX_PATH > (i = GetTempPathW(_MAX_PATH, szSysDir))) {
-        if (i > 0 && szSysDir[i-1] == L'\\')
-	    szSysDir[i-1] = L'\0'; // we need to lop off the trailing slash
-        EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH);
-    }
-    for(i = 0; folders[i]; i++) {
-        DWORD rv = SHGetSpecialFolderPathW(NULL, szSysDir, folders[i], 0);
-        if (szSysDir[0])
-            EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH);
-        szSysDir[0] =  L'\0';
-    }
-    return PR_TRUE;
-}
-
-static PRInt32
-CountFiles(const PRUnichar *file)
-{
-    dwNumFiles++;
-    return 0;
-}
-
-static int
-ReadSingleFile(const char *filename)
-{
-    PRFileDesc *    file;
-    unsigned char   buffer[1024];
-
-    file = PR_Open(filename, PR_RDONLY, 0);
-    if (file != NULL) {
-	while (PR_Read(file, buffer, sizeof buffer) > 0)
-	    ;
-        PR_Close(file);
-    }
-    return (file != NULL);
-}
-
-static PRInt32
-ReadOneFile(const PRUnichar *szFileName)
-{
-    char narrowFileName[_MAX_PATH];
-
-    if (dwNumFiles == dwFileToRead) {
-	int success = WideCharToMultiByte(CP_ACP, 0, szFileName, -1, 
-					  narrowFileName, _MAX_PATH, 
-					  NULL, NULL);
-	if (success)
-	    success = ReadSingleFile(narrowFileName);
-    	if (!success)
-	    dwFileToRead++; /* couldn't read this one, read the next one. */
-    }
-    dwNumFiles++;
-    return dwNumFiles > dwFileToRead;
-}
-
-static PRInt32
-ReadFiles(const PRUnichar *szFileName)
-{
-    char narrowFileName[_MAX_PATH];
-
-    if ((dwNumFiles % dwReadEvery) == 0) {
-	++filesToRead;
-    }
-    if (filesToRead) {
-	DWORD prevFileBytes = totalFileBytes;
-	int   iContinue     = WideCharToMultiByte(CP_ACP, 0, szFileName, -1, 
-						  narrowFileName, _MAX_PATH, 
-						  NULL, NULL);
-	if (iContinue) {
-	    RNG_FileForRNG(narrowFileName);
-	}
-	if (prevFileBytes < totalFileBytes) {
-	    --filesToRead;
-	}
-    }
-    dwNumFiles++;
-    return (totalFileBytes >= maxFileBytes);
-}
-
-static void
-ReadSystemFiles(void)
-{
-    // first count the number of files
-    dwNumFiles = 0;
-    if (!EnumSystemFiles(CountFiles))
-        return;
-
-    RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles));
-
-    // now read the first 10 readable files, then 10 or 11 files
-    // spread throughout the system directory
-    filesToRead = 10;
-    if (dwNumFiles == 0)
-        return;
-
-    dwReadEvery = dwNumFiles / 10;
-    if (dwReadEvery == 0)
-        dwReadEvery = 1;  // less than 10 files
-
-    dwNumFiles = 0;
-    totalFileBytes = 0;
-    EnumSystemFiles(ReadFiles);
-}
-
 void RNG_SystemInfoForRNG(void)
 {
     DWORD           dwVal;
@@ -308,91 +132,28 @@ void RNG_SystemInfoForRNG(void)
         RNG_RandomUpdate(&dwNumClusters,  sizeof(dwNumClusters));
     }
 
-    // Skip the potentially slow file scanning if the OS's PRNG worked.
-    if (!usedWindowsPRNG)
-	ReadSystemFiles();
-
-    nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
-    RNG_RandomUpdate(buffer, nBytes);
-}
-
-static void rng_systemJitter(void)
-{   
-    dwNumFiles = 0;
-    EnumSystemFiles(ReadOneFile);
-    dwFileToRead++;
-    if (dwFileToRead >= dwNumFiles) {
-	dwFileToRead = 0;
-    }
-}
-
-
-void RNG_FileForRNG(const char *filename)
-{
-    FILE*           file;
-    int             nBytes;
-    struct stat     stat_buf;
-    unsigned char   buffer[1024];
-
-    /* windows doesn't initialize all the bytes in the stat buf,
-     * so initialize them all here to avoid UMRs.
-     */
-    memset(&stat_buf, 0, sizeof stat_buf);
-
-    if (stat((char *)filename, &stat_buf) < 0)
-        return;
-
-    RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf));
-
-    file = fopen((char *)filename, "r");
-    if (file != NULL) {
-        for (;;) {
-            size_t  bytes = fread(buffer, 1, sizeof(buffer), file);
-
-            if (bytes == 0)
-                break;
-
-            RNG_RandomUpdate(buffer, bytes);
-            totalFileBytes += bytes;
-            if (totalFileBytes > maxFileBytes)
-                break;
-        }
-
-        fclose(file);
-    }
-
     nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
     RNG_RandomUpdate(buffer, nBytes);
 }
 
 
 /*
- * Windows XP and Windows Server 2003 and later have RtlGenRandom,
- * which must be looked up by the name SystemFunction036.
+ * The RtlGenRandom function is declared in <ntsecapi.h>, but the
+ * declaration is missing a calling convention specifier. So we
+ * declare it manually here.
  */
-typedef BOOLEAN
-(APIENTRY *RtlGenRandomFn)(
+#define RtlGenRandom SystemFunction036
+DECLSPEC_IMPORT BOOLEAN WINAPI RtlGenRandom(
     PVOID RandomBuffer,
     ULONG RandomBufferLength);
 
 size_t RNG_SystemRNG(void *dest, size_t maxLen)
 {
-    HMODULE hModule;
-    RtlGenRandomFn pRtlGenRandom;
     size_t bytes = 0;
 
-    usedWindowsPRNG = PR_FALSE;
-    hModule = LoadLibrary("advapi32.dll");
-    if (hModule == NULL) {
-	return bytes;
-    }
-    pRtlGenRandom = (RtlGenRandomFn)
-	GetProcAddress(hModule, "SystemFunction036");
-    if (pRtlGenRandom && pRtlGenRandom(dest, maxLen)) {
+    if (RtlGenRandom(dest, maxLen)) {
 	bytes = maxLen;
-	usedWindowsPRNG = PR_TRUE;
     }
-    FreeLibrary(hModule);
     return bytes;
 }
 #endif  /* is XP_WIN */
diff --git a/security/nss/lib/jar/jarver.c b/security/nss/lib/jar/jarver.c
index d06b4e0..fa3c8a0 100644
--- a/security/nss/lib/jar/jarver.c
+++ b/security/nss/lib/jar/jarver.c
@@ -14,13 +14,8 @@
 #include "certdb.h"
 #include "certt.h"
 #include "secpkcs7.h"
-
-/*#include "cdbhdl.h" */
 #include "secder.h"
 
-/* from certdb.h */
-#define CERTDB_USER (1<<6)
-
 #define SZ 512
 
 static int
diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h
index 3cc550e..c9910e7 100755
--- a/security/nss/lib/libpkix/include/pkix_errorstrings.h
+++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h
@@ -238,7 +238,6 @@ PKIX_ERRORENTRY(CERTTOSTRINGHELPERFAILED,pkix_pl_Cert_ToString_Helper failed,0),
 PKIX_ERRORENTRY(CERTVERIFYCERTTYPEFAILED,PKIX_PL_Cert_VerifyCertAndKeyType failed,0),
 PKIX_ERRORENTRY(CERTVERIFYKEYUSAGEFAILED,PKIX_PL_Cert_VerifyKeyUsage failed,0),
 PKIX_ERRORENTRY(CERTVERIFYSIGNATUREFAILED,PKIX_PL_Cert_VerifySignature failed,0),
-PKIX_ERRORENTRY(CHAINREJECTEDBYREVOCATIONCHECKER,Chain rejected by Revocation Checker,0),
 PKIX_ERRORENTRY(CHAINVERIFYCALLBACKFAILED,Chain rejected by Application Callback,SEC_ERROR_APPLICATION_CALLBACK_ERROR),
 PKIX_ERRORENTRY(CHECKCERTAGAINSTANCHORFAILED,pkix_CheckCertAgainstAnchor failed,0),
 PKIX_ERRORENTRY(CHECKCERTFAILED,pkix_CheckCert failed,0),
@@ -474,7 +473,6 @@ PKIX_ERRORENTRY(FANOUTEXCEEDSRESOURCELIMITS,Fanout exceeds Resource Limits,0),
 PKIX_ERRORENTRY(FETCHINGCACHEDCRLFAILED,Fetching Cached CRLfailed,0),
 PKIX_ERRORENTRY(FILLINPROCESSINGPARAMSFAILED,Fail to fill in parameters,0),
 PKIX_ERRORENTRY(FILLINRETURNRESULTSFAILED,Fail to fill in return results,0),
-PKIX_ERRORENTRY(FIRSTARGUMENTNOTANOID,FirstObject is not an OID,0),
 PKIX_ERRORENTRY(FIRSTARGUMENTNOTBYTEARRAY,FirstObject is not a ByteArray,0),
 PKIX_ERRORENTRY(FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT,First argument is not a CertBasicConstraints Object,0),
 PKIX_ERRORENTRY(FIRSTDOUBLEHEXMUSTNOTBE00,First DoubleHex MUST NOT be 00,SEC_ERROR_INVALID_ARGS),
@@ -578,7 +576,9 @@ PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed,
 PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0),
 PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0),
 PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0),
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+#endif
 PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
 PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0),
 PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0),
diff --git a/security/nss/lib/libpkix/include/pkix_pl_pki.h b/security/nss/lib/libpkix/include/pkix_pl_pki.h
index 1157916..0a449b9 100755
--- a/security/nss/lib/libpkix/include/pkix_pl_pki.h
+++ b/security/nss/lib/libpkix/include/pkix_pl_pki.h
@@ -1269,6 +1269,9 @@ PKIX_PL_Cert_AreCertPoliciesCritical(
  *      Must be non-NULL.
  *  "nameConstraints"
  *      Address of CertNameConstraints that need to be satisfied.
+ *  "treatCommonNameAsDNSName"
+ *      PKIX_TRUE if the subject common name should be considered a dNSName
+ *      when evaluating name constraints.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
@@ -1282,6 +1285,7 @@ PKIX_Error *
 PKIX_PL_Cert_CheckNameConstraints(
         PKIX_PL_Cert *cert,
         PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean treatCommonNameAsDNSName,
         void *plContext);
 
 /*
@@ -1511,7 +1515,7 @@ typedef enum PKIX_PL_TrustAnchorModeEnum {
          *       explicitly untrustworthy, explicitly configured trust anchors
          *       MAY be ignored/rejected.
          */
-        PKIX_PL_TrustAnchorMode_Exclusive,
+        PKIX_PL_TrustAnchorMode_Exclusive
 } PKIX_PL_TrustAnchorMode;
 
 /*
@@ -1827,7 +1831,9 @@ PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert,
 
 #define PKIX_INFOACCESS_LOCATION_UNKNOWN 0
 #define PKIX_INFOACCESS_LOCATION_HTTP    1
+#ifndef NSS_PKIX_NO_LDAP
 #define PKIX_INFOACCESS_LOCATION_LDAP    2
+#endif
 
 /*
  * FUNCTION: PKIX_PL_InfoAccess_GetMethod
diff --git a/security/nss/lib/libpkix/include/pkix_sample_modules.h b/security/nss/lib/libpkix/include/pkix_sample_modules.h
index c031a12..75d9618 100755
--- a/security/nss/lib/libpkix/include/pkix_sample_modules.h
+++ b/security/nss/lib/libpkix/include/pkix_sample_modules.h
@@ -117,6 +117,7 @@ PKIX_PL_Pk11CertStore_Create(
         PKIX_CertStore **pPk11CertStore,
         void *plContext);
 
+#ifndef NSS_PKIX_NO_LDAP
 /* PKIX_PL_LdapCertStore
  *
  * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server
@@ -249,6 +250,7 @@ PKIX_PL_LdapCertStore_Create(
         PKIX_PL_LdapClient *client,
         PKIX_CertStore **pCertStore,
         void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
 
 /* PKIX_PL_NssContext
  *
diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
index b9cde16..89bddd9 100755
--- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
+++ b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
@@ -425,9 +425,13 @@ pkix_CertSelector_Match_NameConstraints(
                 PKIX_COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED);
 
         if (nameConstraints != NULL) {
-
+                /* As only the end-entity certificate should have
+                 * the common name constrained as if it was a dNSName,
+                 * do not constrain the common name when building a
+                 * forward path.
+                 */
                 PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
-                    (cert, nameConstraints, plContext),
+                    (cert, nameConstraints, PKIX_FALSE, plContext),
                     PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
         }
 
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
index 63bccd5..c77ac8e 100644
--- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
+++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
@@ -201,7 +201,6 @@ pkix_CrlChecker_CheckLocal(
     PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn;
     PKIX_CertStore *certStore = NULL;
     pkix_CrlChecker *state = NULL;
-    PKIX_UInt32 reasonCode = 0;
     PKIX_UInt32 crlStoreIndex = 0;
     PKIX_UInt32 numCrlStores = 0;
     PKIX_Boolean storeIsLocal = PKIX_FALSE;
@@ -242,7 +241,7 @@ pkix_CrlChecker_CheckLocal(
                                           chainVerificationState ? date : NULL,
                                          /* crl downloading is not done. */
                                           PKIX_FALSE,   
-                                          &reasonCode, &revStatus, plContext),
+                                          pReasonCode, &revStatus, plContext),
                     PKIX_CERTSTORECRLCHECKFAILED);
                 if (revStatus == PKIX_RevStatus_Revoked) {
                     break;
@@ -307,7 +306,6 @@ pkix_CrlChecker_CheckExternal(
     PKIX_CRLSelector *crlSelector = NULL;
     PKIX_PL_X500Name *issuerName = NULL;
     pkix_CrlChecker *state = NULL; 
-    PKIX_UInt32 reasonCode = 0;
     PKIX_UInt32 crlStoreIndex = 0;
     PKIX_UInt32 numCrlStores = 0;
     PKIX_Boolean storeIsLocal = PKIX_FALSE;
@@ -410,7 +408,7 @@ pkix_CrlChecker_CheckExternal(
             (*storeCheckRevocationFn)(certStore, cert, issuer, date,
                                       /* done with crl downloading */
                                       PKIX_TRUE,
-                                      &reasonCode, &revStatus, plContext),
+                                      pReasonCode, &revStatus, plContext),
             PKIX_CERTSTORECRLCHECKFAILED);
         if (revStatus != PKIX_RevStatus_NoInfo) {
             break;
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
index c04aa26..7c9430d 100755
--- a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
+++ b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
@@ -167,6 +167,7 @@ pkix_NameConstraintsChecker_Check(
         PKIX_PL_CertNameConstraints *nameConstraints = NULL;
         PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL;
         PKIX_Boolean selfIssued = PKIX_FALSE;
+        PKIX_Boolean lastCert = PKIX_FALSE;
 
         PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check");
         PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
@@ -178,6 +179,7 @@ pkix_NameConstraintsChecker_Check(
                     PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
 
         state->certsRemaining--;
+        lastCert = state->certsRemaining == 0;
 
         /* Get status of self issued */
         PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
@@ -185,13 +187,14 @@ pkix_NameConstraintsChecker_Check(
 
         /* Check on non self-issued and if so only for last cert */
         if (selfIssued == PKIX_FALSE ||
-            (selfIssued == PKIX_TRUE && state->certsRemaining == 0)) {
+            (selfIssued == PKIX_TRUE && lastCert)) {
                 PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
-                    (cert, state->nameConstraints, plContext),
+                    (cert, state->nameConstraints, lastCert,
+                      plContext),
                     PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
         }
 
-        if (state->certsRemaining != 0) {
+        if (!lastCert) {
 
             PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
                     (cert, &nameConstraints, plContext),
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c
deleted file mode 100755
index de5d203..0000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * pkix_buildparams.c
- *
- * Build Params Object Functions
- *
- */
-
-#include "pkix_buildparams.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_BuildParams_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Destroy(
-        PKIX_PL_Object *object,
-        void *plContext)
-{
-        PKIX_BuildParams *params = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Destroy");
-        PKIX_NULLCHECK_ONE(object);
-
-        /* Check that this object is a build params object */
-        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
-                    "Object is not a build params object");
-
-        params = (PKIX_BuildParams *)object;
-
-        PKIX_DECREF(params->procParams);
-
-cleanup:
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Equals(
-        PKIX_PL_Object *first,
-        PKIX_PL_Object *second,
-        PKIX_Boolean *pResult,
-        void *plContext)
-{
-        PKIX_UInt32 secondType;
-        PKIX_Boolean cmpResult;
-        PKIX_BuildParams *firstBuildParams = NULL;
-        PKIX_BuildParams *secondBuildParams = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Equals");
-        PKIX_NULLCHECK_THREE(first, second, pResult);
-
-        PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDPARAMS_TYPE, plContext),
-                    "First Argument is not a BuildParams object");
-
-        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
-                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
-        *pResult = PKIX_FALSE;
-
-        if (secondType != PKIX_BUILDPARAMS_TYPE) goto cleanup;
-
-        firstBuildParams = (PKIX_BuildParams *)first;
-        secondBuildParams = (PKIX_BuildParams *)second;
-
-        PKIX_CHECK(PKIX_PL_Object_Equals
-                    ((PKIX_PL_Object *)firstBuildParams->procParams,
-                    (PKIX_PL_Object *)secondBuildParams->procParams,
-                    &cmpResult,
-                    plContext),
-                    PKIX_OBJECTEQUALSFAILED);
-
-        if (!cmpResult) goto cleanup;
-
-        *pResult = cmpResult;
-
-cleanup:
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Hashcode(
-        PKIX_PL_Object *object,
-        PKIX_UInt32 *pHashcode,
-        void *plContext)
-{
-        PKIX_BuildParams *buildParams = NULL;
-        PKIX_UInt32 hash = 0;
-        PKIX_UInt32 procParamsHash = 0;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Hashcode");
-        PKIX_NULLCHECK_TWO(object, pHashcode);
-
-        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
-                    "Object is not a processingParams object");
-
-        buildParams = (PKIX_BuildParams*)object;
-
-        PKIX_CHECK(PKIX_PL_Object_Hashcode
-                    ((PKIX_PL_Object *)buildParams->procParams,
-                    &procParamsHash,
-                    plContext),
-                    PKIX_OBJECTHASHCODEFAILED);
-
-        hash = 31 * procParamsHash;
-
-        *pHashcode = hash;
-
-cleanup:
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_ToString(
-        PKIX_PL_Object *object,
-        PKIX_PL_String **pString,
-        void *plContext)
-{
-        PKIX_BuildParams *buildParams = NULL;
-        char *asciiFormat = NULL;
-        PKIX_PL_String *formatString = NULL;
-        PKIX_PL_String *buildParamsString = NULL;
-
-        PKIX_PL_String *procParamsString = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_ToString");
-        PKIX_NULLCHECK_TWO(object, pString);
-
-        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
-                    PKIX_OBJECTNOTBUILDPARAMS);
-
-        asciiFormat =
-                "[\n"
-                "\tProcessing Params: \n"
-                "\t********BEGIN PROCESSING PARAMS********\n"
-                "\t\t%s\n"
-                "\t********END PROCESSING PARAMS********\n"
-                "]\n";
-
-        PKIX_CHECK(PKIX_PL_String_Create
-                    (PKIX_ESCASCII,
-                    asciiFormat,
-                    0,
-                    &formatString,
-                    plContext),
-                    PKIX_STRINGCREATEFAILED);
-
-        buildParams = (PKIX_BuildParams*)object;
-
-        PKIX_CHECK(PKIX_PL_Object_ToString
-                    ((PKIX_PL_Object*)buildParams->procParams,
-                    &procParamsString,
-                    plContext),
-                    PKIX_OBJECTTOSTRINGFAILED);
-
-        PKIX_CHECK(PKIX_PL_Sprintf
-                    (&buildParamsString,
-                    plContext,
-                    formatString,
-                    procParamsString),
-                    PKIX_SPRINTFFAILED);
-
-        *pString = buildParamsString;
-
-cleanup:
-
-        PKIX_DECREF(formatString);
-        PKIX_DECREF(procParamsString);
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_RegisterSelf
- * DESCRIPTION:
- *  Registers PKIX_BUILDPARAMS_TYPE and its related functions with
- *  systemClasses[]
- * THREAD SAFETY:
- *  Not Thread Safe - for performance and complexity reasons
- *
- *  Since this function is only called by PKIX_PL_Initialize, which should
- *  only be called once, it is acceptable that this function is not
- *  thread-safe.
- */
-PKIX_Error *
-pkix_BuildParams_RegisterSelf(void *plContext)
-{
-
-        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
-        pkix_ClassTable_Entry entry;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_RegisterSelf");
-
-        entry.description = "BuildParams";
-        entry.objCounter = 0;
-        entry.typeObjectSize = sizeof(PKIX_BuildParams);
-        entry.destructor = pkix_BuildParams_Destroy;
-        entry.equalsFunction = pkix_BuildParams_Equals;
-        entry.hashcodeFunction = pkix_BuildParams_Hashcode;
-        entry.toStringFunction = pkix_BuildParams_ToString;
-        entry.comparator = NULL;
-        entry.duplicateFunction = NULL;
-
-        systemClasses[PKIX_BUILDPARAMS_TYPE] = entry;
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_BuildParams_Create (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_BuildParams_Create(
-        PKIX_ProcessingParams *procParams,
-        PKIX_BuildParams **pParams,
-        void *plContext)
-{
-        PKIX_BuildParams *params = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_Create");
-        PKIX_NULLCHECK_TWO(procParams, pParams);
-
-        PKIX_CHECK(PKIX_PL_Object_Alloc
-                    (PKIX_BUILDPARAMS_TYPE,
-                    sizeof (PKIX_BuildParams),
-                    (PKIX_PL_Object **)&params,
-                    plContext),
-                    PKIX_COULDNOTCREATEBUILDPARAMSOBJECT);
-
-        /* initialize fields */
-        PKIX_INCREF(procParams);
-        params->procParams = procParams;
-
-        *pParams = params;
-        params = NULL;
-
-cleanup:
-
-        PKIX_DECREF(params);
-
-        PKIX_RETURN(BUILDPARAMS);
-
-}
-
-/*
- * FUNCTION: PKIX_BuildParams_GetProcessingParams
- *      (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_BuildParams_GetProcessingParams(
-        PKIX_BuildParams *buildParams,
-        PKIX_ProcessingParams **pProcParams,
-        void *plContext)
-{
-        PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_GetProcessingParams");
-        PKIX_NULLCHECK_TWO(buildParams, pProcParams);
-
-        PKIX_INCREF(buildParams->procParams);
-
-        *pProcParams = buildParams->procParams;
-
-cleanup:
-        PKIX_RETURN(BUILDPARAMS);
-}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h
deleted file mode 100755
index 4bf130b..0000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * pkix_buildparams.h
- *
- * BuildParams Object Type Definition
- *
- */
-
-#ifndef _PKIX_BUILDPARAMS_H
-#define _PKIX_BUILDPARAMS_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_BuildParamsStruct {
-        PKIX_ProcessingParams *procParams;      /* Never NULL */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_BuildParams_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_BUILDPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
index 5693569..ced16d2 100755
--- a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
+++ b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
@@ -369,7 +369,11 @@ PKIX_TrustAnchor_CreateWithCert(
 
         anchor->caName = NULL;
         anchor->caPubKey = NULL;
-        anchor->nameConstraints = NULL;
+
+        PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+                    (anchor->trustedCert, &anchor->nameConstraints, plContext),
+                    PKIX_CERTGETNAMECONSTRAINTSFAILED);
+
 
         *pAnchor = anchor;
         anchor = NULL;
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c
index c35163a..0fd4fad 100755
--- a/security/nss/lib/libpkix/pkix/top/pkix_build.c
+++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c
@@ -65,7 +65,6 @@ pkix_ForwardBuilderState_Destroy(
         state->numFanout = 0;
         state->numDepth = 0;
         state->reasonCode = 0;
-        state->revCheckDelayed = PKIX_FALSE;
         state->canBeCached = PKIX_FALSE;
         state->useOnlyLocal = PKIX_FALSE;
         state->revChecking = PKIX_FALSE;
@@ -126,9 +125,6 @@ cleanup:
  *      Number of Certs that can be considered at this level (0 = no limit)
  *  "numDepth"
  *      Number of additional levels that can be searched (0 = no limit)
- *  "revCheckDelayed"
- *      Boolean value indicating whether rev check is delayed until after
- *      entire chain is built.
  *  "canBeCached"
  *      Boolean value indicating whether all certs on the chain can be cached.
  *  "validityDate"
@@ -159,7 +155,6 @@ pkix_ForwardBuilderState_Create(
         PKIX_Int32 traversedCACerts,
         PKIX_UInt32 numFanout,
         PKIX_UInt32 numDepth,
-        PKIX_Boolean revCheckDelayed,
         PKIX_Boolean canBeCached,
         PKIX_PL_Date *validityDate,
         PKIX_PL_Cert *prevCert,
@@ -195,7 +190,6 @@ pkix_ForwardBuilderState_Create(
         state->numDepth = numDepth;
         state->reasonCode = 0;
         state->revChecking = numDepth;
-        state->revCheckDelayed = revCheckDelayed;
         state->canBeCached = canBeCached;
         state->useOnlyLocal = PKIX_TRUE;
         state->revChecking = PKIX_FALSE;
@@ -371,7 +365,6 @@ pkix_ForwardBuilderState_ToString
                 "\tnumFanout: \t%d\n"
                 "\tnumDepth:  \t%d\n"
                 "\treasonCode:  \t%d\n"
-                "\trevCheckDelayed: \t%d\n"
                 "\tcanBeCached: \t%d\n"
                 "\tuseOnlyLocal: \t%d\n"
                 "\trevChecking: \t%d\n"
@@ -416,10 +409,6 @@ pkix_ForwardBuilderState_ToString
                                         break;
             case BUILD_ABANDONNODE:     asciiStatus = "BUILD_ABANDONNODE";
                                         break;
-            case BUILD_CRLPREP:         asciiStatus = "BUILD_CRLPREP";
-                                        break;
-            case BUILD_CRL1:            asciiStatus = "BUILD_CRL1";
-                                        break;
             case BUILD_DATEPREP:        asciiStatus = "BUILD_DATEPREP";
                                         break;
             case BUILD_CHECKTRUSTED:    asciiStatus = "BUILD_CHECKTRUSTED";
@@ -428,8 +417,6 @@ pkix_ForwardBuilderState_ToString
                                         break;
             case BUILD_ADDTOCHAIN:      asciiStatus = "BUILD_ADDTOCHAIN";
                                         break;
-            case BUILD_CRL2:            asciiStatus = "BUILD_CRL2";
-                                        break;
             case BUILD_VALCHAIN:        asciiStatus = "BUILD_VALCHAIN";
                                         break;
             case BUILD_VALCHAIN2:       asciiStatus = "BUILD_VALCHAIN2";
@@ -498,7 +485,6 @@ pkix_ForwardBuilderState_ToString
                 (PKIX_UInt32)state->numFanout,
                 (PKIX_UInt32)state->numDepth,
                 (PKIX_UInt32)state->reasonCode,
-                state->revCheckDelayed,
                 state->canBeCached,
                 state->useOnlyLocal,
                 state->revChecking,
@@ -656,8 +642,6 @@ pkix_ForwardBuilderState_IsIOPending(
         PKIX_NULLCHECK_TWO(state, pPending);
 
         if ((state->status == BUILD_GATHERPENDING) ||
-            (state->status == BUILD_CRL1) ||
-            (state->status == BUILD_CRL2) ||
             (state->status == BUILD_CHECKTRUSTED2) ||
             (state->status == BUILD_VALCHAIN2) ||
             (state->status == BUILD_AIAPENDING)) {
@@ -780,16 +764,12 @@ cleanup:
  *  Checks whether the previous Cert stored in the ForwardBuilderState pointed
  *  to by "state" successfully chains, including signature verification, to the
  *  candidate Cert also stored in "state", using the Boolean value in "trusted"
- *  to determine whether "candidateCert" is trusted. Using the Boolean value in
- *  "revocationChecking" for the existence of revocation checking, it sets
- *  "pNeedsCRLChecking" to PKIX_TRUE if the candidate Cert needs to be checked
- *  against Certificate Revocation Lists.
+ *  to determine whether "candidateCert" is trusted.
  *
  *  First it checks whether "candidateCert" has already been traversed by
- *  determining whether it is contained in the List of traversed Certs. It
+ *  determining whether it is contained in the List of traversed Certs. It then
  *  checks the candidate Cert with user checkers, if any, in the List pointed to
- *  by "userCheckers". It then runs the signature validation. Finally, it
- *  determines the appropriate value for "pNeedsCRLChecking".
+ *  by "userCheckers". Finally, it runs the signature validation.
  *
  *  If this Certificate fails verification, and state->verifyNode is non-NULL,
  *  this function sets the Error code into the verifyNode.
@@ -800,14 +780,8 @@ cleanup:
  *  "userCheckers"
  *      Address of a List of CertChainCheckers to be used, if present, to
  *      validate the candidateCert.
- *  "revocationChecking"
- *      Boolean indication of whether revocation checking is available, either
- *      as a CertChainChecker or a List of RevocationCheckers.
  *  "trusted"
  *      Boolean value of trust for the candidate Cert
- *  "pNeedsCRLChecking"
- *      Address where Boolean CRL-checking-needed value is stored.
- *      Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
@@ -821,9 +795,7 @@ static PKIX_Error *
 pkix_Build_VerifyCertificate(
         PKIX_ForwardBuilderState *state,
         PKIX_List *userCheckers,
-        PKIX_Boolean revocationChecking,
         PKIX_Boolean *pTrusted,
-        PKIX_Boolean *pNeedsCRLChecking,
         PKIX_VerifyNode *verifyNode,
         void *plContext)
 {
@@ -841,12 +813,10 @@ pkix_Build_VerifyCertificate(
         void *nbioContext = NULL;
         
         PKIX_ENTER(BUILD, "pkix_Build_VerifyCertificate");
-        PKIX_NULLCHECK_THREE(state, pTrusted, pNeedsCRLChecking);
+        PKIX_NULLCHECK_TWO(state, pTrusted);
         PKIX_NULLCHECK_THREE
                 (state->candidateCerts, state->prevCert, state->trustChain);
 
-        *pNeedsCRLChecking = PKIX_FALSE;
-
         PKIX_INCREF(state->candidateCert);
         candidateCert = state->candidateCert;
 
@@ -944,26 +914,6 @@ pkix_Build_VerifyCertificate(
                 PKIX_ERROR(PKIX_MISSINGDSAPARAMETERS);
             }
         }
-        
-        
-        if (revocationChecking) {
-            if (!trusted) {
-                if (state->revCheckDelayed) {
-                    goto cleanup;
-                } else {
-                    PKIX_Boolean isSelfIssued = PKIX_FALSE;
-                    PKIX_CHECK(
-                        pkix_IsCertSelfIssued(candidateCert, &isSelfIssued,
-                                              plContext),
-                        PKIX_ISCERTSELFISSUEDFAILED);
-                    if (isSelfIssued) {
-                        state->revCheckDelayed = PKIX_TRUE;
-                        goto cleanup;
-                    }
-                }
-            }
-            *pNeedsCRLChecking = PKIX_TRUE;
-        }
 
 cleanup:
         PKIX_DECREF(candidateCert);
@@ -1348,9 +1298,8 @@ pkix_Build_ValidateEntireChain(
 
         ERROR_CHECK(PKIX_CHECKCHAINFAILED);
 
-        if (state->reasonCode != 0) {
-                PKIX_ERROR(PKIX_CHAINREJECTEDBYREVOCATIONCHECKER);
-        }
+        /* XXX Remove this assertion after 2014-12-31. See bug 946984. */
+        PORT_Assert(state->reasonCode == 0);
 
         PKIX_CHECK(pkix_ValidateResult_Create
                 (subjPubKey, anchor, policyTree, &valResult, plContext),
@@ -2080,8 +2029,6 @@ pkix_BuildForwardDepthFirstSearch(
         PKIX_Boolean trusted = PKIX_FALSE;
         PKIX_Boolean isSelfIssued = PKIX_FALSE;
         PKIX_Boolean canBeCached = PKIX_FALSE;
-        PKIX_Boolean revocationCheckingExists = PKIX_FALSE;
-        PKIX_Boolean needsCRLChecking = PKIX_FALSE;
         PKIX_Boolean ioPending = PKIX_FALSE;
         PKIX_PL_Date *validityDate = NULL;
         PKIX_PL_Date *currTime  = NULL;
@@ -2392,9 +2339,6 @@ pkix_BuildForwardDepthFirstSearch(
 #endif
 
             if (state->status == BUILD_CERTVALIDATING) {
-                    revocationCheckingExists =
-                        (state->buildConstants.revChecker != NULL);
-
                     PKIX_DECREF(state->candidateCert);
                     PKIX_CHECK(PKIX_List_GetItem
                             (state->candidateCerts,
@@ -2417,9 +2361,7 @@ pkix_BuildForwardDepthFirstSearch(
                     verifyError = pkix_Build_VerifyCertificate
                             (state,
                             state->buildConstants.userCheckers,
-                            revocationCheckingExists,
                             &trusted,
-                            &needsCRLChecking,
                             verifyNode,
                             plContext);
 
@@ -2454,63 +2396,11 @@ pkix_BuildForwardDepthFirstSearch(
                                     (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED);
                             }
                             state->status = BUILD_GETNEXTCERT;
-                    } else if (needsCRLChecking) {
-                            state->status = BUILD_CRLPREP;
                     } else {
                             state->status = BUILD_DATEPREP;
                     }
             }
 
-            if (state->status == BUILD_CRLPREP) {
-                PKIX_RevocationStatus revStatus;
-                PKIX_UInt32 reasonCode;
-
-                verifyError =
-                    PKIX_RevocationChecker_Check(
-                             state->prevCert, state->candidateCert,
-                             state->buildConstants.revChecker,
-                             state->buildConstants.procParams,
-                             PKIX_FALSE,
-                             (state->parentState == NULL) ?
-                                              PKIX_TRUE : PKIX_FALSE,
-                             &revStatus, &reasonCode,
-                             &nbio, plContext);
-                if (nbio != NULL) {
-                    *pNBIOContext = nbio;
-                    goto cleanup;
-                }
-                if (revStatus == PKIX_RevStatus_Revoked || verifyError) {
-                    if (!verifyError) {
-                        /* if verifyError is returned then use it as
-                         * it has a detailed revocation error code.
-                         * Otherwise create a new error */
-                        PKIX_ERROR_CREATE(VALIDATE, PKIX_CERTIFICATEREVOKED,
-                                          verifyError);
-                    }
-                    if (state->verifyNode != NULL) {
-                            PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
-                                    (verifyNode, verifyError, plContext),
-                                    PKIX_VERIFYNODESETERRORFAILED);
-                            PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
-                                    (state->verifyNode,
-                                    verifyNode,
-                                    plContext),
-                                    PKIX_VERIFYNODEADDTOTREEFAILED);
-                            PKIX_DECREF(verifyNode);
-                    }
-                    PKIX_DECREF(finalError);
-                    finalError = verifyError;
-                    verifyError = NULL;
-                    if (state->certLoopingDetected) {
-                            PKIX_ERROR
-                                (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED);
-                    }
-                    state->status = BUILD_GETNEXTCERT;
-                } else {
-                    state->status = BUILD_DATEPREP;
-                }
-            }
-
             if (state->status == BUILD_DATEPREP) {
                     /* Keep track of whether this chain can be cached */
                     PKIX_CHECK(pkix_Build_UpdateDate(state, plContext),
@@ -2712,7 +2602,6 @@ pkix_BuildForwardDepthFirstSearch(
                             (childTraversedCACerts,
                             state->buildConstants.maxFanout,
                             state->numDepth - 1,
-                            state->revCheckDelayed,
                             canBeCached,
                             validityDate,
                             state->candidateCert,
@@ -3522,7 +3411,6 @@ pkix_Build_InitiateBuildChain(
                     (0,              /* PKIX_UInt32 traversedCACerts */
                     buildConstants.maxFanout,
                     buildConstants.maxDepth,
-                    PKIX_FALSE,      /* PKIX_Boolean revCheckDelayed */
                     PKIX_TRUE,       /* PKIX_Boolean canBeCached */
                     NULL,            /* PKIX_Date *validityDate */
                     targetCert,      /* PKIX_PL_Cert *prevCert */
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.h b/security/nss/lib/libpkix/pkix/top/pkix_build.h
index 91916d4..eeba923 100755
--- a/security/nss/lib/libpkix/pkix/top/pkix_build.h
+++ b/security/nss/lib/libpkix/pkix/top/pkix_build.h
@@ -11,7 +11,9 @@
 #ifndef _PKIX_BUILD_H
 #define _PKIX_BUILD_H
 #include "pkix_tools.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapt.h"
+#endif
 #include "pkix_ekuchecker.h"
 
 #ifdef __cplusplus
@@ -27,14 +29,10 @@ typedef enum {
         BUILD_GATHERPENDING,
         BUILD_CERTVALIDATING,
         BUILD_ABANDONNODE,
-        BUILD_CRLPREP,
-        BUILD_CRL1,
         BUILD_DATEPREP,
         BUILD_CHECKTRUSTED,
         BUILD_CHECKTRUSTED2,
         BUILD_ADDTOCHAIN,
-        BUILD_CRL2PREP,
-        BUILD_CRL2,
         BUILD_VALCHAIN,
         BUILD_VALCHAIN2,
         BUILD_EXTENDCHAIN,
@@ -85,7 +83,6 @@ struct PKIX_ForwardBuilderStateStruct{
         PKIX_UInt32 numFanout;
         PKIX_UInt32 numDepth;
         PKIX_UInt32 reasonCode;
-        PKIX_Boolean revCheckDelayed;
         PKIX_Boolean canBeCached;
         PKIX_Boolean useOnlyLocal;
         PKIX_Boolean revChecking;
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_validate.c b/security/nss/lib/libpkix/pkix/top/pkix_validate.c
index edee9f3..1e5dec7 100755
--- a/security/nss/lib/libpkix/pkix/top/pkix_validate.c
+++ b/security/nss/lib/libpkix/pkix/top/pkix_validate.c
@@ -1113,7 +1113,7 @@ PKIX_ValidateChain(
                         pVerifyTree,
                         plContext);
 
-                if (chainFailed || (reasonCode != 0)) {
+                if (chainFailed) {
 
                         /* cert chain failed to validate */
 
@@ -1129,6 +1129,10 @@ PKIX_ValidateChain(
 
                 } else {
 
+                        /* XXX Remove this assertion after 2014-12-31.
+                         * See bug 946984. */
+                        PORT_Assert(reasonCode == 0);
+
                         /* cert chain successfully validated! */
                         PKIX_CHECK(pkix_ValidateResult_Create
                                 (finalPubKey,
@@ -1393,7 +1397,7 @@ PKIX_ValidateChain_NB(
                         goto cleanup;
                 }
 
-                if (chainFailed || (reasonCode != 0)) {
+                if (chainFailed) {
 
                         /* cert chain failed to validate */
 
@@ -1409,6 +1413,10 @@ PKIX_ValidateChain_NB(
 
                 } else {
 
+                        /* XXX Remove this assertion after 2014-12-31.
+                         * See bug 946984. */
+                        PORT_Assert(reasonCode == 0);
+
                         /* cert chain successfully validated! */
                         PKIX_CHECK(pkix_ValidateResult_Create
                                 (finalPubKey,
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk b/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk
index b8c03de..2926747 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk
@@ -13,3 +13,23 @@ SHARED_LIBRARY =
 IMPORT_LIBRARY =
 PROGRAM        =
 
+ifdef NSS_PKIX_NO_LDAP
+LDAP_HEADERS =
+LDAP_CSRCS =
+else
+LDAP_HEADERS = \
+	pkix_pl_ldapt.h \
+	pkix_pl_ldapcertstore.h \
+	pkix_pl_ldapresponse.h \
+	pkix_pl_ldaprequest.h \
+	pkix_pl_ldapdefaultclient.h \
+ 	$(NULL)
+ 
+LDAP_CSRCS = \
+	pkix_pl_ldaptemplates.c \
+	pkix_pl_ldapcertstore.c \
+	pkix_pl_ldapresponse.c \
+	pkix_pl_ldaprequest.c \
+	pkix_pl_ldapdefaultclient.c \
+ 	$(NULL)
+endif
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn b/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
index 12d3cee..63bfd70 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
@@ -12,11 +12,7 @@ PRIVATE_EXPORTS = \
 	pkix_pl_colcertstore.h \
 	pkix_pl_httpcertstore.h \
 	pkix_pl_httpdefaultclient.h \
-	pkix_pl_ldapt.h \
-	pkix_pl_ldapcertstore.h \
-	pkix_pl_ldapresponse.h \
-	pkix_pl_ldaprequest.h \
-	pkix_pl_ldapdefaultclient.h \
+	$(LDAP_HEADERS) \
 	pkix_pl_nsscontext.h \
 	pkix_pl_pk11certstore.h \
 	pkix_pl_socket.h \
@@ -32,11 +28,7 @@ CSRCS = \
 	pkix_pl_colcertstore.c \
 	pkix_pl_httpcertstore.c \
 	pkix_pl_httpdefaultclient.c \
-	pkix_pl_ldaptemplates.c \
-	pkix_pl_ldapcertstore.c \
-	pkix_pl_ldapresponse.c \
-	pkix_pl_ldaprequest.c \
-	pkix_pl_ldapdefaultclient.c \
+	$(LDAP_CSRCS) \
 	pkix_pl_nsscontext.c \
 	pkix_pl_pk11certstore.c \
 	pkix_pl_socket.c \
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
index 5dc7248..148c2c1 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
@@ -11,6 +11,7 @@
 #include "pkix_pl_aiamgr.h"
 extern PKIX_PL_HashTable *aiaConnectionCache;
 
+#ifndef NSS_PKIX_NO_LDAP
 /* --Virtual-LdapClient-Functions------------------------------------ */
 
 PKIX_Error *
@@ -51,6 +52,7 @@ cleanup:
         PKIX_RETURN(LDAPCLIENT);
 
 }
+#endif /* !NSS_PKIX_NO_LDAP */
 
 /* --Private-AIAMgr-Functions----------------------------------*/
 
@@ -81,7 +83,9 @@ pkix_pl_AIAMgr_Destroy(
         PKIX_DECREF(aiaMgr->aia);
         PKIX_DECREF(aiaMgr->location);
         PKIX_DECREF(aiaMgr->results);
+#ifndef NSS_PKIX_NO_LDAP
         PKIX_DECREF(aiaMgr->client.ldapClient);
+#endif
 
 cleanup:
 
@@ -114,6 +118,7 @@ pkix_pl_AIAMgr_RegisterSelf(void *plContext)
         PKIX_RETURN(AIAMGR);
 }
 
+#ifndef NSS_PKIX_NO_LDAP
 /*
  * FUNCTION: pkix_pl_AiaMgr_FindLDAPClient
  * DESCRIPTION:
@@ -131,6 +136,8 @@ pkix_pl_AIAMgr_RegisterSelf(void *plContext)
  *      non-NULL.
  *  "domainName"
  *      Address of a string pointing to a server name. Must be non-NULL.
+ *      An empty string (which means no <host> is given in the LDAP URL) is
+ *      not supported.
  *  "pClient"
  *      Address at which the returned LDAPClient is stored. Must be non-NULL.
  *  "plContext"
@@ -155,6 +162,17 @@ pkix_pl_AiaMgr_FindLDAPClient(
         PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient");
         PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient);
 
+        /*
+         * An LDAP URL may not have a <host> part, for example,
+         *     ldap:///o=University%20of%20Michigan,c=US
+         * PKIX_PL_LdapDefaultClient doesn't know how to discover the default
+         * LDAP server, so we don't support this kind of LDAP URL.
+         */
+        if (*domainName == '\0') {
+                /* Simulate a PKIX_PL_LdapDefaultClient_CreateByName failure. */
+                PKIX_ERROR(PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
+        }
+
         /* create PKIX_PL_String from domain name */
         PKIX_CHECK(PKIX_PL_String_Create
                 (PKIX_ESCASCII, domainName, 0, &domainString, plContext),
@@ -199,6 +217,7 @@ cleanup:
 
         PKIX_RETURN(AIAMGR);
 }
+#endif /* !NSS_PKIX_NO_LDAP */
 
 PKIX_Error *
 pkix_pl_AIAMgr_GetHTTPCerts(
@@ -375,6 +394,7 @@ cleanup:
         PKIX_RETURN(AIAMGR);
 }
 
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_Error *
 pkix_pl_AIAMgr_GetLDAPCerts(
         PKIX_PL_AIAMgr *aiaMgr,
@@ -483,6 +503,7 @@ cleanup:
 
         PKIX_RETURN(AIAMGR);
 }
+#endif /* !NSS_PKIX_NO_LDAP */
 
 /*
  * FUNCTION: PKIX_PL_AIAMgr_Create
@@ -619,10 +640,12 @@ PKIX_PL_AIAMgr_GetAIACerts(
 			PKIX_CHECK(pkix_pl_AIAMgr_GetHTTPCerts
 				(aiaMgr, ia, &nbio, &certs, plContext),
 				PKIX_AIAMGRGETHTTPCERTSFAILED);
+#ifndef NSS_PKIX_NO_LDAP
                 } else if (iaType == PKIX_INFOACCESS_LOCATION_LDAP) {
 			PKIX_CHECK(pkix_pl_AIAMgr_GetLDAPCerts
 				(aiaMgr, ia, &nbio, &certs, plContext),
 				PKIX_AIAMGRGETLDAPCERTSFAILED);
+#endif
                 } else {
                         /* We only support http and ldap requests. */
                         PKIX_DECREF(ia);
@@ -664,7 +687,9 @@ cleanup:
         if (PKIX_ERROR_RECEIVED) {
                 PKIX_DECREF(aiaMgr->aia);
                 PKIX_DECREF(aiaMgr->results);
+#ifndef NSS_PKIX_NO_LDAP
                 PKIX_DECREF(aiaMgr->client.ldapClient);
+#endif
         }
 
         PKIX_DECREF(certs);
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
index 00b872f..356c1ec 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
@@ -27,7 +27,9 @@ struct PKIX_PL_AIAMgrStruct {
         PKIX_PL_GeneralName *location;
         PKIX_List *results;
 	union {
+#ifndef NSS_PKIX_NO_LDAP
 	        PKIX_PL_LdapClient *ldapClient;
+#endif
 		struct {
 		        const SEC_HttpClientFcn *httpClient;
 			SEC_HTTP_SERVER_SESSION serverSession;
@@ -41,6 +43,7 @@ struct PKIX_PL_AIAMgrStruct {
 
 PKIX_Error *pkix_pl_AIAMgr_RegisterSelf(void *plContext);
 
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_Error *PKIX_PL_LdapClient_InitiateRequest(
         PKIX_PL_LdapClient *client,
         LDAPRequestParams *requestParams,
@@ -53,6 +56,7 @@ PKIX_Error *PKIX_PL_LdapClient_ResumeRequest(
         void **pPollDesc,
         PKIX_List **pResponse,
         void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
 
 #ifdef __cplusplus
 }
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
index f13c835..2036f5c 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
@@ -3135,6 +3135,7 @@ PKIX_Error *
 PKIX_PL_Cert_CheckNameConstraints(
         PKIX_PL_Cert *cert,
         PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean treatCommonNameAsDNSName,
         void *plContext)
 {
         PKIX_Boolean checkPass = PKIX_TRUE;
@@ -3151,11 +3152,14 @@ PKIX_PL_Cert_CheckNameConstraints(
                         PKIX_ERROR(PKIX_OUTOFMEMORY);
                 }
 
-                /* This NSS call returns both Subject and  Subject Alt Names */
+                /* This NSS call returns Subject Alt Names. If
+                 * treatCommonNameAsDNSName is true, it also returns the
+                 * Subject Common Name
+                 */
                 PKIX_CERT_DEBUG
                     ("\t\tCalling CERT_GetConstrainedCertificateNames\n");
                 nssSubjectNames = CERT_GetConstrainedCertificateNames
-                        (cert->nssCert, arena, PR_TRUE);
+                        (cert->nssCert, arena, treatCommonNameAsDNSName);
 
                 PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
                         (nssSubjectNames,
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
index 3ce6cbe..9fa8e92 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
@@ -481,9 +481,11 @@ PKIX_PL_InfoAccess_GetLocationType(
                     PKIX_STRINGGETENCODEDFAILED);
 
                 PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n");
+#ifndef NSS_PKIX_NO_LDAP
                 if (PORT_Strncmp(location, "ldap:", 5) == 0){
                         type = PKIX_INFOACCESS_LOCATION_LDAP;
                 } else
+#endif
                 if (PORT_Strncmp(location, "http:", 5) == 0){
                         type = PKIX_INFOACCESS_LOCATION_HTTP;
                 }
@@ -499,6 +501,7 @@ cleanup:
         PKIX_RETURN(INFOACCESS);
 }
 
+#ifndef NSS_PKIX_NO_LDAP
 /*
  * FUNCTION: pkix_pl_InfoAccess_ParseTokens
  * DESCRIPTION:
@@ -868,3 +871,4 @@ cleanup:
 
         PKIX_RETURN(INFOACCESS);
 }
+#endif /* !NSS_PKIX_NO_LDAP */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
index f56bfe1..e69d7b4 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
@@ -32,6 +32,7 @@ pkix_pl_InfoAccess_CreateList(
         PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
         void *plContext);
 
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_Error *
 pkix_pl_InfoAccess_ParseLocation(
         PKIX_PL_GeneralName *generalName,
@@ -39,6 +40,7 @@ pkix_pl_InfoAccess_ParseLocation(
         LDAPRequestParams *request,
         char **pDomainName,
         void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
 
 #ifdef __cplusplus
 }
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
index e1cb028..2946e07 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
@@ -38,7 +38,9 @@
 /* private PKIX_PL_NSS system headers */
 #include "pkix_pl_object.h"
 #include "pkix_pl_string.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapt.h"
+#endif /* !NSS_PKIX_NO_LDAP */
 #include "pkix_pl_aiamgr.h"
 #include "pkix_pl_bigint.h"
 #include "pkix_pl_oid.h"
@@ -62,9 +64,11 @@
 #include "pkix_pl_ocspresponse.h"
 #include "pkix_pl_pk11certstore.h"
 #include "pkix_pl_socket.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapcertstore.h"
 #include "pkix_pl_ldaprequest.h"
 #include "pkix_pl_ldapresponse.h"
+#endif /* !NSS_PKIX_NO_LDAP */
 #include "pkix_pl_nsscontext.h"
 #include "pkix_pl_httpcertstore.h"
 #include "pkix_pl_httpdefaultclient.h"
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
index 33381e6..6bc74b61 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -204,9 +204,11 @@ PKIX_PL_Initialize(
         pkix_ForwardBuilderState_RegisterSelf(plContext);
         pkix_SignatureCheckerState_RegisterSelf(plContext);
         pkix_NameConstraintsCheckerState_RegisterSelf(plContext);
+#ifndef NSS_PKIX_NO_LDAP
         pkix_pl_LdapRequest_RegisterSelf(plContext);
         pkix_pl_LdapResponse_RegisterSelf(plContext);
         pkix_pl_LdapDefaultClient_RegisterSelf(plContext);
+#endif
         pkix_pl_Socket_RegisterSelf(plContext);
 
         pkix_ResourceLimits_RegisterSelf(plContext); /* 51-59 */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
index 21c2033..9660af1 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
@@ -33,10 +33,12 @@
 #include "pkix_pl_crlentry.h"
 #include "pkix_pl_crl.h"
 #include "pkix_pl_colcertstore.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapcertstore.h"
 #include "pkix_pl_ldapdefaultclient.h"
 #include "pkix_pl_ldaprequest.h"
 #include "pkix_pl_ldapresponse.h"
+#endif /* !NSS_PKIX_NO_LDAP */
 #include "pkix_pl_socket.h"
 #include "pkix_pl_infoaccess.h"
 #include "pkix_store.h"
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
index e628c02..a6e0503 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
@@ -107,33 +107,16 @@ pkix_pl_OID_Equals(
         PKIX_Boolean *pResult,
         void *plContext)
 {
-        PKIX_UInt32 secondType;
-        SECComparison cmpResult;
+        PKIX_Int32 cmpResult;
 
         PKIX_ENTER(OID, "pkix_pl_OID_Equals");
         PKIX_NULLCHECK_THREE(first, second, pResult);
 
-        PKIX_CHECK(pkix_CheckType(first, PKIX_OID_TYPE, plContext),
-                    PKIX_FIRSTARGUMENTNOTANOID);
-
-        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
-                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
-        *pResult = PKIX_FALSE;
-
-        /*
-         * Do a quick check that the second object is an OID.
-         * If so, check that their lengths are equal.
-         */
-        if (secondType != PKIX_OID_TYPE) {
-                goto cleanup;
-        }
-
         PKIX_CHECK(pkix_pl_OID_Comparator
                     (first, second, &cmpResult, plContext),
                     PKIX_OIDCOMPARATORFAILED);
 
-        *pResult = (cmpResult == SECEqual);
+        *pResult = (cmpResult == 0);
 cleanup:
 
         PKIX_RETURN(OID);
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def
index 9804777..6f6b670 100644
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -1045,3 +1045,20 @@ CERT_GetSubjectPublicKeyDigest;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.16.1 { 	# NSS 3.16.1 release
+;+    global:
+PK11_ExportDERPrivateKeyInfo;
+PK11_ExportPrivKeyInfo;
+SECMOD_InternaltoPubMechFlags;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.16.2 { 	# NSS 3.16.2 release
+;+    global:
+CERT_AddExtensionByOID;
+CERT_GetGeneralNameTypeFromString;
+PK11_PubEncrypt;
+PK11_PrivDecrypt;
+;+    local:
+;+       *;
+;+};
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index 4cdf7242..ccd954c 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -9,7 +9,7 @@
 #define __nss_h_
 
 /* The private macro _NSS_ECC_STRING is for NSS internal use only. */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
 #define _NSS_ECC_STRING " Extended ECC"
 #else
@@ -33,10 +33,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.15.4" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION  "3.16.2" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
-#define NSS_VMINOR   15
-#define NSS_VPATCH   4
+#define NSS_VMINOR   16
+#define NSS_VPATCH   2
 #define NSS_VBUILD   0
 #define NSS_BETA     PR_FALSE
 
diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c
index 13cdaee..6218a7e 100644
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@@ -1091,14 +1091,6 @@ nss_Shutdown(void)
 	shutdownRV = SECFailure;
     }
     pk11sdr_Shutdown();
-    /*
-     * A thread's error stack is automatically destroyed when the thread
-     * terminates, except for the primordial thread, whose error stack is
-     * destroyed by PR_Cleanup.  Since NSS is usually shut down by the
-     * primordial thread and many NSS-based apps don't call PR_Cleanup,
-     * we destroy the calling thread's error stack here.
-     */
-    nss_DestroyErrorStack();
     nssArena_Shutdown();
     if (status == PR_FAILURE) {
 	if (NSS_GetError() == NSS_ERROR_BUSY) {
@@ -1106,6 +1098,16 @@ nss_Shutdown(void)
 	}
 	shutdownRV = SECFailure;
     }
+    /*
+     * A thread's error stack is automatically destroyed when the thread
+     * terminates, except for the primordial thread, whose error stack is
+     * destroyed by PR_Cleanup.  Since NSS is usually shut down by the
+     * primordial thread and many NSS-based apps don't call PR_Cleanup,
+     * we destroy the calling thread's error stack here. This must be
+     * done after any NSS_GetError call, otherwise NSS_GetError will
+     * create the error stack again.
+     */
+    nss_DestroyErrorStack();
     nssIsInitted = PR_FALSE;
     temp = nssInitContextList;
     nssInitContextList = NULL;
diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c
index 12e2149..5ad45a5 100644
--- a/security/nss/lib/pk11wrap/pk11akey.c
+++ b/security/nss/lib/pk11wrap/pk11akey.c
@@ -1713,7 +1713,13 @@ done:
 SECKEYPrivateKeyInfo *
 PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx)
 {
-    return NULL;
+    SECKEYPrivateKeyInfo *pki = NULL;
+    SECKEYPrivateKey     *pk  = PK11_FindKeyByAnyCert(cert, wincx);
+    if (pk != NULL) {
+	pki = PK11_ExportPrivKeyInfo(pk, wincx);
+	SECKEY_DestroyPrivateKey(pk);
+    }
+    return pki;
 }
 
 SECKEYEncryptedPrivateKeyInfo * 
@@ -1892,7 +1898,7 @@ PK11_ExportEncryptedPrivateKeyInfo(
 }
 
 SECItem*
-PK11_DEREncodePublicKey(SECKEYPublicKey *pubk)
+PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk)
 {
     return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk);
 }
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index 39168b9..3f3edb1 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
      * CERTCertificate, and finish
      */
     nssPKIObject_AddInstance(&c->object, certobj);
+    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
+     * replace 'c' by a different value. So we add a reference to 'c' to
+     * prevent 'c' from being destroyed. */
+    nssCertificate_AddRef(c);
     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
+    /* XXX should we pass the original value of 'c' to
+     * STAN_ForceCERTCertificateUpdate? */
     (void)STAN_ForceCERTCertificateUpdate(c);
+    nssCertificate_Destroy(c);
     SECITEM_FreeItem(keyID,PR_TRUE);
     return SECSuccess;
 loser:
diff --git a/security/nss/lib/pk11wrap/pk11cxt.c b/security/nss/lib/pk11wrap/pk11cxt.c
index 8aeb63e..d626ba7 100644
--- a/security/nss/lib/pk11wrap/pk11cxt.c
+++ b/security/nss/lib/pk11wrap/pk11cxt.c
@@ -754,6 +754,9 @@ PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen)
     CK_RV crv = CKR_OK;
     SECStatus rv = SECSuccess;
 
+    if (inLen == 0) {
+        return SECSuccess;
+    }
     if (!in) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c
index e1e764b..6700180 100644
--- a/security/nss/lib/pk11wrap/pk11load.c
+++ b/security/nss/lib/pk11wrap/pk11load.c
@@ -55,6 +55,11 @@ static const CK_C_INITIALIZE_ARGS secmodLockFunctions = {
 	CKF_OS_LOCKING_OK
     ,NULL
 };
+static const CK_C_INITIALIZE_ARGS secmodNoLockArgs = {
+    NULL, NULL, NULL, NULL,
+    CKF_LIBRARY_CANT_CREATE_OS_THREADS
+    ,NULL
+};
 
 static PRBool loadSingleThreadedModules = PR_TRUE;
 static PRBool enforceAlreadyInitializedError = PR_TRUE;
@@ -209,12 +214,18 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload,
         return SECFailure;
     }
 
-    if (mod->isThreadSafe == PR_FALSE) {
-	pInitArgs = NULL;
-    } else if (mod->libraryParams == NULL) {
-	pInitArgs = (void *) &secmodLockFunctions;
+    if (mod->libraryParams == NULL) {
+	if (mod->isThreadSafe) {
+	    pInitArgs = (void *) &secmodLockFunctions;
+	} else {
+	    pInitArgs = NULL;
+	}
     } else {
-	moduleArgs = secmodLockFunctions;
+	if (mod->isThreadSafe) {
+	    moduleArgs = secmodLockFunctions;
+	} else {
+	    moduleArgs = secmodNoLockArgs;
+	}
 	moduleArgs.LibraryParameters = (void *) mod->libraryParams;
 	pInitArgs = &moduleArgs;
     }
@@ -251,18 +262,30 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload,
 	}
     }
     if (crv != CKR_OK) {
-	if (pInitArgs == NULL ||
+	if (!mod->isThreadSafe ||
 		crv == CKR_NETSCAPE_CERTDB_FAILED ||
 		crv == CKR_NETSCAPE_KEYDB_FAILED) {
 	    PORT_SetError(PK11_MapError(crv));
 	    return SECFailure;
 	}
+	/* If we had attempted to init a single threaded module "with"
+	 * parameters and it failed, should we retry "without" parameters?
+	 * (currently we don't retry in this scenario) */
+
 	if (!loadSingleThreadedModules) {
 	    PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11);
 	    return SECFailure;
 	}
+	/* If we arrive here, the module failed a ThreadSafe init. */
 	mod->isThreadSafe = PR_FALSE;
-    	crv = PK11_GETTAB(mod)->C_Initialize(NULL);
+	if (!mod->libraryParams) {
+	    pInitArgs = NULL;
+	} else {
+	    moduleArgs = secmodNoLockArgs;
+	    moduleArgs.LibraryParameters = (void *) mod->libraryParams;
+	    pInitArgs = &moduleArgs;
+	}
+    	crv = PK11_GETTAB(mod)->C_Initialize(pInitArgs);
 	if ((CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) &&
 	    (!enforceAlreadyInitializedError)) {
 	    *alreadyLoaded = PR_TRUE;
diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c
index 2db8e8e..70802948 100644
--- a/security/nss/lib/pk11wrap/pk11obj.c
+++ b/security/nss/lib/pk11wrap/pk11obj.c
@@ -81,6 +81,9 @@ PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object) {
  * Read in a single attribute into a SECItem. Allocate space for it with 
  * PORT_Alloc unless an arena is supplied. In the latter case use the arena
  * to allocate the space.
+ *
+ * PK11_ReadAttribute sets the 'data' and 'len' fields of the SECItem but
+ * does not modify its 'type' field.
  */
 SECStatus
 PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
@@ -911,17 +914,11 @@ PK11_Encrypt(PK11SymKey *symKey,
     return SECSuccess;
 }
 
-/*
- * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use
- * RSA keys, or they'll fail. We do the checks up front. If anyone comes
- * up with a meaning for rawdecrypt for any other public key operation,
- * then we need to move this check into some of PK11_PubDecrypt callers,
- * (namely SSL 2.0).
- */
 static SECStatus
-pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, 
-	unsigned *outLen, unsigned int maxLen, unsigned char *enc,
-				    unsigned encLen, CK_MECHANISM_PTR mech)
+pk11_PrivDecryptRaw(SECKEYPrivateKey *key,
+                    unsigned char *data,  unsigned *outLen, unsigned int maxLen,
+                    const unsigned char *enc, unsigned encLen,
+                    CK_MECHANISM_PTR mech)
 {
     PK11SlotInfo *slot = key->pkcs11Slot;
     CK_ULONG out = maxLen;
@@ -957,11 +954,12 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
      * do C_Login with CKU_CONTEXT_SPECIFIC 
      * between C_DecryptInit and C_Decrypt
      * ... But see note above about servers */
-     if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
+    if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
 	PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
     }
 
-    crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out);
+    crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
+				       data, &out);
     if (haslock) PK11_ExitSlotMonitor(slot);
     pk11_CloseSession(slot,session,owner);
     *outLen = out;
@@ -973,41 +971,37 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
 }
 
 SECStatus
-PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, 
-	unsigned *outLen, unsigned int maxLen, unsigned char *enc,
-				    unsigned encLen)
+PK11_PubDecryptRaw(SECKEYPrivateKey *key,
+                   unsigned char *data, unsigned *outLen, unsigned int maxLen,
+                   const unsigned char *enc, unsigned encLen)
 {
     CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 };
     return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech);
 }
 
 SECStatus
-PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data, 
-	unsigned *outLen, unsigned int maxLen, unsigned char *enc,
-				    unsigned encLen)
+PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key,
+                      unsigned char *data, unsigned *outLen, unsigned int maxLen,
+                      const unsigned char *enc, unsigned encLen)
 {
     CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 };
     return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech);
 }
 
 static SECStatus
-pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
-		    unsigned char *data, unsigned dataLen, 
-		    CK_MECHANISM_PTR mech, void *wincx)
+pk11_PubEncryptRaw(SECKEYPublicKey *key,
+                   unsigned char *out, unsigned int *outLen,
+                   unsigned int maxLen,
+                   const unsigned char *data, unsigned dataLen,
+                   CK_MECHANISM_PTR mech, void *wincx)
 {
     PK11SlotInfo *slot;
     CK_OBJECT_HANDLE id;
-    CK_ULONG out;
+    CK_ULONG len = maxLen;
     PRBool owner = PR_TRUE;
     CK_SESSION_HANDLE session;
     CK_RV crv;
 
-    if (!key || key->keyType != rsaKey) {
-	PORT_SetError( SEC_ERROR_BAD_KEY );
-	return SECFailure;
-    }
-    out = SECKEY_PublicKeyStrength(key);
-
     slot = PK11_GetBestSlotWithAttributes(mech->mechanism,CKF_ENCRYPT,0,wincx);
     if (slot == NULL) {
 	PORT_SetError( SEC_ERROR_NO_MODULE );
@@ -1032,10 +1026,12 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
 	PORT_SetError( PK11_MapError(crv) );
 	return SECFailure;
     }
-    crv = PK11_GETTAB(slot)->C_Encrypt(session,data,dataLen,enc,&out);
+    crv = PK11_GETTAB(slot)->C_Encrypt(session,(unsigned char *)data,dataLen,
+				       out,&len);
     if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
     pk11_CloseSession(slot,session,owner);
     PK11_FreeSlot(slot);
+    *outLen = len;
     if (crv != CKR_OK) {
 	PORT_SetError( PK11_MapError(crv) );
 	return SECFailure;
@@ -1044,19 +1040,69 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
 }
 
 SECStatus
-PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
-		unsigned char *data, unsigned dataLen, void *wincx)
+PK11_PubEncryptRaw(SECKEYPublicKey *key,
+                   unsigned char *enc,
+                   const unsigned char *data, unsigned dataLen,
+                   void *wincx)
 {
     CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 };
-    return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx);
+    unsigned int outLen;
+    if (!key || key->keyType != rsaKey) {
+	PORT_SetError(SEC_ERROR_BAD_KEY);
+	return SECFailure;
+    }
+    outLen = SECKEY_PublicKeyStrength(key);
+    return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech,
+                              wincx);
 }
 
 SECStatus
-PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc,
-		unsigned char *data, unsigned dataLen, void *wincx)
+PK11_PubEncryptPKCS1(SECKEYPublicKey *key,
+                     unsigned char *enc,
+                     const unsigned char *data, unsigned dataLen,
+                     void *wincx)
 {
     CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 };
-    return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx);
+    unsigned int outLen;
+    if (!key || key->keyType != rsaKey) {
+	PORT_SetError(SEC_ERROR_BAD_KEY);
+	return SECFailure;
+    }
+    outLen = SECKEY_PublicKeyStrength(key);
+    return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech,
+                              wincx);
+}
+
+SECStatus
+PK11_PrivDecrypt(SECKEYPrivateKey *key,
+                 CK_MECHANISM_TYPE mechanism, SECItem *param,
+                 unsigned char *out, unsigned int *outLen,
+                 unsigned int maxLen,
+                 const unsigned char *enc, unsigned encLen)
+{
+    CK_MECHANISM mech = { mechanism, NULL, 0 };
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+    return pk11_PrivDecryptRaw(key, out, outLen, maxLen, enc, encLen, &mech);
+}
+
+SECStatus
+PK11_PubEncrypt(SECKEYPublicKey *key,
+                CK_MECHANISM_TYPE mechanism, SECItem *param,
+                unsigned char *out, unsigned int *outLen,
+                unsigned int maxLen,
+                const unsigned char *data, unsigned dataLen,
+                void *wincx)
+{
+    CK_MECHANISM mech = { mechanism, NULL, 0 };
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+    return pk11_PubEncryptRaw(key, out, outLen, maxLen, data, dataLen, &mech,
+                              wincx);
 }
 
 SECKEYPrivateKey *
diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c
index 806b387..471e57b 100644
--- a/security/nss/lib/pk11wrap/pk11pk12.c
+++ b/security/nss/lib/pk11wrap/pk11pk12.c
@@ -18,6 +18,7 @@
 #include "secoid.h"
 #include "secasn1.h"
 #include "secerr.h"
+#include "prerror.h"
 
 
 
@@ -516,3 +517,112 @@ PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki,
 
 }
 
+SECItem *
+PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx)
+{
+    SECKEYPrivateKeyInfo *pki = PK11_ExportPrivKeyInfo(pk, wincx);
+    SECItem *derPKI;
+
+    if (!pki) {
+        return NULL;
+    }
+    derPKI = SEC_ASN1EncodeItem(NULL, NULL, pki,
+                                SECKEY_PrivateKeyInfoTemplate);
+    SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE);
+    return derPKI;
+}
+
+static PRBool
+ReadAttribute(SECKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
+              PLArenaPool *arena, SECItem *output)
+{
+    SECStatus rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, type,
+                                      arena, output);
+    return rv == SECSuccess;
+}
+
+/*
+ * The caller is responsible for freeing the return value by passing it to
+ * SECKEY_DestroyPrivateKeyInfo(..., PR_TRUE).
+ */
+SECKEYPrivateKeyInfo *
+PK11_ExportPrivKeyInfo(SECKEYPrivateKey *pk, void *wincx)
+{
+    /* PrivateKeyInfo version (always zero) */
+    const unsigned char pkiVersion = 0;
+    /* RSAPrivateKey version (always zero) */
+    const unsigned char rsaVersion = 0;
+    PLArenaPool *arena = NULL;
+    SECKEYRawPrivateKey rawKey;
+    SECKEYPrivateKeyInfo *pki;
+    SECItem *encoded;
+    SECStatus rv;
+
+    if (pk->keyType != rsaKey) {
+        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+        goto loser;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        goto loser;
+    }
+    memset(&rawKey, 0, sizeof(rawKey));
+    rawKey.keyType = pk->keyType;
+    rawKey.u.rsa.version.type = siUnsignedInteger;
+    rawKey.u.rsa.version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1);
+    if (!rawKey.u.rsa.version.data) {
+        goto loser;
+    }
+    rawKey.u.rsa.version.data[0] = rsaVersion;
+    rawKey.u.rsa.version.len = 1;
+
+    /* Read the component attributes of the private key */
+    prepare_rsa_priv_key_export_for_asn1(&rawKey);
+    if (!ReadAttribute(pk, CKA_MODULUS, arena, &rawKey.u.rsa.modulus) ||
+        !ReadAttribute(pk, CKA_PUBLIC_EXPONENT, arena,
+                       &rawKey.u.rsa.publicExponent) ||
+        !ReadAttribute(pk, CKA_PRIVATE_EXPONENT, arena,
+                       &rawKey.u.rsa.privateExponent) ||
+        !ReadAttribute(pk, CKA_PRIME_1, arena, &rawKey.u.rsa.prime1) ||
+        !ReadAttribute(pk, CKA_PRIME_2, arena, &rawKey.u.rsa.prime2) ||
+        !ReadAttribute(pk, CKA_EXPONENT_1, arena,
+                       &rawKey.u.rsa.exponent1) ||
+        !ReadAttribute(pk, CKA_EXPONENT_2, arena,
+                       &rawKey.u.rsa.exponent2) ||
+        !ReadAttribute(pk, CKA_COEFFICIENT, arena,
+                       &rawKey.u.rsa.coefficient)) {
+        goto loser;
+    }
+
+    pki = PORT_ArenaZNew(arena, SECKEYPrivateKeyInfo);
+    if (!pki) {
+        goto loser;
+    }
+    encoded = SEC_ASN1EncodeItem(arena, &pki->privateKey, &rawKey,
+                                 SECKEY_RSAPrivateKeyExportTemplate);
+    if (!encoded) {
+        goto loser;
+    }
+    rv = SECOID_SetAlgorithmID(arena, &pki->algorithm,
+                               SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    pki->version.type = siUnsignedInteger;
+    pki->version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1);
+    if (!pki->version.data) {
+        goto loser;
+    }
+    pki->version.data[0] = pkiVersion;
+    pki->version.len = 1;
+    pki->arena = arena;
+
+    return pki;
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    return NULL;
+}
diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h
index 2c08324..f0bf2c8 100644
--- a/security/nss/lib/pk11wrap/pk11pub.h
+++ b/security/nss/lib/pk11wrap/pk11pub.h
@@ -520,18 +520,38 @@ SECStatus PK11_Encrypt(PK11SymKey *symKey,
 		       const unsigned char *data, unsigned int dataLen);
 
 /* note: despite the name, this function takes a private key. */
-SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
-   unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
+SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key,
+                             unsigned char *data, unsigned *outLen,
+                             unsigned int maxLen,
+                             const unsigned char *enc, unsigned encLen);
 #define PK11_PrivDecryptRaw PK11_PubDecryptRaw
 /* The encrypt function that complements the above decrypt function. */
-SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
-                unsigned char *data, unsigned dataLen, void *wincx);
-
-SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data,
-   unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
+SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key,
+                             unsigned char *enc,
+                             const unsigned char *data, unsigned dataLen,
+                             void *wincx);
+
+SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key,
+                                unsigned char *data, unsigned *outLen,
+                                unsigned int maxLen,
+                                const unsigned char *enc, unsigned encLen);
 /* The encrypt function that complements the above decrypt function. */
-SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc,
-                unsigned char *data, unsigned dataLen, void *wincx);
+SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key,
+                               unsigned char *enc,
+                               const unsigned char *data, unsigned dataLen,
+                               void *wincx);
+
+SECStatus PK11_PrivDecrypt(SECKEYPrivateKey *key,
+                           CK_MECHANISM_TYPE mechanism, SECItem *param,
+                           unsigned char *out, unsigned int *outLen,
+                           unsigned int maxLen,
+                           const unsigned char *enc, unsigned int encLen);
+SECStatus PK11_PubEncrypt(SECKEYPublicKey *key,
+                          CK_MECHANISM_TYPE mechanism, SECItem *param,
+                          unsigned char *out, unsigned int *outLen,
+                          unsigned int maxLen,
+                          const unsigned char *data, unsigned int dataLen,
+                          void *wincx);
 
 SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, 
 		SECKEYPrivateKeyInfo *pki, SECItem *nickname,
@@ -559,6 +579,9 @@ SECStatus PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
 		SECItem *nickname, SECItem *publicValue, PRBool isPerm,
 		PRBool isPrivate, KeyType type, 
 		unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
+SECItem *PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx);
+SECKEYPrivateKeyInfo *PK11_ExportPrivKeyInfo(
+		SECKEYPrivateKey *pk, void *wincx);
 SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo(
 		CERTCertificate *cert, void *wincx);
 SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo(
@@ -585,7 +608,7 @@ SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
  * The caller of PK11_DEREncodePublicKey should free the returned SECItem with
  * a SECITEM_FreeItem(..., PR_TRUE) call.
  */
-SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk);
+SECItem* PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk);
 PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey,
 	CK_MECHANISM_TYPE mech);
 SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot,
@@ -770,9 +793,10 @@ PK11_GetPBECryptoMechanism(SECAlgorithmID *algid,
 /**********************************************************************
  * Functions to manage secmod flags
  **********************************************************************/
-PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
+const PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
 SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
-				   PK11DefaultArrayEntry *entry, PRBool add);
+				   const PK11DefaultArrayEntry *entry,
+				   PRBool add);
 
 /**********************************************************************
  * Functions to look at PKCS #11 dependent data
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index 4e26e44..4c5b9f1 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -2229,7 +2229,9 @@ PK11_PubDeriveWithKDF(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
 	return pk11_PubDeriveECKeyWithKDF( privKey, pubKey, isSender, 
 		randomA, randomB, derive, target, operation, keySize, 
 		kdf, sharedData, wincx);
-    default: break;
+    default:
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        break;
     }
 
     return NULL;
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index dede1e2..1f6597b 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -29,9 +29,10 @@
  * to make the config files understand more entries, add them
  * to this table.
  */
-PK11DefaultArrayEntry PK11_DefaultArray[] = {
+const PK11DefaultArrayEntry PK11_DefaultArray[] = {
 	{ "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
 	{ "DSA", SECMOD_DSA_FLAG, CKM_DSA },
+	{ "ECC", SECMOD_ECC_FLAG, CKM_ECDSA },
 	{ "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },
 	{ "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },
 	{ "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
@@ -56,7 +57,7 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = {
 const int num_pk11_default_mechanisms = 
                 sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]);
 
-PK11DefaultArrayEntry *
+const PK11DefaultArrayEntry *
 PK11_GetDefaultArray(int *size)
 {
     if (size) {
@@ -948,9 +949,10 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
  * returns: SECSuccess if nothing to do or add/delete is successful
  */
 SECStatus
-PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
-                        PRBool add)  
-                        /* add: PR_TRUE if want to turn on */
+PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
+                         const PK11DefaultArrayEntry *entry,
+                         PRBool add)
+                         /* add: PR_TRUE if want to turn on */
 {
     SECStatus result = SECSuccess;
     PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);
@@ -1501,6 +1503,12 @@ PK11_GetDisabledReason(PK11SlotInfo *slot)
 /* returns PR_FALSE otherwise */
 PRBool PK11_UserDisableSlot(PK11SlotInfo *slot) {
 
+    /* Prevent users from disabling the internal module. */
+    if (slot->isInternal) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return PR_FALSE;
+    }
+
     slot->defaultFlags |= PK11_DISABLE_FLAG;
     slot->disabled = PR_TRUE;
     slot->reason = PK11_DIS_USER_SELECTED;
diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c
index 35cef9e..58ff5da 100644
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -27,8 +27,8 @@ static SECMODListLock *moduleLock = NULL;
 
 int secmod_PrivateModuleCount = 0;
 
-extern PK11DefaultArrayEntry PK11_DefaultArray[];
-extern int num_pk11_default_mechanisms;
+extern const PK11DefaultArrayEntry PK11_DefaultArray[];
+extern const int num_pk11_default_mechanisms;
 
 
 void
diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h
index 0557334..9cc4cfb 100644
--- a/security/nss/lib/pk11wrap/secmod.h
+++ b/security/nss/lib/pk11wrap/secmod.h
@@ -28,6 +28,7 @@
 #define PUBLIC_MECH_SHA512_FLAG      0x00008000ul
 #define PUBLIC_MECH_CAMELLIA_FLAG    0x00010000ul
 #define PUBLIC_MECH_SEED_FLAG        0x00020000ul
+#define PUBLIC_MECH_ECC_FLAG         0x00040000ul
 
 #define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
 #define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul
@@ -138,6 +139,7 @@ PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod);
 /* Functions used to convert between internal & public representation
  * of Mechanism Flags and Cipher Enable Flags */
 extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags);
+extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
 extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags);
 
 PRBool SECMOD_HasRemovableSlots(SECMODModule *mod);
diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h
index 4a86756..830fb67 100644
--- a/security/nss/lib/pk11wrap/secmodi.h
+++ b/security/nss/lib/pk11wrap/secmodi.h
@@ -50,7 +50,6 @@ extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *);
 extern void SECMOD_DestroyModuleList(SECMODModuleList *);
 extern SECStatus SECMOD_AddModule(SECMODModule *newModule);
 
-extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
 extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags);
 
 /* Library functions */
diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h
index 73d2a7e..33e7f1b 100644
--- a/security/nss/lib/pk11wrap/secmodt.h
+++ b/security/nss/lib/pk11wrap/secmodt.h
@@ -127,12 +127,12 @@ typedef enum {
 } PK11CertListType;
 
 /*
- * Entry into the Array which lists all the legal bits for the default flags
- * in the slot, their definition, and the PKCS #11 mechanism the represent
- * Always Statically allocated. 
+ * Entry into the array which lists all the legal bits for the default flags
+ * in the slot, their definition, and the PKCS #11 mechanism they represent.
+ * Always statically allocated. 
  */
 struct PK11DefaultArrayEntryStr {
-    char *name;
+    const char *name;
     unsigned long flag;
     unsigned long mechanism; /* this is a long so we don't include the 
 			      * whole pkcs 11 world to use this header */
diff --git a/security/nss/lib/pkcs12/p12creat.c b/security/nss/lib/pkcs12/p12creat.c
index 235ddfb..65bf086 100644
--- a/security/nss/lib/pkcs12/p12creat.c
+++ b/security/nss/lib/pkcs12/p12creat.c
@@ -54,7 +54,7 @@ sec_pkcs12_new_asafe(PLArenaPool *poolp)
     if(asafe == NULL)
 	goto loser;
     asafe->poolp = poolp;
-    PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS7ContentInfo));
+    PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS12Baggage_OLD));
 
     PORT_ArenaUnmark(poolp, mark);
     return asafe;
diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c
index 826ba6b..0842d8b 100644
--- a/security/nss/lib/pki/tdcache.c
+++ b/security/nss/lib/pki/tdcache.c
@@ -468,10 +468,10 @@ nssTrustDomain_UpdateCachedTokenCerts (
     if (count > 0) {
 	cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
 	if (!cached) {
+	    nssList_Destroy(certList);
 	    return PR_FAILURE;
 	}
 	nssList_GetArray(certList, (void **)cached, count);
-	nssList_Destroy(certList);
 	for (cp = cached; *cp; cp++) {
 	    nssCryptokiObject *instance;
 	    NSSCertificate *c = *cp;
@@ -490,6 +490,7 @@ nssTrustDomain_UpdateCachedTokenCerts (
 	}
 	nssCertificateArray_Destroy(cached);
     }
+    nssList_Destroy(certList);
     return PR_SUCCESS;
 }
 
diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def
index 57c9b1c..a5e1a37 100644
--- a/security/nss/lib/smime/smime.def
+++ b/security/nss/lib/smime/smime.def
@@ -273,3 +273,9 @@ SEC_PKCS7VerifyDetachedSignatureAtTime;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.16 {    # NSS 3.16 release
+;+    global:
+NSS_CMSSignerInfo_Verify;
+;+    local:
+;+       *;
+;+};
diff --git a/security/nss/lib/softoken/config.mk b/security/nss/lib/softoken/config.mk
index 908d1d9..6058e71 100644
--- a/security/nss/lib/softoken/config.mk
+++ b/security/nss/lib/softoken/config.mk
@@ -61,7 +61,3 @@ endif
 ifeq ($(OS_TARGET),AIX)
 OS_LIBS += -lpthread
 endif
-
-ifeq ($(OS_TARGET),SunOS)
-OS_LIBS += -lbsm 
-endif
diff --git a/security/nss/lib/softoken/ecdecode.c b/security/nss/lib/softoken/ecdecode.c
deleted file mode 100644
index b04d022..0000000
--- a/security/nss/lib/softoken/ecdecode.c
+++ /dev/null
@@ -1,606 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef NSS_ENABLE_ECC
-
-#include "blapi.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secerr.h"
-#include "ec.h"
-#include "ecl-curve.h"
-
-#define CHECK_OK(func) if (func == NULL) goto cleanup
-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
-
-/*
- * Initializes a SECItem from a hexadecimal string
- *
- * Warning: This function ignores leading 00's, so any leading 00's
- * in the hexadecimal string must be optional.
- */
-static SECItem *
-hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
-{
-    int i = 0;
-    int byteval = 0;
-    int tmp = PORT_Strlen(str);
-
-    if ((tmp % 2) != 0) return NULL;
-    
-    /* skip leading 00's unless the hex string is "00" */
-    while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) {
-        str += 2;
-        tmp -= 2;
-    }
-
-    item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2);
-    if (item->data == NULL) return NULL;
-    item->len = tmp/2;
-
-    while (str[i]) {
-        if ((str[i] >= '0') && (str[i] <= '9'))
-	    tmp = str[i] - '0';
-	else if ((str[i] >= 'a') && (str[i] <= 'f'))
-	    tmp = str[i] - 'a' + 10;
-	else if ((str[i] >= 'A') && (str[i] <= 'F'))
-	    tmp = str[i] - 'A' + 10;
-	else
-	    return NULL;
-
-	byteval = byteval * 16 + tmp;
-	if ((i % 2) != 0) {
-	    item->data[i/2] = byteval;
-	    byteval = 0;
-	}
-	i++;
-    }
-
-    return item;
-}
-
-/* Copy all of the fields from srcParams into dstParams
- */
-SECStatus
-EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
-	      const ECParams *srcParams)
-{
-    SECStatus rv = SECFailure;
-
-    dstParams->arena = arena;
-    dstParams->type = srcParams->type;
-    dstParams->fieldID.size = srcParams->fieldID.size;
-    dstParams->fieldID.type = srcParams->fieldID.type;
-    if (srcParams->fieldID.type == ec_field_GFp) {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
-	    &srcParams->fieldID.u.prime));
-    } else {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
-	    &srcParams->fieldID.u.poly));
-    }
-    dstParams->fieldID.k1 = srcParams->fieldID.k1;
-    dstParams->fieldID.k2 = srcParams->fieldID.k2;
-    dstParams->fieldID.k3 = srcParams->fieldID.k3;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
-	&srcParams->curve.a));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
-	&srcParams->curve.b));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
-	&srcParams->curve.seed));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
-	&srcParams->base));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
-	&srcParams->order));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
-	&srcParams->DEREncoding));
-	dstParams->name = srcParams->name;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
- 	&srcParams->curveOID));
-    dstParams->cofactor = srcParams->cofactor;
-
-    return SECSuccess;
-
-cleanup:
-    return SECFailure;
-}
-
-static SECStatus
-gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params)
-{
-    SECStatus rv = SECFailure;
-    const ECCurveParams *curveParams;
-    /* 2 ['0'+'4'] + MAX_ECKEY_LEN * 2 [x,y] * 2 [hex string] + 1 ['\0'] */
-    char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
-
-    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup;
-    params->name = name;
-    curveParams = ecCurve_map[params->name];
-    CHECK_OK(curveParams);
-    params->fieldID.size = curveParams->size;
-    params->fieldID.type = field_type;
-    if (field_type == ec_field_GFp) {
-	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime, 
-	    curveParams->irr));
-    } else {
-	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly, 
-	    curveParams->irr));
-    }
-    CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, 
-	curveParams->curvea));
-    CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, 
-	curveParams->curveb));
-    genenc[0] = '0';
-    genenc[1] = '4';
-    genenc[2] = '\0';
-    strcat(genenc, curveParams->genx);
-    strcat(genenc, curveParams->geny);
-    CHECK_OK(hexString2SECItem(params->arena, &params->base, genenc));
-    CHECK_OK(hexString2SECItem(params->arena, &params->order, 
-    	curveParams->order));
-    params->cofactor = curveParams->cofactor;
-
-    rv = SECSuccess;
-
-cleanup:
-    return rv;
-}
-
-SECStatus
-EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
-    ECParams *params)
-{
-    SECStatus rv = SECFailure;
-    SECOidTag tag;
-    SECItem oid = { siBuffer, NULL, 0};
-
-#if EC_DEBUG
-    int i;
-
-    printf("Encoded params in EC_DecodeParams: ");
-    for (i = 0; i < encodedParams->len; i++) {
-	    printf("%02x:", encodedParams->data[i]);
-    }
-    printf("\n");
-#endif
-
-    if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
-	(encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
-	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	    return SECFailure;
-    };
-
-    oid.len = encodedParams->len - 2;
-    oid.data = encodedParams->data + 2;
-    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
-	((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { 
-	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	    return SECFailure;
-    }
-
-    params->arena = arena;
-    params->cofactor = 0;
-    params->type = ec_params_named;
-    params->name = ECCurve_noName;
-
-    /* For named curves, fill out curveOID */
-    params->curveOID.len = oid.len;
-    params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len);
-    if (params->curveOID.data == NULL) goto cleanup;
-    memcpy(params->curveOID.data, oid.data, oid.len);
-
-#if EC_DEBUG
-    printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
-#endif
-
-    switch (tag) {
-
-    /* Binary curves */
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V1:
-	/* Populate params for c2pnb163v1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V2:
-	/* Populate params for c2pnb163v2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V3:
-	/* Populate params for c2pnb163v3 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB176V1:
-	/* Populate params for c2pnb176v1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V1:
-	/* Populate params for c2tnb191v1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V2:
-	/* Populate params for c2tnb191v2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V3:
-	/* Populate params for c2tnb191v3 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB208W1:
-	/* Populate params for c2pnb208w1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V1:
-	/* Populate params for c2tnb239v1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V2:
-	/* Populate params for c2tnb239v2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V3:
-	/* Populate params for c2tnb239v3 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB272W1:
-	/* Populate params for c2pnb272w1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB304W1:
-	/* Populate params for c2pnb304w1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB359V1:
-	/* Populate params for c2tnb359v1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB368W1:
-	/* Populate params for c2pnb368w1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB431R1:
-	/* Populate params for c2tnb431r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m,
-	    params) );
-	break;
-	
-    case SEC_OID_SECG_EC_SECT113R1:
-	/* Populate params for sect113r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT113R2:
-	/* Populate params for sect113r2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT131R1:
-	/* Populate params for sect131r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT131R2:
-	/* Populate params for sect131r2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT163K1:
-	/* Populate params for sect163k1
-	 * (the NIST K-163 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT163R1:
-	/* Populate params for sect163r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT163R2:
-	/* Populate params for sect163r2
-	 * (the NIST B-163 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT193R1:
-	/* Populate params for sect193r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT193R2:
-	/* Populate params for sect193r2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT233K1:
-	/* Populate params for sect233k1
-	 * (the NIST K-233 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT233R1:
-	/* Populate params for sect233r1
-	 * (the NIST B-233 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT239K1:
-	/* Populate params for sect239k1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT283K1:
-        /* Populate params for sect283k1
-	 * (the NIST K-283 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT283R1:
-	/* Populate params for sect283r1
-	 * (the NIST B-283 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT409K1:
-	/* Populate params for sect409k1
-	 * (the NIST K-409 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT409R1:
-	/* Populate params for sect409r1
-	 * (the NIST B-409 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT571K1:
-	/* Populate params for sect571k1
-	 * (the NIST K-571 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECT571R1:
-	/* Populate params for sect571r1
-	 * (the NIST B-571 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m,
-	    params) );
-	break;
-
-    /* Prime curves */
-
-    case SEC_OID_ANSIX962_EC_PRIME192V1:
-	/* Populate params for prime192v1 aka secp192r1 
-	 * (the NIST P-192 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V2:
-	/* Populate params for prime192v2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V3:
-	/* Populate params for prime192v3 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp,
-	    params) );
-	break;
-	
-    case SEC_OID_ANSIX962_EC_PRIME239V1:
-	/* Populate params for prime239v1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME239V2:
-	/* Populate params for prime239v2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME239V3:
-	/* Populate params for prime239v3 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME256V1:
-	/* Populate params for prime256v1 aka secp256r1
-	 * (the NIST P-256 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP112R1:
-        /* Populate params for secp112r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP112R2:
-        /* Populate params for secp112r2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP128R1:
-        /* Populate params for secp128r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP128R2:
-        /* Populate params for secp128r2 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp,
-	    params) );
-	break;
-	
-    case SEC_OID_SECG_EC_SECP160K1:
-        /* Populate params for secp160k1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP160R1:
-        /* Populate params for secp160r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP160R2:
-	/* Populate params for secp160r1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP192K1:
-	/* Populate params for secp192k1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP224K1:
-	/* Populate params for secp224k1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP224R1:
-	/* Populate params for secp224r1 
-	 * (the NIST P-224 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP256K1:
-	/* Populate params for secp256k1 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP384R1:
-	/* Populate params for secp384r1
-	 * (the NIST P-384 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
-	    params) );
-	break;
-
-    case SEC_OID_SECG_EC_SECP521R1:
-	/* Populate params for secp521r1 
-	 * (the NIST P-521 curve)
-	 */
-	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
-	    params) );
-	break;
-
-    default:
-	break;
-    };
-
-cleanup:
-    if (!params->cofactor) {
-	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-#if EC_DEBUG
-	printf("Unrecognized curve, returning NULL params\n");
-#endif
-    }
-
-    return rv;
-}
-
-SECStatus
-EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
-{
-    PLArenaPool *arena;
-    ECParams *params;
-    SECStatus rv = SECFailure;
-
-    /* Initialize an arena for the ECParams structure */
-    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
-	return SECFailure;
-
-    params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
-    if (!params) {
-	PORT_FreeArena(arena, PR_TRUE);
-	return SECFailure;
-    }
-
-    /* Copy the encoded params */
-    SECITEM_AllocItem(arena, &(params->DEREncoding),
-	encodedParams->len);
-    memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
-
-    /* Fill out the rest of the ECParams structure based on 
-     * the encoded params 
-     */
-    rv = EC_FillParams(arena, encodedParams, params);
-    if (rv == SECFailure) {
-	PORT_FreeArena(arena, PR_TRUE);	
-	return SECFailure;
-    } else {
-	*ecparams = params;;
-	return SECSuccess;
-    }
-}
-
-#endif /* NSS_ENABLE_ECC */
diff --git a/security/nss/lib/softoken/fipstest.c b/security/nss/lib/softoken/fipstest.c
index 6fc424f..aed33bb 100644
--- a/security/nss/lib/softoken/fipstest.c
+++ b/security/nss/lib/softoken/fipstest.c
@@ -13,7 +13,7 @@
 #include "pkcs11.h"     /* Required for PKCS #11. */
 #include "secerr.h"
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #include "ec.h"         /* Required for ECDSA */
 #endif
 
@@ -1612,7 +1612,7 @@ rsa_loser:
     return( CKR_DEVICE_ERROR );
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 
 static CK_RV
 sftk_fips_ECDSA_Test(const PRUint8 *encodedParams, 
@@ -1795,7 +1795,7 @@ sftk_fips_ECDSA_PowerUpSelfTest() {
     return( CKR_OK );
 }
 
-#endif    /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 static CK_RV
 sftk_fips_DSA_PowerUpSelfTest( void )
@@ -2080,7 +2080,7 @@ sftk_fipsPowerUpSelfTest( void )
     if( rv != CKR_OK )
         return rv;
     
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* ECDSA Power-Up SelfTest(s). */
     rv = sftk_fips_ECDSA_PowerUpSelfTest();
 
diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c
index 1381e6a..9435e71 100644
--- a/security/nss/lib/softoken/fipstokn.c
+++ b/security/nss/lib/softoken/fipstokn.c
@@ -33,11 +33,6 @@
 #include <unistd.h>
 #endif
 
-#ifdef SOLARIS
-#include <bsm/libbsm.h>
-#define AUE_FIPS_AUDIT 34444
-#endif
-
 #ifdef LINUX
 #include <pthread.h>
 #include <dlfcn.h>
@@ -407,34 +402,6 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType,
 	PR_smprintf_free(message);
     }
 #endif /* LINUX */
-#ifdef SOLARIS
-    {
-        int rd;
-        char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
-
-        if (!message) {
-            return;
-        }
-
-        /* open the record descriptor */
-        if ((rd = au_open()) == -1) {
-            PR_smprintf_free(message);
-            return;
-        }
-
-        /* write the audit tokens to the audit record */
-        if (au_write(rd, au_to_text(message))) {
-            (void)au_close(rd, AU_TO_NO_WRITE, AUE_FIPS_AUDIT);
-            PR_smprintf_free(message);
-            return;
-        }
-
-        /* close the record and send it to the audit trail */
-        (void)au_close(rd, AU_TO_WRITE, AUE_FIPS_AUDIT);
-
-        PR_smprintf_free(message);
-    }
-#endif /* SOLARIS */
 #else
     /* do nothing */
 #endif
diff --git a/security/nss/lib/softoken/legacydb/config.mk b/security/nss/lib/softoken/legacydb/config.mk
index 4835ae2..ac7240e 100644
--- a/security/nss/lib/softoken/legacydb/config.mk
+++ b/security/nss/lib/softoken/legacydb/config.mk
@@ -55,7 +55,3 @@ EXTRA_SHARED_LIBS += \
 	-lnspr4 \
 	$(NULL)
 endif
-
-ifeq ($(OS_TARGET),SunOS)
-OS_LIBS += -lbsm 
-endif
diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c
index 4778bfb..085b2be 100644
--- a/security/nss/lib/softoken/legacydb/keydb.c
+++ b/security/nss/lib/softoken/legacydb/keydb.c
@@ -1143,12 +1143,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer
 	namekey.data = pubkey->u.dh.publicValue.data;
 	namekey.size = pubkey->u.dh.publicValue.len;
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
       case NSSLOWKEYECKey:
 	namekey.data = pubkey->u.ec.publicValue.data;
 	namekey.size = pubkey->u.ec.publicValue.len;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
       default:
 	/* XXX We don't do Fortezza or DH yet. */
 	return PR_FALSE;
@@ -1475,7 +1475,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
     SECItem *der_item = NULL;
     SECItem *cipherText = NULL;
     SECItem *dummy = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECItem *fordebug = NULL;
     int savelen;
 #endif
@@ -1555,7 +1555,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
 	    goto loser;
 	}
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
       case NSSLOWKEYECKey:
 	lg_prepare_low_ec_priv_key_for_asn1(pk);
 	/* Public value is encoded as a bit string so adjust length
@@ -1594,7 +1594,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
 		  pk->keyType, fordebug);
 
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
       default:
 	/* We don't support DH or Fortezza private keys yet */
 	PORT_Assert(PR_FALSE);
@@ -1704,7 +1704,7 @@ seckey_decrypt_private_key(SECItem*epki,
     SECStatus rv = SECFailure;
     PLArenaPool *temparena = NULL, *permarena = NULL;
     SECItem *dest = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECItem *fordebug = NULL;
 #endif
 
@@ -1812,7 +1812,7 @@ seckey_decrypt_private_key(SECItem*epki,
 					lg_nsslowkey_DHPrivateKeyTemplate,
 					&newPrivateKey);
 		break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	      case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
 		pk->keyType = NSSLOWKEYECKey;
 		lg_prepare_low_ec_priv_key_for_asn1(pk);
@@ -1849,7 +1849,7 @@ seckey_decrypt_private_key(SECItem*epki,
 		}
 
 		break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	      default:
 		rv = SECFailure;
 		break;
diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c
index abdbeff..00a0a74 100644
--- a/security/nss/lib/softoken/legacydb/lgattr.c
+++ b/security/nss/lib/softoken/legacydb/lgattr.c
@@ -423,11 +423,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) {
     case NSSLOWKEYDHKey:
 	    pubItem = &pubKey->u.dh.publicValue;
 	    break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case NSSLOWKEYECKey:
 	    pubItem = &pubKey->u.ec.publicValue;
 	    break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	    break;
     }
@@ -551,7 +551,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
     return lg_invalidAttribute(attribute);
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static CK_RV
 lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
 				CK_ATTRIBUTE *attribute)
@@ -601,7 +601,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
     }
     return lg_invalidAttribute(attribute);
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 
 static CK_RV
@@ -653,10 +653,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
 	return lg_FindDSAPublicKeyAttribute(key,type,attribute);
     case NSSLOWKEYDHKey:
 	return lg_FindDHPublicKeyAttribute(key,type,attribute);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case NSSLOWKEYECKey:
 	return lg_FindECPublicKeyAttribute(key,type,attribute);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	break;
     }
@@ -945,7 +945,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
     return lg_invalidAttribute(attribute);
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static CK_RV
 lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
 				CK_ATTRIBUTE *attribute, SDB *sdbpw)
@@ -983,7 +983,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
     }
     return lg_invalidAttribute(attribute);
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 static CK_RV
 lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@@ -1030,10 +1030,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
 	return lg_FindDSAPrivateKeyAttribute(key,type,attribute,obj->sdb);
     case NSSLOWKEYDHKey:
 	return lg_FindDHPrivateKeyAttribute(key,type,attribute,obj->sdb);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case NSSLOWKEYECKey:
 	return lg_FindECPrivateKeyAttribute(key,type,attribute,obj->sdb);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	break;
     }
@@ -1372,7 +1372,7 @@ lg_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *templ,
 {
     LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK);
     CK_RV crv, crvCollect = CKR_OK;
-    int i;
+    unsigned int i;
 
     if (obj == NULL) {
 	return CKR_OBJECT_HANDLE_INVALID;
@@ -1434,7 +1434,7 @@ lg_tokenMatch(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE class,
 {
     PRBool match = PR_TRUE;
     LGObjectCache *obj = lg_NewObjectCache(sdb, dbKey, class);
-    int i;
+    unsigned int i;
 
     if (obj == NULL) {
 	return PR_FALSE;
@@ -1758,7 +1758,7 @@ lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle,
     LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK);
     CK_RV crv, crvCollect = CKR_OK;
     PRBool writePrivate = PR_FALSE;
-    int i;
+    unsigned int i;
 
     if (obj == NULL) {
 	return CKR_OBJECT_HANDLE_INVALID;
diff --git a/security/nss/lib/softoken/legacydb/lgcreate.c b/security/nss/lib/softoken/legacydb/lgcreate.c
index ac40031..c5ce99e 100644
--- a/security/nss/lib/softoken/legacydb/lgcreate.c
+++ b/security/nss/lib/softoken/legacydb/lgcreate.c
@@ -399,10 +399,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
     NSSLOWKEYPrivateKey *priv;
     SECItem pubKeySpace = {siBuffer, NULL, 0};
     SECItem *pubKey;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECItem pubKey2Space = {siBuffer, NULL, 0};
     PLArenaPool *arena = NULL;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     NSSLOWKEYDBHandle *keyHandle = NULL;
 	
 
@@ -410,11 +410,11 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
     case CKK_RSA:
 	pubKeyAttr = CKA_MODULUS;
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	pubKeyAttr = CKA_EC_POINT;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     case CKK_DSA:
     case CKK_DH:
 	break;
@@ -427,7 +427,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
     crv = lg_Attribute2SSecItem(NULL,pubKeyAttr,templ,count,pubKey);
     if (crv != CKR_OK) return crv;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (key_type == CKK_EC) {
 	SECStatus rv;
 	/*
@@ -450,7 +450,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
 	    pubKey = &pubKey2Space;
 	}
     }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     PORT_Assert(pubKey->data);
     if (pubKey->data == NULL) {
@@ -471,7 +471,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
     /* make sure the associated private key already exists */
     /* only works if we are logged in */
     priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (priv == NULL && pubKey == &pubKey2Space) {
 	/* no match on the decoded key, match the original pubkey */
 	pubKey = &pubKeySpace;
@@ -492,7 +492,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
 
 done:
     PORT_Free(pubKeySpace.data);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (arena) 
 	PORT_FreeArena(arena, PR_FALSE);
 #endif
@@ -599,7 +599,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
 	}
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	privKey->keyType = NSSLOWKEYECKey;
 	crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS,templ,count,
@@ -628,7 +628,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
                           NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
 	if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	crv = CKR_KEY_TYPE_INCONSISTENT;
diff --git a/security/nss/lib/softoken/legacydb/lgutil.c b/security/nss/lib/softoken/legacydb/lgutil.c
index 1b9600f..88e46d6 100644
--- a/security/nss/lib/softoken/legacydb/lgutil.c
+++ b/security/nss/lib/softoken/legacydb/lgutil.c
@@ -18,7 +18,7 @@ const CK_ATTRIBUTE *
 lg_FindAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ,
 		 CK_ULONG count )
 {
-    int i;
+    unsigned int i;
 
     for (i=0; i < count; i++) {
 	if (templ[i].type == type) {
diff --git a/security/nss/lib/softoken/legacydb/lowcert.c b/security/nss/lib/softoken/legacydb/lowcert.c
index f0869db..0b0540b 100644
--- a/security/nss/lib/softoken/legacydb/lowcert.c
+++ b/security/nss/lib/softoken/legacydb/lowcert.c
@@ -793,7 +793,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
 				 nsslowcert_DHPublicKeyTemplate, &os);
         if (rv == SECSuccess) return pubk;
         break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
       case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
         pubk->keyType = NSSLOWKEYECKey;
 	/* Since PKCS#11 directly takes the DER encoding of EC params
@@ -814,7 +814,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
         rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os);
 	if (rv == SECSuccess) return pubk;
         break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
       default:
         rv = SECFailure;
         break;
diff --git a/security/nss/lib/softoken/legacydb/lowkey.c b/security/nss/lib/softoken/legacydb/lowkey.c
index f455cf9..7521dac 100644
--- a/security/nss/lib/softoken/legacydb/lowkey.c
+++ b/security/nss/lib/softoken/legacydb/lowkey.c
@@ -99,7 +99,7 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = {
     { 0, }
 };
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 
 /* XXX This is just a placeholder for later when we support
  * generic curves and need full-blown support for parsing EC
@@ -216,7 +216,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
 loser:
     return SECFailure;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 /*
  * See bugzilla bug 125359
  * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@@ -266,7 +266,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.dh.privateValue.type = siUnsignedInteger;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 void
 lg_prepare_low_ecparams_for_asn1(ECParams *params)
 {
@@ -283,7 +283,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.ec.privateValue.type = siUnsignedInteger;
     key->u.ec.publicValue.type = siUnsignedInteger;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 void
 lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@@ -378,7 +378,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
 	    if (rv == SECSuccess) return pubk;
 	}
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
       case NSSLOWKEYECKey:
 	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
 						    sizeof(NSSLOWKEYPublicKey));
@@ -397,7 +397,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
 	    if (rv == SECSuccess) return pubk;
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	/* No Fortezza in Low Key implementations (Fortezza keys aren't
 	 * stored in our data base */
     default:
diff --git a/security/nss/lib/softoken/legacydb/lowkeyi.h b/security/nss/lib/softoken/legacydb/lowkeyi.h
index 8054cc8..6739888 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyi.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyi.h
@@ -26,10 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params);
 extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void lg_prepare_low_ecparams_for_asn1(ECParams *params);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
     
@@ -135,7 +135,7 @@ extern char *
 nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
                                         SECItem *modulus, SDB *sdb);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /*
  * smaller version of EC_FillParams. In this code, we only need
  * oid and DER data.
diff --git a/security/nss/lib/softoken/legacydb/lowkeyti.h b/security/nss/lib/softoken/legacydb/lowkeyti.h
index 5be6b0a..47fff7d 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyti.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyti.h
@@ -43,11 +43,11 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[];
 extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[];
 extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[];
 extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[];
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION   1  /* as per SECG 1 C.4 */
 extern const SEC_ASN1Template lg_nsslowkey_ECParamsTemplate[];
 extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[];
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[];
 extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c
index d3c757d..58fe27a 100644
--- a/security/nss/lib/softoken/legacydb/pcertdb.c
+++ b/security/nss/lib/softoken/legacydb/pcertdb.c
@@ -4598,9 +4598,12 @@ nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
     }
 
     return (SECSuccess);
-    
-loser:
 
+loser:
+    if (handle->dbMon) {
+        PZ_DestroyMonitor(handle->dbMon);
+        handle->dbMon = NULL;
+    }
     PORT_SetError(SEC_ERROR_BAD_DATABASE);
     return(SECFailure);
 }
diff --git a/security/nss/lib/softoken/legacydb/pcertt.h b/security/nss/lib/softoken/legacydb/pcertt.h
index b4c9128..fd5e17c 100644
--- a/security/nss/lib/softoken/legacydb/pcertt.h
+++ b/security/nss/lib/softoken/legacydb/pcertt.h
@@ -397,18 +397,18 @@ typedef union {
 #define DB_CERT_ENTRY_HEADER_LEN	10
 
 /* common flags for all types of certificates */
-#define CERTDB_TERMINAL_RECORD	(1<<0)
-#define CERTDB_TRUSTED		(1<<1)
-#define CERTDB_SEND_WARN	(1<<2)
-#define CERTDB_VALID_CA		(1<<3)
-#define CERTDB_TRUSTED_CA	(1<<4) /* trusted for issuing server certs */
-#define CERTDB_NS_TRUSTED_CA	(1<<5)
-#define CERTDB_USER		(1<<6)
-#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */
-#define CERTDB_INVISIBLE_CA	(1<<8) /* don't show in UI */
-#define CERTDB_GOVT_APPROVED_CA	(1<<9) /* can do strong crypto in export ver */
-#define CERTDB_MUST_VERIFY	(1<<10) /* explicitly don't trust this cert */
-#define CERTDB_TRUSTED_UNKNOWN	(1<<11) /* accept trust from another source */
+#define CERTDB_TERMINAL_RECORD	(1u<<0)
+#define CERTDB_TRUSTED		(1u<<1)
+#define CERTDB_SEND_WARN	(1u<<2)
+#define CERTDB_VALID_CA		(1u<<3)
+#define CERTDB_TRUSTED_CA	(1u<<4) /* trusted for issuing server certs */
+#define CERTDB_NS_TRUSTED_CA	(1u<<5)
+#define CERTDB_USER		(1u<<6)
+#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */
+#define CERTDB_INVISIBLE_CA	(1u<<8) /* don't show in UI */
+#define CERTDB_GOVT_APPROVED_CA	(1u<<9) /* can do strong crypto in export ver */
+#define CERTDB_MUST_VERIFY	(1u<<10) /* explicitly don't trust this cert */
+#define CERTDB_TRUSTED_UNKNOWN	(1u<<11) /* accept trust from another source */
 
 /* bits not affected by the CKO_NETSCAPE_TRUST object */
 #define CERTDB_PRESERVE_TRUST_BITS (CERTDB_USER | \
diff --git a/security/nss/lib/softoken/lowkey.c b/security/nss/lib/softoken/lowkey.c
index d7f9713..d043342 100644
--- a/security/nss/lib/softoken/lowkey.c
+++ b/security/nss/lib/softoken/lowkey.c
@@ -9,7 +9,7 @@
 #include "secasn1.h"
 #include "secerr.h"
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #include "softoken.h"
 #endif
 
@@ -91,7 +91,7 @@ const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
     { 0, }
 };
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 
 /* XXX This is just a placeholder for later when we support
  * generic curves and need full-blown support for parsing EC
@@ -140,7 +140,7 @@ const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
       SEC_ASN1_SUB(SEC_BitStringTemplate) }, 
     { 0, }
 };
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 /*
  * See bugzilla bug 125359
  * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@@ -196,7 +196,7 @@ prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.dh.privateValue.type = siUnsignedInteger;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 void
 prepare_low_ecparams_for_asn1(ECParams *params)
 {
@@ -213,7 +213,7 @@ prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.ec.privateValue.type = siUnsignedInteger;
     key->u.ec.publicValue.type = siUnsignedInteger;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 void
 nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@@ -341,7 +341,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
 	    if (rv == SECSuccess) return pubk;
 	}
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
       case NSSLOWKEYECKey:
 	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
 						    sizeof(NSSLOWKEYPublicKey));
@@ -360,7 +360,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
 	    if (rv == SECSuccess) return pubk;
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	/* No Fortezza in Low Key implementations (Fortezza keys aren't
 	 * stored in our data base */
     default:
@@ -459,7 +459,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
 					&(privKey->u.dh.base));
 	    if(rv != SECSuccess) break;
 	    break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	case NSSLOWKEYECKey:
 	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
 	    				&(privKey->u.ec.version));
@@ -476,7 +476,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
 			       &(privKey->u.ec.ecParams));
 	    if (rv != SECSuccess) break;
 	    break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	default:
 	    rv = SECFailure;
     }
diff --git a/security/nss/lib/softoken/lowkeyi.h b/security/nss/lib/softoken/lowkeyi.h
index 1420abb..7282ffe 100644
--- a/security/nss/lib/softoken/lowkeyi.h
+++ b/security/nss/lib/softoken/lowkeyi.h
@@ -25,10 +25,10 @@ extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
 extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void prepare_low_ecparams_for_asn1(ECParams *params);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 /*
 ** Destroy a private key object.
diff --git a/security/nss/lib/softoken/lowkeyti.h b/security/nss/lib/softoken/lowkeyti.h
index 76c15aa..a4c94d8 100644
--- a/security/nss/lib/softoken/lowkeyti.h
+++ b/security/nss/lib/softoken/lowkeyti.h
@@ -20,11 +20,11 @@ extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
 extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
 extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
 extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[];
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION   1  /* as per SECG 1 C.4 */
 extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[];
 extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[];
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[];
 extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
diff --git a/security/nss/lib/softoken/manifest.mn b/security/nss/lib/softoken/manifest.mn
index 71c99b7..2f43bb3 100644
--- a/security/nss/lib/softoken/manifest.mn
+++ b/security/nss/lib/softoken/manifest.mn
@@ -33,7 +33,6 @@ PRIVATE_EXPORTS = \
 	$(NULL)
 
 CSRCS = \
-	ecdecode.c \
 	fipsaudt.c \
 	fipstest.c \
 	fipstokn.c \
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 50a0109..6fa4e4e 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -266,6 +266,8 @@ static const struct mechanismList mechanisms[] = {
 				 CKF_DUZ_IT_ALL},       PR_TRUE},
      {CKM_RSA_PKCS_PSS,         {RSA_MIN_MODULUS_BITS,CK_MAX,
 				 CKF_SN_VR},            PR_TRUE},
+     {CKM_RSA_PKCS_OAEP,        {RSA_MIN_MODULUS_BITS,CK_MAX,
+                                 CKF_EN_DE_WR_UN},       PR_TRUE},
 #ifdef SFTK_RSA9796_SUPPORTED
      {CKM_RSA_9796,		{RSA_MIN_MODULUS_BITS,CK_MAX,
 				 CKF_DUZ_IT_ALL},       PR_TRUE},
@@ -302,7 +304,7 @@ static const struct mechanismList mechanisms[] = {
 				 CKF_GENERATE_KEY_PAIR}, PR_TRUE}, 
      {CKM_DH_PKCS_DERIVE,	{DH_MIN_P_BITS, DH_MAX_P_BITS,
 				 CKF_DERIVE}, 	PR_TRUE}, 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
      /* -------------------- Elliptic Curve Operations --------------------- */
      {CKM_EC_KEY_PAIR_GEN,      {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS,
 				 CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, 
@@ -312,7 +314,7 @@ static const struct mechanismList mechanisms[] = {
 				 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, 
      {CKM_ECDSA_SHA1,           {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS,
 				 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, 
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
      /* ------------------------- RC2 Operations --------------------------- */
      {CKM_RC2_KEY_GEN,		{1, 128, CKF_GENERATE},		PR_TRUE},
      {CKM_RC2_ECB,		{1, 128, CKF_EN_DE_WR_UN},	PR_TRUE},
@@ -927,7 +929,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
 	recover = CK_FALSE;
 	wrap = CK_FALSE;
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
 	    return CKR_TEMPLATE_INCOMPLETE;
@@ -941,7 +943,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
 	recover = CK_FALSE;
 	wrap = CK_FALSE;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	return CKR_ATTRIBUTE_VALUE_INVALID;
     }
@@ -987,7 +989,7 @@ static NSSLOWKEYPrivateKey *
 sftk_mkPrivKey(SFTKObject *object,CK_KEY_TYPE key, CK_RV *rvp);
 
 static SECStatus
-sftk_fillRSAPrivateKey(SFTKObject *object);
+sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded);
 
 /*
  * check the consistancy and initialize a Private Key Object 
@@ -1003,12 +1005,14 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
     CK_BBOOL derive = CK_TRUE;
     CK_BBOOL ckfalse = CK_FALSE;
     PRBool createObjectInfo = PR_TRUE;
+    PRBool fillPrivateKey = PR_FALSE;
     int missing_rsa_mod_component = 0;
     int missing_rsa_exp_component = 0;
     int missing_rsa_crt_component = 0;
-    
+
     SECItem mod;
     CK_RV crv;
+    SECStatus rv;
 
     switch (key_type) {
     case CKK_RSA:
@@ -1043,19 +1047,19 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
 	    int have_exp = 2- missing_rsa_exp_component;
 	    int have_component = 5- 
 		(missing_rsa_exp_component+missing_rsa_mod_component);
-	    SECStatus rv;
 
 	    if ((have_exp == 0) || (have_component < 3)) {
 		/* nope, not enough to reconstruct the private key */
 		return CKR_TEMPLATE_INCOMPLETE;
 	    }
-	    /*fill in the missing parameters */
-	    rv = sftk_fillRSAPrivateKey(object);
-	    if (rv != SECSuccess) {
+	    fillPrivateKey = PR_TRUE;
+	}
+	/*verify the parameters for consistency*/
+	rv = sftk_verifyRSAPrivateKey(object, fillPrivateKey);
+	if (rv != SECSuccess) {
 		return CKR_TEMPLATE_INCOMPLETE;
-	    }
 	}
-		
+
 	/* make sure Netscape DB attribute is set correctly */
 	crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS);
 	if (crv != CKR_OK) return crv;
@@ -1088,7 +1092,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
 	recover = CK_FALSE;
 	wrap = CK_FALSE;
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
 	    return CKR_TEMPLATE_INCOMPLETE;
@@ -1101,11 +1105,11 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
 	recover = CK_FALSE;
 	wrap = CK_FALSE;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     case CKK_NSS_JPAKE_ROUND1:
-        if (!sftk_hasAttribute(object, CKA_PRIME ||
+        if (!sftk_hasAttribute(object, CKA_PRIME) ||
             !sftk_hasAttribute(object, CKA_SUBPRIME) ||
-            !sftk_hasAttribute(object, CKA_BASE))) {
+            !sftk_hasAttribute(object, CKA_BASE)) {
             return CKR_TEMPLATE_INCOMPLETE;
         }
         /* fall through */
@@ -1149,7 +1153,6 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
     if (sftk_isTrue(object,CKA_TOKEN)) {
 	SFTKSlot *slot = session->slot;
 	SFTKDBHandle *keyHandle = sftk_getKeyDB(slot);
-	CK_RV crv;
 
 	if (keyHandle == NULL) {
 	    return CKR_TOKEN_WRITE_PROTECTED;
@@ -1708,7 +1711,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type,
     	crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue,
 							object,CKA_VALUE);
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	pubKey->keyType = NSSLOWKEYECKey;
 	crv = sftk_Attribute2SSecItem(arena,
@@ -1768,7 +1771,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type,
 	   crv = CKR_ATTRIBUTE_VALUE_INVALID;
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	crv = CKR_KEY_TYPE_INCONSISTENT;
 	break;
@@ -1877,7 +1880,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
 	 * if we don't set it explicitly */
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	privKey->keyType = NSSLOWKEYECKey;
 	crv = sftk_Attribute2SSecItem(arena, 
@@ -1919,7 +1922,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
 #endif
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	crv = CKR_KEY_TYPE_INCONSISTENT;
@@ -1940,10 +1943,11 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
 }
 
 /*
- * we have a partial rsa private key, fill in the rest
+ * If a partial RSA private key is present, fill in the rest if necessary,
+ * and then verify the parameters are well-formed
  */
 static SECStatus
-sftk_fillRSAPrivateKey(SFTKObject *object)
+sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded)
 {
     RSAPrivateKey tmpKey = { 0 };
     SFTKAttribute *modulus = NULL;
@@ -1951,6 +1955,9 @@ sftk_fillRSAPrivateKey(SFTKObject *object)
     SFTKAttribute *prime2 = NULL;
     SFTKAttribute *privateExponent = NULL;
     SFTKAttribute *publicExponent = NULL;
+    SFTKAttribute *exponent1 = NULL;
+    SFTKAttribute *exponent2 = NULL;
+    SFTKAttribute *coefficient = NULL;
     SECStatus rv;
     CK_RV crv;
 
@@ -1981,44 +1988,82 @@ sftk_fillRSAPrivateKey(SFTKObject *object)
     if (publicExponent) {
 	tmpKey.publicExponent.data = publicExponent->attrib.pValue;
 	tmpKey.publicExponent.len  = publicExponent->attrib.ulValueLen;
-    } 
+    }
+    exponent1 = sftk_FindAttribute(object, CKA_EXPONENT_1);
+    if (exponent1) {
+	tmpKey.exponent1.data = exponent1->attrib.pValue;
+	tmpKey.exponent1.len  = exponent1->attrib.ulValueLen;
+    }
+    exponent2 = sftk_FindAttribute(object, CKA_EXPONENT_2);
+    if (exponent2) {
+	tmpKey.exponent2.data = exponent2->attrib.pValue;
+	tmpKey.exponent2.len  = exponent2->attrib.ulValueLen;
+    }
+    coefficient = sftk_FindAttribute(object, CKA_COEFFICIENT);
+    if (coefficient) {
+	tmpKey.coefficient.data = coefficient->attrib.pValue;
+	tmpKey.coefficient.len  = coefficient->attrib.ulValueLen;
+    }
 
-    /*
-     * populate requires one exponent plus 2 other components to work.
-     * we expected our caller to check that first. If that didn't happen,
-     * populate will simply return an error here.
-     */
-    rv = RSA_PopulatePrivateKey(&tmpKey);
+    if (fillIfNeeded) {
+	/*
+	* populate requires one exponent plus 2 other components to work.
+	* we expected our caller to check that first. If that didn't happen,
+	* populate will simply return an error here.
+	*/
+	rv = RSA_PopulatePrivateKey(&tmpKey);
+	if (rv != SECSuccess) {
+		goto loser;
+	}
+    }
+    rv = RSA_PrivateKeyCheck(&tmpKey);
     if (rv != SECSuccess) {
 	goto loser;
     }
-
     /* now that we have a fully populated key, set all our attribute values */
     rv = SECFailure;
-    crv = sftk_forceAttribute(object,CKA_MODULUS,
-                       sftk_item_expand(&tmpKey.modulus));
-    if (crv != CKR_OK) goto loser;
-    crv = sftk_forceAttribute(object,CKA_PUBLIC_EXPONENT,
-                       sftk_item_expand(&tmpKey.publicExponent));
-    if (crv != CKR_OK) goto loser;
-    crv = sftk_forceAttribute(object,CKA_PRIVATE_EXPONENT,
-                       sftk_item_expand(&tmpKey.privateExponent));
-    if (crv != CKR_OK) goto loser;
-    crv = sftk_forceAttribute(object,CKA_PRIME_1,
-                       sftk_item_expand(&tmpKey.prime1));
-    if (crv != CKR_OK) goto loser;
-    crv = sftk_forceAttribute(object,CKA_PRIME_2,
-                       sftk_item_expand(&tmpKey.prime2));
-    if (crv != CKR_OK) goto loser;
-    crv = sftk_forceAttribute(object,CKA_EXPONENT_1,
-                       sftk_item_expand(&tmpKey.exponent1));
-    if (crv != CKR_OK) goto loser;
-    crv = sftk_forceAttribute(object,CKA_EXPONENT_2,
-                       sftk_item_expand(&tmpKey.exponent2));
-    if (crv != CKR_OK) goto loser;
-    crv = sftk_forceAttribute(object,CKA_COEFFICIENT,
-                       sftk_item_expand(&tmpKey.coefficient));
-    if (crv != CKR_OK) goto loser;
+    if (!modulus || modulus->attrib.pValue != tmpKey.modulus.data) {
+        crv = sftk_forceAttribute(object,CKA_MODULUS,
+                                  sftk_item_expand(&tmpKey.modulus));
+        if (crv != CKR_OK) goto loser;
+    }
+    if (!publicExponent ||
+        publicExponent->attrib.pValue != tmpKey.publicExponent.data) {
+        crv = sftk_forceAttribute(object, CKA_PUBLIC_EXPONENT,
+                                  sftk_item_expand(&tmpKey.publicExponent));
+        if (crv != CKR_OK) goto loser;
+    }
+    if (!privateExponent ||
+        privateExponent->attrib.pValue != tmpKey.privateExponent.data) {
+        crv = sftk_forceAttribute(object, CKA_PRIVATE_EXPONENT,
+                                  sftk_item_expand(&tmpKey.privateExponent));
+        if (crv != CKR_OK) goto loser;
+    }
+    if (!prime1 || prime1->attrib.pValue != tmpKey.prime1.data) {
+        crv = sftk_forceAttribute(object, CKA_PRIME_1,
+                                  sftk_item_expand(&tmpKey.prime1));
+        if (crv != CKR_OK) goto loser;
+    }
+    if (!prime2 || prime2->attrib.pValue != tmpKey.prime2.data) {
+        crv = sftk_forceAttribute(object, CKA_PRIME_2,
+                                  sftk_item_expand(&tmpKey.prime2));
+        if (crv != CKR_OK) goto loser;
+    }
+    if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) {
+        crv = sftk_forceAttribute(object, CKA_EXPONENT_1,
+                                 sftk_item_expand(&tmpKey.exponent1));
+        if (crv != CKR_OK) goto loser;
+    }
+    if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) {
+        crv = sftk_forceAttribute(object, CKA_EXPONENT_2,
+                                  sftk_item_expand(&tmpKey.exponent2));
+        if (crv != CKR_OK) goto loser;
+    }
+    if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) {
+        crv = sftk_forceAttribute(object, CKA_COEFFICIENT,
+                                  sftk_item_expand(&tmpKey.coefficient));
+        if (crv != CKR_OK) goto loser;
+    }
     rv = SECSuccess;
 
     /* we're done (one way or the other), clean up all our stuff */
@@ -2041,15 +2086,18 @@ loser:
     if (publicExponent) {
 	sftk_FreeAttribute(publicExponent);
     }
+    if (exponent1) {
+	sftk_FreeAttribute(exponent1);
+    }
+    if (exponent2) {
+	sftk_FreeAttribute(exponent2);
+    }
+    if (coefficient) {
+	sftk_FreeAttribute(coefficient);
+    }
     return rv;
 }
 
-
-
-
-
-
-
 /* Generate a low private key structure from an object */
 NSSLOWKEYPrivateKey *
 sftk_GetPrivKey(SFTKObject *object,CK_KEY_TYPE key_type, CK_RV *crvp)
@@ -3128,9 +3176,6 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
 
     if (slot == NULL) return CKR_SLOT_ID_INVALID;
 
-    pInfo->firmwareVersion.major = 0;
-    pInfo->firmwareVersion.minor = 0;
-
     PORT_Memcpy(pInfo->manufacturerID,manufacturerID,
 		sizeof(pInfo->manufacturerID));
     PORT_Memcpy(pInfo->slotDescription,slot->slotDescription,
@@ -3157,6 +3202,8 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
     /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */
     pInfo->hardwareVersion.major = SOFTOKEN_VMAJOR;
     pInfo->hardwareVersion.minor = SOFTOKEN_VMINOR;
+    pInfo->firmwareVersion.major = SOFTOKEN_VPATCH;
+    pInfo->firmwareVersion.minor = SOFTOKEN_VBUILD;
     return CKR_OK;
 }
 
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 8093dca..8f50882 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -62,7 +62,7 @@ static void sftk_Null(void *data, PRBool freeit)
     return;
 } 
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #ifdef EC_DEBUG
 #define SEC_PRINT(str1, str2, num, sitem) \
     printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
@@ -74,7 +74,7 @@ static void sftk_Null(void *data, PRBool freeit)
 #else
 #define SEC_PRINT(a, b, c, d) 
 #endif
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 /*
  * free routines.... Free local type  allocated data, and convert
@@ -120,7 +120,7 @@ sftk_MapCryptError(int error)
 	    return CKR_KEY_SIZE_RANGE;  /* the closest error code */
 	case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM:
 	    return CKR_TEMPLATE_INCONSISTENT;
-	/* EC functions set this error if NSS_ENABLE_ECC is not defined */
+	/* EC functions set this error if NSS_DISABLE_ECC is defined */
 	case SEC_ERROR_UNSUPPORTED_KEYALG:
 	    return CKR_MECHANISM_INVALID;
 	case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE:
@@ -302,6 +302,46 @@ GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech)
     }
 }
 
+/*
+ * Returns true if "params" contains a valid set of PSS parameters
+ */
+static PRBool
+sftk_ValidatePssParams(const CK_RSA_PKCS_PSS_PARAMS *params)
+{
+    if (!params) {
+        return PR_FALSE;
+    }
+    if (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL ||
+        GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/*
+ * Returns true if "params" contains a valid set of OAEP parameters
+ */
+static PRBool
+sftk_ValidateOaepParams(const CK_RSA_PKCS_OAEP_PARAMS *params)
+{
+    if (!params) {
+        return PR_FALSE;
+    }
+    /* The requirements of ulSourceLen/pSourceData come from PKCS #11, which
+     * state:
+     *   If the parameter is empty, pSourceData must be NULL and
+     *   ulSourceDataLen must be zero.
+     */
+    if (params->source != CKZ_DATA_SPECIFIED ||
+        (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL) ||
+        (GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) ||
+        (params->ulSourceDataLen == 0 && params->pSourceData != NULL) ||
+        (params->ulSourceDataLen != 0 && params->pSourceData == NULL)) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
 /* 
  * return a context based on the SFTKContext type.
  */
@@ -588,11 +628,6 @@ sftk_RSAEncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output,
     hashAlg = GetHashTypeFromMechanism(info->params->hashAlg);
     maskHashAlg = GetHashTypeFromMechanism(info->params->mgf);
 
-    if (info->params->source != CKZ_DATA_SPECIFIED) {
-        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-        return SECFailure;
-    }
-
     return RSA_EncryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg,
                            (const unsigned char*)info->params->pSourceData,
                            info->params->ulSourceDataLen, NULL, 0,
@@ -617,11 +652,6 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output,
     hashAlg = GetHashTypeFromMechanism(info->params->hashAlg);
     maskHashAlg = GetHashTypeFromMechanism(info->params->mgf);
 
-    if (info->params->source != CKZ_DATA_SPECIFIED) {
-        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-        return SECFailure;
-    }
-
     rv = RSA_DecryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg,
                          (const unsigned char*)info->params->pSourceData,
                          info->params->ulSourceDataLen,
@@ -710,19 +740,18 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 	}
 	context->destroy = sftk_Null;
 	break;
-/* XXX: Disabled until unit tests land.
     case CKM_RSA_PKCS_OAEP:
 	if (key_type != CKK_RSA) {
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
-	context->multi = PR_FALSE;
-	context->rsa = PR_TRUE;
-	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) {
+	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS) ||
+	    !sftk_ValidateOaepParams((CK_RSA_PKCS_OAEP_PARAMS*)pMechanism->pParameter)) {
 	    crv = CKR_MECHANISM_PARAM_INVALID;
 	    break;
 	}
-	/\* XXX: Need Parameter validation here *\/
+	context->multi = PR_FALSE;
+	context->rsa = PR_TRUE;
 	if (isEncrypt) {
 	    SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo);
 	    if (info == NULL) {
@@ -758,7 +787,6 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 	}
 	context->destroy = (SFTKDestroy) sftk_Space;
 	break;
-*/
     case CKM_RC2_CBC_PAD:
 	context->doPad = PR_TRUE;
 	/* fall thru */
@@ -2242,7 +2270,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
     return rv;
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static SECStatus
 nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
                     void *dataBuf, unsigned int dataLen)
@@ -2277,7 +2305,7 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf,
     *sigLen = signature.len;
     return rv;
 }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 /* NSC_SignInit setups up the signing operations. There are three basic
  * types of signing:
@@ -2386,7 +2414,8 @@ finish_rsa:
 	    break;
 	} 
 	context->rsa = PR_TRUE;
-	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) {
+	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+	    !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) {
 	    crv = CKR_MECHANISM_PARAM_INVALID;
 	    break;
 	}
@@ -2429,7 +2458,7 @@ finish_rsa:
 
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKM_ECDSA_SHA1:
 	context->multi = PR_TRUE;
 	crv = sftk_doSubSHA1(context);
@@ -2452,7 +2481,7 @@ finish_rsa:
 	context->maxLen     = MAX_ECKEY_LEN * 2;
 
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 #define INIT_HMAC_MECH(mmm) \
     case CKM_ ## mmm ## _HMAC_GENERAL: \
@@ -3023,7 +3052,8 @@ finish_rsa:
 	    break;
 	} 
 	context->rsa = PR_TRUE;
-	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) {
+	if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+	    !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) {
 	    crv = CKR_MECHANISM_PARAM_INVALID;
 	    break;
 	}
@@ -3060,7 +3090,7 @@ finish_rsa:
 	context->verify     = (SFTKVerify) nsc_DSA_Verify_Stub;
 	context->destroy    = sftk_Null;
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKM_ECDSA_SHA1:
 	context->multi = PR_TRUE;
 	crv = sftk_doSubSHA1(context);
@@ -3080,7 +3110,7 @@ finish_rsa:
 	context->verify     = (SFTKVerify) nsc_ECDSAVerifyStub;
 	context->destroy    = sftk_Null;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     INIT_HMAC_MECH(MD2)
     INIT_HMAC_MECH(MD5)
@@ -3906,6 +3936,7 @@ jpake1:
         }
         if (sftk_isTrue(key, CKA_TOKEN)) {
             crv = CKR_TEMPLATE_INCONSISTENT;
+            break;
         }
         crv = CKR_OK;
         break;
@@ -4208,7 +4239,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
 	    pairwise_digest_length = subPrimeLen;
 	    mech.mechanism = CKM_DSA;
 	    break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	case CKK_EC:
 	    signature_length = MAX_ECKEY_LEN * 2;
 	    mech.mechanism = CKM_ECDSA;
@@ -4331,12 +4362,12 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
     int 		private_value_bits = 0;
     DHPrivateKey *	dhPriv;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* Elliptic Curve Cryptography */
     SECItem  		ecEncodedParams;  /* DER Encoded parameters */
     ECPrivateKey *	ecPriv;
     ECParams *          ecParams;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     CHECK_FORK();
 
@@ -4666,7 +4697,7 @@ dhgn_done:
 	PORT_FreeArena(dhPriv->arena, PR_TRUE);
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKM_EC_KEY_PAIR_GEN:
 	sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS);
 	sftk_DeleteAttributeType(privateKey,CKA_VALUE);
@@ -4729,7 +4760,7 @@ ecgn_done:
 	/* should zeroize, since this function doesn't. */
 	PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE);
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	crv = CKR_MECHANISM_INVALID;
@@ -4849,7 +4880,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
     void *dummy, *param = NULL;
     SECStatus rv = SECSuccess;
     SECItem *encodedKey = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECItem *fordebug;
     int savelen;
 #endif
@@ -4904,7 +4935,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
 				       nsslowkey_PQGParamsTemplate);
 	    algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE;
 	    break;
-#ifdef NSS_ENABLE_ECC	    
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             prepare_low_ec_priv_key_for_asn1(lk);
 	    /* Public value is encoded as a bit string so adjust length
@@ -4931,7 +4962,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
 
 	    algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
 	    break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	case NSSLOWKEYDHKey:
 	default:
 	    dummy = NULL;
@@ -4964,7 +4995,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
 				    nsslowkey_PrivateKeyInfoTemplate);
     *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     fordebug = encodedKey;
     SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType,
 	      fordebug);
@@ -5190,7 +5221,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
 	    prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params);
 	    break;
 	/* case NSSLOWKEYDHKey: */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
 	    keyTemplate = nsslowkey_ECPrivateKeyTemplate;
 	    paramTemplate = NULL;
@@ -5199,7 +5230,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
 	    prepare_low_ec_priv_key_for_asn1(lpk);
 	    prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams);
 	    break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	default:
 	    keyTemplate = NULL;
 	    paramTemplate = NULL;
@@ -5214,7 +5245,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
     /* decode the private key and any algorithm parameters */
     rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (lpk->keyType == NSSLOWKEYECKey) {
         /* convert length in bits to length in bytes */
 	lpk->u.ec.publicValue.len >>= 3;
@@ -5225,7 +5256,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
 	    goto loser;
 	}
     }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     if(rv != SECSuccess) {
 	goto loser;
@@ -5320,7 +5351,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
 	    break;
 #endif
 	/* what about fortezza??? */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
 	    keyType = CKK_EC;
 	    crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
@@ -5346,7 +5377,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
 	    if(crv != CKR_OK) break;
 	    /* XXX Do we need to decode the EC Params here ?? */
 	    break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	default:
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
@@ -5656,6 +5687,7 @@ sftk_MapKeySize(CK_KEY_TYPE keyType)
     return 0;
 }
 
+#ifndef NSS_DISABLE_ECC
 /* Inputs:
  *  key_len: Length of derived key to be generated.
  *  SharedSecret: a shared secret that is the output of a key agreement primitive.
@@ -5674,12 +5706,13 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte
     unsigned char *buffer = NULL, *output_buffer = NULL;
     PRUint32 buffer_len, max_counter, i;
     SECStatus rv;
+    CK_RV crv;
 
     /* Check that key_len isn't too long.  The maximum key length could be
      * greatly increased if the code below did not limit the 4-byte counter
      * to a maximum value of 255. */
     if (key_len > 254 * HashLen)
-	return SEC_ERROR_INVALID_ARGS;
+	return CKR_ARGUMENTS_BAD;
 
     if (SharedInfo == NULL)
 	SharedInfoLen = 0;
@@ -5687,7 +5720,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte
     buffer_len = SharedSecret->len + 4 + SharedInfoLen;
     buffer = (CK_BYTE *)PORT_Alloc(buffer_len);
     if (buffer == NULL) {
-	rv = SEC_ERROR_NO_MEMORY;
+	crv = CKR_HOST_MEMORY;
 	goto loser;
     }
 
@@ -5697,7 +5730,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte
 
     output_buffer = (CK_BYTE *)PORT_Alloc(max_counter * HashLen);
     if (output_buffer == NULL) {
-	rv = SEC_ERROR_NO_MEMORY;
+	crv = CKR_HOST_MEMORY;
 	goto loser;
     }
 
@@ -5714,8 +5747,11 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte
 
     for(i=0; i < max_counter; i++) {
 	rv = Hash(&output_buffer[i * HashLen], buffer, buffer_len);
-	if (rv != SECSuccess)
+	if (rv != SECSuccess) {
+	    /* 'Hash' should not fail. */
+	    crv = CKR_FUNCTION_FAILED;
 	    goto loser;
+	}
 
 	/* Increment counter (assumes max_counter < 255) */
 	buffer[SharedSecret->len + 3]++;
@@ -5727,7 +5763,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte
     }
     *key = output_buffer;
 
-    return SECSuccess;
+    return CKR_OK;
 
     loser:
 	if (buffer) {
@@ -5736,7 +5772,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte
 	if (output_buffer) {
 	    PORT_ZFree(output_buffer, max_counter * HashLen);
 	}
-	return rv;
+	return crv;
 }
 
 static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len,
@@ -5760,8 +5796,9 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len,
 	return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo,
 		   		 SharedInfoLen, SHA512_HashBuf, SHA512_LENGTH);
     else
-	return SEC_ERROR_INVALID_ALGORITHM;
+	return CKR_MECHANISM_INVALID;
 }
+#endif /* NSS_DISABLE_ECC */
 
 /*
  * SSL Key generation given pre master secret
@@ -6707,7 +6744,7 @@ key_and_mac_derive_fail:
 	break;
       }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKM_ECDH1_DERIVE:
     case CKM_ECDH1_COFACTOR_DERIVE:
       {
@@ -6813,12 +6850,11 @@ key_and_mac_derive_fail:
 	    secretlen = tmp.len;
 	} else {
 	    secretlen = keySize;
-	    rv = sftk_ANSI_X9_63_kdf(&secret, keySize,
+	    crv = sftk_ANSI_X9_63_kdf(&secret, keySize,
 			&tmp, mechParams->pSharedData,
 			mechParams->ulSharedDataLen, mechParams->kdf);
 	    PORT_ZFree(tmp.data, tmp.len);
-	    if (rv != SECSuccess) {
-		crv = CKR_HOST_MEMORY;
+	    if (crv != CKR_OK) {
 		break;
 	    }
 	    tmp.data = secret;
@@ -6866,7 +6902,7 @@ ec_loser:
 	break;
 
       }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */
     case CKM_NSS_HKDF_SHA1:   hashType = HASH_AlgSHA1;   goto hkdf;
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
index 770fb0e..78e2fdc 100644
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -1246,7 +1246,7 @@ static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = {
 };
 static const CK_ULONG dhPubKeyAttrsCount = 
 			sizeof(dhPubKeyAttrs)/sizeof(dhPubKeyAttrs[0]);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = {
     CKA_EC_PARAMS, CKA_EC_POINT
 };
@@ -1279,7 +1279,7 @@ static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = {
 };
 static const CK_ULONG dhPrivKeyAttrsCount = 
 			sizeof(dhPrivKeyAttrs)/sizeof(dhPrivKeyAttrs[0]);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = {
     CKA_EC_PARAMS, CKA_VALUE
 };
@@ -1390,7 +1390,7 @@ stfk_CopyTokenPrivateKey(SFTKObject *destObject,SFTKTokenObject *src_to)
 	crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs,
 							dhPrivKeyAttrsCount);
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs,
 							ecPrivKeyAttrsCount);
@@ -1452,7 +1452,7 @@ stfk_CopyTokenPublicKey(SFTKObject *destObject,SFTKTokenObject *src_to)
 	crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs,
 							dhPubKeyAttrsCount);
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case CKK_EC:
 	crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs,
 							ecPubKeyAttrsCount);
diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c
index e93c662..ffb221b 100644
--- a/security/nss/lib/softoken/sdb.c
+++ b/security/nss/lib/softoken/sdb.c
@@ -2012,7 +2012,17 @@ s_open(const char *directory, const char *certPrefix, const char *keyPrefix,
 
     /* how long does it take to test for a non-existant file in our working
      * directory? Allows us to test if we may be on a network file system */
-    accessOps = sdb_measureAccess(directory);
+    accessOps = 1;
+    {
+        char *env;
+        env = PR_GetEnv("NSS_SDB_USE_CACHE");
+        /* If the environment variable is set to yes or no, sdb_init() will
+         * ignore the value of accessOps, and we can skip the measuring.*/
+        if (!env || ((PORT_Strcasecmp(env, "no") != 0) &&
+                     (PORT_Strcasecmp(env, "yes") != 0))){
+           accessOps = sdb_measureAccess(directory);
+        }
+    }
 
     /*
      * open the cert data base
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index 8bcc948..eb8f06a 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -8,7 +8,7 @@
 #ifndef _SOFTKVER_H_
 #define _SOFTKVER_H_
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
 #define SOFTOKEN_ECC_STRING " Extended ECC"
 #else
@@ -25,10 +25,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.15.4" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION  "3.16.2" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
-#define SOFTOKEN_VMINOR   15
-#define SOFTOKEN_VPATCH   4
+#define SOFTOKEN_VMINOR   16
+#define SOFTOKEN_VPATCH   2
 #define SOFTOKEN_VBUILD   0
 #define SOFTOKEN_BETA     PR_FALSE
 
diff --git a/security/nss/lib/softoken/softoken.h b/security/nss/lib/softoken/softoken.h
index f8606da..fbd00b6 100644
--- a/security/nss/lib/softoken/softoken.h
+++ b/security/nss/lib/softoken/softoken.h
@@ -35,19 +35,6 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
                   const unsigned char *sig, unsigned int sigLen,
                   const unsigned char *hash, unsigned int hashLen);
 
-#ifdef NSS_ENABLE_ECC
-/*
-** pepare an ECParam structure from DEREncoded params
- */
-extern SECStatus EC_FillParams(PLArenaPool *arena,
-                               const SECItem *encodedParams, ECParams *params);
-extern SECStatus EC_DecodeParams(const SECItem *encodedParams, 
-				ECParams **ecparams);
-extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
-              			const ECParams *srcParams);
-#endif
-
-
 /*
 ** Prepare a buffer for padded CBC encryption, growing to the appropriate 
 ** boundary, filling with the appropriate padding.
diff --git a/security/nss/lib/sqlite/config.mk b/security/nss/lib/sqlite/config.mk
index c7b93ed..b0e9390 100644
--- a/security/nss/lib/sqlite/config.mk
+++ b/security/nss/lib/sqlite/config.mk
@@ -22,10 +22,6 @@ OPTIMIZER=
 endif
 endif
 
-ifeq ($(OS_TARGET),SunOS)
-OS_LIBS += -lbsm 
-endif
-
 ifeq ($(OS_TARGET),Darwin)
 # These version numbers come from the -version-info 8:6:8 libtool option in
 # sqlite upstream's Makefile.in.  (Given -version-info current:revision:age,
diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h
index c14d5d8..bbe2bd9 100644
--- a/security/nss/lib/ssl/SSLerrs.h
+++ b/security/nss/lib/ssl/SSLerrs.h
@@ -412,3 +412,9 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
 
 ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
 "Incorrect signature algorithm specified in a digitally-signed element.")
+
+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
+"The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.")
+
+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
+"The server supports no protocols that the client advertises in the ALPN extension.")
diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c
index 35cfe25..b7c38c3 100644
--- a/security/nss/lib/ssl/derive.c
+++ b/security/nss/lib/ssl/derive.c
@@ -617,7 +617,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
     PRBool	      testrsa_export = PR_FALSE;
     PRBool	      testecdh = PR_FALSE;
     PRBool	      testecdhe = PR_FALSE;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECKEYECParams ecParams = { siBuffer, NULL, 0 };
 #endif
 
@@ -634,7 +634,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
     rv = SECFailure;
     
     /* determine which KEAs to test */
-    /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because
+    /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
      * SSL3 and TLS specs forbid negotiating that cipher suite number.
      */
     for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
@@ -647,8 +647,8 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
 	    switch (csdef.cipherSuite) {
 	    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
 	    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
-	    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-	    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
 		testrsa_export = PR_TRUE;
 	    }
 	    if (!testrsa_export)
@@ -755,7 +755,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
 	if (enc_pms.data != NULL) {
 	    SECITEM_FreeItem(&enc_pms, PR_FALSE);
         }
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
 	       (privKeytype == rsaKey && testecdhe); ) {
 	    CK_MECHANISM_TYPE target;
@@ -859,7 +859,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
 	    PORT_Free(ecParams.data);
 	    ecParams.data = NULL;
 	}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	if (pms)
 	    PK11_FreeSymKey(pms);
     }
@@ -877,12 +877,12 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
     if (enc_pms.data != NULL) {
     	SECITEM_FreeItem(&enc_pms, PR_FALSE);
     }
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     if (ecParams.data != NULL) {
         PORT_Free(ecParams.data);
         ecParams.data = NULL;
     }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     if (srvPubkey) {
     	SECKEY_DestroyPublicKey(srvPubkey);
diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c
index 78371e6..4e38461 100644
--- a/security/nss/lib/ssl/dtlscon.c
+++ b/security/nss/lib/ssl/dtlscon.c
@@ -30,19 +30,19 @@ static const PRUint16 COMMON_MTU_VALUES[] = {
 
 /* List copied from ssl3con.c:cipherSuites */
 static const ssl3CipherSuite nonDTLSSuites[] = {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif  /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     TLS_DHE_DSS_WITH_RC4_128_SHA,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-#endif  /* NSS_ENABLE_ECC */
-    SSL_RSA_WITH_RC4_128_MD5,
-    SSL_RSA_WITH_RC4_128_SHA,
+#endif /* NSS_DISABLE_ECC */
+    TLS_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_RC4_128_SHA,
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
     0 /* End of list marker */
 };
 
@@ -51,16 +51,21 @@ static const ssl3CipherSuite nonDTLSSuites[] = {
  *
  * TLS             DTLS
  * 1.1 (0302)      1.0 (feff)
+ * 1.2 (0303)      1.2 (fefd)
  */
 SSL3ProtocolVersion
 dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
 {
-    /* Anything other than TLS 1.1 is an error, so return
-     * the invalid version ffff. */
-    if (tlsv != SSL_LIBRARY_VERSION_TLS_1_1)
-	return 0xffff;
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) {
+        return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+    }
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) {
+        return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
+    }
 
-    return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+    /* Anything other than TLS 1.1 or 1.2 is an error, so return
+     * the invalid version 0xffff. */
+    return 0xffff;
 }
 
 /* Map known DTLS versions to known TLS versions.
@@ -71,14 +76,18 @@ SSL3ProtocolVersion
 dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv)
 {
     if (MSB(dtlsv) == 0xff) {
-	return 0;
+        return 0;
     }
 
-    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE)
-	return SSL_LIBRARY_VERSION_TLS_1_1;
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_2;
+    }
 
     /* Return a fictional higher version than we know of */
-    return SSL_LIBRARY_VERSION_TLS_1_1 + 1;
+    return SSL_LIBRARY_VERSION_TLS_1_2 + 1;
 }
 
 /* On this socket, Disable non-DTLS cipher suites in the argument's list */
@@ -88,9 +97,9 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss)
     const ssl3CipherSuite * suite;
 
     for (suite = nonDTLSSuites; *suite; ++suite) {
-	SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
+        SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
 
-	PORT_Assert(rv == SECSuccess); /* else is coding error */
+        PORT_Assert(rv == SECSuccess); /* else is coding error */
     }
     return SECSuccess;
 }
@@ -101,17 +110,17 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss)
  */
 static DTLSQueuedMessage *
 dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type,
-			const unsigned char *data, PRUint32 len)
+                        const unsigned char *data, PRUint32 len)
 {
     DTLSQueuedMessage *msg = NULL;
 
     msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage));
     if (!msg)
-	return NULL;
+        return NULL;
 
     msg->data = PORT_Alloc(len);
     if (!msg->data) {
-	PORT_Free(msg);
+        PORT_Free(msg);
         return NULL;
     }
     PORT_Memcpy(msg->data, data, len);
@@ -132,7 +141,7 @@ static void
 dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg)
 {
     if (!msg)
-	return;
+        return;
 
     PORT_ZFree(msg->data, msg->len);
     PORT_Free(msg);
@@ -151,9 +160,9 @@ dtls_FreeHandshakeMessages(PRCList *list)
     PRCList *cur_p;
 
     while (!PR_CLIST_IS_EMPTY(list)) {
-	cur_p = PR_LIST_TAIL(list);
-	PR_REMOVE_LINK(cur_p);
-	dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
+        cur_p = PR_LIST_TAIL(list);
+        PR_REMOVE_LINK(cur_p);
+        dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
     }
 }
 
@@ -204,18 +213,18 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
         }
 
         /* Parse the header */
-	type = buf.buf[0];
+        type = buf.buf[0];
         message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
         message_seq = (buf.buf[4] << 8) | buf.buf[5];
         fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
         fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
-	
-#define MAX_HANDSHAKE_MSG_LEN 0x1ffff	/* 128k - 1 */
-	if (message_length > MAX_HANDSHAKE_MSG_LEN) {
-	    (void)ssl3_DecodeError(ss);
-	    PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-	    return SECFailure;
-	}
+
+#define MAX_HANDSHAKE_MSG_LEN 0x1ffff   /* 128k - 1 */
+        if (message_length > MAX_HANDSHAKE_MSG_LEN) {
+            (void)ssl3_DecodeError(ss);
+            PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+            return SECFailure;
+        }
 #undef MAX_HANDSHAKE_MSG_LEN
 
         buf.buf += 12;
@@ -229,7 +238,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
         }
 
         /* Sanity check the packet contents */
-	if ((fragment_length + fragment_offset) > message_length) {
+        if ((fragment_length + fragment_offset) > message_length) {
             PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             rv = SECFailure;
             break;
@@ -245,8 +254,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
          * This is the common case for short messages
          */
         if ((message_seq == ss->ssl3.hs.recvMessageSeq)
-	    && (fragment_offset == 0)
-	    && (fragment_length == message_length)) {
+            && (fragment_offset == 0)
+            && (fragment_length == message_length)) {
             /* Complete next message. Process immediately */
             ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
             ss->ssl3.hs.msg_len = message_length;
@@ -254,14 +263,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
             /* At this point we are advancing our state machine, so
              * we can free our last flight of messages */
             dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-	    ss->ssl3.hs.recvdHighWater = -1;
-	    dtls_CancelTimer(ss);
+            ss->ssl3.hs.recvdHighWater = -1;
+            dtls_CancelTimer(ss);
 
-	    /* Reset the timer to the initial value if the retry counter
-	     * is 0, per Sec. 4.2.4.1 */
-	    if (ss->ssl3.hs.rtRetries == 0) {
-		ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
-	    }
+            /* Reset the timer to the initial value if the retry counter
+             * is 0, per Sec. 4.2.4.1 */
+            if (ss->ssl3.hs.rtRetries == 0) {
+                ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
+            }
 
             rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len);
             if (rv == SECFailure) {
@@ -269,68 +278,68 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
                 break;
             }
         } else {
-	    if (message_seq < ss->ssl3.hs.recvMessageSeq) {
-		/* Case 3: we do an immediate retransmit if we're
-		 * in a waiting state*/
-		if (ss->ssl3.hs.rtTimerCb == NULL) {
-		    /* Ignore */
-		} else if (ss->ssl3.hs.rtTimerCb ==
-			 dtls_RetransmitTimerExpiredCb) {
-		    SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
-				 SSL_GETPID(), ss->fd));
-		    /* Check to see if we retransmitted recently. If so,
-		     * suppress the triggered retransmit. This avoids
-		     * retransmit wars after packet loss.
-		     * This is not in RFC 5346 but should be
-		     */
-		    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
-			(ss->ssl3.hs.rtTimeoutMs / 4)) {
-			    SSL_TRC(30,
-			    ("%d: SSL3[%d]: Shortcutting retransmit timer",
+            if (message_seq < ss->ssl3.hs.recvMessageSeq) {
+                /* Case 3: we do an immediate retransmit if we're
+                 * in a waiting state*/
+                if (ss->ssl3.hs.rtTimerCb == NULL) {
+                    /* Ignore */
+                } else if (ss->ssl3.hs.rtTimerCb ==
+                         dtls_RetransmitTimerExpiredCb) {
+                    SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
+                                 SSL_GETPID(), ss->fd));
+                    /* Check to see if we retransmitted recently. If so,
+                     * suppress the triggered retransmit. This avoids
+                     * retransmit wars after packet loss.
+                     * This is not in RFC 5346 but should be
+                     */
+                    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
+                        (ss->ssl3.hs.rtTimeoutMs / 4)) {
+                            SSL_TRC(30,
+                            ("%d: SSL3[%d]: Shortcutting retransmit timer",
                             SSL_GETPID(), ss->fd));
 
-			    /* Cancel the timer and call the CB,
-			     * which re-arms the timer */
-			    dtls_CancelTimer(ss);
-			    dtls_RetransmitTimerExpiredCb(ss);
-			    rv = SECSuccess;
-			    break;
-			} else {
-			    SSL_TRC(30,
-			    ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
+                            /* Cancel the timer and call the CB,
+                             * which re-arms the timer */
+                            dtls_CancelTimer(ss);
+                            dtls_RetransmitTimerExpiredCb(ss);
+                            rv = SECSuccess;
+                            break;
+                        } else {
+                            SSL_TRC(30,
+                            ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
                             SSL_GETPID(), ss->fd));
-			    rv = SECSuccess;
-			    break;
-			}
-		} else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
-		    /* Retransmit the messages and re-arm the timer
-		     * Note that we are not backing off the timer here.
-		     * The spec isn't clear and my reasoning is that this
-		     * may be a re-ordered packet rather than slowness,
-		     * so let's be aggressive. */
-		    dtls_CancelTimer(ss);
-		    rv = dtls_TransmitMessageFlight(ss);
-		    if (rv == SECSuccess) {
-			rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
-		    }
-		    if (rv != SECSuccess)
-			return rv;
-		    break;
-		}
-	    } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
-		/* Case 2
+                            rv = SECSuccess;
+                            break;
+                        }
+                } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
+                    /* Retransmit the messages and re-arm the timer
+                     * Note that we are not backing off the timer here.
+                     * The spec isn't clear and my reasoning is that this
+                     * may be a re-ordered packet rather than slowness,
+                     * so let's be aggressive. */
+                    dtls_CancelTimer(ss);
+                    rv = dtls_TransmitMessageFlight(ss);
+                    if (rv == SECSuccess) {
+                        rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
+                    }
+                    if (rv != SECSuccess)
+                        return rv;
+                    break;
+                }
+            } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
+                /* Case 2
                  *
-		 * Ignore this message. This means we don't handle out of
-		 * order complete messages that well, but we're still
-		 * compliant and this probably does not happen often
+                 * Ignore this message. This means we don't handle out of
+                 * order complete messages that well, but we're still
+                 * compliant and this probably does not happen often
                  *
-		 * XXX OK for now. Maybe do something smarter at some point?
-		 */
-	    } else {
-		/* Case 1
+                 * XXX OK for now. Maybe do something smarter at some point?
+                 */
+            } else {
+                /* Case 1
                  *
-		 * Buffer the fragment for reassembly
-		 */
+                 * Buffer the fragment for reassembly
+                 */
                 /* Make room for the message */
                 if (ss->ssl3.hs.recvdHighWater == -1) {
                     PRUint32 map_length = OFFSET_BYTE(message_length) + 1;
@@ -347,8 +356,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
                     /* Reset the reassembly map */
                     ss->ssl3.hs.recvdHighWater = 0;
                     PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0,
-				ss->ssl3.hs.recvdFragments.space);
-		    ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
+                                ss->ssl3.hs.recvdFragments.space);
+                    ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
                     ss->ssl3.hs.msg_len = message_length;
                 }
 
@@ -381,7 +390,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
                  * case of adjacent fragments received in sequence
                  */
                 if (fragment_offset <= ss->ssl3.hs.recvdHighWater) {
-		    /* Either this is the adjacent fragment or an overlapping
+                    /* Either this is the adjacent fragment or an overlapping
                      * fragment */
                     ss->ssl3.hs.recvdHighWater = fragment_offset +
                                                  fragment_length;
@@ -397,9 +406,9 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
                 /* Now figure out the new high water mark if appropriate */
                 for (offset = ss->ssl3.hs.recvdHighWater;
                      offset < ss->ssl3.hs.msg_len; offset++) {
-		    /* Note that this loop is not efficient, since it counts
-		     * bit by bit. If we have a lot of out-of-order packets,
-		     * we should optimize this */
+                    /* Note that this loop is not efficient, since it counts
+                     * bit by bit. If we have a lot of out-of-order packets,
+                     * we should optimize this */
                     if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
                         OFFSET_MASK(offset)) {
                         ss->ssl3.hs.recvdHighWater++;
@@ -418,25 +427,25 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
                     if (rv == SECFailure)
                         break; /* Skip rest of record */
 
-		    /* At this point we are advancing our state machine, so
-		     * we can free our last flight of messages */
-		    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-		    dtls_CancelTimer(ss);
+                    /* At this point we are advancing our state machine, so
+                     * we can free our last flight of messages */
+                    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+                    dtls_CancelTimer(ss);
 
-		    /* If there have been no retries this time, reset the
-		     * timer value to the default per Section 4.2.4.1 */
-		    if (ss->ssl3.hs.rtRetries == 0) {
-			ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
-		    }
+                    /* If there have been no retries this time, reset the
+                     * timer value to the default per Section 4.2.4.1 */
+                    if (ss->ssl3.hs.rtRetries == 0) {
+                        ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
+                    }
                 }
             }
         }
 
-	buf.buf += fragment_length;
+        buf.buf += fragment_length;
         buf.len -= fragment_length;
     }
 
-    origBuf->len = 0;	/* So ssl3_GatherAppDataRecord will keep looping. */
+    origBuf->len = 0;   /* So ssl3_GatherAppDataRecord will keep looping. */
 
     /* XXX OK for now. In future handle rv == SECWouldBlock safely in order
      * to deal with asynchronous certificate verification */
@@ -461,10 +470,10 @@ SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
     msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn);
 
     if (!msg) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
     } else {
-	PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
+        PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
     }
 
     return rv;
@@ -490,7 +499,7 @@ dtls_StageHandshakeMessage(sslSocket *ss)
     /* This function is sometimes called when no data is actually to
      * be staged, so just return SECSuccess. */
     if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
-	return rv;
+        return rv;
 
     rv = dtls_QueueMessage(ss, content_handshake,
                            ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len);
@@ -522,11 +531,11 @@ dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
         rv = dtls_TransmitMessageFlight(ss);
         if (rv != SECSuccess)
             return rv;
-	
-	if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
-	    ss->ssl3.hs.rtRetries = 0;
-	    rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb);
-	}
+
+        if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
+            ss->ssl3.hs.rtRetries = 0;
+            rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb);
+        }
     }
 
     return rv;
@@ -546,22 +555,22 @@ dtls_RetransmitTimerExpiredCb(sslSocket *ss)
     ss->ssl3.hs.rtRetries++;
 
     if (!(ss->ssl3.hs.rtRetries % 3)) {
-	/* If one of the messages was potentially greater than > MTU,
-	 * then downgrade. Do this every time we have retransmitted a
-	 * message twice, per RFC 6347 Sec. 4.1.1 */
-	dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
+        /* If one of the messages was potentially greater than > MTU,
+         * then downgrade. Do this every time we have retransmitted a
+         * message twice, per RFC 6347 Sec. 4.1.1 */
+        dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
     }
-	
+
     rv = dtls_TransmitMessageFlight(ss);
     if (rv == SECSuccess) {
 
-	/* Re-arm the timer */
-	rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb);
+        /* Re-arm the timer */
+        rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb);
     }
 
     if (rv == SECFailure) {
-	/* XXX OK for now. In future maybe signal the stack that we couldn't
-	 * transmit. For now, let the read handle any real network errors */
+        /* XXX OK for now. In future maybe signal the stack that we couldn't
+         * transmit. For now, let the read handle any real network errors */
     }
 }
 
@@ -591,87 +600,87 @@ dtls_TransmitMessageFlight(sslSocket *ss)
      */
     PORT_Assert(!ss->pendingBuf.len);
     for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight);
-	 msg_p != &ss->ssl3.hs.lastMessageFlight;
-	 msg_p = PR_NEXT_LINK(msg_p)) {
+         msg_p != &ss->ssl3.hs.lastMessageFlight;
+         msg_p = PR_NEXT_LINK(msg_p)) {
         DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p;
 
         /* The logic here is:
          *
-	 * 1. If this is a message that will not fit into the remaining
-	 *    space, then flush.
-	 * 2. If the message will now fit into the remaining space,
+         * 1. If this is a message that will not fit into the remaining
+         *    space, then flush.
+         * 2. If the message will now fit into the remaining space,
          *    encrypt, buffer, and loop.
          * 3. If the message will not fit, then fragment.
          *
-	 * At the end of the function, flush.
+         * At the end of the function, flush.
          */
         if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) {
-	    /* The message will not fit into the remaining space, so flush */
-	    rv = dtls_SendSavedWriteData(ss);
-	    if (rv != SECSuccess)
-		break;
+            /* The message will not fit into the remaining space, so flush */
+            rv = dtls_SendSavedWriteData(ss);
+            if (rv != SECSuccess)
+                break;
 
             room_left = ss->ssl3.mtu;
-	}
+        }
 
         if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) {
             /* The message will fit, so encrypt and then continue with the
-	     * next packet */
+             * next packet */
             sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
-				   msg->data, msg->len,
-				   ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-				   ssl_SEND_FLAG_USE_EPOCH);
+                                   msg->data, msg->len,
+                                   ssl_SEND_FLAG_FORCE_INTO_BUFFER |
+                                   ssl_SEND_FLAG_USE_EPOCH);
             if (sent != msg->len) {
-		rv = SECFailure;
-		if (sent != -1) {
-		    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-		}
+                rv = SECFailure;
+                if (sent != -1) {
+                    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                }
                 break;
-	    }
+            }
 
             room_left = ss->ssl3.mtu - ss->pendingBuf.len;
         } else {
             /* The message will not fit, so fragment.
              *
-	     * XXX OK for now. Arrange to coalesce the last fragment
-	     * of this message with the next message if possible.
-	     * That would be more efficient.
-	     */
+             * XXX OK for now. Arrange to coalesce the last fragment
+             * of this message with the next message if possible.
+             * That would be more efficient.
+             */
             PRUint32 fragment_offset = 0;
             unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest
                                                    * plausible MTU */
 
-	    /* Assert that we have already flushed */
-	    PORT_Assert(room_left == ss->ssl3.mtu);
+            /* Assert that we have already flushed */
+            PORT_Assert(room_left == ss->ssl3.mtu);
 
             /* Case 3: We now need to fragment this message
              * DTLS only supports fragmenting handshaking messages */
             PORT_Assert(msg->type == content_handshake);
 
-	    /* The headers consume 12 bytes so the smalles possible
-	     *  message (i.e., an empty one) is 12 bytes
-	     */
-	    PORT_Assert(msg->len >= 12);
+            /* The headers consume 12 bytes so the smalles possible
+             *  message (i.e., an empty one) is 12 bytes
+             */
+            PORT_Assert(msg->len >= 12);
 
             while ((fragment_offset + 12) < msg->len) {
                 PRUint32 fragment_len;
                 const unsigned char *content = msg->data + 12;
                 PRUint32 content_len = msg->len - 12;
 
-		/* The reason we use 8 here is that that's the length of
-		 * the new DTLS data that we add to the header */
+                /* The reason we use 8 here is that that's the length of
+                 * the new DTLS data that we add to the header */
                 fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8),
                                       content_len - fragment_offset);
-		PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
-		/* Make totally sure that we are within the buffer.
-		 * Note that the only way that fragment len could get
-		 * adjusted here is if
+                PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
+                /* Make totally sure that we are within the buffer.
+                 * Note that the only way that fragment len could get
+                 * adjusted here is if
                  *
-		 * (a) we are in release mode so the PORT_Assert is compiled out
-		 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
-		 * or ss->ssl3.mtu has become corrupt.
-		 */
-		fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
+                 * (a) we are in release mode so the PORT_Assert is compiled out
+                 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
+                 * or ss->ssl3.mtu has become corrupt.
+                 */
+                fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
 
                 /* Construct an appropriate-sized fragment */
                 /* Type, length, sequence */
@@ -691,25 +700,25 @@ dtls_TransmitMessageFlight(sslSocket *ss)
                             fragment_len);
 
                 /*
-		 *  Send the record. We do this in two stages
-		 * 1. Encrypt
-		 */
+                 *  Send the record. We do this in two stages
+                 * 1. Encrypt
+                 */
                 sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
                                        fragment, fragment_len + 12,
                                        ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-				       ssl_SEND_FLAG_USE_EPOCH);
+                                       ssl_SEND_FLAG_USE_EPOCH);
                 if (sent != (fragment_len + 12)) {
-		    rv = SECFailure;
-		    if (sent != -1) {
-			PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-		    }
-		    break;
-		}
-		
-		/* 2. Flush */
-		rv = dtls_SendSavedWriteData(ss);
-		if (rv != SECSuccess)
-		    break;
+                    rv = SECFailure;
+                    if (sent != -1) {
+                        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                    }
+                    break;
+                }
+
+                /* 2. Flush */
+                rv = dtls_SendSavedWriteData(ss);
+                if (rv != SECSuccess)
+                    break;
 
                 fragment_offset += fragment_len;
             }
@@ -718,7 +727,7 @@ dtls_TransmitMessageFlight(sslSocket *ss)
 
     /* Finally, we need to flush */
     if (rv == SECSuccess)
-	rv = dtls_SendSavedWriteData(ss);
+        rv = dtls_SendSavedWriteData(ss);
 
     /* Give up the locks */
     ssl_ReleaseSpecReadLock(ss);
@@ -740,19 +749,19 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss)
 
     sent = ssl_SendSavedWriteData(ss);
     if (sent < 0)
-	return SECFailure;
+        return SECFailure;
 
     /* We should always have complete writes b/c datagram sockets
      * don't really block */
     if (ss->pendingBuf.len > 0) {
-	ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-    	return SECFailure;
+        ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
+        return SECFailure;
     }
 
     /* Update the largest message sent so we can adjust the MTU
      * estimate if necessary */
     if (sent > ss->ssl3.hs.maxMessageSent)
-	ss->ssl3.hs.maxMessageSent = sent;
+        ss->ssl3.hs.maxMessageSent = sent;
 
     return SECSuccess;
 }
@@ -767,16 +776,16 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss)
 SECStatus
 dtls_CompressMACEncryptRecord(sslSocket *        ss,
                               DTLSEpoch          epoch,
-			      PRBool             use_epoch,
+                              PRBool             use_epoch,
                               SSL3ContentType    type,
-		              const SSL3Opaque * pIn,
-		              PRUint32           contentLen,
-			      sslBuffer        * wrBuf)
+                              const SSL3Opaque * pIn,
+                              PRUint32           contentLen,
+                              sslBuffer        * wrBuf)
 {
     SECStatus rv = SECFailure;
     ssl3CipherSpec *          cwSpec;
 
-    ssl_GetSpecReadLock(ss);	/********************************/
+    ssl_GetSpecReadLock(ss);    /********************************/
 
     /* The reason for this switch-hitting code is that we might have
      * a flight of records spanning an epoch boundary, e.g.,
@@ -789,23 +798,23 @@ dtls_CompressMACEncryptRecord(sslSocket *        ss,
      * about which epoch to use is carried with the record.
      */
     if (use_epoch) {
-	if (ss->ssl3.cwSpec->epoch == epoch)
-	    cwSpec = ss->ssl3.cwSpec;
-	else if (ss->ssl3.pwSpec->epoch == epoch)
-	    cwSpec = ss->ssl3.pwSpec;
-	else
-	    cwSpec = NULL;
+        if (ss->ssl3.cwSpec->epoch == epoch)
+            cwSpec = ss->ssl3.cwSpec;
+        else if (ss->ssl3.pwSpec->epoch == epoch)
+            cwSpec = ss->ssl3.pwSpec;
+        else
+            cwSpec = NULL;
     } else {
-	cwSpec = ss->ssl3.cwSpec;
+        cwSpec = ss->ssl3.cwSpec;
     }
 
     if (cwSpec) {
         rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
-					   PR_FALSE, type, pIn, contentLen,
-					   wrBuf);
+                                           PR_FALSE, type, pIn, contentLen,
+                                           wrBuf);
     } else {
         PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     }
     ssl_ReleaseSpecReadLock(ss); /************************************/
 
@@ -838,9 +847,9 @@ SECStatus
 dtls_RestartTimer(sslSocket *ss, PRBool backoff, DTLSTimerCb cb)
 {
     if (backoff) {
-	ss->ssl3.hs.rtTimeoutMs *= 2;
-	if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS)
-	    ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS;
+        ss->ssl3.hs.rtTimeoutMs *= 2;
+        if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS)
+            ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS;
     }
 
     return dtls_StartTimer(ss, cb);
@@ -868,18 +877,18 @@ void
 dtls_CheckTimer(sslSocket *ss)
 {
     if (!ss->ssl3.hs.rtTimerCb)
-	return;
+        return;
 
     if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
-	PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
-	/* Timer has expired */
-	DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
-	
-	/* Cancel the timer so that we can call the CB safely */
-	dtls_CancelTimer(ss);
-
-	/* Now call the CB */
-	cb(ss);
+        PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
+        /* Timer has expired */
+        DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
+
+        /* Cancel the timer so that we can call the CB safely */
+        dtls_CancelTimer(ss);
+
+        /* Now call the CB */
+        cb(ss);
     }
 }
 
@@ -928,17 +937,17 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised)
     int i;
 
     if (advertised == 0) {
-	ss->ssl3.mtu = COMMON_MTU_VALUES[0];
-	SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
-	return;
+        ss->ssl3.mtu = COMMON_MTU_VALUES[0];
+        SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+        return;
     }
-	
+
     for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) {
-	if (COMMON_MTU_VALUES[i] <= advertised) {
-	    ss->ssl3.mtu = COMMON_MTU_VALUES[i];
-	    SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
-	    return;
-	}
+        if (COMMON_MTU_VALUES[i] <= advertised) {
+            ss->ssl3.mtu = COMMON_MTU_VALUES[i];
+            SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+            return;
+        }
     }
 
     /* Fallback */
@@ -953,57 +962,57 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised)
 SECStatus
 dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 {
-    int                 errCode	= SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
+    int                 errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
     SECStatus           rv;
     PRInt32             temp;
     SECItem             cookie = {siBuffer, NULL, 0};
     SSL3AlertDescription desc   = illegal_parameter;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake",
-    	SSL_GETPID(), ss->fd));
+        SSL_GETPID(), ss->fd));
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     if (ss->ssl3.hs.ws != wait_server_hello) {
         errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST;
-	desc    = unexpected_message;
-	goto alert_loser;
+        desc    = unexpected_message;
+        goto alert_loser;
     }
 
     /* The version */
     temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
     if (temp < 0) {
-    	goto loser; 	/* alert has been sent */
+        goto loser;     /* alert has been sent */
     }
 
-    if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
-	/* Note: this will need adjustment for DTLS 1.2 per Section 4.2.1 */
-	goto alert_loser;
+    if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE &&
+        temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
+        goto alert_loser;
     }
 
     /* The cookie */
     rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length);
     if (rv != SECSuccess) {
-    	goto loser; 	/* alert has been sent */
+        goto loser;     /* alert has been sent */
     }
     if (cookie.len > DTLS_COOKIE_BYTES) {
-	desc = decode_error;
-	goto alert_loser;	/* malformed. */
+        desc = decode_error;
+        goto alert_loser;       /* malformed. */
     }
 
     PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len);
     ss->ssl3.hs.cookieLen = cookie.len;
 
 
-    ssl_GetXmitBufLock(ss);		/*******************************/
+    ssl_GetXmitBufLock(ss);             /*******************************/
 
     /* Now re-send the client hello */
     rv = ssl3_SendClientHello(ss, PR_TRUE);
 
-    ssl_ReleaseXmitBufLock(ss);		/*******************************/
+    ssl_ReleaseXmitBufLock(ss);         /*******************************/
 
     if (rv == SECSuccess)
-	return rv;
+        return rv;
 
 alert_loser:
     (void)SSL3_SendAlert(ss, alert_fatal, desc);
@@ -1042,14 +1051,14 @@ dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq)
 
     /* Out of range to the left */
     if (seq < records->left) {
-	return -1;
+        return -1;
     }
 
     /* Out of range to the right; since we advance the window on
      * receipt, that means that this packet has not been received
      * yet */
     if (seq > records->right)
-	return 0;
+        return 0;
 
     offset = seq % DTLS_RECVD_RECORDS_WINDOW;
 
@@ -1066,34 +1075,34 @@ dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq)
     PRUint64 offset;
 
     if (seq < records->left)
-	return;
+        return;
 
     if (seq > records->right) {
-	PRUint64 new_left;
-	PRUint64 new_right;
-	PRUint64 right;
+        PRUint64 new_left;
+        PRUint64 new_right;
+        PRUint64 right;
 
-	/* Slide to the right; this is the tricky part
+        /* Slide to the right; this is the tricky part
          *
-	 * 1. new_top is set to have room for seq, on the
-	 *    next byte boundary by setting the right 8
-	 *    bits of seq
+         * 1. new_top is set to have room for seq, on the
+         *    next byte boundary by setting the right 8
+         *    bits of seq
          * 2. new_left is set to compensate.
          * 3. Zero all bits between top and new_top. Since
          *    this is a ring, this zeroes everything as-yet
-	 *    unseen. Because we always operate on byte
-	 *    boundaries, we can zero one byte at a time
-	 */
-	new_right = seq | 0x07;
-	new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
-
-	for (right = records->right + 8; right <= new_right; right += 8) {
-	    offset = right % DTLS_RECVD_RECORDS_WINDOW;
-	    records->data[offset / 8] = 0;
-	}
-
-	records->right = new_right;
-	records->left = new_left;
+         *    unseen. Because we always operate on byte
+         *    boundaries, we can zero one byte at a time
+         */
+        new_right = seq | 0x07;
+        new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
+
+        for (right = records->right + 8; right <= new_right; right += 8) {
+            offset = right % DTLS_RECVD_RECORDS_WINDOW;
+            records->data[offset / 8] = 0;
+        }
+
+        records->right = new_right;
+        records->left = new_left;
     }
 
     offset = seq % DTLS_RECVD_RECORDS_WINDOW;
diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h
index 79987e6..35418e3 100644
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@@ -162,6 +162,26 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
 #define SSL_CBC_RANDOM_IV 23
 #define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
 
+/* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
+ * handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
+ * application layer protocol negotiation; otherwise, the NPN extension will
+ * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
+ * may change in future versions.
+ */
+#define SSL_ENABLE_NPN 25
+
+/* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
+ * initial handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control
+ * the application layer protocol negotiation; otherwise, the ALPN extension
+ * will not be negotiated. ALPN is not negotiated for renegotiation handshakes,
+ * even though the ALPN specification defines a way to use ALPN during
+ * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this
+ * may change in future versions.
+ */
+#define SSL_ENABLE_ALPN 26
+
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
@@ -206,6 +226,16 @@ SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
  * protocol in server-preference order. If no matching protocol is found it
  * selects the first supported protocol.
  *
+ * Using this function also allows the client to transparently support ALPN.
+ * The same set of protocols will be advertised via ALPN and, if the server
+ * uses ALPN to select a protocol, SSL_GetNextProto will return
+ * SSL_NEXT_PROTO_SELECTED as the state.
+ *
+ * Since NPN uses the first protocol as the fallback protocol, when sending an
+ * ALPN extension, the first protocol is moved to the end of the list. This
+ * indicates that the fallback protocol is the least preferred. The other
+ * protocols should be in preference order.
+ *
  * The supported protocols are specified in |data| in wire-format (8-bit
  * length-prefixed). For example: "\010http/1.1\006spdy/2". */
 SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
@@ -215,7 +245,8 @@ SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
 typedef enum SSLNextProtoState { 
   SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support                */
   SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement               */
-  SSL_NEXT_PROTO_NO_OVERLAP = 2  /* No protocol overlap found      */
+  SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found      */
+  SSL_NEXT_PROTO_SELECTED   = 3  /* Server selected proto (ALPN)   */
 } SSLNextProtoState;
 
 /* SSL_GetNextProto can be used in the HandshakeCallback or any time after
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index a7144ea..01164e5 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -89,7 +89,7 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt,
 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
    /*      cipher_suite                     policy       enabled   isPresent */
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
  { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
@@ -105,7 +105,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
  { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
@@ -118,11 +118,11 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
  { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -131,7 +131,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
  { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
  /* RSA */
  { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
@@ -143,34 +143,34 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 
  /* 56-bit DES "domestic" cipher suites */
- { SSL_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_DES_CBC_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 1024-bit public key exchange keys */
  { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 512-bit public key exchange keys */
- { SSL_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* ciphersuites with no encryption */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
  { TLS_ECDHE_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_NULL_SHA,             SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_NULL_SHA,              SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_NULL_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
- { SSL_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+#endif /* NSS_DISABLE_ECC */
+ { TLS_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_NULL_SHA256,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
 };
 
 /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
@@ -224,9 +224,9 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
 
 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
     ct_RSA_sign,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     ct_ECDSA_sign,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     ct_DSS_sign,
 };
 
@@ -238,7 +238,7 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
  * CertificateVerify messages that use the handshake hash. */
 static const PRUint8 supported_signature_algorithms[] = {
     tls_hash_sha256, tls_sig_rsa,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     tls_hash_sha256, tls_sig_ecdsa,
 #endif
     tls_hash_sha256, tls_sig_dsa,
@@ -299,13 +299,13 @@ static const ssl3KEADef kea_defs[] =
     {kea_dh_anon,        kt_dh,       sign_null, PR_FALSE,   0, PR_FALSE},
     {kea_dh_anon_export, kt_dh,       sign_null, PR_TRUE,  512, PR_FALSE},
     {kea_rsa_fips,       kt_rsa,      sign_rsa,  PR_FALSE,   0, PR_TRUE },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     {kea_ecdh_ecdsa,     kt_ecdh,     sign_ecdsa,  PR_FALSE, 0, PR_FALSE},
     {kea_ecdhe_ecdsa,    kt_ecdh,     sign_ecdsa,  PR_FALSE,   0, PR_FALSE},
     {kea_ecdh_rsa,       kt_ecdh,     sign_rsa,  PR_FALSE,   0, PR_FALSE},
     {kea_ecdhe_rsa,      kt_ecdh,     sign_rsa,  PR_FALSE,   0, PR_FALSE},
     {kea_ecdh_anon,      kt_ecdh,     sign_null,  PR_FALSE,   0, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 };
 
 /* must use ssl_LookupCipherSuiteDef to access */
@@ -313,49 +313,49 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
 {
 /*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg */
 
-    {SSL_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
-    {SSL_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
-    {SSL_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
+    {TLS_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
+    {TLS_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
+    {TLS_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
     {TLS_RSA_WITH_NULL_SHA256,      cipher_null,   hmac_sha256, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
-    {SSL_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
-    {SSL_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
+    {TLS_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
+    {TLS_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
                                     cipher_rc2_40, mac_md5, kea_rsa_export},
 #if 0 /* not implemented */
-    {SSL_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_rsa_export},
 #endif
-    {SSL_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
-    {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
-    {SSL_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
-    {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    {TLS_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
+    {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
+    {TLS_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
+    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_dss},
     {TLS_DHE_DSS_WITH_RC4_128_SHA,  cipher_rc4,    mac_sha, kea_dhe_dss},
 #if 0 /* not implemented */
-    {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
-    {SSL_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
-    {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
+    {TLS_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
+    {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
-    {SSL_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
-    {SSL_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
-    {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
+    {TLS_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
+    {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
 #endif
-    {SSL_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
-    {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    {TLS_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
+    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_rsa},
 #if 0
     {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
-    {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_anon_export},
-    {SSL_DH_ANON_DES_CBC_SHA,       cipher_des,    mac_sha, kea_dh_anon},
-    {SSL_DH_ANON_3DES_CBC_SHA,      cipher_3des,   mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des,   mac_sha, kea_dh_anon},
 #endif
 
 
@@ -373,10 +373,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
 #if 0
     {TLS_DH_DSS_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
     {TLS_DH_DSS_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
 #endif
 
     {TLS_RSA_WITH_SEED_CBC_SHA,	    cipher_seed,   mac_sha, kea_rsa},
@@ -405,7 +405,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
     {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
     {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     {TLS_ECDH_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdh_ecdsa},
     {TLS_ECDH_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdh_ecdsa},
     {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
@@ -439,7 +439,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
     {TLS_ECDH_anon_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdh_anon},
     {TLS_ECDH_anon_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdh_anon},
 #endif
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 };
 
 static const CK_MECHANISM_TYPE kea_alg_defs[] = {
@@ -512,7 +512,7 @@ const char * const ssl3_cipherName[] = {
     "missing"
 };
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /* The ECCWrappedKeyInfo structure defines how various pieces of 
  * information are laid out within wrappedSymmetricWrappingkey 
  * for ECDH key exchange. Since wrappedSymmetricWrappingkey is 
@@ -534,7 +534,7 @@ typedef struct ECCWrappedKeyInfoStr {
     PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
     /* EC public-key params, the EC public value and the wrapped key  */
 } ECCWrappedKeyInfo;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 #if defined(TRACE)
 
@@ -622,17 +622,18 @@ ssl3_CipherSuiteAllowedForVersionRange(
      * later. This set of cipher suites is similar to, but different from, the
      * set of cipher suites considered exportable by SSL_IsExportCipherSuite.
      */
-    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
-    /*   SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
-     *   SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5:     never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+    /*   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
+     *   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:     never implemented
+     *   TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:  never implemented
      */
 	return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
+
     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
@@ -645,6 +646,31 @@ ssl3_CipherSuiteAllowedForVersionRange(
     case TLS_RSA_WITH_AES_128_GCM_SHA256:
     case TLS_RSA_WITH_NULL_SHA256:
 	return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
+
+    /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
+     * point formats.*/
+    case TLS_ECDH_ECDSA_WITH_NULL_SHA:
+    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+    case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+    case TLS_ECDH_RSA_WITH_NULL_SHA:
+    case TLS_ECDH_RSA_WITH_RC4_128_SHA:
+    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+    case TLS_ECDHE_RSA_WITH_NULL_SHA:
+    case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+	return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0;
+
     default:
 	return PR_TRUE;
     }
@@ -731,7 +757,7 @@ ssl3_config_match_init(sslSocket *ss)
 	    cipher_mech = alg2Mech[cipher_alg].cmech;
 	    exchKeyType =
 	    	    kea_defs[cipher_def->key_exchange_alg].exchKeyType;
-#ifndef NSS_ENABLE_ECC
+#ifdef NSS_DISABLE_ECC
 	    svrAuth = ss->serverCerts + exchKeyType;
 #else
 	    /* XXX SSLKEAType isn't really a good choice for 
@@ -765,7 +791,7 @@ ssl3_config_match_init(sslSocket *ss)
 		svrAuth = ss->serverCerts + exchKeyType;
 		break;
 	    }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 	    /* Mark the suites that are backed by real tokens, certs and keys */
 	    suite->isPresent = (PRBool)
@@ -924,7 +950,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
 	    hashItem.len = hash->len;
 	}
 	break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case ecKey:
 	doDerEncode = PR_TRUE;
 	/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@@ -937,7 +963,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
 	    hashItem.len = hash->len;
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     default:
 	PORT_SetError(SEC_ERROR_INVALID_KEY);
 	goto done;
@@ -1035,7 +1061,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
 	}
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case ecKey:
 	encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
 	/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@@ -1053,7 +1079,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
 	    hashItem.len = hash->len;
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
     	SECKEY_DestroyPublicKey(key);
@@ -3471,6 +3497,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
 		SSL_GETPID(), ss->fd));
 
     if (ws != wait_change_cipher) {
+	if (IS_DTLS(ss)) {
+	    /* Ignore this because it's out of order. */
+	    SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
+			"DTLS change_cipher_spec",
+			SSL_GETPID(), ss->fd));
+	    buf->len = 0;
+	    return SECSuccess;
+	}
 	(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
 	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
 	return SECFailure;
@@ -4840,6 +4874,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
     int              actual_count = 0;
     PRBool           isTLS = PR_FALSE;
     PRInt32          total_exten_len = 0;
+    unsigned         paddingExtensionLen;
     unsigned         numCompressionMethods;
     PRInt32          flags;
 
@@ -5077,12 +5112,12 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
 	    total_exten_len += 2;
     }
 
-#if defined(NSS_ENABLE_ECC)
+#ifndef NSS_DISABLE_ECC
     if (!total_exten_len || !isTLS) {
 	/* not sending the elliptic_curves and ec_point_formats extensions */
     	ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
     }
-#endif
+#endif /* NSS_DISABLE_ECC */
 
     if (IS_DTLS(ss)) {
 	ssl3_DisableNonDTLSSuites(ss);
@@ -5113,6 +5148,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
 	length += 1 + ss->ssl3.hs.cookieLen;
     }
 
+    /* A padding extension may be included to ensure that the record containing
+     * the ClientHello doesn't have a length between 256 and 511 bytes
+     * (inclusive). Initial, ClientHello records with such lengths trigger bugs
+     * in F5 devices.
+     *
+     * This is not done for DTLS nor for renegotiation. */
+    if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
+        paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
+        total_exten_len += paddingExtensionLen;
+        length += paddingExtensionLen;
+    } else {
+        paddingExtensionLen = 0;
+    }
+
     rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
     if (rv != SECSuccess) {
 	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
@@ -5156,7 +5205,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
 	rv = ssl3_AppendHandshakeVariable(
 	    ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
     else
-	rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+	rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
     if (rv != SECSuccess) {
 	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
 	return rv;	/* err set by ssl3_AppendHandshake* */
@@ -5247,6 +5296,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
 	    return SECFailure;
 	}
 	maxBytes -= extLen;
+
+	extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
+	if (extLen < 0) {
+	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
+	    return SECFailure;
+	}
+	maxBytes -= extLen;
+
 	PORT_Assert(!maxBytes);
     } 
 
@@ -5371,11 +5428,11 @@ ssl_UnwrapSymWrappingKey(
 {
     PK11SymKey *             unwrappedWrappingKey  = NULL;
     SECItem                  wrappedKey;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PK11SymKey *             Ks;
     SECKEYPublicKey          pubWrapKey;
     ECCWrappedKeyInfo        *ecWrapped;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     /* found the wrapping key on disk. */
     PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
@@ -5397,7 +5454,7 @@ ssl_UnwrapSymWrappingKey(
 				 masterWrapMech, CKA_UNWRAP, 0);
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
         /* 
          * For kt_ecdh, we first create an EC public key based on
@@ -5536,12 +5593,12 @@ getWrappingKey( sslSocket *       ss,
     SECStatus                rv;
     SECItem                  wrappedKey;
     SSLWrappedSymWrappingKey wswk;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PK11SymKey *      Ks = NULL;
     SECKEYPublicKey   *pubWrapKey = NULL;
     SECKEYPrivateKey  *privWrapKey = NULL;
     ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     svrPrivKey  = ss->serverCerts[exchKeyType].SERVERKEY;
     PORT_Assert(svrPrivKey != NULL);
@@ -5624,7 +5681,7 @@ getWrappingKey( sslSocket *       ss,
 	                        unwrappedWrappingKey, &wrappedKey);
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	/*
 	 * We generate an ephemeral EC key pair. Perform an ECDH
@@ -5710,7 +5767,7 @@ ec_cleanup:
 	if (Ks) PK11_FreeSymKey(Ks);
 	asymWrapMechanism = masterWrapMech;
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	rv = SECFailure;
@@ -6023,11 +6080,11 @@ ssl3_SendClientKeyExchange(sslSocket *ss)
 	rv = sendDHClientKeyExchange(ss, serverKey);
 	break;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	/* got an unknown or unsupported Key Exchange Algorithm.  */
@@ -6755,11 +6812,11 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     	return SECSuccess;
     }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
 	return rv;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
     	desc    = handshake_failure;
@@ -7497,14 +7554,14 @@ ssl3_SendServerHelloSequence(sslSocket *ss)
 	    return rv;
 #endif
 	}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     } else if ((kea_def->kea == kea_ecdhe_rsa) ||
 	       (kea_def->kea == kea_ecdhe_ecdsa)) {
 	rv = ssl3_SendServerKeyExchange(ss);
 	if (rv != SECSuccess) {
 	    return rv;	/* err code was set. */
 	}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
     }
 
     if (ss->opt.requestCertificate) {
@@ -7792,7 +7849,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	}
     }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* Disable any ECC cipher suites for which we have no cert. */
     ssl3_FilterECCipherSuitesByServerCerts(ss);
 #endif
@@ -8409,7 +8466,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
 
     PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
 		   SSL3_RANDOM_LENGTH));
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* Disable any ECC cipher suites for which we have no cert. */
     ssl3_FilterECCipherSuitesByServerCerts(ss);
 #endif
@@ -8591,7 +8648,7 @@ ssl3_SendServerHello(sslSocket *ss)
 	rv = ssl3_AppendHandshakeVariable(
 	    ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
     else
-	rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+	rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
     if (rv != SECSuccess) {
 	return rv;	/* err set by AppendHandshake. */
     }
@@ -8798,12 +8855,12 @@ ssl3_SendServerKeyExchange(sslSocket *ss)
 	PORT_Free(signed_hash.data);
 	return SECSuccess;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh: {
 	rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
 	return rv;
     }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     case kt_dh:
     case kt_null:
@@ -9226,9 +9283,9 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     SECStatus         rv;
     const ssl3KEADef *kea_def;
     ssl3KeyPair     *serverKeyPair      = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     SECKEYPublicKey *serverPubKey       = NULL;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
 		SSL_GETPID(), ss->fd));
@@ -9258,7 +9315,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
     } else 
 skip:
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     /* XXX Using SSLKEAType to index server certifiates
      * does not work for (EC)DHE ciphers. Until we have
      * an indexing mechanism general enough for all key
@@ -9304,7 +9361,7 @@ skip:
 	break;
 
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     case kt_ecdh:
 	/* XXX We really ought to be able to store multiple
 	 * EC certs (a requirement if we wish to support both
@@ -9326,7 +9383,7 @@ skip:
 	    return SECFailure;	/* error code set */
 	}
 	break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     default:
 	(void) ssl3_HandshakeFailure(ss);
@@ -9386,17 +9443,21 @@ ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	(PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
-    if (length != 0 || rv != SECSuccess) {
+    if (rv != SECSuccess || length != 0) {
 	(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
 	PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
 	return SECFailure;  /* malformed */
     }
-    rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
-			  &ticketData);
-    if (rv != SECSuccess) {
-	return rv;
+    /* If the server sent a zero-length ticket, ignore it and keep the
+     * existing ticket. */
+    if (ticketData.len != 0) {
+	rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
+			      &ticketData);
+	if (rv != SECSuccess) {
+	    return rv;
+	}
+	ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
     }
-    ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
 
     ss->ssl3.hs.ws = wait_change_cipher;
     return SECSuccess;
@@ -9931,7 +9992,7 @@ ssl3_AuthCertificate(sslSocket *ss)
 	if (pubKey) {
 	    ss->sec.keaKeyBits = ss->sec.authKeyBits =
 		SECKEY_PublicKeyStrengthInBits(pubKey);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	    if (ss->sec.keaType == kt_ecdh) {
 		/* Get authKeyBits from signing key.
 		 * XXX The code below uses a quick approximation of
@@ -9957,7 +10018,7 @@ ssl3_AuthCertificate(sslSocket *ss)
 		     */
 		}
 	    }
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	    SECKEY_DestroyPublicKey(pubKey); 
 	    pubKey = NULL;
     	}
@@ -9965,10 +10026,10 @@ ssl3_AuthCertificate(sslSocket *ss)
 	ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */
 	if (ss->ssl3.hs.kea_def->is_limited ||
 	    /* XXX OR server cert is signing only. */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	    ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
 	    ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 	    ss->ssl3.hs.kea_def->exchKeyType == kt_dh) {
 	    ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */
 	}
@@ -10162,8 +10223,10 @@ ssl3_SendNextProto(sslSocket *ss)
     int padding_len;
     static const unsigned char padding[32] = {0};
 
-    if (ss->ssl3.nextProto.len == 0)
+    if (ss->ssl3.nextProto.len == 0 ||
+	ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) {
 	return SECSuccess;
+    }
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
@@ -10540,7 +10603,7 @@ xmit_loser:
 	sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
 	sid->u.ssl3.compression = ss->ssl3.hs.compression;
 	sid->u.ssl3.policy      = ss->ssl3.policy;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves;
 #endif
 	sid->u.ssl3.exchKeyType = effectiveExchKeyType;
@@ -11676,7 +11739,7 @@ ssl3_InitState(sslSocket *ss)
     ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
 
     ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
 #endif
     ssl_ReleaseSpecWriteLock(ss);
diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c
index 6380cfe..e8ee590 100644
--- a/security/nss/lib/ssl/ssl3ecc.c
+++ b/security/nss/lib/ssl/ssl3ecc.c
@@ -10,7 +10,7 @@
 #include "nss.h"
 #include "cert.h"
 #include "ssl.h"
-#include "cryptohi.h"	/* for DSAU_ stuff */
+#include "cryptohi.h"   /* for DSAU_ stuff */
 #include "keyhi.h"
 #include "secder.h"
 #include "secitem.h"
@@ -30,11 +30,11 @@
 
 #include <stdio.h>
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 
 #ifndef PK11_SETATTRS
 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
-		(x)->pValue=(v); (x)->ulValueLen = (l);
+                (x)->pValue=(v); (x)->ulValueLen = (l);
 #endif
 
 #define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \
@@ -56,61 +56,61 @@ static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve);
  * ECC-TLS IETF draft.
  */
 static const SECOidTag ecName2OIDTag[] = {
-	0,  
-	SEC_OID_SECG_EC_SECT163K1,  /*  1 */
-	SEC_OID_SECG_EC_SECT163R1,  /*  2 */
-	SEC_OID_SECG_EC_SECT163R2,  /*  3 */
-	SEC_OID_SECG_EC_SECT193R1,  /*  4 */
-	SEC_OID_SECG_EC_SECT193R2,  /*  5 */
-	SEC_OID_SECG_EC_SECT233K1,  /*  6 */
-	SEC_OID_SECG_EC_SECT233R1,  /*  7 */
-	SEC_OID_SECG_EC_SECT239K1,  /*  8 */
-	SEC_OID_SECG_EC_SECT283K1,  /*  9 */
-	SEC_OID_SECG_EC_SECT283R1,  /* 10 */
-	SEC_OID_SECG_EC_SECT409K1,  /* 11 */
-	SEC_OID_SECG_EC_SECT409R1,  /* 12 */
-	SEC_OID_SECG_EC_SECT571K1,  /* 13 */
-	SEC_OID_SECG_EC_SECT571R1,  /* 14 */
-	SEC_OID_SECG_EC_SECP160K1,  /* 15 */
-	SEC_OID_SECG_EC_SECP160R1,  /* 16 */
-	SEC_OID_SECG_EC_SECP160R2,  /* 17 */
-	SEC_OID_SECG_EC_SECP192K1,  /* 18 */
-	SEC_OID_SECG_EC_SECP192R1,  /* 19 */
-	SEC_OID_SECG_EC_SECP224K1,  /* 20 */
-	SEC_OID_SECG_EC_SECP224R1,  /* 21 */
-	SEC_OID_SECG_EC_SECP256K1,  /* 22 */
-	SEC_OID_SECG_EC_SECP256R1,  /* 23 */
-	SEC_OID_SECG_EC_SECP384R1,  /* 24 */
-	SEC_OID_SECG_EC_SECP521R1,  /* 25 */
+        0,
+        SEC_OID_SECG_EC_SECT163K1,  /*  1 */
+        SEC_OID_SECG_EC_SECT163R1,  /*  2 */
+        SEC_OID_SECG_EC_SECT163R2,  /*  3 */
+        SEC_OID_SECG_EC_SECT193R1,  /*  4 */
+        SEC_OID_SECG_EC_SECT193R2,  /*  5 */
+        SEC_OID_SECG_EC_SECT233K1,  /*  6 */
+        SEC_OID_SECG_EC_SECT233R1,  /*  7 */
+        SEC_OID_SECG_EC_SECT239K1,  /*  8 */
+        SEC_OID_SECG_EC_SECT283K1,  /*  9 */
+        SEC_OID_SECG_EC_SECT283R1,  /* 10 */
+        SEC_OID_SECG_EC_SECT409K1,  /* 11 */
+        SEC_OID_SECG_EC_SECT409R1,  /* 12 */
+        SEC_OID_SECG_EC_SECT571K1,  /* 13 */
+        SEC_OID_SECG_EC_SECT571R1,  /* 14 */
+        SEC_OID_SECG_EC_SECP160K1,  /* 15 */
+        SEC_OID_SECG_EC_SECP160R1,  /* 16 */
+        SEC_OID_SECG_EC_SECP160R2,  /* 17 */
+        SEC_OID_SECG_EC_SECP192K1,  /* 18 */
+        SEC_OID_SECG_EC_SECP192R1,  /* 19 */
+        SEC_OID_SECG_EC_SECP224K1,  /* 20 */
+        SEC_OID_SECG_EC_SECP224R1,  /* 21 */
+        SEC_OID_SECG_EC_SECP256K1,  /* 22 */
+        SEC_OID_SECG_EC_SECP256R1,  /* 23 */
+        SEC_OID_SECG_EC_SECP384R1,  /* 24 */
+        SEC_OID_SECG_EC_SECP521R1,  /* 25 */
 };
 
 static const PRUint16 curve2bits[] = {
-	  0, /*  ec_noName     = 0,   */
-	163, /*  ec_sect163k1  = 1,   */
-	163, /*  ec_sect163r1  = 2,   */
-	163, /*  ec_sect163r2  = 3,   */
-	193, /*  ec_sect193r1  = 4,   */
-	193, /*  ec_sect193r2  = 5,   */
-	233, /*  ec_sect233k1  = 6,   */
-	233, /*  ec_sect233r1  = 7,   */
-	239, /*  ec_sect239k1  = 8,   */
-	283, /*  ec_sect283k1  = 9,   */
-	283, /*  ec_sect283r1  = 10,  */
-	409, /*  ec_sect409k1  = 11,  */
-	409, /*  ec_sect409r1  = 12,  */
-	571, /*  ec_sect571k1  = 13,  */
-	571, /*  ec_sect571r1  = 14,  */
-	160, /*  ec_secp160k1  = 15,  */
-	160, /*  ec_secp160r1  = 16,  */
-	160, /*  ec_secp160r2  = 17,  */
-	192, /*  ec_secp192k1  = 18,  */
-	192, /*  ec_secp192r1  = 19,  */
-	224, /*  ec_secp224k1  = 20,  */
-	224, /*  ec_secp224r1  = 21,  */
-	256, /*  ec_secp256k1  = 22,  */
-	256, /*  ec_secp256r1  = 23,  */
-	384, /*  ec_secp384r1  = 24,  */
-	521, /*  ec_secp521r1  = 25,  */
+          0, /*  ec_noName     = 0,   */
+        163, /*  ec_sect163k1  = 1,   */
+        163, /*  ec_sect163r1  = 2,   */
+        163, /*  ec_sect163r2  = 3,   */
+        193, /*  ec_sect193r1  = 4,   */
+        193, /*  ec_sect193r2  = 5,   */
+        233, /*  ec_sect233k1  = 6,   */
+        233, /*  ec_sect233r1  = 7,   */
+        239, /*  ec_sect239k1  = 8,   */
+        283, /*  ec_sect283k1  = 9,   */
+        283, /*  ec_sect283r1  = 10,  */
+        409, /*  ec_sect409k1  = 11,  */
+        409, /*  ec_sect409r1  = 12,  */
+        571, /*  ec_sect571k1  = 13,  */
+        571, /*  ec_sect571r1  = 14,  */
+        160, /*  ec_secp160k1  = 15,  */
+        160, /*  ec_secp160r1  = 16,  */
+        160, /*  ec_secp160r2  = 17,  */
+        192, /*  ec_secp192k1  = 18,  */
+        192, /*  ec_secp192r1  = 19,  */
+        224, /*  ec_secp224k1  = 20,  */
+        224, /*  ec_secp224r1  = 21,  */
+        256, /*  ec_secp256k1  = 22,  */
+        256, /*  ec_secp256r1  = 23,  */
+        384, /*  ec_secp384r1  = 24,  */
+        521, /*  ec_secp521r1  = 25,  */
       65535  /*  ec_pastLastName      */
 };
 
@@ -120,31 +120,31 @@ typedef struct Bits2CurveStr {
 } Bits2Curve;
 
 static const Bits2Curve bits2curve [] = {
-   {	192,     ec_secp192r1    /*  = 19,  fast */  },
-   {	160,     ec_secp160r2    /*  = 17,  fast */  },
-   {	160,     ec_secp160k1    /*  = 15,  */       },
-   {	160,     ec_secp160r1    /*  = 16,  */       },
-   {	163,     ec_sect163k1    /*  = 1,   */       },
-   {	163,     ec_sect163r1    /*  = 2,   */       },
-   {	163,     ec_sect163r2    /*  = 3,   */       },
-   {	192,     ec_secp192k1    /*  = 18,  */       },
-   {	193,     ec_sect193r1    /*  = 4,   */       },
-   {	193,     ec_sect193r2    /*  = 5,   */       },
-   {	224,     ec_secp224r1    /*  = 21,  fast */  },
-   {	224,     ec_secp224k1    /*  = 20,  */       },
-   {	233,     ec_sect233k1    /*  = 6,   */       },
-   {	233,     ec_sect233r1    /*  = 7,   */       },
-   {	239,     ec_sect239k1    /*  = 8,   */       },
-   {	256,     ec_secp256r1    /*  = 23,  fast */  },
-   {	256,     ec_secp256k1    /*  = 22,  */       },
-   {	283,     ec_sect283k1    /*  = 9,   */       },
-   {	283,     ec_sect283r1    /*  = 10,  */       },
-   {	384,     ec_secp384r1    /*  = 24,  fast */  },
-   {	409,     ec_sect409k1    /*  = 11,  */       },
-   {	409,     ec_sect409r1    /*  = 12,  */       },
-   {	521,     ec_secp521r1    /*  = 25,  fast */  },
-   {	571,     ec_sect571k1    /*  = 13,  */       },
-   {	571,     ec_sect571r1    /*  = 14,  */       },
+   {    192,     ec_secp192r1    /*  = 19,  fast */  },
+   {    160,     ec_secp160r2    /*  = 17,  fast */  },
+   {    160,     ec_secp160k1    /*  = 15,  */       },
+   {    160,     ec_secp160r1    /*  = 16,  */       },
+   {    163,     ec_sect163k1    /*  = 1,   */       },
+   {    163,     ec_sect163r1    /*  = 2,   */       },
+   {    163,     ec_sect163r2    /*  = 3,   */       },
+   {    192,     ec_secp192k1    /*  = 18,  */       },
+   {    193,     ec_sect193r1    /*  = 4,   */       },
+   {    193,     ec_sect193r2    /*  = 5,   */       },
+   {    224,     ec_secp224r1    /*  = 21,  fast */  },
+   {    224,     ec_secp224k1    /*  = 20,  */       },
+   {    233,     ec_sect233k1    /*  = 6,   */       },
+   {    233,     ec_sect233r1    /*  = 7,   */       },
+   {    239,     ec_sect239k1    /*  = 8,   */       },
+   {    256,     ec_secp256r1    /*  = 23,  fast */  },
+   {    256,     ec_secp256k1    /*  = 22,  */       },
+   {    283,     ec_sect283k1    /*  = 9,   */       },
+   {    283,     ec_sect283r1    /*  = 10,  */       },
+   {    384,     ec_secp384r1    /*  = 24,  fast */  },
+   {    409,     ec_sect409k1    /*  = 11,  */       },
+   {    409,     ec_sect409r1    /*  = 12,  */       },
+   {    521,     ec_secp521r1    /*  = 25,  fast */  },
+   {    571,     ec_sect571k1    /*  = 13,  */       },
+   {    571,     ec_sect571r1    /*  = 14,  */       },
    {  65535,     ec_noName    }
 };
 
@@ -157,21 +157,21 @@ typedef struct ECDHEKeyPairStr {
 /* arrays of ECDHE KeyPairs */
 static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName];
 
-SECStatus 
+SECStatus
 ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
 {
     SECOidData *oidData = NULL;
 
     if ((curve <= ec_noName) || (curve >= ec_pastLastName) ||
-	((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
+        ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	return SECFailure;
+        return SECFailure;
     }
 
     SECITEM_AllocItem(arena, params, (2 + oidData->oid.len));
-    /* 
+    /*
      * params->data needs to contain the ASN encoding of an object ID (OID)
-     * representing the named curve. The actual OID is in 
+     * representing the named curve. The actual OID is in
      * oidData->oid.data so we simply prepend 0x06 and OID length
      */
     params->data[0] = SEC_ASN1_OBJECT_ID;
@@ -181,14 +181,14 @@ ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
     return SECSuccess;
 }
 
-static ECName 
+static ECName
 params2ecName(SECKEYECParams * params)
 {
     SECItem oid = { siBuffer, NULL, 0};
     SECOidData *oidData = NULL;
     ECName i;
 
-    /* 
+    /*
      * params->data needs to contain the ASN encoding of an object ID (OID)
      * representing a named curve. Here, we strip away everything
      * before the actual OID and use the OID to look up a named curve.
@@ -198,8 +198,8 @@ params2ecName(SECKEYECParams * params)
     oid.data = params->data + 2;
     if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName;
     for (i = ec_noName + 1; i < ec_pastLastName; i++) {
-	if (ecName2OIDTag[i] == oidData->offset)
-	    return i;
+        if (ecName2OIDTag[i] == oidData->offset)
+            return i;
     }
 
     return ec_noName;
@@ -208,13 +208,13 @@ params2ecName(SECKEYECParams * params)
 /* Caller must set hiLevel error code. */
 static SECStatus
 ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
-			SECItem ec_params, SECItem server_ecpoint,
-			SSL3Random *client_rand, SSL3Random *server_rand,
-			SSL3Hashes *hashes, PRBool bypassPKCS11)
+                        SECItem ec_params, SECItem server_ecpoint,
+                        SSL3Random *client_rand, SSL3Random *server_rand,
+                        SSL3Hashes *hashes, PRBool bypassPKCS11)
 {
     PRUint8     * hashBuf;
     PRUint8     * pBuf;
-    SECStatus     rv 		= SECSuccess;
+    SECStatus     rv            = SECSuccess;
     unsigned int  bufLen;
     /*
      * XXX For now, we only support named curves (the appropriate
@@ -226,37 +226,37 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
 
     bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
     if (bufLen <= sizeof buf) {
-    	hashBuf = buf;
+        hashBuf = buf;
     } else {
-    	hashBuf = PORT_Alloc(bufLen);
-	if (!hashBuf) {
-	    return SECFailure;
-	}
+        hashBuf = PORT_Alloc(bufLen);
+        if (!hashBuf) {
+            return SECFailure;
+        }
     }
 
-    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); 
-    	pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
+        pBuf = hashBuf + SSL3_RANDOM_LENGTH;
     memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
-    	pBuf += SSL3_RANDOM_LENGTH;
+        pBuf += SSL3_RANDOM_LENGTH;
     memcpy(pBuf, ec_params.data, ec_params.len);
-    	pBuf += ec_params.len;
+        pBuf += ec_params.len;
     pBuf[0] = (PRUint8)(server_ecpoint.len);
     pBuf += 1;
     memcpy(pBuf, server_ecpoint.data, server_ecpoint.len);
-    	pBuf += server_ecpoint.len;
+        pBuf += server_ecpoint.len;
     PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
 
     rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
-				   bypassPKCS11);
+                                   bypassPKCS11);
 
     PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
     PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
-	      hashes->u.s.md5, MD5_LENGTH));
+              hashes->u.s.md5, MD5_LENGTH));
     PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
-	      hashes->u.s.sha, SHA1_LENGTH));
+              hashes->u.s.sha, SHA1_LENGTH));
 
     if (hashBuf != buf)
-    	PORT_Free(hashBuf);
+        PORT_Free(hashBuf);
     return rv;
 }
 
@@ -265,12 +265,12 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
 SECStatus
 ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
 {
-    PK11SymKey *	pms 		= NULL;
-    SECStatus           rv    		= SECFailure;
+    PK11SymKey *        pms             = NULL;
+    SECStatus           rv              = SECFailure;
     PRBool              isTLS, isTLS12;
-    CK_MECHANISM_TYPE	target;
-    SECKEYPublicKey	*pubKey = NULL;		/* Ephemeral ECDH key */
-    SECKEYPrivateKey	*privKey = NULL;	/* Ephemeral ECDH key */
+    CK_MECHANISM_TYPE   target;
+    SECKEYPublicKey     *pubKey = NULL;         /* Ephemeral ECDH key */
+    SECKEYPrivateKey    *privKey = NULL;        /* Ephemeral ECDH key */
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
@@ -280,39 +280,39 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
 
     /* Generate ephemeral EC keypair */
     if (svrPubKey->keyType != ecKey) {
-	PORT_SetError(SEC_ERROR_BAD_KEY);
-	goto loser;
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        goto loser;
     }
     /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */
-    privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, 
-	                                &pubKey, ss->pkcs11PinArg);
+    privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
+                                        &pubKey, ss->pkcs11PinArg);
     if (!privKey || !pubKey) {
-	    ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-	    rv = SECFailure;
-	    goto loser;
+            ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+            rv = SECFailure;
+            goto loser;
     }
     PRINT_BUF(50, (ss, "ECDH public value:",
-					pubKey->u.ec.publicValue.data,
-					pubKey->u.ec.publicValue.len));
+                                        pubKey->u.ec.publicValue.data,
+                                        pubKey->u.ec.publicValue.len));
 
     if (isTLS12) {
-	target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+        target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
     } else if (isTLS) {
-	target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
     } else {
-	target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
     }
 
     /*  Determine the PMS */
     pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
-			    CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-			    CKD_NULL, NULL, NULL);
+                            CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                            CKD_NULL, NULL, NULL);
 
     if (pms == NULL) {
-	SSL3AlertDescription desc  = illegal_parameter;
-	(void)SSL3_SendAlert(ss, alert_fatal, desc);
-	ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        SSL3AlertDescription desc  = illegal_parameter;
+        (void)SSL3_SendAlert(ss, alert_fatal, desc);
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
     SECKEY_DestroyPrivateKey(privKey);
@@ -322,24 +322,24 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
     PK11_FreeSymKey(pms); pms = NULL;
 
     if (rv != SECSuccess) {
-	ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, 
-					pubKey->u.ec.publicValue.len + 1);
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
+                                        pubKey->u.ec.publicValue.len + 1);
     if (rv != SECSuccess) {
-        goto loser;	/* err set by ssl3_AppendHandshake* */
+        goto loser;     /* err set by ssl3_AppendHandshake* */
     }
 
-    rv = ssl3_AppendHandshakeVariable(ss, 
-					pubKey->u.ec.publicValue.data,
-					pubKey->u.ec.publicValue.len, 1);
+    rv = ssl3_AppendHandshakeVariable(ss,
+                                        pubKey->u.ec.publicValue.data,
+                                        pubKey->u.ec.publicValue.len, 1);
     SECKEY_DestroyPublicKey(pubKey);
     pubKey = NULL;
 
     if (rv != SECSuccess) {
-        goto loser;	/* err set by ssl3_AppendHandshake* */
+        goto loser;     /* err set by ssl3_AppendHandshake* */
     }
 
     rv = SECSuccess;
@@ -357,59 +357,59 @@ loser:
 */
 SECStatus
 ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
-				     PRUint32 length,
+                                     PRUint32 length,
                                      SECKEYPublicKey *srvrPubKey,
                                      SECKEYPrivateKey *srvrPrivKey)
 {
     PK11SymKey *      pms;
     SECStatus         rv;
     SECKEYPublicKey   clntPubKey;
-    CK_MECHANISM_TYPE	target;
+    CK_MECHANISM_TYPE   target;
     PRBool isTLS, isTLS12;
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
 
     clntPubKey.keyType = ecKey;
-    clntPubKey.u.ec.DEREncodedParams.len = 
-	srvrPubKey->u.ec.DEREncodedParams.len;
-    clntPubKey.u.ec.DEREncodedParams.data = 
-	srvrPubKey->u.ec.DEREncodedParams.data;
+    clntPubKey.u.ec.DEREncodedParams.len =
+        srvrPubKey->u.ec.DEREncodedParams.len;
+    clntPubKey.u.ec.DEREncodedParams.data =
+        srvrPubKey->u.ec.DEREncodedParams.data;
 
-    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, 
-	                               1, &b, &length);
+    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
+                                       1, &b, &length);
     if (rv != SECSuccess) {
-	SEND_ALERT
-	return SECFailure;	/* XXX Who sets the error code?? */
+        SEND_ALERT
+        return SECFailure;      /* XXX Who sets the error code?? */
     }
 
     isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
     isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     if (isTLS12) {
-	target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+        target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
     } else if (isTLS) {
-	target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
     } else {
-	target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
     }
 
     /*  Determine the PMS */
     pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
-			    CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-			    CKD_NULL, NULL, NULL);
+                            CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                            CKD_NULL, NULL, NULL);
 
     if (pms == NULL) {
-	/* last gasp.  */
-	ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
-	return SECFailure;
+        /* last gasp.  */
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
     }
 
     rv = ssl3_InitPendingCipherSpec(ss,  pms);
     PK11_FreeSymKey(pms);
     if (rv != SECSuccess) {
-	SEND_ALERT
-	return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
+        SEND_ALERT
+        return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
     }
     return SECSuccess;
 }
@@ -418,13 +418,13 @@ ECName
 ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits)
 {
     int    i;
-    
+
     for ( i = 0; bits2curve[i].curve != ec_noName; i++) {
-	if (bits2curve[i].bits < requiredECCbits)
-	    continue;
-    	if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
-	    return bits2curve[i].curve;
-	}
+        if (bits2curve[i].bits < requiredECCbits)
+            continue;
+        if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
+            return bits2curve[i].curve;
+        }
     }
     PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
     return ec_noName;
@@ -442,24 +442,24 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss)
     int    requiredECCbits = ss->sec.secretKeyBits * 2;
 
     if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) {
-	svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
-	if (svrPublicKey)
-	    ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
-	if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
-	    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-	    return ec_noName;
-	}
-	signatureKeyStrength = curve2bits[ ec_curve ];
+        svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
+        if (svrPublicKey)
+            ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
+        if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
+            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+            return ec_noName;
+        }
+        signatureKeyStrength = curve2bits[ ec_curve ];
     } else {
         /* RSA is our signing cert */
         int serverKeyStrengthInBits;
- 
+
         svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa);
         if (!svrPublicKey) {
             PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
             return ec_noName;
         }
- 
+
         /* currently strength in bytes */
         serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len;
         if (svrPublicKey->u.rsa.modulus.data[0] == 0) {
@@ -467,28 +467,28 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss)
         }
         /* convert to strength in bits */
         serverKeyStrengthInBits *= BPB;
- 
+
         signatureKeyStrength =
-	    SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
+            SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
     }
-    if ( requiredECCbits > signatureKeyStrength ) 
+    if ( requiredECCbits > signatureKeyStrength )
          requiredECCbits = signatureKeyStrength;
 
     return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves,
-					  requiredECCbits);
+                                          requiredECCbits);
 }
 
 /* function to clear out the lists */
-static SECStatus 
+static SECStatus
 ssl3_ShutdownECDHECurves(void *appData, void *nssData)
 {
     int i;
     ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0];
 
     for (i=0; i < ec_pastLastName; i++, keyPair++) {
-	if (keyPair->pair) {
-	    ssl3_FreeKeyPair(keyPair->pair);
-	}
+        if (keyPair->pair) {
+            ssl3_FreeKeyPair(keyPair->pair);
+        }
     }
     memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs);
     return SECSuccess;
@@ -500,18 +500,18 @@ ssl3_ECRegister(void)
     SECStatus rv;
     rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs);
     if (rv != SECSuccess) {
-	gECDHEKeyPairs[ec_noName].error = PORT_GetError();
+        gECDHEKeyPairs[ec_noName].error = PORT_GetError();
     }
     return (PRStatus)rv;
 }
 
 /* CallOnce function, called once for each named curve. */
-static PRStatus 
+static PRStatus
 ssl3_CreateECDHEphemeralKeyPair(void * arg)
 {
     SECKEYPrivateKey *    privKey  = NULL;
     SECKEYPublicKey *     pubKey   = NULL;
-    ssl3KeyPair *	  keyPair  = NULL;
+    ssl3KeyPair *         keyPair  = NULL;
     ECName                ec_curve = (ECName)arg;
     SECKEYECParams        ecParams = { siBuffer, NULL, 0 };
 
@@ -519,23 +519,23 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg)
 
     /* ok, no one has generated a global key for this curve yet, do so */
     if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
-	gECDHEKeyPairs[ec_curve].error = PORT_GetError();
-	return PR_FAILURE;
+        gECDHEKeyPairs[ec_curve].error = PORT_GetError();
+        return PR_FAILURE;
     }
 
-    privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);    
+    privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
     SECITEM_FreeItem(&ecParams, PR_FALSE);
 
     if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
-	if (privKey) {
-	    SECKEY_DestroyPrivateKey(privKey);
-	}
-	if (pubKey) {
-	    SECKEY_DestroyPublicKey(pubKey);
-	}
-	ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-	gECDHEKeyPairs[ec_curve].error = PORT_GetError();
-	return PR_FAILURE;
+        if (privKey) {
+            SECKEY_DestroyPrivateKey(privKey);
+        }
+        if (pubKey) {
+            SECKEY_DestroyPublicKey(pubKey);
+        }
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        gECDHEKeyPairs[ec_curve].error = PORT_GetError();
+        return PR_FAILURE;
     }
 
     gECDHEKeyPairs[ec_curve].pair = keyPair;
@@ -554,30 +554,30 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg)
 static SECStatus
 ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve)
 {
-    ssl3KeyPair *	  keyPair        = NULL;
+    ssl3KeyPair *         keyPair        = NULL;
 
     /* if there's no global key for this curve, make one. */
     if (gECDHEKeyPairs[ec_curve].pair == NULL) {
-	PRStatus status;
+        PRStatus status;
 
-	status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
+        status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
         if (status != PR_SUCCESS) {
-	    PORT_SetError(gECDHEKeyPairs[ec_noName].error);
-	    return SECFailure;
-    	}
-	status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
-	                            ssl3_CreateECDHEphemeralKeyPair,
-				    (void *)ec_curve);
+            PORT_SetError(gECDHEKeyPairs[ec_noName].error);
+            return SECFailure;
+        }
+        status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
+                                    ssl3_CreateECDHEphemeralKeyPair,
+                                    (void *)ec_curve);
         if (status != PR_SUCCESS) {
-	    PORT_SetError(gECDHEKeyPairs[ec_curve].error);
-	    return SECFailure;
-    	}
+            PORT_SetError(gECDHEKeyPairs[ec_curve].error);
+            return SECFailure;
+        }
     }
 
     keyPair = gECDHEKeyPairs[ec_curve].pair;
     PORT_Assert(keyPair != NULL);
-    if (!keyPair) 
-    	return SECFailure;
+    if (!keyPair)
+        return SECFailure;
     ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair);
 
     return SECSuccess;
@@ -612,55 +612,55 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     ec_params.data = paramBuf;
     rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length);
     if (rv != SECSuccess) {
-	goto loser;		/* malformed. */
+        goto loser;             /* malformed. */
     }
 
     /* Fail if the curve is not a named curve */
-    if ((ec_params.data[0] != ec_type_named) || 
-	(ec_params.data[1] != 0) ||
-	!supportedCurve(ec_params.data[2])) {
-	    errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
-	    desc = handshake_failure;
-	    goto alert_loser;
+    if ((ec_params.data[0] != ec_type_named) ||
+        (ec_params.data[1] != 0) ||
+        !supportedCurve(ec_params.data[2])) {
+            errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+            desc = handshake_failure;
+            goto alert_loser;
     }
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length);
     if (rv != SECSuccess) {
-	goto loser;		/* malformed. */
+        goto loser;             /* malformed. */
     }
     /* Fail if the ec point uses compressed representation */
     if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
-	    errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
-	    desc = handshake_failure;
-	    goto alert_loser;
+            errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
+            desc = handshake_failure;
+            goto alert_loser;
     }
 
     if (isTLS12) {
-	rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
-						   &sigAndHash);
-	if (rv != SECSuccess) {
-	    goto loser;		/* malformed or unsupported. */
-	}
-	rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
-		&sigAndHash, ss->sec.peerCert);
-	if (rv != SECSuccess) {
-	    goto loser;
-	}
+        rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
+                                                   &sigAndHash);
+        if (rv != SECSuccess) {
+            goto loser;         /* malformed or unsupported. */
+        }
+        rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
+                &sigAndHash, ss->sec.peerCert);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
     }
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
     if (rv != SECSuccess) {
-	goto loser;		/* malformed. */
+        goto loser;             /* malformed. */
     }
 
     if (length != 0) {
-	if (isTLS)
-	    desc = decode_error;
-	goto alert_loser;		/* malformed. */
+        if (isTLS)
+            desc = decode_error;
+        goto alert_loser;               /* malformed. */
     }
 
-    PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, 
-	ec_params.len));
+    PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
+        ec_params.len));
     PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len));
 
     /* failures after this point are not malformed handshakes. */
@@ -671,51 +671,51 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      *  check to make sure the hash is signed by right guy
      */
     rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point,
-				 &ss->ssl3.hs.client_random,
-				 &ss->ssl3.hs.server_random, 
-				 &hashes, ss->opt.bypassPKCS11);
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
+                                 &hashes, ss->opt.bypassPKCS11);
 
     if (rv != SECSuccess) {
-	errCode =
-	    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto alert_loser;
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
     }
     rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
-				isTLS, ss->pkcs11PinArg);
+                                isTLS, ss->pkcs11PinArg);
     if (rv != SECSuccess)  {
-	errCode =
-	    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto alert_loser;
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
-	goto no_memory;
+        goto no_memory;
     }
 
     ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
     if (peerKey == NULL) {
-	goto no_memory;
+        goto no_memory;
     }
 
     peerKey->arena                 = arena;
     peerKey->keyType               = ecKey;
 
     /* set up EC parameters in peerKey */
-    if (ssl3_ECName2Params(arena, ec_params.data[2], 
-	    &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
-	/* we should never get here since we already 
-	 * checked that we are dealing with a supported curve
-	 */
-	errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
-	goto alert_loser;
+    if (ssl3_ECName2Params(arena, ec_params.data[2],
+            &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
+        /* we should never get here since we already
+         * checked that we are dealing with a supported curve
+         */
+        errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+        goto alert_loser;
     }
 
     /* copy publicValue in peerKey */
     if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue,  &ec_point))
     {
-	PORT_FreeArena(arena, PR_FALSE);
-	goto no_memory;
+        PORT_FreeArena(arena, PR_FALSE);
+        goto no_memory;
     }
     peerKey->pkcs11Slot         = NULL;
     peerKey->pkcs11ID           = CK_INVALID_HANDLE;
@@ -731,7 +731,7 @@ loser:
     PORT_SetError( errCode );
     return SECFailure;
 
-no_memory:	/* no-memory error has already been set. */
+no_memory:      /* no-memory error has already been set. */
     ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
     return SECFailure;
 }
@@ -757,104 +757,104 @@ ssl3_SendECDHServerKeyExchange(
     /* Generate ephemeral ECDH key pair and send the public key */
     curve = ssl3_GetCurveNameForServerSocket(ss);
     if (curve == ec_noName) {
-    	goto loser;
+        goto loser;
     }
     rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
-    }	    
+        goto loser;     /* err set by AppendHandshake. */
+    }
     ecdhePub = ss->ephemeralECDHKeyPair->pubKey;
     PORT_Assert(ecdhePub != NULL);
     if (!ecdhePub) {
-	PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	return SECFailure;
-    }	
-    
+        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
+    }
+
     ec_params.len  = sizeof paramBuf;
     ec_params.data = paramBuf;
     curve = params2ecName(&ecdhePub->u.ec.DEREncodedParams);
     if (curve != ec_noName) {
-	ec_params.data[0] = ec_type_named;
-	ec_params.data[1] = 0x00;
-	ec_params.data[2] = curve;
+        ec_params.data[0] = ec_type_named;
+        ec_params.data[1] = 0x00;
+        ec_params.data[2] = curve;
     } else {
-	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	goto loser;
-    }		
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+        goto loser;
+    }
 
     rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
-				 ec_params,
-				 ecdhePub->u.ec.publicValue,
-				 &ss->ssl3.hs.client_random,
-				 &ss->ssl3.hs.server_random,
-				 &hashes, ss->opt.bypassPKCS11);
+                                 ec_params,
+                                 ecdhePub->u.ec.publicValue,
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
+                                 &hashes, ss->opt.bypassPKCS11);
     if (rv != SECSuccess) {
-	ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
     isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
     isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
-    /* XXX SSLKEAType isn't really a good choice for 
+    /* XXX SSLKEAType isn't really a good choice for
      * indexing certificates but that's all we have
      * for now.
      */
     if (kea_def->kea == kea_ecdhe_rsa)
-	certIndex = kt_rsa;
+        certIndex = kt_rsa;
     else /* kea_def->kea == kea_ecdhe_ecdsa */
-	certIndex = kt_ecdh;
+        certIndex = kt_ecdh;
 
-    rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, 
-			 &signed_hash, isTLS);
+    rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
+                         &signed_hash, isTLS);
     if (rv != SECSuccess) {
-	goto loser;		/* ssl3_SignHashes has set err. */
+        goto loser;             /* ssl3_SignHashes has set err. */
     }
     if (signed_hash.data == NULL) {
-	/* how can this happen and rv == SECSuccess ?? */
-	PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
-	goto loser;
+        /* how can this happen and rv == SECSuccess ?? */
+        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto loser;
     }
 
-    length = ec_params.len + 
-	     1 + ecdhePub->u.ec.publicValue.len + 
-	     (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
+    length = ec_params.len +
+             1 + ecdhePub->u.ec.publicValue.len +
+             (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
 
     rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data,
-				      ecdhePub->u.ec.publicValue.len, 1);
+                                      ecdhePub->u.ec.publicValue.len, 1);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     if (isTLS12) {
-	rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
-	if (rv != SECSuccess) {
-	    goto loser; 	/* err set by AppendHandshake. */
-	}
+        rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
+        if (rv != SECSuccess) {
+            goto loser;         /* err set by AppendHandshake. */
+        }
     }
 
     rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
-				      signed_hash.len, 2);
+                                      signed_hash.len, 2);
     if (rv != SECSuccess) {
-	goto loser; 	/* err set by AppendHandshake. */
+        goto loser;     /* err set by AppendHandshake. */
     }
 
     PORT_Free(signed_hash.data);
     return SECSuccess;
 
 loser:
-    if (signed_hash.data != NULL) 
-    	PORT_Free(signed_hash.data);
+    if (signed_hash.data != NULL)
+        PORT_Free(signed_hash.data);
     return SECFailure;
 }
 
@@ -948,11 +948,11 @@ SECStatus
 ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite)
 {
     if (!suite)
-    	suite = ecSuites;
+        suite = ecSuites;
     for (; *suite; ++suite) {
-	SECStatus rv      = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
+        SECStatus rv      = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
 
-	PORT_Assert(rv == SECSuccess); /* else is coding error */
+        PORT_Assert(rv == SECSuccess); /* else is coding error */
     }
     return SECSuccess;
 }
@@ -967,41 +967,41 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss)
 
     svrCert = ss->serverCerts[kt_rsa].serverCert;
     if (!svrCert) {
-	ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
+        ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
     }
 
     svrCert = ss->serverCerts[kt_ecdh].serverCert;
     if (!svrCert) {
-	ssl3_DisableECCSuites(ss, ecdh_suites);
-	ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
+        ssl3_DisableECCSuites(ss, ecdh_suites);
+        ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
     } else {
-	SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
-
-	switch (sigTag) {
-	case SEC_OID_PKCS1_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
-	case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
-	    ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
-	    break;
-	case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
-	case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
-	case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
-	    ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
-	    break;
-	default:
-	    ssl3_DisableECCSuites(ss, ecdh_suites);
-	    break;
-	}
+        SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
+
+        switch (sigTag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+            ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+            ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
+            break;
+        default:
+            ssl3_DisableECCSuites(ss, ecdh_suites);
+            break;
+        }
     }
 }
 
@@ -1016,18 +1016,18 @@ ssl3_IsECCEnabled(sslSocket * ss)
     /* make sure we can do ECC */
     slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE,  ss->pkcs11PinArg);
     if (!slot) {
-	return PR_FALSE;
+        return PR_FALSE;
     }
     PK11_FreeSlot(slot);
 
     /* make sure an ECC cipher is enabled */
     for (suite = ecSuites; *suite; ++suite) {
-	PRBool    enabled = PR_FALSE;
-	SECStatus rv      = ssl3_CipherPrefGet(ss, *suite, &enabled);
+        PRBool    enabled = PR_FALSE;
+        SECStatus rv      = ssl3_CipherPrefGet(ss, *suite, &enabled);
 
-	PORT_Assert(rv == SECSuccess); /* else is coding error */
-	if (rv == SECSuccess && enabled)
-	    return PR_TRUE;
+        PORT_Assert(rv == SECSuccess); /* else is coding error */
+        if (rv == SECSuccess && enabled)
+            return PR_TRUE;
     }
     return PR_FALSE;
 }
@@ -1035,7 +1035,7 @@ ssl3_IsECCEnabled(sslSocket * ss)
 #define BE(n) 0, n
 
 /* Prefabricated TLS client hello extension, Elliptic Curves List,
- * offers only 3 curves, the Suite B curves, 23-25 
+ * offers only 3 curves, the Suite B curves, 23-25
  */
 static const PRUint8 suiteBECList[12] = {
     BE(10),         /* Extension type */
@@ -1051,9 +1051,9 @@ static const PRUint8 tlsECList[56] = {
     BE(10),         /* Extension type */
     BE(52),         /* octets that follow (25 pairs + 1 length pair) */
     BE(50),         /* octets that follow (25 pairs) */
-            BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), 
-    BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), 
-    BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), 
+            BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7),
+    BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15),
+    BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23),
     BE(24), BE(25)
 };
 
@@ -1076,12 +1076,12 @@ ssl3_SuiteBOnly(sslSocket *ss)
     /* See if we can support small curves (like 163). If not, assume we can
      * only support Suite-B curves (P-256, P-384, P-521). */
     PK11SlotInfo *slot =
-	PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
-				       ss ? ss->pkcs11PinArg : NULL);
+        PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
+                                       ss ? ss->pkcs11PinArg : NULL);
 
     if (!slot) {
-	/* nope, presume we can only do suite B */
-	return PR_TRUE;
+        /* nope, presume we can only do suite B */
+        return PR_TRUE;
     }
     /* we can, presume we can do all curves */
     PK11_FreeSlot(slot);
@@ -1093,33 +1093,33 @@ ssl3_SuiteBOnly(sslSocket *ss)
  */
 PRInt32
 ssl3_SendSupportedCurvesXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 ecListSize = 0;
     const PRUint8 *ecList = NULL;
 
     if (!ss || !ssl3_IsECCEnabled(ss))
-    	return 0;
+        return 0;
 
     if (ssl3_SuiteBOnly(ss)) {
-	ecListSize = sizeof suiteBECList;
-	ecList = suiteBECList;
+        ecListSize = sizeof suiteBECList;
+        ecList = suiteBECList;
     } else {
-	ecListSize = sizeof tlsECList;
-	ecList = tlsECList;
+        ecListSize = sizeof tlsECList;
+        ecList = tlsECList;
     }
- 
+
     if (append && maxBytes >= ecListSize) {
-	SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
-	if (rv != SECSuccess)
-	    return -1;
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] =
-		ssl_elliptic_curves_xtn;
-	}
+        SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_elliptic_curves_xtn;
+        }
     }
     return ecListSize;
 }
@@ -1128,7 +1128,7 @@ PRUint32
 ssl3_GetSupportedECCurveMask(sslSocket *ss)
 {
     if (ssl3_SuiteBOnly(ss)) {
-	return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
+        return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
     }
     return SSL3_ALL_SUPPORTED_CURVES_MASK;
 }
@@ -1138,21 +1138,21 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss)
  */
 PRInt32
 ssl3_SendSupportedPointFormatsXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     if (!ss || !ssl3_IsECCEnabled(ss))
-    	return 0;
+        return 0;
     if (append && maxBytes >= (sizeof ecPtFmt)) {
-	SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
-	if (rv != SECSuccess)
-	    return -1;
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] =
-		ssl_ec_point_formats_xtn;
-	}
+        SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_ec_point_formats_xtn;
+        }
     }
     return (sizeof ecPtFmt);
 }
@@ -1168,17 +1168,17 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type,
 
     if (data->len < 2 || data->len > 255 || !data->data ||
         data->len != (unsigned int)data->data[0] + 1) {
-    	/* malformed */
-	goto loser;
+        /* malformed */
+        goto loser;
     }
     for (i = data->len; --i > 0; ) {
-    	if (data->data[i] == 0) {
-	    /* indicate that we should send a reply */
-	    SECStatus rv;
-	    rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-			      &ssl3_SendSupportedPointFormatsXtn);
-	    return rv;
-	}
+        if (data->data[i] == 0) {
+            /* indicate that we should send a reply */
+            SECStatus rv;
+            rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+                              &ssl3_SendSupportedPointFormatsXtn);
+            return rv;
+        }
     }
 loser:
     /* evil client doesn't support uncompressed */
@@ -1192,14 +1192,14 @@ loser:
     ss->serverCerts[type].serverKeyPair->pubKey : NULL)
 
 /* Extract the TLS curve name for the public key in our EC server cert. */
-ECName ssl3_GetSvrCertCurveName(sslSocket *ss) 
+ECName ssl3_GetSvrCertCurveName(sslSocket *ss)
 {
-    SECKEYPublicKey       *srvPublicKey; 
-    ECName		  ec_curve       = ec_noName;
+    SECKEYPublicKey       *srvPublicKey;
+    ECName                ec_curve       = ec_noName;
 
     srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh);
     if (srvPublicKey) {
-	ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
+        ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
     }
     return ec_curve;
 }
@@ -1216,37 +1216,37 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
     PRUint16 svrCertCurveName;
 
     if (!data->data || data->len < 4 || data->len > 65535)
-    	goto loser;
+        goto loser;
     /* get the length of elliptic_curve_list */
     list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
     if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) {
-    	/* malformed */
-	goto loser;
+        /* malformed */
+        goto loser;
     }
     /* build bit vector of peer's supported curve names */
     while (data->len) {
-	PRInt32  curve_name = 
-		 ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-	if (curve_name > ec_noName && curve_name < ec_pastLastName) {
-	    peerCurves |= (1U << curve_name);
-	}
+        PRInt32  curve_name =
+                 ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
+        if (curve_name > ec_noName && curve_name < ec_pastLastName) {
+            peerCurves |= (1U << curve_name);
+        }
     }
     /* What curves do we support in common? */
     mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves;
     if (!mutualCurves) { /* no mutually supported EC Curves */
-    	goto loser;
+        goto loser;
     }
 
-    /* if our ECC cert doesn't use one of these supported curves, 
-     * disable ECC cipher suites that require an ECC cert. 
+    /* if our ECC cert doesn't use one of these supported curves,
+     * disable ECC cipher suites that require an ECC cert.
      */
     svrCertCurveName = ssl3_GetSvrCertCurveName(ss);
     if (svrCertCurveName != ec_noName &&
         (mutualCurves & (1U << svrCertCurveName)) != 0) {
-	return SECSuccess;
+        return SECSuccess;
     }
     /* Our EC cert doesn't contain a mutually supported curve.
-     * Disable all ECC cipher suites that require an EC cert 
+     * Disable all ECC cipher suites that require an EC cert
      */
     ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
     ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
@@ -1258,4 +1258,4 @@ loser:
     return SECFailure;
 }
 
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c
index da42bfd..1d1f39cc 100644
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -48,19 +48,27 @@ static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
 #endif
 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss,
     PRBool append, PRUint32 maxBytes);
-static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, 
+static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
     PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
-			PRUint16 ex_type, SECItem *data);
+                        PRUint16 ex_type, SECItem *data);
+static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
+                        PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
-			PRUint16 ex_type, SECItem *data);
+                        PRUint16 ex_type, SECItem *data);
+static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
+                                              SECItem *data);
 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
-					       PRUint32 maxBytes);
+                                               PRUint32 maxBytes);
+static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
+                                          PRUint32 maxBytes);
+static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
+                                          PRUint32 maxBytes);
 static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
     PRUint32 maxBytes);
 static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
     SECItem *data);
-static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
     PRBool append, PRUint32 maxBytes);
 static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
     PRUint16 ex_type, SECItem *data);
@@ -83,7 +91,7 @@ static SECStatus
 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
 {
     if (bytes > item->len)
-	return SECFailure;
+        return SECFailure;
 
     PORT_Memcpy(item->data, buf, bytes);
     item->data += bytes;
@@ -105,13 +113,13 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize)
 
     switch (lenSize) {
     case 4:
-	*p++ = (PRUint8) (num >> 24);
+        *p++ = (PRUint8) (num >> 24);
     case 3:
-	*p++ = (PRUint8) (num >> 16);
+        *p++ = (PRUint8) (num >> 16);
     case 2:
-	*p++ = (PRUint8) (num >> 8);
+        *p++ = (PRUint8) (num >> 8);
     case 1:
-	*p = (PRUint8) num;
+        *p = (PRUint8) num;
     }
     rv = ssl3_AppendToItem(item, &b[0], lenSize);
     return rv;
@@ -120,15 +128,15 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize)
 static SECStatus ssl3_SessionTicketShutdown(void* appData, void* nssData)
 {
     if (session_ticket_enc_key_pkcs11) {
-	PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
-	session_ticket_enc_key_pkcs11 = NULL;
+        PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
+        session_ticket_enc_key_pkcs11 = NULL;
     }
     if (session_ticket_mac_key_pkcs11) {
-	PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
-	session_ticket_mac_key_pkcs11 = NULL;
+        PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
+        session_ticket_mac_key_pkcs11 = NULL;
     }
     PORT_Memset(&generate_session_keys_once, 0,
-	sizeof(generate_session_keys_once));
+        sizeof(generate_session_keys_once));
     return SECSuccess;
 }
 
@@ -142,22 +150,22 @@ ssl3_GenerateSessionTicketKeysPKCS11(void *data)
     SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey;
 
     if (svrPrivKey == NULL || svrPubKey == NULL) {
-	SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
-			SSL_GETPID(), ss->fd));
-	goto loser;
+        SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
+                        SSL_GETPID(), ss->fd));
+        goto loser;
     }
 
     /* Get a copy of the session keys from shared memory. */
     PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-	sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+        sizeof(SESS_TICKET_KEY_NAME_PREFIX));
     if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey,
-	    ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-	    &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
-	return PR_FAILURE;
+            ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
+            &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
+        return PR_FAILURE;
 
     rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL);
     if (rv != SECSuccess)
-	goto loser;
+        goto loser;
 
     return PR_SUCCESS;
 
@@ -171,12 +179,12 @@ ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss, PK11SymKey **aes_key,
                                 PK11SymKey **mac_key)
 {
     if (PR_CallOnceWithArg(&generate_session_keys_once,
-	    ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
-	return SECFailure;
+            ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
+        return SECFailure;
 
     if (session_ticket_enc_key_pkcs11 == NULL ||
-	session_ticket_mac_key_pkcs11 == NULL)
-	return SECFailure;
+        session_ticket_mac_key_pkcs11 == NULL)
+        return SECFailure;
 
     *aes_key = session_ticket_enc_key_pkcs11;
     *mac_key = session_ticket_mac_key_pkcs11;
@@ -188,11 +196,11 @@ static PRStatus
 ssl3_GenerateSessionTicketKeys(void)
 {
     PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-	sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+        sizeof(SESS_TICKET_KEY_NAME_PREFIX));
 
     if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-	    session_ticket_enc_key, session_ticket_mac_key))
-	return PR_FAILURE;
+            session_ticket_enc_key, session_ticket_mac_key))
+        return PR_FAILURE;
 
     session_ticket_keys_initialized = PR_TRUE;
     return PR_SUCCESS;
@@ -204,11 +212,11 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
     PRUint32 *mac_key_length)
 {
     if (PR_CallOnce(&generate_session_keys_once,
-	    ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
-	return SECFailure;
+            ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
+        return SECFailure;
 
     if (!session_ticket_keys_initialized)
-	return SECFailure;
+        return SECFailure;
 
     *aes_key = session_ticket_enc_key;
     *aes_key_length = sizeof(session_ticket_enc_key);
@@ -226,13 +234,14 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
 /* This table is used by the server, to handle client hello extensions. */
 static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
     { ssl_server_name_xtn,        &ssl3_HandleServerNameXtn },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     { ssl_elliptic_curves_xtn,    &ssl3_HandleSupportedCurvesXtn },
     { ssl_ec_point_formats_xtn,   &ssl3_HandleSupportedPointFormatsXtn },
 #endif
     { ssl_session_ticket_xtn,     &ssl3_ServerHandleSessionTicketXtn },
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
     { ssl_next_proto_nego_xtn,    &ssl3_ServerHandleNextProtoNegoXtn },
+    { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
     { ssl_cert_status_xtn,        &ssl3_ServerHandleStatusRequestXtn },
     { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
@@ -247,6 +256,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
     { ssl_session_ticket_xtn,     &ssl3_ClientHandleSessionTicketXtn },
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
     { ssl_next_proto_nego_xtn,    &ssl3_ClientHandleNextProtoNegoXtn },
+    { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
     { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
     { -1, NULL }
@@ -263,23 +273,24 @@ static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
  * The server's table of hello senders is dynamic, in the socket struct,
  * and sender functions are registered there.
  */
-static const 
+static const
 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
     { ssl_server_name_xtn,        &ssl3_SendServerNameXtn        },
     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
     { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
 #endif
     { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
     { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
+    { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
     { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
     { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
     /* any extra entries will appear as { 0, NULL }    */
 };
 
-static const 
+static const
 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
     /* any extra entries will appear as { 0, NULL }    */
@@ -290,8 +301,8 @@ arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
 {
     int i;
     for (i = 0; i < len; i++) {
-	if (ex_type == array[i])
-	    return PR_TRUE;
+        if (ex_type == array[i])
+            return PR_TRUE;
     }
     return PR_FALSE;
 }
@@ -300,14 +311,14 @@ PRBool
 ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) {
     TLSExtensionData *xtnData = &ss->xtnData;
     return arrayContainsExtension(xtnData->negotiated,
-	                          xtnData->numNegotiated, ex_type);
+                                  xtnData->numNegotiated, ex_type);
 }
 
 static PRBool
 ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) {
     TLSExtensionData *xtnData = &ss->xtnData;
     return arrayContainsExtension(xtnData->advertised,
-	                          xtnData->numAdvertised, ex_type);
+                                  xtnData->numAdvertised, ex_type);
 }
 
 /* Format an SNI extension, using the name from the socket's URL,
@@ -320,11 +331,11 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append,
 {
     SECStatus rv;
     if (!ss)
-    	return 0;
+        return 0;
     if (!ss->sec.isServer) {
         PRUint32 len;
         PRNetAddr netAddr;
-        
+
         /* must have a hostname */
         if (!ss->url || !ss->url[0])
             return 0;
@@ -336,10 +347,10 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append,
         len  = PORT_Strlen(ss->url);
         if (append && maxBytes >= len + 9) {
             /* extension_type */
-            rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); 
+            rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
             if (rv != SECSuccess) return -1;
             /* length of extension_data */
-            rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); 
+            rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
             if (rv != SECSuccess) return -1;
             /* length of server_name_list */
             rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
@@ -352,8 +363,8 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append,
             if (rv != SECSuccess) return -1;
             if (!ss->sec.isServer) {
                 TLSExtensionData *xtnData = &ss->xtnData;
-                xtnData->advertised[xtnData->numAdvertised++] = 
-		    ssl_server_name_xtn;
+                xtnData->advertised[xtnData->numAdvertised++] =
+                    ssl_server_name_xtn;
             }
         }
         return len + 9;
@@ -395,7 +406,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
         return SECSuccess;
     }
     /* length of server_name_list */
-    listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); 
+    listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
     if (listLenBytes == 0 || listLenBytes != data->len) {
         return SECFailure;
     }
@@ -406,7 +417,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
         SECStatus rv;
         PRInt32  type;
         /* Name Type (sni_host_name) */
-        type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); 
+        type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len);
         if (!ldata.len) {
             return SECFailure;
         }
@@ -434,7 +445,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
         SECStatus rv;
         PRBool nametypePresent = PR_FALSE;
         /* Name Type (sni_host_name) */
-        type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); 
+        type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len);
         /* Check if we have such type in the list */
         for (j = 0;j < listCount && names[j].data;j++) {
             if (names[j].type == type) {
@@ -466,16 +477,16 @@ loser:
     PORT_Free(names);
     return SECFailure;
 }
-        
+
 /* Called by both clients and servers.
  * Clients sends a filled in session ticket if one is available, and otherwise
  * sends an empty ticket.  Servers always send empty tickets.
  */
 PRInt32
 ssl3_SendSessionTicketXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 extension_length;
     NewSessionTicket *session_ticket = NULL;
@@ -483,7 +494,7 @@ ssl3_SendSessionTicketXtn(
 
     /* Ignore the SessionTicket extension if processing is disabled. */
     if (!ss->opt.enableSessionTickets)
-	return 0;
+        return 0;
 
     /* Empty extension length = extension_type (2-bytes) +
      * length(extension_data) (2-bytes)
@@ -495,53 +506,53 @@ ssl3_SendSessionTicketXtn(
      * the extension always respond with an empty extension.
      */
     if (!ss->sec.isServer) {
-	/* The caller must be holding sid->u.ssl3.lock for reading. We cannot
-	 * just acquire and release the lock within this function because the
-	 * caller will call this function twice, and we need the inputs to be
-	 * consistent between the two calls. Note that currently the caller
-	 * will only be holding the lock when we are the client and when we're
-	 * attempting to resume an existing session.
-	 */
-
-	session_ticket = &sid->u.ssl3.locked.sessionTicket;
-	if (session_ticket->ticket.data) {
-	    if (ss->xtnData.ticketTimestampVerified) {
-		extension_length += session_ticket->ticket.len;
-	    } else if (!append &&
-		(session_ticket->ticket_lifetime_hint == 0 ||
-		(session_ticket->ticket_lifetime_hint +
-		    session_ticket->received_timestamp > ssl_Time()))) {
-		extension_length += session_ticket->ticket.len;
-		ss->xtnData.ticketTimestampVerified = PR_TRUE;
-	    }
-	}
+        /* The caller must be holding sid->u.ssl3.lock for reading. We cannot
+         * just acquire and release the lock within this function because the
+         * caller will call this function twice, and we need the inputs to be
+         * consistent between the two calls. Note that currently the caller
+         * will only be holding the lock when we are the client and when we're
+         * attempting to resume an existing session.
+         */
+
+        session_ticket = &sid->u.ssl3.locked.sessionTicket;
+        if (session_ticket->ticket.data) {
+            if (ss->xtnData.ticketTimestampVerified) {
+                extension_length += session_ticket->ticket.len;
+            } else if (!append &&
+                (session_ticket->ticket_lifetime_hint == 0 ||
+                (session_ticket->ticket_lifetime_hint +
+                    session_ticket->received_timestamp > ssl_Time()))) {
+                extension_length += session_ticket->ticket.len;
+                ss->xtnData.ticketTimestampVerified = PR_TRUE;
+            }
+        }
     }
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	/* extension_type */
+        SECStatus rv;
+        /* extension_type */
         rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
         if (rv != SECSuccess)
-	    goto loser;
-	if (session_ticket && session_ticket->ticket.data &&
-	    ss->xtnData.ticketTimestampVerified) {
-	    rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
-		session_ticket->ticket.len, 2);
-	    ss->xtnData.ticketTimestampVerified = PR_FALSE;
-	    ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
-	} else {
-	    rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	}
+            goto loser;
+        if (session_ticket && session_ticket->ticket.data &&
+            ss->xtnData.ticketTimestampVerified) {
+            rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
+                session_ticket->ticket.len, 2);
+            ss->xtnData.ticketTimestampVerified = PR_FALSE;
+            ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
+        } else {
+            rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        }
         if (rv != SECSuccess)
-	    goto loser;
+            goto loser;
 
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] = 
-		ssl_session_ticket_xtn;
-	}
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_session_ticket_xtn;
+        }
     } else if (maxBytes < extension_length) {
-	PORT_Assert(0);
+        PORT_Assert(0);
         return 0;
     }
     return extension_length;
@@ -553,12 +564,13 @@ ssl3_SendSessionTicketXtn(
 
 /* handle an incoming Next Protocol Negotiation extension. */
 static SECStatus
-ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
+ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type,
+                                  SECItem *data)
 {
     if (ss->firstHsDone || data->len != 0) {
-	/* Clients MUST send an empty NPN extension, if any. */
-	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	return SECFailure;
+        /* Clients MUST send an empty NPN extension, if any. */
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
     }
 
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -579,60 +591,57 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length)
     unsigned int offset = 0;
 
     while (offset < length) {
-	unsigned int newOffset = offset + 1 + (unsigned int) data[offset];
-	/* Reject embedded nulls to protect against buggy applications that
-	 * store protocol identifiers in null-terminated strings.
-	 */
-	if (newOffset > length || data[offset] == 0) {
-	    PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	    return SECFailure;
-	}
-	offset = newOffset;
+        unsigned int newOffset = offset + 1 + (unsigned int) data[offset];
+        /* Reject embedded nulls to protect against buggy applications that
+         * store protocol identifiers in null-terminated strings.
+         */
+        if (newOffset > length || data[offset] == 0) {
+            PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+            return SECFailure;
+        }
+        offset = newOffset;
     }
 
     if (offset > length) {
-	PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
     }
 
     return SECSuccess;
 }
 
+/* protocol selection handler for ALPN (server side) and NPN (client side) */
 static SECStatus
-ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-				  SECItem *data)
+ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     unsigned char resultBuffer[255];
     SECItem result = { siBuffer, resultBuffer, 0 };
 
-    PORT_Assert(!ss->firstHsDone);
-
     rv = ssl3_ValidateNextProtoNego(data->data, data->len);
     if (rv != SECSuccess)
-	return rv;
-
-    /* ss->nextProtoCallback cannot normally be NULL if we negotiated the
-     * extension. However, It is possible that an application erroneously
-     * cleared the callback between the time we sent the ClientHello and now.
-     */
-    PORT_Assert(ss->nextProtoCallback != NULL);
-    if (!ss->nextProtoCallback) {
-	/* XXX Use a better error code. This is an application error, not an
-	 * NSS bug. */
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-	return SECFailure;
-    }
+        return rv;
 
+    PORT_Assert(ss->nextProtoCallback);
     rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
-			       result.data, &result.len, sizeof resultBuffer);
+                               result.data, &result.len, sizeof resultBuffer);
     if (rv != SECSuccess)
-	return rv;
+        return rv;
     /* If the callback wrote more than allowed to |result| it has corrupted our
      * stack. */
     if (result.len > sizeof resultBuffer) {
-	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    if (ex_type == ssl_app_layer_protocol_xtn &&
+        ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
+        /* The callback might say OK, but then it's picked a default.
+         * That's OK for NPN, but not ALPN. */
+        SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
+        (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol);
+        return SECFailure;
     }
 
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -641,39 +650,258 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
     return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
 }
 
+/* handle an incoming ALPN extension at the server */
+static SECStatus
+ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
+{
+    int count;
+    SECStatus rv;
+
+    /* We expressly don't want to allow ALPN on renegotiation,
+     * despite it being permitted by the spec. */
+    if (ss->firstHsDone || data->len == 0) {
+        /* Clients MUST send a non-empty ALPN extension. */
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    /* unlike NPN, ALPN has extra redundant length information so that
+     * the extension is the same in both ClientHello and ServerHello */
+    count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
+    if (count < 0) {
+        return SECFailure; /* fatal alert was sent */
+    }
+    if (count != data->len) {
+        return ssl3_DecodeError(ss);
+    }
+
+    if (!ss->nextProtoCallback) {
+        /* we're not configured for it */
+        return SECSuccess;
+    }
+
+    rv = ssl3_SelectAppProtocol(ss, ex_type, data);
+    if (rv != SECSuccess) {
+      return rv;
+    }
+
+    /* prepare to send back a response, if we negotiated */
+    if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) {
+        return ssl3_RegisterServerHelloExtensionSender(
+            ss, ex_type, ssl3_ServerSendAppProtoXtn);
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    PORT_Assert(!ss->firstHsDone);
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
+        /* If the server negotiated ALPN then it has already told us what
+         * protocol to use, so it doesn't make sense for us to try to negotiate
+         * a different one by sending the NPN handshake message. However, if
+         * we've negotiated NPN then we're required to send the NPN handshake
+         * message. Thus, these two extensions cannot both be negotiated on the
+         * same connection. */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /* We should only get this call if we sent the extension, so
+     * ss->nextProtoCallback needs to be non-NULL.  However, it is possible
+     * that an application erroneously cleared the callback between the time
+     * we sent the ClientHello and now. */
+    if (!ss->nextProtoCallback) {
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
+        return SECFailure;
+    }
+
+    return ssl3_SelectAppProtocol(ss, ex_type, data);
+}
+
+static SECStatus
+ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
+{
+    const unsigned char* d = data->data;
+    PRUint16 name_list_len;
+    SECItem protocol_name;
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /* The extension data from the server has the following format:
+     *   uint16 name_list_len;
+     *   uint8 len;
+     *   uint8 protocol_name[len]; */
+    if (data->len < 4 || data->len > 2 + 1 + 255) {
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    name_list_len = ((PRUint16) d[0]) << 8 |
+                    ((PRUint16) d[1]);
+    if (name_list_len != data->len - 2 || d[2] != data->len - 3) {
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    protocol_name.data = data->data + 3;
+    protocol_name.len = data->len - 3;
+
+    SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
+    ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED;
+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+    return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &protocol_name);
+}
+
 static PRInt32
 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
-				PRUint32 maxBytes)
+                                PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     /* Renegotiations do not send this extension. */
-    if (!ss->nextProtoCallback || ss->firstHsDone) {
-	return 0;
+    if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
+        return 0;
     }
 
     extension_length = 4;
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_next_proto_nego_xtn;
+        SECStatus rv;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_next_proto_nego_xtn;
+    } else if (maxBytes < extension_length) {
+        return 0;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
+}
+
+static PRInt32
+ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    unsigned char *alpn_protos = NULL;
+
+    /* Renegotiations do not send this extension. */
+    if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
+        return 0;
+    }
+
+    extension_length = 2 /* extension type */ + 2 /* extension length */ +
+                       2 /* protocol name list length */ +
+                       ss->opt.nextProtoNego.len;
+
+    if (append && maxBytes >= extension_length) {
+        /* NPN requires that the client's fallback protocol is first in the
+         * list. However, ALPN sends protocols in preference order. So we
+         * allocate a buffer and move the first protocol to the end of the
+         * list. */
+        SECStatus rv;
+        const unsigned int len = ss->opt.nextProtoNego.len;
+
+        alpn_protos = PORT_Alloc(len);
+        if (alpn_protos == NULL) {
+            return SECFailure;
+        }
+        if (len > 0) {
+            /* Each protocol string is prefixed with a single byte length. */
+            unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
+            if (i <= len) {
+                memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
+                memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
+            } else {
+                /* This seems to be invalid data so we'll send as-is. */
+                memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
+            }
+        }
+
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
+        PORT_Free(alpn_protos);
+        alpn_protos = NULL;
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_app_layer_protocol_xtn;
     } else if (maxBytes < extension_length) {
-	return 0;
+        return 0;
     }
 
     return extension_length;
 
 loser:
+    if (alpn_protos) {
+        PORT_Free(alpn_protos);
+    }
     return -1;
 }
 
+static PRInt32
+ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+
+    /* we're in over our heads if any of these fail */
+    PORT_Assert(ss->opt.enableALPN);
+    PORT_Assert(ss->ssl3.nextProto.data);
+    PORT_Assert(ss->ssl3.nextProto.len > 0);
+    PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED);
+    PORT_Assert(!ss->firstHsDone);
+
+    extension_length = 2 /* extension type */ + 2 /* extension length */ +
+                       2 /* protocol name list */ + 1 /* name length */ +
+                       ss->ssl3.nextProto.len;
+
+    if (append && maxBytes >= extension_length) {
+        SECStatus rv;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.nextProto.len + 1, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data,
+                                          ss->ssl3.nextProto.len, 1);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+    } else if (maxBytes < extension_length) {
+        return 0;
+    }
+
+    return extension_length;
+}
+
 static SECStatus
 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
                                  SECItem *data)
@@ -690,9 +918,9 @@ ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
 
 static PRInt32
 ssl3_ServerSendStatusRequestXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 extension_length;
     SECStatus rv;
@@ -700,29 +928,29 @@ ssl3_ServerSendStatusRequestXtn(
     PRBool haveStatus = PR_FALSE;
 
     for (i = kt_null; i < kt_kea_size; i++) {
-	/* TODO: This is a temporary workaround.
-	 *       The correct code needs to see if we have an OCSP response for
-	 *       the server certificate being used, rather than if we have any
-	 *       OCSP response. See also ssl3_SendCertificateStatus.
-	 */
-	if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) {
-	    haveStatus = PR_TRUE;
-	    break;
-	}
+        /* TODO: This is a temporary workaround.
+         *       The correct code needs to see if we have an OCSP response for
+         *       the server certificate being used, rather than if we have any
+         *       OCSP response. See also ssl3_SendCertificateStatus.
+         */
+        if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) {
+            haveStatus = PR_TRUE;
+            break;
+        }
     }
     if (!haveStatus)
-	return 0;
+        return 0;
 
     extension_length = 2 + 2;
     if (append && maxBytes >= extension_length) {
-	/* extension_type */
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-	if (rv != SECSuccess)
-	    return -1;
-	/* length of extension_data */
-	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	if (rv != SECSuccess)
-	    return -1;
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
     }
 
     return extension_length;
@@ -832,14 +1060,14 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
                                           * must be >= 0 */
 
     SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake",
-		SSL_GETPID(), ss->fd));
+                SSL_GETPID(), ss->fd));
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT;
     cert_length = (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) ?
-	3 + ss->sec.ci.sid->peerCert->derCert.len : 0;
+        3 + ss->sec.ci.sid->peerCert->derCert.len : 0;
 
     /* Get IV and encryption keys */
     ivItem.data = iv;
@@ -849,47 +1077,47 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
 
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
-	rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-	    &mac_key, &mac_key_length);
-    } else 
+        rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
+            &mac_key, &mac_key_length);
+    } else
 #endif
     {
-	rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-	    &mac_key_pkcs11);
+        rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
+            &mac_key_pkcs11);
     }
     if (rv != SECSuccess) goto loser;
 
     if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) {
-	/* The master secret is available unwrapped. */
-	ms_item.data = ss->ssl3.pwSpec->msItem.data;
-	ms_item.len = ss->ssl3.pwSpec->msItem.len;
-	ms_is_wrapped = PR_FALSE;
+        /* The master secret is available unwrapped. */
+        ms_item.data = ss->ssl3.pwSpec->msItem.data;
+        ms_item.len = ss->ssl3.pwSpec->msItem.len;
+        ms_is_wrapped = PR_FALSE;
     } else {
-	/* Extract the master secret wrapped. */
-	sslSessionID sid;
-	PORT_Memset(&sid, 0, sizeof(sslSessionID));
-
-	if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
-	    effectiveExchKeyType = kt_rsa;
-	} else {
-	    effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
-	}
-
-	rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
-	    effectiveExchKeyType);
-	if (rv == SECSuccess) {
-	    if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
-		goto loser;
-	    memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
-		sid.u.ssl3.keys.wrapped_master_secret_len);
-	    ms_item.data = wrapped_ms;
-	    ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
-	    msWrapMech = sid.u.ssl3.masterWrapMech;
-	} else {
-	    /* TODO: else send an empty ticket. */
-	    goto loser;
-	}
-	ms_is_wrapped = PR_TRUE;
+        /* Extract the master secret wrapped. */
+        sslSessionID sid;
+        PORT_Memset(&sid, 0, sizeof(sslSessionID));
+
+        if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
+            effectiveExchKeyType = kt_rsa;
+        } else {
+            effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
+        }
+
+        rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
+            effectiveExchKeyType);
+        if (rv == SECSuccess) {
+            if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
+                goto loser;
+            memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
+                sid.u.ssl3.keys.wrapped_master_secret_len);
+            ms_item.data = wrapped_ms;
+            ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
+            msWrapMech = sid.u.ssl3.masterWrapMech;
+        } else {
+            /* TODO: else send an empty ticket. */
+            goto loser;
+        }
+        ms_is_wrapped = PR_TRUE;
     }
     /* Prep to send negotiated name */
     srvName = &ss->ssl3.pwSpec->srvVirtName;
@@ -897,55 +1125,55 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
         srvNameLen = 2 + srvName->len; /* len bytes + name len */
     }
 
-    ciphertext_length = 
-	sizeof(PRUint16)                     /* ticket_version */
-	+ sizeof(SSL3ProtocolVersion)        /* ssl_version */
-	+ sizeof(ssl3CipherSuite)            /* ciphersuite */
-	+ 1                                  /* compression */
-	+ 10                                 /* cipher spec parameters */
-	+ 1                                  /* SessionTicket.ms_is_wrapped */
-	+ 1                                  /* effectiveExchKeyType */
-	+ 4                                  /* msWrapMech */
-	+ 2                                  /* master_secret.length */
-	+ ms_item.len                        /* master_secret */
-	+ 1                                  /* client_auth_type */
-	+ cert_length                        /* cert */
+    ciphertext_length =
+        sizeof(PRUint16)                     /* ticket_version */
+        + sizeof(SSL3ProtocolVersion)        /* ssl_version */
+        + sizeof(ssl3CipherSuite)            /* ciphersuite */
+        + 1                                  /* compression */
+        + 10                                 /* cipher spec parameters */
+        + 1                                  /* SessionTicket.ms_is_wrapped */
+        + 1                                  /* effectiveExchKeyType */
+        + 4                                  /* msWrapMech */
+        + 2                                  /* master_secret.length */
+        + ms_item.len                        /* master_secret */
+        + 1                                  /* client_auth_type */
+        + cert_length                        /* cert */
         + 1                                  /* server name type */
         + srvNameLen                         /* name len + length field */
-	+ sizeof(ticket.ticket_lifetime_hint);
+        + sizeof(ticket.ticket_lifetime_hint);
     padding_length =  AES_BLOCK_SIZE -
-	(ciphertext_length % AES_BLOCK_SIZE);
+        (ciphertext_length % AES_BLOCK_SIZE);
     ciphertext_length += padding_length;
 
     message_length =
-	sizeof(ticket.ticket_lifetime_hint)    /* ticket_lifetime_hint */
-	+ 2 /* length field for NewSessionTicket.ticket */
-	+ SESS_TICKET_KEY_NAME_LEN             /* key_name */
-	+ AES_BLOCK_SIZE                       /* iv */
-	+ 2 /* length field for NewSessionTicket.ticket.encrypted_state */
-	+ ciphertext_length                    /* encrypted_state */
-	+ TLS_EX_SESS_TICKET_MAC_LENGTH;       /* mac */
+        sizeof(ticket.ticket_lifetime_hint)    /* ticket_lifetime_hint */
+        + 2 /* length field for NewSessionTicket.ticket */
+        + SESS_TICKET_KEY_NAME_LEN             /* key_name */
+        + AES_BLOCK_SIZE                       /* iv */
+        + 2 /* length field for NewSessionTicket.ticket.encrypted_state */
+        + ciphertext_length                    /* encrypted_state */
+        + TLS_EX_SESS_TICKET_MAC_LENGTH;       /* mac */
 
     if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL)
-	goto loser;
+        goto loser;
 
     plaintext = plaintext_item;
 
     /* ticket_version */
     rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION,
-	sizeof(PRUint16));
+        sizeof(PRUint16));
     if (rv != SECSuccess) goto loser;
 
     /* ssl_version */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->version,
-	sizeof(SSL3ProtocolVersion));
+        sizeof(SSL3ProtocolVersion));
     if (rv != SECSuccess) goto loser;
 
     /* ciphersuite */
-    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, 
-	sizeof(ssl3CipherSuite));
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
+        sizeof(ssl3CipherSuite));
     if (rv != SECSuccess) goto loser;
-    
+
     /* compression */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1);
     if (rv != SECSuccess) goto loser;
@@ -974,24 +1202,24 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
 
     /* client_identity */
     if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
-	rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
-	if (rv != SECSuccess) goto loser;
-	rv = ssl3_AppendNumberToItem(&plaintext,
-	    ss->sec.ci.sid->peerCert->derCert.len, 3);
-	if (rv != SECSuccess) goto loser;
-	rv = ssl3_AppendToItem(&plaintext,
-	    ss->sec.ci.sid->peerCert->derCert.data,
-	    ss->sec.ci.sid->peerCert->derCert.len);
-	if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
+        if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext,
+            ss->sec.ci.sid->peerCert->derCert.len, 3);
+        if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendToItem(&plaintext,
+            ss->sec.ci.sid->peerCert->derCert.data,
+            ss->sec.ci.sid->peerCert->derCert.len);
+        if (rv != SECSuccess) goto loser;
     } else {
-	rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
-	if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
+        if (rv != SECSuccess) goto loser;
     }
 
     /* timestamp */
     now = ssl_Time();
     rv = ssl3_AppendNumberToItem(&plaintext, now,
-	sizeof(ticket.ticket_lifetime_hint));
+        sizeof(ticket.ticket_lifetime_hint));
     if (rv != SECSuccess) goto loser;
 
     if (srvNameLen) {
@@ -1012,39 +1240,39 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
 
     PORT_Assert(plaintext.len == padding_length);
     for (i = 0; i < padding_length; i++)
-	plaintext.data[i] = (unsigned char)padding_length;
+        plaintext.data[i] = (unsigned char)padding_length;
 
     if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) {
-	rv = SECFailure;
-	goto loser;
+        rv = SECFailure;
+        goto loser;
     }
 
     /* Generate encrypted portion of ticket. */
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
-	aes_ctx = (AESContext *)aes_ctx_buf;
-	rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, 
-	    NSS_AES_CBC, 1, AES_BLOCK_SIZE);
-	if (rv != SECSuccess) goto loser;
-
-	rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
-	    ciphertext.len, plaintext_item.data,
-	    plaintext_item.len);
-	if (rv != SECSuccess) goto loser;
-    } else 
+        aes_ctx = (AESContext *)aes_ctx_buf;
+        rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv,
+            NSS_AES_CBC, 1, AES_BLOCK_SIZE);
+        if (rv != SECSuccess) goto loser;
+
+        rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
+            ciphertext.len, plaintext_item.data,
+            plaintext_item.len);
+        if (rv != SECSuccess) goto loser;
+    } else
 #endif
     {
-	aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-	    CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
-	if (!aes_ctx_pkcs11) 
-	    goto loser;
+        aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
+            CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
+        if (!aes_ctx_pkcs11)
+            goto loser;
 
-	rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
-	    (int *)&ciphertext.len, ciphertext.len,
-	    plaintext_item.data, plaintext_item.len);
-	PK11_Finalize(aes_ctx_pkcs11);
-	PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
-	if (rv != SECSuccess) goto loser;
+        rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
+            (int *)&ciphertext.len, ciphertext.len,
+            plaintext_item.data, plaintext_item.len);
+        PK11_Finalize(aes_ctx_pkcs11);
+        PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
+        if (rv != SECSuccess) goto loser;
     }
 
     /* Convert ciphertext length to network order. */
@@ -1054,40 +1282,40 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
     /* Compute MAC. */
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
-	hmac_ctx = (HMACContext *)hmac_ctx_buf;
-	hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
-	if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-		mac_key_length, PR_FALSE) != SECSuccess)
-	    goto loser;
-
-	HMAC_Begin(hmac_ctx);
-	HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
-	HMAC_Update(hmac_ctx, iv, sizeof(iv));
-	HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
-	HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
-	HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-	    sizeof(computed_mac));
-    } else 
+        hmac_ctx = (HMACContext *)hmac_ctx_buf;
+        hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
+        if (HMAC_Init(hmac_ctx, hashObj, mac_key,
+                mac_key_length, PR_FALSE) != SECSuccess)
+            goto loser;
+
+        HMAC_Begin(hmac_ctx);
+        HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
+        HMAC_Update(hmac_ctx, iv, sizeof(iv));
+        HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
+        HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
+        HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+            sizeof(computed_mac));
+    } else
 #endif
     {
-	SECItem macParam;
-	macParam.data = NULL;
-	macParam.len = 0;
-	hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-	    CKA_SIGN, mac_key_pkcs11, &macParam);
-	if (!hmac_ctx_pkcs11)
-	    goto loser;
-
-	rv = PK11_DigestBegin(hmac_ctx_pkcs11);
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
-	    SESS_TICKET_KEY_NAME_LEN);
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
-	rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
-	rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-	    &computed_mac_length, sizeof(computed_mac));
-	PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-	if (rv != SECSuccess) goto loser;
+        SECItem macParam;
+        macParam.data = NULL;
+        macParam.len = 0;
+        hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
+            CKA_SIGN, mac_key_pkcs11, &macParam);
+        if (!hmac_ctx_pkcs11)
+            goto loser;
+
+        rv = PK11_DigestBegin(hmac_ctx_pkcs11);
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
+            SESS_TICKET_KEY_NAME_LEN);
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
+        rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
+        rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
+            &computed_mac_length, sizeof(computed_mac));
+        PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+        if (rv != SECSuccess) goto loser;
     }
 
     /* Serialize the handshake message. */
@@ -1095,11 +1323,11 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
     if (rv != SECSuccess) goto loser;
 
     rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint,
-	sizeof(ticket.ticket_lifetime_hint));
+        sizeof(ticket.ticket_lifetime_hint));
     if (rv != SECSuccess) goto loser;
 
     rv = ssl3_AppendHandshakeNumber(ss,
-	message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2);
+        message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2);
     if (rv != SECSuccess) goto loser;
 
     rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN);
@@ -1116,9 +1344,9 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
 
 loser:
     if (plaintext_item.data)
-	SECITEM_FreeItem(&plaintext_item, PR_FALSE);
+        SECITEM_FreeItem(&plaintext_item, PR_FALSE);
     if (ciphertext.data)
-	SECITEM_FreeItem(&ciphertext, PR_FALSE);
+        SECITEM_FreeItem(&ciphertext, PR_FALSE);
 
     return rv;
 }
@@ -1131,7 +1359,7 @@ ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
                                   SECItem *data)
 {
     if (data->len != 0)
-	return SECFailure;
+        return SECFailure;
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -1150,7 +1378,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
 
     /* Ignore the SessionTicket extension if processing is disabled. */
     if (!ss->opt.enableSessionTickets)
-	return SECSuccess;
+        return SECSuccess;
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -1160,302 +1388,302 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
      * instead of terminating the current connection.
      */
     if (data->len == 0) {
-	ss->xtnData.emptySessionTicket = PR_TRUE;
+        ss->xtnData.emptySessionTicket = PR_TRUE;
     } else {
-	int                    i;
-	SECItem                extension_data;
-	EncryptedSessionTicket enc_session_ticket;
-	unsigned char          computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
-	unsigned int           computed_mac_length;
+        int                    i;
+        SECItem                extension_data;
+        EncryptedSessionTicket enc_session_ticket;
+        unsigned char          computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
+        unsigned int           computed_mac_length;
 #ifndef NO_PKCS11_BYPASS
-	const SECHashObject   *hashObj;
-	const unsigned char   *aes_key;
-	const unsigned char   *mac_key;
-	PRUint32               aes_key_length;
-	PRUint32               mac_key_length;
-	PRUint64               hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
-	HMACContext           *hmac_ctx;
-	PRUint64               aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
-	AESContext            *aes_ctx;
+        const SECHashObject   *hashObj;
+        const unsigned char   *aes_key;
+        const unsigned char   *mac_key;
+        PRUint32               aes_key_length;
+        PRUint32               mac_key_length;
+        PRUint64               hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
+        HMACContext           *hmac_ctx;
+        PRUint64               aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
+        AESContext            *aes_ctx;
 #endif
-	PK11SymKey            *aes_key_pkcs11;
-	PK11SymKey            *mac_key_pkcs11;
-	PK11Context           *hmac_ctx_pkcs11;
-	CK_MECHANISM_TYPE      macMech = CKM_SHA256_HMAC;
-	PK11Context           *aes_ctx_pkcs11;
-	CK_MECHANISM_TYPE      cipherMech = CKM_AES_CBC;
-	unsigned char *        padding;
-	PRUint32               padding_length;
-	unsigned char         *buffer;
-	unsigned int           buffer_len;
-	PRInt32                temp;
-	SECItem                cert_item;
+        PK11SymKey            *aes_key_pkcs11;
+        PK11SymKey            *mac_key_pkcs11;
+        PK11Context           *hmac_ctx_pkcs11;
+        CK_MECHANISM_TYPE      macMech = CKM_SHA256_HMAC;
+        PK11Context           *aes_ctx_pkcs11;
+        CK_MECHANISM_TYPE      cipherMech = CKM_AES_CBC;
+        unsigned char *        padding;
+        PRUint32               padding_length;
+        unsigned char         *buffer;
+        unsigned int           buffer_len;
+        PRInt32                temp;
+        SECItem                cert_item;
         PRInt8                 nameType = TLS_STE_NO_SERVER_NAME;
 
-	/* Turn off stateless session resumption if the client sends a
-	 * SessionTicket extension, even if the extension turns out to be
-	 * malformed (ss->sec.ci.sid is non-NULL when doing session
-	 * renegotiation.)
-	 */
-	if (ss->sec.ci.sid != NULL) {
-	    if (ss->sec.uncache)
-		ss->sec.uncache(ss->sec.ci.sid);
-	    ssl_FreeSID(ss->sec.ci.sid);
-	    ss->sec.ci.sid = NULL;
-	}
-
-	extension_data.data = data->data; /* Keep a copy for future use. */
-	extension_data.len = data->len;
-
-	if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket)
-	    != SECSuccess)
-	    return SECFailure;
-
-	/* Get session ticket keys. */
+        /* Turn off stateless session resumption if the client sends a
+         * SessionTicket extension, even if the extension turns out to be
+         * malformed (ss->sec.ci.sid is non-NULL when doing session
+         * renegotiation.)
+         */
+        if (ss->sec.ci.sid != NULL) {
+            if (ss->sec.uncache)
+                ss->sec.uncache(ss->sec.ci.sid);
+            ssl_FreeSID(ss->sec.ci.sid);
+            ss->sec.ci.sid = NULL;
+        }
+
+        extension_data.data = data->data; /* Keep a copy for future use. */
+        extension_data.len = data->len;
+
+        if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket)
+            != SECSuccess)
+            return SECFailure;
+
+        /* Get session ticket keys. */
 #ifndef NO_PKCS11_BYPASS
-	if (ss->opt.bypassPKCS11) {
-	    rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-		&mac_key, &mac_key_length);
-	} else 
+        if (ss->opt.bypassPKCS11) {
+            rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
+                &mac_key, &mac_key_length);
+        } else
 #endif
-	{
-	    rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-		&mac_key_pkcs11);
-	}
-	if (rv != SECSuccess) {
-	    SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
-			SSL_GETPID(), ss->fd));
-	    goto loser;
-	}
-
-	/* If the ticket sent by the client was generated under a key different
-	 * from the one we have, bypass ticket processing.
-	 */
-	if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
-		SESS_TICKET_KEY_NAME_LEN) != 0) {
-	    SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
-			SSL_GETPID(), ss->fd));
-	    goto no_ticket;
-	}
-
-	/* Verify the MAC on the ticket.  MAC verification may also
-	 * fail if the MAC key has been recently refreshed.
-	 */
+        {
+            rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
+                &mac_key_pkcs11);
+        }
+        if (rv != SECSuccess) {
+            SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
+                        SSL_GETPID(), ss->fd));
+            goto loser;
+        }
+
+        /* If the ticket sent by the client was generated under a key different
+         * from the one we have, bypass ticket processing.
+         */
+        if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
+                SESS_TICKET_KEY_NAME_LEN) != 0) {
+            SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
+                        SSL_GETPID(), ss->fd));
+            goto no_ticket;
+        }
+
+        /* Verify the MAC on the ticket.  MAC verification may also
+         * fail if the MAC key has been recently refreshed.
+         */
 #ifndef NO_PKCS11_BYPASS
-	if (ss->opt.bypassPKCS11) {
-	    hmac_ctx = (HMACContext *)hmac_ctx_buf;
-	    hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
-	    if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-		    sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
-		goto no_ticket;
-	    HMAC_Begin(hmac_ctx);
-	    HMAC_Update(hmac_ctx, extension_data.data,
-		extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
-	    if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-		    sizeof(computed_mac)) != SECSuccess)
-		goto no_ticket;
-	} else 
+        if (ss->opt.bypassPKCS11) {
+            hmac_ctx = (HMACContext *)hmac_ctx_buf;
+            hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
+            if (HMAC_Init(hmac_ctx, hashObj, mac_key,
+                    sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
+                goto no_ticket;
+            HMAC_Begin(hmac_ctx);
+            HMAC_Update(hmac_ctx, extension_data.data,
+                extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+            if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+                    sizeof(computed_mac)) != SECSuccess)
+                goto no_ticket;
+        } else
 #endif
-	{
-	    SECItem macParam;
-	    macParam.data = NULL;
-	    macParam.len = 0;
-	    hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-		CKA_SIGN, mac_key_pkcs11, &macParam);
-	    if (!hmac_ctx_pkcs11) {
-		SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
-			    SSL_GETPID(), ss->fd, PORT_GetError()));
-		goto no_ticket;
-	    } else {
-		SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
-			    SSL_GETPID(), ss->fd));
-	    }
-	    rv = PK11_DigestBegin(hmac_ctx_pkcs11);
-	    rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
-		extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
-	    if (rv != SECSuccess) {
-		PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-		goto no_ticket;
-	    }
-	    rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-		&computed_mac_length, sizeof(computed_mac));
-	    PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
-	    if (rv != SECSuccess)
-		goto no_ticket;
-	}
-	if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
-		computed_mac_length) != 0) {
-	    SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
-			SSL_GETPID(), ss->fd));
-	    goto no_ticket;
-	}
-
-	/* We ignore key_name for now.
-	 * This is ok as MAC verification succeeded.
-	 */
-
-	/* Decrypt the ticket. */
-
-	/* Plaintext is shorter than the ciphertext due to padding. */
-	decrypted_state = SECITEM_AllocItem(NULL, NULL,
-	    enc_session_ticket.encrypted_state.len);
+        {
+            SECItem macParam;
+            macParam.data = NULL;
+            macParam.len = 0;
+            hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
+                CKA_SIGN, mac_key_pkcs11, &macParam);
+            if (!hmac_ctx_pkcs11) {
+                SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
+                            SSL_GETPID(), ss->fd, PORT_GetError()));
+                goto no_ticket;
+            } else {
+                SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
+                            SSL_GETPID(), ss->fd));
+            }
+            rv = PK11_DigestBegin(hmac_ctx_pkcs11);
+            rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
+                extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+            if (rv != SECSuccess) {
+                PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+                goto no_ticket;
+            }
+            rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
+                &computed_mac_length, sizeof(computed_mac));
+            PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+            if (rv != SECSuccess)
+                goto no_ticket;
+        }
+        if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
+                computed_mac_length) != 0) {
+            SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
+                        SSL_GETPID(), ss->fd));
+            goto no_ticket;
+        }
+
+        /* We ignore key_name for now.
+         * This is ok as MAC verification succeeded.
+         */
+
+        /* Decrypt the ticket. */
+
+        /* Plaintext is shorter than the ciphertext due to padding. */
+        decrypted_state = SECITEM_AllocItem(NULL, NULL,
+            enc_session_ticket.encrypted_state.len);
 
 #ifndef NO_PKCS11_BYPASS
-	if (ss->opt.bypassPKCS11) {
-	    aes_ctx = (AESContext *)aes_ctx_buf;
-	    rv = AES_InitContext(aes_ctx, aes_key,
-		sizeof(session_ticket_enc_key), enc_session_ticket.iv,
-		NSS_AES_CBC, 0,AES_BLOCK_SIZE);
-	    if (rv != SECSuccess) {
-		SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-			    SSL_GETPID(), ss->fd));
-		goto no_ticket;
-	    }
-
-	    rv = AES_Decrypt(aes_ctx, decrypted_state->data,
-		&decrypted_state->len, decrypted_state->len,
-		enc_session_ticket.encrypted_state.data,
-		enc_session_ticket.encrypted_state.len);
-	    if (rv != SECSuccess)
-		goto no_ticket;
-	} else 
+        if (ss->opt.bypassPKCS11) {
+            aes_ctx = (AESContext *)aes_ctx_buf;
+            rv = AES_InitContext(aes_ctx, aes_key,
+                sizeof(session_ticket_enc_key), enc_session_ticket.iv,
+                NSS_AES_CBC, 0,AES_BLOCK_SIZE);
+            if (rv != SECSuccess) {
+                SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
+                            SSL_GETPID(), ss->fd));
+                goto no_ticket;
+            }
+
+            rv = AES_Decrypt(aes_ctx, decrypted_state->data,
+                &decrypted_state->len, decrypted_state->len,
+                enc_session_ticket.encrypted_state.data,
+                enc_session_ticket.encrypted_state.len);
+            if (rv != SECSuccess)
+                goto no_ticket;
+        } else
 #endif
-	{
-	    SECItem ivItem;
-	    ivItem.data = enc_session_ticket.iv;
-	    ivItem.len = AES_BLOCK_SIZE;
-	    aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-		CKA_DECRYPT, aes_key_pkcs11, &ivItem);
-	    if (!aes_ctx_pkcs11) {
-		SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-			    SSL_GETPID(), ss->fd));
-		goto no_ticket;
-	    }
-
-	    rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
-		(int *)&decrypted_state->len, decrypted_state->len,
-		enc_session_ticket.encrypted_state.data,
-		enc_session_ticket.encrypted_state.len);
-	    PK11_Finalize(aes_ctx_pkcs11);
-	    PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
-	    if (rv != SECSuccess)
-		goto no_ticket;
-	}
-
-	/* Check padding. */
-	padding_length = 
-	    (PRUint32)decrypted_state->data[decrypted_state->len - 1];
-	if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
-	    goto no_ticket;
-
-	padding = &decrypted_state->data[decrypted_state->len - padding_length];
-	for (i = 0; i < padding_length; i++, padding++) {
-	    if (padding_length != (PRUint32)*padding)
-		goto no_ticket;
-	}
-
-	/* Deserialize session state. */
-	buffer = decrypted_state->data;
-	buffer_len = decrypted_state->len;
-
-	parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
-	if (parsed_session_ticket == NULL) {
-	    rv = SECFailure;
-	    goto loser;
-	}
-
-	/* Read ticket_version (which is ignored for now.) */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
-
-	/* Read SSLVersion. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
-
-	/* Read cipher_suite. */
-	temp =  ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
-
-	/* Read compression_method. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
-
-	/* Read cipher spec parameters. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->authKeyBits = (PRUint32)temp;
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->keaType = (SSLKEAType)temp;
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->keaKeyBits = (PRUint32)temp;
-
-	/* Read wrapped master_secret. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
-
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
-
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
-
-	temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-	if (temp < 0) goto no_ticket;
-	parsed_session_ticket->ms_length = (PRUint16)temp;
-	if (parsed_session_ticket->ms_length == 0 ||  /* sanity check MS. */
-	    parsed_session_ticket->ms_length >
-	    sizeof(parsed_session_ticket->master_secret))
-	    goto no_ticket;
-	
-	/* Allow for the wrapped master secret to be longer. */
-	if (buffer_len < parsed_session_ticket->ms_length)
-	    goto no_ticket;
-	PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
-	    parsed_session_ticket->ms_length);
-	buffer += parsed_session_ticket->ms_length;
-	buffer_len -= parsed_session_ticket->ms_length;
-
-	/* Read client_identity */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-	if (temp < 0)
-	    goto no_ticket;
-	parsed_session_ticket->client_identity.client_auth_type = 
-	    (ClientAuthenticationType)temp;
-	switch(parsed_session_ticket->client_identity.client_auth_type) {
+        {
+            SECItem ivItem;
+            ivItem.data = enc_session_ticket.iv;
+            ivItem.len = AES_BLOCK_SIZE;
+            aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
+                CKA_DECRYPT, aes_key_pkcs11, &ivItem);
+            if (!aes_ctx_pkcs11) {
+                SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
+                            SSL_GETPID(), ss->fd));
+                goto no_ticket;
+            }
+
+            rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
+                (int *)&decrypted_state->len, decrypted_state->len,
+                enc_session_ticket.encrypted_state.data,
+                enc_session_ticket.encrypted_state.len);
+            PK11_Finalize(aes_ctx_pkcs11);
+            PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
+            if (rv != SECSuccess)
+                goto no_ticket;
+        }
+
+        /* Check padding. */
+        padding_length =
+            (PRUint32)decrypted_state->data[decrypted_state->len - 1];
+        if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
+            goto no_ticket;
+
+        padding = &decrypted_state->data[decrypted_state->len - padding_length];
+        for (i = 0; i < padding_length; i++, padding++) {
+            if (padding_length != (PRUint32)*padding)
+                goto no_ticket;
+        }
+
+        /* Deserialize session state. */
+        buffer = decrypted_state->data;
+        buffer_len = decrypted_state->len;
+
+        parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
+        if (parsed_session_ticket == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* Read ticket_version (which is ignored for now.) */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
+
+        /* Read SSLVersion. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
+
+        /* Read cipher_suite. */
+        temp =  ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
+
+        /* Read compression_method. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
+
+        /* Read cipher spec parameters. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->authKeyBits = (PRUint32)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->keaType = (SSLKEAType)temp;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->keaKeyBits = (PRUint32)temp;
+
+        /* Read wrapped master_secret. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
+
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
+
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
+
+        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0) goto no_ticket;
+        parsed_session_ticket->ms_length = (PRUint16)temp;
+        if (parsed_session_ticket->ms_length == 0 ||  /* sanity check MS. */
+            parsed_session_ticket->ms_length >
+            sizeof(parsed_session_ticket->master_secret))
+            goto no_ticket;
+
+        /* Allow for the wrapped master secret to be longer. */
+        if (buffer_len < parsed_session_ticket->ms_length)
+            goto no_ticket;
+        PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
+            parsed_session_ticket->ms_length);
+        buffer += parsed_session_ticket->ms_length;
+        buffer_len -= parsed_session_ticket->ms_length;
+
+        /* Read client_identity */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+        if (temp < 0)
+            goto no_ticket;
+        parsed_session_ticket->client_identity.client_auth_type =
+            (ClientAuthenticationType)temp;
+        switch(parsed_session_ticket->client_identity.client_auth_type) {
             case CLIENT_AUTH_ANONYMOUS:
-		break;
+                break;
             case CLIENT_AUTH_CERTIFICATE:
-		rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
-		    &buffer, &buffer_len);
-		if (rv != SECSuccess) goto no_ticket;
-		rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
-		    &cert_item);
-		if (rv != SECSuccess) goto no_ticket;
-		break;
+                rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
+                    &buffer, &buffer_len);
+                if (rv != SECSuccess) goto no_ticket;
+                rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
+                    &cert_item);
+                if (rv != SECSuccess) goto no_ticket;
+                break;
             default:
-		goto no_ticket;
-	}
-	/* Read timestamp. */
-	temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-	if (temp < 0)
-	    goto no_ticket;
-	parsed_session_ticket->timestamp = (PRUint32)temp;
+                goto no_ticket;
+        }
+        /* Read timestamp. */
+        temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+        if (temp < 0)
+            goto no_ticket;
+        parsed_session_ticket->timestamp = (PRUint32)temp;
 
         /* Read server name */
         nameType =
-                ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); 
+                ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
         if (nameType != TLS_STE_NO_SERVER_NAME) {
             SECItem name_item;
             rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer,
@@ -1467,99 +1695,99 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
             parsed_session_ticket->srvName.type = nameType;
         }
 
-	/* Done parsing.  Check that all bytes have been consumed. */
-	if (buffer_len != padding_length)
-	    goto no_ticket;
-
-	/* Use the ticket if it has not expired, otherwise free the allocated
-	 * memory since the ticket is of no use.
-	 */
-	if (parsed_session_ticket->timestamp != 0 &&
-	    parsed_session_ticket->timestamp +
-	    TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) {
-
-	    sid = ssl3_NewSessionID(ss, PR_TRUE);
-	    if (sid == NULL) {
-		rv = SECFailure;
-		goto loser;
-	    }
-
-	    /* Copy over parameters. */
-	    sid->version = parsed_session_ticket->ssl_version;
-	    sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
-	    sid->u.ssl3.compression = parsed_session_ticket->compression_method;
-	    sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
-	    sid->authKeyBits = parsed_session_ticket->authKeyBits;
-	    sid->keaType = parsed_session_ticket->keaType;
-	    sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
-
-	    /* Copy master secret. */
+        /* Done parsing.  Check that all bytes have been consumed. */
+        if (buffer_len != padding_length)
+            goto no_ticket;
+
+        /* Use the ticket if it has not expired, otherwise free the allocated
+         * memory since the ticket is of no use.
+         */
+        if (parsed_session_ticket->timestamp != 0 &&
+            parsed_session_ticket->timestamp +
+            TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) {
+
+            sid = ssl3_NewSessionID(ss, PR_TRUE);
+            if (sid == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            /* Copy over parameters. */
+            sid->version = parsed_session_ticket->ssl_version;
+            sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
+            sid->u.ssl3.compression = parsed_session_ticket->compression_method;
+            sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
+            sid->authKeyBits = parsed_session_ticket->authKeyBits;
+            sid->keaType = parsed_session_ticket->keaType;
+            sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
+
+            /* Copy master secret. */
 #ifndef NO_PKCS11_BYPASS
-	    if (ss->opt.bypassPKCS11 &&
-		    parsed_session_ticket->ms_is_wrapped)
-		goto no_ticket;
+            if (ss->opt.bypassPKCS11 &&
+                    parsed_session_ticket->ms_is_wrapped)
+                goto no_ticket;
 #endif
-	    if (parsed_session_ticket->ms_length >
-		    sizeof(sid->u.ssl3.keys.wrapped_master_secret))
-		goto no_ticket;
-	    PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
-		parsed_session_ticket->master_secret,
-		parsed_session_ticket->ms_length);
-	    sid->u.ssl3.keys.wrapped_master_secret_len =
-		parsed_session_ticket->ms_length;
-	    sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
-	    sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
-	    sid->u.ssl3.keys.msIsWrapped =
-		parsed_session_ticket->ms_is_wrapped;
-	    sid->u.ssl3.masterValid    = PR_TRUE;
-	    sid->u.ssl3.keys.resumable = PR_TRUE;
-
-	    /* Copy over client cert from session ticket if there is one. */
-	    if (parsed_session_ticket->peer_cert.data != NULL) {
-		if (sid->peerCert != NULL)
-		    CERT_DestroyCertificate(sid->peerCert);
-		sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
-		    &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
-		if (sid->peerCert == NULL) {
-		    rv = SECFailure;
-		    goto loser;
-		}
-	    }
-	    if (parsed_session_ticket->srvName.data != NULL) {
+            if (parsed_session_ticket->ms_length >
+                    sizeof(sid->u.ssl3.keys.wrapped_master_secret))
+                goto no_ticket;
+            PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
+                parsed_session_ticket->master_secret,
+                parsed_session_ticket->ms_length);
+            sid->u.ssl3.keys.wrapped_master_secret_len =
+                parsed_session_ticket->ms_length;
+            sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
+            sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
+            sid->u.ssl3.keys.msIsWrapped =
+                parsed_session_ticket->ms_is_wrapped;
+            sid->u.ssl3.masterValid    = PR_TRUE;
+            sid->u.ssl3.keys.resumable = PR_TRUE;
+
+            /* Copy over client cert from session ticket if there is one. */
+            if (parsed_session_ticket->peer_cert.data != NULL) {
+                if (sid->peerCert != NULL)
+                    CERT_DestroyCertificate(sid->peerCert);
+                sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
+                    &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
+                if (sid->peerCert == NULL) {
+                    rv = SECFailure;
+                    goto loser;
+                }
+            }
+            if (parsed_session_ticket->srvName.data != NULL) {
                 sid->u.ssl3.srvName = parsed_session_ticket->srvName;
             }
-	    ss->statelessResume = PR_TRUE;
-	    ss->sec.ci.sid = sid;
-	}
+            ss->statelessResume = PR_TRUE;
+            ss->sec.ci.sid = sid;
+        }
     }
 
     if (0) {
 no_ticket:
-	SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
-			SSL_GETPID(), ss->fd));
-	ssl3stats = SSL_GetStatistics();
-	SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
+        SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
+                        SSL_GETPID(), ss->fd));
+        ssl3stats = SSL_GetStatistics();
+        SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
     }
     rv = SECSuccess;
 
 loser:
-	/* ss->sec.ci.sid == sid if it did NOT come here via goto statement
-	 * in that case do not free sid
-	 */
-	if (sid && (ss->sec.ci.sid != sid)) {
-	    ssl_FreeSID(sid);
-	    sid = NULL;
-	}
+        /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
+         * in that case do not free sid
+         */
+        if (sid && (ss->sec.ci.sid != sid)) {
+            ssl_FreeSID(sid);
+            sid = NULL;
+        }
     if (decrypted_state != NULL) {
-	SECITEM_FreeItem(decrypted_state, PR_TRUE);
-	decrypted_state = NULL;
+        SECITEM_FreeItem(decrypted_state, PR_TRUE);
+        decrypted_state = NULL;
     }
 
     if (parsed_session_ticket != NULL) {
-	if (parsed_session_ticket->peer_cert.data) {
-	    SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
-	}
-	PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
+        if (parsed_session_ticket->peer_cert.data) {
+            SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
+        }
+        PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
     }
 
     return rv;
@@ -1570,11 +1798,11 @@ loser:
  * cannot be freed.  The caller is expected to call this function
  * on a shallow copy of the structure.
  */
-static SECStatus 
+static SECStatus
 ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes)
 {
     if (bytes > item->len)
-	return SECFailure;
+        return SECFailure;
 
     *buf = item->data;
     item->data += bytes;
@@ -1587,30 +1815,30 @@ ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data,
                                  EncryptedSessionTicket *enc_session_ticket)
 {
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name,
-	    SESS_TICKET_KEY_NAME_LEN) != SECSuccess)
-	return SECFailure;
+            SESS_TICKET_KEY_NAME_LEN) != SECSuccess)
+        return SECFailure;
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv,
-	    AES_BLOCK_SIZE) != SECSuccess)
-	return SECFailure;
+            AES_BLOCK_SIZE) != SECSuccess)
+        return SECFailure;
     if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state,
-	    2, &data->data, &data->len) != SECSuccess)
-	return SECFailure;
+            2, &data->data, &data->len) != SECSuccess)
+        return SECFailure;
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac,
-	    TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess)
-	return SECFailure;
+            TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess)
+        return SECFailure;
     if (data->len != 0)  /* Make sure that we have consumed all bytes. */
-	return SECFailure;
+        return SECFailure;
 
     return SECSuccess;
 }
 
 /* go through hello extensions in buffer "b".
- * For each one, find the extension handler in the table, and 
- * if present, invoke that handler.  
+ * For each one, find the extension handler in the table, and
+ * if present, invoke that handler.
  * Servers ignore any extensions with unknown extension types.
  * Clients reject any extensions with unadvertised extension types.
  */
-SECStatus 
+SECStatus
 ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
 {
     const ssl3HelloExtensionHandler * handlers;
@@ -1624,68 +1852,68 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
     }
 
     while (*length) {
-	const ssl3HelloExtensionHandler * handler;
-	SECStatus rv;
-	PRInt32   extension_type;
-	SECItem   extension_data;
-
-	/* Get the extension's type field */
-	extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
-	if (extension_type < 0)  /* failure to decode extension_type */
-	    return SECFailure;   /* alert already sent */
-
-	/* get the data for this extension, so we can pass it or skip it. */
-	rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
-	if (rv != SECSuccess)
-	    return rv;
-
-	/* Check whether the server sent an extension which was not advertised
-	 * in the ClientHello.
-	 */
-	if (!ss->sec.isServer &&
-	    !ssl3_ClientExtensionAdvertised(ss, extension_type))
-	    return SECFailure;  /* TODO: send unsupported_extension alert */
-
-	/* Check whether an extension has been sent multiple times. */
-	if (ssl3_ExtensionNegotiated(ss, extension_type))
-	    return SECFailure;
-
-	/* find extension_type in table of Hello Extension Handlers */
-	for (handler = handlers; handler->ex_type >= 0; handler++) {
-	    /* if found, call this handler */
-	    if (handler->ex_type == extension_type) {
-		rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, 
-	                                         	&extension_data);
-		/* Ignore this result */
-		/* Treat all bad extensions as unrecognized types. */
-	        break;
-	    }
-	}
+        const ssl3HelloExtensionHandler * handler;
+        SECStatus rv;
+        PRInt32   extension_type;
+        SECItem   extension_data;
+
+        /* Get the extension's type field */
+        extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
+        if (extension_type < 0)  /* failure to decode extension_type */
+            return SECFailure;   /* alert already sent */
+
+        /* get the data for this extension, so we can pass it or skip it. */
+        rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
+        if (rv != SECSuccess)
+            return rv;
+
+        /* Check whether the server sent an extension which was not advertised
+         * in the ClientHello.
+         */
+        if (!ss->sec.isServer &&
+            !ssl3_ClientExtensionAdvertised(ss, extension_type))
+            return SECFailure;  /* TODO: send unsupported_extension alert */
+
+        /* Check whether an extension has been sent multiple times. */
+        if (ssl3_ExtensionNegotiated(ss, extension_type))
+            return SECFailure;
+
+        /* find extension_type in table of Hello Extension Handlers */
+        for (handler = handlers; handler->ex_type >= 0; handler++) {
+            /* if found, call this handler */
+            if (handler->ex_type == extension_type) {
+                rv = (*handler->ex_handler)(ss, (PRUint16)extension_type,
+                                                        &extension_data);
+                /* Ignore this result */
+                /* Treat all bad extensions as unrecognized types. */
+                break;
+            }
+        }
     }
     return SECSuccess;
 }
 
 /* Add a callback function to the table of senders of server hello extensions.
  */
-SECStatus 
+SECStatus
 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
-				        ssl3HelloExtensionSenderFunc cb)
+                                        ssl3HelloExtensionSenderFunc cb)
 {
     int i;
     ssl3HelloExtensionSender *sender = &ss->xtnData.serverSenders[0];
 
     for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
         if (!sender->ex_sender) {
-	    sender->ex_type   = ex_type;
-	    sender->ex_sender = cb;
-	    return SECSuccess;
-	}
-	/* detect duplicate senders */
-	PORT_Assert(sender->ex_type != ex_type);
-	if (sender->ex_type == ex_type) {
-	    /* duplicate */
-	    break;
-	}
+            sender->ex_type   = ex_type;
+            sender->ex_sender = cb;
+            return SECSuccess;
+        }
+        /* detect duplicate senders */
+        PORT_Assert(sender->ex_type != ex_type);
+        if (sender->ex_type == ex_type) {
+            /* duplicate */
+            break;
+        }
     }
     PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */
     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -1701,18 +1929,18 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
     int i;
 
     if (!sender) {
-    	sender = ss->version > SSL_LIBRARY_VERSION_3_0 ?
+        sender = ss->version > SSL_LIBRARY_VERSION_3_0 ?
                  &clientHelloSendersTLS[0] : &clientHelloSendersSSL3[0];
     }
 
     for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
-	if (sender->ex_sender) {
-	    PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
-	    if (extLen < 0)
-	    	return -1;
-	    maxBytes        -= extLen;
-	    total_exten_len += extLen;
-	}
+        if (sender->ex_sender) {
+            PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
+            if (extLen < 0)
+                return -1;
+            maxBytes        -= extLen;
+            total_exten_len += extLen;
+        }
     }
     return total_exten_len;
 }
@@ -1725,48 +1953,48 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
  * Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
  * Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
  */
-static PRInt32 
+static PRInt32
 ssl3_SendRenegotiationInfoXtn(
-			sslSocket * ss,
-			PRBool      append,
-			PRUint32    maxBytes)
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
 {
     PRInt32 len, needed;
 
     /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
-     * both the SCSV and the empty RI, so when we send SCSV in 
+     * both the SCSV and the empty RI, so when we send SCSV in
      * the initial handshake, we don't also send RI.
      */
     if (!ss || ss->ssl3.hs.sendingSCSV)
-    	return 0;
-    len = !ss->firstHsDone ? 0 : 
-	   (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 
-			     : ss->ssl3.hs.finishedBytes);
+        return 0;
+    len = !ss->firstHsDone ? 0 :
+           (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
+                             : ss->ssl3.hs.finishedBytes);
     needed = 5 + len;
     if (append && maxBytes >= needed) {
-	SECStatus rv;
-	/* extension_type */
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); 
-	if (rv != SECSuccess) return -1;
-	/* length of extension_data */
-	rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); 
-	if (rv != SECSuccess) return -1;
-	/* verify_Data from previous Finished message(s) */
-	rv = ssl3_AppendHandshakeVariable(ss, 
-		  ss->ssl3.hs.finishedMsgs.data, len, 1);
-	if (rv != SECSuccess) return -1;
-	if (!ss->sec.isServer) {
-	    TLSExtensionData *xtnData = &ss->xtnData;
-	    xtnData->advertised[xtnData->numAdvertised++] = 
-	                                           ssl_renegotiation_info_xtn;
-	}
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
+        if (rv != SECSuccess) return -1;
+        /* length of extension_data */
+        rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2);
+        if (rv != SECSuccess) return -1;
+        /* verify_Data from previous Finished message(s) */
+        rv = ssl3_AppendHandshakeVariable(ss,
+                  ss->ssl3.hs.finishedMsgs.data, len, 1);
+        if (rv != SECSuccess) return -1;
+        if (!ss->sec.isServer) {
+            TLSExtensionData *xtnData = &ss->xtnData;
+            xtnData->advertised[xtnData->numAdvertised++] =
+                                                   ssl_renegotiation_info_xtn;
+        }
     }
     return needed;
 }
 
 static SECStatus
 ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-				  SECItem *data)
+                                  SECItem *data)
 {
     SECStatus rv = SECSuccess;
 
@@ -1775,7 +2003,7 @@ ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
     PORT_Assert(ss->sec.isServer);
     /* prepare to send back the appropriate response */
     rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-					    ssl3_ServerSendStatusRequestXtn);
+                                            ssl3_ServerSendStatusRequestXtn);
     return rv;
 }
 
@@ -1787,25 +2015,25 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
     PRUint32 len = 0;
 
     if (ss->firstHsDone) {
-	len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes 
-	                       : ss->ssl3.hs.finishedBytes * 2;
+        len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
+                               : ss->ssl3.hs.finishedBytes * 2;
     }
     if (data->len != 1 + len  ||
-	data->data[0] != len  || (len && 
-	NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
-	                 data->data + 1, len))) {
-	/* Can we do this here? Or, must we arrange for the caller to do it? */     
-	(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);                   
-	PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-	return SECFailure;
+        data->data[0] != len  || (len &&
+        NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
+                         data->data + 1, len))) {
+        /* Can we do this here? Or, must we arrange for the caller to do it? */
+        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+        PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+        return SECFailure;
     }
     /* remember that we got this extension and it was correct. */
     ss->peerRequestedProtection = 1;
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     if (ss->sec.isServer) {
-	/* prepare to send back the appropriate response */
-	rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-					     ssl3_SendRenegotiationInfoXtn);
+        /* prepare to send back the appropriate response */
+        rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+                                             ssl3_SendRenegotiationInfoXtn);
     }
     return rv;
 }
@@ -1818,60 +2046,60 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
     SECStatus rv;
 
     if (!ss)
-	return 0;
+        return 0;
 
     if (!ss->sec.isServer) {
-	/* Client side */
-
-	if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
-	    return 0;  /* Not relevant */
-
-	ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
-
-	if (append && maxBytes >= 4 + ext_data_len) {
-	    /* Extension type */
-	    rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-	    if (rv != SECSuccess) return -1;
-	    /* Length of extension data */
-	    rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
-	    if (rv != SECSuccess) return -1;
-	    /* Length of the SRTP cipher list */
-	    rv = ssl3_AppendHandshakeNumber(ss,
-					    2 * ss->ssl3.dtlsSRTPCipherCount,
-					    2);
-	    if (rv != SECSuccess) return -1;
-	    /* The SRTP ciphers */
-	    for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-		rv = ssl3_AppendHandshakeNumber(ss,
-						ss->ssl3.dtlsSRTPCiphers[i],
-						2);
-	    }
-	    /* Empty MKI value */
-	    ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
-
-	    ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_use_srtp_xtn;
-	}
-
-	return 4 + ext_data_len;
+        /* Client side */
+
+        if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
+            return 0;  /* Not relevant */
+
+        ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
+
+        if (append && maxBytes >= 4 + ext_data_len) {
+            /* Extension type */
+            rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+            if (rv != SECSuccess) return -1;
+            /* Length of extension data */
+            rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
+            if (rv != SECSuccess) return -1;
+            /* Length of the SRTP cipher list */
+            rv = ssl3_AppendHandshakeNumber(ss,
+                                            2 * ss->ssl3.dtlsSRTPCipherCount,
+                                            2);
+            if (rv != SECSuccess) return -1;
+            /* The SRTP ciphers */
+            for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+                rv = ssl3_AppendHandshakeNumber(ss,
+                                                ss->ssl3.dtlsSRTPCiphers[i],
+                                                2);
+            }
+            /* Empty MKI value */
+            ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+
+            ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_use_srtp_xtn;
+        }
+
+        return 4 + ext_data_len;
     }
 
     /* Server side */
     if (append && maxBytes >= 9) {
-	/* Extension type */
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-	if (rv != SECSuccess) return -1;
-	/* Length of extension data */
-	rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
-	if (rv != SECSuccess) return -1;
-	/* Length of the SRTP cipher list */
-	rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
-	if (rv != SECSuccess) return -1;
-	/* The selected cipher */
-	rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
-	if (rv != SECSuccess) return -1;
-	/* Empty MKI value */
-	ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+        /* Extension type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+        if (rv != SECSuccess) return -1;
+        /* Length of extension data */
+        rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
+        if (rv != SECSuccess) return -1;
+        /* Length of the SRTP cipher list */
+        rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
+        if (rv != SECSuccess) return -1;
+        /* The selected cipher */
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
+        if (rv != SECSuccess) return -1;
+        /* Empty MKI value */
+        ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
     }
 
     return 9;
@@ -1889,121 +2117,121 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
     SECItem litem;
 
     if (!ss->sec.isServer) {
-	/* Client side */
-	if (!data->data || !data->len) {
+        /* Client side */
+        if (!data->data || !data->len) {
             /* malformed */
             return SECFailure;
-	}
-
-	/* Get the cipher list */
-	rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
-					   &data->data, &data->len);
-	if (rv != SECSuccess) {
-	    return SECFailure;
-	}
-	/* Now check that the number of ciphers listed is 1 (len = 2) */
-	if (ciphers.len != 2) {
-	    return SECFailure;
-	}
-
-	/* Get the selected cipher */
-	cipher = (ciphers.data[0] << 8) | ciphers.data[1];
-
-	/* Now check that this is one of the ciphers we offered */
-	for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-	    if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
-		found = PR_TRUE;
-		break;
-	    }
-	}
-
-	if (!found) {
-	    return SECFailure;
-	}
-
-	/* Get the srtp_mki value */
+        }
+
+        /* Get the cipher list */
+        rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
+                                           &data->data, &data->len);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+        /* Now check that the number of ciphers listed is 1 (len = 2) */
+        if (ciphers.len != 2) {
+            return SECFailure;
+        }
+
+        /* Get the selected cipher */
+        cipher = (ciphers.data[0] << 8) | ciphers.data[1];
+
+        /* Now check that this is one of the ciphers we offered */
+        for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+            if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+                found = PR_TRUE;
+                break;
+            }
+        }
+
+        if (!found) {
+            return SECFailure;
+        }
+
+        /* Get the srtp_mki value */
         rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1,
-					   &data->data, &data->len);
+                                           &data->data, &data->len);
         if (rv != SECSuccess) {
             return SECFailure;
         }
 
-	/* We didn't offer an MKI, so this must be 0 length */
-	/* XXX RFC 5764 Section 4.1.3 says:
-	 *   If the client detects a nonzero-length MKI in the server's
-	 *   response that is different than the one the client offered,
-	 *   then the client MUST abort the handshake and SHOULD send an
-	 *   invalid_parameter alert.
-	 *
-	 * Due to a limitation of the ssl3_HandleHelloExtensions function,
-	 * returning SECFailure here won't abort the handshake.  It will
-	 * merely cause the use_srtp extension to be not negotiated.  We
-	 * should fix this.  See NSS bug 753136.
-	 */
-	if (litem.len != 0) {
-	    return SECFailure;
-	}
-
-	if (data->len != 0) {
+        /* We didn't offer an MKI, so this must be 0 length */
+        /* XXX RFC 5764 Section 4.1.3 says:
+         *   If the client detects a nonzero-length MKI in the server's
+         *   response that is different than the one the client offered,
+         *   then the client MUST abort the handshake and SHOULD send an
+         *   invalid_parameter alert.
+         *
+         * Due to a limitation of the ssl3_HandleHelloExtensions function,
+         * returning SECFailure here won't abort the handshake.  It will
+         * merely cause the use_srtp extension to be not negotiated.  We
+         * should fix this.  See NSS bug 753136.
+         */
+        if (litem.len != 0) {
+            return SECFailure;
+        }
+
+        if (data->len != 0) {
             /* malformed */
             return SECFailure;
-	}
+        }
 
-	/* OK, this looks fine. */
-	ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
-	ss->ssl3.dtlsSRTPCipherSuite = cipher;
-	return SECSuccess;
+        /* OK, this looks fine. */
+        ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
+        ss->ssl3.dtlsSRTPCipherSuite = cipher;
+        return SECSuccess;
     }
 
     /* Server side */
     if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) {
-	/* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
-	 * preferences have been set. */
-	return SECSuccess;
+        /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
+         * preferences have been set. */
+        return SECSuccess;
     }
 
     if (!data->data || data->len < 5) {
-	/* malformed */
-	return SECFailure;
+        /* malformed */
+        return SECFailure;
     }
 
     /* Get the cipher list */
     rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
-				       &data->data, &data->len);
+                                       &data->data, &data->len);
     if (rv != SECSuccess) {
-	return SECFailure;
+        return SECFailure;
     }
     /* Check that the list is even length */
     if (ciphers.len % 2) {
-	return SECFailure;
+        return SECFailure;
     }
 
     /* Walk through the offered list and pick the most preferred of our
      * ciphers, if any */
     for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-	for (j = 0; j + 1 < ciphers.len; j += 2) {
-	    cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
-	    if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
-		found = PR_TRUE;
-		break;
-	    }
-	}
+        for (j = 0; j + 1 < ciphers.len; j += 2) {
+            cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
+            if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+                found = PR_TRUE;
+                break;
+            }
+        }
     }
 
     /* Get the srtp_mki value */
     rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len);
     if (rv != SECSuccess) {
-	return SECFailure;
+        return SECFailure;
     }
 
     if (data->len != 0) {
-	return SECFailure; /* Malformed */
+        return SECFailure; /* Malformed */
     }
 
     /* Now figure out what to do */
     if (!found) {
-	/* No matching ciphers */
-	return SECSuccess;
+        /* No matching ciphers */
+        return SECSuccess;
     }
 
     /* OK, we have a valid cipher and we've selected it */
@@ -2011,7 +2239,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
 
     return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
-						   ssl3_SendUseSRTPXtn);
+                                                   ssl3_SendUseSRTPXtn);
 }
 
 /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
@@ -2027,59 +2255,59 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
 
     /* Ignore this extension if we aren't doing TLS 1.2 or greater. */
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-	return SECSuccess;
+        return SECSuccess;
     }
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data,
-				       &data->len);
+                                       &data->len);
     if (rv != SECSuccess) {
-	return SECFailure;
+        return SECFailure;
     }
     /* Trailing data, empty value, or odd-length value is invalid. */
     if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
-	PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+        return SECFailure;
     }
 
     numAlgorithms = algorithms.len/2;
 
     /* We don't care to process excessive numbers of algorithms. */
     if (numAlgorithms > 512) {
-	numAlgorithms = 512;
+        numAlgorithms = 512;
     }
 
     ss->ssl3.hs.clientSigAndHash =
-	    PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
+            PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
     if (!ss->ssl3.hs.clientSigAndHash) {
-	return SECFailure;
+        return SECFailure;
     }
     ss->ssl3.hs.numClientSigAndHash = 0;
 
     b = algorithms.data;
     for (i = 0; i < numAlgorithms; i++) {
-	unsigned char tls_hash = *(b++);
-	unsigned char tls_sig = *(b++);
-	SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
+        unsigned char tls_hash = *(b++);
+        unsigned char tls_sig = *(b++);
+        SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
 
-	if (hash == SEC_OID_UNKNOWN) {
-	    /* We ignore formats that we don't understand. */
-	    continue;
-	}
-	/* tls_sig support will be checked later in
-	 * ssl3_PickSignatureHashAlgorithm. */
-	ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash;
-	ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig;
-	ss->ssl3.hs.numClientSigAndHash++;
+        if (hash == SEC_OID_UNKNOWN) {
+            /* We ignore formats that we don't understand. */
+            continue;
+        }
+        /* tls_sig support will be checked later in
+         * ssl3_PickSignatureHashAlgorithm. */
+        ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash;
+        ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig;
+        ss->ssl3.hs.numClientSigAndHash++;
     }
 
     if (!ss->ssl3.hs.numClientSigAndHash) {
-	/* We didn't understand any of the client's requested signature
-	 * formats. We'll use the defaults. */
-	PORT_Free(ss->ssl3.hs.clientSigAndHash);
-	ss->ssl3.hs.clientSigAndHash = NULL;
+        /* We didn't understand any of the client's requested signature
+         * formats. We'll use the defaults. */
+        PORT_Free(ss->ssl3.hs.clientSigAndHash);
+        ss->ssl3.hs.clientSigAndHash = NULL;
     }
 
     return SECSuccess;
@@ -2091,49 +2319,49 @@ static PRInt32
 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
 {
     static const unsigned char signatureAlgorithms[] = {
-	/* This block is the contents of our signature_algorithms extension, in
-	 * wire format. See
-	 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-	tls_hash_sha256, tls_sig_rsa,
-	tls_hash_sha384, tls_sig_rsa,
-	tls_hash_sha1,   tls_sig_rsa,
-#ifdef NSS_ENABLE_ECC
-	tls_hash_sha256, tls_sig_ecdsa,
-	tls_hash_sha384, tls_sig_ecdsa,
-	tls_hash_sha1,   tls_sig_ecdsa,
+        /* This block is the contents of our signature_algorithms extension, in
+         * wire format. See
+         * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+        tls_hash_sha256, tls_sig_rsa,
+        tls_hash_sha384, tls_sig_rsa,
+        tls_hash_sha1,   tls_sig_rsa,
+#ifndef NSS_DISABLE_ECC
+        tls_hash_sha256, tls_sig_ecdsa,
+        tls_hash_sha384, tls_sig_ecdsa,
+        tls_hash_sha1,   tls_sig_ecdsa,
 #endif
-	tls_hash_sha256, tls_sig_dsa,
-	tls_hash_sha1,   tls_sig_dsa,
+        tls_hash_sha256, tls_sig_dsa,
+        tls_hash_sha1,   tls_sig_dsa,
     };
     PRInt32 extension_length;
 
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
-	return 0;
+        return 0;
     }
 
     extension_length =
-	2 /* extension type */ +
-	2 /* extension length */ +
-	2 /* supported_signature_algorithms length */ +
-	sizeof(signatureAlgorithms);
+        2 /* extension type */ +
+        2 /* extension length */ +
+        2 /* supported_signature_algorithms length */ +
+        sizeof(signatureAlgorithms);
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
-					  sizeof(signatureAlgorithms), 2);
-	if (rv != SECSuccess)
-	    goto loser;
-	ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-		ssl_signature_algorithms_xtn;
+        SECStatus rv;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
+                                          sizeof(signatureAlgorithms), 2);
+        if (rv != SECSuccess)
+            goto loser;
+        ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+                ssl_signature_algorithms_xtn;
     } else if (maxBytes < extension_length) {
-	PORT_Assert(0);
-	return 0;
+        PORT_Assert(0);
+        return 0;
     }
 
     return extension_length;
@@ -2141,3 +2369,55 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
 loser:
     return -1;
 }
+
+unsigned int
+ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+{
+    unsigned int recordLength = 1 /* handshake message type */ +
+                                3 /* handshake message length */ +
+                                clientHelloLength;
+    unsigned int extensionLength;
+
+    if (recordLength < 256 || recordLength >= 512) {
+        return 0;
+    }
+
+    extensionLength = 512 - recordLength;
+    /* Extensions take at least four bytes to encode. */
+    if (extensionLength < 4) {
+        extensionLength = 4;
+    }
+
+    return extensionLength;
+}
+
+/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
+ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
+ * that we don't trigger bugs in F5 products. */
+PRInt32
+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+                            PRUint32 maxBytes)
+{
+    unsigned int paddingLen = extensionLen - 4;
+    static unsigned char padding[256];
+
+    if (extensionLen == 0) {
+        return 0;
+    }
+
+    if (extensionLen < 4 ||
+        extensionLen > maxBytes ||
+        paddingLen > sizeof(padding)) {
+        PORT_Assert(0);
+        return -1;
+    }
+
+    if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
+        return -1;
+    if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
+        return -1;
+    if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
+        return -1;
+
+    return extensionLen;
+}
diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h
index d341ff9..4d4aa10 100644
--- a/security/nss/lib/ssl/ssl3prot.h
+++ b/security/nss/lib/ssl/ssl3prot.h
@@ -17,25 +17,25 @@ typedef PRUint16 SSL3ProtocolVersion;
 typedef PRUint16 ssl3CipherSuite;
 /* The cipher suites are defined in sslproto.h */
 
-#define MAX_CERT_TYPES			10
-#define MAX_COMPRESSION_METHODS		10
-#define MAX_MAC_LENGTH			64
-#define MAX_PADDING_LENGTH		64
-#define MAX_KEY_LENGTH			64
-#define EXPORT_KEY_LENGTH		 5
-#define SSL3_RANDOM_LENGTH		32
+#define MAX_CERT_TYPES                  10
+#define MAX_COMPRESSION_METHODS         10
+#define MAX_MAC_LENGTH                  64
+#define MAX_PADDING_LENGTH              64
+#define MAX_KEY_LENGTH                  64
+#define EXPORT_KEY_LENGTH                5
+#define SSL3_RANDOM_LENGTH              32
 
-#define SSL3_RECORD_HEADER_LENGTH	 5
+#define SSL3_RECORD_HEADER_LENGTH        5
 
 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
 #define DTLS_RECORD_HEADER_LENGTH       13
 
-#define MAX_FRAGMENT_LENGTH		16384
-     
+#define MAX_FRAGMENT_LENGTH          16384
+
 typedef enum {
-    content_change_cipher_spec = 20, 
+    content_change_cipher_spec = 20,
     content_alert              = 21,
-    content_handshake          = 22, 
+    content_handshake          = 22,
     content_application_data   = 23
 } SSL3ContentType;
 
@@ -77,11 +77,11 @@ typedef enum {
     close_notify            = 0,
     unexpected_message      = 10,
     bad_record_mac          = 20,
-    decryption_failed_RESERVED = 21,	/* do not send; see RFC 5246 */
-    record_overflow         = 22,	/* TLS only */
+    decryption_failed_RESERVED = 21,    /* do not send; see RFC 5246 */
+    record_overflow         = 22,       /* TLS only */
     decompression_failure   = 30,
     handshake_failure       = 40,
-    no_certificate          = 41,	/* SSL3 only, NOT TLS */
+    no_certificate          = 41,       /* SSL3 only, NOT TLS */
     bad_certificate         = 42,
     unsupported_certificate = 43,
     certificate_revoked     = 44,
@@ -106,7 +106,8 @@ typedef enum {
     certificate_unobtainable        = 111,
     unrecognized_name               = 112,
     bad_certificate_status_response = 113,
-    bad_certificate_hash_value      = 114
+    bad_certificate_hash_value      = 114,
+    no_application_protocol         = 120
 
 } SSL3AlertDescription;
 
@@ -116,44 +117,44 @@ typedef struct {
 } SSL3Alert;
 
 typedef enum {
-    hello_request	= 0, 
-    client_hello	= 1, 
-    server_hello	= 2,
+    hello_request       = 0,
+    client_hello        = 1,
+    server_hello        = 2,
     hello_verify_request = 3,
-    new_session_ticket	= 4,
-    certificate 	= 11, 
+    new_session_ticket  = 4,
+    certificate         = 11,
     server_key_exchange = 12,
-    certificate_request	= 13, 
-    server_hello_done	= 14,
-    certificate_verify	= 15, 
-    client_key_exchange	= 16, 
-    finished		= 20,
+    certificate_request = 13,
+    server_hello_done   = 14,
+    certificate_verify  = 15,
+    client_key_exchange = 16,
+    finished            = 20,
     certificate_status  = 22,
-    next_proto		= 67
+    next_proto          = 67
 } SSL3HandshakeType;
 
 typedef struct {
     PRUint8 empty;
 } SSL3HelloRequest;
-     
+
 typedef struct {
     SSL3Opaque rand[SSL3_RANDOM_LENGTH];
 } SSL3Random;
-     
+
 typedef struct {
     SSL3Opaque id[32];
     PRUint8 length;
 } SSL3SessionID;
-     
+
 typedef struct {
     SSL3ProtocolVersion   client_version;
     SSL3Random            random;
     SSL3SessionID         session_id;
     SECItem               cipher_suites;
-    PRUint8                 cm_count;
+    PRUint8               cm_count;
     SSLCompressionMethod  compression_methods[MAX_COMPRESSION_METHODS];
 } SSL3ClientHello;
-     
+
 typedef struct  {
     SSL3ProtocolVersion   server_version;
     SSL3Random            random;
@@ -161,29 +162,29 @@ typedef struct  {
     ssl3CipherSuite       cipher_suite;
     SSLCompressionMethod  compression_method;
 } SSL3ServerHello;
-     
+
 typedef struct {
     SECItem list;
 } SSL3Certificate;
 
 /* SSL3SignType moved to ssl.h */
 
-/* The SSL key exchange method used */     
+/* The SSL key exchange method used */
 typedef enum {
-    kea_null, 
-    kea_rsa, 
+    kea_null,
+    kea_rsa,
     kea_rsa_export,
     kea_rsa_export_1024,
-    kea_dh_dss, 
-    kea_dh_dss_export, 
-    kea_dh_rsa, 
+    kea_dh_dss,
+    kea_dh_dss_export,
+    kea_dh_rsa,
     kea_dh_rsa_export,
-    kea_dhe_dss, 
-    kea_dhe_dss_export, 
-    kea_dhe_rsa, 
+    kea_dhe_dss,
+    kea_dhe_dss_export,
+    kea_dhe_rsa,
     kea_dhe_rsa_export,
-    kea_dh_anon, 
-    kea_dh_anon_export, 
+    kea_dh_anon,
+    kea_dh_anon_export,
     kea_rsa_fips,
     kea_ecdh_ecdsa,
     kea_ecdhe_ecdsa,
@@ -191,7 +192,7 @@ typedef enum {
     kea_ecdhe_rsa,
     kea_ecdh_anon
 } SSL3KeyExchangeAlgorithm;
-     
+
 typedef struct {
     SECItem modulus;
     SECItem exponent;
@@ -205,8 +206,8 @@ typedef struct {
 
 typedef struct {
     union {
-	SSL3ServerDHParams dh;
-	SSL3ServerRSAParams rsa;
+        SSL3ServerDHParams dh;
+        SSL3ServerRSAParams rsa;
     } u;
 } SSL3ServerParams;
 
@@ -250,56 +251,56 @@ typedef struct {
     unsigned int len;
     SECOidTag hashAlg;
     union {
-	PRUint8 raw[64];
-	SSL3HashesIndividually s;
+        PRUint8 raw[64];
+        SSL3HashesIndividually s;
     } u;
 } SSL3Hashes;
 
 typedef struct {
     union {
-	SSL3Opaque anonymous;
-	SSL3Hashes certified;
+        SSL3Opaque anonymous;
+        SSL3Hashes certified;
     } u;
 } SSL3ServerKeyExchange;
-     
+
 typedef enum {
-    ct_RSA_sign 	=  1, 
-    ct_DSS_sign 	=  2, 
-    ct_RSA_fixed_DH 	=  3,
-    ct_DSS_fixed_DH 	=  4, 
-    ct_RSA_ephemeral_DH =  5, 
+    ct_RSA_sign         =  1,
+    ct_DSS_sign         =  2,
+    ct_RSA_fixed_DH     =  3,
+    ct_DSS_fixed_DH     =  4,
+    ct_RSA_ephemeral_DH =  5,
     ct_DSS_ephemeral_DH =  6,
-    ct_ECDSA_sign	=  64, 
-    ct_RSA_fixed_ECDH	=  65, 
-    ct_ECDSA_fixed_ECDH	=  66 
+    ct_ECDSA_sign       =  64,
+    ct_RSA_fixed_ECDH   =  65,
+    ct_ECDSA_fixed_ECDH =  66
 
 } SSL3ClientCertificateType;
-     
+
 typedef SECItem *SSL3DistinquishedName;
 
 typedef struct {
     SSL3Opaque client_version[2];
     SSL3Opaque random[46];
 } SSL3RSAPreMasterSecret;
-     
+
 typedef SECItem SSL3EncryptedPreMasterSecret;
 
 
 typedef SSL3Opaque SSL3MasterSecret[48];
 
 typedef enum { implicit, explicit } SSL3PublicValueEncoding;
-     
+
 typedef struct {
     union {
-	SSL3Opaque implicit;
-	SECItem    explicit;
+        SSL3Opaque implicit;
+        SECItem    explicit;
     } dh_public;
 } SSL3ClientDiffieHellmanPublic;
-     
+
 typedef struct {
     union {
-	SSL3EncryptedPreMasterSecret  rsa;
-	SSL3ClientDiffieHellmanPublic diffie_helman;
+        SSL3EncryptedPreMasterSecret  rsa;
+        SSL3ClientDiffieHellmanPublic diffie_helman;
     } exchange_keys;
 } SSL3ClientKeyExchange;
 
@@ -312,7 +313,7 @@ typedef enum {
     sender_server = 0x53525652
 } SSL3Sender;
 
-typedef SSL3HashesIndividually SSL3Finished;   
+typedef SSL3HashesIndividually SSL3Finished;
 
 typedef struct {
     SSL3Opaque verify_data[12];
@@ -320,7 +321,7 @@ typedef struct {
 
 /*
  * TLS extension related data structures and constants.
- */ 
+ */
 
 /* SessionTicket extension related data structures. */
 
@@ -339,7 +340,7 @@ typedef enum {
 typedef struct {
     ClientAuthenticationType client_auth_type;
     union {
-	SSL3Opaque *certificate_list;
+        SSL3Opaque *certificate_list;
     } identity;
 } ClientIdentity;
 
@@ -355,7 +356,7 @@ typedef struct {
     unsigned char *mac;
 } EncryptedSessionTicket;
 
-#define TLS_EX_SESS_TICKET_MAC_LENGTH       32
+#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
 
 #define TLS_STE_NO_SERVER_NAME        -1
 
diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c
index 2763654..891b409 100644
--- a/security/nss/lib/ssl/sslcon.c
+++ b/security/nss/lib/ssl/sslcon.c
@@ -3101,7 +3101,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
 
 	return rv;
     }
-#if defined(NSS_ENABLE_ECC)
+#ifndef NSS_DISABLE_ECC
     /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
     ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
     if (ss->cipherSpecs != NULL) {
@@ -3109,7 +3109,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
 	ss->cipherSpecs     = NULL;
 	ss->sizeCipherSpecs = 0;
     }
-#endif
+#endif /* NSS_DISABLE_ECC */
 
     if (!ss->cipherSpecs) {
         rv = ssl2_ConstructCipherSpecs(ss);
diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c
index defc202..09ce43f 100644
--- a/security/nss/lib/ssl/sslenum.c
+++ b/security/nss/lib/ssl/sslenum.c
@@ -37,17 +37,17 @@
  *
  * Exception: Because some servers ignore the high-order byte of the cipher
  * suite ID, we must be careful about adding cipher suites with IDs larger
- * than 0x00ff; see bug 946147. For these broken servers, the first four cipher
- * suites, with the MSB zeroed, look like:
- *      TLS_KRB5_EXPORT_WITH_RC4_40_MD5 {0x00,0x2B }
- *      TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F }
- *      TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A }
- *      TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 }
+ * than 0x00ff; see bug 946147. For these broken servers, the first four cipher
+ * suites, with the MSB zeroed, look like:
+ *      TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B }
+ *      TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F }
+ *      TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A }
+ *      TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 }
  * The broken server only supports the third and fourth ones and will select
  * the third one.
  */
 const PRUint16 SSL_ImplementedCiphers[] = {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
@@ -63,7 +63,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
@@ -76,11 +76,11 @@ const PRUint16 SSL_ImplementedCiphers[] = {
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_DSS_WITH_RC4_128_SHA,
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
@@ -89,7 +89,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     TLS_RSA_WITH_AES_128_GCM_SHA256,
     TLS_RSA_WITH_AES_128_CBC_SHA,
@@ -100,34 +100,34 @@ const PRUint16 SSL_ImplementedCiphers[] = {
     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_RSA_WITH_SEED_CBC_SHA,
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_RC4_128_SHA,
-    SSL_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
 
     /* 56-bit DES "domestic" cipher suites */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-    SSL_RSA_WITH_DES_CBC_SHA,
+    TLS_RSA_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 1024-bit public key exchange keys */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 512-bit public key exchange keys */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
 
     /* ciphersuites with no encryption */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
     TLS_ECDHE_RSA_WITH_NULL_SHA,
     TLS_ECDH_RSA_WITH_NULL_SHA,
     TLS_ECDH_ECDSA_WITH_NULL_SHA,
-#endif /* NSS_ENABLE_ECC */
-    SSL_RSA_WITH_NULL_SHA,
+#endif /* NSS_DISABLE_ECC */
+    TLS_RSA_WITH_NULL_SHA,
     TLS_RSA_WITH_NULL_SHA256,
-    SSL_RSA_WITH_NULL_MD5,
+    TLS_RSA_WITH_NULL_MD5,
 
     /* SSL2 cipher suites. */
     SSL_EN_RC4_128_WITH_MD5,
diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h
index 07b61d5..3852085 100644
--- a/security/nss/lib/ssl/sslerr.h
+++ b/security/nss/lib/ssl/sslerr.h
@@ -8,179 +8,179 @@
 #define __SSL_ERR_H_
 
 
-#define SSL_ERROR_BASE				(-0x3000)
-#define SSL_ERROR_LIMIT				(SSL_ERROR_BASE + 1000)
+#define SSL_ERROR_BASE                          (-0x3000)
+#define SSL_ERROR_LIMIT                         (SSL_ERROR_BASE + 1000)
 
 #define IS_SSL_ERROR(code) \
     (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT))
 
 #ifndef NO_SECURITY_ERROR_ENUM
 typedef enum {
-SSL_ERROR_EXPORT_ONLY_SERVER 		= (SSL_ERROR_BASE +  0),
-SSL_ERROR_US_ONLY_SERVER 		= (SSL_ERROR_BASE +  1),
-SSL_ERROR_NO_CYPHER_OVERLAP 		= (SSL_ERROR_BASE +  2),
-/* 
+SSL_ERROR_EXPORT_ONLY_SERVER            = (SSL_ERROR_BASE +  0),
+SSL_ERROR_US_ONLY_SERVER                = (SSL_ERROR_BASE +  1),
+SSL_ERROR_NO_CYPHER_OVERLAP             = (SSL_ERROR_BASE +  2),
+/*
  * Received an alert reporting what we did wrong.  (more alerts below)
  */
-SSL_ERROR_NO_CERTIFICATE /*_ALERT */	= (SSL_ERROR_BASE +  3),
-SSL_ERROR_BAD_CERTIFICATE            	= (SSL_ERROR_BASE +  4),
-SSL_ERROR_UNUSED_5			= (SSL_ERROR_BASE +  5),
-					/* error 5 is obsolete */
-SSL_ERROR_BAD_CLIENT 			= (SSL_ERROR_BASE +  6),
-SSL_ERROR_BAD_SERVER 			= (SSL_ERROR_BASE +  7),
-SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	= (SSL_ERROR_BASE +  8),
-SSL_ERROR_UNSUPPORTED_VERSION 		= (SSL_ERROR_BASE +  9),
-SSL_ERROR_UNUSED_10			= (SSL_ERROR_BASE + 10),
-					/* error 10 is obsolete */
-SSL_ERROR_WRONG_CERTIFICATE		= (SSL_ERROR_BASE + 11),
-SSL_ERROR_BAD_CERT_DOMAIN 		= (SSL_ERROR_BASE + 12),
-SSL_ERROR_POST_WARNING 			= (SSL_ERROR_BASE + 13),
-SSL_ERROR_SSL2_DISABLED 		= (SSL_ERROR_BASE + 14),
-SSL_ERROR_BAD_MAC_READ 			= (SSL_ERROR_BASE + 15),
-/* 
+SSL_ERROR_NO_CERTIFICATE /*_ALERT */    = (SSL_ERROR_BASE +  3),
+SSL_ERROR_BAD_CERTIFICATE               = (SSL_ERROR_BASE +  4),
+SSL_ERROR_UNUSED_5                      = (SSL_ERROR_BASE +  5),
+                                        /* error 5 is obsolete */
+SSL_ERROR_BAD_CLIENT                    = (SSL_ERROR_BASE +  6),
+SSL_ERROR_BAD_SERVER                    = (SSL_ERROR_BASE +  7),
+SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE  = (SSL_ERROR_BASE +  8),
+SSL_ERROR_UNSUPPORTED_VERSION           = (SSL_ERROR_BASE +  9),
+SSL_ERROR_UNUSED_10                     = (SSL_ERROR_BASE + 10),
+                                        /* error 10 is obsolete */
+SSL_ERROR_WRONG_CERTIFICATE             = (SSL_ERROR_BASE + 11),
+SSL_ERROR_BAD_CERT_DOMAIN               = (SSL_ERROR_BASE + 12),
+SSL_ERROR_POST_WARNING                  = (SSL_ERROR_BASE + 13),
+SSL_ERROR_SSL2_DISABLED                 = (SSL_ERROR_BASE + 14),
+SSL_ERROR_BAD_MAC_READ                  = (SSL_ERROR_BASE + 15),
+/*
  * Received an alert reporting what we did wrong.
  * (two more alerts above, and many more below)
  */
-SSL_ERROR_BAD_MAC_ALERT 		= (SSL_ERROR_BASE + 16),
+SSL_ERROR_BAD_MAC_ALERT                 = (SSL_ERROR_BASE + 16),
 SSL_ERROR_BAD_CERT_ALERT                = (SSL_ERROR_BASE + 17),
-SSL_ERROR_REVOKED_CERT_ALERT 		= (SSL_ERROR_BASE + 18),
-SSL_ERROR_EXPIRED_CERT_ALERT 		= (SSL_ERROR_BASE + 19),
-
-SSL_ERROR_SSL_DISABLED 			= (SSL_ERROR_BASE + 20),
-SSL_ERROR_FORTEZZA_PQG 			= (SSL_ERROR_BASE + 21),
-SSL_ERROR_UNKNOWN_CIPHER_SUITE		= (SSL_ERROR_BASE + 22),
-SSL_ERROR_NO_CIPHERS_SUPPORTED		= (SSL_ERROR_BASE + 23),
-SSL_ERROR_BAD_BLOCK_PADDING		= (SSL_ERROR_BASE + 24),
-SSL_ERROR_RX_RECORD_TOO_LONG		= (SSL_ERROR_BASE + 25),
-SSL_ERROR_TX_RECORD_TOO_LONG		= (SSL_ERROR_BASE + 26),
-/* 
+SSL_ERROR_REVOKED_CERT_ALERT            = (SSL_ERROR_BASE + 18),
+SSL_ERROR_EXPIRED_CERT_ALERT            = (SSL_ERROR_BASE + 19),
+
+SSL_ERROR_SSL_DISABLED                  = (SSL_ERROR_BASE + 20),
+SSL_ERROR_FORTEZZA_PQG                  = (SSL_ERROR_BASE + 21),
+SSL_ERROR_UNKNOWN_CIPHER_SUITE          = (SSL_ERROR_BASE + 22),
+SSL_ERROR_NO_CIPHERS_SUPPORTED          = (SSL_ERROR_BASE + 23),
+SSL_ERROR_BAD_BLOCK_PADDING             = (SSL_ERROR_BASE + 24),
+SSL_ERROR_RX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 25),
+SSL_ERROR_TX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 26),
+/*
  * Received a malformed (too long or short) SSL handshake.
  */
-SSL_ERROR_RX_MALFORMED_HELLO_REQUEST	= (SSL_ERROR_BASE + 27),
-SSL_ERROR_RX_MALFORMED_CLIENT_HELLO	= (SSL_ERROR_BASE + 28),
-SSL_ERROR_RX_MALFORMED_SERVER_HELLO	= (SSL_ERROR_BASE + 29),
-SSL_ERROR_RX_MALFORMED_CERTIFICATE	= (SSL_ERROR_BASE + 30),
-SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH	= (SSL_ERROR_BASE + 31),
-SSL_ERROR_RX_MALFORMED_CERT_REQUEST	= (SSL_ERROR_BASE + 32),
-SSL_ERROR_RX_MALFORMED_HELLO_DONE	= (SSL_ERROR_BASE + 33),
-SSL_ERROR_RX_MALFORMED_CERT_VERIFY	= (SSL_ERROR_BASE + 34),
-SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH	= (SSL_ERROR_BASE + 35),
-SSL_ERROR_RX_MALFORMED_FINISHED 	= (SSL_ERROR_BASE + 36),
-/* 
+SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    = (SSL_ERROR_BASE + 27),
+SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     = (SSL_ERROR_BASE + 28),
+SSL_ERROR_RX_MALFORMED_SERVER_HELLO     = (SSL_ERROR_BASE + 29),
+SSL_ERROR_RX_MALFORMED_CERTIFICATE      = (SSL_ERROR_BASE + 30),
+SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  = (SSL_ERROR_BASE + 31),
+SSL_ERROR_RX_MALFORMED_CERT_REQUEST     = (SSL_ERROR_BASE + 32),
+SSL_ERROR_RX_MALFORMED_HELLO_DONE       = (SSL_ERROR_BASE + 33),
+SSL_ERROR_RX_MALFORMED_CERT_VERIFY      = (SSL_ERROR_BASE + 34),
+SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  = (SSL_ERROR_BASE + 35),
+SSL_ERROR_RX_MALFORMED_FINISHED         = (SSL_ERROR_BASE + 36),
+/*
  * Received a malformed (too long or short) SSL record.
  */
-SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER 	= (SSL_ERROR_BASE + 37),
-SSL_ERROR_RX_MALFORMED_ALERT	 	= (SSL_ERROR_BASE + 38),
-SSL_ERROR_RX_MALFORMED_HANDSHAKE 	= (SSL_ERROR_BASE + 39),
-SSL_ERROR_RX_MALFORMED_APPLICATION_DATA	= (SSL_ERROR_BASE + 40),
+SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    = (SSL_ERROR_BASE + 37),
+SSL_ERROR_RX_MALFORMED_ALERT            = (SSL_ERROR_BASE + 38),
+SSL_ERROR_RX_MALFORMED_HANDSHAKE        = (SSL_ERROR_BASE + 39),
+SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
 /*
  * Received an SSL handshake that was inappropriate for the state we're in.
  * E.g. Server received message from server, or wrong state in state machine.
  */
-SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST	= (SSL_ERROR_BASE + 41),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO	= (SSL_ERROR_BASE + 42),
-SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO	= (SSL_ERROR_BASE + 43),
-SSL_ERROR_RX_UNEXPECTED_CERTIFICATE	= (SSL_ERROR_BASE + 44),
-SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH	= (SSL_ERROR_BASE + 45),
-SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST	= (SSL_ERROR_BASE + 46),
-SSL_ERROR_RX_UNEXPECTED_HELLO_DONE	= (SSL_ERROR_BASE + 47),
-SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY	= (SSL_ERROR_BASE + 48),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH	= (SSL_ERROR_BASE + 49),
-SSL_ERROR_RX_UNEXPECTED_FINISHED 	= (SSL_ERROR_BASE + 50),
+SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   = (SSL_ERROR_BASE + 41),
+SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    = (SSL_ERROR_BASE + 42),
+SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    = (SSL_ERROR_BASE + 43),
+SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     = (SSL_ERROR_BASE + 44),
+SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
+SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    = (SSL_ERROR_BASE + 46),
+SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      = (SSL_ERROR_BASE + 47),
+SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     = (SSL_ERROR_BASE + 48),
+SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
+SSL_ERROR_RX_UNEXPECTED_FINISHED        = (SSL_ERROR_BASE + 50),
 /*
  * Received an SSL record that was inappropriate for the state we're in.
  */
-SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER 	= (SSL_ERROR_BASE + 51),
-SSL_ERROR_RX_UNEXPECTED_ALERT	 	= (SSL_ERROR_BASE + 52),
-SSL_ERROR_RX_UNEXPECTED_HANDSHAKE 	= (SSL_ERROR_BASE + 53),
-SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA= (SSL_ERROR_BASE + 54),
+SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   = (SSL_ERROR_BASE + 51),
+SSL_ERROR_RX_UNEXPECTED_ALERT           = (SSL_ERROR_BASE + 52),
+SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       = (SSL_ERROR_BASE + 53),
+SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54),
 /*
  * Received record/message with unknown discriminant.
  */
-SSL_ERROR_RX_UNKNOWN_RECORD_TYPE	= (SSL_ERROR_BASE + 55),
-SSL_ERROR_RX_UNKNOWN_HANDSHAKE 		= (SSL_ERROR_BASE + 56),
-SSL_ERROR_RX_UNKNOWN_ALERT 		= (SSL_ERROR_BASE + 57),
-/* 
+SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        = (SSL_ERROR_BASE + 55),
+SSL_ERROR_RX_UNKNOWN_HANDSHAKE          = (SSL_ERROR_BASE + 56),
+SSL_ERROR_RX_UNKNOWN_ALERT              = (SSL_ERROR_BASE + 57),
+/*
  * Received an alert reporting what we did wrong.  (more alerts above)
  */
-SSL_ERROR_CLOSE_NOTIFY_ALERT 		= (SSL_ERROR_BASE + 58),
-SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT 	= (SSL_ERROR_BASE + 59),
-SSL_ERROR_DECOMPRESSION_FAILURE_ALERT 	= (SSL_ERROR_BASE + 60),
-SSL_ERROR_HANDSHAKE_FAILURE_ALERT 	= (SSL_ERROR_BASE + 61),
-SSL_ERROR_ILLEGAL_PARAMETER_ALERT 	= (SSL_ERROR_BASE + 62),
-SSL_ERROR_UNSUPPORTED_CERT_ALERT 	= (SSL_ERROR_BASE + 63),
-SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT 	= (SSL_ERROR_BASE + 64),
-
-SSL_ERROR_GENERATE_RANDOM_FAILURE	= (SSL_ERROR_BASE + 65),
-SSL_ERROR_SIGN_HASHES_FAILURE		= (SSL_ERROR_BASE + 66),
-SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE	= (SSL_ERROR_BASE + 67),
-SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE	= (SSL_ERROR_BASE + 68),
-SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE	= (SSL_ERROR_BASE + 69),
-
-SSL_ERROR_ENCRYPTION_FAILURE		= (SSL_ERROR_BASE + 70),
-SSL_ERROR_DECRYPTION_FAILURE		= (SSL_ERROR_BASE + 71), /* don't use */
-SSL_ERROR_SOCKET_WRITE_FAILURE		= (SSL_ERROR_BASE + 72),
-
-SSL_ERROR_MD5_DIGEST_FAILURE		= (SSL_ERROR_BASE + 73),
-SSL_ERROR_SHA_DIGEST_FAILURE		= (SSL_ERROR_BASE + 74),
-SSL_ERROR_MAC_COMPUTATION_FAILURE	= (SSL_ERROR_BASE + 75),
-SSL_ERROR_SYM_KEY_CONTEXT_FAILURE	= (SSL_ERROR_BASE + 76),
-SSL_ERROR_SYM_KEY_UNWRAP_FAILURE	= (SSL_ERROR_BASE + 77),
-SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED	= (SSL_ERROR_BASE + 78),
-SSL_ERROR_IV_PARAM_FAILURE		= (SSL_ERROR_BASE + 79),
-SSL_ERROR_INIT_CIPHER_SUITE_FAILURE	= (SSL_ERROR_BASE + 80),
-SSL_ERROR_SESSION_KEY_GEN_FAILURE	= (SSL_ERROR_BASE + 81),
-SSL_ERROR_NO_SERVER_KEY_FOR_ALG		= (SSL_ERROR_BASE + 82),
-SSL_ERROR_TOKEN_INSERTION_REMOVAL	= (SSL_ERROR_BASE + 83),
-SSL_ERROR_TOKEN_SLOT_NOT_FOUND		= (SSL_ERROR_BASE + 84),
-SSL_ERROR_NO_COMPRESSION_OVERLAP	= (SSL_ERROR_BASE + 85),
-SSL_ERROR_HANDSHAKE_NOT_COMPLETED	= (SSL_ERROR_BASE + 86),
-SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE	= (SSL_ERROR_BASE + 87),
-SSL_ERROR_CERT_KEA_MISMATCH		= (SSL_ERROR_BASE + 88),
+SSL_ERROR_CLOSE_NOTIFY_ALERT            = (SSL_ERROR_BASE + 58),
+SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    = (SSL_ERROR_BASE + 59),
+SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   = (SSL_ERROR_BASE + 60),
+SSL_ERROR_HANDSHAKE_FAILURE_ALERT       = (SSL_ERROR_BASE + 61),
+SSL_ERROR_ILLEGAL_PARAMETER_ALERT       = (SSL_ERROR_BASE + 62),
+SSL_ERROR_UNSUPPORTED_CERT_ALERT        = (SSL_ERROR_BASE + 63),
+SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     = (SSL_ERROR_BASE + 64),
+
+SSL_ERROR_GENERATE_RANDOM_FAILURE       = (SSL_ERROR_BASE + 65),
+SSL_ERROR_SIGN_HASHES_FAILURE           = (SSL_ERROR_BASE + 66),
+SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    = (SSL_ERROR_BASE + 67),
+SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 68),
+SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 69),
+
+SSL_ERROR_ENCRYPTION_FAILURE            = (SSL_ERROR_BASE + 70),
+SSL_ERROR_DECRYPTION_FAILURE            = (SSL_ERROR_BASE + 71), /* don't use */
+SSL_ERROR_SOCKET_WRITE_FAILURE          = (SSL_ERROR_BASE + 72),
+
+SSL_ERROR_MD5_DIGEST_FAILURE            = (SSL_ERROR_BASE + 73),
+SSL_ERROR_SHA_DIGEST_FAILURE            = (SSL_ERROR_BASE + 74),
+SSL_ERROR_MAC_COMPUTATION_FAILURE       = (SSL_ERROR_BASE + 75),
+SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       = (SSL_ERROR_BASE + 76),
+SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        = (SSL_ERROR_BASE + 77),
+SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   = (SSL_ERROR_BASE + 78),
+SSL_ERROR_IV_PARAM_FAILURE              = (SSL_ERROR_BASE + 79),
+SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     = (SSL_ERROR_BASE + 80),
+SSL_ERROR_SESSION_KEY_GEN_FAILURE       = (SSL_ERROR_BASE + 81),
+SSL_ERROR_NO_SERVER_KEY_FOR_ALG         = (SSL_ERROR_BASE + 82),
+SSL_ERROR_TOKEN_INSERTION_REMOVAL       = (SSL_ERROR_BASE + 83),
+SSL_ERROR_TOKEN_SLOT_NOT_FOUND          = (SSL_ERROR_BASE + 84),
+SSL_ERROR_NO_COMPRESSION_OVERLAP        = (SSL_ERROR_BASE + 85),
+SSL_ERROR_HANDSHAKE_NOT_COMPLETED       = (SSL_ERROR_BASE + 86),
+SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      = (SSL_ERROR_BASE + 87),
+SSL_ERROR_CERT_KEA_MISMATCH             = (SSL_ERROR_BASE + 88),
 /* SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA became obsolete in NSS 3.14. */
-SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA	= (SSL_ERROR_BASE + 89),
-SSL_ERROR_SESSION_NOT_FOUND		= (SSL_ERROR_BASE + 90),
-
-SSL_ERROR_DECRYPTION_FAILED_ALERT	= (SSL_ERROR_BASE + 91),
-SSL_ERROR_RECORD_OVERFLOW_ALERT		= (SSL_ERROR_BASE + 92),
-SSL_ERROR_UNKNOWN_CA_ALERT		= (SSL_ERROR_BASE + 93),
-SSL_ERROR_ACCESS_DENIED_ALERT		= (SSL_ERROR_BASE + 94),
-SSL_ERROR_DECODE_ERROR_ALERT		= (SSL_ERROR_BASE + 95),
-SSL_ERROR_DECRYPT_ERROR_ALERT		= (SSL_ERROR_BASE + 96),
-SSL_ERROR_EXPORT_RESTRICTION_ALERT	= (SSL_ERROR_BASE + 97),
-SSL_ERROR_PROTOCOL_VERSION_ALERT	= (SSL_ERROR_BASE + 98),
-SSL_ERROR_INSUFFICIENT_SECURITY_ALERT	= (SSL_ERROR_BASE + 99),
-SSL_ERROR_INTERNAL_ERROR_ALERT		= (SSL_ERROR_BASE + 100),
-SSL_ERROR_USER_CANCELED_ALERT		= (SSL_ERROR_BASE + 101),
-SSL_ERROR_NO_RENEGOTIATION_ALERT	= (SSL_ERROR_BASE + 102),
-
-SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED	= (SSL_ERROR_BASE + 103),
-
-SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT		= (SSL_ERROR_BASE + 104),
-SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT	= (SSL_ERROR_BASE + 105),
-SSL_ERROR_UNRECOGNIZED_NAME_ALERT		= (SSL_ERROR_BASE + 106),
-SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT	= (SSL_ERROR_BASE + 107),
-SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT		= (SSL_ERROR_BASE + 108),
+SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA      = (SSL_ERROR_BASE + 89),
+SSL_ERROR_SESSION_NOT_FOUND             = (SSL_ERROR_BASE + 90),
+
+SSL_ERROR_DECRYPTION_FAILED_ALERT       = (SSL_ERROR_BASE + 91),
+SSL_ERROR_RECORD_OVERFLOW_ALERT         = (SSL_ERROR_BASE + 92),
+SSL_ERROR_UNKNOWN_CA_ALERT              = (SSL_ERROR_BASE + 93),
+SSL_ERROR_ACCESS_DENIED_ALERT           = (SSL_ERROR_BASE + 94),
+SSL_ERROR_DECODE_ERROR_ALERT            = (SSL_ERROR_BASE + 95),
+SSL_ERROR_DECRYPT_ERROR_ALERT           = (SSL_ERROR_BASE + 96),
+SSL_ERROR_EXPORT_RESTRICTION_ALERT      = (SSL_ERROR_BASE + 97),
+SSL_ERROR_PROTOCOL_VERSION_ALERT        = (SSL_ERROR_BASE + 98),
+SSL_ERROR_INSUFFICIENT_SECURITY_ALERT   = (SSL_ERROR_BASE + 99),
+SSL_ERROR_INTERNAL_ERROR_ALERT          = (SSL_ERROR_BASE + 100),
+SSL_ERROR_USER_CANCELED_ALERT           = (SSL_ERROR_BASE + 101),
+SSL_ERROR_NO_RENEGOTIATION_ALERT        = (SSL_ERROR_BASE + 102),
+
+SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED   = (SSL_ERROR_BASE + 103),
+
+SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT   = (SSL_ERROR_BASE + 104),
+SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105),
+SSL_ERROR_UNRECOGNIZED_NAME_ALERT       = (SSL_ERROR_BASE + 106),
+SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107),
+SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT     = (SSL_ERROR_BASE + 108),
 
 SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109),
-SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET  = (SSL_ERROR_BASE + 110),
+SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110),
 
-SSL_ERROR_DECOMPRESSION_FAILURE		= (SSL_ERROR_BASE + 111),
+SSL_ERROR_DECOMPRESSION_FAILURE         = (SSL_ERROR_BASE + 111),
 SSL_ERROR_RENEGOTIATION_NOT_ALLOWED     = (SSL_ERROR_BASE + 112),
 SSL_ERROR_UNSAFE_NEGOTIATION            = (SSL_ERROR_BASE + 113),
 
-SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD	= (SSL_ERROR_BASE + 114),
+SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
 
 SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY  = (SSL_ERROR_BASE + 115),
 
-SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID	= (SSL_ERROR_BASE + 116),
+SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID    = (SSL_ERROR_BASE + 116),
 
 SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117),
 SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118),
 SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119),
 
-SSL_ERROR_INVALID_VERSION_RANGE		= (SSL_ERROR_BASE + 120),
-SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION	= (SSL_ERROR_BASE + 121),
+SSL_ERROR_INVALID_VERSION_RANGE         = (SSL_ERROR_BASE + 120),
+SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121),
 
 SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122),
 SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123),
@@ -189,11 +189,14 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124),
 
 SSL_ERROR_RX_UNEXPECTED_CERT_STATUS     = (SSL_ERROR_BASE + 125),
 
-SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
-SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
+SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM    = (SSL_ERROR_BASE + 126),
+SSL_ERROR_DIGEST_FAILURE                = (SSL_ERROR_BASE + 127),
 SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
 
-SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
+SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK     = (SSL_ERROR_BASE + 129),
+SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL     = (SSL_ERROR_BASE + 130),
+
+SSL_ERROR_END_OF_LIST   /* let the c compiler determine the value of this. */
 } SSLErrorCodes;
 #endif /* NO_SECURITY_ERROR_ENUM */
 
diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c
index 6c17eb0..bdf470b 100644
--- a/security/nss/lib/ssl/sslgathr.c
+++ b/security/nss/lib/ssl/sslgathr.c
@@ -364,34 +364,6 @@ ssl2_GatherRecord(sslSocket *ss, int flags)
     return ssl2_GatherData(ss, &ss->gs, flags);
 }
 
-/*
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns  0 if it hits EOF.
- * Returns -1 (SECFailure)    on any error
- * Returns -2 (SECWouldBlock) 
- *
- * Called from SocksStartGather in sslsocks.c
- * Caller must hold RecvBufLock. 
- */
-int 
-ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, unsigned int count)
-{
-    int rv;
-
-    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
-    gs->state     = GS_DATA;
-    gs->remainder = count;
-    gs->count     = count;
-    gs->offset    = 0;
-    if (count > gs->buf.space) {
-	rv = sslBuffer_Grow(&gs->buf, count);
-	if (rv) {
-	    return rv;
-	}
-    }
-    return ssl2_GatherData(ss, gs, 0);
-}
-
 /* Caller should hold RecvBufLock. */
 SECStatus
 ssl_InitGather(sslGather *gs)
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
index eaf17af..af3c191 100644
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -226,6 +226,13 @@ extern PRInt32
 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
                                const ssl3HelloExtensionSender *sender);
 
+extern unsigned int
+ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
+
+extern PRInt32
+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+			    PRUint32 maxBytes);
+
 /* Socket ops */
 struct sslSocketOpsStr {
     int         (*connect) (sslSocket *, const PRNetAddr *);
@@ -281,11 +288,11 @@ typedef struct {
 #endif
 } ssl3CipherSuiteCfg;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #define ssl_V3_SUITES_IMPLEMENTED 61
 #else
 #define ssl_V3_SUITES_IMPLEMENTED 37
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 #define MAX_DTLS_SRTP_CIPHER_SUITES 4
 
@@ -317,6 +324,8 @@ typedef struct sslOptionsStr {
     unsigned int enableFalseStart       : 1;  /* 23 */
     unsigned int cbcRandomIV            : 1;  /* 24 */
     unsigned int enableOCSPStapling     : 1;  /* 25 */
+    unsigned int enableNPN              : 1;  /* 26 */
+    unsigned int enableALPN             : 1;  /* 27 */
 } sslOptions;
 
 typedef enum { sslHandshakingUndetermined = 0,
@@ -644,9 +653,9 @@ struct sslSessionIDStr {
             SSL3KEAType           exchKeyType;
 				  /* key type used in exchange algorithm,
 				   * and to wrap the sym wrapping key. */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 	    PRUint32              negotiatedECCurves;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 	    /* The following values are NOT restored from the server's on-disk
 	     * session cache, but are restored from the client's cache.
@@ -876,9 +885,9 @@ const ssl3CipherSuiteDef *suite_def;
 	SSL3Finished      sFinished[2];
 	SSL3Opaque        data[72];
     }                     finishedMsgs;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     PRUint32              negotiatedECCurves; /* bit mask */
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
     PRBool                authCertificatePending;
     /* Which function should SSL_RestartHandshake* call if we're blocked?
@@ -1371,8 +1380,6 @@ extern SECStatus   ssl_GatherRecord1stHandshake(sslSocket *ss);
 
 extern SECStatus   ssl2_HandleClientHelloMessage(sslSocket *ss);
 extern SECStatus   ssl2_HandleServerHelloMessage(sslSocket *ss);
-extern int         ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, 
-                                         unsigned int count);
 
 extern SECStatus   ssl_CreateSecurityInfo(sslSocket *ss);
 extern SECStatus   ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
@@ -1587,7 +1594,7 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
  */
 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 
@@ -1642,7 +1649,7 @@ extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve,
 ECName	ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
 
 
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
@@ -1677,7 +1684,7 @@ extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
 
 extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /* ECDH functions */
 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, 
 			     SECKEYPublicKey * svrPubKey);
@@ -1762,7 +1769,7 @@ extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
                                         const CERTCertificateList *certChain,
                                         ssl3KeyPair *keyPair, SSLKEAType kea);
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
 			PRBool append, PRUint32 maxBytes);
 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c
index 89545e0..00f2f38 100644
--- a/security/nss/lib/ssl/sslinfo.c
+++ b/security/nss/lib/ssl/sslinfo.c
@@ -148,30 +148,30 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),      S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA),             S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256),       S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA),          S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA),    S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
-{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA),         S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
-{0,CS(SSL_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
 
 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA),    S_RSA, K_RSA, C_RC4, B_56,  M_SHA, 0, 1, 0, },
 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA),   S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
 {0,CS(TLS_RSA_WITH_NULL_SHA256),              S_RSA, K_RSA, C_NULL,B_0,   M_SHA256, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 /* ECC cipher suites */
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
@@ -201,7 +201,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),    S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
 
 /* SSL 2 table */
 {0,CK(SSL_CK_RC4_128_WITH_MD5),               S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c
index ae94012..2e861f1 100644
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -165,10 +165,8 @@ static void
 ssl_DestroySID(sslSessionID *sid)
 {
     SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
-    PORT_Assert((sid->references == 0));
-
-    if (sid->cached == in_client_cache)
-    	return;	/* it will get taken care of next time cache is traversed. */
+    PORT_Assert(sid->references == 0);
+    PORT_Assert(sid->cached != in_client_cache);
 
     if (sid->version < SSL_LIBRARY_VERSION_3_0) {
 	SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
@@ -264,9 +262,9 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
 
 	SSL_TRC(8, ("SSL: Lookup1: sid=0x%x", sid));
 
-	if (sid->expirationTime < now || !sid->references) {
+	if (sid->expirationTime < now) {
 	    /*
-	    ** This session-id timed out, or was orphaned.
+	    ** This session-id timed out.
 	    ** Don't even care who it belongs to, blow it out of our cache.
 	    */
 	    SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d",
@@ -274,11 +272,7 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
 
 	    *sidp = sid->next; 			/* delink it from the list. */
 	    sid->cached = invalid_cache;	/* mark not on list. */
-	    if (!sid->references)
-	    	ssl_DestroySID(sid);
-	    else
-		ssl_FreeLockedSID(sid);		/* drop ref count, free. */
-
+	    ssl_FreeLockedSID(sid);		/* drop ref count, free. */
 	} else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
 	           (sid->port == port) && /* server port matches */
 		   /* proxy (peerID) matches */
@@ -489,6 +483,8 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
 {
     PORT_Assert(sid);
     PORT_Assert(newSessionTicket);
+    PORT_Assert(newSessionTicket->ticket.data);
+    PORT_Assert(newSessionTicket->ticket.len != 0);
 
     /* if sid->u.ssl3.lock, we are updating an existing entry that is already
      * cached or was once cached, so we need to acquire and release the write
@@ -497,10 +493,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
      */
     if (sid->u.ssl3.lock) {
 	PR_RWLock_Wlock(sid->u.ssl3.lock);
-
-	/* A server might have sent us an empty ticket, which has the
-	 * effect of clearing the previously known ticket.
-	 */
 	if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
 	    SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
 			     PR_FALSE);
diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h
index 53bba01..7a283c7 100644
--- a/security/nss/lib/ssl/sslproto.h
+++ b/security/nss/lib/ssl/sslproto.h
@@ -1,5 +1,5 @@
 /*
- * Various and sundry protocol constants. DON'T CHANGE THESE. These values 
+ * Various and sundry protocol constants. DON'T CHANGE THESE. These values
  * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
  * Cipher kinds and ciphersuites are part of the public API.
  *
@@ -11,138 +11,174 @@
 #define __sslproto_h_
 
 /* All versions less than 3_0 are treated as SSL version 2 */
-#define SSL_LIBRARY_VERSION_2			0x0002
-#define SSL_LIBRARY_VERSION_3_0			0x0300
-#define SSL_LIBRARY_VERSION_TLS_1_0		0x0301
-#define SSL_LIBRARY_VERSION_TLS_1_1		0x0302
-#define SSL_LIBRARY_VERSION_TLS_1_2		0x0303
+#define SSL_LIBRARY_VERSION_2                   0x0002
+#define SSL_LIBRARY_VERSION_3_0                 0x0300
+#define SSL_LIBRARY_VERSION_TLS_1_0             0x0301
+#define SSL_LIBRARY_VERSION_TLS_1_1             0x0302
+#define SSL_LIBRARY_VERSION_TLS_1_2             0x0303
 /* Note: this is the internal format, not the wire format */
-#define SSL_LIBRARY_VERSION_DTLS_1_0		0x0302
+#define SSL_LIBRARY_VERSION_DTLS_1_0            0x0302
+#define SSL_LIBRARY_VERSION_DTLS_1_2            0x0303
 
 /* deprecated old name */
-#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 
+#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
 
-/* The DTLS version used in the spec */
+/* The DTLS versions used in the spec */
 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
+#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE       ((~0x0102) & 0xffff)
 
 /* Header lengths of some of the messages */
-#define SSL_HL_ERROR_HBYTES			3
-#define SSL_HL_CLIENT_HELLO_HBYTES		9
-#define SSL_HL_CLIENT_MASTER_KEY_HBYTES		10
-#define SSL_HL_CLIENT_FINISHED_HBYTES		1
-#define SSL_HL_SERVER_HELLO_HBYTES		11
-#define SSL_HL_SERVER_VERIFY_HBYTES		1
-#define SSL_HL_SERVER_FINISHED_HBYTES		1
-#define SSL_HL_REQUEST_CERTIFICATE_HBYTES	2
-#define SSL_HL_CLIENT_CERTIFICATE_HBYTES	6
+#define SSL_HL_ERROR_HBYTES                     3
+#define SSL_HL_CLIENT_HELLO_HBYTES              9
+#define SSL_HL_CLIENT_MASTER_KEY_HBYTES         10
+#define SSL_HL_CLIENT_FINISHED_HBYTES           1
+#define SSL_HL_SERVER_HELLO_HBYTES              11
+#define SSL_HL_SERVER_VERIFY_HBYTES             1
+#define SSL_HL_SERVER_FINISHED_HBYTES           1
+#define SSL_HL_REQUEST_CERTIFICATE_HBYTES       2
+#define SSL_HL_CLIENT_CERTIFICATE_HBYTES        6
 
 /* Security handshake protocol codes */
-#define SSL_MT_ERROR				0
-#define SSL_MT_CLIENT_HELLO			1
-#define SSL_MT_CLIENT_MASTER_KEY		2
-#define SSL_MT_CLIENT_FINISHED			3
-#define SSL_MT_SERVER_HELLO			4
-#define SSL_MT_SERVER_VERIFY			5
-#define SSL_MT_SERVER_FINISHED			6
-#define SSL_MT_REQUEST_CERTIFICATE		7
-#define SSL_MT_CLIENT_CERTIFICATE		8
+#define SSL_MT_ERROR                            0
+#define SSL_MT_CLIENT_HELLO                     1
+#define SSL_MT_CLIENT_MASTER_KEY                2
+#define SSL_MT_CLIENT_FINISHED                  3
+#define SSL_MT_SERVER_HELLO                     4
+#define SSL_MT_SERVER_VERIFY                    5
+#define SSL_MT_SERVER_FINISHED                  6
+#define SSL_MT_REQUEST_CERTIFICATE              7
+#define SSL_MT_CLIENT_CERTIFICATE               8
 
 /* Certificate types */
-#define SSL_CT_X509_CERTIFICATE			0x01
+#define SSL_CT_X509_CERTIFICATE                 0x01
 #if 0 /* XXX Not implemented yet */
-#define SSL_PKCS6_CERTIFICATE			0x02
+#define SSL_PKCS6_CERTIFICATE                   0x02
 #endif
-#define SSL_AT_MD5_WITH_RSA_ENCRYPTION		0x01
+#define SSL_AT_MD5_WITH_RSA_ENCRYPTION          0x01
 
 /* Error codes */
-#define SSL_PE_NO_CYPHERS			0x0001
-#define SSL_PE_NO_CERTIFICATE			0x0002
-#define SSL_PE_BAD_CERTIFICATE			0x0004
-#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE	0x0006
+#define SSL_PE_NO_CYPHERS                       0x0001
+#define SSL_PE_NO_CERTIFICATE                   0x0002
+#define SSL_PE_BAD_CERTIFICATE                  0x0004
+#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE     0x0006
 
 /* Cypher kinds (not the spec version!) */
-#define SSL_CK_RC4_128_WITH_MD5			0x01
-#define SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x02
-#define SSL_CK_RC2_128_CBC_WITH_MD5		0x03
-#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x04
-#define SSL_CK_IDEA_128_CBC_WITH_MD5		0x05
-#define SSL_CK_DES_64_CBC_WITH_MD5		0x06
-#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x07
-
-/* Cipher enables.  These are used only for SSL_EnableCipher 
- * These values define the SSL2 suites, and do not colide with the 
+#define SSL_CK_RC4_128_WITH_MD5                 0x01
+#define SSL_CK_RC4_128_EXPORT40_WITH_MD5        0x02
+#define SSL_CK_RC2_128_CBC_WITH_MD5             0x03
+#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    0x04
+#define SSL_CK_IDEA_128_CBC_WITH_MD5            0x05
+#define SSL_CK_DES_64_CBC_WITH_MD5              0x06
+#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5        0x07
+
+/* Cipher enables.  These are used only for SSL_EnableCipher
+ * These values define the SSL2 suites, and do not colide with the
  * SSL3 Cipher suites defined below.
  */
-#define SSL_EN_RC4_128_WITH_MD5			0xFF01
-#define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
-#define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
-#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
-#define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
-#define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
-#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07
-
-/* SSL v3 Cipher Suites */
-#define SSL_NULL_WITH_NULL_NULL			0x0000
-
-#define SSL_RSA_WITH_NULL_MD5			0x0001
-#define SSL_RSA_WITH_NULL_SHA			0x0002
-#define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
-#define SSL_RSA_WITH_RC4_128_MD5		0x0004
-#define SSL_RSA_WITH_RC4_128_SHA		0x0005
-#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
-#define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
-#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
-#define SSL_RSA_WITH_DES_CBC_SHA		0x0009
-#define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
-						       
-#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
-#define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
-#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
-#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
-#define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
-#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
-						       
-#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
-#define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
-#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
-#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
-#define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
-#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
-						       
-#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
-#define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
-#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
-#define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
-#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
-
-#define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e /* deprecated */
-
-/* New TLS cipher suites */
-#define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
-#define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034
-
-#define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
-#define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A
-#define TLS_RSA_WITH_NULL_SHA256		0x003B
-#define TLS_RSA_WITH_AES_128_CBC_SHA256  	0x003C
-#define TLS_RSA_WITH_AES_256_CBC_SHA256  	0x003D
-
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      	0x0041
-#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   	0x0042
-#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   	0x0043
-#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  	0x0044
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  	0x0045
-#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  	0x0046
+#define SSL_EN_RC4_128_WITH_MD5                 0xFF01
+#define SSL_EN_RC4_128_EXPORT40_WITH_MD5        0xFF02
+#define SSL_EN_RC2_128_CBC_WITH_MD5             0xFF03
+#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5    0xFF04
+#define SSL_EN_IDEA_128_CBC_WITH_MD5            0xFF05
+#define SSL_EN_DES_64_CBC_WITH_MD5              0xFF06
+#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5        0xFF07
+
+/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
+#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+#define SSL_NULL_WITH_NULL_NULL                TLS_NULL_WITH_NULL_NULL
+#define SSL_RSA_WITH_NULL_MD5                  TLS_RSA_WITH_NULL_MD5
+#define SSL_RSA_WITH_NULL_SHA                  TLS_RSA_WITH_NULL_SHA
+#define SSL_RSA_EXPORT_WITH_RC4_40_MD5         TLS_RSA_EXPORT_WITH_RC4_40_MD5
+#define SSL_RSA_WITH_RC4_128_MD5               TLS_RSA_WITH_RC4_128_MD5
+#define SSL_RSA_WITH_RC4_128_SHA               TLS_RSA_WITH_RC4_128_SHA
+#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+#define SSL_RSA_WITH_IDEA_CBC_SHA              TLS_RSA_WITH_IDEA_CBC_SHA
+#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA      TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_RSA_WITH_DES_CBC_SHA               TLS_RSA_WITH_DES_CBC_SHA
+#define SSL_RSA_WITH_3DES_EDE_CBC_SHA          TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_DSS_WITH_DES_CBC_SHA            TLS_DH_DSS_WITH_DES_CBC_SHA
+#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_RSA_WITH_DES_CBC_SHA            TLS_DH_RSA_WITH_DES_CBC_SHA
+#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_DSS_WITH_DES_CBC_SHA           TLS_DHE_DSS_WITH_DES_CBC_SHA
+#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_RSA_WITH_DES_CBC_SHA           TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_WITH_RC4_128_MD5           TLS_DH_anon_WITH_RC4_128_MD5
+#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_ANON_WITH_DES_CBC_SHA           TLS_DH_anon_WITH_DES_CBC_SHA
+#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+#define TLS_DH_ANON_WITH_AES_128_CBC_SHA       TLS_DH_anon_WITH_AES_128_CBC_SHA
+#define TLS_DH_ANON_WITH_AES_256_CBC_SHA       TLS_DH_anon_WITH_AES_256_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
+#endif
+
+#define TLS_NULL_WITH_NULL_NULL                 0x0000
+
+#define TLS_RSA_WITH_NULL_MD5                   0x0001
+#define TLS_RSA_WITH_NULL_SHA                   0x0002
+#define TLS_RSA_EXPORT_WITH_RC4_40_MD5          0x0003
+#define TLS_RSA_WITH_RC4_128_MD5                0x0004
+#define TLS_RSA_WITH_RC4_128_SHA                0x0005
+#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006
+#define TLS_RSA_WITH_IDEA_CBC_SHA               0x0007
+#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008
+#define TLS_RSA_WITH_DES_CBC_SHA                0x0009
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA           0x000a
+
+#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000b
+#define TLS_DH_DSS_WITH_DES_CBC_SHA             0x000c
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000d
+#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000e
+#define TLS_DH_RSA_WITH_DES_CBC_SHA             0x000f
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010
+
+#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA            0x0012
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013
+#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA            0x0015
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016
+
+#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      0x0017
+#define TLS_DH_anon_WITH_RC4_128_MD5            0x0018
+#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019
+#define TLS_DH_anon_WITH_DES_CBC_SHA            0x001a
+#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       0x001b
+
+#define SSL_FORTEZZA_DMS_WITH_NULL_SHA          0x001c /* deprecated */
+#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA  0x001d /* deprecated */
+#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA       0x001e /* deprecated */
+
+#define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033
+#define TLS_DH_anon_WITH_AES_128_CBC_SHA        0x0034
+
+#define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039
+#define TLS_DH_anon_WITH_AES_256_CBC_SHA        0x003A
+#define TLS_RSA_WITH_NULL_SHA256                0x003B
+#define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C
+#define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D
+
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       0x0041
+#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA    0x0042
+#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0043
+#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA   0x0044
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA   0x0045
+#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA   0x0046
 
 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
@@ -153,14 +189,14 @@
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
 
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      	0x0084
-#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   	0x0085
-#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   	0x0086
-#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  	0x0087
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  	0x0088
-#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  	0x0089
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       0x0084
+#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA    0x0085
+#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA    0x0086
+#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA   0x0087
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA   0x0088
+#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA   0x0089
 
-#define TLS_RSA_WITH_SEED_CBC_SHA		0x0096
+#define TLS_RSA_WITH_SEED_CBC_SHA               0x0096
 
 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
@@ -170,7 +206,7 @@
  * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
  * back an empty Renegotiation Info (RI) server hello extension.
  */
-#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV	0x00FF
+#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV       0x00FF
 
 /* Cipher Suite Values starting with 0xC000 are defined in informational
  * RFCs.
@@ -214,18 +250,18 @@
 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
 
 /* Netscape "experimental" cipher suites. */
-#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
-#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1
+#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA   0xffe0
+#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA        0xffe1
 
 /* New non-experimental openly spec'ed versions of those cipher suites. */
-#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 	0xfeff
-#define SSL_RSA_FIPS_WITH_DES_CBC_SHA      	0xfefe
+#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA      0xfeff
+#define SSL_RSA_FIPS_WITH_DES_CBC_SHA           0xfefe
 
 /* DTLS-SRTP cipher suites from RFC 5764 */
 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
-#define SRTP_AES128_CM_HMAC_SHA1_80		0x0001
-#define SRTP_AES128_CM_HMAC_SHA1_32		0x0002
-#define SRTP_NULL_HMAC_SHA1_80			0x0005
-#define SRTP_NULL_HMAC_SHA1_32			0x0006
+#define SRTP_AES128_CM_HMAC_SHA1_80             0x0001
+#define SRTP_AES128_CM_HMAC_SHA1_32             0x0002
+#define SRTP_NULL_HMAC_SHA1_80                  0x0005
+#define SRTP_NULL_HMAC_SHA1_32                  0x0006
 
 #endif /* __sslproto_h_ */
diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c
index 35658d7..a32e3d5 100644
--- a/security/nss/lib/ssl/sslsecur.c
+++ b/security/nss/lib/ssl/sslsecur.c
@@ -696,11 +696,11 @@ NSS_FindCertKEAType(CERTCertificate * cert)
   case SEC_OID_X942_DIFFIE_HELMAN_KEY:
     keaType = kt_dh;
     break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
   case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
     keaType = kt_ecdh;
     break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
   default:
     keaType = kt_null;
   }
diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c
index b0446ad..4d9ef38 100644
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@@ -522,7 +522,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
 /*
 ** Convert shared memory cache-entry to local memory based one
 ** This is only called from ServerSessionIDLookup().
-** Caller must hold cache lock when calling this.
 */
 static sslSessionID *
 ConvertToSID(sidCacheEntry *    from,
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index 6091677..ee357b6 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -1,5 +1,5 @@
 /*
- * vtables (and methods that call through them) for the 4 types of 
+ * vtables (and methods that call through them) for the 4 types of
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
@@ -21,7 +21,7 @@
 
 #define SET_ERROR_CODE   /* reminder */
 
-static const sslSocketOps ssl_default_ops = {	/* No SSL. */
+static const sslSocketOps ssl_default_ops = {   /* No SSL. */
     ssl_DefConnect,
     NULL,
     ssl_DefBind,
@@ -36,7 +36,7 @@ static const sslSocketOps ssl_default_ops = {	/* No SSL. */
     ssl_DefGetsockname
 };
 
-static const sslSocketOps ssl_secure_ops = {	/* SSL. */
+static const sslSocketOps ssl_secure_ops = {    /* SSL. */
     ssl_SecureConnect,
     NULL,
     ssl_DefBind,
@@ -56,19 +56,19 @@ static const sslSocketOps ssl_secure_ops = {	/* SSL. */
 */
 static sslOptions ssl_defaults = {
     { siBuffer, NULL, 0 }, /* nextProtoNego */
-    PR_TRUE, 	/* useSecurity        */
-    PR_FALSE,	/* useSocks           */
-    PR_FALSE,	/* requestCertificate */
-    2,	        /* requireCertificate */
-    PR_FALSE,	/* handshakeAsClient  */
-    PR_FALSE,	/* handshakeAsServer  */
-    PR_FALSE,	/* enableSSL2         */ /* now defaults to off in NSS 3.13 */
-    PR_FALSE,	/* unusedBit9         */
-    PR_FALSE, 	/* unusedBit10        */
-    PR_FALSE,	/* noCache            */
-    PR_FALSE,	/* fdx                */
-    PR_FALSE,	/* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
-    PR_TRUE,	/* detectRollBack     */
+    PR_TRUE,    /* useSecurity        */
+    PR_FALSE,   /* useSocks           */
+    PR_FALSE,   /* requestCertificate */
+    2,          /* requireCertificate */
+    PR_FALSE,   /* handshakeAsClient  */
+    PR_FALSE,   /* handshakeAsServer  */
+    PR_FALSE,   /* enableSSL2         */ /* now defaults to off in NSS 3.13 */
+    PR_FALSE,   /* unusedBit9         */
+    PR_FALSE,   /* unusedBit10        */
+    PR_FALSE,   /* noCache            */
+    PR_FALSE,   /* fdx                */
+    PR_FALSE,   /* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
+    PR_TRUE,    /* detectRollBack     */
     PR_FALSE,   /* noStepDown         */
     PR_FALSE,   /* bypassPKCS11       */
     PR_FALSE,   /* noLocks            */
@@ -78,7 +78,9 @@ static sslOptions ssl_defaults = {
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
     PR_TRUE,    /* cbcRandomIV        */
-    PR_FALSE    /* enableOCSPStapling */
+    PR_FALSE,   /* enableOCSPStapling */
+    PR_TRUE,    /* enableNPN          */
+    PR_FALSE    /* enableALPN         */
 };
 
 /*
@@ -105,9 +107,9 @@ sslSessionIDUncacheFunc ssl_sid_uncache;
 static PRBool ssl_inited = PR_FALSE;
 static PRDescIdentity ssl_layer_id;
 
-PRBool                  locksEverDisabled; 	/* implicitly PR_FALSE */
-PRBool			ssl_force_locks;  	/* implicitly PR_FALSE */
-int                     ssl_lock_readers	= 1;	/* default true. */
+PRBool                  locksEverDisabled;      /* implicitly PR_FALSE */
+PRBool                  ssl_force_locks;        /* implicitly PR_FALSE */
+int                     ssl_lock_readers        = 1;    /* default true. */
 char                    ssl_debug;
 char                    ssl_trace;
 FILE *                  ssl_trace_iob;
@@ -126,7 +128,7 @@ static const PRUint16 srtpCiphers[] = {
 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
 static SECStatus  ssl_MakeLocks(sslSocket *ss);
 static void       ssl_SetDefaultsFromEnvironment(void);
-static PRStatus   ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, 
+static PRStatus   ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
                                   PRDescIdentity id);
 
 /************************************************************************/
@@ -147,18 +149,23 @@ ssl_GetPrivate(PRFileDesc *fd)
 
     if (fd->methods->file_type != PR_DESC_LAYERED ||
         fd->identity != ssl_layer_id) {
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
-	return NULL;
+        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+        return NULL;
     }
 
     ss = (sslSocket *)fd->secret;
+    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+     * contents of the PRFileDesc pointed by ss->fd and the new layer.
+     * See bug 807250.
+     */
     ss->fd = fd;
     return ss;
 }
 
-/* This function tries to find the SSL layer in the stack. 
+/* This function tries to find the SSL layer in the stack.
  * It searches for the first SSL layer at or below the argument fd,
- * and failing that, it searches for the nearest SSL layer above the 
+ * and failing that, it searches for the nearest SSL layer above the
  * argument fd.  It returns the private sslSocket from the found layer.
  */
 sslSocket *
@@ -172,11 +179,16 @@ ssl_FindSocket(PRFileDesc *fd)
 
     layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
     if (layer == NULL) {
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
-	return NULL;
+        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+        return NULL;
     }
 
     ss = (sslSocket *)layer->secret;
+    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+     * contents of the PRFileDesc pointed by ss->fd and the new layer.
+     * See bug 807250.
+     */
     ss->fd = layer;
     return ss;
 }
@@ -189,94 +201,94 @@ ssl_DupSocket(sslSocket *os)
 
     ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
     if (ss) {
-	ss->opt                = os->opt;
-	ss->opt.useSocks       = PR_FALSE;
-	ss->vrange             = os->vrange;
-
-	ss->peerID             = !os->peerID ? NULL : PORT_Strdup(os->peerID);
-	ss->url                = !os->url    ? NULL : PORT_Strdup(os->url);
-
-	ss->ops      = os->ops;
-	ss->rTimeout = os->rTimeout;
-	ss->wTimeout = os->wTimeout;
-	ss->cTimeout = os->cTimeout;
-	ss->dbHandle = os->dbHandle;
-
-	/* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
-	ss->allowedByPolicy	= os->allowedByPolicy;
-	ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
-	ss->chosenPreference 	= os->chosenPreference;
-	PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
-	PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
-		    sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
-	ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
-
-	if (os->cipherSpecs) {
-	    ss->cipherSpecs  = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
-	    if (ss->cipherSpecs) 
-	    	PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, 
-		            os->sizeCipherSpecs);
-	    ss->sizeCipherSpecs    = os->sizeCipherSpecs;
-	    ss->preferredCipher    = os->preferredCipher;
-	} else {
-	    ss->cipherSpecs        = NULL;  /* produced lazily */
-	    ss->sizeCipherSpecs    = 0;
-	    ss->preferredCipher    = NULL;
-	}
-	if (ss->opt.useSecurity) {
-	    /* This int should be SSLKEAType, but CC on Irix complains,
-	     * during the for loop.
-	     */
-	    int i;
-	    sslServerCerts * oc = os->serverCerts;
-	    sslServerCerts * sc = ss->serverCerts;
-            
-	    for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
-		if (oc->serverCert && oc->serverCertChain) {
-		    sc->serverCert      = CERT_DupCertificate(oc->serverCert);
-		    sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
-		    if (!sc->serverCertChain) 
-		    	goto loser;
-		} else {
-		    sc->serverCert      = NULL;
-		    sc->serverCertChain = NULL;
-		}
-		sc->serverKeyPair = oc->serverKeyPair ?
-				ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
-		if (oc->serverKeyPair && !sc->serverKeyPair)
-		    goto loser;
-	        sc->serverKeyBits = oc->serverKeyBits;
-		ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
-				SECITEM_DupArray(NULL, os->certStatusArray[i]);
-	    }
-	    ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
-		                  ssl3_GetKeyPairRef(os->stepDownKeyPair);
-	    ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
-		                  ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+        ss->opt                = os->opt;
+        ss->opt.useSocks       = PR_FALSE;
+        ss->vrange             = os->vrange;
+
+        ss->peerID             = !os->peerID ? NULL : PORT_Strdup(os->peerID);
+        ss->url                = !os->url    ? NULL : PORT_Strdup(os->url);
+
+        ss->ops      = os->ops;
+        ss->rTimeout = os->rTimeout;
+        ss->wTimeout = os->wTimeout;
+        ss->cTimeout = os->cTimeout;
+        ss->dbHandle = os->dbHandle;
+
+        /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
+        ss->allowedByPolicy     = os->allowedByPolicy;
+        ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
+        ss->chosenPreference    = os->chosenPreference;
+        PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
+        PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
+                    sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
+        ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
+
+        if (os->cipherSpecs) {
+            ss->cipherSpecs  = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
+            if (ss->cipherSpecs)
+                PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
+                            os->sizeCipherSpecs);
+            ss->sizeCipherSpecs    = os->sizeCipherSpecs;
+            ss->preferredCipher    = os->preferredCipher;
+        } else {
+            ss->cipherSpecs        = NULL;  /* produced lazily */
+            ss->sizeCipherSpecs    = 0;
+            ss->preferredCipher    = NULL;
+        }
+        if (ss->opt.useSecurity) {
+            /* This int should be SSLKEAType, but CC on Irix complains,
+             * during the for loop.
+             */
+            int i;
+            sslServerCerts * oc = os->serverCerts;
+            sslServerCerts * sc = ss->serverCerts;
+
+            for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
+                if (oc->serverCert && oc->serverCertChain) {
+                    sc->serverCert      = CERT_DupCertificate(oc->serverCert);
+                    sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
+                    if (!sc->serverCertChain)
+                        goto loser;
+                } else {
+                    sc->serverCert      = NULL;
+                    sc->serverCertChain = NULL;
+                }
+                sc->serverKeyPair = oc->serverKeyPair ?
+                                ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
+                if (oc->serverKeyPair && !sc->serverKeyPair)
+                    goto loser;
+                sc->serverKeyBits = oc->serverKeyBits;
+                ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
+                                SECITEM_DupArray(NULL, os->certStatusArray[i]);
+            }
+            ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
+                                  ssl3_GetKeyPairRef(os->stepDownKeyPair);
+            ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
+                                  ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
 /*
  * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
  * XXX We should detect this, and not just march on with NULL pointers.
  */
-	    ss->authCertificate       = os->authCertificate;
-	    ss->authCertificateArg    = os->authCertificateArg;
-	    ss->getClientAuthData     = os->getClientAuthData;
-	    ss->getClientAuthDataArg  = os->getClientAuthDataArg;
+            ss->authCertificate       = os->authCertificate;
+            ss->authCertificateArg    = os->authCertificateArg;
+            ss->getClientAuthData     = os->getClientAuthData;
+            ss->getClientAuthDataArg  = os->getClientAuthDataArg;
             ss->sniSocketConfig       = os->sniSocketConfig;
             ss->sniSocketConfigArg    = os->sniSocketConfigArg;
-	    ss->handleBadCert         = os->handleBadCert;
-	    ss->badCertArg            = os->badCertArg;
-	    ss->handshakeCallback     = os->handshakeCallback;
-	    ss->handshakeCallbackData = os->handshakeCallbackData;
-	    ss->canFalseStartCallback = os->canFalseStartCallback;
-	    ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
-	    ss->pkcs11PinArg          = os->pkcs11PinArg;
-    
-	    /* Create security data */
-	    rv = ssl_CopySecurityInfo(ss, os);
-	    if (rv != SECSuccess) {
-		goto loser;
-	    }
-	}
+            ss->handleBadCert         = os->handleBadCert;
+            ss->badCertArg            = os->badCertArg;
+            ss->handshakeCallback     = os->handshakeCallback;
+            ss->handshakeCallbackData = os->handshakeCallbackData;
+            ss->canFalseStartCallback = os->canFalseStartCallback;
+            ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
+            ss->pkcs11PinArg          = os->pkcs11PinArg;
+
+            /* Create security data */
+            rv = ssl_CopySecurityInfo(ss, os);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+        }
     }
     return ss;
 
@@ -290,33 +302,33 @@ ssl_DestroyLocks(sslSocket *ss)
 {
     /* Destroy locks. */
     if (ss->firstHandshakeLock) {
-    	PZ_DestroyMonitor(ss->firstHandshakeLock);
-	ss->firstHandshakeLock = NULL;
+        PZ_DestroyMonitor(ss->firstHandshakeLock);
+        ss->firstHandshakeLock = NULL;
     }
     if (ss->ssl3HandshakeLock) {
-    	PZ_DestroyMonitor(ss->ssl3HandshakeLock);
-	ss->ssl3HandshakeLock = NULL;
+        PZ_DestroyMonitor(ss->ssl3HandshakeLock);
+        ss->ssl3HandshakeLock = NULL;
     }
     if (ss->specLock) {
-    	NSSRWLock_Destroy(ss->specLock);
-	ss->specLock = NULL;
+        NSSRWLock_Destroy(ss->specLock);
+        ss->specLock = NULL;
     }
 
     if (ss->recvLock) {
-    	PZ_DestroyLock(ss->recvLock);
-	ss->recvLock = NULL;
+        PZ_DestroyLock(ss->recvLock);
+        ss->recvLock = NULL;
     }
     if (ss->sendLock) {
-    	PZ_DestroyLock(ss->sendLock);
-	ss->sendLock = NULL;
+        PZ_DestroyLock(ss->sendLock);
+        ss->sendLock = NULL;
     }
     if (ss->xmitBufLock) {
-    	PZ_DestroyMonitor(ss->xmitBufLock);
-	ss->xmitBufLock = NULL;
+        PZ_DestroyMonitor(ss->xmitBufLock);
+        ss->xmitBufLock = NULL;
     }
     if (ss->recvBufLock) {
-    	PZ_DestroyMonitor(ss->recvBufLock);
-	ss->recvBufLock = NULL;
+        PZ_DestroyMonitor(ss->recvBufLock);
+        ss->recvBufLock = NULL;
     }
 }
 
@@ -339,36 +351,36 @@ ssl_DestroySocketContents(sslSocket *ss)
     ssl_DestroyGather(&ss->gs);
 
     if (ss->peerID != NULL)
-	PORT_Free(ss->peerID);
+        PORT_Free(ss->peerID);
     if (ss->url != NULL)
-	PORT_Free((void *)ss->url);	/* CONST */
+        PORT_Free((void *)ss->url);     /* CONST */
     if (ss->cipherSpecs) {
-	PORT_Free(ss->cipherSpecs);
-	ss->cipherSpecs     = NULL;
-	ss->sizeCipherSpecs = 0;
+        PORT_Free(ss->cipherSpecs);
+        ss->cipherSpecs     = NULL;
+        ss->sizeCipherSpecs = 0;
     }
 
     /* Clean up server configuration */
     for (i=kt_null; i < kt_kea_size; i++) {
-	sslServerCerts * sc = ss->serverCerts + i;
-	if (sc->serverCert != NULL)
-	    CERT_DestroyCertificate(sc->serverCert);
-	if (sc->serverCertChain != NULL)
-	    CERT_DestroyCertificateList(sc->serverCertChain);
-	if (sc->serverKeyPair != NULL)
-	    ssl3_FreeKeyPair(sc->serverKeyPair);
-	if (ss->certStatusArray[i] != NULL) {
-	    SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
-	    ss->certStatusArray[i] = NULL;
-	}
+        sslServerCerts * sc = ss->serverCerts + i;
+        if (sc->serverCert != NULL)
+            CERT_DestroyCertificate(sc->serverCert);
+        if (sc->serverCertChain != NULL)
+            CERT_DestroyCertificateList(sc->serverCertChain);
+        if (sc->serverKeyPair != NULL)
+            ssl3_FreeKeyPair(sc->serverKeyPair);
+        if (ss->certStatusArray[i] != NULL) {
+            SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
+            ss->certStatusArray[i] = NULL;
+        }
     }
     if (ss->stepDownKeyPair) {
-	ssl3_FreeKeyPair(ss->stepDownKeyPair);
-	ss->stepDownKeyPair = NULL;
+        ssl3_FreeKeyPair(ss->stepDownKeyPair);
+        ss->stepDownKeyPair = NULL;
     }
     if (ss->ephemeralECDHKeyPair) {
-	ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
-	ss->ephemeralECDHKeyPair = NULL;
+        ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
+        ss->ephemeralECDHKeyPair = NULL;
     }
     SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
     PORT_Assert(!ss->xtnData.sniNameArr);
@@ -416,7 +428,7 @@ ssl_FreeSocket(sslSocket *ss)
 }
 
 /************************************************************************/
-SECStatus 
+SECStatus
 ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
 {
     PRFileDesc *       osfd = ss->fd->lower;
@@ -494,26 +506,26 @@ static void
 ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
 {
     if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
-	if (on) {
-	    vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
-	    vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
-	} /* else don't change anything */
-	return;
+        if (on) {
+            vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
+            vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
+        } /* else don't change anything */
+        return;
     }
 
     if (on) {
-	/* Expand the range of enabled version to include TLS 1.0 */
-	vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
-	vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
+        /* Expand the range of enabled version to include TLS 1.0 */
+        vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+        vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
     } else {
-	/* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
-	if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
-	    vrange->max = SSL_LIBRARY_VERSION_3_0;
-	} else {
-	    /* Only TLS was enabled, so now no versions are. */
-	    vrange->min = SSL_LIBRARY_VERSION_NONE;
-	    vrange->max = SSL_LIBRARY_VERSION_NONE;
-	}
+        /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
+        if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
+            vrange->max = SSL_LIBRARY_VERSION_3_0;
+        } else {
+            /* Only TLS was enabled, so now no versions are. */
+            vrange->min = SSL_LIBRARY_VERSION_NONE;
+            vrange->max = SSL_LIBRARY_VERSION_NONE;
+        }
     }
 }
 
@@ -524,28 +536,28 @@ static void
 ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
 {
    if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
-	if (on) {
-	    vrange->min = SSL_LIBRARY_VERSION_3_0;
-	    vrange->max = SSL_LIBRARY_VERSION_3_0;
-	} /* else don't change anything */
-	return;
+        if (on) {
+            vrange->min = SSL_LIBRARY_VERSION_3_0;
+            vrange->max = SSL_LIBRARY_VERSION_3_0;
+        } /* else don't change anything */
+        return;
     }
 
    if (on) {
-	/* Expand the range of enabled versions to include SSL 3.0. We know
-	 * SSL 3.0 or some version of TLS is already enabled at this point, so
-	 * we don't need to change vrange->max.
-	 */
-	vrange->min = SSL_LIBRARY_VERSION_3_0;
+        /* Expand the range of enabled versions to include SSL 3.0. We know
+         * SSL 3.0 or some version of TLS is already enabled at this point, so
+         * we don't need to change vrange->max.
+         */
+        vrange->min = SSL_LIBRARY_VERSION_3_0;
    } else {
-	/* Disable SSL 3.0, leaving TLS unaffected. */
-	if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
-	    vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
-	} else {
-	    /* Only SSL 3.0 was enabled, so now no versions are. */
-	    vrange->min = SSL_LIBRARY_VERSION_NONE;
-	    vrange->max = SSL_LIBRARY_VERSION_NONE;
-	}
+        /* Disable SSL 3.0, leaving TLS unaffected. */
+        if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
+            vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+        } else {
+            /* Only SSL 3.0 was enabled, so now no versions are. */
+            vrange->min = SSL_LIBRARY_VERSION_NONE;
+            vrange->max = SSL_LIBRARY_VERSION_NONE;
+        }
     }
 }
 
@@ -557,8 +569,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
     PRBool     holdingLocks;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     holdingLocks = (!ss->opt.noLocks);
@@ -567,140 +579,140 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
 
     switch (which) {
       case SSL_SOCKS:
-	ss->opt.useSocks = PR_FALSE;
-	rv = PrepareSocket(ss);
-	if (on) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	}
-	break;
+        ss->opt.useSocks = PR_FALSE;
+        rv = PrepareSocket(ss);
+        if (on) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+        break;
 
       case SSL_SECURITY:
-	ss->opt.useSecurity = on;
-	rv = PrepareSocket(ss);
-	break;
+        ss->opt.useSecurity = on;
+        rv = PrepareSocket(ss);
+        break;
 
       case SSL_REQUEST_CERTIFICATE:
-	ss->opt.requestCertificate = on;
-	break;
+        ss->opt.requestCertificate = on;
+        break;
 
       case SSL_REQUIRE_CERTIFICATE:
-	ss->opt.requireCertificate = on;
-	break;
+        ss->opt.requireCertificate = on;
+        break;
 
       case SSL_HANDSHAKE_AS_CLIENT:
-	if ( ss->opt.handshakeAsServer && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	    break;
-	}
-	ss->opt.handshakeAsClient = on;
-	break;
+        if ( ss->opt.handshakeAsServer && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+            break;
+        }
+        ss->opt.handshakeAsClient = on;
+        break;
 
       case SSL_HANDSHAKE_AS_SERVER:
-	if ( ss->opt.handshakeAsClient && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	    break;
-	}
-	ss->opt.handshakeAsServer = on;
-	break;
+        if ( ss->opt.handshakeAsClient && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+            break;
+        }
+        ss->opt.handshakeAsServer = on;
+        break;
 
       case SSL_ENABLE_TLS:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-	ssl_EnableTLS(&ss->vrange, on);
-	ss->preferredCipher     = NULL;
-	if (ss->cipherSpecs) {
-	    PORT_Free(ss->cipherSpecs);
-	    ss->cipherSpecs     = NULL;
-	    ss->sizeCipherSpecs = 0;
-	}
-	break;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ssl_EnableTLS(&ss->vrange, on);
+        ss->preferredCipher     = NULL;
+        if (ss->cipherSpecs) {
+            PORT_Free(ss->cipherSpecs);
+            ss->cipherSpecs     = NULL;
+            ss->sizeCipherSpecs = 0;
+        }
+        break;
 
       case SSL_ENABLE_SSL3:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-	ssl_EnableSSL3(&ss->vrange, on);
-	ss->preferredCipher     = NULL;
-	if (ss->cipherSpecs) {
-	    PORT_Free(ss->cipherSpecs);
-	    ss->cipherSpecs     = NULL;
-	    ss->sizeCipherSpecs = 0;
-	}
-	break;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ssl_EnableSSL3(&ss->vrange, on);
+        ss->preferredCipher     = NULL;
+        if (ss->cipherSpecs) {
+            PORT_Free(ss->cipherSpecs);
+            ss->cipherSpecs     = NULL;
+            ss->sizeCipherSpecs = 0;
+        }
+        break;
 
       case SSL_ENABLE_SSL2:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-	ss->opt.enableSSL2       = on;
-	if (on) {
-	    ss->opt.v2CompatibleHello = on;
-	}
-	ss->preferredCipher     = NULL;
-	if (ss->cipherSpecs) {
-	    PORT_Free(ss->cipherSpecs);
-	    ss->cipherSpecs     = NULL;
-	    ss->sizeCipherSpecs = 0;
-	}
-	break;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ss->opt.enableSSL2       = on;
+        if (on) {
+            ss->opt.v2CompatibleHello = on;
+        }
+        ss->preferredCipher     = NULL;
+        if (ss->cipherSpecs) {
+            PORT_Free(ss->cipherSpecs);
+            ss->cipherSpecs     = NULL;
+            ss->sizeCipherSpecs = 0;
+        }
+        break;
 
       case SSL_NO_CACHE:
-	ss->opt.noCache = on;
-	break;
+        ss->opt.noCache = on;
+        break;
 
       case SSL_ENABLE_FDX:
-	if (on && ss->opt.noLocks) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	}
-      	ss->opt.fdx = on;
-	break;
+        if (on && ss->opt.noLocks) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+        ss->opt.fdx = on;
+        break;
 
       case SSL_V2_COMPATIBLE_HELLO:
         if (IS_DTLS(ss)) {
-	    if (on) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		rv = SECFailure; /* not allowed */
-	    }
-	    break;
-	}
-      	ss->opt.v2CompatibleHello = on;
-	if (!on) {
-	    ss->opt.enableSSL2    = on;
-	}
-	break;
-
-      case SSL_ROLLBACK_DETECTION:  
-	ss->opt.detectRollBack = on;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure; /* not allowed */
+            }
+            break;
+        }
+        ss->opt.v2CompatibleHello = on;
+        if (!on) {
+            ss->opt.enableSSL2    = on;
+        }
         break;
 
-      case SSL_NO_STEP_DOWN:        
-	ss->opt.noStepDown     = on;         
-	if (on) 
-	    SSL_DisableExportCipherSuites(fd);
-	break;
+      case SSL_ROLLBACK_DETECTION:
+        ss->opt.detectRollBack = on;
+        break;
+
+      case SSL_NO_STEP_DOWN:
+        ss->opt.noStepDown     = on;
+        if (on)
+            SSL_DisableExportCipherSuites(fd);
+        break;
 
       case SSL_BYPASS_PKCS11:
-	if (ss->handshakeBegun) {
-	    PORT_SetError(PR_INVALID_STATE_ERROR);
-	    rv = SECFailure;
-	} else {
+        if (ss->handshakeBegun) {
+            PORT_SetError(PR_INVALID_STATE_ERROR);
+            rv = SECFailure;
+        } else {
             if (PR_FALSE != on) {
                 if (PR_SUCCESS == SSL_BypassSetup() ) {
 #ifdef NO_PKCS11_BYPASS
@@ -714,59 +726,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
             } else {
                 ss->opt.bypassPKCS11 = PR_FALSE;
             }
-	}
-	break;
+        }
+        break;
 
       case SSL_NO_LOCKS:
-	if (on && ss->opt.fdx) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    rv = SECFailure;
-	}
-	if (on && ssl_force_locks) 
-	    on = PR_FALSE;	/* silent override */
-	ss->opt.noLocks   = on;
-	if (on) {
-	    locksEverDisabled = PR_TRUE;
-	    strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
-	} else if (!holdingLocks) {
-	    rv = ssl_MakeLocks(ss);
-	    if (rv != SECSuccess) {
-		ss->opt.noLocks   = PR_TRUE;
-	    }
-	}
-	break;
+        if (on && ss->opt.fdx) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+        if (on && ssl_force_locks)
+            on = PR_FALSE;      /* silent override */
+        ss->opt.noLocks   = on;
+        if (on) {
+            locksEverDisabled = PR_TRUE;
+            strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+        } else if (!holdingLocks) {
+            rv = ssl_MakeLocks(ss);
+            if (rv != SECSuccess) {
+                ss->opt.noLocks   = PR_TRUE;
+            }
+        }
+        break;
 
       case SSL_ENABLE_SESSION_TICKETS:
-	ss->opt.enableSessionTickets = on;
-	break;
+        ss->opt.enableSessionTickets = on;
+        break;
 
       case SSL_ENABLE_DEFLATE:
-	ss->opt.enableDeflate = on;
-	break;
+        ss->opt.enableDeflate = on;
+        break;
 
       case SSL_ENABLE_RENEGOTIATION:
-	ss->opt.enableRenegotiation = on;
-	break;
+        ss->opt.enableRenegotiation = on;
+        break;
 
       case SSL_REQUIRE_SAFE_NEGOTIATION:
-	ss->opt.requireSafeNegotiation = on;
-	break;
+        ss->opt.requireSafeNegotiation = on;
+        break;
 
       case SSL_ENABLE_FALSE_START:
-	ss->opt.enableFalseStart = on;
-	break;
+        ss->opt.enableFalseStart = on;
+        break;
 
       case SSL_CBC_RANDOM_IV:
-	ss->opt.cbcRandomIV = on;
-	break;
+        ss->opt.cbcRandomIV = on;
+        break;
 
       case SSL_ENABLE_OCSP_STAPLING:
        ss->opt.enableOCSPStapling = on;
        break;
 
+      case SSL_ENABLE_NPN:
+        ss->opt.enableNPN = on;
+        break;
+
+      case SSL_ENABLE_ALPN:
+        ss->opt.enableALPN = on;
+        break;
+
       default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
     }
 
     /* We can't use the macros for releasing the locks here,
@@ -775,8 +795,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
      * regardless of the current value of ss->opt.noLocks.
      */
     if (holdingLocks) {
-	PZ_ExitMonitor((ss)->ssl3HandshakeLock);
-	PZ_ExitMonitor((ss)->firstHandshakeLock);
+        PZ_ExitMonitor((ss)->ssl3HandshakeLock);
+        PZ_ExitMonitor((ss)->firstHandshakeLock);
     }
 
     return rv;
@@ -790,13 +810,13 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
     PRBool     on = PR_FALSE;
 
     if (!pOn) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-	*pOn = PR_FALSE;
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+        *pOn = PR_FALSE;
+        return SECFailure;
     }
 
     ssl_Get1stHandshakeLock(ss);
@@ -810,11 +830,11 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
     case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient;  break;
     case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer;  break;
     case SSL_ENABLE_TLS:
-	on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
-	break;
+        on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+        break;
     case SSL_ENABLE_SSL3:
-	on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
-	break;
+        on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
+        break;
     case SSL_ENABLE_SSL2:         on = ss->opt.enableSSL2;         break;
     case SSL_NO_CACHE:            on = ss->opt.noCache;            break;
     case SSL_ENABLE_FDX:          on = ss->opt.fdx;                break;
@@ -824,20 +844,22 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
     case SSL_BYPASS_PKCS11:       on = ss->opt.bypassPKCS11;       break;
     case SSL_NO_LOCKS:            on = ss->opt.noLocks;            break;
     case SSL_ENABLE_SESSION_TICKETS:
-	on = ss->opt.enableSessionTickets;
-	break;
+        on = ss->opt.enableSessionTickets;
+        break;
     case SSL_ENABLE_DEFLATE:      on = ss->opt.enableDeflate;      break;
-    case SSL_ENABLE_RENEGOTIATION:     
+    case SSL_ENABLE_RENEGOTIATION:
                                   on = ss->opt.enableRenegotiation; break;
-    case SSL_REQUIRE_SAFE_NEGOTIATION: 
+    case SSL_REQUIRE_SAFE_NEGOTIATION:
                                   on = ss->opt.requireSafeNegotiation; break;
     case SSL_ENABLE_FALSE_START:  on = ss->opt.enableFalseStart;   break;
     case SSL_CBC_RANDOM_IV:       on = ss->opt.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
+    case SSL_ENABLE_NPN:          on = ss->opt.enableNPN;          break;
+    case SSL_ENABLE_ALPN:         on = ss->opt.enableALPN;         break;
 
     default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
     }
 
     ssl_ReleaseSSL3HandshakeLock(ss);
@@ -854,8 +876,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
     PRBool     on = PR_FALSE;
 
     if (!pOn) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     ssl_SetDefaultsFromEnvironment();
@@ -868,13 +890,13 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
     case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient;  break;
     case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer;  break;
     case SSL_ENABLE_TLS:
-	on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
-	break;
+        on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+        break;
     case SSL_ENABLE_SSL3:
-	on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
-	break;
+        on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
+        break;
     case SSL_ENABLE_SSL2:         on = ssl_defaults.enableSSL2;         break;
-    case SSL_NO_CACHE:            on = ssl_defaults.noCache;		break;
+    case SSL_NO_CACHE:            on = ssl_defaults.noCache;            break;
     case SSL_ENABLE_FDX:          on = ssl_defaults.fdx;                break;
     case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello;  break;
     case SSL_ROLLBACK_DETECTION:  on = ssl_defaults.detectRollBack;     break;
@@ -882,23 +904,25 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
     case SSL_BYPASS_PKCS11:       on = ssl_defaults.bypassPKCS11;       break;
     case SSL_NO_LOCKS:            on = ssl_defaults.noLocks;            break;
     case SSL_ENABLE_SESSION_TICKETS:
-	on = ssl_defaults.enableSessionTickets;
-	break;
+        on = ssl_defaults.enableSessionTickets;
+        break;
     case SSL_ENABLE_DEFLATE:      on = ssl_defaults.enableDeflate;      break;
-    case SSL_ENABLE_RENEGOTIATION:     
+    case SSL_ENABLE_RENEGOTIATION:
                                   on = ssl_defaults.enableRenegotiation; break;
-    case SSL_REQUIRE_SAFE_NEGOTIATION: 
-                                  on = ssl_defaults.requireSafeNegotiation; 
-				  break;
+    case SSL_REQUIRE_SAFE_NEGOTIATION:
+                                  on = ssl_defaults.requireSafeNegotiation;
+                                  break;
     case SSL_ENABLE_FALSE_START:  on = ssl_defaults.enableFalseStart;   break;
     case SSL_CBC_RANDOM_IV:       on = ssl_defaults.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING:
        on = ssl_defaults.enableOCSPStapling;
        break;
+    case SSL_ENABLE_NPN:          on = ssl_defaults.enableNPN;          break;
+    case SSL_ENABLE_ALPN:         on = ssl_defaults.enableALPN;         break;
 
     default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	rv = SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
     }
 
     *pOn = on;
@@ -918,91 +942,91 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
     SECStatus status = ssl_Init();
 
     if (status != SECSuccess) {
-	return status;
+        return status;
     }
 
     ssl_SetDefaultsFromEnvironment();
 
     switch (which) {
       case SSL_SOCKS:
-	ssl_defaults.useSocks = PR_FALSE;
-	if (on) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	break;
+        ssl_defaults.useSocks = PR_FALSE;
+        if (on) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        break;
 
       case SSL_SECURITY:
-	ssl_defaults.useSecurity = on;
-	break;
+        ssl_defaults.useSecurity = on;
+        break;
 
       case SSL_REQUEST_CERTIFICATE:
-	ssl_defaults.requestCertificate = on;
-	break;
+        ssl_defaults.requestCertificate = on;
+        break;
 
       case SSL_REQUIRE_CERTIFICATE:
-	ssl_defaults.requireCertificate = on;
-	break;
+        ssl_defaults.requireCertificate = on;
+        break;
 
       case SSL_HANDSHAKE_AS_CLIENT:
-	if ( ssl_defaults.handshakeAsServer && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	ssl_defaults.handshakeAsClient = on;
-	break;
+        if ( ssl_defaults.handshakeAsServer && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        ssl_defaults.handshakeAsClient = on;
+        break;
 
       case SSL_HANDSHAKE_AS_SERVER:
-	if ( ssl_defaults.handshakeAsClient && on ) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	ssl_defaults.handshakeAsServer = on;
-	break;
+        if ( ssl_defaults.handshakeAsClient && on ) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        ssl_defaults.handshakeAsServer = on;
+        break;
 
       case SSL_ENABLE_TLS:
-	ssl_EnableTLS(&versions_defaults_stream, on);
-	break;
+        ssl_EnableTLS(&versions_defaults_stream, on);
+        break;
 
       case SSL_ENABLE_SSL3:
-	ssl_EnableSSL3(&versions_defaults_stream, on);
-	break;
+        ssl_EnableSSL3(&versions_defaults_stream, on);
+        break;
 
       case SSL_ENABLE_SSL2:
-	ssl_defaults.enableSSL2 = on;
-	if (on) {
-	    ssl_defaults.v2CompatibleHello = on;
-	}
-	break;
+        ssl_defaults.enableSSL2 = on;
+        if (on) {
+            ssl_defaults.v2CompatibleHello = on;
+        }
+        break;
 
       case SSL_NO_CACHE:
-	ssl_defaults.noCache = on;
-	break;
+        ssl_defaults.noCache = on;
+        break;
 
       case SSL_ENABLE_FDX:
-	if (on && ssl_defaults.noLocks) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-      	ssl_defaults.fdx = on;
-	break;
+        if (on && ssl_defaults.noLocks) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        ssl_defaults.fdx = on;
+        break;
 
       case SSL_V2_COMPATIBLE_HELLO:
-      	ssl_defaults.v2CompatibleHello = on;
-	if (!on) {
-	    ssl_defaults.enableSSL2    = on;
-	}
-	break;
-
-      case SSL_ROLLBACK_DETECTION:  
-	ssl_defaults.detectRollBack = on;
-	break;
-
-      case SSL_NO_STEP_DOWN:        
-	ssl_defaults.noStepDown     = on;         
-	if (on)
-	    SSL_DisableDefaultExportCipherSuites();
-	break;
+        ssl_defaults.v2CompatibleHello = on;
+        if (!on) {
+            ssl_defaults.enableSSL2    = on;
+        }
+        break;
+
+      case SSL_ROLLBACK_DETECTION:
+        ssl_defaults.detectRollBack = on;
+        break;
+
+      case SSL_NO_STEP_DOWN:
+        ssl_defaults.noStepDown     = on;
+        if (on)
+            SSL_DisableDefaultExportCipherSuites();
+        break;
 
       case SSL_BYPASS_PKCS11:
         if (PR_FALSE != on) {
@@ -1018,68 +1042,76 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
         } else {
             ssl_defaults.bypassPKCS11   = PR_FALSE;
         }
-	break;
+        break;
 
       case SSL_NO_LOCKS:
-	if (on && ssl_defaults.fdx) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	if (on && ssl_force_locks) 
-	    on = PR_FALSE;		/* silent override */
-	ssl_defaults.noLocks        = on;
-	if (on) {
-	    locksEverDisabled = PR_TRUE;
-	    strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
-	}
-	break;
+        if (on && ssl_defaults.fdx) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        if (on && ssl_force_locks)
+            on = PR_FALSE;              /* silent override */
+        ssl_defaults.noLocks        = on;
+        if (on) {
+            locksEverDisabled = PR_TRUE;
+            strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+        }
+        break;
 
       case SSL_ENABLE_SESSION_TICKETS:
-	ssl_defaults.enableSessionTickets = on;
-	break;
+        ssl_defaults.enableSessionTickets = on;
+        break;
 
       case SSL_ENABLE_DEFLATE:
-	ssl_defaults.enableDeflate = on;
-	break;
+        ssl_defaults.enableDeflate = on;
+        break;
 
       case SSL_ENABLE_RENEGOTIATION:
-	ssl_defaults.enableRenegotiation = on;
-	break;
+        ssl_defaults.enableRenegotiation = on;
+        break;
 
       case SSL_REQUIRE_SAFE_NEGOTIATION:
-	ssl_defaults.requireSafeNegotiation = on;
-	break;
+        ssl_defaults.requireSafeNegotiation = on;
+        break;
 
       case SSL_ENABLE_FALSE_START:
-	ssl_defaults.enableFalseStart = on;
-	break;
+        ssl_defaults.enableFalseStart = on;
+        break;
 
       case SSL_CBC_RANDOM_IV:
-	ssl_defaults.cbcRandomIV = on;
-	break;
+        ssl_defaults.cbcRandomIV = on;
+        break;
 
       case SSL_ENABLE_OCSP_STAPLING:
        ssl_defaults.enableOCSPStapling = on;
        break;
 
+      case SSL_ENABLE_NPN:
+        ssl_defaults.enableNPN = on;
+        break;
+
+      case SSL_ENABLE_ALPN:
+        ssl_defaults.enableALPN = on;
+        break;
+
       default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     return SECSuccess;
 }
 
 /* function tells us if the cipher suite is one that we no longer support. */
-static PRBool 
+static PRBool
 ssl_IsRemovedCipherSuite(PRInt32 suite)
 {
     switch (suite) {
     case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
     case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
     case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
-    	return PR_TRUE;
+        return PR_TRUE;
     default:
-    	return PR_FALSE;
+        return PR_FALSE;
     }
 }
 
@@ -1091,14 +1123,14 @@ SECStatus
 SSL_SetPolicy(long which, int policy)
 {
     if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
-    	/* one of the two old FIPS ciphers */
-	if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) 
-	    which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
-	else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
-	    which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
+        /* one of the two old FIPS ciphers */
+        if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
+        else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
     }
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     return SSL_CipherPolicySet(which, policy);
 }
 
@@ -1108,15 +1140,15 @@ SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
     SECStatus rv = ssl_Init();
 
     if (rv != SECSuccess) {
-	return rv;
+        return rv;
     }
 
     if (ssl_IsRemovedCipherSuite(which)) {
-    	rv = SECSuccess;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_SetPolicy(which, policy);
+        rv = ssl2_SetPolicy(which, policy);
     } else {
-	rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
+        rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
     }
     return rv;
 }
@@ -1127,16 +1159,16 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
     SECStatus rv;
 
     if (!oPolicy) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which)) {
-	*oPolicy = SSL_NOT_ALLOWED;
-    	rv = SECSuccess;
+        *oPolicy = SSL_NOT_ALLOWED;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_GetPolicy(which, oPolicy);
+        rv = ssl2_GetPolicy(which, oPolicy);
     } else {
-	rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
+        rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
     }
     return rv;
 }
@@ -1144,20 +1176,20 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
 /* Part of the public NSS API.
  * Since this is a global (not per-socket) setting, we cannot use the
  * HandshakeLock to protect this.  Probably want a global lock.
- * These changes have no effect on any sslSockets already created. 
+ * These changes have no effect on any sslSockets already created.
  */
 SECStatus
 SSL_EnableCipher(long which, PRBool enabled)
 {
     if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
-    	/* one of the two old FIPS ciphers */
-	if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) 
-	    which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
-	else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
-	    which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
+        /* one of the two old FIPS ciphers */
+        if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
+        else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
+            which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
     }
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     return SSL_CipherPrefSetDefault(which, enabled);
 }
 
@@ -1167,39 +1199,39 @@ SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
     SECStatus rv = ssl_Init();
 
     if (rv != SECSuccess) {
-	return rv;
+        return rv;
     }
 
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
-    	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
     }
     if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefSetDefault(which, enabled);
+        rv = ssl2_CipherPrefSetDefault(which, enabled);
     } else {
-	rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
 
-SECStatus 
+SECStatus
 SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
 {
     SECStatus  rv;
-    
+
     if (!enabled) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which)) {
-	*enabled = PR_FALSE;
-    	rv = SECSuccess;
+        *enabled = PR_FALSE;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefGetDefault(which, enabled);
+        rv = ssl2_CipherPrefGetDefault(which, enabled);
     } else {
-	rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
@@ -1209,47 +1241,47 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
 {
     SECStatus rv;
     sslSocket *ss = ssl_FindSocket(fd);
-    
+
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which))
-    	return SECSuccess;
+        return SECSuccess;
     if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
-    	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
     }
     if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefSet(ss, which, enabled);
+        rv = ssl2_CipherPrefSet(ss, which, enabled);
     } else {
-	rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
 
-SECStatus 
+SECStatus
 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
 {
     SECStatus  rv;
     sslSocket *ss = ssl_FindSocket(fd);
-    
+
     if (!enabled) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
-	*enabled = PR_FALSE;
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
+        *enabled = PR_FALSE;
+        return SECFailure;
     }
     if (ssl_IsRemovedCipherSuite(which)) {
-	*enabled = PR_FALSE;
-    	rv = SECSuccess;
+        *enabled = PR_FALSE;
+        rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
-	rv = ssl2_CipherPrefGet(ss, which, enabled);
+        rv = ssl2_CipherPrefGet(ss, which, enabled);
     } else {
-	rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
+        rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
@@ -1261,9 +1293,9 @@ NSS_SetDomesticPolicy(void)
     const PRUint16 *cipher;
 
     for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
-	status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
-	if (status != SECSuccess)
-	    break;
+        status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
+        if (status != SECSuccess)
+            break;
     }
     return status;
 }
@@ -1289,37 +1321,40 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
     sslSocket * ns = NULL;
     PRStatus    rv;
     PRNetAddr   addr;
-    SECStatus	status = ssl_Init();
+    SECStatus   status = ssl_Init();
 
     if (status != SECSuccess) {
-	return NULL;
+        return NULL;
     }
 
     if (model == NULL) {
-	/* Just create a default socket if we're given NULL for the model */
-	ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
+        /* Just create a default socket if we're given NULL for the model */
+        ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
     } else {
-	sslSocket * ss = ssl_FindSocket(model);
-	if (ss == NULL || ss->protocolVariant != variant) {
-	    SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", 
-	    	      SSL_GETPID(), model));
-	    return NULL;
-	}
-	ns = ssl_DupSocket(ss);
+        sslSocket * ss = ssl_FindSocket(model);
+        if (ss == NULL || ss->protocolVariant != variant) {
+            SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
+                      SSL_GETPID(), model));
+            return NULL;
+        }
+        ns = ssl_DupSocket(ss);
     }
     if (ns == NULL)
-    	return NULL;
+        return NULL;
 
     rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
     if (rv != PR_SUCCESS) {
-	ssl_FreeSocket(ns);
-	SET_ERROR_CODE
-	return NULL;
-    }
-    ns = ssl_FindSocket(fd);
-    PORT_Assert(ns);
-    if (ns)
-	ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
+        ssl_FreeSocket(ns);
+        SET_ERROR_CODE
+        return NULL;
+    }
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+    {
+        sslSocket * ss = ssl_FindSocket(fd);
+        PORT_Assert(ss == ns);
+    }
+#endif
+    ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
     return fd;
 }
 
@@ -1335,16 +1370,21 @@ DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
     return ssl_ImportFD(model, fd, ssl_variant_datagram);
 }
 
+/* SSL_SetNextProtoCallback is used to select an application protocol
+ * for ALPN and NPN.  For ALPN, this runs on the server; for NPN it
+ * runs on the client. */
+/* Note: The ALPN version doesn't allow for the use of a default, setting a
+ * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
 SECStatus
 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
-			 void *arg)
+                         void *arg)
 {
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
-		 fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
+                 fd));
+        return SECFailure;
     }
 
     ssl_GetSSL3HandshakeLock(ss);
@@ -1355,55 +1395,52 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
     return SECSuccess;
 }
 
-/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
+/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
  * SSL_SetNextProtoNego is used.
  */
 static SECStatus
 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
-			  const unsigned char *protos, unsigned int protos_len,
-			  unsigned char *protoOut, unsigned int *protoOutLen,
-			  unsigned int protoMaxLen)
+                          const unsigned char *protos, unsigned int protos_len,
+                          unsigned char *protoOut, unsigned int *protoOutLen,
+                          unsigned int protoMaxLen)
 {
     unsigned int i, j;
     const unsigned char *result;
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
-		 SSL_GETPID(), fd));
-	return SECFailure;
-    }
-
-    if (protos_len == 0) {
-	/* The server supports the extension, but doesn't have any protocols
-	 * configured. In this case we request our favoured protocol. */
-	goto pick_first;
+        SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     /* For each protocol in server preference, see if we support it. */
     for (i = 0; i < protos_len; ) {
-	for (j = 0; j < ss->opt.nextProtoNego.len; ) {
-	    if (protos[i] == ss->opt.nextProtoNego.data[j] &&
-		PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
-			     protos[i]) == 0) {
-		/* We found a match. */
-		ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
-		result = &protos[i];
-		goto found;
-	    }
-	    j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
-	}
-	i += 1 + (unsigned int)protos[i];
-    }
-
-pick_first:
+        for (j = 0; j < ss->opt.nextProtoNego.len; ) {
+            if (protos[i] == ss->opt.nextProtoNego.data[j] &&
+                PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
+                             protos[i]) == 0) {
+                /* We found a match. */
+                ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
+                result = &protos[i];
+                goto found;
+            }
+            j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
+        }
+        i += 1 + (unsigned int)protos[i];
+    }
+
+    /* The other side supports the extension, and either doesn't have any
+     * protocols configured, or none of its options match ours. In this case we
+     * request our favoured protocol. */
+    /* This will be treated as a failure for ALPN. */
     ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
     result = ss->opt.nextProtoNego.data;
 
 found:
     if (protoMaxLen < result[0]) {
-	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
     }
     memcpy(protoOut, result + 1, result[0]);
     *protoOutLen = result[0];
@@ -1412,7 +1449,7 @@ found:
 
 SECStatus
 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
-		     unsigned int length)
+                     unsigned int length)
 {
     sslSocket *ss;
     SECStatus rv;
@@ -1420,13 +1457,13 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
-	return SECFailure;
+        return SECFailure;
 
     ssl_GetSSL3HandshakeLock(ss);
     SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
@@ -1434,87 +1471,87 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
     ssl_ReleaseSSL3HandshakeLock(ss);
 
     if (rv != SECSuccess)
-	return rv;
+        return rv;
 
     return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
 }
 
 SECStatus
 SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
-		 unsigned int *bufLen, unsigned int bufLenMax)
+                 unsigned int *bufLen, unsigned int bufLenMax)
 {
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
-		 fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
+                 fd));
+        return SECFailure;
     }
 
     if (!state || !buf || !bufLen) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     *state = ss->ssl3.nextProtoState;
 
     if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
-	ss->ssl3.nextProto.data) {
-	if (ss->ssl3.nextProto.len > bufLenMax) {
-	    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	    return SECFailure;
-	}
-	PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
-	*bufLen = ss->ssl3.nextProto.len;
+        ss->ssl3.nextProto.data) {
+        if (ss->ssl3.nextProto.len > bufLenMax) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            return SECFailure;
+        }
+        PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
+        *bufLen = ss->ssl3.nextProto.len;
     } else {
-	*bufLen = 0;
+        *bufLen = 0;
     }
 
     return SECSuccess;
 }
 
 SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
-			     const PRUint16 *ciphers,
-			     unsigned int numCiphers)
+                             const PRUint16 *ciphers,
+                             unsigned int numCiphers)
 {
     sslSocket *ss;
     unsigned int i;
 
     ss = ssl_FindSocket(fd);
     if (!ss || !IS_DTLS(ss)) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
-		 SSL_GETPID(), fd));
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     ss->ssl3.dtlsSRTPCipherCount = 0;
     for (i = 0; i < numCiphers; i++) {
-	const PRUint16 *srtpCipher = srtpCiphers;
-
-	while (*srtpCipher) {
-	    if (ciphers[i] == *srtpCipher)
-		break;
-	    srtpCipher++;
-	}
-	if (*srtpCipher) {
-	    ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
-		ciphers[i];
-	} else {
-	    SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
-		    "suite specified: 0x%04hx", SSL_GETPID(), fd,
-		    ciphers[i]));
-	}
+        const PRUint16 *srtpCipher = srtpCiphers;
+
+        while (*srtpCipher) {
+            if (ciphers[i] == *srtpCipher)
+                break;
+            srtpCipher++;
+        }
+        if (*srtpCipher) {
+            ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
+                ciphers[i];
+        } else {
+            SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
+                    "suite specified: 0x%04hx", SSL_GETPID(), fd,
+                    ciphers[i]));
+        }
     }
 
     if (ss->ssl3.dtlsSRTPCipherCount == 0) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     return SECSuccess;
@@ -1527,15 +1564,15 @@ SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
-		 SSL_GETPID(), fd));
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     if (!ss->ssl3.dtlsSRTPCipherSuite) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     *cipher = ss->ssl3.dtlsSRTPCipherSuite;
@@ -1556,7 +1593,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
     }
     sm = ssl_FindSocket(model);
     if (sm == NULL) {
-        SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", 
+        SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
                  SSL_GETPID(), model));
         return NULL;
     }
@@ -1566,7 +1603,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
-    
+
     ss->opt  = sm->opt;
     ss->vrange = sm->vrange;
     PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
@@ -1595,15 +1632,15 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
             sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
             if (!sc->serverCertChain)
                 goto loser;
-	    if (sm->certStatusArray[i]) {
-		if (ss->certStatusArray[i]) {
-		    SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
-		    ss->certStatusArray[i] = NULL;
-		}
-		ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
-		if (!ss->certStatusArray[i])
-		    goto loser;
-	    }
+            if (sm->certStatusArray[i]) {
+                if (ss->certStatusArray[i]) {
+                    SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
+                    ss->certStatusArray[i] = NULL;
+                }
+                ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
+                if (!ss->certStatusArray[i])
+                    goto loser;
+            }
         }
         if (mc->serverKeyPair) {
             if (sc->serverKeyPair) {
@@ -1636,7 +1673,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
             goto loser;
         }
     }
-    
+
     if (sm->authCertificate)
         ss->authCertificate       = sm->authCertificate;
     if (sm->authCertificateArg)
@@ -1666,19 +1703,19 @@ loser:
 
 PRBool
 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
-			SSL3ProtocolVersion version)
+                        SSL3ProtocolVersion version)
 {
     switch (protocolVariant) {
     case ssl_variant_stream:
-	return (version >= SSL_LIBRARY_VERSION_3_0 &&
-		version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+        return (version >= SSL_LIBRARY_VERSION_3_0 &&
+                version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
     case ssl_variant_datagram:
-	return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-		version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+        return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
+                version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
     default:
-	/* Can't get here */
-	PORT_Assert(PR_FALSE);
-	return PR_FALSE;
+        /* Can't get here */
+        PORT_Assert(PR_FALSE);
+        return PR_FALSE;
     }
 }
 
@@ -1687,35 +1724,35 @@ ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
 */
 static PRBool
 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
-			 const SSLVersionRange *vrange)
+                         const SSLVersionRange *vrange)
 {
     return vrange &&
-	   vrange->min <= vrange->max &&
-	   ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
-	   ssl3_VersionIsSupported(protocolVariant, vrange->max);
+           vrange->min <= vrange->max &&
+           ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
+           ssl3_VersionIsSupported(protocolVariant, vrange->max);
 }
 
 SECStatus
 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
-			     SSLVersionRange *vrange)
+                             SSLVersionRange *vrange)
 {
     if (!vrange) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     switch (protocolVariant) {
     case ssl_variant_stream:
-	vrange->min = SSL_LIBRARY_VERSION_3_0;
-	vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
-	break;
+        vrange->min = SSL_LIBRARY_VERSION_3_0;
+        vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+        break;
     case ssl_variant_datagram:
-	vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
-	vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
-	break;
+        vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
+        vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+        break;
     default:
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     return SECSuccess;
@@ -1723,12 +1760,12 @@ SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
 
 SECStatus
 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
-			   SSLVersionRange *vrange)
+                           SSLVersionRange *vrange)
 {
     if ((protocolVariant != ssl_variant_stream &&
-	 protocolVariant != ssl_variant_datagram) || !vrange) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+         protocolVariant != ssl_variant_datagram) || !vrange) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     *vrange = *VERSIONS_DEFAULTS(protocolVariant);
@@ -1738,11 +1775,11 @@ SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
 
 SECStatus
 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
-			   const SSLVersionRange *vrange)
+                           const SSLVersionRange *vrange)
 {
     if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
-	PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+        return SECFailure;
     }
 
     *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
@@ -1756,14 +1793,14 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
-		SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
+                SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (!vrange) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
 
     ssl_Get1stHandshakeLock(ss);
@@ -1783,14 +1820,14 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
-		SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
+                SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
-	PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-	return SECFailure;
+        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+        return SECFailure;
     }
 
     ssl_Get1stHandshakeLock(ss);
@@ -1819,7 +1856,7 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return NULL;
     }
-    
+
     return &ss->sec.ci.sid->peerCertStatus;
 }
 
@@ -1832,15 +1869,15 @@ static PRFileDesc * PR_CALLBACK
 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
 {
     sslSocket  *ss;
-    sslSocket  *ns 	= NULL;
-    PRFileDesc *newfd 	= NULL;
+    sslSocket  *ns      = NULL;
+    PRFileDesc *newfd   = NULL;
     PRFileDesc *osfd;
     PRStatus    status;
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
-	return NULL;
+        SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
+        return NULL;
     }
 
     /* IF this is a listen socket, there shouldn't be any I/O going on */
@@ -1856,46 +1893,46 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
     /* First accept connection */
     newfd = osfd->methods->accept(osfd, sockaddr, timeout);
     if (newfd == NULL) {
-	SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
-		 SSL_GETPID(), ss->fd, PORT_GetError()));
+        SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
+                 SSL_GETPID(), ss->fd, PORT_GetError()));
     } else {
-	/* Create ssl module */
-	ns = ssl_DupSocket(ss);
+        /* Create ssl module */
+        ns = ssl_DupSocket(ss);
     }
 
     ssl_ReleaseSSL3HandshakeLock(ss);
     ssl_Release1stHandshakeLock(ss);
     SSL_UNLOCK_WRITER(ss);
-    SSL_UNLOCK_READER(ss);			/* ss isn't used below here. */
+    SSL_UNLOCK_READER(ss);                      /* ss isn't used below here. */
 
     if (ns == NULL)
-	goto loser;
+        goto loser;
 
     /* push ssl module onto the new socket */
     status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
     if (status != PR_SUCCESS)
-	goto loser;
+        goto loser;
 
     /* Now start server connection handshake with client.
     ** Don't need locks here because nobody else has a reference to ns yet.
     */
     if ( ns->opt.useSecurity ) {
-	if ( ns->opt.handshakeAsClient ) {
-	    ns->handshake = ssl2_BeginClientHandshake;
-	    ss->handshaking = sslHandshakingAsClient;
-	} else {
-	    ns->handshake = ssl2_BeginServerHandshake;
-	    ss->handshaking = sslHandshakingAsServer;
-	}
+        if ( ns->opt.handshakeAsClient ) {
+            ns->handshake = ssl2_BeginClientHandshake;
+            ss->handshaking = sslHandshakingAsClient;
+        } else {
+            ns->handshake = ssl2_BeginServerHandshake;
+            ss->handshaking = sslHandshakingAsServer;
+        }
     }
     ns->TCPconnected = 1;
     return newfd;
 
 loser:
     if (ns != NULL)
-	ssl_FreeSocket(ns);
+        ssl_FreeSocket(ns);
     if (newfd != NULL)
-	PR_Close(newfd);
+        PR_Close(newfd);
     return NULL;
 }
 
@@ -1907,8 +1944,8 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
 
     /* IF this is a listen socket, there shouldn't be any I/O going on */
@@ -1931,8 +1968,8 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
     PRStatus    rv;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     SSL_LOCK_READER(ss);
     SSL_LOCK_WRITER(ss);
@@ -1951,8 +1988,8 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog)
     PRStatus    rv;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     SSL_LOCK_READER(ss);
     SSL_LOCK_WRITER(ss);
@@ -1971,23 +2008,23 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how)
     PRStatus    rv;
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
-    	SSL_LOCK_READER(ss);
+        SSL_LOCK_READER(ss);
     }
     if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
-    	SSL_LOCK_WRITER(ss);
+        SSL_LOCK_WRITER(ss);
     }
 
     rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
 
     if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
-    	SSL_UNLOCK_WRITER(ss);
+        SSL_UNLOCK_WRITER(ss);
     }
     if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
-    	SSL_UNLOCK_READER(ss);
+        SSL_UNLOCK_READER(ss);
     }
     return rv;
 }
@@ -2000,16 +2037,16 @@ ssl_Close(PRFileDesc *fd)
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
 
     /* There must not be any I/O going on */
     SSL_LOCK_READER(ss);
     SSL_LOCK_WRITER(ss);
 
-    /* By the time this function returns, 
-    ** ss is an invalid pointer, and the locks to which it points have 
+    /* By the time this function returns,
+    ** ss is an invalid pointer, and the locks to which it points have
     ** been unlocked and freed.  So, this is the ONE PLACE in all of SSL
     ** where the LOCK calls and the corresponding UNLOCK calls are not in
     ** the same function scope.  The unlock calls are in ssl_FreeSocket().
@@ -2021,20 +2058,20 @@ ssl_Close(PRFileDesc *fd)
 
 static int PR_CALLBACK
 ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
-	 PRIntervalTime timeout)
+         PRIntervalTime timeout)
 {
     sslSocket *ss;
     int        rv;
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_READER(ss);
     ss->rTimeout = timeout;
     if (!ss->opt.fdx)
-	ss->wTimeout = timeout;
+        ss->wTimeout = timeout;
     rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
     SSL_UNLOCK_READER(ss);
     return rv;
@@ -2042,20 +2079,20 @@ ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
 
 static int PR_CALLBACK
 ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
-	 PRIntervalTime timeout)
+         PRIntervalTime timeout)
 {
     sslSocket *ss;
     int        rv;
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_WRITER(ss);
     ss->wTimeout = timeout;
     if (!ss->opt.fdx)
-	ss->rTimeout = timeout;
+        ss->rTimeout = timeout;
     rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
     SSL_UNLOCK_WRITER(ss);
     return rv;
@@ -2069,13 +2106,13 @@ ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_READER(ss);
     ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
     if (!ss->opt.fdx)
-	ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
+        ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
     rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
     SSL_UNLOCK_READER(ss);
     return rv;
@@ -2089,13 +2126,13 @@ ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
+        return SECFailure;
     }
     SSL_LOCK_WRITER(ss);
     ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
     if (!ss->opt.fdx)
-	ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
+        ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
     rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
     SSL_UNLOCK_WRITER(ss);
     return rv;
@@ -2108,8 +2145,8 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     return (PRStatus)(*ss->ops->getpeername)(ss, addr);
 }
@@ -2128,18 +2165,18 @@ ssl_GetPeerInfo(sslSocket *ss)
     PORT_Memset(&sin, 0, sizeof(sin));
     rv = osfd->methods->getpeername(osfd, &sin);
     if (rv < 0) {
-	return SECFailure;
+        return SECFailure;
     }
     ss->TCPconnected = 1;
     if (sin.inet.family == PR_AF_INET) {
         PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
-	ss->sec.ci.port = sin.inet.port;
+        ss->sec.ci.port = sin.inet.port;
     } else if (sin.ipv6.family == PR_AF_INET6) {
-	ss->sec.ci.peer = sin.ipv6.ip;
-	ss->sec.ci.port = sin.ipv6.port;
+        ss->sec.ci.peer = sin.ipv6.ip;
+        ss->sec.ci.port = sin.ipv6.port;
     } else {
-	PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
-    	return SECFailure;
+        PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
+        return SECFailure;
     }
     return SECSuccess;
 }
@@ -2151,29 +2188,29 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
 
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
-	return PR_FAILURE;
+        SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
+        return PR_FAILURE;
     }
     return (PRStatus)(*ss->ops->getsockname)(ss, name);
 }
 
 SECStatus
 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
-			    SSLKEAType kea)
+                            SSLKEAType kea)
 {
     sslSocket *ss;
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if ( kea <= 0 || kea >= kt_kea_size) {
-	SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (ss->certStatusArray[kea]) {
@@ -2181,7 +2218,7 @@ SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
         ss->certStatusArray[kea] = NULL;
     }
     if (responses) {
-	ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
+        ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
     }
     return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
 }
@@ -2193,17 +2230,17 @@ SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
+                 SSL_GETPID(), fd));
+        return SECFailure;
     }
 
     if (ss->peerID) {
-    	PORT_Free(ss->peerID);
-	ss->peerID = NULL;
+        PORT_Free(ss->peerID);
+        ss->peerID = NULL;
     }
     if (peerID)
-	ss->peerID = PORT_Strdup(peerID);
+        ss->peerID = PORT_Strdup(peerID);
     return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
 }
 
@@ -2213,117 +2250,117 @@ static PRInt16 PR_CALLBACK
 ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
 {
     sslSocket *ss;
-    PRInt16    new_flags = how_flags;	/* should select on these flags. */
+    PRInt16    new_flags = how_flags;   /* should select on these flags. */
     PRNetAddr  addr;
 
     *p_out_flags = 0;
     ss = ssl_GetPrivate(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
-		 SSL_GETPID(), fd));
-	return 0;	/* don't poll on this socket */
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
+                 SSL_GETPID(), fd));
+        return 0;       /* don't poll on this socket */
     }
 
-    if (ss->opt.useSecurity && 
-	ss->handshaking != sslHandshakingUndetermined &&
+    if (ss->opt.useSecurity &&
+        ss->handshaking != sslHandshakingUndetermined &&
         !ss->firstHsDone &&
-	(how_flags & PR_POLL_RW)) {
-	if (!ss->TCPconnected) {
-	    ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
-	}
-	/* If it's not connected, then presumably the application is polling
-	** on read or write appropriately, so don't change it. 
-	*/
-	if (ss->TCPconnected) {
-	    if (!ss->handshakeBegun) {
-		/* If the handshake has not begun, poll on read or write 
-		** based on the local application's role in the handshake,
-		** not based on what the application requested.
-		*/
-		new_flags &= ~PR_POLL_RW;
-		if (ss->handshaking == sslHandshakingAsClient) {
-		    new_flags |= PR_POLL_WRITE;
-		} else { /* handshaking as server */
-		    new_flags |= PR_POLL_READ;
-		}
-	    } else 
-	    /* First handshake is in progress */
-	    if (ss->lastWriteBlocked) {
-		if (new_flags & PR_POLL_READ) {
-		    /* The caller is waiting for data to be received, 
-		    ** but the initial handshake is blocked on write, or the 
-		    ** client's first handshake record has not been written.
-		    ** The code should select on write, not read.
-		    */
-		    new_flags ^=  PR_POLL_READ;	   /* don't select on read. */
-		    new_flags |=  PR_POLL_WRITE;   /* do    select on write. */
-		}
-	    } else if (new_flags & PR_POLL_WRITE) {
-		    /* The caller is trying to write, but the handshake is 
-		    ** blocked waiting for data to read, and the first 
-		    ** handshake has been sent.  So do NOT to poll on write
-		    ** unless we did false start.
-		    */
-		    if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-			ss->ssl3.hs.canFalseStart)) {
-			new_flags ^= PR_POLL_WRITE; /* don't select on write. */
-		    }
-		    new_flags |= PR_POLL_READ;      /* do    select on read. */
-	    }
-	}
+        (how_flags & PR_POLL_RW)) {
+        if (!ss->TCPconnected) {
+            ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
+        }
+        /* If it's not connected, then presumably the application is polling
+        ** on read or write appropriately, so don't change it.
+        */
+        if (ss->TCPconnected) {
+            if (!ss->handshakeBegun) {
+                /* If the handshake has not begun, poll on read or write
+                ** based on the local application's role in the handshake,
+                ** not based on what the application requested.
+                */
+                new_flags &= ~PR_POLL_RW;
+                if (ss->handshaking == sslHandshakingAsClient) {
+                    new_flags |= PR_POLL_WRITE;
+                } else { /* handshaking as server */
+                    new_flags |= PR_POLL_READ;
+                }
+            } else
+            /* First handshake is in progress */
+            if (ss->lastWriteBlocked) {
+                if (new_flags & PR_POLL_READ) {
+                    /* The caller is waiting for data to be received,
+                    ** but the initial handshake is blocked on write, or the
+                    ** client's first handshake record has not been written.
+                    ** The code should select on write, not read.
+                    */
+                    new_flags ^=  PR_POLL_READ;    /* don't select on read. */
+                    new_flags |=  PR_POLL_WRITE;   /* do    select on write. */
+                }
+            } else if (new_flags & PR_POLL_WRITE) {
+                    /* The caller is trying to write, but the handshake is
+                    ** blocked waiting for data to read, and the first
+                    ** handshake has been sent.  So do NOT to poll on write
+                    ** unless we did false start.
+                    */
+                    if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
+                        ss->ssl3.hs.canFalseStart)) {
+                        new_flags ^= PR_POLL_WRITE; /* don't select on write. */
+                    }
+                    new_flags |= PR_POLL_READ;      /* do    select on read. */
+            }
+        }
     } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
-	*p_out_flags = PR_POLL_READ;	/* it's ready already. */
-	return new_flags;
+        *p_out_flags = PR_POLL_READ;    /* it's ready already. */
+        return new_flags;
     } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
-	       (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
-	new_flags |=  PR_POLL_WRITE;   /* also select on write. */
+               (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
+        new_flags |=  PR_POLL_WRITE;   /* also select on write. */
     }
 
     if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
-	ss->ssl3.hs.restartTarget != NULL) {
-	/* Read and write will block until the asynchronous callback completes
-	 * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
-	 * the caller to poll the socket unless there is pending write data.
-	 */
-	if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
-	    /* Ignore any newly-received data on the socket, but do wait for
-	     * the socket to become writable again. Here, it is OK for an error
-	     * to be detected, because our logic for sending pending write data
-	     * will allow us to report the error to the caller without the risk
-	     * of the application spinning.
-	     */
-	    new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
-	} else {
-	    /* Unfortunately, clearing new_flags will make it impossible for
-	     * the application to detect errors that it would otherwise be
-	     * able to detect with PR_POLL_EXCEPT, until the asynchronous
-	     * callback completes. However, we must clear all the flags to
-	     * prevent the application from spinning (alternating between
-	     * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
-	     * which won't actually report the I/O error while we are waiting
-	     * for the asynchronous callback to complete).
-	     */
-	    new_flags = 0;
-	}
+        ss->ssl3.hs.restartTarget != NULL) {
+        /* Read and write will block until the asynchronous callback completes
+         * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
+         * the caller to poll the socket unless there is pending write data.
+         */
+        if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
+            /* Ignore any newly-received data on the socket, but do wait for
+             * the socket to become writable again. Here, it is OK for an error
+             * to be detected, because our logic for sending pending write data
+             * will allow us to report the error to the caller without the risk
+             * of the application spinning.
+             */
+            new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
+        } else {
+            /* Unfortunately, clearing new_flags will make it impossible for
+             * the application to detect errors that it would otherwise be
+             * able to detect with PR_POLL_EXCEPT, until the asynchronous
+             * callback completes. However, we must clear all the flags to
+             * prevent the application from spinning (alternating between
+             * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
+             * which won't actually report the I/O error while we are waiting
+             * for the asynchronous callback to complete).
+             */
+            new_flags = 0;
+        }
     }
 
     if (new_flags && (fd->lower->methods->poll != NULL)) {
-	PRInt16    lower_out_flags = 0;
-	PRInt16    lower_new_flags;
-        lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, 
-					           &lower_out_flags);
-	if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
-	    PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
-	    if (lower_out_flags & PR_POLL_READ) 
-		out_flags |= PR_POLL_WRITE;
-	    if (lower_out_flags & PR_POLL_WRITE) 
-		out_flags |= PR_POLL_READ;
-	    *p_out_flags = out_flags;
-	    new_flags = how_flags;
-	} else {
-	    *p_out_flags = lower_out_flags;
-	    new_flags    = lower_new_flags;
-	}
+        PRInt16    lower_out_flags = 0;
+        PRInt16    lower_new_flags;
+        lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
+                                                   &lower_out_flags);
+        if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
+            PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
+            if (lower_out_flags & PR_POLL_READ)
+                out_flags |= PR_POLL_WRITE;
+            if (lower_out_flags & PR_POLL_WRITE)
+                out_flags |= PR_POLL_READ;
+            *p_out_flags = out_flags;
+            new_flags = how_flags;
+        } else {
+            *p_out_flags = lower_out_flags;
+            new_flags    = lower_new_flags;
+        }
     }
 
     return new_flags;
@@ -2331,8 +2368,8 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
 
 static PRInt32 PR_CALLBACK
 ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
-		 const void *headers, PRInt32 hlen,
-		 PRTransmitFileFlags flags, PRIntervalTime timeout)
+                 const void *headers, PRInt32 hlen,
+                 PRTransmitFileFlags flags, PRIntervalTime timeout)
 {
     PRSendFileData sfd;
 
@@ -2358,7 +2395,7 @@ ssl_FdIsBlocking(PRFileDesc *fd)
     opt.value.non_blocking = PR_FALSE;
     status = PR_GetSocketOption(fd, &opt);
     if (status != PR_SUCCESS)
-	return PR_FALSE;
+        return PR_FALSE;
     return (PRBool)!opt.value.non_blocking;
 }
 
@@ -2372,9 +2409,10 @@ PRInt32  sslFirstBufSize = 8 * 1024;
 PRInt32  sslCopyLimit    = 1024;
 
 static PRInt32 PR_CALLBACK
-ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, 
+ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
            PRIntervalTime timeout)
 {
+    PRInt32            i;
     PRInt32            bufLen;
     PRInt32            left;
     PRInt32            rv;
@@ -2382,12 +2420,22 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
     const PRInt32      first_len = sslFirstBufSize;
     const PRInt32      limit     = sslCopyLimit;
     PRBool             blocking;
-    PRIOVec            myIov	 = { 0, 0 };
+    PRIOVec            myIov     = { 0, 0 };
     char               buf[MAX_FRAGMENT_LENGTH];
 
+    if (vectors < 0) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return -1;
+    }
     if (vectors > PR_MAX_IOVECTOR_SIZE) {
-    	PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
-	return -1;
+        PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
+        return -1;
+    }
+    for (i = 0; i < vectors; i++) {
+        if (iov[i].iov_len < 0) {
+            PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+            return -1;
+        }
     }
     blocking = ssl_FdIsBlocking(fd);
 
@@ -2396,105 +2444,105 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
 #define GET_VECTOR   do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
 #define HANDLE_ERR(rv, len) \
     if (rv != len) { \
-	if (rv < 0) { \
-	    if (!blocking \
-		&& (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
-		&& (sent > 0)) { \
-		return sent; \
-	    } else { \
-		return -1; \
-	    } \
-	} \
-	/* Only a nonblocking socket can have partial sends */ \
-	PR_ASSERT(!blocking); \
-	return sent + rv; \
-    } 
+        if (rv < 0) { \
+            if (!blocking \
+                && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
+                && (sent > 0)) { \
+                return sent; \
+            } else { \
+                return -1; \
+            } \
+        } \
+        /* Only a nonblocking socket can have partial sends */ \
+        PR_ASSERT(!blocking); \
+        return sent + rv; \
+    }
 #define SEND(bfr, len) \
     do { \
-	rv = ssl_Send(fd, bfr, len, 0, timeout); \
-	HANDLE_ERR(rv, len) \
-	sent += len; \
+        rv = ssl_Send(fd, bfr, len, 0, timeout); \
+        HANDLE_ERR(rv, len) \
+        sent += len; \
     } while (0)
 
     /* Make sure the first write is at least 8 KB, if possible. */
     KILL_VECTORS
     if (!vectors)
-	return ssl_Send(fd, 0, 0, 0, timeout);
+        return ssl_Send(fd, 0, 0, 0, timeout);
     GET_VECTOR;
     if (!vectors) {
-	return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
+        return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
     }
     if (myIov.iov_len < first_len) {
-	PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
-	bufLen = myIov.iov_len;
-	left = first_len - bufLen;
-	while (vectors && left) {
-	    int toCopy;
-	    GET_VECTOR;
-	    toCopy = PR_MIN(left, myIov.iov_len);
-	    PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
-	    bufLen         += toCopy;
-	    left           -= toCopy;
-	    myIov.iov_base += toCopy;
-	    myIov.iov_len  -= toCopy;
-	}
-	SEND( buf, bufLen );
+        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+        bufLen = myIov.iov_len;
+        left = first_len - bufLen;
+        while (vectors && left) {
+            int toCopy;
+            GET_VECTOR;
+            toCopy = PR_MIN(left, myIov.iov_len);
+            PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
+            bufLen         += toCopy;
+            left           -= toCopy;
+            myIov.iov_base += toCopy;
+            myIov.iov_len  -= toCopy;
+        }
+        SEND( buf, bufLen );
     }
 
     while (vectors || myIov.iov_len) {
-	PRInt32   addLen;
-	if (!myIov.iov_len) {
-	    GET_VECTOR;
-	}
-	while (myIov.iov_len >= K16) {
-	    SEND(myIov.iov_base, K16);
-	    myIov.iov_base += K16;
-	    myIov.iov_len  -= K16;
-	}
-	if (!myIov.iov_len)
-	    continue;
-
-	if (!vectors || myIov.iov_len > limit) {
-	    addLen = 0;
-	} else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
-	    /* Addlen is already computed. */;
-	} else if (vectors > 1 && 
-	     iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
-	     addLen = limit - myIov.iov_len;
-	} else 
-	    addLen = 0;
-
-	if (!addLen) {
-	    SEND( myIov.iov_base, myIov.iov_len );
-	    myIov.iov_len = 0;
-	    continue;
-	}
-	PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
-	bufLen = myIov.iov_len;
-	do {
-	    GET_VECTOR;
-	    PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
-	    myIov.iov_base += addLen;
-	    myIov.iov_len  -= addLen;
-	    bufLen         += addLen;
-
-	    left = PR_MIN( limit, K16 - bufLen);
-	    if (!vectors 		/* no more left */
-	    ||  myIov.iov_len > 0	/* we didn't use that one all up */
-	    ||  bufLen >= K16		/* it's full. */
-	    ) {
-		addLen = 0;
-	    } else if ((addLen = iov->iov_len % K16) <= left) {
-		/* Addlen is already computed. */;
-	    } else if (vectors > 1 && 
-		 iov[1].iov_len % K16 + addLen <= left + limit) {
-		 addLen = left;
-	    } else 
-		addLen = 0;
-
-	} while (addLen);
-	SEND( buf, bufLen );
-    } 
+        PRInt32   addLen;
+        if (!myIov.iov_len) {
+            GET_VECTOR;
+        }
+        while (myIov.iov_len >= K16) {
+            SEND(myIov.iov_base, K16);
+            myIov.iov_base += K16;
+            myIov.iov_len  -= K16;
+        }
+        if (!myIov.iov_len)
+            continue;
+
+        if (!vectors || myIov.iov_len > limit) {
+            addLen = 0;
+        } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
+            /* Addlen is already computed. */;
+        } else if (vectors > 1 &&
+             iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
+             addLen = limit - myIov.iov_len;
+        } else
+            addLen = 0;
+
+        if (!addLen) {
+            SEND( myIov.iov_base, myIov.iov_len );
+            myIov.iov_len = 0;
+            continue;
+        }
+        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+        bufLen = myIov.iov_len;
+        do {
+            GET_VECTOR;
+            PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
+            myIov.iov_base += addLen;
+            myIov.iov_len  -= addLen;
+            bufLen         += addLen;
+
+            left = PR_MIN( limit, K16 - bufLen);
+            if (!vectors                /* no more left */
+            ||  myIov.iov_len > 0       /* we didn't use that one all up */
+            ||  bufLen >= K16           /* it's full. */
+            ) {
+                addLen = 0;
+            } else if ((addLen = iov->iov_len % K16) <= left) {
+                /* Addlen is already computed. */;
+            } else if (vectors > 1 &&
+                 iov[1].iov_len % K16 + addLen <= left + limit) {
+                 addLen = left;
+            } else
+                addLen = 0;
+
+        } while (addLen);
+        SEND( buf, bufLen );
+    }
     return sent;
 }
 
@@ -2564,7 +2612,7 @@ ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
 
 static PRInt32 PR_CALLBACK
 ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
-	     PRNetAddr *addr, PRIntervalTime timeout)
+             PRNetAddr *addr, PRIntervalTime timeout)
 {
     PORT_Assert(0);
     PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
@@ -2573,7 +2621,7 @@ ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
 
 static PRInt32 PR_CALLBACK
 ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
-	   const PRNetAddr *addr, PRIntervalTime timeout)
+           const PRNetAddr *addr, PRIntervalTime timeout)
 {
     PORT_Assert(0);
     PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
@@ -2582,41 +2630,41 @@ ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
 
 static const PRIOMethods ssl_methods = {
     PR_DESC_LAYERED,
-    ssl_Close,           	/* close        */
-    ssl_Read,            	/* read         */
-    ssl_Write,           	/* write        */
-    ssl_Available,       	/* available    */
-    ssl_Available64,     	/* available64  */
-    ssl_FSync,           	/* fsync        */
-    ssl_Seek,            	/* seek         */
-    ssl_Seek64,          	/* seek64       */
-    ssl_FileInfo,        	/* fileInfo     */
-    ssl_FileInfo64,      	/* fileInfo64   */
-    ssl_WriteV,          	/* writev       */
-    ssl_Connect,         	/* connect      */
-    ssl_Accept,          	/* accept       */
-    ssl_Bind,            	/* bind         */
-    ssl_Listen,          	/* listen       */
-    ssl_Shutdown,        	/* shutdown     */
-    ssl_Recv,            	/* recv         */
-    ssl_Send,            	/* send         */
-    ssl_RecvFrom,        	/* recvfrom     */
-    ssl_SendTo,          	/* sendto       */
-    ssl_Poll,            	/* poll         */
+    ssl_Close,                  /* close        */
+    ssl_Read,                   /* read         */
+    ssl_Write,                  /* write        */
+    ssl_Available,              /* available    */
+    ssl_Available64,            /* available64  */
+    ssl_FSync,                  /* fsync        */
+    ssl_Seek,                   /* seek         */
+    ssl_Seek64,                 /* seek64       */
+    ssl_FileInfo,               /* fileInfo     */
+    ssl_FileInfo64,             /* fileInfo64   */
+    ssl_WriteV,                 /* writev       */
+    ssl_Connect,                /* connect      */
+    ssl_Accept,                 /* accept       */
+    ssl_Bind,                   /* bind         */
+    ssl_Listen,                 /* listen       */
+    ssl_Shutdown,               /* shutdown     */
+    ssl_Recv,                   /* recv         */
+    ssl_Send,                   /* send         */
+    ssl_RecvFrom,               /* recvfrom     */
+    ssl_SendTo,                 /* sendto       */
+    ssl_Poll,                   /* poll         */
     PR_EmulateAcceptRead,       /* acceptread   */
     ssl_TransmitFile,           /* transmitfile */
-    ssl_GetSockName,     	/* getsockname  */
-    ssl_GetPeerName,     	/* getpeername  */
-    NULL,                	/* getsockopt   OBSOLETE */
-    NULL,                	/* setsockopt   OBSOLETE */
-    NULL,                	/* getsocketoption   */
-    NULL,                	/* setsocketoption   */
-    PR_EmulateSendFile, 	/* Send a (partial) file with header/trailer*/
-    NULL,                	/* reserved for future use */
-    NULL,                	/* reserved for future use */
-    NULL,                	/* reserved for future use */
-    NULL,                	/* reserved for future use */
-    NULL                 	/* reserved for future use */
+    ssl_GetSockName,            /* getsockname  */
+    ssl_GetPeerName,            /* getpeername  */
+    NULL,                       /* getsockopt   OBSOLETE */
+    NULL,                       /* setsockopt   OBSOLETE */
+    NULL,                       /* getsocketoption   */
+    NULL,                       /* setsocketoption   */
+    PR_EmulateSendFile,         /* Send a (partial) file with header/trailer*/
+    NULL,                       /* reserved for future use */
+    NULL,                       /* reserved for future use */
+    NULL,                       /* reserved for future use */
+    NULL,                       /* reserved for future use */
+    NULL                        /* reserved for future use */
 };
 
 
@@ -2657,15 +2705,15 @@ ssl_SetupIOMethods(void)
     new_methods->transmitfile      = my_methods->transmitfile;
     new_methods->getsockname       = my_methods->getsockname;
     new_methods->getpeername       = my_methods->getpeername;
-/*  new_methods->getsocketoption   = my_methods->getsocketoption;	*/
-/*  new_methods->setsocketoption   = my_methods->setsocketoption;	*/
+/*  new_methods->getsocketoption   = my_methods->getsocketoption;       */
+/*  new_methods->setsocketoption   = my_methods->setsocketoption;       */
     new_methods->sendfile          = my_methods->sendfile;
 
 }
 
 static PRCallOnceType initIoLayerOnce;
 
-static PRStatus  
+static PRStatus
 ssl_InitIOLayer(void)
 {
     ssl_layer_id = PR_GetUniqueIdentity("SSL");
@@ -2677,44 +2725,44 @@ ssl_InitIOLayer(void)
 static PRStatus
 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
 {
-    PRFileDesc *layer	= NULL;
+    PRFileDesc *layer   = NULL;
     PRStatus    status;
 
     if (!ssl_inited) {
-	status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
-	if (status != PR_SUCCESS)
-	    goto loser;
+        status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
+        if (status != PR_SUCCESS)
+            goto loser;
     }
 
     if (ns == NULL)
-	goto loser;
+        goto loser;
 
     layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
     if (layer == NULL)
-	goto loser;
+        goto loser;
     layer->secret = (PRFilePrivate *)ns;
 
     /* Here, "stack" points to the PRFileDesc on the top of the stack.
     ** "layer" points to a new FD that is to be inserted into the stack.
-    ** If layer is being pushed onto the top of the stack, then 
+    ** If layer is being pushed onto the top of the stack, then
     ** PR_PushIOLayer switches the contents of stack and layer, and then
-    ** puts stack on top of layer, so that after it is done, the top of 
-    ** stack is the same "stack" as it was before, and layer is now the 
+    ** puts stack on top of layer, so that after it is done, the top of
+    ** stack is the same "stack" as it was before, and layer is now the
     ** FD for the former top of stack.
     ** After this call, stack always points to the top PRFD on the stack.
-    ** If this function fails, the contents of stack and layer are as 
+    ** If this function fails, the contents of stack and layer are as
     ** they were before the call.
     */
     status = PR_PushIOLayer(stack, id, layer);
     if (status != PR_SUCCESS)
-	goto loser;
+        goto loser;
 
     ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
     return PR_SUCCESS;
 
 loser:
     if (layer) {
-	layer->dtor(layer); /* free layer */
+        layer->dtor(layer); /* free layer */
     }
     return PR_FAILURE;
 }
@@ -2724,28 +2772,28 @@ static SECStatus
 ssl_MakeLocks(sslSocket *ss)
 {
     ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
-    if (!ss->firstHandshakeLock) 
-	goto loser;
+    if (!ss->firstHandshakeLock)
+        goto loser;
     ss->ssl3HandshakeLock  = PZ_NewMonitor(nssILockSSL);
-    if (!ss->ssl3HandshakeLock) 
-	goto loser;
+    if (!ss->ssl3HandshakeLock)
+        goto loser;
     ss->specLock           = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
-    if (!ss->specLock) 
-	goto loser;
+    if (!ss->specLock)
+        goto loser;
     ss->recvBufLock        = PZ_NewMonitor(nssILockSSL);
-    if (!ss->recvBufLock) 
-	goto loser;
+    if (!ss->recvBufLock)
+        goto loser;
     ss->xmitBufLock        = PZ_NewMonitor(nssILockSSL);
-    if (!ss->xmitBufLock) 
-	goto loser;
+    if (!ss->xmitBufLock)
+        goto loser;
     ss->writerThread       = NULL;
     if (ssl_lock_readers) {
-	ss->recvLock       = PZ_NewLock(nssILockSSL);
-	if (!ss->recvLock) 
-	    goto loser;
-	ss->sendLock       = PZ_NewLock(nssILockSSL);
-	if (!ss->sendLock) 
-	    goto loser;
+        ss->recvLock       = PZ_NewLock(nssILockSSL);
+        if (!ss->recvLock)
+            goto loser;
+        ss->sendLock       = PZ_NewLock(nssILockSSL);
+        if (!ss->sendLock)
+            goto loser;
     }
     return SECSuccess;
 loser:
@@ -2766,81 +2814,81 @@ ssl_SetDefaultsFromEnvironment(void)
     static int firsttime = 1;
 
     if (firsttime) {
-	char * ev;
-	firsttime = 0;
+        char * ev;
+        firsttime = 0;
 #ifdef DEBUG
-	ev = getenv("SSLDEBUGFILE");
-	if (ev && ev[0]) {
-	    ssl_trace_iob = fopen(ev, "w");
-	}
-	if (!ssl_trace_iob) {
-	    ssl_trace_iob = stderr;
-	}
+        ev = getenv("SSLDEBUGFILE");
+        if (ev && ev[0]) {
+            ssl_trace_iob = fopen(ev, "w");
+        }
+        if (!ssl_trace_iob) {
+            ssl_trace_iob = stderr;
+        }
 #ifdef TRACE
-	ev = getenv("SSLTRACE");
-	if (ev && ev[0]) {
-	    ssl_trace = atoi(ev);
-	    SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
-	}
+        ev = getenv("SSLTRACE");
+        if (ev && ev[0]) {
+            ssl_trace = atoi(ev);
+            SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
+        }
 #endif /* TRACE */
-	ev = getenv("SSLDEBUG");
-	if (ev && ev[0]) {
-	    ssl_debug = atoi(ev);
-	    SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
-	}
+        ev = getenv("SSLDEBUG");
+        if (ev && ev[0]) {
+            ssl_debug = atoi(ev);
+            SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
+        }
 #endif /* DEBUG */
-	ev = getenv("SSLKEYLOGFILE");
-	if (ev && ev[0]) {
-	    ssl_keylog_iob = fopen(ev, "a");
-	    if (!ssl_keylog_iob) {
-		SSL_TRACE(("SSL: failed to open key log file"));
-	    } else {
-		if (ftell(ssl_keylog_iob) == 0) {
-		    fputs("# SSL/TLS secrets log file, generated by NSS\n",
-			  ssl_keylog_iob);
-		}
-		SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
-	    }
-	}
+        ev = getenv("SSLKEYLOGFILE");
+        if (ev && ev[0]) {
+            ssl_keylog_iob = fopen(ev, "a");
+            if (!ssl_keylog_iob) {
+                SSL_TRACE(("SSL: failed to open key log file"));
+            } else {
+                if (ftell(ssl_keylog_iob) == 0) {
+                    fputs("# SSL/TLS secrets log file, generated by NSS\n",
+                          ssl_keylog_iob);
+                }
+                SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
+            }
+        }
 #ifndef NO_PKCS11_BYPASS
-	ev = getenv("SSLBYPASS");
-	if (ev && ev[0]) {
-	    ssl_defaults.bypassPKCS11 = (ev[0] == '1');
-	    SSL_TRACE(("SSL: bypass default set to %d", \
-		      ssl_defaults.bypassPKCS11));
-	}
+        ev = getenv("SSLBYPASS");
+        if (ev && ev[0]) {
+            ssl_defaults.bypassPKCS11 = (ev[0] == '1');
+            SSL_TRACE(("SSL: bypass default set to %d", \
+                      ssl_defaults.bypassPKCS11));
+        }
 #endif /* NO_PKCS11_BYPASS */
-	ev = getenv("SSLFORCELOCKS");
-	if (ev && ev[0] == '1') {
-	    ssl_force_locks = PR_TRUE;
-	    ssl_defaults.noLocks = 0;
-	    strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED.  ");
-	    SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
-	}
-	ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
-	if (ev) {
-	    if (ev[0] == '1' || LOWER(ev[0]) == 'u')
-	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
-	    else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
-	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
-	    else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
-		ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
-	    else if (ev[0] == '3' || LOWER(ev[0]) == 't')
-	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
-	    SSL_TRACE(("SSL: enableRenegotiation set to %d", 
-	               ssl_defaults.enableRenegotiation));
-	}
-	ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
-	if (ev && ev[0] == '1') {
-	    ssl_defaults.requireSafeNegotiation = PR_TRUE;
-	    SSL_TRACE(("SSL: requireSafeNegotiation set to %d", 
-	                PR_TRUE));
-	}
-	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
-	if (ev && ev[0] == '0') {
-	    ssl_defaults.cbcRandomIV = PR_FALSE;
-	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
-	}
+        ev = getenv("SSLFORCELOCKS");
+        if (ev && ev[0] == '1') {
+            ssl_force_locks = PR_TRUE;
+            ssl_defaults.noLocks = 0;
+            strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED.  ");
+            SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
+        }
+        ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
+        if (ev) {
+            if (ev[0] == '1' || LOWER(ev[0]) == 'u')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
+            else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
+            else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
+            else if (ev[0] == '3' || LOWER(ev[0]) == 't')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
+            SSL_TRACE(("SSL: enableRenegotiation set to %d",
+                       ssl_defaults.enableRenegotiation));
+        }
+        ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
+        if (ev && ev[0] == '1') {
+            ssl_defaults.requireSafeNegotiation = PR_TRUE;
+            SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
+                        PR_TRUE));
+        }
+        ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+        if (ev && ev[0] == '0') {
+            ssl_defaults.cbcRandomIV = PR_FALSE;
+            SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+        }
     }
 #endif /* NSS_HAVE_GETENV */
 }
@@ -2856,76 +2904,75 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
     ssl_SetDefaultsFromEnvironment();
 
     if (ssl_force_locks)
-	makeLocks = PR_TRUE;
+        makeLocks = PR_TRUE;
 
     /* Make a new socket and get it ready */
     ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
     if (ss) {
         /* This should be of type SSLKEAType, but CC on IRIX
-	 * complains during the for loop.
-	 */
-	int i;
-	SECStatus status;
- 
-	ss->opt                = ssl_defaults;
-	ss->opt.useSocks       = PR_FALSE;
-	ss->opt.noLocks        = !makeLocks;
-	ss->vrange             = *VERSIONS_DEFAULTS(protocolVariant);
-	ss->protocolVariant    = protocolVariant;
-
-	ss->peerID             = NULL;
-	ss->rTimeout	       = PR_INTERVAL_NO_TIMEOUT;
-	ss->wTimeout	       = PR_INTERVAL_NO_TIMEOUT;
-	ss->cTimeout	       = PR_INTERVAL_NO_TIMEOUT;
-	ss->cipherSpecs        = NULL;
+         * complains during the for loop.
+         */
+        int i;
+        SECStatus status;
+
+        ss->opt                = ssl_defaults;
+        ss->opt.useSocks       = PR_FALSE;
+        ss->opt.noLocks        = !makeLocks;
+        ss->vrange             = *VERSIONS_DEFAULTS(protocolVariant);
+        ss->protocolVariant    = protocolVariant;
+
+        ss->peerID             = NULL;
+        ss->rTimeout           = PR_INTERVAL_NO_TIMEOUT;
+        ss->wTimeout           = PR_INTERVAL_NO_TIMEOUT;
+        ss->cTimeout           = PR_INTERVAL_NO_TIMEOUT;
+        ss->cipherSpecs        = NULL;
         ss->sizeCipherSpecs    = 0;  /* produced lazily */
         ss->preferredCipher    = NULL;
         ss->url                = NULL;
 
-	for (i=kt_null; i < kt_kea_size; i++) {
-	    sslServerCerts * sc = ss->serverCerts + i;
-	    sc->serverCert      = NULL;
-	    sc->serverCertChain = NULL;
-	    sc->serverKeyPair   = NULL;
-	    sc->serverKeyBits   = 0;
-	    ss->certStatusArray[i] = NULL;
-	}
-	ss->stepDownKeyPair    = NULL;
-	ss->dbHandle           = CERT_GetDefaultCertDB();
-
-	/* Provide default implementation of hooks */
-	ss->authCertificate    = SSL_AuthCertificate;
-	ss->authCertificateArg = (void *)ss->dbHandle;
+        for (i=kt_null; i < kt_kea_size; i++) {
+            sslServerCerts * sc = ss->serverCerts + i;
+            sc->serverCert      = NULL;
+            sc->serverCertChain = NULL;
+            sc->serverKeyPair   = NULL;
+            sc->serverKeyBits   = 0;
+            ss->certStatusArray[i] = NULL;
+        }
+        ss->stepDownKeyPair    = NULL;
+        ss->dbHandle           = CERT_GetDefaultCertDB();
+
+        /* Provide default implementation of hooks */
+        ss->authCertificate    = SSL_AuthCertificate;
+        ss->authCertificateArg = (void *)ss->dbHandle;
         ss->sniSocketConfig    = NULL;
         ss->sniSocketConfigArg = NULL;
-	ss->getClientAuthData  = NULL;
-	ss->handleBadCert      = NULL;
-	ss->badCertArg         = NULL;
-	ss->pkcs11PinArg       = NULL;
-	ss->ephemeralECDHKeyPair = NULL;
-
-	ssl_ChooseOps(ss);
-	ssl2_InitSocketPolicy(ss);
-	ssl3_InitSocketPolicy(ss);
-	PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
-
-	if (makeLocks) {
-	    status = ssl_MakeLocks(ss);
-	    if (status != SECSuccess)
-		goto loser;
-	}
-	status = ssl_CreateSecurityInfo(ss);
-	if (status != SECSuccess) 
-	    goto loser;
-	status = ssl_InitGather(&ss->gs);
-	if (status != SECSuccess) {
+        ss->getClientAuthData  = NULL;
+        ss->handleBadCert      = NULL;
+        ss->badCertArg         = NULL;
+        ss->pkcs11PinArg       = NULL;
+        ss->ephemeralECDHKeyPair = NULL;
+
+        ssl_ChooseOps(ss);
+        ssl2_InitSocketPolicy(ss);
+        ssl3_InitSocketPolicy(ss);
+        PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
+
+        if (makeLocks) {
+            status = ssl_MakeLocks(ss);
+            if (status != SECSuccess)
+                goto loser;
+        }
+        status = ssl_CreateSecurityInfo(ss);
+        if (status != SECSuccess)
+            goto loser;
+        status = ssl_InitGather(&ss->gs);
+        if (status != SECSuccess) {
 loser:
-	    ssl_DestroySocketContents(ss);
-	    ssl_DestroyLocks(ss);
-	    PORT_Free(ss);
-	    ss = NULL;
-	}
+            ssl_DestroySocketContents(ss);
+            ssl_DestroyLocks(ss);
+            PORT_Free(ss);
+            ss = NULL;
+        }
     }
     return ss;
 }
-
diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h
index 6b93629..c22c820 100644
--- a/security/nss/lib/ssl/sslt.h
+++ b/security/nss/lib/ssl/sslt.h
@@ -181,17 +181,19 @@ typedef enum {
 typedef enum {
     ssl_server_name_xtn              = 0,
     ssl_cert_status_xtn              = 5,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
     ssl_elliptic_curves_xtn          = 10,
     ssl_ec_point_formats_xtn         = 11,
 #endif
     ssl_signature_algorithms_xtn     = 13,
     ssl_use_srtp_xtn                 = 14,
+    ssl_app_layer_protocol_xtn       = 16,
+    ssl_padding_xtn                  = 21,
     ssl_session_ticket_xtn           = 35,
     ssl_next_proto_nego_xtn          = 13172,
     ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
 } SSLExtensionType;
 
-#define SSL_MAX_EXTENSIONS             9
+#define SSL_MAX_EXTENSIONS             10 /* doesn't include ssl_padding_xtn. */
 
 #endif /* __sslt_h_ */
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index 946daed..502b34e 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,10 +19,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.15.4"
+#define NSSUTIL_VERSION  "3.16.2"
 #define NSSUTIL_VMAJOR   3
-#define NSSUTIL_VMINOR   15
-#define NSSUTIL_VPATCH   4
+#define NSSUTIL_VMINOR   16
+#define NSSUTIL_VPATCH   2
 #define NSSUTIL_VBUILD   0
 #define NSSUTIL_BETA     PR_FALSE
 
diff --git a/security/nss/lib/util/secdig.h b/security/nss/lib/util/secdig.h
index 94ff39e..6f218ec 100644
--- a/security/nss/lib/util/secdig.h
+++ b/security/nss/lib/util/secdig.h
@@ -1,5 +1,5 @@
 /*
- * crypto.h - public data structures and prototypes for the crypto library
+ * secdig.h - public prototypes for digest-info functions
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/security/nss/lib/util/secdigt.h b/security/nss/lib/util/secdigt.h
index 65ca22f..2414d79 100644
--- a/security/nss/lib/util/secdigt.h
+++ b/security/nss/lib/util/secdigt.h
@@ -1,5 +1,5 @@
 /*
- * secdigt.h - public data structures for digestinfos from the util lib.
+ * secdigt.h - public data structures for digest-info objects
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -23,6 +23,4 @@ struct SGNDigestInfoStr {
 };
 typedef struct SGNDigestInfoStr SGNDigestInfo;
 
-
-
 #endif /* _SECDIGT_H_ */
diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h
index 490daba..adca22a 100644
--- a/security/nss/lib/util/secerr.h
+++ b/security/nss/lib/util/secerr.h
@@ -7,211 +7,211 @@
 
 #include "utilrename.h"
 
-#define SEC_ERROR_BASE				(-0x2000)
-#define SEC_ERROR_LIMIT				(SEC_ERROR_BASE + 1000)
+#define SEC_ERROR_BASE                          (-0x2000)
+#define SEC_ERROR_LIMIT                         (SEC_ERROR_BASE + 1000)
 
 #define IS_SEC_ERROR(code) \
     (((code) >= SEC_ERROR_BASE) && ((code) < SEC_ERROR_LIMIT))
 
 #ifndef NO_SECURITY_ERROR_ENUM
 typedef enum {
-SEC_ERROR_IO 				    =	SEC_ERROR_BASE + 0,
-SEC_ERROR_LIBRARY_FAILURE 		    =	SEC_ERROR_BASE + 1,
-SEC_ERROR_BAD_DATA 			    =	SEC_ERROR_BASE + 2,
-SEC_ERROR_OUTPUT_LEN 			    =	SEC_ERROR_BASE + 3,
-SEC_ERROR_INPUT_LEN 			    =	SEC_ERROR_BASE + 4,
-SEC_ERROR_INVALID_ARGS 			    =	SEC_ERROR_BASE + 5,
-SEC_ERROR_INVALID_ALGORITHM 		    =	SEC_ERROR_BASE + 6,
-SEC_ERROR_INVALID_AVA 			    =	SEC_ERROR_BASE + 7,
-SEC_ERROR_INVALID_TIME 			    =	SEC_ERROR_BASE + 8,
-SEC_ERROR_BAD_DER 			    =	SEC_ERROR_BASE + 9,
-SEC_ERROR_BAD_SIGNATURE 		    =	SEC_ERROR_BASE + 10,
-SEC_ERROR_EXPIRED_CERTIFICATE 		    =	SEC_ERROR_BASE + 11,
-SEC_ERROR_REVOKED_CERTIFICATE 		    =	SEC_ERROR_BASE + 12,
-SEC_ERROR_UNKNOWN_ISSUER 		    =	SEC_ERROR_BASE + 13,
-SEC_ERROR_BAD_KEY 			    =	SEC_ERROR_BASE + 14,
-SEC_ERROR_BAD_PASSWORD 			    =	SEC_ERROR_BASE + 15,
-SEC_ERROR_RETRY_PASSWORD 		    =	SEC_ERROR_BASE + 16,
-SEC_ERROR_NO_NODELOCK 			    =	SEC_ERROR_BASE + 17,
-SEC_ERROR_BAD_DATABASE 			    =	SEC_ERROR_BASE + 18,
-SEC_ERROR_NO_MEMORY 			    =	SEC_ERROR_BASE + 19,
-SEC_ERROR_UNTRUSTED_ISSUER 		    =	SEC_ERROR_BASE + 20,
-SEC_ERROR_UNTRUSTED_CERT 		    =	SEC_ERROR_BASE + 21,
-SEC_ERROR_DUPLICATE_CERT 		    =	(SEC_ERROR_BASE + 22),
-SEC_ERROR_DUPLICATE_CERT_NAME 		    =	(SEC_ERROR_BASE + 23),
-SEC_ERROR_ADDING_CERT 			    =	(SEC_ERROR_BASE + 24),
-SEC_ERROR_FILING_KEY 			    =	(SEC_ERROR_BASE + 25),
-SEC_ERROR_NO_KEY 			    =	(SEC_ERROR_BASE + 26),
-SEC_ERROR_CERT_VALID 			    =	(SEC_ERROR_BASE + 27),
-SEC_ERROR_CERT_NOT_VALID 		    =	(SEC_ERROR_BASE + 28),
-SEC_ERROR_CERT_NO_RESPONSE 		    =	(SEC_ERROR_BASE + 29),
-SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE 	    =	(SEC_ERROR_BASE + 30),
-SEC_ERROR_CRL_EXPIRED 			    =	(SEC_ERROR_BASE + 31),
-SEC_ERROR_CRL_BAD_SIGNATURE 		    =	(SEC_ERROR_BASE + 32),
-SEC_ERROR_CRL_INVALID 			    =	(SEC_ERROR_BASE + 33),
-SEC_ERROR_EXTENSION_VALUE_INVALID 	    = 	(SEC_ERROR_BASE + 34),
-SEC_ERROR_EXTENSION_NOT_FOUND 		    = 	(SEC_ERROR_BASE + 35),
-SEC_ERROR_CA_CERT_INVALID 		    = 	(SEC_ERROR_BASE + 36),
-SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID 	    = 	(SEC_ERROR_BASE + 37),
-SEC_ERROR_CERT_USAGES_INVALID 		    = 	(SEC_ERROR_BASE + 38),
-SEC_INTERNAL_ONLY 			    =	(SEC_ERROR_BASE + 39),
-SEC_ERROR_INVALID_KEY 			    =	(SEC_ERROR_BASE + 40),
-SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION 	    = 	(SEC_ERROR_BASE + 41),
-SEC_ERROR_OLD_CRL 			    =	(SEC_ERROR_BASE + 42),
-SEC_ERROR_NO_EMAIL_CERT 		    =	(SEC_ERROR_BASE + 43),
-SEC_ERROR_NO_RECIPIENT_CERTS_QUERY 	    =	(SEC_ERROR_BASE + 44),
-SEC_ERROR_NOT_A_RECIPIENT 		    =	(SEC_ERROR_BASE + 45),
-SEC_ERROR_PKCS7_KEYALG_MISMATCH 	    =	(SEC_ERROR_BASE + 46),
-SEC_ERROR_PKCS7_BAD_SIGNATURE 		    =	(SEC_ERROR_BASE + 47),
-SEC_ERROR_UNSUPPORTED_KEYALG 		    =	(SEC_ERROR_BASE + 48),
-SEC_ERROR_DECRYPTION_DISALLOWED 	    =	(SEC_ERROR_BASE + 49),
+SEC_ERROR_IO                                =   SEC_ERROR_BASE + 0,
+SEC_ERROR_LIBRARY_FAILURE                   =   SEC_ERROR_BASE + 1,
+SEC_ERROR_BAD_DATA                          =   SEC_ERROR_BASE + 2,
+SEC_ERROR_OUTPUT_LEN                        =   SEC_ERROR_BASE + 3,
+SEC_ERROR_INPUT_LEN                         =   SEC_ERROR_BASE + 4,
+SEC_ERROR_INVALID_ARGS                      =   SEC_ERROR_BASE + 5,
+SEC_ERROR_INVALID_ALGORITHM                 =   SEC_ERROR_BASE + 6,
+SEC_ERROR_INVALID_AVA                       =   SEC_ERROR_BASE + 7,
+SEC_ERROR_INVALID_TIME                      =   SEC_ERROR_BASE + 8,
+SEC_ERROR_BAD_DER                           =   SEC_ERROR_BASE + 9,
+SEC_ERROR_BAD_SIGNATURE                     =   SEC_ERROR_BASE + 10,
+SEC_ERROR_EXPIRED_CERTIFICATE               =   SEC_ERROR_BASE + 11,
+SEC_ERROR_REVOKED_CERTIFICATE               =   SEC_ERROR_BASE + 12,
+SEC_ERROR_UNKNOWN_ISSUER                    =   SEC_ERROR_BASE + 13,
+SEC_ERROR_BAD_KEY                           =   SEC_ERROR_BASE + 14,
+SEC_ERROR_BAD_PASSWORD                      =   SEC_ERROR_BASE + 15,
+SEC_ERROR_RETRY_PASSWORD                    =   SEC_ERROR_BASE + 16,
+SEC_ERROR_NO_NODELOCK                       =   SEC_ERROR_BASE + 17,
+SEC_ERROR_BAD_DATABASE                      =   SEC_ERROR_BASE + 18,
+SEC_ERROR_NO_MEMORY                         =   SEC_ERROR_BASE + 19,
+SEC_ERROR_UNTRUSTED_ISSUER                  =   SEC_ERROR_BASE + 20,
+SEC_ERROR_UNTRUSTED_CERT                    =   SEC_ERROR_BASE + 21,
+SEC_ERROR_DUPLICATE_CERT                    =   (SEC_ERROR_BASE + 22),
+SEC_ERROR_DUPLICATE_CERT_NAME               =   (SEC_ERROR_BASE + 23),
+SEC_ERROR_ADDING_CERT                       =   (SEC_ERROR_BASE + 24),
+SEC_ERROR_FILING_KEY                        =   (SEC_ERROR_BASE + 25),
+SEC_ERROR_NO_KEY                            =   (SEC_ERROR_BASE + 26),
+SEC_ERROR_CERT_VALID                        =   (SEC_ERROR_BASE + 27),
+SEC_ERROR_CERT_NOT_VALID                    =   (SEC_ERROR_BASE + 28),
+SEC_ERROR_CERT_NO_RESPONSE                  =   (SEC_ERROR_BASE + 29),
+SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE        =   (SEC_ERROR_BASE + 30),
+SEC_ERROR_CRL_EXPIRED                       =   (SEC_ERROR_BASE + 31),
+SEC_ERROR_CRL_BAD_SIGNATURE                 =   (SEC_ERROR_BASE + 32),
+SEC_ERROR_CRL_INVALID                       =   (SEC_ERROR_BASE + 33),
+SEC_ERROR_EXTENSION_VALUE_INVALID           =   (SEC_ERROR_BASE + 34),
+SEC_ERROR_EXTENSION_NOT_FOUND               =   (SEC_ERROR_BASE + 35),
+SEC_ERROR_CA_CERT_INVALID                   =   (SEC_ERROR_BASE + 36),
+SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID       =   (SEC_ERROR_BASE + 37),
+SEC_ERROR_CERT_USAGES_INVALID               =   (SEC_ERROR_BASE + 38),
+SEC_INTERNAL_ONLY                           =   (SEC_ERROR_BASE + 39),
+SEC_ERROR_INVALID_KEY                       =   (SEC_ERROR_BASE + 40),
+SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION        =   (SEC_ERROR_BASE + 41),
+SEC_ERROR_OLD_CRL                           =   (SEC_ERROR_BASE + 42),
+SEC_ERROR_NO_EMAIL_CERT                     =   (SEC_ERROR_BASE + 43),
+SEC_ERROR_NO_RECIPIENT_CERTS_QUERY          =   (SEC_ERROR_BASE + 44),
+SEC_ERROR_NOT_A_RECIPIENT                   =   (SEC_ERROR_BASE + 45),
+SEC_ERROR_PKCS7_KEYALG_MISMATCH             =   (SEC_ERROR_BASE + 46),
+SEC_ERROR_PKCS7_BAD_SIGNATURE               =   (SEC_ERROR_BASE + 47),
+SEC_ERROR_UNSUPPORTED_KEYALG                =   (SEC_ERROR_BASE + 48),
+SEC_ERROR_DECRYPTION_DISALLOWED             =   (SEC_ERROR_BASE + 49),
 /* Fortezza Alerts */
-XP_SEC_FORTEZZA_BAD_CARD 		    =	(SEC_ERROR_BASE + 50),
-XP_SEC_FORTEZZA_NO_CARD 		    =	(SEC_ERROR_BASE + 51),
-XP_SEC_FORTEZZA_NONE_SELECTED 		    =	(SEC_ERROR_BASE + 52),
-XP_SEC_FORTEZZA_MORE_INFO 		    =	(SEC_ERROR_BASE + 53),
-XP_SEC_FORTEZZA_PERSON_NOT_FOUND 	    =	(SEC_ERROR_BASE + 54),
-XP_SEC_FORTEZZA_NO_MORE_INFO 		    =	(SEC_ERROR_BASE + 55),
-XP_SEC_FORTEZZA_BAD_PIN 		    =	(SEC_ERROR_BASE + 56),
-XP_SEC_FORTEZZA_PERSON_ERROR 		    =	(SEC_ERROR_BASE + 57),
-SEC_ERROR_NO_KRL 			    =	(SEC_ERROR_BASE + 58),
-SEC_ERROR_KRL_EXPIRED 			    =	(SEC_ERROR_BASE + 59),
-SEC_ERROR_KRL_BAD_SIGNATURE 		    =	(SEC_ERROR_BASE + 60),
-SEC_ERROR_REVOKED_KEY 			    =	(SEC_ERROR_BASE + 61),
-SEC_ERROR_KRL_INVALID 			    =	(SEC_ERROR_BASE + 62),
-SEC_ERROR_NEED_RANDOM 			    =	(SEC_ERROR_BASE + 63),
-SEC_ERROR_NO_MODULE 			    =	(SEC_ERROR_BASE + 64),
-SEC_ERROR_NO_TOKEN 			    =	(SEC_ERROR_BASE + 65),
-SEC_ERROR_READ_ONLY 			    =	(SEC_ERROR_BASE + 66),
-SEC_ERROR_NO_SLOT_SELECTED 		    =	(SEC_ERROR_BASE + 67),
-SEC_ERROR_CERT_NICKNAME_COLLISION 	    =	(SEC_ERROR_BASE + 68),
-SEC_ERROR_KEY_NICKNAME_COLLISION 	    =	(SEC_ERROR_BASE + 69),
-SEC_ERROR_SAFE_NOT_CREATED 		    =	(SEC_ERROR_BASE + 70),
-SEC_ERROR_BAGGAGE_NOT_CREATED 		    =	(SEC_ERROR_BASE + 71),
-XP_JAVA_REMOVE_PRINCIPAL_ERROR 		    =	(SEC_ERROR_BASE + 72),
-XP_JAVA_DELETE_PRIVILEGE_ERROR 		    =	(SEC_ERROR_BASE + 73),
-XP_JAVA_CERT_NOT_EXISTS_ERROR 		    =	(SEC_ERROR_BASE + 74),
-SEC_ERROR_BAD_EXPORT_ALGORITHM 		    =	(SEC_ERROR_BASE + 75),
-SEC_ERROR_EXPORTING_CERTIFICATES 	    =	(SEC_ERROR_BASE + 76),
-SEC_ERROR_IMPORTING_CERTIFICATES 	    =	(SEC_ERROR_BASE + 77),
-SEC_ERROR_PKCS12_DECODING_PFX 		    =	(SEC_ERROR_BASE + 78),
-SEC_ERROR_PKCS12_INVALID_MAC 		    =	(SEC_ERROR_BASE + 79),
-SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM  =	(SEC_ERROR_BASE + 80),
-SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE =	(SEC_ERROR_BASE + 81),
-SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE 	    =	(SEC_ERROR_BASE + 82),
-SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM  = 	(SEC_ERROR_BASE + 83),
-SEC_ERROR_PKCS12_UNSUPPORTED_VERSION 	    =	(SEC_ERROR_BASE + 84),
-SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT =	(SEC_ERROR_BASE + 85),
-SEC_ERROR_PKCS12_CERT_COLLISION 	    =	(SEC_ERROR_BASE + 86),
-SEC_ERROR_USER_CANCELLED 		    =	(SEC_ERROR_BASE + 87),
-SEC_ERROR_PKCS12_DUPLICATE_DATA 	    =	(SEC_ERROR_BASE + 88),
-SEC_ERROR_MESSAGE_SEND_ABORTED 		    =	(SEC_ERROR_BASE + 89),
-SEC_ERROR_INADEQUATE_KEY_USAGE 		    =	(SEC_ERROR_BASE + 90),
-SEC_ERROR_INADEQUATE_CERT_TYPE 		    =	(SEC_ERROR_BASE + 91),
-SEC_ERROR_CERT_ADDR_MISMATCH 		    =	(SEC_ERROR_BASE + 92),
-SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY 	    =	(SEC_ERROR_BASE + 93),
-SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN 	    =	(SEC_ERROR_BASE + 94),
+XP_SEC_FORTEZZA_BAD_CARD                    =   (SEC_ERROR_BASE + 50),
+XP_SEC_FORTEZZA_NO_CARD                     =   (SEC_ERROR_BASE + 51),
+XP_SEC_FORTEZZA_NONE_SELECTED               =   (SEC_ERROR_BASE + 52),
+XP_SEC_FORTEZZA_MORE_INFO                   =   (SEC_ERROR_BASE + 53),
+XP_SEC_FORTEZZA_PERSON_NOT_FOUND            =   (SEC_ERROR_BASE + 54),
+XP_SEC_FORTEZZA_NO_MORE_INFO                =   (SEC_ERROR_BASE + 55),
+XP_SEC_FORTEZZA_BAD_PIN                     =   (SEC_ERROR_BASE + 56),
+XP_SEC_FORTEZZA_PERSON_ERROR                =   (SEC_ERROR_BASE + 57),
+SEC_ERROR_NO_KRL                            =   (SEC_ERROR_BASE + 58),
+SEC_ERROR_KRL_EXPIRED                       =   (SEC_ERROR_BASE + 59),
+SEC_ERROR_KRL_BAD_SIGNATURE                 =   (SEC_ERROR_BASE + 60),
+SEC_ERROR_REVOKED_KEY                       =   (SEC_ERROR_BASE + 61),
+SEC_ERROR_KRL_INVALID                       =   (SEC_ERROR_BASE + 62),
+SEC_ERROR_NEED_RANDOM                       =   (SEC_ERROR_BASE + 63),
+SEC_ERROR_NO_MODULE                         =   (SEC_ERROR_BASE + 64),
+SEC_ERROR_NO_TOKEN                          =   (SEC_ERROR_BASE + 65),
+SEC_ERROR_READ_ONLY                         =   (SEC_ERROR_BASE + 66),
+SEC_ERROR_NO_SLOT_SELECTED                  =   (SEC_ERROR_BASE + 67),
+SEC_ERROR_CERT_NICKNAME_COLLISION           =   (SEC_ERROR_BASE + 68),
+SEC_ERROR_KEY_NICKNAME_COLLISION            =   (SEC_ERROR_BASE + 69),
+SEC_ERROR_SAFE_NOT_CREATED                  =   (SEC_ERROR_BASE + 70),
+SEC_ERROR_BAGGAGE_NOT_CREATED               =   (SEC_ERROR_BASE + 71),
+XP_JAVA_REMOVE_PRINCIPAL_ERROR              =   (SEC_ERROR_BASE + 72),
+XP_JAVA_DELETE_PRIVILEGE_ERROR              =   (SEC_ERROR_BASE + 73),
+XP_JAVA_CERT_NOT_EXISTS_ERROR               =   (SEC_ERROR_BASE + 74),
+SEC_ERROR_BAD_EXPORT_ALGORITHM              =   (SEC_ERROR_BASE + 75),
+SEC_ERROR_EXPORTING_CERTIFICATES            =   (SEC_ERROR_BASE + 76),
+SEC_ERROR_IMPORTING_CERTIFICATES            =   (SEC_ERROR_BASE + 77),
+SEC_ERROR_PKCS12_DECODING_PFX               =   (SEC_ERROR_BASE + 78),
+SEC_ERROR_PKCS12_INVALID_MAC                =   (SEC_ERROR_BASE + 79),
+SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM  =   (SEC_ERROR_BASE + 80),
+SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE =   (SEC_ERROR_BASE + 81),
+SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE      =   (SEC_ERROR_BASE + 82),
+SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM  =   (SEC_ERROR_BASE + 83),
+SEC_ERROR_PKCS12_UNSUPPORTED_VERSION        =   (SEC_ERROR_BASE + 84),
+SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT =   (SEC_ERROR_BASE + 85),
+SEC_ERROR_PKCS12_CERT_COLLISION             =   (SEC_ERROR_BASE + 86),
+SEC_ERROR_USER_CANCELLED                    =   (SEC_ERROR_BASE + 87),
+SEC_ERROR_PKCS12_DUPLICATE_DATA             =   (SEC_ERROR_BASE + 88),
+SEC_ERROR_MESSAGE_SEND_ABORTED              =   (SEC_ERROR_BASE + 89),
+SEC_ERROR_INADEQUATE_KEY_USAGE              =   (SEC_ERROR_BASE + 90),
+SEC_ERROR_INADEQUATE_CERT_TYPE              =   (SEC_ERROR_BASE + 91),
+SEC_ERROR_CERT_ADDR_MISMATCH                =   (SEC_ERROR_BASE + 92),
+SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY       =   (SEC_ERROR_BASE + 93),
+SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN       =   (SEC_ERROR_BASE + 94),
 SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME = (SEC_ERROR_BASE + 95),
-SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY 	    =	(SEC_ERROR_BASE + 96),
-SEC_ERROR_PKCS12_UNABLE_TO_WRITE 	    = 	(SEC_ERROR_BASE + 97),
-SEC_ERROR_PKCS12_UNABLE_TO_READ 	    =	(SEC_ERROR_BASE + 98),
-SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED 	 = (SEC_ERROR_BASE + 99),
-SEC_ERROR_KEYGEN_FAIL 			    =	(SEC_ERROR_BASE + 100),
-SEC_ERROR_INVALID_PASSWORD 		    =	(SEC_ERROR_BASE + 101),
-SEC_ERROR_RETRY_OLD_PASSWORD 		    =	(SEC_ERROR_BASE + 102),
-SEC_ERROR_BAD_NICKNAME 			    =	(SEC_ERROR_BASE + 103),
-SEC_ERROR_NOT_FORTEZZA_ISSUER 		    = 	(SEC_ERROR_BASE + 104),
+SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY       =   (SEC_ERROR_BASE + 96),
+SEC_ERROR_PKCS12_UNABLE_TO_WRITE            =   (SEC_ERROR_BASE + 97),
+SEC_ERROR_PKCS12_UNABLE_TO_READ             =   (SEC_ERROR_BASE + 98),
+SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99),
+SEC_ERROR_KEYGEN_FAIL                       =   (SEC_ERROR_BASE + 100),
+SEC_ERROR_INVALID_PASSWORD                  =   (SEC_ERROR_BASE + 101),
+SEC_ERROR_RETRY_OLD_PASSWORD                =   (SEC_ERROR_BASE + 102),
+SEC_ERROR_BAD_NICKNAME                      =   (SEC_ERROR_BASE + 103),
+SEC_ERROR_NOT_FORTEZZA_ISSUER               =   (SEC_ERROR_BASE + 104),
 SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY         =   (SEC_ERROR_BASE + 105),
-SEC_ERROR_JS_INVALID_MODULE_NAME 	    =	(SEC_ERROR_BASE + 106),
-SEC_ERROR_JS_INVALID_DLL 		    =	(SEC_ERROR_BASE + 107),
-SEC_ERROR_JS_ADD_MOD_FAILURE 		    =	(SEC_ERROR_BASE + 108),
-SEC_ERROR_JS_DEL_MOD_FAILURE 		    =	(SEC_ERROR_BASE + 109),
-SEC_ERROR_OLD_KRL 			    =	(SEC_ERROR_BASE + 110),
-SEC_ERROR_CKL_CONFLICT 			    =	(SEC_ERROR_BASE + 111),
-SEC_ERROR_CERT_NOT_IN_NAME_SPACE 	    =	(SEC_ERROR_BASE + 112),
-SEC_ERROR_KRL_NOT_YET_VALID 		    =	(SEC_ERROR_BASE + 113),
-SEC_ERROR_CRL_NOT_YET_VALID 		    =	(SEC_ERROR_BASE + 114),
-SEC_ERROR_UNKNOWN_CERT 			    =	(SEC_ERROR_BASE + 115),
-SEC_ERROR_UNKNOWN_SIGNER 		    =	(SEC_ERROR_BASE + 116),
-SEC_ERROR_CERT_BAD_ACCESS_LOCATION 	    =	(SEC_ERROR_BASE + 117),
-SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE 	    =	(SEC_ERROR_BASE + 118),
-SEC_ERROR_OCSP_BAD_HTTP_RESPONSE 	    =	(SEC_ERROR_BASE + 119),
-SEC_ERROR_OCSP_MALFORMED_REQUEST 	    =	(SEC_ERROR_BASE + 120),
-SEC_ERROR_OCSP_SERVER_ERROR 		    =	(SEC_ERROR_BASE + 121),
-SEC_ERROR_OCSP_TRY_SERVER_LATER 	    =	(SEC_ERROR_BASE + 122),
-SEC_ERROR_OCSP_REQUEST_NEEDS_SIG 	    =	(SEC_ERROR_BASE + 123),
-SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST 	    =	(SEC_ERROR_BASE + 124),
-SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS 	    =	(SEC_ERROR_BASE + 125),
-SEC_ERROR_OCSP_UNKNOWN_CERT 		    =	(SEC_ERROR_BASE + 126),
-SEC_ERROR_OCSP_NOT_ENABLED 		    =	(SEC_ERROR_BASE + 127),
-SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER 	    =	(SEC_ERROR_BASE + 128),
-SEC_ERROR_OCSP_MALFORMED_RESPONSE 	    =	(SEC_ERROR_BASE + 129),
-SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE 	    =	(SEC_ERROR_BASE + 130),
-SEC_ERROR_OCSP_FUTURE_RESPONSE 		    =	(SEC_ERROR_BASE + 131),
-SEC_ERROR_OCSP_OLD_RESPONSE 		    =	(SEC_ERROR_BASE + 132),
+SEC_ERROR_JS_INVALID_MODULE_NAME            =   (SEC_ERROR_BASE + 106),
+SEC_ERROR_JS_INVALID_DLL                    =   (SEC_ERROR_BASE + 107),
+SEC_ERROR_JS_ADD_MOD_FAILURE                =   (SEC_ERROR_BASE + 108),
+SEC_ERROR_JS_DEL_MOD_FAILURE                =   (SEC_ERROR_BASE + 109),
+SEC_ERROR_OLD_KRL                           =   (SEC_ERROR_BASE + 110),
+SEC_ERROR_CKL_CONFLICT                      =   (SEC_ERROR_BASE + 111),
+SEC_ERROR_CERT_NOT_IN_NAME_SPACE            =   (SEC_ERROR_BASE + 112),
+SEC_ERROR_KRL_NOT_YET_VALID                 =   (SEC_ERROR_BASE + 113),
+SEC_ERROR_CRL_NOT_YET_VALID                 =   (SEC_ERROR_BASE + 114),
+SEC_ERROR_UNKNOWN_CERT                      =   (SEC_ERROR_BASE + 115),
+SEC_ERROR_UNKNOWN_SIGNER                    =   (SEC_ERROR_BASE + 116),
+SEC_ERROR_CERT_BAD_ACCESS_LOCATION          =   (SEC_ERROR_BASE + 117),
+SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE        =   (SEC_ERROR_BASE + 118),
+SEC_ERROR_OCSP_BAD_HTTP_RESPONSE            =   (SEC_ERROR_BASE + 119),
+SEC_ERROR_OCSP_MALFORMED_REQUEST            =   (SEC_ERROR_BASE + 120),
+SEC_ERROR_OCSP_SERVER_ERROR                 =   (SEC_ERROR_BASE + 121),
+SEC_ERROR_OCSP_TRY_SERVER_LATER             =   (SEC_ERROR_BASE + 122),
+SEC_ERROR_OCSP_REQUEST_NEEDS_SIG            =   (SEC_ERROR_BASE + 123),
+SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST         =   (SEC_ERROR_BASE + 124),
+SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS      =   (SEC_ERROR_BASE + 125),
+SEC_ERROR_OCSP_UNKNOWN_CERT                 =   (SEC_ERROR_BASE + 126),
+SEC_ERROR_OCSP_NOT_ENABLED                  =   (SEC_ERROR_BASE + 127),
+SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER         =   (SEC_ERROR_BASE + 128),
+SEC_ERROR_OCSP_MALFORMED_RESPONSE           =   (SEC_ERROR_BASE + 129),
+SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE        =   (SEC_ERROR_BASE + 130),
+SEC_ERROR_OCSP_FUTURE_RESPONSE              =   (SEC_ERROR_BASE + 131),
+SEC_ERROR_OCSP_OLD_RESPONSE                 =   (SEC_ERROR_BASE + 132),
 /* smime stuff */
-SEC_ERROR_DIGEST_NOT_FOUND		    =	(SEC_ERROR_BASE + 133),
-SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE	    =	(SEC_ERROR_BASE + 134),
-SEC_ERROR_MODULE_STUCK			    =	(SEC_ERROR_BASE + 135),
-SEC_ERROR_BAD_TEMPLATE			    =	(SEC_ERROR_BASE + 136),
-SEC_ERROR_CRL_NOT_FOUND 		    =	(SEC_ERROR_BASE + 137),
+SEC_ERROR_DIGEST_NOT_FOUND                  =   (SEC_ERROR_BASE + 133),
+SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE          =   (SEC_ERROR_BASE + 134),
+SEC_ERROR_MODULE_STUCK                      =   (SEC_ERROR_BASE + 135),
+SEC_ERROR_BAD_TEMPLATE                      =   (SEC_ERROR_BASE + 136),
+SEC_ERROR_CRL_NOT_FOUND                     =   (SEC_ERROR_BASE + 137),
 SEC_ERROR_REUSED_ISSUER_AND_SERIAL          =   (SEC_ERROR_BASE + 138),
 SEC_ERROR_BUSY                              =   (SEC_ERROR_BASE + 139),
 SEC_ERROR_EXTRA_INPUT                       =   (SEC_ERROR_BASE + 140),
 /* error codes used by elliptic curve code */
-SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE	    =	(SEC_ERROR_BASE + 141),
-SEC_ERROR_UNSUPPORTED_EC_POINT_FORM	    =	(SEC_ERROR_BASE + 142),
-SEC_ERROR_UNRECOGNIZED_OID		    =	(SEC_ERROR_BASE + 143),
-SEC_ERROR_OCSP_INVALID_SIGNING_CERT	    =   (SEC_ERROR_BASE + 144),
+SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE        =   (SEC_ERROR_BASE + 141),
+SEC_ERROR_UNSUPPORTED_EC_POINT_FORM         =   (SEC_ERROR_BASE + 142),
+SEC_ERROR_UNRECOGNIZED_OID                  =   (SEC_ERROR_BASE + 143),
+SEC_ERROR_OCSP_INVALID_SIGNING_CERT         =   (SEC_ERROR_BASE + 144),
 /* new revocation errors */
-SEC_ERROR_REVOKED_CERTIFICATE_CRL	    =	(SEC_ERROR_BASE + 145),
-SEC_ERROR_REVOKED_CERTIFICATE_OCSP	    =	(SEC_ERROR_BASE + 146),
-SEC_ERROR_CRL_INVALID_VERSION               =	(SEC_ERROR_BASE + 147),
-SEC_ERROR_CRL_V1_CRITICAL_EXTENSION         =	(SEC_ERROR_BASE + 148),
-SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION    =	(SEC_ERROR_BASE + 149),
-SEC_ERROR_UNKNOWN_OBJECT_TYPE               =	(SEC_ERROR_BASE + 150),
-SEC_ERROR_INCOMPATIBLE_PKCS11               =	(SEC_ERROR_BASE + 151),
-SEC_ERROR_NO_EVENT                          = 	(SEC_ERROR_BASE + 152),
-SEC_ERROR_CRL_ALREADY_EXISTS                = 	(SEC_ERROR_BASE + 153),
-SEC_ERROR_NOT_INITIALIZED                   = 	(SEC_ERROR_BASE + 154),
-SEC_ERROR_TOKEN_NOT_LOGGED_IN               = 	(SEC_ERROR_BASE + 155),
-SEC_ERROR_OCSP_RESPONDER_CERT_INVALID      =	(SEC_ERROR_BASE + 156),
-SEC_ERROR_OCSP_BAD_SIGNATURE               =	(SEC_ERROR_BASE + 157),
-
-SEC_ERROR_OUT_OF_SEARCH_LIMITS             =	(SEC_ERROR_BASE + 158),
-SEC_ERROR_INVALID_POLICY_MAPPING           =	(SEC_ERROR_BASE + 159),
-SEC_ERROR_POLICY_VALIDATION_FAILED         =	(SEC_ERROR_BASE + 160),
+SEC_ERROR_REVOKED_CERTIFICATE_CRL           =   (SEC_ERROR_BASE + 145),
+SEC_ERROR_REVOKED_CERTIFICATE_OCSP          =   (SEC_ERROR_BASE + 146),
+SEC_ERROR_CRL_INVALID_VERSION               =   (SEC_ERROR_BASE + 147),
+SEC_ERROR_CRL_V1_CRITICAL_EXTENSION         =   (SEC_ERROR_BASE + 148),
+SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION    =   (SEC_ERROR_BASE + 149),
+SEC_ERROR_UNKNOWN_OBJECT_TYPE               =   (SEC_ERROR_BASE + 150),
+SEC_ERROR_INCOMPATIBLE_PKCS11               =   (SEC_ERROR_BASE + 151),
+SEC_ERROR_NO_EVENT                          =   (SEC_ERROR_BASE + 152),
+SEC_ERROR_CRL_ALREADY_EXISTS                =   (SEC_ERROR_BASE + 153),
+SEC_ERROR_NOT_INITIALIZED                   =   (SEC_ERROR_BASE + 154),
+SEC_ERROR_TOKEN_NOT_LOGGED_IN               =   (SEC_ERROR_BASE + 155),
+SEC_ERROR_OCSP_RESPONDER_CERT_INVALID       =   (SEC_ERROR_BASE + 156),
+SEC_ERROR_OCSP_BAD_SIGNATURE                =   (SEC_ERROR_BASE + 157),
+
+SEC_ERROR_OUT_OF_SEARCH_LIMITS              =   (SEC_ERROR_BASE + 158),
+SEC_ERROR_INVALID_POLICY_MAPPING            =   (SEC_ERROR_BASE + 159),
+SEC_ERROR_POLICY_VALIDATION_FAILED          =   (SEC_ERROR_BASE + 160),
 /* No longer used.  Unknown AIA location types are now silently ignored. */
-SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE        =	(SEC_ERROR_BASE + 161),
-SEC_ERROR_BAD_HTTP_RESPONSE                =	(SEC_ERROR_BASE + 162),
-SEC_ERROR_BAD_LDAP_RESPONSE                =	(SEC_ERROR_BASE + 163),
-SEC_ERROR_FAILED_TO_ENCODE_DATA            =	(SEC_ERROR_BASE + 164),
-SEC_ERROR_BAD_INFO_ACCESS_LOCATION         =	(SEC_ERROR_BASE + 165), 
+SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE         =   (SEC_ERROR_BASE + 161),
+SEC_ERROR_BAD_HTTP_RESPONSE                 =   (SEC_ERROR_BASE + 162),
+SEC_ERROR_BAD_LDAP_RESPONSE                 =   (SEC_ERROR_BASE + 163),
+SEC_ERROR_FAILED_TO_ENCODE_DATA             =   (SEC_ERROR_BASE + 164),
+SEC_ERROR_BAD_INFO_ACCESS_LOCATION          =   (SEC_ERROR_BASE + 165),
 
-SEC_ERROR_LIBPKIX_INTERNAL                 =	(SEC_ERROR_BASE + 166),
+SEC_ERROR_LIBPKIX_INTERNAL                  =   (SEC_ERROR_BASE + 166),
 
-SEC_ERROR_PKCS11_GENERAL_ERROR             =	(SEC_ERROR_BASE + 167),
-SEC_ERROR_PKCS11_FUNCTION_FAILED           =	(SEC_ERROR_BASE + 168),
-SEC_ERROR_PKCS11_DEVICE_ERROR              =	(SEC_ERROR_BASE + 169),
+SEC_ERROR_PKCS11_GENERAL_ERROR              =   (SEC_ERROR_BASE + 167),
+SEC_ERROR_PKCS11_FUNCTION_FAILED            =   (SEC_ERROR_BASE + 168),
+SEC_ERROR_PKCS11_DEVICE_ERROR               =   (SEC_ERROR_BASE + 169),
 
-SEC_ERROR_BAD_INFO_ACCESS_METHOD           =    (SEC_ERROR_BASE + 170),
-SEC_ERROR_CRL_IMPORT_FAILED                =    (SEC_ERROR_BASE + 171),
+SEC_ERROR_BAD_INFO_ACCESS_METHOD            =   (SEC_ERROR_BASE + 170),
+SEC_ERROR_CRL_IMPORT_FAILED                 =   (SEC_ERROR_BASE + 171),
 
-SEC_ERROR_EXPIRED_PASSWORD                 =    (SEC_ERROR_BASE + 172),
-SEC_ERROR_LOCKED_PASSWORD                  =    (SEC_ERROR_BASE + 173),
+SEC_ERROR_EXPIRED_PASSWORD                  =   (SEC_ERROR_BASE + 172),
+SEC_ERROR_LOCKED_PASSWORD                   =   (SEC_ERROR_BASE + 173),
 
-SEC_ERROR_UNKNOWN_PKCS11_ERROR             =	(SEC_ERROR_BASE + 174),
+SEC_ERROR_UNKNOWN_PKCS11_ERROR              =   (SEC_ERROR_BASE + 174),
 
-SEC_ERROR_BAD_CRL_DP_URL                   =	(SEC_ERROR_BASE + 175),
+SEC_ERROR_BAD_CRL_DP_URL                    =   (SEC_ERROR_BASE + 175),
 
-SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED =    (SEC_ERROR_BASE + 176),
+SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED =   (SEC_ERROR_BASE + 176),
 
-SEC_ERROR_LEGACY_DATABASE                  =	(SEC_ERROR_BASE + 177),
+SEC_ERROR_LEGACY_DATABASE                   =   (SEC_ERROR_BASE + 177),
 
-SEC_ERROR_APPLICATION_CALLBACK_ERROR       =    (SEC_ERROR_BASE + 178),
+SEC_ERROR_APPLICATION_CALLBACK_ERROR        =   (SEC_ERROR_BASE + 178),
 
 /* Add new error codes above here. */
-SEC_ERROR_END_OF_LIST 
+SEC_ERROR_END_OF_LIST
 } SECErrorCodes;
 #endif /* NO_SECURITY_ERROR_ENUM */
 
diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c
index e68d950..0f5970f 100644
--- a/security/nss/lib/util/utilmod.c
+++ b/security/nss/lib/util/utilmod.c
@@ -21,9 +21,37 @@
 #include "secport.h"
 #include "utilpars.h" 
 #include "secerr.h"
+
 #if defined (_WIN32)
 #include <io.h>
 #endif
+#ifdef XP_UNIX
+#include <unistd.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#if defined (_WIN32)
+#define os_open _open
+#define os_fdopen _fdopen
+#define os_stat _stat
+#define os_truncate_open_flags _O_CREAT|_O_RDWR|_O_TRUNC
+#define os_append_open_flags _O_CREAT|_O_RDWR|_O_APPEND
+#define os_open_permissions_type int
+#define os_open_permissions_default _S_IREAD | _S_IWRITE
+#define os_stat_type struct _stat
+#else
+#define os_open open
+#define os_fdopen fdopen
+#define os_stat stat
+#define os_truncate_open_flags O_CREAT|O_RDWR|O_TRUNC
+#define os_append_open_flags O_CREAT|O_RDWR|O_APPEND
+#define os_open_permissions_type mode_t
+#define os_open_permissions_default 0600
+#define os_stat_type struct stat
+#endif
 
 /****************************************************************
  *
@@ -132,27 +160,26 @@ char *_NSSUTIL_GetOldSecmodName(const char *dbname,const char *filename)
     return file;
 }
 
-static SECStatus nssutil_AddSecmodDB(const char *appName, 
-		   const char *filename, const char *dbname, 
-		   char *module, PRBool rw);
+static SECStatus nssutil_AddSecmodDBEntry(const char *appName,
+                                          const char *filename,
+                                          const char *dbname,
+                                          char *module, PRBool rw);
 
-#ifdef XP_UNIX
-#include <unistd.h>
-#endif
-#include <fcntl.h>
+enum lfopen_mode { lfopen_truncate, lfopen_append };
 
-/* same as fopen, except it doesn't use umask, but explicit */
 FILE *
-lfopen(const char *name, const char *mode, int flags)
+lfopen(const char *name, enum lfopen_mode om, os_open_permissions_type open_perms)
 {
     int fd;
     FILE *file;
 
-    fd = open(name, flags, 0600);
+    fd = os_open(name,
+                 (om == lfopen_truncate) ? os_truncate_open_flags : os_append_open_flags,
+                 open_perms);
     if (fd < 0) {
 	return NULL;
     }
-    file = fdopen(fd, mode);
+    file = os_fdopen(fd, (om == lfopen_truncate) ? "w+" : "a+");
     if (!file) {
 	close(fd);
     }
@@ -416,7 +443,7 @@ loser:
 	fclose(fd);
     } else if (!failed && rw) {
 	/* update our internal module */
-	nssutil_AddSecmodDB(appName,filename,dbname,moduleList[0],rw);
+	nssutil_AddSecmodDBEntry(appName, filename, dbname, moduleList[0], rw);
     }
     return moduleList;
 }
@@ -437,11 +464,15 @@ nssutil_ReleaseSecmodDBData(const char *appName,
  * Delete a module from the Data Base
  */
 static SECStatus
-nssutil_DeleteSecmodDB(const char *appName, 
-		      const char *filename, const char *dbname, 
-		      char *args, PRBool rw)
+nssutil_DeleteSecmodDBEntry(const char *appName,
+                            const char *filename,
+                            const char *dbname,
+                            char *args,
+                            PRBool rw)
 {
     /* SHDB_FIXME implement */
+    os_stat_type stat_existing;
+    os_open_permissions_type file_mode;
     FILE *fd = NULL;
     FILE *fd2 = NULL;
     char line[MAX_LINE_LENGTH];
@@ -467,10 +498,19 @@ nssutil_DeleteSecmodDB(const char *appName,
     if (dbname2 == NULL) goto loser;
     dbname2[strlen(dbname)-1]++;
 
+    /* get the permissions of the existing file, or use the default */
+    if (!os_stat(dbname, &stat_existing)) {
+	file_mode = stat_existing.st_mode;
+    } else {
+	file_mode = os_open_permissions_default;
+    }
+
     /* do we really want to use streams here */
     fd = fopen(dbname, "r");
     if (fd == NULL) goto loser;
-    fd2 = lfopen(dbname2, "w+", O_CREAT|O_RDWR|O_TRUNC);
+
+    fd2 = lfopen(dbname2, lfopen_truncate, file_mode);
+
     if (fd2 == NULL) goto loser;
 
     name = NSSUTIL_ArgGetParamValue("name",args);
@@ -566,10 +606,12 @@ loser:
  * Add a module to the Data base 
  */
 static SECStatus
-nssutil_AddSecmodDB(const char *appName, 
-		   const char *filename, const char *dbname, 
-		   char *module, PRBool rw)
+nssutil_AddSecmodDBEntry(const char *appName,
+                        const char *filename, const char *dbname,
+                         char *module, PRBool rw)
 {
+    os_stat_type stat_existing;
+    os_open_permissions_type file_mode;
     FILE *fd = NULL;
     char *block = NULL;
     PRBool libFound = PR_FALSE;
@@ -586,10 +628,16 @@ nssutil_AddSecmodDB(const char *appName,
     }
 
     /* remove the previous version if it exists */
-    (void) nssutil_DeleteSecmodDB(appName, filename, 
-				  dbname, module, rw);
+    (void) nssutil_DeleteSecmodDBEntry(appName, filename, dbname, module, rw);
+
+    /* get the permissions of the existing file, or use the default */
+    if (!os_stat(dbname, &stat_existing)) {
+	file_mode = stat_existing.st_mode;
+    } else {
+	file_mode = os_open_permissions_default;
+    }
 
-    fd = lfopen(dbname, "a+", O_CREAT|O_RDWR|O_APPEND);
+    fd = lfopen(dbname, lfopen_append, file_mode);
     if (fd == NULL) {
 	return SECFailure;
     }
@@ -665,16 +713,19 @@ NSSUTIL_DoModuleDBFunction(unsigned long function,char *parameters, void *args)
 				     secmod,(char *)parameters,rw);
         break;
     case SECMOD_MODULE_DB_FUNCTION_ADD:
-        rvstr = (nssutil_AddSecmodDB(appName,filename,
-		secmod,(char *)args,rw) == SECSuccess) ? &success: NULL;
+        rvstr = (nssutil_AddSecmodDBEntry(appName, filename,
+                                          secmod, (char *)args, rw)
+                 == SECSuccess) ? &success: NULL;
         break;
     case SECMOD_MODULE_DB_FUNCTION_DEL:
-        rvstr = (nssutil_DeleteSecmodDB(appName,filename,
-		secmod,(char *)args,rw) == SECSuccess) ? &success: NULL;
+        rvstr = (nssutil_DeleteSecmodDBEntry(appName, filename,
+                                             secmod, (char *)args, rw)
+                 == SECSuccess) ? &success: NULL;
         break;
     case SECMOD_MODULE_DB_FUNCTION_RELEASE:
-        rvstr = (nssutil_ReleaseSecmodDBData(appName,filename,
-		secmod, (char **)args,rw) == SECSuccess) ? &success: NULL;
+        rvstr = (nssutil_ReleaseSecmodDBData(appName, filename,
+                                             secmod, (char **)args, rw)
+                 == SECSuccess) ? &success: NULL;
         break;
     }
 done:
diff --git a/security/nss/lib/util/utilmodt.h b/security/nss/lib/util/utilmodt.h
index 825e59f..6adc5fb 100644
--- a/security/nss/lib/util/utilmodt.h
+++ b/security/nss/lib/util/utilmodt.h
@@ -23,10 +23,11 @@
 #define SECMOD_SSL_FLAG		0x00000800L
 #define SECMOD_TLS_FLAG		0x00001000L
 #define SECMOD_AES_FLAG 	0x00002000L
-#define SECMOD_SHA256_FLAG	0x00004000L
+#define SECMOD_SHA256_FLAG	0x00004000L     /* also for SHA224 */
 #define SECMOD_SHA512_FLAG	0x00008000L	/* also for SHA384 */
 #define SECMOD_CAMELLIA_FLAG 	0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */
 #define SECMOD_SEED_FLAG	0x00020000L
+#define SECMOD_ECC_FLAG		0x00040000L
 /* reserved bit for future, do not use */
 #define SECMOD_RESERVED_FLAG    0X08000000L
 #define SECMOD_FRIENDLY_FLAG	0x10000000L
diff --git a/security/nss/lib/zlib/config.mk b/security/nss/lib/zlib/config.mk
index 0091d01..696be5d 100644
--- a/security/nss/lib/zlib/config.mk
+++ b/security/nss/lib/zlib/config.mk
@@ -14,3 +14,7 @@ IMPORT_LIBRARY =
 PROGRAM        =
 
 EXTRA_LIBS     = $(LIBRARY)
+
+ifeq ($(OS_TARGET),Linux)
+DEFINES += -DHAVE_UNISTD_H
+endif
diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh
index ee10852..c0d2ba9 100755
--- a/security/nss/tests/all.sh
+++ b/security/nss/tests/all.sh
@@ -59,7 +59,7 @@
 #
 # Optional environment variables to enable specific NSS features:
 # ---------------------------------------------------------------
-#   NSS_ENABLE_ECC              - enable ECC
+#   NSS_DISABLE_ECC             - disable ECC
 #   NSS_ECC_MORE_THAN_SUITE_B   - enable extended ECC
 #
 # Optional environment variables to select which cycles/suites to test:
@@ -299,9 +299,15 @@ fi
 # created, we check for modutil to know whether the build
 # is complete. If a new file is created after that, the 
 # following test for modutil should check for that instead.
+# Exception: when building softoken only, shlibsign is the
+# last file created.
+if [ ${NSS_BUILD_SOFTOKEN_ONLY} -eq "1" ]; then
+  LAST_FILE_BUILT=shlibsign
+else
+  LAST_FILE_BUILT=modutil
+fi
 
-if [ ! -f ${DIST}/${OBJDIR}/bin/modutil -a  \
-     ! -f ${DIST}/${OBJDIR}/bin/modutil.exe ]; then
+if [ ! -f ${DIST}/${OBJDIR}/bin/${LAST_FILE_BUILT}${PROG_SUFFIX} ]; then
     echo "Build Incomplete. Aborting test." >> ${LOGFILE}
     html_head "Testing Initialization"
     Exit "Checking for build"
diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh
index b710b68..1a23c19 100755
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@@ -46,7 +46,7 @@ cert_init()
   fi
   SCRIPTNAME="cert.sh"
   CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       html_head "Certutil and Crlutil Tests with ECC"
   else
       html_head "Certutil and Crlutil Tests"
@@ -292,7 +292,7 @@ cert_create_cert()
         return $RET
     fi
 
-    if [ -n "$NSS_ENABLE_ECC" ] ; then
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 	CU_ACTION="Import EC Root CA for $CERTNAME"
 	certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
 	    -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
@@ -340,7 +340,7 @@ cert_add_cert()
 #
 #   Generate and add EC cert
 #
-    if [ -n "$NSS_ENABLE_ECC" ] ; then
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 	CURVE="secp384r1"
 	CU_ACTION="Generate EC Cert Request for $CERTNAME"
 	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec at bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
@@ -430,7 +430,7 @@ cert_all_CA()
     # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
     # in the chain
 
-    if [ -n "$NSS_ENABLE_ECC" ] ; then
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #       Create EC version of TestCA
 	CA_CURVE="secp521r1"
@@ -671,7 +671,7 @@ cert_smime_client()
   certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
         -i ${R_EVEDIR}/Eve.cert 2>&1
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       echo "$SCRIPTNAME: Importing EC Certificates =============================="
       CU_ACTION="Import Bob's EC cert into Alice's db"
       certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
@@ -742,7 +742,7 @@ cert_extended_ssl()
   certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
           -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
@@ -830,7 +830,7 @@ cert_extended_ssl()
   certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
           -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
@@ -920,7 +920,7 @@ cert_ssl()
   cert_add_cert 
   CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
   certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
       certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
   fi
@@ -940,8 +940,8 @@ cert_ssl()
   fi
 
   echo "$SCRIPTNAME: Creating database for OCSP stapling tests  ==============="
-  echo "cp -rv ${SERVERDIR} ${STAPLINGDIR}"
-  cp -rv ${R_SERVERDIR} ${R_STAPLINGDIR}
+  echo "cp -r ${SERVERDIR} ${STAPLINGDIR}"
+  cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
   pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
   pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
 }
@@ -1028,7 +1028,7 @@ cert_eccurves()
 {
   ################# Creating Certs for EC curves test ########################
   #
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
     echo "$SCRIPTNAME: Creating Server CA Issued Certificate for "
     echo "             EC Curves Test Certificates ------------------------------------"
 
@@ -1088,7 +1088,7 @@ cert_eccurves()
 	fi
     done
 
-  fi # if NSS_ENABLE_ECC=1
+  fi # $NSS_DISABLE_ECC
 }
 
 ########################### cert_extensions_test #############################
@@ -1176,6 +1176,201 @@ cert_extensions()
     done < ${QADIR}/cert/certext.txt
 }
 
+cert_make_with_param()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    MAKE="$3"
+    SUBJ="$4"
+    EXTRA="$5"
+    EXPECT="$6"
+    TESTNAME="$7"
+
+    echo certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA}
+    ${BINDIR}/certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA}
+        
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        # if we expected failure to create, then delete unexpected certificate
+        if [ "${EXPECT}" -ne 0 ]; then
+            ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME}
+        fi
+    
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - ${EXTRA}" 
+        cert_log "ERROR: ${TESTNAME} - ${EXTRA} failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_list_and_count_dns()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    EXPECT="$3"
+    EXPECTCOUNT="$4"
+    TESTNAME="$5"
+
+    echo certutil ${DIRPASS} -L ${CERTNAME}
+    ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME}
+
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - list and count" 
+        cert_log "ERROR: ${TESTNAME} - list and count failed"
+        return 1
+    fi
+
+    LISTCOUNT=`${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} | grep -wc DNS`
+    if [ "${LISTCOUNT}" -ne "${EXPECTCOUNT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - list and count" 
+        cert_log "ERROR: ${TESTNAME} - list and count failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_dump_ext_to_file()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    OID="$3"
+    OUTFILE="$4"
+    EXPECT="$5"
+    TESTNAME="$6"
+
+    echo certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID}
+    echo "writing output to ${OUTFILE}"
+    ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} > ${OUTFILE}
+        
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - dump to file"
+        cert_log "ERROR: ${TESTNAME} - dump to file failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_delete()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    EXPECT="$3"
+    TESTNAME="$4"
+
+    echo certutil ${DIRPASS} -D ${CERTNAME}
+    ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME}
+        
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - delete cert" 
+        cert_log "ERROR: ${TESTNAME} - delete cert failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_inc_count()
+{
+    COUNT=`expr ${COUNT} + 1`
+}
+
+############################## cert_crl_ssl ############################
+# test adding subject-alt-name, dumping, and adding generic extension
+########################################################################
+cert_san_and_generic_extensions()
+{
+    EXTDUMP=${CERT_EXTENSIONS_DIR}/sanext.der
+
+    DIR="-d ${CERT_EXTENSIONS_DIR} -f ${R_PWFILE}"
+    CERTNAME="-n WithSAN"
+    MAKE="-S -t ,, -x -z ${R_NOISE_FILE}"
+    SUBJ="CN=example.com"
+
+    TESTNAME="san-and-generic-extensions"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extSAN example.com" 255 \
+        "create cert with invalid SAN parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extSAN example.com,dns:www.example.com" 255 \
+        "create cert with invalid SAN parameter"
+
+    TN="create cert with valid SAN parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extSAN dns:example.com,dns:www.example.com" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \
+        "${TN}"
+
+    cert_inc_count
+    cert_dump_ext_to_file "${DIR}" "${CERTNAME}" "2.5.29.17" "${EXTDUMP}" 0 \
+        "dump extension 2.5.29.17 to file ${EXTDUMP}"
+
+    cert_inc_count
+    cert_delete "${DIR}" "${CERTNAME}" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \
+        "expect failure to list cert, because we deleted it"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric ${EXTDUMP}" 255 \
+        "create cert with invalid generic ext parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric not-critical:${EXTDUMP}" 255 \
+        "create cert with invalid generic ext parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric not-critical:${EXTDUMP},2.5.29.17:critical:${EXTDUMP}" 255 \
+        "create cert with invalid generic ext parameter"
+
+    TN="create cert with valid generic ext parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric 2.5.29.17:not-critical:${EXTDUMP}" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \
+        "${TN}"
+
+    cert_inc_count
+    cert_delete "${DIR}" "${CERTNAME}" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \
+        "expect failure to list cert, because we deleted it"
+}
+
 ############################## cert_crl_ssl ############################
 # local shell function to generate certs and crls for SSL tests
 ########################################################################
@@ -1227,7 +1422,7 @@ EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_1}_or
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
 
 #     Until Bug 292285 is resolved, do not encode x400 Addresses. After
@@ -1260,7 +1455,7 @@ EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_1}_or1
   TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Modify CRL (ECC) by adding one more cert"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
 	  -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
@@ -1284,7 +1479,7 @@ rmcert  ${UNREVOKED_CERT_GRP_1}
 EOF_CRLINI
   chmod 600 ${CRL_FILE_GRP_1}
   TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Modify CRL (ECC) by removing one cert"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
 	  -i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
@@ -1313,7 +1508,7 @@ rmcert  ${UNREVOKED_CERT_GRP_2}
 EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_2}
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
           -i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
@@ -1346,7 +1541,7 @@ addext crlNumber 0 2
 EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_3}
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
           -i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
@@ -1366,7 +1561,7 @@ EOF_CRLINI
   crlu -D -n TestCA  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Importing CRL (ECC) for groups 1"
       crlu -D -n TestCA-ec  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
       crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
@@ -1513,6 +1708,7 @@ if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then
 fi
 cert_eccurves
 cert_extensions
+cert_san_and_generic_extensions
 cert_test_password
 cert_test_distrust
 cert_test_ocspresp
diff --git a/security/nss/tests/chains/scenarios/nameconstraints.cfg b/security/nss/tests/chains/scenarios/nameconstraints.cfg
index 823e83d..d49e20e 100644
--- a/security/nss/tests/chains/scenarios/nameconstraints.cfg
+++ b/security/nss/tests/chains/scenarios/nameconstraints.cfg
@@ -7,16 +7,155 @@ scenario TrustAnchors
 db trustanchors
 
 import NameConstraints.ca:x:CT,C,C
+import NameConstraints.ncca:x:CT,C,C
+# Name Constrained CA:  Name constrained to permited DNSName ".example"
+import NameConstraints.dcisscopy:x:CT,C,C
 
+# Intermediate 1: Name constrained to permited DNSName ".example"
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.invalid"
+# altDNS: test.invalid
+#   Fail: CN not in name constraints, altDNS not in name constraints
 verify NameConstraints.server1:x
   cert NameConstraints.intermediate:x
   result fail
 
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test.invalid", no SAN
+#   Fail: CN not in name constraints
 verify NameConstraints.server2:x
   cert NameConstraints.intermediate:x
   result fail
 
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.example"
+# altDNS: test.example
 verify NameConstraints.server3:x
   cert NameConstraints.intermediate:x
   result pass
 
+# Intermediate 2: No name constraints, signed by Intermediate 1 (inherits name constraints)
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.invalid"
+# altDNS: test.invalid
+#   Fail: CN not in name constraints, altDNS not in name constraints
+verify NameConstraints.server4:x
+  cert NameConstraints.intermediate2:x
+  cert NameConstraints.intermediate:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test.invalid", no SAN
+#   Fail: CN not in name constraints
+verify NameConstraints.server5:x
+  cert NameConstraints.intermediate2:x
+  cert NameConstraints.intermediate:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.example"
+# altDNS: test.example
+verify NameConstraints.server6:x
+  cert NameConstraints.intermediate2:x
+  cert NameConstraints.intermediate:x
+  result pass
+
+# Intermediate 3: Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=NSS Intermediate CA3"
+#                 Name constrained to a permitted DirectoryName of "C=US, ST=CA, O=Foo"
+#                 and a permitted DNSName of "foo.example"
+
+# Intermediate 4: Subject: "C=US, ST=CA, O=Foo, CN=NSS Intermediate CA 2"
+#                 No name constraints present
+#                 Signed by Intermediate 3 (inherits name constraints)
+
+# Subject: "C=US, ST=CA, O=Foo, OU=bar, CN=bat.foo.example", no SAN
+verify NameConstraints.server7:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result pass
+
+# Subject: "C=US, ST=CA, O=Foo, CN=bat.foo.example", no SAN
+verify NameConstraints.server8:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result pass
+
+# Subject: "C=US, O=Foo, CN=bat.foo.example", no SAN
+#  Fail: ST is missing in the DirectoryName, thus not matching name constraints
+verify NameConstraints.server9:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Subject: "C=US, ST=CA, O=Foo, CN=bar.example"
+#  Fail: CN not in name constraints
+verify NameConstraints.server10:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Subject: "C=US, ST=CA, O=Foo, CN=site.example"
+# altDNS:foo.example
+#   Pass: Ignores CN constraint name violation because SAN is present
+verify NameConstraints.server11:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result pass
+
+# Subject: "C=US, ST=CA, O=Foo, CN=Honest Achmed"
+#   Fail: CN does not match DNS name constraints - even though is not 'DNS shaped'
+verify NameConstraints.server12:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Intermediate 5: Subject: "C=US, ST=CA, O=OtherOrg, CN=NSS Intermediate CA 2"
+#                 No name constraints present
+#                 Signed by Intermediate 3.
+#                 Intermediate 5's subject is not in Intermediate 3's permitted
+#                 names, so all certs issued by it are invalid.
+
+# Subject: "C=US, ST=CA, O=OtherOrg, CN=bat.foo.example"
+#   Fail: Org matches Intermediate 5's name constraints, but does not match
+#         Intermediate 3' name constraints
+verify NameConstraints.server13:x
+  cert NameConstraints.intermediate5:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Subject: "C=US, ST=CA, O=Foo, CN=another.foo.example"
+#  Fail: Matches Intermediate 5's name constraints, but fails because
+#        Intermediate 5 does not match Intermediate 3's name constraints
+verify NameConstraints.server14:x
+  cert NameConstraints.intermediate5:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Intermediate 6: Subject: "C=US, ST=CA, O=OtherOrg, CN=NSS Intermediate CA6"
+#                 No name constraints present
+#                 Signed by Named Constrained CA (inherits root name constraints)
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=testfoo.invalid"
+# altDNS: testfoo.invalid
+#   Fail: CN not in name constraints, altDNS not in name constraints
+verify NameConstraints.server15:x
+  cert NameConstraints.intermediate6:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test3.invalid", no SAN
+#   Fail: CN not in name constraints
+verify NameConstraints.server16:x
+  cert NameConstraints.intermediate6:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test4.example"
+# altDNS: test4.example
+verify NameConstraints.server17:x
+  cert NameConstraints.intermediate6:x
+  result pass
+
+# Subject: "C = US, ST=CA, O=Foo CN=foo.example.com"
+verify NameConstraints.dcissblocked:x
+  result fail
+
+# Subject: "C = US, ST=CA, O=Foo CN=foo.example.fr"
+verify NameConstraints.dcissallowed:x
+  result pass
+
+
diff --git a/security/nss/tests/cipher/cipher.sh b/security/nss/tests/cipher/cipher.sh
index a24af82..12e78e1 100755
--- a/security/nss/tests/cipher/cipher.sh
+++ b/security/nss/tests/cipher/cipher.sh
@@ -129,6 +129,12 @@ if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then
     return 0
 fi
 cipher_init
-cipher_main
-cipher_gcm
+# Skip cipher_main if this an NSS without softoken build.
+if [ "${NSS_BUILD_WITHOUT_SOFTOKEN}" != "1" ]; then
+    cipher_main
+fi
+# Skip cipher_gcm if this is a softoken only build.
+if [ "${NSS_BUILD_SOFTOKEN_ONLY}" != "1" ]; then
+    cipher_gcm
+fi
 cipher_cleanup
diff --git a/security/nss/tests/common/cleanup.sh b/security/nss/tests/common/cleanup.sh
index 66f2c26..17a62bb 100755
--- a/security/nss/tests/common/cleanup.sh
+++ b/security/nss/tests/common/cleanup.sh
@@ -14,6 +14,9 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then
     echo "HOST=${HOST}"
     echo "DOMSUF=${DOMSUF}"
     echo "BUILD_OPT=${BUILD_OPT}"
+    if [ "${OS_ARCH}" = "Linux" ]; then
+        echo "USE_X32=${USE_X32}"
+    fi
     echo "USE_64=${USE_64}"
     echo "NSS_CYCLES=\"${NSS_CYCLES}\""
     echo "NSS_TESTS=\"${NSS_TESTS}\""
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.ca.cert b/security/nss/tests/libpkix/certs/NameConstraints.ca.cert
index 9e859a0..6d2e846 100644
Binary files a/security/nss/tests/libpkix/certs/NameConstraints.ca.cert and b/security/nss/tests/libpkix/certs/NameConstraints.ca.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert
new file mode 100644
index 0000000..539adcf
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert
new file mode 100644
index 0000000..28f8491
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
new file mode 100644
index 0000000..a3fbd91
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert
index 6fe77d1..a310aa1 100644
Binary files a/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert
new file mode 100644
index 0000000..fc4b7c1
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert
new file mode 100644
index 0000000..051e55e
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert
new file mode 100644
index 0000000..6e7efd5
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert
new file mode 100644
index 0000000..823eccc
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert
new file mode 100644
index 0000000..a2f1705
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert b/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert
new file mode 100644
index 0000000..ecb24c7
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server1.cert b/security/nss/tests/libpkix/certs/NameConstraints.server1.cert
index 23088d1..60e8a1c 100644
Binary files a/security/nss/tests/libpkix/certs/NameConstraints.server1.cert and b/security/nss/tests/libpkix/certs/NameConstraints.server1.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server10.cert b/security/nss/tests/libpkix/certs/NameConstraints.server10.cert
new file mode 100644
index 0000000..21d9e87
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server10.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server11.cert b/security/nss/tests/libpkix/certs/NameConstraints.server11.cert
new file mode 100644
index 0000000..c458c8c
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server11.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server12.cert b/security/nss/tests/libpkix/certs/NameConstraints.server12.cert
new file mode 100644
index 0000000..1a4e6fe
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server12.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server13.cert b/security/nss/tests/libpkix/certs/NameConstraints.server13.cert
new file mode 100644
index 0000000..8b7295f
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server13.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server14.cert b/security/nss/tests/libpkix/certs/NameConstraints.server14.cert
new file mode 100644
index 0000000..8a989f9
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server14.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server15.cert b/security/nss/tests/libpkix/certs/NameConstraints.server15.cert
new file mode 100644
index 0000000..69d057c
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server15.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server16.cert b/security/nss/tests/libpkix/certs/NameConstraints.server16.cert
new file mode 100644
index 0000000..0b24d7a
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server16.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server17.cert b/security/nss/tests/libpkix/certs/NameConstraints.server17.cert
new file mode 100644
index 0000000..2fc9437
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server17.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server2.cert b/security/nss/tests/libpkix/certs/NameConstraints.server2.cert
index feac113..1c6e551 100644
Binary files a/security/nss/tests/libpkix/certs/NameConstraints.server2.cert and b/security/nss/tests/libpkix/certs/NameConstraints.server2.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server3.cert b/security/nss/tests/libpkix/certs/NameConstraints.server3.cert
index 5e69183..bd93572 100644
Binary files a/security/nss/tests/libpkix/certs/NameConstraints.server3.cert and b/security/nss/tests/libpkix/certs/NameConstraints.server3.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server4.cert b/security/nss/tests/libpkix/certs/NameConstraints.server4.cert
new file mode 100644
index 0000000..ca9d1b1
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server4.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server5.cert b/security/nss/tests/libpkix/certs/NameConstraints.server5.cert
new file mode 100644
index 0000000..1798de7
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server5.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server6.cert b/security/nss/tests/libpkix/certs/NameConstraints.server6.cert
new file mode 100644
index 0000000..5698f8e
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server6.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server7.cert b/security/nss/tests/libpkix/certs/NameConstraints.server7.cert
new file mode 100644
index 0000000..3cf85d0
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server7.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server8.cert b/security/nss/tests/libpkix/certs/NameConstraints.server8.cert
new file mode 100644
index 0000000..f0694ed
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server8.cert differ
diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server9.cert b/security/nss/tests/libpkix/certs/NameConstraints.server9.cert
new file mode 100644
index 0000000..517c0ae
Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server9.cert differ
diff --git a/security/nss/tests/libpkix/certs/make-nc b/security/nss/tests/libpkix/certs/make-nc
index 3f31272..b32dd65 100755
--- a/security/nss/tests/libpkix/certs/make-nc
+++ b/security/nss/tests/libpkix/certs/make-nc
@@ -94,10 +94,415 @@ y
 n
 CERTSCRIPT
 
+certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+
+certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+3
+foo.example
+1
+y
+5
+O=Foo,st=ca,c=us
+1
+n
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+3
+.example
+1
+n
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+#DCISS copy certs
+certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca at sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+#the following cert MUST not pass
+certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+#the following cert MUST not pass
+certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+
+
 certutil -d . -L -n ca -r > NameConstraints.ca.cert
 certutil -d . -L -n ica -r > NameConstraints.intermediate.cert
 certutil -d . -L -n server1 -r > NameConstraints.server1.cert
 certutil -d . -L -n server2 -r > NameConstraints.server2.cert
 certutil -d . -L -n server3 -r > NameConstraints.server3.cert
+certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert
+certutil -d . -L -n server4 -r > NameConstraints.server4.cert
+certutil -d . -L -n server5 -r > NameConstraints.server5.cert
+certutil -d . -L -n server6 -r > NameConstraints.server6.cert
+certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert
+certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert
+certutil -d . -L -n server7 -r > NameConstraints.server7.cert
+certutil -d . -L -n server8 -r > NameConstraints.server8.cert
+certutil -d . -L -n server9 -r > NameConstraints.server9.cert
+certutil -d . -L -n server10 -r > NameConstraints.server10.cert
+certutil -d . -L -n server11 -r > NameConstraints.server11.cert
+certutil -d . -L -n server11 -r > NameConstraints.server11.cert
+certutil -d . -L -n server12 -r > NameConstraints.server12.cert
+certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert
+certutil -d . -L -n server13 -r > NameConstraints.server13.cert
+certutil -d . -L -n server14 -r > NameConstraints.server14.cert
+certutil -d . -L -n ncca -r > NameConstraints.ncca.cert
+certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert
+certutil -d . -L -n server15 -r > NameConstraints.server15.cert
+certutil -d . -L -n server16 -r > NameConstraints.server16.cert
+certutil -d . -L -n server17 -r > NameConstraints.server17.cert
+certutil -d . -L -n dcisscopy -r >  NameConstraints.dcisscopy.cert
+certutil -d . -L -n dcissblocked -r >  NameConstraints.dcissblocked.cert
+certutil -d . -L -n dcissallowed -r >  NameConstraints.dcissallowed.cert
 
-echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert"
+echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert"
diff --git a/security/nss/tests/remote/Makefile b/security/nss/tests/remote/Makefile
index 126bcf4..efbd24e 100644
--- a/security/nss/tests/remote/Makefile
+++ b/security/nss/tests/remote/Makefile
@@ -80,7 +80,7 @@ package_for_testing:
 	echo 'export USE_64=$(USE_64)'               >> $(RTSH)
 	echo 'export BUILD_OPT=$(BUILD_OPT)'         >> $(RTSH)
 	echo 'export PKITS_DATA=$(PKITS_DATA)'       >> $(RTSH)
-	echo 'export NSS_ENABLE_ECC=$(NSS_ENABLE_ECC)'                       >> $(RTSH)
+	echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)'                     >> $(RTSH)
 	echo 'export NSS_ECC_MORE_THAN_SUITE_B=$(NSS_ECC_MORE_THAN_SUITE_B)' >> $(RTSH)
 	echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)'                   >> $(RTSH)
 ifeq ($(OS_TARGET),Android)
diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh
index cebbc68..2360100d 100755
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@@ -40,7 +40,7 @@ smime_init()
   fi
   SCRIPTNAME=smime.sh
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       html_head "S/MIME Tests with ECC"
   else
       html_head "S/MIME Tests"
@@ -85,7 +85,7 @@ smime_sign()
   html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
 
 # Test ECDSA signing for all hash algorithms.
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
       echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
       ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh
index 9f6cbbc..a2bccdf 100755
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@@ -82,7 +82,7 @@ ssl_init()
   USER_NICKNAME=TestUser
   NORM_EXT=""
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       ECC_STRING=" - with ECC"
   else
       ECC_STRING=""
@@ -202,7 +202,7 @@ start_selfserv()
       echo "$SCRIPTNAME: $testname ----"
   fi
   sparam=`echo $sparam | sed -e 's;_; ;g'`
-  if [ -n "$NSS_ENABLE_ECC" ] && \
+  if [ -z "$NSS_DISABLE_ECC" ] && \
      [ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1"  ] ; then
       ECC_OPTIONS="-e ${HOSTADDR}-ec"
   else
@@ -258,7 +258,7 @@ ssl_cov()
   html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
 
   testname=""
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       sparam="$CLONG"
   else
       sparam="$CSHORT"
@@ -292,7 +292,7 @@ ssl_cov()
       
       if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then
           echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
+      elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then
           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
@@ -374,7 +374,7 @@ ssl_auth()
           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
       elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
           echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      elif [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
+      elif [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
@@ -557,7 +557,7 @@ ssl_stress()
           echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
       elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
           echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      elif [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
+      elif [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then
           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
@@ -623,7 +623,7 @@ ssl_crl_ssl()
   while read ectype value sparam cparam testname
   do
     [ "$ectype" = "" ] && continue
-    if [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
+    if [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
         echo "$SCRIPTNAME: skipping $testname (ECC only)"
     elif [ "$ectype" = "SNI" ]; then
         continue
@@ -816,7 +816,7 @@ ssl_crl_cache()
     while read ectype value sparam cparam testname
       do
       [ "$ectype" = "" ] && continue
-      if [ "$ectype" = "ECC" -a  -z "$NSS_ENABLE_ECC" ] ; then
+      if [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
         echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "$ectype" = "SNI" ]; then
           continue
diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh
index a834177..26abf3e 100644
--- a/security/nss/tests/tools/tools.sh
+++ b/security/nss/tests/tools/tools.sh
@@ -76,7 +76,7 @@ tools_init()
   fi
   SCRIPTNAME=tools.sh
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       html_head "Tools Tests with ECC"
   else
       html_head "Tools Tests"
@@ -372,7 +372,7 @@ tools_p12_export_list_import_with_default_ciphers()
   
   export_list_import "DEFAULT" "DEFAULT"
 
-  if [ -n "$NSS_ENABLE_ECC" ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
       echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
       echo "         -w ${R_PWFILE}"





More information about the tbb-commits mailing list