Merge inbound to mozilla-central. a=merge
authorMihai Alexandru Michis <malexandru@mozilla.com>
Thu, 30 May 2019 12:45:32 +0300
changeset 476213 462fc926490158a7609e7a6ff6a8a0c9a6e01a48
parent 476188 7e901c73992d5b6e2a4111a69abc3af8a3491561 (current diff)
parent 476212 ff89e5a0dc662ab150000d427da4b744e6575064 (diff)
child 476214 345b106b69f6e75bfef582dcb061feec089e5095
child 476419 7871ae4cde15e5b937d0cac47f1d48685c100aca
push id86723
push usermalexandru@mozilla.com
push dateThu, 30 May 2019 09:50:36 +0000
treeherderautoland@345b106b69f6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmerge
milestone69.0a1
first release with
nightly linux32
462fc9264901 / 69.0a1 / 20190530094559 / files
nightly linux64
462fc9264901 / 69.0a1 / 20190530094559 / files
nightly mac
462fc9264901 / 69.0a1 / 20190530094559 / files
nightly win32
462fc9264901 / 69.0a1 / 20190530094559 / files
nightly win64
462fc9264901 / 69.0a1 / 20190530094559 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Merge inbound to mozilla-central. a=merge
--- a/ipc/chromium/src/chrome/common/ipc_channel_posix.cc
+++ b/ipc/chromium/src/chrome/common/ipc_channel_posix.cc
@@ -4,17 +4,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/ipc_channel_posix.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
-#if defined(OS_MACOSX)
+#if defined(OS_MACOSX) || defined(OS_NETBSD)
 #  include <sched.h>
 #endif
 #include <stddef.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/un.h>
@@ -695,23 +695,24 @@ bool Channel::ChannelImpl::ProcessOutgoi
 #endif
 
     if (bytes_written < 0) {
       switch (errno) {
         case EAGAIN:
           // Not an error; the sendmsg would have blocked, so return to the
           // event loop and try again later.
           break;
-#if defined(OS_MACOSX)
+#if defined(OS_MACOSX) || defined(OS_NETBSD)
           // (Note: this comment is copied from https://crrev.com/86c3d9ef4fdf6;
           // see also bug 1142693 comment #73.)
           //
           // On OS X if sendmsg() is trying to send fds between processes and
           // there isn't enough room in the output buffer to send the fd
-          // structure over atomically then EMSGSIZE is returned.
+          // structure over atomically then EMSGSIZE is returned. The same
+          // applies to NetBSD as well.
           //
           // EMSGSIZE presents a problem since the system APIs can only call us
           // when there's room in the socket buffer and not when there is
           // "enough" room.
           //
           // The current behavior is to return to the event loop when EMSGSIZE
           // is received and hopefull service another FD.  This is however still
           // technically a busy wait since the event loop will call us right
--- a/js/src/vm/Compartment.h
+++ b/js/src/vm/Compartment.h
@@ -28,17 +28,17 @@ namespace js {
 // to them.
 //
 // WrapperMaps have a complex key type because, in addition to mapping JSObjects
 // to their cross-compartment wrappers, they must also map non-atomized
 // JSStrings to their copies in the local compartment, and debuggee entities
 // (objects, scripts, etc.) to their representative objects in the Debugger API.
 class CrossCompartmentKey {
  public:
-  // [SMDOC]: Cross-compartment wrapper map entries for Debugger API objects
+  // [SMDOC] Cross-compartment wrapper map entries for Debugger API objects
   //
   // The Debugger API creates objects like Debugger.Object, Debugger.Script,
   // Debugger.Environment, etc. to refer to things in the debuggee. Each
   // Debugger gets at most one Debugger.Mumble for each referent:
   // Debugger.Mumbles are unique per referent per Debugger.
   //
   // Since a Debugger and its debuggee must be in different compartments, a
   // Debugger.Mumble's pointer to its referent is a cross-compartment edge, from
@@ -62,16 +62,24 @@ class CrossCompartmentKey {
   // a WasmInstanceObject can be the referent of both a Debugger.Script and a
   // Debugger.Source.
   //
   // Hence, to look up a Debugger.Mumble in the WrapperMap, we need a key that
   // includes 1) the referent, 2) the Debugger to which the Mumble belongs, and
   // 3) the specific type of Mumble we're looking for. Since mozilla::Variant
   // distinguishes alternatives by type only, we include a distinct type in
   // WrappedType for each sort of Debugger.Mumble.
+  //
+  // But Debugger wrapper table entries are more than just wrapper entries with
+  // fancy keys. Whereas an ordinary cross-compartment wrapper ensures that the
+  // wrapper's zone is swept no later than the referent's (but possibly
+  // earlier), a debugger cross-compartment entry forces the debuggee's and
+  // debugger's zones to be swept together: they are placed in the same sweep
+  // group. This is necessary to make some of Debugger's nice GC properties work
+  // out.
 
   // Common structure for all Debugger.Mumble keys.
   template <typename Referent>
   struct Debuggee {
     Debuggee(NativeObject* debugger, Referent* referent)
         : debugger(debugger), referent(referent) {}
 
     bool operator==(const Debuggee& other) const {
--- a/media/libnestegg/include/nestegg.h
+++ b/media/libnestegg/include/nestegg.h
@@ -145,16 +145,40 @@ typedef struct {
   unsigned int height;         /**< Height of the video frame in pixels. */
   unsigned int display_width;  /**< Display width of the video frame in pixels. */
   unsigned int display_height; /**< Display height of the video frame in pixels. */
   unsigned int crop_bottom;    /**< Pixels to crop from the bottom of the frame. */
   unsigned int crop_top;       /**< Pixels to crop from the top of the frame. */
   unsigned int crop_left;      /**< Pixels to crop from the left of the frame. */
   unsigned int crop_right;     /**< Pixels to crop from the right of the frame. */
   unsigned int alpha_mode;     /**< 1 if an additional opacity stream is available, otherwise 0. */
+  unsigned int matrix_coefficients;      /**< See Table 4 of ISO/IEC 23001-8:2016. */
+  unsigned int range;                    /**< Clipping of color ranges. */
+  unsigned int transfer_characteristics; /**< See Table 3 of ISO/IEC 23091-4. */
+  unsigned int primaries;                /**< See Table 2 of ISO/IEC 23091-4. */
+  double primary_r_chromacity_x;         /**< Red X chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double primary_r_chromacity_y;         /**< Red Y chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double primary_g_chromacity_x;         /**< Green X chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double primary_g_chromacity_y;         /**< Green Y chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double primary_b_chromacity_x;         /**< Blue X chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double primary_b_chromacity_y;         /**< Blue Y chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double white_point_chromaticity_x;     /**< White X chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double white_point_chromaticity_y;     /**< White Y chromaticity coordinate per CIE 1931.
+                                              NaN means element not present. */
+  double luminance_max;                  /**< Maximum luminance in cd/m2.
+                                              NaN means element not present. */
+  double luminance_min;                  /**< Minimum luminance in cd/m2.
+                                              NaN means element not present. */
 } nestegg_video_params;
 
 /** Parameters specific to an audio track. */
 typedef struct {
   double rate;           /**< Sampling rate in Hz. */
   unsigned int channels; /**< Number of audio channels. */
   unsigned int depth;    /**< Bits per sample. */
   uint64_t  codec_delay; /**< Nanoseconds that must be discarded from the start. */
--- a/media/libnestegg/moz.yaml
+++ b/media/libnestegg/moz.yaml
@@ -14,10 +14,10 @@ bugzilla:
 origin:
   name: "nestegg"
   description: "WebM demuxer"
 
   url: "https://github.com/kinetiknz/nestegg"
   license: "ISC"
 
   # update.sh will update this value
-  release: "f7a0b7cedc893b6683cf15cb210b1656c086d964 (2018-08-10 08:48:37 +1200)"
+  release: "90521e7f31194667101b340b8e7fc308c838a68c (2019-05-30 13:59:00 +1200)"
 
--- a/media/libnestegg/src/nestegg.c
+++ b/media/libnestegg/src/nestegg.c
@@ -83,16 +83,17 @@
 #define ID_PIXEL_WIDTH              0xb0
 #define ID_PIXEL_HEIGHT             0xba
 #define ID_PIXEL_CROP_BOTTOM        0x54aa
 #define ID_PIXEL_CROP_TOP           0x54bb
 #define ID_PIXEL_CROP_LEFT          0x54cc
 #define ID_PIXEL_CROP_RIGHT         0x54dd
 #define ID_DISPLAY_WIDTH            0x54b0
 #define ID_DISPLAY_HEIGHT           0x54ba
+#define ID_COLOUR                   0x55b0
 
 /* Audio Elements */
 #define ID_AUDIO                    0xe1
 #define ID_SAMPLING_FREQUENCY       0xb5
 #define ID_CHANNELS                 0x9f
 #define ID_BIT_DEPTH                0x6264
 
 /* Cues Elements */
@@ -111,16 +112,35 @@
 
 /* Encryption Elements */
 #define ID_CONTENT_ENCRYPTION       0x5035
 #define ID_CONTENT_ENC_ALGO         0x47e1
 #define ID_CONTENT_ENC_KEY_ID       0x47e2
 #define ID_CONTENT_ENC_AES_SETTINGS 0x47e7
 #define ID_AES_SETTINGS_CIPHER_MODE 0x47e8
 
+/* Colour Elements */
+#define ID_MATRIX_COEFFICIENTS      0x55b1
+#define ID_RANGE                    0x55b9
+#define ID_TRANSFER_CHARACTERISTICS 0x55ba
+#define ID_PRIMARIES                0x55bb
+#define ID_MASTERING_METADATA       0x55d0
+
+/* MasteringMetadata Elements */
+#define ID_PRIMARY_R_CHROMATICITY_X   0x55d1
+#define ID_PRIMARY_R_CHROMATICITY_Y   0x55d2
+#define ID_PRIMARY_G_CHROMATICITY_X   0x55d3
+#define ID_PRIMARY_G_CHROMATICITY_Y   0x55d4
+#define ID_PRIMARY_B_CHROMATICITY_X   0x55d5
+#define ID_PRIMARY_B_CHROMATICITY_Y   0x55d6
+#define ID_WHITE_POINT_CHROMATICITY_X 0x55d7
+#define ID_WHITE_POINT_CHROMATICITY_Y 0x55d8
+#define ID_LUMINANCE_MAX              0x55d9
+#define ID_LUMINANCE_MIN              0x55da
+
 /* EBML Types */
 enum ebml_type_enum {
   TYPE_UNKNOWN,
   TYPE_MASTER,
   TYPE_UINT,
   TYPE_FLOAT,
   TYPE_STRING,
   TYPE_BINARY
@@ -229,27 +249,49 @@ struct seek_head {
   struct ebml_list seek;
 };
 
 struct info {
   struct ebml_type timecode_scale;
   struct ebml_type duration;
 };
 
+struct mastering_metadata {
+  struct ebml_type primary_r_chromacity_x;
+  struct ebml_type primary_r_chromacity_y;
+  struct ebml_type primary_g_chromacity_x;
+  struct ebml_type primary_g_chromacity_y;
+  struct ebml_type primary_b_chromacity_x;
+  struct ebml_type primary_b_chromacity_y;
+  struct ebml_type white_point_chromaticity_x;
+  struct ebml_type white_point_chromaticity_y;
+  struct ebml_type luminance_max;
+  struct ebml_type luminance_min;
+};
+
+struct colour {
+  struct ebml_type matrix_coefficients;
+  struct ebml_type range;
+  struct ebml_type transfer_characteristics;
+  struct ebml_type primaries;
+  struct mastering_metadata mastering_metadata;
+};
+
 struct video {
   struct ebml_type stereo_mode;
   struct ebml_type alpha_mode;
   struct ebml_type pixel_width;
   struct ebml_type pixel_height;
   struct ebml_type pixel_crop_bottom;
   struct ebml_type pixel_crop_top;
   struct ebml_type pixel_crop_left;
   struct ebml_type pixel_crop_right;
   struct ebml_type display_width;
   struct ebml_type display_height;
+  struct colour colour;
 };
 
 struct audio {
   struct ebml_type sampling_frequency;
   struct ebml_type channels;
   struct ebml_type bit_depth;
 };
 
@@ -447,27 +489,50 @@ static struct ebml_element_desc ne_seek_
 };
 
 static struct ebml_element_desc ne_info_elements[] = {
   E_FIELD(ID_TIMECODE_SCALE, TYPE_UINT, struct info, timecode_scale),
   E_FIELD(ID_DURATION, TYPE_FLOAT, struct info, duration),
   E_LAST
 };
 
+static struct ebml_element_desc ne_mastering_metadata_elements[] = {
+  E_FIELD(ID_PRIMARY_R_CHROMATICITY_X, TYPE_FLOAT, struct mastering_metadata, primary_r_chromacity_x),
+  E_FIELD(ID_PRIMARY_R_CHROMATICITY_Y, TYPE_FLOAT, struct mastering_metadata, primary_r_chromacity_y),
+  E_FIELD(ID_PRIMARY_G_CHROMATICITY_X, TYPE_FLOAT, struct mastering_metadata, primary_g_chromacity_x),
+  E_FIELD(ID_PRIMARY_G_CHROMATICITY_Y, TYPE_FLOAT, struct mastering_metadata, primary_g_chromacity_y),
+  E_FIELD(ID_PRIMARY_B_CHROMATICITY_X, TYPE_FLOAT, struct mastering_metadata, primary_b_chromacity_x),
+  E_FIELD(ID_PRIMARY_B_CHROMATICITY_Y, TYPE_FLOAT, struct mastering_metadata, primary_b_chromacity_y),
+  E_FIELD(ID_WHITE_POINT_CHROMATICITY_X, TYPE_FLOAT, struct mastering_metadata, white_point_chromaticity_x),
+  E_FIELD(ID_WHITE_POINT_CHROMATICITY_Y, TYPE_FLOAT, struct mastering_metadata, white_point_chromaticity_y),
+  E_FIELD(ID_LUMINANCE_MAX, TYPE_FLOAT, struct mastering_metadata, luminance_max),
+  E_FIELD(ID_LUMINANCE_MIN, TYPE_FLOAT, struct mastering_metadata, luminance_min),
+};
+
+static struct ebml_element_desc ne_colour_elements[] = {
+  E_FIELD(ID_MATRIX_COEFFICIENTS, TYPE_UINT, struct colour, matrix_coefficients),
+  E_FIELD(ID_RANGE, TYPE_UINT, struct colour, range),
+  E_FIELD(ID_TRANSFER_CHARACTERISTICS, TYPE_UINT, struct colour, transfer_characteristics),
+  E_FIELD(ID_PRIMARIES, TYPE_UINT, struct colour, primaries),
+  E_SINGLE_MASTER(ID_MASTERING_METADATA, TYPE_MASTER, struct colour, mastering_metadata),
+  E_LAST
+};
+
 static struct ebml_element_desc ne_video_elements[] = {
   E_FIELD(ID_STEREO_MODE, TYPE_UINT, struct video, stereo_mode),
   E_FIELD(ID_ALPHA_MODE, TYPE_UINT, struct video, alpha_mode),
   E_FIELD(ID_PIXEL_WIDTH, TYPE_UINT, struct video, pixel_width),
   E_FIELD(ID_PIXEL_HEIGHT, TYPE_UINT, struct video, pixel_height),
   E_FIELD(ID_PIXEL_CROP_BOTTOM, TYPE_UINT, struct video, pixel_crop_bottom),
   E_FIELD(ID_PIXEL_CROP_TOP, TYPE_UINT, struct video, pixel_crop_top),
   E_FIELD(ID_PIXEL_CROP_LEFT, TYPE_UINT, struct video, pixel_crop_left),
   E_FIELD(ID_PIXEL_CROP_RIGHT, TYPE_UINT, struct video, pixel_crop_right),
   E_FIELD(ID_DISPLAY_WIDTH, TYPE_UINT, struct video, display_width),
   E_FIELD(ID_DISPLAY_HEIGHT, TYPE_UINT, struct video, display_height),
+  E_SINGLE_MASTER(ID_COLOUR, TYPE_MASTER, struct video, colour),
   E_LAST
 };
 
 static struct ebml_element_desc ne_audio_elements[] = {
   E_FIELD(ID_SAMPLING_FREQUENCY, TYPE_FLOAT, struct audio, sampling_frequency),
   E_FIELD(ID_CHANNELS, TYPE_UINT, struct audio, channels),
   E_FIELD(ID_BIT_DEPTH, TYPE_UINT, struct audio, bit_depth),
   E_LAST
@@ -2359,20 +2424,20 @@ nestegg_track_type(nestegg * ctx, unsign
 
   entry = ne_find_track_entry(ctx, track);
   if (!entry)
     return -1;
 
   if (ne_get_uint(entry->type, &type) != 0)
     return -1;
 
-  if (type & TRACK_TYPE_VIDEO)
+  if (type == TRACK_TYPE_VIDEO)
     return NESTEGG_TRACK_VIDEO;
 
-  if (type & TRACK_TYPE_AUDIO)
+  if (type == TRACK_TYPE_AUDIO)
     return NESTEGG_TRACK_AUDIO;
 
   return NESTEGG_TRACK_UNKNOWN;
 }
 
 int
 nestegg_track_codec_id(nestegg * ctx, unsigned int track)
 {
@@ -2521,16 +2586,17 @@ nestegg_track_codec_data(nestegg * ctx, 
 }
 
 int
 nestegg_track_video_params(nestegg * ctx, unsigned int track,
                            nestegg_video_params * params)
 {
   struct track_entry * entry;
   uint64_t value;
+  double fvalue;
 
   memset(params, 0, sizeof(*params));
 
   entry = ne_find_track_entry(ctx, track);
   if (!entry)
     return -1;
 
   if (nestegg_track_type(ctx, track) != NESTEGG_TRACK_VIDEO)
@@ -2573,16 +2639,72 @@ nestegg_track_video_params(nestegg * ctx
   value = params->width;
   ne_get_uint(entry->video.display_width, &value);
   params->display_width = value;
 
   value = params->height;
   ne_get_uint(entry->video.display_height, &value);
   params->display_height = value;
 
+  value = 2;
+  ne_get_uint(entry->video.colour.matrix_coefficients, &value);
+  params->matrix_coefficients = value;
+
+  value = 0;
+  ne_get_uint(entry->video.colour.range, &value);
+  params->range = value;
+
+  value = 2;
+  ne_get_uint(entry->video.colour.transfer_characteristics, &value);
+  params->transfer_characteristics = value;
+
+  value = 2;
+  ne_get_uint(entry->video.colour.primaries, &value);
+  params->primaries = value;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.primary_r_chromacity_x, &fvalue);
+  params->primary_r_chromacity_x = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.primary_r_chromacity_y, &fvalue);
+  params->primary_r_chromacity_y = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.primary_g_chromacity_x, &fvalue);
+  params->primary_g_chromacity_x = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.primary_g_chromacity_y, &fvalue);
+  params->primary_g_chromacity_y = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.primary_b_chromacity_x, &fvalue);
+  params->primary_b_chromacity_x = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.primary_b_chromacity_y, &fvalue);
+  params->primary_b_chromacity_y = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.white_point_chromaticity_x, &fvalue);
+  params->white_point_chromaticity_x = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.white_point_chromaticity_y, &fvalue);
+  params->white_point_chromaticity_y = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.luminance_max, &fvalue);
+  params->luminance_max = fvalue;
+
+  fvalue = strtod("NaN", NULL);
+  ne_get_float(entry->video.colour.mastering_metadata.luminance_min, &fvalue);
+  params->luminance_min = fvalue;
+
   return 0;
 }
 
 int
 nestegg_track_audio_params(nestegg * ctx, unsigned int track,
                            nestegg_audio_params * params)
 {
   struct track_entry * entry;
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-ec6843bc0ce7
+29a48b604602
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -45,16 +45,17 @@ clean=0
 rebuild_gyp=0
 rebuild_nspr=0
 target=Debug
 verbose=0
 fuzz=0
 fuzz_tls=0
 fuzz_oss=0
 no_local_nspr=0
+sslkeylogfile=1
 
 gyp_params=(--depth="$cwd" --generator-output=".")
 ninja_params=()
 
 # Assume that the target architecture is the same as the host by default.
 host_arch=$(python "$cwd"/coreconf/detect_host_arch.py)
 target_arch=$host_arch
 
@@ -98,30 +99,33 @@ while [ $# -gt 0 ]; do
         --ct-verif) gyp_params+=(-Dct_verif=1) ;;
         --nspr) nspr_clean; rebuild_nspr=1 ;;
         --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
         --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
         --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
         --enable-fips) gyp_params+=(-Ddisable_fips=0) ;;
         --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
         --mozpkix-only) gyp_params+=(-Dmozpkix_only=1 -Ddisable_tests=1 -Dsign_libs=0) ;;
+        --disable-keylog) sslkeylogfile=0 ;;
 	-D*) gyp_params+=("$1") ;;
         *) show_help; exit 2 ;;
     esac
     shift
 done
 
 # Set the target architecture and build type.
 gyp_params+=(-Dtarget_arch="$target_arch")
 if [ "$opt_build" = 1 ]; then
     target=Release
 else
     target=Debug
 fi
 
+gyp_params+=(-Denable_sslkeylogfile="$sslkeylogfile")
+
 # Do special setup.
 if [ "$fuzz" = 1 ]; then
     source "$cwd"/coreconf/fuzz.sh
 fi
 nspr_set_flags $sanitizer_flags
 if [ ! -z "$sanitizer_flags" ]; then
     gyp_params+=(-Dsanitizer_flags="$sanitizer_flags")
 fi
--- a/security/nss/coreconf/OpenBSD.mk
+++ b/security/nss/coreconf/OpenBSD.mk
@@ -31,11 +31,16 @@ OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLA
 OS_LIBS			= 
 
 ARCH			= openbsd
 
 DSO_CFLAGS		= -fPIC -DPIC
 DSO_LDOPTS		= -shared -fPIC -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
 
 MKSHLIB			= $(CC) $(DSO_LDOPTS)
+ifdef MAPFILE
+	MKSHLIB += -Wl,--version-script,$(MAPFILE)
+endif
+PROCESS_MAP_FILE = grep -v ';-' $< | \
+        sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
 
 USE_SYSTEM_ZLIB		= 1
 ZLIB_LIBS		= -lz
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/gtests/ssl_gtest/Makefile
+++ b/security/nss/gtests/ssl_gtest/Makefile
@@ -31,16 +31,22 @@ CFLAGS += -I$(CORE_DEPTH)/lib/ssl
 
 ifdef NSS_DISABLE_TLS_1_3
 NSS_DISABLE_TLS_1_3=1
 # Run parameterized tests only, for which we can easily exclude TLS 1.3
 CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
 CFLAGS += -DNSS_DISABLE_TLS_1_3
 endif
 
+ifdef NSS_ALLOW_SSLKEYLOGFILE
+SSLKEYLOGFILE_FILES = ssl_keylog_unittest.cc
+else
+SSLKEYLOGFILE_FILES = $(NULL)
+endif
+
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
 
 include $(CORE_DEPTH)/coreconf/rules.mk
 
 #######################################################################
 # (6) Execute "component" rules. (OPTIONAL)                           #
--- a/security/nss/gtests/ssl_gtest/manifest.mn
+++ b/security/nss/gtests/ssl_gtest/manifest.mn
@@ -15,28 +15,28 @@ CPPSRCS = \
       bloomfilter_unittest.cc \
       ssl_0rtt_unittest.cc \
       ssl_agent_unittest.cc \
       ssl_auth_unittest.cc \
       ssl_cert_ext_unittest.cc \
       ssl_ciphersuite_unittest.cc \
       ssl_custext_unittest.cc \
       ssl_damage_unittest.cc \
+      ssl_debug_env_unittest.cc \
       ssl_dhe_unittest.cc \
       ssl_drop_unittest.cc \
       ssl_ecdh_unittest.cc \
       ssl_ems_unittest.cc \
       ssl_exporter_unittest.cc \
       ssl_extension_unittest.cc \
       ssl_fragment_unittest.cc \
       ssl_fuzz_unittest.cc \
       ssl_gather_unittest.cc \
       ssl_gtest.cc \
       ssl_hrr_unittest.cc \
-      ssl_keylog_unittest.cc \
       ssl_keyupdate_unittest.cc \
       ssl_loopback_unittest.cc \
       ssl_misc_unittest.cc \
       ssl_primitive_unittest.cc \
       ssl_record_unittest.cc \
       ssl_recordsep_unittest.cc \
       ssl_recordsize_unittest.cc \
       ssl_resumption_unittest.cc \
@@ -50,16 +50,17 @@ CPPSRCS = \
       selfencrypt_unittest.cc \
       test_io.cc \
       tls_agent.cc \
       tls_connect.cc \
       tls_hkdf_unittest.cc \
       tls_filter.cc \
       tls_protect.cc \
       tls_esni_unittest.cc \
+      $(SSLKEYLOGFILE_FILES) \
       $(NULL)
 
 INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
 REQUIRES = nspr nss libdbm gtest cpputil
 
--- a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -532,16 +532,50 @@ TEST_F(TlsConnectStreamTls13, PostHandsh
   EXPECT_LT(0U, capture_cert_req->buffer().len());
   EXPECT_EQ(capture_cert_req->buffer().len(),
             capture_certificate->buffer().len());
   EXPECT_EQ(0, memcmp(capture_cert_req->buffer().data(),
                       capture_certificate->buffer().data(),
                       capture_cert_req->buffer().len()));
 }
 
+// Check if post-handshake auth still works when session tickets are enabled:
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) {
+  EnsureTlsSetup();
+  client_->SetupClientAuth();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
+                                      SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
+  size_t called = 0;
+  server_->SetAuthCertificateCallback(
+      [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
+        called++;
+        return SECSuccess;
+      });
+  Connect();
+  EXPECT_EQ(0U, called);
+  // Send CertificateRequest.
+  EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
+                            client_->ssl_fd(), GetClientAuthDataHook, nullptr));
+  EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+      << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+  server_->SendData(50);
+  client_->ReadBytes(50);
+  client_->SendData(50);
+  server_->ReadBytes(50);
+  EXPECT_EQ(1U, called);
+  ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
+  ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
+  EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
 // In TLS 1.3, the client sends its cert rejection on the
 // second flight, and since it has already received the
 // server's Finished, it transitions to complete and
 // then gets an alert from the server. The test harness
 // doesn't handle this right yet.
 TEST_P(TlsConnectStream, DISABLED_ClientAuthRequiredRejected) {
   server_->RequestClientAuth(true);
   ConnectExpectFail();
@@ -696,16 +730,54 @@ TEST_P(TlsConnectTls12, ClientAuthIncons
   EnsureTlsSetup();
 
   MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(client_,
                                                  ssl_sig_rsa_pss_pss_sha256);
 
   ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
 }
 
+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) {
+  static const SSLSignatureScheme kSignatureScheme[] = {
+      ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256};
+
+  Reset(TlsAgent::kServerRsa, "rsa");
+  client_->SetSignatureSchemes(kSignatureScheme,
+                               PR_ARRAY_SIZE(kSignatureScheme));
+  server_->SetSignatureSchemes(kSignatureScheme,
+                               PR_ARRAY_SIZE(kSignatureScheme));
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+
+  auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>(
+      client_, kTlsHandshakeCertificateVerify);
+  capture_cert_verify->EnableDecryption();
+
+  Connect();
+  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256,
+                 1024);
+}
+
+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) {
+  static const SSLSignatureScheme kSignatureScheme[] = {
+      ssl_sig_rsa_pkcs1_sha256};
+
+  Reset(TlsAgent::kServerRsa, "rsa");
+  client_->SetSignatureSchemes(kSignatureScheme,
+                               PR_ARRAY_SIZE(kSignatureScheme));
+  server_->SetSignatureSchemes(kSignatureScheme,
+                               PR_ARRAY_SIZE(kSignatureScheme));
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+
+  ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
 class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
  public:
   TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a)
       : TlsHandshakeFilter(a, {kTlsHandshakeCertificateRequest}) {}
   virtual PacketFilter::Action FilterHandshake(
       const TlsHandshakeFilter::HandshakeHeader& header,
       const DataBuffer& input, DataBuffer* output) {
     TlsParser parser(input);
@@ -928,17 +1000,17 @@ TEST_P(TlsConnectTls13, InconsistentSign
       server_, ssl_sig_ecdsa_secp256r1_sha256);
   filter->EnableDecryption();
 
   ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
   server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
   client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
 }
 
-TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
+TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) {
   server_->SetSignatureSchemes(kSignatureSchemeRsaSha384,
                                PR_ARRAY_SIZE(kSignatureSchemeRsaSha384));
   server_->RequestClientAuth(false);
   Connect();
 }
 
 class BeforeFinished : public TlsRecordFilter {
  private:
@@ -1390,22 +1462,31 @@ TEST_P(TlsSignatureSchemeConfiguration, 
   server_->SetSignatureSchemes(&signature_scheme_, 1);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, auth_type_, signature_scheme_);
 }
 
 INSTANTIATE_TEST_CASE_P(
     SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
     ::testing::Combine(
-        TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
+        TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12,
         ::testing::Values(TlsAgent::kServerRsaSign),
         ::testing::Values(ssl_auth_rsa_sign),
         ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
                           ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256,
                           ssl_sig_rsa_pss_rsae_sha384)));
+// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
+                       TlsConnectTestBase::kTlsV13,
+                       ::testing::Values(TlsAgent::kServerRsaSign),
+                       ::testing::Values(ssl_auth_rsa_sign),
+                       ::testing::Values(ssl_sig_rsa_pss_rsae_sha256,
+                                         ssl_sig_rsa_pss_rsae_sha384)));
 // PSS with SHA-512 needs a bigger key to work.
 INSTANTIATE_TEST_CASE_P(
     SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
     ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
                        TlsConnectTestBase::kTlsV12Plus,
                        ::testing::Values(TlsAgent::kRsa2048),
                        ::testing::Values(ssl_auth_rsa_sign),
                        ::testing::Values(ssl_sig_rsa_pss_rsae_sha512)));
--- a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -63,22 +63,16 @@ class TlsCipherSuiteTestBase : public Tl
       client_->SetSignatureSchemes(&sig_scheme_, 1);
       server_->SetSignatureSchemes(&sig_scheme_, 1);
     }
   }
 
   virtual void SetupCertificate() {
     if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
       switch (sig_scheme_) {
-        case ssl_sig_rsa_pkcs1_sha256:
-        case ssl_sig_rsa_pkcs1_sha384:
-        case ssl_sig_rsa_pkcs1_sha512:
-          Reset(TlsAgent::kServerRsaSign);
-          auth_type_ = ssl_auth_rsa_sign;
-          break;
         case ssl_sig_rsa_pss_rsae_sha256:
         case ssl_sig_rsa_pss_rsae_sha384:
           Reset(TlsAgent::kServerRsaSign);
           auth_type_ = ssl_auth_rsa_sign;
           break;
         case ssl_sig_rsa_pss_rsae_sha512:
           // You can't fit SHA-512 PSS in a 1024-bit key.
           Reset(TlsAgent::kRsa2048);
@@ -325,16 +319,22 @@ static const auto kDummySignatureSchemes
 static SSLSignatureScheme kSignatureSchemesParamsArr[] = {
     ssl_sig_rsa_pkcs1_sha256,       ssl_sig_rsa_pkcs1_sha384,
     ssl_sig_rsa_pkcs1_sha512,       ssl_sig_ecdsa_secp256r1_sha256,
     ssl_sig_ecdsa_secp384r1_sha384, ssl_sig_rsa_pss_rsae_sha256,
     ssl_sig_rsa_pss_rsae_sha384,    ssl_sig_rsa_pss_rsae_sha512,
     ssl_sig_rsa_pss_pss_sha256,     ssl_sig_rsa_pss_pss_sha384,
     ssl_sig_rsa_pss_pss_sha512};
 
+static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
+    ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
+    ssl_sig_rsa_pss_rsae_sha256,    ssl_sig_rsa_pss_rsae_sha384,
+    ssl_sig_rsa_pss_rsae_sha512,    ssl_sig_rsa_pss_pss_sha256,
+    ssl_sig_rsa_pss_pss_sha384,     ssl_sig_rsa_pss_pss_sha512};
+
 INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
                           kDummySignatureSchemesParams,
                           TLS_RSA_WITH_RC4_128_SHA,
                           TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
                           TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
                           TLS_ECDH_RSA_WITH_RC4_128_SHA,
                           TLS_ECDHE_RSA_WITH_RC4_128_SHA);
 INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V12, kDummyNamedGroupParams,
@@ -389,17 +389,17 @@ INSTANTIATE_CIPHER_TEST_P(
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
 #ifndef NSS_DISABLE_TLS_1_3
 INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
                           ::testing::ValuesIn(kFasterDHEGroups),
-                          ::testing::ValuesIn(kSignatureSchemesParamsArr),
+                          ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
                           TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
                           TLS_AES_256_GCM_SHA384);
 INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
                           ::testing::ValuesIn(kAllDHEGroups),
                           ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384),
                           TLS_AES_256_GCM_SHA384);
 #endif
 
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc
@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <cstdlib>
+#include <fstream>
+#include <sstream>
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+
+namespace nss_test {
+
+extern "C" {
+extern FILE* ssl_trace_iob;
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+extern FILE* ssl_keylog_iob;
+#endif
+}
+
+// These tests ensure that when the associated environment variables are unset
+// that the lazily-initialized defaults are what they are supposed to be.
+
+#ifdef DEBUG
+TEST_P(TlsConnectGeneric, DebugEnvTraceFileNotSet) {
+  char* ev = PR_GetEnvSecure("SSLDEBUGFILE");
+  if (ev && ev[0]) {
+    // note: should use GTEST_SKIP when GTest gets updated to support it
+    return;
+  }
+
+  Connect();
+  EXPECT_EQ(stderr, ssl_trace_iob);
+}
+#endif
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+TEST_P(TlsConnectGeneric, DebugEnvKeylogFileNotSet) {
+  char* ev = PR_GetEnvSecure("SSLKEYLOGFILE");
+  if (ev && ev[0]) {
+    // note: should use GTEST_SKIP when GTest gets updated to support it
+    return;
+  }
+
+  Connect();
+  EXPECT_EQ(nullptr, ssl_keylog_iob);
+}
+#endif
+
+}  // namespace nss_test
--- a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -431,24 +431,24 @@ TEST_P(TlsExtensionTest12Plus, Signature
 TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsOddLength) {
   const uint8_t val[] = {0x00, 0x01, 0x04};
   DataBuffer extension(val, sizeof(val));
   ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
       client_, ssl_signature_algorithms_xtn, extension));
 }
 
 TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
-  // 31 unknown signature algorithms followed by sha-256, rsa
+  // 31 unknown signature algorithms followed by sha-256, rsa-pss
   const uint8_t val[] = {
       0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04};
   DataBuffer extension(val, sizeof(val));
   MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn,
                                       extension);
   client_->ExpectSendAlert(kTlsAlertBadRecordMac);
   server_->ExpectSendAlert(kTlsAlertBadRecordMac);
   ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
   server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
--- a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
@@ -16,28 +16,28 @@
         'selfencrypt_unittest.cc',
         'ssl_0rtt_unittest.cc',
         'ssl_agent_unittest.cc',
         'ssl_auth_unittest.cc',
         'ssl_cert_ext_unittest.cc',
         'ssl_ciphersuite_unittest.cc',
         'ssl_custext_unittest.cc',
         'ssl_damage_unittest.cc',
+        'ssl_debug_env_unittest.cc',
         'ssl_dhe_unittest.cc',
         'ssl_drop_unittest.cc',
         'ssl_ecdh_unittest.cc',
         'ssl_ems_unittest.cc',
         'ssl_exporter_unittest.cc',
         'ssl_extension_unittest.cc',
         'ssl_fuzz_unittest.cc',
         'ssl_fragment_unittest.cc',
         'ssl_gather_unittest.cc',
         'ssl_gtest.cc',
         'ssl_hrr_unittest.cc',
-        'ssl_keylog_unittest.cc',
         'ssl_keyupdate_unittest.cc',
         'ssl_loopback_unittest.cc',
         'ssl_misc_unittest.cc',
         'ssl_primitive_unittest.cc',
         'ssl_record_unittest.cc',
         'ssl_recordsep_unittest.cc',
         'ssl_recordsize_unittest.cc',
         'ssl_resumption_unittest.cc',
@@ -88,16 +88,24 @@
             '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
           ],
         }],
         [ 'disable_dbm==0', {
           'dependencies': [
             '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
           ],
         }],
+        [ 'enable_sslkeylogfile==1', {
+          'sources': [
+            'ssl_keylog_unittest.cc',
+          ],
+          'defines': [
+            'NSS_ALLOW_SSLKEYLOGFILE',
+          ],
+        }],
       ],
     }
   ],
   'target_defaults': {
     'include_dirs': [
       '../../lib/ssl'
     ],
     'defines': [
--- a/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
@@ -1,39 +1,76 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifdef NSS_ALLOW_SSLKEYLOGFILE
-
 #include <cstdlib>
 #include <fstream>
 #include <sstream>
 
 #include "gtest_utils.h"
 #include "tls_connect.h"
 
 namespace nss_test {
 
-static const std::string keylog_file_path = "keylog.txt";
-static const std::string keylog_env = "SSLKEYLOGFILE=" + keylog_file_path;
+static const std::string kKeylogFilePath = "keylog.txt";
+static const std::string kKeylogBlankEnv = "SSLKEYLOGFILE=";
+static const std::string kKeylogSetEnv = kKeylogBlankEnv + kKeylogFilePath;
+
+extern "C" {
+extern FILE* ssl_keylog_iob;
+}
 
-class KeyLogFileTest : public TlsConnectGeneric {
+class KeyLogFileTestBase : public TlsConnectGeneric {
+ private:
+  std::string env_to_set_;
+
  public:
+  virtual void CheckKeyLog() = 0;
+
+  KeyLogFileTestBase(std::string env) : env_to_set_(env) {}
+
   void SetUp() override {
     TlsConnectGeneric::SetUp();
     // Remove previous results (if any).
-    (void)remove(keylog_file_path.c_str());
-    PR_SetEnv(keylog_env.c_str());
+    (void)remove(kKeylogFilePath.c_str());
+    PR_SetEnv(env_to_set_.c_str());
   }
 
-  void CheckKeyLog() {
-    std::ifstream f(keylog_file_path);
+  void ConnectAndCheck() {
+    // This is a child process, ensure that error messages immediately
+    // propagate or else it will not be visible.
+    ::testing::GTEST_FLAG(throw_on_failure) = true;
+
+    if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+      SetupForZeroRtt();
+      client_->Set0RttEnabled(true);
+      server_->Set0RttEnabled(true);
+      ExpectResumption(RESUME_TICKET);
+      ZeroRttSendReceive(true, true);
+      Handshake();
+      ExpectEarlyDataAccepted(true);
+      CheckConnected();
+      SendReceive();
+    } else {
+      Connect();
+    }
+    CheckKeyLog();
+    _exit(0);
+  }
+};
+
+class KeyLogFileTest : public KeyLogFileTestBase {
+ public:
+  KeyLogFileTest() : KeyLogFileTestBase(kKeylogSetEnv) {}
+
+  void CheckKeyLog() override {
+    std::ifstream f(kKeylogFilePath);
     std::map<std::string, size_t> labels;
     std::set<std::string> client_randoms;
     for (std::string line; std::getline(f, line);) {
       if (line[0] == '#') {
         continue;
       }
 
       std::istringstream iss(line);
@@ -60,38 +97,16 @@ class KeyLogFileTest : public TlsConnect
       ASSERT_EQ(2U, labels["EARLY_EXPORTER_SECRET"]);
       ASSERT_EQ(4U, labels["CLIENT_HANDSHAKE_TRAFFIC_SECRET"]);
       ASSERT_EQ(4U, labels["SERVER_HANDSHAKE_TRAFFIC_SECRET"]);
       ASSERT_EQ(4U, labels["CLIENT_TRAFFIC_SECRET_0"]);
       ASSERT_EQ(4U, labels["SERVER_TRAFFIC_SECRET_0"]);
       ASSERT_EQ(4U, labels["EXPORTER_SECRET"]);
     }
   }
-
-  void ConnectAndCheck() {
-    // This is a child process, ensure that error messages immediately
-    // propagate or else it will not be visible.
-    ::testing::GTEST_FLAG(throw_on_failure) = true;
-
-    if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
-      SetupForZeroRtt();
-      client_->Set0RttEnabled(true);
-      server_->Set0RttEnabled(true);
-      ExpectResumption(RESUME_TICKET);
-      ZeroRttSendReceive(true, true);
-      Handshake();
-      ExpectEarlyDataAccepted(true);
-      CheckConnected();
-      SendReceive();
-    } else {
-      Connect();
-    }
-    CheckKeyLog();
-    _exit(0);
-  }
 };
 
 // Tests are run in a separate process to ensure that NSS is not initialized yet
 // and can process the SSLKEYLOGFILE environment variable.
 
 TEST_P(KeyLogFileTest, KeyLogFile) {
   testing::GTEST_FLAG(death_test_style) = "threadsafe";
 
@@ -108,11 +123,42 @@ INSTANTIATE_TEST_CASE_P(
                        TlsConnectTestBase::kTlsV10ToV12));
 #ifndef NSS_DISABLE_TLS_1_3
 INSTANTIATE_TEST_CASE_P(
     KeyLogFileTLS13, KeyLogFileTest,
     ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
                        TlsConnectTestBase::kTlsV13));
 #endif
 
-}  // namespace nss_test
+class KeyLogFileUnsetTest : public KeyLogFileTestBase {
+ public:
+  KeyLogFileUnsetTest() : KeyLogFileTestBase(kKeylogBlankEnv) {}
+
+  void CheckKeyLog() override {
+    std::ifstream f(kKeylogFilePath);
+    EXPECT_FALSE(f.good());
+
+    EXPECT_EQ(nullptr, ssl_keylog_iob);
+  }
+};
+
+TEST_P(KeyLogFileUnsetTest, KeyLogFile) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
 
-#endif  // NSS_ALLOW_SSLKEYLOGFILE
+  ASSERT_EXIT(ConnectAndCheck(), ::testing::ExitedWithCode(0), "");
+}
+
+INSTANTIATE_TEST_CASE_P(
+    KeyLogFileDTLS12, KeyLogFileUnsetTest,
+    ::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
+                       TlsConnectTestBase::kTlsV11V12));
+INSTANTIATE_TEST_CASE_P(
+    KeyLogFileTLS12, KeyLogFileUnsetTest,
+    ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
+                       TlsConnectTestBase::kTlsV10ToV12));
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(
+    KeyLogFileTLS13, KeyLogFileUnsetTest,
+    ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
+                       TlsConnectTestBase::kTlsV13));
+#endif
+
+}  // namespace nss_test
--- a/security/nss/help.txt
+++ b/security/nss/help.txt
@@ -46,9 +46,11 @@ NSS build tool options:
                      --with-nspr=<include>:<lib> sets include and lib paths
     --system-nspr    attempt to use system nspr
                      shorthand for --with-nspr=/usr/include/nspr:
     --system-sqlite  use system sqlite
     --enable-fips    enable FIPS checks
     --enable-libpkix make libpkix part of the build
     --mozpkix-only   build only static mozpkix and mozpkix-test libraries
                      support for this build option is limited
+    --disable-keylog disable support for logging key data to a file specified
+                     by the SSLKEYLOGFILE environment variable
     -D<gyp-option>   pass an option directly to gyp
--- a/security/nss/lib/freebl/crypto_primitives.c
+++ b/security/nss/lib/freebl/crypto_primitives.c
@@ -17,17 +17,17 @@
 __inline__ PRUint64
 swap8b(PRUint64 value)
 {
     __asm__("bswapq %0"
             : "+r"(value));
     return (value);
 }
 
-#elif !defined(_MSC_VER) && !__has_builtin(__builtin_bswap64) && !((defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))))
+#elif defined(IS_LITTLE_ENDIAN) && !defined(_MSC_VER) && !__has_builtin(__builtin_bswap64) && !((defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))))
 
 PRUint64
 swap8b(PRUint64 x)
 {
     PRUint64 t1 = x;
     t1 = ((t1 & SHA_MASK8) << 8) | ((t1 >> 8) & SHA_MASK8);
     t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16);
     return (t1 >> 32) | (t1 << 32);
--- a/security/nss/lib/ssl/ssl.gyp
+++ b/security/nss/lib/ssl/ssl.gyp
@@ -69,16 +69,21 @@
             'UNSAFE_FUZZER_MODE',
           ],
         }],
         [ 'OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd" or OS=="linux"', {
           'cflags': [
             '-std=gnu99',
           ],
         }],
+        [ 'enable_sslkeylogfile==1', {
+          'defines': [
+            'NSS_ALLOW_SSLKEYLOGFILE',
+          ],
+        }],
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
       ],
     },
     {
       'target_name': 'ssl3',
       'type': 'shared_library',
@@ -88,17 +93,12 @@
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
       ],
       'variables': {
         'mapfile': 'ssl.def'
       }
     }
   ],
-  'target_defaults': {
-    'defines': [
-      'NSS_ALLOW_SSLKEYLOGFILE=1'
-    ]
-  },
   'variables': {
     'module': 'nss'
   }
 }
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -59,16 +59,17 @@ static SECStatus ssl3_HandleServerHelloP
 static SECStatus ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss,
                                                       PRUint8 *b,
                                                       PRUint32 length);
 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
 
 static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
 static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
 PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
+PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
 PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme);
 
 const PRUint8 ssl_hello_retry_random[] = {
     0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
     0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
     0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
     0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
 };
@@ -4096,16 +4097,19 @@ ssl_SignatureSchemeValid(SSLSignatureSch
     }
     if (!ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) {
         return PR_FALSE;
     }
     if (isTls13) {
         if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
             return PR_FALSE;
         }
+        if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
+            return PR_FALSE;
+        }
         /* With TLS 1.3, EC keys should have been selected based on calling
          * ssl_SignatureSchemeFromSpki(), reject them otherwise. */
         return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
     }
     return PR_TRUE;
 }
 
 static SECStatus
@@ -4346,16 +4350,32 @@ ssl_IsRsaPssSignatureScheme(SSLSignature
 
         default:
             return PR_FALSE;
     }
     return PR_FALSE;
 }
 
 PRBool
+ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
+{
+    switch (scheme) {
+        case ssl_sig_rsa_pkcs1_sha256:
+        case ssl_sig_rsa_pkcs1_sha384:
+        case ssl_sig_rsa_pkcs1_sha512:
+        case ssl_sig_rsa_pkcs1_sha1:
+            return PR_TRUE;
+
+        default:
+            return PR_FALSE;
+    }
+    return PR_FALSE;
+}
+
+PRBool
 ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme)
 {
     switch (scheme) {
         case ssl_sig_dsa_sha256:
         case ssl_sig_dsa_sha384:
         case ssl_sig_dsa_sha512:
         case ssl_sig_dsa_sha1:
             return PR_TRUE;
--- a/security/nss/lib/ssl/tls13con.c
+++ b/security/nss/lib/ssl/tls13con.c
@@ -4556,30 +4556,34 @@ tls13_ServerHandleFinished(sslSocket *ss
         }
     }
 
     rv = tls13_ComputeFinalSecrets(ss);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
+    rv = tls13_FinishHandshake(ss);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
     ssl_GetXmitBufLock(ss);
     if (ss->opt.enableSessionTickets) {
         rv = tls13_SendNewSessionTicket(ss, NULL, 0);
         if (rv != SECSuccess) {
             goto loser;
         }
         rv = ssl3_FlushHandshake(ss, 0);
         if (rv != SECSuccess) {
             goto loser;
         }
     }
     ssl_ReleaseXmitBufLock(ss);
-
-    return tls13_FinishHandshake(ss);
+    return SECSuccess;
 
 loser:
     ssl_ReleaseXmitBufLock(ss);
     return SECFailure;
 }
 
 static SECStatus
 tls13_FinishHandshake(sslSocket *ss)
--- a/security/nss/tests/ssl/sslauth.txt
+++ b/security/nss/tests/ssl/sslauth.txt
@@ -37,16 +37,17 @@
   noECC     0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
   noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-w_nss_-n_none     SSL3 Require client auth on 2nd hs (client does not provide auth)
   noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
   noECC     0       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
   noECC     0       -r_-r_-r_-E  -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs (client auth)
   noECC     0       -r_-r_-r_-r_-E  -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Require client auth on post hs (client auth)
   noECC     0       -r_-r_-r_-E  -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Request don't require client auth on post hs (client does not provide auth)
   noECC     1       -r_-r_-r_-r_-E  -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Require client auth on post hs (client does not provide auth)
+  noECC     0       -r_-r_-r_-E_-u  -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs with session ticket (client auth)
 #
 # Use EC cert for client authentication
 #
    ECC      0       -r           -V_ssl3:tls1.2_-w_bogus_-n_TestUser-ec     TLS Request don't require client auth (EC) (bad password)
    ECC      0       -r           -V_ssl3:tls1.2_-w_nss_-n_TestUser-ec       TLS Request don't require client auth (EC) (client auth)
    ECC     254      -r_-r        -V_ssl3:tls1.2_-w_bogus_-n_TestUser-ec     TLS Require client auth (EC) (bad password)
    ECC      0       -r_-r        -V_ssl3:tls1.2_-w_nss_-n_TestUser-ec_      TLS Require client auth (EC) (client auth)
    ECC      0       -r           -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth (EC) (bad password)