Bug 1296266 - Land NSS_3_27_BETA1, r=kaie
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Fri, 19 Aug 2016 11:20:21 +0200
changeset 310202 b671b4869b1096c40cc9202ecd297d68ed769aed
parent 310201 4d05a40172cadd1c34d051520f049ca7c6e2679b
child 310203 835eee39bb16b33dbdb26271be170c65f8df7761
push id20348
push userryanvm@gmail.com
push dateFri, 19 Aug 2016 13:56:01 +0000
treeherderfx-team@8dfc2fdb7ae3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskaie
bugs1296266
milestone51.0a1
Bug 1296266 - Land NSS_3_27_BETA1, r=kaie
old-configure.in
security/nss/.taskcluster.yml
security/nss/TAG-INFO
security/nss/automation/buildbot-slave/build.sh
security/nss/automation/buildbot-slave/startbuild.bat
security/nss/automation/release/nss-release-helper.py
security/nss/automation/taskcluster/decision_task.yml
security/nss/automation/taskcluster/docker-arm/Dockerfile
security/nss/automation/taskcluster/docker-arm/bin/checkout.sh
security/nss/automation/taskcluster/docker-arm/setup.sh
security/nss/automation/taskcluster/docker/bin/checkout.sh
security/nss/automation/taskcluster/docker/setup.sh
security/nss/automation/taskcluster/graph/arm/_build_base.yml
security/nss/automation/taskcluster/graph/arm/_test_base.yml
security/nss/automation/taskcluster/graph/arm/build32-debug.yml
security/nss/automation/taskcluster/graph/build.js
security/nss/automation/taskcluster/graph/linux/_build_base.yml
security/nss/automation/taskcluster/graph/linux/_test_base.yml
security/nss/automation/taskcluster/graph/linux/build32-debug.yml
security/nss/automation/taskcluster/graph/linux/build32-opt.yml
security/nss/automation/taskcluster/graph/linux/build64-asan.yml
security/nss/automation/taskcluster/graph/linux/build64-debug.yml
security/nss/automation/taskcluster/graph/linux/build64-lsan.yml
security/nss/automation/taskcluster/graph/linux/build64-opt.yml
security/nss/automation/taskcluster/graph/package.json
security/nss/automation/taskcluster/graph/tests/chains.yml
security/nss/automation/taskcluster/graph/tests/crmf.yml
security/nss/automation/taskcluster/graph/tests/fips.yml
security/nss/automation/taskcluster/graph/tests/memleak.yml
security/nss/automation/taskcluster/graph/tests/ssl.yml
security/nss/automation/taskcluster/graph/tools/_build_base.yml
security/nss/automation/taskcluster/graph/tools/clang-format.yml
security/nss/automation/taskcluster/graph/tools/scan-build.yml
security/nss/automation/taskcluster/graph/try_syntax.js
security/nss/automation/taskcluster/graph/windows/_build_base.yml
security/nss/automation/taskcluster/graph/windows/_test_base.yml
security/nss/automation/taskcluster/graph/windows/build64-debug.yml
security/nss/automation/taskcluster/graph/windows/build64-opt.yml
security/nss/automation/taskcluster/scripts/build.sh
security/nss/automation/taskcluster/scripts/extend_task_graph.sh
security/nss/automation/taskcluster/scripts/run_clang_format.sh
security/nss/automation/taskcluster/scripts/tools.sh
security/nss/automation/taskcluster/windows/build.sh
security/nss/automation/taskcluster/windows/releng.manifest
security/nss/automation/taskcluster/windows/setup.sh
security/nss/cmd/Makefile
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/certcgi/certcgi.c
security/nss/cmd/certutil/certutil.c
security/nss/cmd/ecperf/ecperf.c
security/nss/cmd/ectest/ectest.c
security/nss/cmd/httpserv/httpserv.c
security/nss/cmd/lib/basicutil.c
security/nss/cmd/libpkix/testutil/testutil.h
security/nss/cmd/manifest.mn
security/nss/cmd/modutil/install.c
security/nss/cmd/modutil/installparse.c
security/nss/cmd/multinit/multinit.c
security/nss/cmd/p7env/p7env.c
security/nss/cmd/pk11util/pk11util.c
security/nss/cmd/pk12util/pk12util.c
security/nss/cmd/selfserv/selfserv.c
security/nss/cmd/signtool/javascript.c
security/nss/cmd/signtool/sign.c
security/nss/cmd/signtool/verify.c
security/nss/cmd/signtool/zip.c
security/nss/cmd/signver/signver.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/coreconf/OS2.mk
security/nss/coreconf/WIN32.mk
security/nss/coreconf/arch.mk
security/nss/coreconf/command.mk
security/nss/coreconf/config.mk
security/nss/coreconf/coreconf.dep
security/nss/coreconf/rules.mk
security/nss/external_tests/.clang-format
security/nss/external_tests/common/scoped_ptrs.h
security/nss/external_tests/der_gtest/der_getint_unittest.cc
security/nss/external_tests/manifest.mn
security/nss/external_tests/nss_bogo_shim/Makefile
security/nss/external_tests/nss_bogo_shim/config.cc
security/nss/external_tests/nss_bogo_shim/config.h
security/nss/external_tests/nss_bogo_shim/config.json
security/nss/external_tests/nss_bogo_shim/manifest.mn
security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
security/nss/external_tests/nss_bogo_shim/nsskeys.cc
security/nss/external_tests/nss_bogo_shim/nsskeys.h
security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
security/nss/external_tests/ssl_gtest/Makefile
security/nss/external_tests/ssl_gtest/databuffer.h
security/nss/external_tests/ssl_gtest/libssl_internals.c
security/nss/external_tests/ssl_gtest/libssl_internals.h
security/nss/external_tests/ssl_gtest/manifest.mn
security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_damage_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_drop_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ems_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_gtest.cc
security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_record_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
security/nss/external_tests/ssl_gtest/test_io.cc
security/nss/external_tests/ssl_gtest/test_io.h
security/nss/external_tests/ssl_gtest/tls_agent.cc
security/nss/external_tests/ssl_gtest/tls_agent.h
security/nss/external_tests/ssl_gtest/tls_connect.cc
security/nss/external_tests/ssl_gtest/tls_connect.h
security/nss/external_tests/ssl_gtest/tls_filter.cc
security/nss/external_tests/ssl_gtest/tls_filter.h
security/nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc
security/nss/external_tests/ssl_gtest/tls_parser.cc
security/nss/external_tests/ssl_gtest/tls_parser.h
security/nss/external_tests/util_gtest/util_utf8_unittest.cc
security/nss/lib/base/base.h
security/nss/lib/base/list.c
security/nss/lib/base/nssbase.h
security/nss/lib/base/utf8.c
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/certdb.h
security/nss/lib/certdb/certi.h
security/nss/lib/certdb/certt.h
security/nss/lib/certdb/crl.c
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/secname.c
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/certdb/xbsconst.c
security/nss/lib/certhigh/certhigh.c
security/nss/lib/certhigh/certvfy.c
security/nss/lib/certhigh/ocsp.c
security/nss/lib/ckfw/instance.c
security/nss/lib/crmf/cmmfchal.c
security/nss/lib/crmf/cmmfresp.c
security/nss/lib/crmf/crmfcont.c
security/nss/lib/crmf/crmfget.c
security/nss/lib/crmf/crmfreq.c
security/nss/lib/crmf/respcmn.c
security/nss/lib/cryptohi/keythi.h
security/nss/lib/cryptohi/seckey.c
security/nss/lib/cryptohi/secsign.c
security/nss/lib/dbm/include/hash.h
security/nss/lib/dbm/include/ncompat.h
security/nss/lib/dbm/src/h_func.c
security/nss/lib/dbm/src/hash_buf.c
security/nss/lib/dbm/src/memmove.c
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/mpi/mpprime.c
security/nss/lib/nss/nss.h
security/nss/lib/softoken/fipsaudt.c
security/nss/lib/softoken/fipstest.c
security/nss/lib/softoken/fipstokn.c
security/nss/lib/softoken/jpakesftk.c
security/nss/lib/softoken/legacydb/cdbhdl.h
security/nss/lib/softoken/legacydb/dbmshim.c
security/nss/lib/softoken/legacydb/keydb.c
security/nss/lib/softoken/legacydb/keydbi.h
security/nss/lib/softoken/legacydb/lgattr.c
security/nss/lib/softoken/legacydb/lgcreate.c
security/nss/lib/softoken/legacydb/lgdb.h
security/nss/lib/softoken/legacydb/lgdestroy.c
security/nss/lib/softoken/legacydb/lgfind.c
security/nss/lib/softoken/legacydb/lgfips.c
security/nss/lib/softoken/legacydb/lginit.c
security/nss/lib/softoken/legacydb/lgutil.c
security/nss/lib/softoken/legacydb/lowcert.c
security/nss/lib/softoken/legacydb/lowkey.c
security/nss/lib/softoken/legacydb/lowkeyi.h
security/nss/lib/softoken/legacydb/lowkeyti.h
security/nss/lib/softoken/legacydb/manifest.mn
security/nss/lib/softoken/legacydb/nssdbm.def
security/nss/lib/softoken/legacydb/pcert.h
security/nss/lib/softoken/legacydb/pcertdb.c
security/nss/lib/softoken/legacydb/pcertt.h
security/nss/lib/softoken/legacydb/pk11db.c
security/nss/lib/softoken/lgglue.c
security/nss/lib/softoken/lgglue.h
security/nss/lib/softoken/lowkey.c
security/nss/lib/softoken/lowkeyi.h
security/nss/lib/softoken/lowkeyti.h
security/nss/lib/softoken/lowpbe.c
security/nss/lib/softoken/lowpbe.h
security/nss/lib/softoken/manifest.mn
security/nss/lib/softoken/padbuf.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/pkcs11i.h
security/nss/lib/softoken/pkcs11ni.h
security/nss/lib/softoken/pkcs11u.c
security/nss/lib/softoken/sdb.c
security/nss/lib/softoken/sdb.h
security/nss/lib/softoken/sftkdb.c
security/nss/lib/softoken/sftkdb.h
security/nss/lib/softoken/sftkdbt.h
security/nss/lib/softoken/sftkdbti.h
security/nss/lib/softoken/sftkhmac.c
security/nss/lib/softoken/sftkpars.c
security/nss/lib/softoken/sftkpars.h
security/nss/lib/softoken/sftkpwd.c
security/nss/lib/softoken/softkver.h
security/nss/lib/softoken/softoken.h
security/nss/lib/softoken/softokn.def
security/nss/lib/softoken/softoknt.h
security/nss/lib/softoken/tlsprf.c
security/nss/lib/ssl/SSLerrs.h
security/nss/lib/ssl/config.mk
security/nss/lib/ssl/dhe-param.c
security/nss/lib/ssl/ssl.def
security/nss/lib/ssl/ssl.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3ecc.c
security/nss/lib/ssl/ssl3ext.c
security/nss/lib/ssl/ssl3prot.h
security/nss/lib/ssl/sslauth.c
security/nss/lib/ssl/sslcert.c
security/nss/lib/ssl/sslcon.c
security/nss/lib/ssl/sslerr.h
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslsecur.c
security/nss/lib/ssl/sslsnce.c
security/nss/lib/ssl/sslsock.c
security/nss/lib/ssl/sslt.h
security/nss/lib/ssl/tls13con.c
security/nss/lib/ssl/tls13con.h
security/nss/lib/ssl/tls13hkdf.c
security/nss/lib/util/nssutil.h
security/nss/pkg/pkg-config/nss-config.in
security/nss/pkg/pkg-config/nss.pc.in
security/nss/tests/common/init.sh
security/nss/tests/ec/ecperf.sh
security/nss/tests/ec/ectest.sh
security/nss/tests/gtests/gtests.sh
security/nss/tests/ssl_gtests/ssl_gtests.sh
--- a/old-configure.in
+++ b/old-configure.in
@@ -2138,17 +2138,17 @@ dnl = If NSS was not detected in the sys
 dnl = use the one in the source tree (mozilla/security/nss)
 dnl ========================================================
 
 MOZ_ARG_WITH_BOOL(system-nss,
 [  --with-system-nss       Use system installed NSS],
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.26, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.27, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_SYSTEM_NSS"; then
    NSS_LIBS="$NSS_LIBS -lcrmf"
 else
    NSS_CFLAGS="-I${DIST}/include/nss"
 fi
 
deleted file mode 100644
--- a/security/nss/.taskcluster.yml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-version: 0
-metadata:
-  name: "NSS Continuous Integration"
-  description: "The Taskcluster task graph for the NSS tree"
-  owner: "mozilla-taskcluster-maintenance@mozilla.com"
-  source: {{{source}}}
-
-scopes:
-  # Note the below scopes are insecure however these get overriden on the server
-  # side to whatever scopes are set by mozilla-taskcluster.
-  - queue:*
-  - docker-worker:*
-  - scheduler:*
-
-# Available mustache parameters (see the mozilla-taskcluster source):
-#
-# - owner:          push user (email address)
-# - source:         URL of this YAML file
-# - url:            repository URL
-# - project:        alias for the destination repository (basename of
-#                   the repo url)
-# - level:          SCM level of the destination repository
-#                   (1 = try, 3 = core)
-# - revision:       (short) hg revision of the head of the push
-# - revision_hash:  (long) hg revision of the head of the push
-# - comment:        comment of the push
-# - pushlog_id:     id in the pushlog table of the repository
-#
-# and functions:
-# - as_slugid:      convert a label into a slugId
-# - from_now:       generate a timestamp at a fixed offset from now
-
-tasks:
-  - taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
-    reruns: 3
-    task:
-      created: '{{now}}'
-      deadline: '{{#from_now}}1 day{{/from_now}}'
-      expires: '{{#from_now}}14 days{{/from_now}}'
-
-      metadata:
-        owner: mozilla-taskcluster-maintenance@mozilla.com
-        source: {{{source}}}
-        name: "NSS Decision Task"
-        description: |
-            The task that creates all of the other tasks in the task graph
-
-      workerType: "hg-worker"
-      provisionerId: "aws-provisioner-v1"
-
-      tags:
-        createdForUser: {{owner}}
-
-      routes:
-        - "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
-        - "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
-
-      payload:
-        image: "ttaubert/nss-ci:0.0.17"
-
-        env:
-          TC_OWNER: {{owner}}
-          TC_SOURCE: {{{source}}}
-          TC_PROJECT: {{project}}
-          NSS_PUSHLOG_ID: '{{pushlog_id}}'
-          NSS_HEAD_REPOSITORY: '{{{url}}}'
-          NSS_HEAD_REVISION: '{{revision}}'
-
-        maxRunTime: 1800
-
-        command:
-          - bash
-          - -cx
-          - >
-            bin/checkout.sh &&
-            nss/automation/taskcluster/scripts/extend_task_graph.sh
-
-        artifacts:
-          public:
-            type: "directory"
-            path: "/home/worker/artifacts"
-            expires: "{{#from_now}}7 days{{/from_now}}"
-
-        graphs:
-          - /home/worker/artifacts/graph.json
-
-      extra:
-        treeherder:
-          symbol: D
-          build:
-            platform: nss-decision
-          machine:
-            platform: nss-decision
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_26_RTM
+NSS_3_27_BETA1
--- a/security/nss/automation/buildbot-slave/build.sh
+++ b/security/nss/automation/buildbot-slave/build.sh
@@ -194,26 +194,26 @@ test_nss()
 	cd ${HGDIR}/nss/tests/remote
 	print_log "$ make test_android"
 	make test_android 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
 	OUTPUTFILE=${HGDIR}/tests_results/security/*.1/output.log
     else
 	print_log "$ cd ${HGDIR}/nss/tests"
 	cd ${HGDIR}/nss/tests
 	print_log "$ ./all.sh"
-	./all.sh 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
+	./all.sh 2>&1 | tee ${LOG_TMP} | egrep ${GREP_BUFFER} ": #|^\[.{10}\] "
 	OUTPUTFILE=${LOG_TMP}
     fi
 
     cat ${LOG_TMP} >> ${LOG_ALL}
     tail -n2 ${HGDIR}/tests_results/security/*.1/results.html | grep END_OF_TEST >> ${LOG_ALL}
     RET=$?
 
     print_log "######## details of detected failures (if any) ########"
-    grep -B50 FAIL ${OUTPUTFILE}
+    grep -B50 FAILED ${OUTPUTFILE}
     [ $? -eq 1 ] || RET=1
 
     print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
     return ${RET}
 }
 
 test_jss()
 {
--- a/security/nss/automation/buildbot-slave/startbuild.bat
+++ b/security/nss/automation/buildbot-slave/startbuild.bat
@@ -1,12 +1,12 @@
 echo running > ..\buildbot-is-building
 
-echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
-"%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
+echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
+"%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
 
 if %errorlevel% neq 0 (
   set EXITCODE=1
 ) else (
   set EXITCODE=0
 )
 
 del ..\buildbot-is-building
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/release/nss-release-helper.py
@@ -0,0 +1,250 @@
+#!/usr/bin/python
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import os
+import sys
+import datetime
+import shutil
+import glob
+from optparse import OptionParser
+from subprocess import check_call
+
+nssutil_h = "lib/util/nssutil.h"
+softkver_h = "lib/softoken/softkver.h"
+nss_h = "lib/nss/nss.h"
+nssckbi_h = "lib/ckfw/builtins/nssckbi.h"
+
+def check_call_noisy(cmd, *args, **kwargs):
+    print "Executing command:", cmd
+    check_call(cmd, *args, **kwargs)
+
+o = OptionParser(usage="client.py [options] remove_beta | set_beta | print_library_versions | print_root_ca_version | set_root_ca_version | set_version_to_minor_release | set_version_to_patch_release | set_release_candidate_number | set_4_digit_release_number | create_nss_release_archive")
+
+try:
+    options, args = o.parse_args()
+    action = args[0]
+except IndexError:
+    o.print_help()
+    sys.exit(2)
+
+def exit_with_failure(what):
+    print "failure: ", what
+    sys.exit(2)
+
+def check_files_exist():
+    if (not os.path.exists(nssutil_h) or not os.path.exists(softkver_h)
+        or not os.path.exists(nss_h) or not os.path.exists(nssckbi_h)):
+        exit_with_failure("cannot find expected header files, must run from inside NSS hg directory")
+
+def sed_inplace(sed_expression, filename):
+    backup_file = filename + '.tmp'
+    check_call_noisy(["sed", "-i.tmp", sed_expression, filename])
+    os.remove(backup_file)
+
+def toggle_beta_status(is_beta):
+    check_files_exist()
+    if (is_beta):
+        print "adding Beta status to version numbers"
+        sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\)\" *$/\\1 Beta\"/', nssutil_h)
+        sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nssutil_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *$/\\1 \" Beta"/', softkver_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_FALSE *$/\\1PR_TRUE/', softkver_h)
+        sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *$/\\1 \" Beta"/', nss_h)
+        sed_inplace('s/^\(#define *NSS_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nss_h)
+    else:
+        print "removing Beta status from version numbers"
+        sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\) *Beta\" *$/\\1\"/', nssutil_h)
+        sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nssutil_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *\" *Beta\" *$/\\1/', softkver_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_TRUE *$/\\1PR_FALSE/', softkver_h)
+        sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *\" *Beta\" *$/\\1/', nss_h)
+        sed_inplace('s/^\(#define *NSS_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nss_h)
+    print "please run 'hg stat' and 'hg diff' to verify the files have been verified correctly"
+
+def print_beta_versions():
+    check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define *NSSUTIL_BETA", nssutil_h])
+    check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define *SOFTOKEN_BETA", softkver_h])
+    check_call_noisy(["egrep", "#define *NSS_VERSION|#define *NSS_BETA", nss_h])
+
+def remove_beta_status():
+    print "--- removing beta flags. Existing versions were:"
+    print_beta_versions()
+    toggle_beta_status(False)
+    print "--- finished modifications, new versions are:"
+    print_beta_versions()
+
+def set_beta_status():
+    print "--- adding beta flags. Existing versions were:"
+    print_beta_versions()
+    toggle_beta_status(True)
+    print "--- finished modifications, new versions are:"
+    print_beta_versions()
+
+def print_library_versions():
+    check_files_exist()
+    check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define NSSUTIL_VMAJOR|#define *NSSUTIL_VMINOR|#define *NSSUTIL_VPATCH|#define *NSSUTIL_VBUILD|#define *NSSUTIL_BETA", nssutil_h])
+    check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define SOFTOKEN_VMAJOR|#define *SOFTOKEN_VMINOR|#define *SOFTOKEN_VPATCH|#define *SOFTOKEN_VBUILD|#define *SOFTOKEN_BETA", softkver_h])
+    check_call_noisy(["egrep", "#define *NSS_VERSION|#define NSS_VMAJOR|#define *NSS_VMINOR|#define *NSS_VPATCH|#define *NSS_VBUILD|#define *NSS_BETA", nss_h])
+
+def print_root_ca_version():
+    check_files_exist()
+    check_call_noisy(["grep", "define *NSS_BUILTINS_LIBRARY_VERSION", nssckbi_h])
+
+
+def ensure_arguments_after_action(how_many, usage):
+    if (len(sys.argv) != (2+how_many)):
+        exit_with_failure("incorrect number of arguments, expected parameters are:\n" + usage)
+
+def set_major_versions(major):
+    sed_inplace('s/^\(#define *NSSUTIL_VMAJOR *\).*$/\\1' + major + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VMAJOR *\).*$/\\1' + major + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VMAJOR *\).*$/\\1' + major + '/', nss_h)
+
+def set_minor_versions(minor):
+    sed_inplace('s/^\(#define *NSSUTIL_VMINOR *\).*$/\\1' + minor + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VMINOR *\).*$/\\1' + minor + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VMINOR *\).*$/\\1' + minor + '/', nss_h)
+
+def set_patch_versions(patch):
+    sed_inplace('s/^\(#define *NSSUTIL_VPATCH *\).*$/\\1' + patch + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VPATCH *\).*$/\\1' + patch + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VPATCH *\).*$/\\1' + patch + '/', nss_h)
+
+def set_build_versions(build):
+    sed_inplace('s/^\(#define *NSSUTIL_VBUILD *\).*$/\\1' + build + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VBUILD *\).*$/\\1' + build + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VBUILD *\).*$/\\1' + build + '/', nss_h)
+
+def set_full_lib_versions(version):
+    sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nss_h)
+
+def set_root_ca_version():
+    ensure_arguments_after_action(2, "major_version  minor_version")
+    major = args[1].strip()
+    minor = args[2].strip()
+    version = major + '.' + minor
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION *\"\).*$/\\1' + version + '/', nssckbi_h)
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MAJOR *\).*$/\\1' + major + '/', nssckbi_h)
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MINOR *\).*$/\\1' + minor + '/', nssckbi_h)
+
+def set_all_lib_versions(version, major, minor, patch, build):
+    set_full_lib_versions(version)
+    set_major_versions(major)
+    set_minor_versions(minor)
+    set_patch_versions(patch)
+    set_build_versions(build)
+
+def set_version_to_minor_release():
+    ensure_arguments_after_action(2, "major_version  minor_version")
+    major = args[1].strip()
+    minor = args[2].strip()
+    version = major + '.' + minor
+    patch = "0"
+    build = "0"
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def set_version_to_patch_release():
+    ensure_arguments_after_action(3, "major_version  minor_version  patch_release")
+    major = args[1].strip()
+    minor = args[2].strip()
+    patch = args[3].strip()
+    version = major + '.' + minor + '.' + patch
+    build = "0"
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def set_release_candidate_number():
+    ensure_arguments_after_action(1, "release_candidate_number")
+    build = args[1].strip()
+    set_build_versions(build)
+
+def set_4_digit_release_number():
+    ensure_arguments_after_action(4, "major_version  minor_version  patch_release  4th_digit_release_number")
+    major = args[1].strip()
+    minor = args[2].strip()
+    patch = args[3].strip()
+    build = args[4].strip()
+    version = major + '.' + minor + '.' + patch + '.' + build
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def create_nss_release_archive():
+    ensure_arguments_after_action(4, "nss_release_version  nss_hg_release_tag  nspr_release_version  path_to_stage_directory")
+    nssrel = args[1].strip() #e.g. 3.19.3
+    nssreltag = args[2].strip() #e.g. NSS_3_19_3_RTM
+    nsprrel = args[3].strip() #e.g. 4.10.8
+    stagedir = args[4].strip() #e.g. ../stage
+
+    nspr_tar = "nspr-" + nsprrel + ".tar.gz"
+    nsprtar_with_path= stagedir + "/v" + nsprrel + "/src/" + nspr_tar
+    if (not os.path.exists(nsprtar_with_path)):
+        exit_with_failure("cannot find nspr archive at expected location " + nsprtar_with_path)
+
+    nss_stagedir= stagedir + "/" + nssreltag + "/src"
+    if (os.path.exists(nss_stagedir)):
+        exit_with_failure("nss stage directory already exists: " + nss_stagedir)
+
+    nss_tar = "nss-" + nssrel + ".tar.gz"
+
+    check_call_noisy(["mkdir", "-p", nss_stagedir])
+    check_call_noisy(["hg", "archive", "-r", nssreltag, "--prefix=nss-" + nssrel + "/nss",
+                      stagedir + "/" + nssreltag + "/src/" + nss_tar, "-X", ".hgtags"])
+    check_call_noisy(["tar", "-xz", "-C", nss_stagedir, "-f", nsprtar_with_path])
+    print "changing to directory " + nss_stagedir
+    os.chdir(nss_stagedir)
+    check_call_noisy(["tar", "-xz", "-f", nss_tar])
+    check_call_noisy(["mv", "-i", "nspr-" + nsprrel + "/nspr", "nss-" + nssrel + "/"])
+    check_call_noisy(["rmdir", "nspr-" + nsprrel])
+
+    nss_nspr_tar = "nss-" + nssrel + "-with-nspr-" + nsprrel + ".tar.gz"
+
+    check_call_noisy(["tar", "-cz", "--remove-files", "-f", nss_nspr_tar, "nss-" + nssrel])
+    check_call("sha1sum " + nss_tar + " " + nss_nspr_tar + " > SHA1SUMS", shell=True)
+    check_call("sha256sum " + nss_tar + " " + nss_nspr_tar + " > SHA256SUMS", shell=True)
+    print "created directory " + nss_stagedir + " with files:"
+    check_call_noisy(["ls", "-l"])
+
+if action in ('remove_beta'):
+    remove_beta_status()
+
+elif action in ('set_beta'):
+    set_beta_status()
+
+elif action in ('print_library_versions'):
+    print_library_versions()
+
+elif action in ('print_root_ca_version'):
+    print_root_ca_version()
+
+elif action in ('set_root_ca_version'):
+    set_root_ca_version()
+
+# x.y version number - 2 parameters
+elif action in ('set_version_to_minor_release'):
+    set_version_to_minor_release()
+
+# x.y.z version number - 3 parameters
+elif action in ('set_version_to_patch_release'):
+    set_version_to_patch_release()
+
+# change the release candidate number, usually increased by one,
+# usually if previous release candiate had a bug
+# 1 parameter
+elif action in ('set_release_candidate_number'):
+    set_release_candidate_number()
+
+# use the build/release candiate number in the identifying version number
+# 4 parameters
+elif action in ('set_4_digit_release_number'):
+    set_4_digit_release_number()
+
+elif action in ('create_nss_release_archive'):
+    create_nss_release_archive()
+
+else:
+    o.print_help()
+    sys.exit(2)
+
+sys.exit(0)
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/decision_task.yml
@@ -0,0 +1,96 @@
+---
+version: 0
+metadata:
+  name: "NSS Continuous Integration"
+  description: "The Taskcluster task graph for the NSS tree"
+  owner: "mozilla-taskcluster-maintenance@mozilla.com"
+  source: {{{source}}}
+
+scopes:
+  # Note the below scopes are insecure however these get overriden on the server
+  # side to whatever scopes are set by mozilla-taskcluster.
+  - queue:*
+  - docker-worker:*
+  - scheduler:*
+
+# Available mustache parameters (see the mozilla-taskcluster source):
+#
+# - owner:          push user (email address)
+# - source:         URL of this YAML file
+# - url:            repository URL
+# - project:        alias for the destination repository (basename of
+#                   the repo url)
+# - level:          SCM level of the destination repository
+#                   (1 = try, 3 = core)
+# - revision:       (short) hg revision of the head of the push
+# - revision_hash:  (long) hg revision of the head of the push
+# - comment:        comment of the push
+# - pushlog_id:     id in the pushlog table of the repository
+#
+# and functions:
+# - as_slugid:      convert a label into a slugId
+# - from_now:       generate a timestamp at a fixed offset from now
+
+tasks:
+  - taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
+    reruns: 3
+    task:
+      created: '{{now}}'
+      deadline: '{{#from_now}}1 day{{/from_now}}'
+      expires: '{{#from_now}}14 days{{/from_now}}'
+
+      metadata:
+        owner: mozilla-taskcluster-maintenance@mozilla.com
+        source: {{{source}}}
+        name: "NSS Decision Task"
+        description: |
+            The task that creates all of the other tasks in the task graph
+
+      workerType: "hg-worker"
+      provisionerId: "aws-provisioner-v1"
+
+      tags:
+        createdForUser: {{owner}}
+
+      routes:
+        - "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
+        - "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
+
+      payload:
+        image: "ttaubert/nss-ci:0.0.22"
+
+        env:
+          TC_OWNER: {{owner}}
+          TC_SOURCE: {{{source}}}
+          TC_PROJECT: {{project}}
+          TC_COMMENT: '{{comment}}'
+          TC_IMAGE: "ttaubert/nss-ci:0.0.22"
+          NSS_PUSHLOG_ID: '{{pushlog_id}}'
+          NSS_HEAD_REPOSITORY: '{{{url}}}'
+          NSS_HEAD_REVISION: '{{revision}}'
+
+        maxRunTime: 1800
+
+        command:
+          - bash
+          - -cx
+          - >
+            bin/checkout.sh &&
+            nss/automation/taskcluster/scripts/extend_task_graph.sh
+
+        artifacts:
+          public:
+            type: "directory"
+            path: "/home/worker/artifacts"
+            expires: "{{#from_now}}7 days{{/from_now}}"
+
+        graphs:
+          - /home/worker/artifacts/graph.json
+
+      extra:
+        treeherder:
+          symbol: D
+          build:
+            platform: nss-decision
+          machine:
+            platform: nss-decision
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-arm/Dockerfile
@@ -0,0 +1,27 @@
+FROM armv7/armhf-ubuntu:16.04
+MAINTAINER Tim Taubert <ttaubert@mozilla.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Add build and test scripts.
+ADD bin /home/worker/bin
+RUN chmod +x /home/worker/bin/*
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
new file mode 100755
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-arm/bin/checkout.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
new file mode 100755
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-arm/setup.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+export DEBIAN_FRONTEND=noninteractive
+
+# Update.
+apt-get -y update
+apt-get -y dist-upgrade
+
+apt_packages=()
+apt_packages+=('build-essential')
+apt_packages+=('ca-certificates')
+apt_packages+=('curl')
+apt_packages+=('python-dev')
+apt_packages+=('python-pip')
+apt_packages+=('python-setuptools')
+apt_packages+=('zlib1g-dev')
+
+# Install packages.
+apt-get install -y --no-install-recommends ${apt_packages[@]}
+
+# Latest Mercurial.
+pip install --upgrade pip
+pip install Mercurial
+
+# Compiler options.
+update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 30
+update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 30
+
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+rm $0
--- a/security/nss/automation/taskcluster/docker/bin/checkout.sh
+++ b/security/nss/automation/taskcluster/docker/bin/checkout.sh
@@ -7,9 +7,14 @@ if [ $(id -u) = 0 ]; then
     exec su worker $0
 fi
 
 # Default values for testing.
 REVISION=${NSS_HEAD_REVISION:-default}
 REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
 
 # Clone NSS.
-hg clone -r $REVISION $REPOSITORY nss
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
--- a/security/nss/automation/taskcluster/docker/setup.sh
+++ b/security/nss/automation/taskcluster/docker/setup.sh
@@ -1,46 +1,48 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
+# Update packages.
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y update && apt-get -y upgrade
+
+# Need this to add keys for PPAs below.
+apt-get install -y --no-install-recommends apt-utils
+
 apt_packages=()
 apt_packages+=('build-essential')
 apt_packages+=('ca-certificates')
 apt_packages+=('curl')
-apt_packages+=('mercurial')
 apt_packages+=('npm')
 apt_packages+=('git')
-apt_packages+=('valgrind')
+apt_packages+=('ninja-build')
+apt_packages+=('pkg-config')
 apt_packages+=('zlib1g-dev')
 
 # 32-bit builds
 apt_packages+=('lib32z1-dev')
 apt_packages+=('gcc-multilib')
 apt_packages+=('g++-multilib')
 
-# Install prerequisites.
-apt-get -y update
-export DEBIAN_FRONTEND=noninteractive
-apt-get install -y --no-install-recommends curl apt-utils
+# Latest Mercurial.
+apt_packages+=('mercurial')
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
+echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
 
-# Install the first round of packages.
-apt-get -y update
-apt-get install -y --no-install-recommends ${apt_packages[@]}
-
-# gcc 6
-apt_packages=()
+# gcc 4.8 and 6
 apt_packages+=('g++-6')
 apt_packages+=('g++-4.8')
 apt_packages+=('g++-6-multilib')
 apt_packages+=('g++-4.8-multilib')
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 60C317803A41BA51845E371A1E9377A2BA9EF27F
 echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu xenial main" > /etc/apt/sources.list.d/toolchain.list
 
-# Install the second round of packages.
+# Install packages.
 apt-get -y update
 apt-get install -y --no-install-recommends ${apt_packages[@]}
 
 # 32-bit builds
 ln -s /usr/include/x86_64-linux-gnu/zconf.h /usr/include
 
 # Install clang-3.8 into /usr/local/.
 curl http://llvm.org/releases/3.8.0/clang+llvm-3.8.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz | tar xJv -C /usr/local --strip-components=1
@@ -53,16 +55,14 @@ update-alternatives --install /usr/bin/g
 update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-6 20
 update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-6 20
 update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 30
 update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 30
 
 locale-gen en_US.UTF-8
 dpkg-reconfigure locales
 
-# Install required Node modules.
-su -c "npm install flatmap js-yaml merge slugid" worker
-
 # Cleanup.
 rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
 apt-get clean
 apt-get autoclean
 rm $0
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/arm/_build_base.yml
@@ -0,0 +1,40 @@
+---
+reruns: 2
+
+task:
+  created: !from_now 0
+  deadline: !from_now 24
+  provisionerId: localprovisioner
+  workerType: nss-rpi
+  schedulerId: task-graph-scheduler
+
+  metadata:
+    owner: !env TC_OWNER
+    source: !env TC_SOURCE
+
+  payload:
+    maxRunTime: 7200
+    image: ttaubert/nss-rpi-ci:0.0.3
+
+    artifacts:
+      public:
+        type: directory
+        path: /home/worker/artifacts
+        expires: !from_now 24
+
+    command:
+      - "/bin/bash"
+      - "-c"
+      - "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
+
+    env:
+      NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
+      NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
+      GCC_VERSION: gcc-5
+      GXX_VERSION: g++-5
+
+  extra:
+    treeherder:
+      tier: 3 # hide jobs by default
+      jobKind: build
+      symbol: B
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/arm/_test_base.yml
@@ -0,0 +1,27 @@
+---
+reruns: 2
+
+task:
+  created: !from_now 0
+  deadline: !from_now 24
+  provisionerId: localprovisioner
+  workerType: nss-rpi
+  schedulerId: task-graph-scheduler
+
+  metadata:
+    owner: !env TC_OWNER
+    source: !env TC_SOURCE
+
+  payload:
+    maxRunTime: 7200
+    image: ttaubert/nss-rpi-ci:0.0.3
+
+    command:
+      - "/bin/bash"
+      - "-c"
+      - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+
+  extra:
+    treeherder:
+      tier: 3 # hide jobs by default
+      jobKind: test
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/arm/build32-debug.yml
@@ -0,0 +1,29 @@
+---
+- task:
+    metadata:
+      name: "Linux 32 (ARM, debug)"
+      description: "Linux 32 (ARM, debug)"
+
+    extra:
+      treeherder:
+        build:
+          platform: linux32
+        machine:
+          platform: linux32
+        collection:
+          arm-debug: true
+
+  tests:
+    - chains
+    - cipher
+    - crmf
+    - db
+    - ec
+    - fips
+    - gtests
+    - lowhash
+    - merge
+    - sdr
+    - smime
+    - ssl
+    - tools
--- a/security/nss/automation/taskcluster/graph/build.js
+++ b/security/nss/automation/taskcluster/graph/build.js
@@ -3,23 +3,24 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 var fs = require("fs");
 var path = require("path");
 var merge = require("merge");
 var yaml = require("js-yaml");
 var slugid = require("slugid");
 var flatmap = require("flatmap");
+var try_syntax = require("./try_syntax");
 
 // Default values for debugging.
 var TC_OWNER = process.env.TC_OWNER || "{{tc_owner}}";
 var TC_SOURCE = process.env.TC_SOURCE || "{{tc_source}}";
 var TC_PROJECT = process.env.TC_PROJECT || "{{tc_project}}";
+var TC_COMMENT = process.env.TC_COMMENT || "{{tc_comment}}";
 var NSS_PUSHLOG_ID = process.env.NSS_PUSHLOG_ID || "{{nss_pushlog_id}}";
-var NSS_HEAD_REPOSITORY = process.env.NSS_HEAD_REPOSITORY || "{{nss_head_repo}}";
 var NSS_HEAD_REVISION = process.env.NSS_HEAD_REVISION || "{{nss_head_rev}}";
 
 // Register custom YAML types.
 var YAML_SCHEMA = yaml.Schema.create([
   // Point in time at $now + x hours.
   new yaml.Type('!from_now', {
     kind: "scalar",
 
@@ -38,17 +39,17 @@ var YAML_SCHEMA = yaml.Schema.create([
   new yaml.Type('!env', {
     kind: "scalar",
 
     resolve: function (data) {
       return true;
     },
 
     construct: function (data) {
-      return process.env[data];
+      return process.env[data] || "{{" + data.toLowerCase() + "}}";
     }
   })
 ]);
 
 // Parse a given YAML file.
 function parseYamlFile(file, fallback) {
   // Return fallback if the file doesn't exist.
   if (!fs.existsSync(file) && fallback) {
@@ -165,13 +166,18 @@ function generatePlatformTasks(platform)
 
       return tasks;
     }
   });
 }
 
 // Construct the task graph.
 var graph = {
-  tasks: flatmap(["linux", "windows", "tools"], generatePlatformTasks)
+  tasks: flatmap(["linux", "windows", "arm", "tools"], generatePlatformTasks)
 };
 
+// Filter tasks when try syntax is given.
+if (TC_PROJECT == "nss-try") {
+  graph.tasks = try_syntax.filterTasks(graph.tasks, TC_COMMENT);
+}
+
 // Output the final graph.
 process.stdout.write(JSON.stringify(graph, null, 2));
--- a/security/nss/automation/taskcluster/graph/linux/_build_base.yml
+++ b/security/nss/automation/taskcluster/graph/linux/_build_base.yml
@@ -9,17 +9,17 @@ task:
   schedulerId: task-graph-scheduler
 
   metadata:
     owner: !env TC_OWNER
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
-    image: ttaubert/nss-ci:0.0.17
+    image: !env TC_IMAGE
 
     artifacts:
       public:
         type: directory
         path: /home/worker/artifacts
         expires: !from_now 24
 
     command:
@@ -30,9 +30,10 @@ task:
     env:
       NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
       NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
       GCC_VERSION: gcc-5
       GXX_VERSION: g++-5
 
   extra:
     treeherder:
+      jobKind: build
       symbol: B
--- a/security/nss/automation/taskcluster/graph/linux/_test_base.yml
+++ b/security/nss/automation/taskcluster/graph/linux/_test_base.yml
@@ -9,14 +9,18 @@ task:
   schedulerId: task-graph-scheduler
 
   metadata:
     owner: !env TC_OWNER
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
-    image: ttaubert/nss-ci:0.0.17
+    image: !env TC_IMAGE
 
     command:
       - "/bin/bash"
       - "-c"
       - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+
+  extra:
+    treeherder:
+      jobKind: test
--- a/security/nss/automation/taskcluster/graph/linux/build32-debug.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build32-debug.yml
@@ -1,18 +1,14 @@
 ---
 - task:
     metadata:
       name: "Linux 32 (debug)"
       description: "Linux 32 (debug)"
 
-    payload:
-      env:
-        NSS_ENABLE_TLS_1_3: 1
-
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
         collection:
           debug: true
@@ -29,39 +25,21 @@
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 32 (debug, no TLS 1.3)"
-      description: "Linux 32 (debug, no TLS 1.3)"
-
-    extra:
-      treeherder:
-        build:
-          platform: linux32
-        machine:
-          platform: linux32
-        collection:
-          debug: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 32 (debug, clang-3.8)"
       description: "Linux 32 (debug, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
@@ -74,17 +52,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (debug, gcc-4.8)"
       description: "Linux 32 (debug, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
@@ -97,17 +74,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (debug, gcc-6.1)"
       description: "Linux 32 (debug, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
@@ -121,17 +97,16 @@
 - task:
     metadata:
       name: "Linux 32 (debug, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 32 (debug, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
         collection:
--- a/security/nss/automation/taskcluster/graph/linux/build32-opt.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build32-opt.yml
@@ -1,17 +1,16 @@
 ---
 - task:
     metadata:
       name: "Linux 32 (opt)"
       description: "Linux 32 (opt)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
@@ -30,43 +29,21 @@
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 32 (opt, no TLS 1.3)"
-      description: "Linux 32 (opt, no TLS 1.3)"
-
-    payload:
-      env:
-        BUILD_OPT: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux32
-        machine:
-          platform: linux32
-        collection:
-          opt: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 32 (opt, clang-3.8)"
       description: "Linux 32 (opt, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
@@ -80,17 +57,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (opt, gcc-4.8)"
       description: "Linux 32 (opt, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
@@ -104,17 +80,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (opt, gcc-6.1)"
       description: "Linux 32 (opt, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
@@ -129,17 +104,16 @@
 - task:
     metadata:
       name: "Linux 32 (opt, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 32 (opt, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
--- a/security/nss/automation/taskcluster/graph/linux/build64-asan.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build64-asan.yml
@@ -3,17 +3,18 @@
     metadata:
       name: "Linux 64 (ASan, debug)"
       description: "Linux 64 (ASan, debug)"
 
     payload:
       env:
         GCC_VERSION: clang
         GXX_VERSION: clang++
-        NSS_ENABLE_TLS_1_3: 1
+        NSS_DISABLE_ARENA_FREE_LIST: 1
+        NSS_DISABLE_UNLOAD: 1
         USE_ASAN: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
--- a/security/nss/automation/taskcluster/graph/linux/build64-debug.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build64-debug.yml
@@ -1,17 +1,16 @@
 ---
 - task:
     metadata:
       name: "Linux 64 (debug)"
       description: "Linux 64 (debug)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
           platform: linux64
@@ -22,52 +21,29 @@
     - chains
     - cipher
     - crmf
     - db
     - ec
     - fips
     - gtests
     - lowhash
-    - memleak
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 64 (debug, no TLS 1.3)"
-      description: "Linux 64 (debug, no TLS 1.3)"
-
-    payload:
-      env:
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux64
-        machine:
-          platform: linux64
-        collection:
-          debug: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 64 (debug, clang-3.8)"
       description: "Linux 64 (debug, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
@@ -81,17 +57,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (debug, gcc-4.8)"
       description: "Linux 64 (debug, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
@@ -105,17 +80,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (debug, gcc-6.1)"
       description: "Linux 64 (debug, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
@@ -130,17 +104,16 @@
 - task:
     metadata:
       name: "Linux 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
           platform: linux64
@@ -152,17 +125,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (debug, NSS_DISABLE_LIBPKIX=1)"
       description: "Linux 64 (debug, NSS_DISABLE_LIBPKIX=1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         NSS_DISABLE_LIBPKIX: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
deleted file mode 100644
--- a/security/nss/automation/taskcluster/graph/linux/build64-lsan.yml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-- task:
-    metadata:
-      name: "Linux 64 (LSan, debug)"
-      description: "Linux 64 (LSan, debug)"
-
-    payload:
-      env:
-        GCC_VERSION: clang
-        GXX_VERSION: clang++
-        NSS_DISABLE_ARENA_FREE_LIST: 1
-        NSS_DISABLE_UNLOAD: 1
-        NSS_ENABLE_TLS_1_3: 1
-        NSS_ENABLE_LSAN: 1
-        USE_ASAN: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux64
-        machine:
-          platform: linux64
-        collection:
-          lsan: true
-
-  tests:
-    - chains
-    - cipher
-    - db
-    - ec
-    - gtests
-    - lowhash
-    - merge
-    - sdr
-    - smime
-    - ssl
-    - tools
--- a/security/nss/automation/taskcluster/graph/linux/build64-opt.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build64-opt.yml
@@ -1,17 +1,16 @@
 ---
 - task:
     metadata:
       name: "Linux 64 (opt)"
       description: "Linux 64 (opt)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
@@ -31,44 +30,21 @@
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 64 (opt, no TLS 1.3)"
-      description: "Linux 64 (opt, no TLS 1.3)"
-
-    payload:
-      env:
-        BUILD_OPT: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux64
-        machine:
-          platform: linux64
-        collection:
-          opt: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 64 (opt, clang-3.8)"
       description: "Linux 64 (opt, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
@@ -83,17 +59,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (opt, gcc-4.8)"
       description: "Linux 64 (opt, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
@@ -108,17 +83,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (opt, gcc-6.1)"
       description: "Linux 64 (opt, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
@@ -134,17 +108,16 @@
 - task:
     metadata:
       name: "Linux 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "decision-task",
+  "version": "0.0.1",
+  "private": true,
+  "author": "Tim Taubert <ttaubert@mozilla.com>",
+  "description": "Decision Task for NSS",
+  "dependencies": {
+    "flatmap": "0.0.3",
+    "intersect": "^1.0.1",
+    "js-yaml": "^3.6.1",
+    "merge": "^1.2.0",
+    "minimist": "^1.2.0",
+    "slugid": "^1.1.0"
+  }
+}
--- a/security/nss/automation/taskcluster/graph/tests/chains.yml
+++ b/security/nss/automation/taskcluster/graph/tests/chains.yml
@@ -1,13 +1,14 @@
 ---
 - task:
     metadata:
       name: Chains tests
       description: Chains tests
 
     payload:
+      maxRunTime: 14400
       env:
         NSS_TESTS: chains
 
     extra:
       treeherder:
         symbol: Chains
--- a/security/nss/automation/taskcluster/graph/tests/crmf.yml
+++ b/security/nss/automation/taskcluster/graph/tests/crmf.yml
@@ -1,13 +1,14 @@
 ---
 - task:
     metadata:
       name: CRMF tests
       description: CRMF tests
 
     payload:
       env:
+        ASAN_OPTIONS: detect_leaks=0
         NSS_TESTS: crmf
 
     extra:
       treeherder:
         symbol: CRMF
--- a/security/nss/automation/taskcluster/graph/tests/fips.yml
+++ b/security/nss/automation/taskcluster/graph/tests/fips.yml
@@ -1,13 +1,14 @@
 ---
 - task:
     metadata:
       name: FIPS tests
       description: FIPS tests
 
     payload:
       env:
+        ASAN_OPTIONS: detect_leaks=0
         NSS_TESTS: fips
 
     extra:
       treeherder:
         symbol: FIPS
deleted file mode 100644
--- a/security/nss/automation/taskcluster/graph/tests/memleak.yml
+++ /dev/null
@@ -1,228 +0,0 @@
----
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, standard)"
-      description: "MemLeak tests (ssl_server, standard)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: standard
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: standard
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, pkix)"
-      description: "MemLeak tests (ssl_server, pkix)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: pkix
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: pkix
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, sharedb)"
-      description: "MemLeak tests (ssl_server, sharedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: sharedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: sharedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, upgradedb)"
-      description: "MemLeak tests (ssl_server, upgradedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: upgradedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: upgradedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, standard)"
-      description: "MemLeak tests (ssl_client, standard)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_CYCLES: standard
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: standard
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, pkix)"
-      description: "MemLeak tests (ssl_client, pkix)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_TESTS: memleak
-        NSS_CYCLES: pkix
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: pkix
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, sharedb)"
-      description: "MemLeak tests (ssl_client, sharedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_CYCLES: sharedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: sharedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, upgradedb)"
-      description: "MemLeak tests (ssl_client, upgradedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_CYCLES: upgradedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: upgradedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, standard)"
-      description: "MemLeak tests (chains, standard)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_CYCLES: standard
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: standard
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, pkix)"
-      description: "MemLeak tests (chains, pkix)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_TESTS: memleak
-        NSS_CYCLES: pkix
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: pkix
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, sharedb)"
-      description: "MemLeak tests (chains, sharedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_CYCLES: sharedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: sharedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, upgradedb)"
-      description: "MemLeak tests (chains, upgradedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_CYCLES: upgradedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: upgradedb
-        collection:
-          memleak: true
--- a/security/nss/automation/taskcluster/graph/tests/ssl.yml
+++ b/security/nss/automation/taskcluster/graph/tests/ssl.yml
@@ -1,16 +1,16 @@
 ---
 - task:
     metadata:
       name: "SSL tests (standard)"
       description: "SSL tests (standard)"
 
     payload:
-      maxRunTime: 7200
+      maxRunTime: 14400
       env:
         NSS_CYCLES: standard
         NSS_TESTS: ssl
 
     extra:
       treeherder:
         symbol: standard
         groupSymbol: SSL
--- a/security/nss/automation/taskcluster/graph/tools/_build_base.yml
+++ b/security/nss/automation/taskcluster/graph/tools/_build_base.yml
@@ -9,20 +9,21 @@ task:
   schedulerId: task-graph-scheduler
 
   metadata:
     owner: !env TC_OWNER
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
-    image: ttaubert/nss-ci:0.0.17
+    image: !env TC_IMAGE
 
     env:
       NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
       NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
 
   extra:
     treeherder:
       build:
         platform: nss-tools
       machine:
         platform: nss-tools
+      jobKind: test
--- a/security/nss/automation/taskcluster/graph/tools/clang-format.yml
+++ b/security/nss/automation/taskcluster/graph/tools/clang-format.yml
@@ -3,13 +3,13 @@
     metadata:
       name: clang-format-3.8
       description: clang-format-3.8
 
     payload:
       command:
         - "/bin/bash"
         - "-c"
-        - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh nss/lib/ssl"
+        - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh"
 
     extra:
       treeherder:
         symbol: clang-format-3.8
--- a/security/nss/automation/taskcluster/graph/tools/scan-build.yml
+++ b/security/nss/automation/taskcluster/graph/tools/scan-build.yml
@@ -14,14 +14,13 @@
       command:
         - "/bin/bash"
         - "-c"
         - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_scan_build.sh"
 
       env:
         GCC_VERSION: clang
         GXX_VERSION: clang++
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         symbol: scan-build-3.8
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/try_syntax.js
@@ -0,0 +1,143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var intersect = require("intersect");
+var parse_args = require("minimist");
+
+function parseOptions(opts) {
+  opts = parse_args(opts.split(/\s+/), {
+    default: {build: "do", platform: "all", unittests: "none", tools: "none"},
+    alias: {b: "build", p: "platform", u: "unittests", t: "tools", e: "extra-builds"},
+    string: ["build", "platform", "unittests", "tools", "extra-builds"]
+  });
+
+  // Parse build types (d=debug, o=opt).
+  var builds = intersect(opts.build.split(""), ["d", "o"]);
+
+  // If the given value is nonsense default to debug and opt builds.
+  if (builds.length == 0) {
+    builds = ["d", "o"];
+  }
+
+  // Parse platforms.
+  var allPlatforms = ["linux", "linux64", "linux64-asan", "win64", "arm"];
+  var platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
+
+  // If the given value is nonsense or "none" default to all platforms.
+  if (platforms.length == 0 && opts.platform != "none") {
+    platforms = allPlatforms;
+  }
+
+  // Parse unit tests.
+  var allUnitTests = ["crmf", "chains", "cipher", "db", "ec", "fips", "gtest",
+                      "lowhash", "merge", "sdr", "smime", "tools", "ssl"];
+  var unittests = intersect(opts.unittests.split(/\s*,\s*/), allUnitTests);
+
+  // If the given value is "all" run all tests.
+  // If it's nonsense then don't run any tests.
+  if (opts.unittests == "all") {
+    unittests = allUnitTests;
+  } else if (unittests.length == 0) {
+    unittests = [];
+  }
+
+  // Parse tools.
+  var allTools = ["clang-format", "scan-build"];
+  var tools = intersect(opts.tools.split(/\s*,\s*/), allTools);
+
+  // If the given value is "all" run all tools.
+  // If it's nonsense then don't run any tools.
+  if (opts.tools == "all") {
+    tools = allTools;
+  } else if (tools.length == 0) {
+    tools = [];
+  }
+
+  return {
+    builds: builds,
+    platforms: platforms,
+    unittests: unittests,
+    extra: (opts.e == "all"),
+    tools: tools
+  };
+}
+
+function filterTasks(tasks, comment) {
+  // Check for try syntax in changeset comment.
+  var match = comment.match(/^\s*try:\s*(.*)\s*$/);
+  if (!match) {
+    return tasks;
+  }
+
+  var opts = parseOptions(match[1]);
+
+  return tasks.filter(function (task) {
+    var env = task.task.payload.env || {};
+    var th = task.task.extra.treeherder;
+    var machine = th.machine.platform;
+    var coll = th.collection || {};
+    var found;
+
+    // Filter tools. We can immediately return here as those
+    // are not affected by platform or build type selectors.
+    if (machine == "nss-tools") {
+      return opts.tools.some(function (tool) {
+        var symbol = th.symbol.toLowerCase();
+        return symbol.startsWith(tool);
+      });
+    }
+
+    // Filter unit tests.
+    if (env.NSS_TESTS && env.TC_PARENT_TASK_ID) {
+      found = opts.unittests.some(function (test) {
+        var symbol = (th.groupSymbol || th.symbol).toLowerCase();
+        return symbol.startsWith(test);
+      });
+
+      if (!found) {
+        return false;
+      }
+    }
+
+    // Filter extra builds.
+    if (th.groupSymbol == "Builds" && !opts.extra) {
+      return false;
+    }
+
+    // Filter by platform.
+    found = opts.platforms.some(function (platform) {
+      var aliases = {
+        "linux": "linux32",
+        "linux64-asan": "linux64",
+        "win64": "windows2012-64",
+        "arm": "linux32"
+      };
+
+      // Check the platform name.
+      var keep = machine == (aliases[platform] || platform);
+
+      // Additional checks.
+      if (platform == "linux64-asan") {
+        keep &= coll.asan;
+      } else if (platform == "arm") {
+        keep &= (coll["arm-opt"] || coll["arm-debug"]);
+      } else {
+        keep &= (coll.opt || coll.debug);
+      }
+
+      return keep;
+    });
+
+    if (!found) {
+      return false;
+    }
+
+    // Finally, filter by build type.
+    var isDebug = coll.debug || coll.asan || coll["arm-debug"];
+    return (isDebug && opts.builds.indexOf("d") > -1) ||
+           (!isDebug && opts.builds.indexOf("o") > -1);
+  });
+}
+
+module.exports.filterTasks = filterTasks;
--- a/security/nss/automation/taskcluster/graph/windows/_build_base.yml
+++ b/security/nss/automation/taskcluster/graph/windows/_build_base.yml
@@ -16,21 +16,22 @@ task:
     maxRunTime: 3600
 
     artifacts:
       - type: directory
         path: "public\\build"
         expires: !from_now 24
 
     command:
-      - "hg clone -r %NSS_HEAD_REVISION% %NSS_HEAD_REPOSITORY% nss"
+      - "bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || (sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || (sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\""
       - "bash -c nss/automation/taskcluster/windows/build.sh"
 
     env:
       PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;c:\\mozilla-build\\python\\Scripts;c:\\mozilla-build\\yasm;c:\\mozilla-build\\msys\\bin;c:\\Windows\\system32;c:\\mozilla-build\\upx391w;c:\\mozilla-build\\moztools-x64\\bin;c:\\mozilla-build\\wget"
       NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
       NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
       DOMSUF: localdomain
       HOST: localhost
 
   extra:
     treeherder:
+      jobKind: build
       symbol: B
--- a/security/nss/automation/taskcluster/graph/windows/_test_base.yml
+++ b/security/nss/automation/taskcluster/graph/windows/_test_base.yml
@@ -13,8 +13,12 @@ task:
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
 
     command:
       - "hg clone -r %NSS_HEAD_REVISION% %NSS_HEAD_REPOSITORY% nss"
       - "bash -c nss/automation/taskcluster/windows/run_tests.sh"
+
+  extra:
+    treeherder:
+      jobKind: test
--- a/security/nss/automation/taskcluster/graph/windows/build64-debug.yml
+++ b/security/nss/automation/taskcluster/graph/windows/build64-debug.yml
@@ -1,71 +1,50 @@
 ---
 - task:
     metadata:
       name: "Windows 2012 64 (debug)"
       description: "Windows 2012 64 (debug)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: windows2012-64
-        machine:
-          platform: windows2012-64
-        collection:
-          debug: true
-
-  tests:
-    - cipher
-    - crmf
-    - db
-    - ec
-    - fips
-    - gtests
-    - lowhash
-    - merge
-    - sdr
-    - smime
-    - tools
-
-- task:
-    metadata:
-      name: "Windows 2012 64 (debug, no TLS 1.3)"
-      description: "Windows 2012 64 (debug, no TLS 1.3)"
-
-    payload:
-      env:
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
           platform: windows2012-64
         collection:
           debug: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
+
+  tests:
+    - chains
+    - cipher
+    - crmf
+    - db
+    - ec
+    - fips
+    - gtests
+    - lowhash
+    - merge
+    - sdr
+    - smime
+    - ssl
+    - tools
 
 - task:
     metadata:
       name: "Windows 2012 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
       description: "Windows 2012 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
           platform: windows2012-64
--- a/security/nss/automation/taskcluster/graph/windows/build64-opt.yml
+++ b/security/nss/automation/taskcluster/graph/windows/build64-opt.yml
@@ -1,73 +1,51 @@
 ---
 - task:
     metadata:
       name: "Windows 2012 64 (opt)"
       description: "Windows 2012 64 (opt)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
-        BUILD_OPT: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: windows2012-64
-        machine:
-          platform: windows2012-64
-        collection:
-          opt: true
-
-  tests:
-    - cipher
-    - crmf
-    - db
-    - ec
-    - fips
-    - gtests
-    - lowhash
-    - merge
-    - sdr
-    - smime
-    - tools
-
-- task:
-    metadata:
-      name: "Windows 2012 64 (opt, no TLS 1.3)"
-      description: "Windows 2012 64 (opt, no TLS 1.3)"
-
-    payload:
-      env:
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
           platform: windows2012-64
         collection:
           opt: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
+
+  tests:
+    - chains
+    - cipher
+    - crmf
+    - db
+    - ec
+    - fips
+    - gtests
+    - lowhash
+    - merge
+    - sdr
+    - smime
+    - ssl
+    - tools
 
 - task:
     metadata:
       name: "Windows 2012 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
       description: "Windows 2012 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
--- a/security/nss/automation/taskcluster/scripts/build.sh
+++ b/security/nss/automation/taskcluster/scripts/build.sh
@@ -1,29 +1,27 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-if [ $(id -u) = 0 ]; then
-    source $(dirname $0)/tools.sh
+source $(dirname $0)/tools.sh
 
+if [[ $(id -u) -eq 0 ]]; then
     # Set compiler.
     switch_compilers
 
     # Drop privileges by re-running this script.
     exec su worker $0
 fi
 
 # Clone NSPR if needed.
-if [ ! -d "nspr" ]; then
-    hg clone https://hg.mozilla.org/projects/nspr
-fi
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
 
 # Build.
-cd nss && make nss_build_all && cd ..
+make -C nss nss_build_all
 
 # Generate certificates.
 NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" $(dirname $0)/run_tests.sh
 
 # Reset test counter so that test runs pick up our certificates.
 echo 1 > tests_results/security/localhost
 
 # Package.
--- a/security/nss/automation/taskcluster/scripts/extend_task_graph.sh
+++ b/security/nss/automation/taskcluster/scripts/extend_task_graph.sh
@@ -4,10 +4,13 @@ set -v -e -x
 
 if [ $(id -u) = 0 ]; then
     # Drop privileges by re-running this script.
     exec su worker $0
 fi
 
 mkdir -p /home/worker/artifacts
 
+# Install Node.JS dependencies.
+cd nss/automation/taskcluster/graph/ && npm install
+
 # Build the task graph definition.
-nodejs nss/automation/taskcluster/graph/build.js > /home/worker/artifacts/graph.json
+nodejs build.js > /home/worker/artifacts/graph.json
--- a/security/nss/automation/taskcluster/scripts/run_clang_format.sh
+++ b/security/nss/automation/taskcluster/scripts/run_clang_format.sh
@@ -1,21 +1,57 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-if [ $(id -u) = 0 ]; then
+if [ $(id -u) -eq 0 ]; then
     # Drop privileges by re-running this script.
-    exec su worker $0 $@
+    exec su worker $0 "$@"
 fi
 
 # Apply clang-format 3.8 on the provided folder and verify that this doesn't change any file.
 # If any file differs after formatting, the script eventually exits with 1.
 # Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
 
+# Includes a default set of directories.
+
+apply=false
+if [ $1 = "--apply" ]; then
+    apply=true
+    shift
+fi
+
+if [ $# -gt 0 ]; then
+    dirs=("$@")
+else
+    top=$(dirname $0)/../../..
+    dirs=( \
+         "$top/cmd" \
+         "$top/lib/base" \
+         "$top/lib/certdb" \
+         "$top/lib/certhigh" \
+         "$top/lib/ckfw" \
+         "$top/lib/crmf" \
+         "$top/lib/cryptohi" \
+         "$top/lib/dbm" \
+         "$top/lib/dev" \
+         "$top/lib/softoken" \
+         "$top/lib/ssl" \
+         "$top/external_tests/common" \
+         "$top/external_tests/der_gtest" \
+         "$top/external_tests/pk11_gtest" \
+         "$top/external_tests/ssl_gtest" \
+         "$top/external_tests/util_gtest" \
+    )
+fi
+
 STATUS=0
-for i in $(find $1 -type f -name '*.[ch]' -print); do
-    if ! clang-format $i | diff -Naur $i -; then
-        echo "Sorry, $i is not formatted properly. Please use clang-format 3.8 on your patch before landing."
-        STATUS=1
-    fi
+for dir in "${dirs[@]}"; do
+    for i in $(find "$dir" -type f \( -name '*.[ch]' -o -name '*.cc' \) -print); do
+        if $apply; then
+            clang-format -i "$i"
+        elif ! clang-format "$i" | diff -Naur "$i" -; then
+            echo "Sorry, $i is not formatted properly. Please use clang-format 3.8 on your patch before landing."
+            STATUS=1
+        fi
+    done
 done
 exit $STATUS
--- a/security/nss/automation/taskcluster/scripts/tools.sh
+++ b/security/nss/automation/taskcluster/scripts/tools.sh
@@ -9,8 +9,21 @@ switch_compilers() {
     if [ -e "$GCC" ] && [ -e "$GXX" ]; then
         update-alternatives --set gcc $GCC
         update-alternatives --set g++ $GXX
     else
         echo "Unknown compiler $GCC_VERSION/$GXX_VERSION."
         exit 1
     fi
 }
+
+# Usage: hg_clone repo dir [revision=@]
+hg_clone() {
+    repo=$1
+    dir=$2
+    rev=${3:-@}
+    for i in 0 2 5; do
+        sleep $i
+        hg clone -r "$rev" "$repo" "$dir" && return
+        rm -rf "$dir"
+    done
+    exit 1
+}
--- a/security/nss/automation/taskcluster/windows/build.sh
+++ b/security/nss/automation/taskcluster/windows/build.sh
@@ -1,21 +1,21 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
 # Set up the toolchain.
 source $(dirname $0)/setup.sh
 
 # Clone NSPR.
-hg clone https://hg.mozilla.org/projects/nspr
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
 
 # Build.
-cd nss && make nss_build_all
+make -C nss nss_build_all
 
 # Generate certificates.
-cd tests && NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" ./all.sh
+NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" nss/tests/all.sh
 
 # Reset test counter so that test runs pick up our certificates.
-cd ../../ && echo 1 > tests_results/security/localhost
+echo 1 > tests_results/security/localhost
 
 # Package.
 7z a public/build/dist.7z dist tests_results
--- a/security/nss/automation/taskcluster/windows/releng.manifest
+++ b/security/nss/automation/taskcluster/windows/releng.manifest
@@ -1,10 +1,10 @@
 [
   {
     "version": "Visual Studio 2015 Update 2 / SDK 10.0.10586.0/212",
-    "size": 332343834,
-    "digest": "55814aaabcd4aa51fe85918ec02a8c29bc067d41ee79ddcfd628daaba5a06d4241a73a51bf5a8bc69cc762b52551009f44b05e65682c45b4684c17fb2d017c2c",
+    "size": 332442800,
+    "digest": "995394a4a515c7cb0f8595f26f5395361a638870dd0bbfcc22193fe1d98a0c47126057d5999cc494f3f3eac5cb49160e79757c468f83ee5797298e286ef6252c",
     "algorithm": "sha512",
     "filename": "vs2015u2.zip",
     "unpack": true
   }
 ]
--- a/security/nss/automation/taskcluster/windows/setup.sh
+++ b/security/nss/automation/taskcluster/windows/setup.sh
@@ -1,17 +1,30 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-hg clone https://hg.mozilla.org/build/tools
+# Usage: hg_clone repo dir [revision=@]
+hg_clone() {
+    repo=$1
+    dir=$2
+    rev=${3:-@}
+    for i in 0 2 5; do
+        sleep $i
+        hg clone -r "$rev" "$repo" "$dir" && return
+        rm -rf "$dir"
+    done
+    exit 1
+}
+
+hg_clone https://hg.mozilla.org/build/tools tools default
 
 tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://api.pub.build.mozilla.org/tooltool/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache
 VSPATH="$(pwd)/vs2015u2"
 
 export WINDOWSSDKDIR="${VSPATH}/SDK"
 export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
 export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
 
-export PATH="${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${VSPATH}/DIASDK/bin/amd64:${PATH}"
+export PATH="${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
 
-export INCLUDE="${VSPATH}/VC/include:${VSPATH}/VC/atlmfc/include:${VSPATH}/SDK/Include/ucrt:${VSPATH}/SDK/Include/shared:${VSPATH}/SDK/Include/um:${VSPATH}/SDK/Include/winrt:${VSPATH}/DIASDK/include"
-export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/VC/atlmfc/lib/amd64:${VSPATH}/SDK/lib/ucrt/x64:${VSPATH}/SDK/lib/um/x64:${VSPATH}/DIASDK/lib/amd64"
+export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.10586.0/ucrt:${VSPATH}/SDK/Include/10.0.10586.0/shared:${VSPATH}/SDK/Include/10.0.10586.0/um"
+export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.10586.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.10586.0/um/x64"
--- a/security/nss/cmd/Makefile
+++ b/security/nss/cmd/Makefile
@@ -11,20 +11,24 @@ include manifest.mn
 include $(CORE_DEPTH)/coreconf/config.mk
 
 ifdef BUILD_LIBPKIX_TESTS
 DIRS += libpkix
 endif
 
 ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
 BLTEST_SRCDIR =
+ECPERF_SRCDIR =
+ECTEST_SRCDIR =
 FIPSTEST_SRCDIR =
 SHLIBSIGN_SRCDIR =
 else
 BLTEST_SRCDIR = bltest
+ECPERF_SRCDIR = ecperf
+ECTEST_SRCDIR = ectest
 FIPSTEST_SRCDIR = fipstest
 SHLIBSIGN_SRCDIR = shlibsign
 endif
 
 LOWHASHTEST_SRCDIR=
 ifeq ($(FREEBL_LOWHASH),1)
 LOWHASHTEST_SRCDIR = lowhashtest  # Add the lowhashtest directory to DIRS.
 endif
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -1231,31 +1231,29 @@ seed_Decrypt(void *cx, unsigned char *ou
 
 SECStatus
 rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey;
     SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
     if (rv == SECSuccess) {
-        output->len = pubKey->modulus.data[0] ? pubKey->modulus.len :
-                                              pubKey->modulus.len - 1;
+        output->len = pubKey->modulus.data[0] ? pubKey->modulus.len : pubKey->modulus.len - 1;
     }
     return rv;
 }
 
 SECStatus
 rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     RSAPrivateKey *privKey = (RSAPrivateKey *)params->privKey;
     SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data);
     if (rv == SECSuccess) {
-        output->len = privKey->modulus.data[0] ? privKey->modulus.len :
-                                               privKey->modulus.len - 1;
+        output->len = privKey->modulus.data[0] ? privKey->modulus.len : privKey->modulus.len - 1;
     }
     return rv;
 }
 
 SECStatus
 rsa_signDigestPSS(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
@@ -2844,18 +2842,17 @@ print_td:
 #ifndef NSS_DISABLE_ECC
         case bltestECDSA:
             if (td) {
                 fprintf(stdout, "%12s", "ec_curve");
             } else {
                 ECPrivateKey *key = (ECPrivateKey *)info->params.asymk.privKey;
                 ECCurveName curveName = key->ecParams.name;
                 fprintf(stdout, "%12s",
-                        ecCurve_map[curveName] ? ecCurve_map[curveName]->text :
-                                               "Unsupported curve");
+                        ecCurve_map[curveName] ? ecCurve_map[curveName]->text : "Unsupported curve");
             }
             break;
 #endif
         case bltestMD2:
         case bltestMD5:
         case bltestSHA1:
         case bltestSHA256:
         case bltestSHA384:
@@ -3156,17 +3153,17 @@ verify_self_test(bltestIO *result, bltes
         }
     }
     return equal ? SECSuccess : SECFailure;
 }
 
 static SECStatus
 ReadFileToItem(PLArenaPool *arena, SECItem *dst, const char *filename)
 {
-    SECItem tmp = {siBuffer, NULL, 0};
+    SECItem tmp = { siBuffer, NULL, 0 };
     PRFileDesc *file;
     SECStatus rv;
 
     file = PR_Open(filename, PR_RDONLY, 00660);
     if (!file) {
         return SECFailure;
     }
     rv = SECU_FileToItem(&tmp, file);
--- a/security/nss/cmd/certcgi/certcgi.c
+++ b/security/nss/cmd/certcgi/certcgi.c
@@ -878,18 +878,17 @@ AddAuthKeyID(void *extHandle,
         }
         rv = CERT_CopyName(arena, &genNames->name.directoryName,
                            directoryName);
         CERT_DestroyName(directoryName);
         if (rv != SECSuccess) {
             error_out("ERROR: Unable to copy Directory Name");
         }
         authKeyID->authCertIssuer = genNames;
-        if (authKeyID->authCertIssuer == NULL && SECFailure ==
-                                                     PORT_GetError()) {
+        if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) {
             error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
         }
         authKeyID->authCertSerialNumber = issuerCert->serialNumber;
     }
     rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE,
                                     SEC_OID_X509_AUTH_KEY_ID,
                                     (EXTEN_VALUE_ENCODER)
                                         CERT_EncodeAuthKeyID);
@@ -2030,26 +2029,26 @@ main(int argc, char **argv)
     int n;
     int i;
     int serial;
     int chainLen;
     int which_key;
     char *pos;
 #ifdef OFFLINE
     char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7"
-        "SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2"
-        "jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iyd"
-        "zPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0"
-        "GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXc"
-        "sAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQ"
-        "ikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZ"
-        "aOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%"
-        "26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dt"
-        "rue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoi"
-        "ceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
+                        "SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2"
+                        "jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iyd"
+                        "zPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0"
+                        "GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXc"
+                        "sAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQ"
+                        "ikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZ"
+                        "aOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%"
+                        "26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dt"
+                        "rue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoi"
+                        "ceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
 #else
     char *form_output;
 #endif
     char *issuerNameStr;
     char *certName;
     char *DBdir = DB_DIRECTORY;
     char *prefixs[10] = { "CA#1-", "CA#2-", "CA#3-",
                           "CA#4-", "CA#5-", "CA#6-",
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -179,48 +179,55 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHa
     return rv;
 }
 
 static SECStatus
 CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
         SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii,
         const char *emailAddrs, const char *dnsNames,
         certutilExtnList extnList, const char *extGeneric,
-        /*out*/ SECItem *result)
+        PRBool pssCertificate, /*out*/ SECItem *result)
 {
     CERTSubjectPublicKeyInfo *spki;
     CERTCertificateRequest *cr;
     SECItem *encoding;
     SECOidTag signAlgTag;
     SECStatus rv;
     PLArenaPool *arena;
     void *extHandle;
     SECItem signedReq = { siBuffer, NULL, 0 };
 
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
     /* Create info about public key */
     spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
     if (!spki) {
         SECU_PrintError(progName, "unable to create subject public key");
         return SECFailure;
     }
 
+    /* Change cert type to RSA-PSS, if desired. */
+    if (pssCertificate) {
+        spki->algorithm.parameters.data = NULL;
+        rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE, 0);
+    }
+
     /* Generate certificate request */
     cr = CERT_CreateCertificateRequest(subject, spki, NULL);
     SECKEY_DestroySubjectPublicKeyInfo(spki);
     if (!cr) {
         SECU_PrintError(progName, "unable to make certificate request");
         return SECFailure;
     }
 
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-        SECU_PrintError(progName, "out of memory");
-        return SECFailure;
-    }
-
     extHandle = CERT_StartCertificateRequestAttributes(cr);
     if (extHandle == NULL) {
         PORT_FreeArena(arena, PR_FALSE);
         CERT_DestroyCertificateRequest(cr);
         return SECFailure;
     }
     if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) !=
         SECSuccess) {
@@ -2349,16 +2356,17 @@ enum certutilOpts {
     opt_KeyOpFlagsOff,
     opt_KeyAttrFlags,
     opt_EmptyPassword,
     opt_CertVersion,
     opt_AddSubjectAltNameExt,
     opt_DumpExtensionValue,
     opt_GenericExtensions,
     opt_NewNickname,
+    opt_Pss,
     opt_Help
 };
 
 static const secuCommandFlag commands_init[] =
     {
       { /* cmd_AddCert             */ 'A', PR_FALSE, 0, PR_FALSE },
       { /* cmd_CreateNewCert       */ 'C', PR_FALSE, 0, PR_FALSE },
       { /* cmd_DeleteCert          */ 'D', PR_FALSE, 0, PR_FALSE },
@@ -2467,16 +2475,18 @@ static const secuCommandFlag options_ini
         "certVersion" },
       { /* opt_AddSubjectAltExt    */ 0, PR_TRUE, 0, PR_FALSE, "extSAN" },
       { /* opt_DumpExtensionValue  */ 0, PR_TRUE, 0, PR_FALSE,
         "dump-ext-val" },
       { /* opt_GenericExtensions   */ 0, PR_TRUE, 0, PR_FALSE,
         "extGeneric" },
       { /* opt_NewNickname         */ 0, PR_TRUE, 0, PR_FALSE,
         "new-n" },
+      { /* opt_Pss                 */ 0, PR_FALSE, 0, PR_FALSE,
+        "pss" },
     };
 #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
 
 static secuCommandFlag certutil_commands[NUM_COMMANDS];
 static secuCommandFlag certutil_options[NUM_OPTIONS];
 
 static const secuCommand certutil = {
     NUM_COMMANDS,
@@ -3317,16 +3327,32 @@ certutil_main(int argc, char **argv, PRB
 
         /*  If all that was needed was keygen, exit.  */
         if (certutil.commands[cmd_GenKeyPair].activated) {
             rv = SECSuccess;
             goto shutdown;
         }
     }
 
+    if (certutil.options[opt_Pss].activated) {
+        if (!certutil.commands[cmd_CertReq].activated &&
+            !certutil.commands[cmd_CreateAndAddCert].activated) {
+            PR_fprintf(PR_STDERR,
+                       "%s -%c: --pss only works with -R or -S.\n",
+                       progName, commandToRun);
+            return 255;
+        }
+        if (keytype != rsaKey) {
+            PR_fprintf(PR_STDERR,
+                       "%s -%c: --pss only works with RSA keys.\n",
+                       progName, commandToRun);
+            return 255;
+        }
+    }
+
     /* If we need a list of extensions convert the flags into list format */
     if (certutil.commands[cmd_CertReq].activated ||
         certutil.commands[cmd_CreateAndAddCert].activated ||
         certutil.commands[cmd_CreateNewCert].activated) {
         certutil_extns[ext_keyUsage].activated =
             certutil.options[opt_AddCmdKeyUsageExt].activated;
         if (!certutil_extns[ext_keyUsage].activated) {
             certutil_extns[ext_keyUsage].activated =
@@ -3404,19 +3430,19 @@ certutil_main(int argc, char **argv, PRB
     /*  Make a cert request (-R).  */
     if (certutil.commands[cmd_CertReq].activated) {
         rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
                      certutil.options[opt_PhoneNumber].arg,
                      certutil.options[opt_ASCIIForIO].activated,
                      certutil.options[opt_ExtendedEmailAddrs].arg,
                      certutil.options[opt_ExtendedDNSNames].arg,
                      certutil_extns,
-                     (certutil.options[opt_GenericExtensions].activated ?
-                                                                        certutil.options[opt_GenericExtensions].arg
+                     (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
                                                                         : NULL),
+                     certutil.options[opt_Pss].activated,
                      &certReqDER);
         if (rv)
             goto shutdown;
         privkey->wincx = &pwdata;
     }
 
     /*
      *  Certificate creation
@@ -3429,19 +3455,19 @@ certutil_main(int argc, char **argv, PRB
     if (certutil.commands[cmd_CreateAndAddCert].activated) {
         static certutilExtnList nullextnlist = { { PR_FALSE, NULL } };
         rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
                      certutil.options[opt_PhoneNumber].arg,
                      PR_FALSE, /* do not BASE64-encode regardless of -a option */
                      NULL,
                      NULL,
                      nullextnlist,
-                     (certutil.options[opt_GenericExtensions].activated ?
-                                                                        certutil.options[opt_GenericExtensions].arg
+                     (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
                                                                         : NULL),
+                     certutil.options[opt_Pss].activated,
                      &certReqDER);
         if (rv)
             goto shutdown;
         privkey->wincx = &pwdata;
     }
 
     /*  Create a certificate (-C or -S).  */
     if (certutil.commands[cmd_CreateAndAddCert].activated ||
@@ -3451,18 +3477,17 @@ certutil_main(int argc, char **argv, PRB
                         &certReqDER, &privkey, &pwdata, hashAlgTag,
                         serialNumber, warpmonths, validityMonths,
                         certutil.options[opt_ExtendedEmailAddrs].arg,
                         certutil.options[opt_ExtendedDNSNames].arg,
                         certutil.options[opt_ASCIIForIO].activated &&
                             certutil.commands[cmd_CreateNewCert].activated,
                         certutil.options[opt_SelfSign].activated,
                         certutil_extns,
-                        (certutil.options[opt_GenericExtensions].activated ?
-                                                                           certutil.options[opt_GenericExtensions].arg
+                        (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
                                                                            : NULL),
                         certVersion,
                         &certDER);
         if (rv)
             goto shutdown;
     }
 
     /*
--- a/security/nss/cmd/ecperf/ecperf.c
+++ b/security/nss/cmd/ecperf/ecperf.c
@@ -1,17 +1,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "blapi.h"
 #include "ec.h"
 #include "ecl-curve.h"
-#include "nss.h"
-#include "secutil.h"
+#include "prprf.h"
+#include "basicutil.h"
 #include "pkcs11.h"
 #include "nspr.h"
 #include <stdio.h>
 
 #define __PASTE(x, y) x##y
 
 /*
  * Get the NSS specific PKCS #11 function names.
@@ -81,22 +81,24 @@ static SECOidTag ecCurve_oid_map[] = {
     SEC_OID_SECG_EC_SECT131R2,
     SEC_OID_SECG_EC_SECT163R1,
     SEC_OID_SECG_EC_SECT193R1,
     SEC_OID_SECG_EC_SECT193R2,
     SEC_OID_SECG_EC_SECT239K1,
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_1 */
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_8 */
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_9 */
-    SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */
+    SEC_OID_UNKNOWN  /* ECCurve_pastLastCurve */
 };
 
 typedef SECStatus (*op_func)(void *, void *, void *);
 typedef SECStatus (*pk11_op_func)(CK_SESSION_HANDLE, void *, void *, void *);
 
+typedef SECItem SECKEYECParams;
+
 typedef struct ThreadDataStr {
     op_func op;
     void *p1;
     void *p2;
     void *p3;
     int iters;
     PRLock *lock;
     int count;
@@ -705,19 +707,26 @@ main(int argv, char **argc)
 
     if ((ansi | nist | secp) == 0) {
         nist = 1;
     }
     if ((usepkcs11 | usefreebl) == 0) {
         usefreebl = 1;
     }
 
-    rv = NSS_NoDB_Init(NULL);
+    rv = RNG_RNGInit();
     if (rv != SECSuccess) {
-        SECU_PrintError("Error:", "NSS_NoDB_Init");
+        SECU_PrintError("Error:", "RNG_RNGInit");
+        return -1;
+    }
+    RNG_SystemInfoForRNG();
+
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", "SECOID_Init");
         goto cleanup;
     }
 
     if (usepkcs11) {
         CK_RV crv = NSC_Initialize((CK_VOID_PTR)&pk11args);
         if (crv != CKR_OK) {
             fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv);
             return SECFailure;
@@ -760,15 +769,16 @@ main(int argv, char **argc)
         ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
         ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
         ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
         ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
     }
 #endif
 
 cleanup:
-    rv |= NSS_Shutdown();
+    rv |= SECOID_Shutdown();
+    RNG_RNGShutdown();
 
     if (rv != SECSuccess) {
         printf("Error: exiting with error value\n");
     }
     return rv;
 }
--- a/security/nss/cmd/ectest/ectest.c
+++ b/security/nss/cmd/ectest/ectest.c
@@ -1,17 +1,18 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "blapi.h"
 #include "ec.h"
 #include "ecl-curve.h"
-#include "nss.h"
-#include "secutil.h"
+#include "prprf.h"
+#include "basicutil.h"
+#include "secder.h"
 #include "secitem.h"
 #include "nspr.h"
 #include <stdio.h>
 
 typedef struct {
     ECCurveName curve;
     char *privhex;
     char *our_pubhex;
@@ -150,19 +151,20 @@ cleanup:
  * tests fail, then it prints an error message, aborts, and returns an
  * error code. Otherwise, returns 0. */
 int
 main(int argv, char **argc)
 {
     SECStatus rv = SECSuccess;
     int numkats = 0;
     int i = 0;
-    rv = NSS_NoDB_Init(NULL);
+
+    rv = SECOID_Init();
     if (rv != SECSuccess) {
-        SECU_PrintError("Error:", "NSS_NoDB_Init");
+        SECU_PrintError("Error:", "SECOID_Init");
         goto cleanup;
     }
 
     while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
         numkats++;
     }
     printf("1..%d\n", numkats);
     for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
@@ -170,15 +172,15 @@ main(int argv, char **argc)
         if (rv != SECSuccess) {
             printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
         } else {
             printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
         }
     }
 
 cleanup:
-    rv |= NSS_Shutdown();
+    rv |= SECOID_Shutdown();
 
     if (rv != SECSuccess) {
         printf("Error: exiting with error value\n");
     }
     return rv;
 }
--- a/security/nss/cmd/httpserv/httpserv.c
+++ b/security/nss/cmd/httpserv/httpserv.c
@@ -740,20 +740,18 @@ handle_connection(
                         if (entry) {
                             /* revoked status response */
                             revoked = PR_TRUE;
                             DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
                         } else {
                             /* else good status response */
                             if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
                                 unknown = PR_TRUE;
-                                nextUpdate = PR_Now() + (PRTime)60 * 60 *
-                                                            24 * PR_USEC_PER_SEC; /*tomorrow*/
-                                revoDate = PR_Now() - (PRTime)60 * 60 *
-                                                          24 * PR_USEC_PER_SEC; /*yesterday*/
+                                nextUpdate = PR_Now() + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /*tomorrow*/
+                                revoDate = PR_Now() - (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC;   /*yesterday*/
                             }
                         }
                     }
 
                     {
                         PRTime now = PR_Now();
                         PLArenaPool *arena = NULL;
                         CERTOCSPSingleResponse *sr;
--- a/security/nss/cmd/lib/basicutil.c
+++ b/security/nss/cmd/lib/basicutil.c
@@ -682,23 +682,22 @@ SECU_SECItemToHex(const SECItem *item, c
         *dst = '\0';
     }
 }
 
 static unsigned char
 nibble(char c)
 {
     c = PORT_Tolower(c);
-    return (c >= '0' && c <= '9') ? c - '0' :
-                                  (c >=
-                                       'a' &&
-                                   c <=
-                                       'f')
-                                      ? c - 'a' + 10
-                                      : -1;
+    return (c >= '0' && c <= '9') ? c - '0' : (c >=
+                                                   'a' &&
+                                               c <=
+                                                   'f')
+                                                  ? c - 'a' + 10
+                                                  : -1;
 }
 
 SECStatus
 SECU_SECItemHexStringToBinary(SECItem *srcdest)
 {
     unsigned int i;
 
     if (!srcdest) {
--- a/security/nss/cmd/libpkix/testutil/testutil.h
+++ b/security/nss/cmd/libpkix/testutil/testutil.h
@@ -224,19 +224,18 @@ extern "C" {
 
 #define PKIX_TEST_ABORT_ON_NULL(obj) \
     do {                             \
         if (!obj) {                  \
             goto cleanup;            \
         }                            \
     } while (0)
 
-#define PKIX_TEST_ARENAS_ARG(arena)                                           \
-    (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : \
-           PKIX_FALSE)
+#define PKIX_TEST_ARENAS_ARG(arena) \
+    (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : PKIX_FALSE)
 
 #define PKIX_TEST_ERROR_RECEIVED (pkixTestErrorMsg || pkixTestErrorResult)
 
 /* see source file for function documentation */
 
 void startTests(char *testName);
 
 void endTests(char *testName);
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -17,16 +17,18 @@ REQUIRES = nss nspr libdbm
 LIB_SRCDIRS = \
  lib \
  $(NULL)
 endif
 
 ifndef NSS_BUILD_UTIL_ONLY
 SOFTOKEN_SRCDIRS = \
  $(BLTEST_SRCDIR) \
+ $(ECPERF_SRCDIR) \
+ $(ECTEST_SRCDIR) \
  $(FIPSTEST_SRCDIR)  \
  $(LOWHASHTEST_SRCDIR)  \
  $(SHLIBSIGN_SRCDIR) \
  $(NULL)
 endif
 
 ifndef NSS_BUILD_SOFTOKEN_ONLY
 ifndef NSS_BUILD_UTIL_ONLY
@@ -37,18 +39,16 @@ NSS_SRCDIRS = \
  certcgi \
  certutil  \
  chktest  \
  crlutil  \
  crmftest \
  dbtest \
  derdump  \
  digest  \
- ecperf \
- ectest \
  httpserv  \
  listsuites \
  makepqg  \
  multinit \
  ocspclnt  \
  ocspresp \
  oidcalc  \
  p7content  \
--- a/security/nss/cmd/modutil/install.c
+++ b/security/nss/cmd/modutil/install.c
@@ -401,20 +401,18 @@ Pk11Install_DoInstall(char *jarFile, con
         goto loser;
     }
     /*printf("passed the archive\n");*/
 
     /*
      * Show the user security information, allow them to abort or continue
      */
     if (Pk11Install_UserVerifyJar(jar, PR_STDOUT,
-                                  force ?
-                                        PR_FALSE
-                                        :
-                                        PR_TRUE) &&
+                                  force ? PR_FALSE
+                                        : PR_TRUE) &&
         !force) {
         if (feedback) {
             PR_fprintf(feedback, msgStrings[USER_ABORT]);
         }
         ret = PK11_INSTALL_USER_ABORT;
         goto loser;
     }
 
@@ -534,17 +532,16 @@ Pk11Install_DoInstall(char *jarFile, con
     if (ret) {
         goto loser;
     }
 
     ret = PK11_INSTALL_SUCCESS;
 loser:
     if (Pk11Install_valueList) {
         Pk11Install_ValueList_delete(Pk11Install_valueList);
-        PR_Free(Pk11Install_valueList);
         Pk11Install_valueList = NULL;
     }
     if (jar) {
         JAR_destroy(jar);
     }
     if (made_temp_file) {
         PR_Delete(SCRIPT_TEMP_FILE);
     }
@@ -559,34 +556,30 @@ loser:
 // actually run the installation, copying files to and fro
 */
 static Pk11Install_Error
 DoInstall(JAR *jar, const char *installDir, const char *tempDir,
           Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify)
 {
     Pk11Install_File *file;
     Pk11Install_Error ret;
-    char *reldir;
-    char *dest;
     char *modDest;
     char *cp;
     int i;
     int status;
     char *tempname, *temp;
     StringList executables;
     StringNode *execNode;
     PRProcessAttr *attr;
     PRProcess *proc;
     char *argv[2];
     char *envp[1];
     int errcode;
 
     ret = PK11_INSTALL_UNSPECIFIED;
-    reldir = NULL;
-    dest = NULL;
     modDest = NULL;
     tempname = NULL;
 
     StringList_new(&executables);
     /*
     // Create Temporary directory
     */
     tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME);
@@ -599,21 +592,27 @@ DoInstall(JAR *jar, const char *installD
         ret = PK11_INSTALL_CREATE_DIR;
         goto loser;
     }
 
     /*
     // Install all the files
     */
     for (i = 0; i < platform->numFiles; i++) {
+        char *dest;
         file = &platform->files[i];
 
         if (file->relativePath) {
             PRBool foundMarker = PR_FALSE;
-            reldir = PR_Strdup(file->relativePath);
+            char *reldir = PR_Strdup(file->relativePath);
+
+            if (!reldir) {
+                error(PK11_INSTALL_UNSPECIFIED);
+                goto loser;
+            }
 
             /* Replace all the markers with the directories for which they stand */
             while (1) {
                 if ((cp = PL_strcasestr(reldir, ROOT_MARKER))) {
                     /* Has a %root% marker  */
                     *cp = '\0';
                     temp = PR_smprintf("%s%s%s", reldir, installDir,
                                        cp + strlen(ROOT_MARKER));
@@ -631,22 +630,25 @@ DoInstall(JAR *jar, const char *installD
                 } else {
                     break;
                 }
             }
             if (!foundMarker) {
                 /* Has no markers...this isn't really a relative directory */
                 error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath);
                 ret = PK11_INSTALL_BOGUS_REL_DIR;
+                PR_Free(reldir);
                 goto loser;
             }
             dest = reldir;
-            reldir = NULL;
         } else if (file->absolutePath) {
             dest = PR_Strdup(file->absolutePath);
+        } else {
+            error(PK11_INSTALL_UNSPECIFIED);
+            goto loser;
         }
 
         /* Remember if this is the module file, we'll need to add it later */
         if (i == platform->modFile) {
             modDest = PR_Strdup(dest);
         }
 
         /* Remember is this is an executable, we'll need to run it later */
@@ -680,28 +682,20 @@ DoInstall(JAR *jar, const char *installD
         }
         if (feedback) {
             PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG],
                        file->jarPath, dest);
         }
 
 /* no NSPR command to change permissions? */
 #ifdef XP_UNIX
-        chmod(dest, file->permissions);
+        (void)chmod(dest, file->permissions);
 #endif
 
-        /* Memory clean-up tasks */
-        if (reldir) {
-            PR_Free(reldir);
-            reldir = NULL;
-        }
-        if (dest) {
-            PR_Free(dest);
-            dest = NULL;
-        }
+        PR_Free(dest);
     }
     /* Make sure we found the module file */
     if (!modDest) {
         /* Internal problem here, since every platform is supposed to have
            a module file */
         error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName);
         ret = PK11_INSTALL_NO_MOD_FILE;
         goto loser;
@@ -772,22 +766,16 @@ DoInstall(JAR *jar, const char *installD
 
     if (feedback) {
         PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]);
     }
 
     ret = PK11_INSTALL_SUCCESS;
 
 loser:
-    if (reldir) {
-        PR_Free(reldir);
-    }
-    if (dest) {
-        PR_Free(dest);
-    }
     if (modDest) {
         PR_Free(modDest);
     }
     if (tempname) {
         PRFileInfo info;
         if (PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
             if (info.type == PR_FILE_DIRECTORY) {
                 /* Recursively remove temporary directory */
--- a/security/nss/cmd/modutil/installparse.c
+++ b/security/nss/cmd/modutil/installparse.c
@@ -41,95 +41,104 @@ extern char *Pk11Install_yytext;
 char *Pk11Install_yyerrstr = NULL;
 
 #line 40 "ytab.c"
 #define OPENBRACE 257
 #define CLOSEBRACE 258
 #define STRING 259
 #define YYERRCODE 256
 /* clang-format on */
-short yylhs[] = {                                        -1,
-    0,    1,    1,    2,    2,    3,    4,
+short yylhs[] = {
+    -1,
+    0, 1, 1, 2, 2, 3, 4,
 };
-short yylen[] = {                                         2,
-    1,    2,    0,    1,    1,    4,    1,
+short yylen[] = {
+    2,
+    1, 2, 0, 1, 1, 4, 1,
 };
-short yydefred[] = {                                      0,
-    0,    0,    1,    0,    4,    0,    2,    0,    0,    6,
+short yydefred[] = {
+    0,
+    0, 0, 1, 0, 4, 0, 2, 0, 0, 6,
 };
-short yydgoto[] = {                                       2,
-    3,    4,    5,    6,
+short yydgoto[] = {
+    2,
+    3, 4, 5, 6,
 };
-short yysindex[] = {                                   -257,
-    0,    0,    0, -257,    0, -252,    0, -257, -251,    0,
+short yysindex[] = {
+    -257,
+    0, 0, 0, -257, 0, -252, 0, -257, -251, 0,
 };
-short yyrindex[] = {                                      6,
-    1,    0,    0,    3,    0,    0,    0, -250,    0,    0,
+short yyrindex[] = {
+    6,
+    1, 0, 0, 3, 0, 0, 0, -250, 0, 0,
 };
-short yygindex[] = {                                      0,
-   -4,    0,    0,    0,
+short yygindex[] = {
+    0,
+    -4, 0, 0, 0,
 };
 #define YYTABLESIZE 261
-short yytable[] = {                                       7,
-    5,    1,    3,    9,    8,    3,   10,    3,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    7,    5,    5,
+short yytable[] = {
+    7,
+    5, 1, 3, 9, 8, 3, 10, 3, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 7, 5, 5,
     3,
 };
-short yycheck[] = {                                       4,
-    0,  259,    0,    8,  257,    0,  258,  258,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,  257,  258,  259,
-  258,
+short yycheck[] = {
+    4,
+    0, 259, 0, 8, 257, 0, 258, 258, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, 257, 258, 259,
+    258,
 };
 /* clang-format on */
 #define YYFINAL 2
 #ifndef YYDEBUG
 #define YYDEBUG 0
 #endif
 #define YYMAXTOKEN 259
 #if YYDEBUG
--- a/security/nss/cmd/multinit/multinit.c
+++ b/security/nss/cmd/multinit/multinit.c
@@ -497,18 +497,17 @@ do_list_certs(const char *progName, int 
 
     for (node = CERT_LIST_HEAD(sorted); !CERT_LIST_END(node, sorted);
          node = CERT_LIST_NEXT(node)) {
         CERTCertificate *cert = node->cert;
         char *commonName;
 
         SECU_PrintCertNickname(node, stderr);
         if (log) {
-            fprintf(stderr, "*	Slot=%s*\n", cert->slot ?
-                                                        PK11_GetTokenName(cert->slot)
+            fprintf(stderr, "*	Slot=%s*\n", cert->slot ? PK11_GetTokenName(cert->slot)
                                                         : "none");
             fprintf(stderr, "*	Nickname=%s*\n", cert->nickname);
             fprintf(stderr, "*	Subject=<%s>*\n", cert->subjectName);
             fprintf(stderr, "*	Issuer=<%s>*\n", cert->issuerName);
             fprintf(stderr, "*	SN=");
             for (i = 0; i < cert->serialNumber.len; i++) {
                 if (i != 0)
                     fprintf(stderr, ":");
--- a/security/nss/cmd/p7env/p7env.c
+++ b/security/nss/cmd/p7env/p7env.c
@@ -232,17 +232,17 @@ main(int argc, char **argv)
     }
 
     if (EncryptFile(outFile, inFile, recipients, progName)) {
         SECU_PrintError(progName, "problem encrypting data");
         return -1;
     }
 
     /* free certs */
-    for (rcpt = recipients; rcpt != NULL; ) {
+    for (rcpt = recipients; rcpt != NULL;) {
         struct recipient *next = rcpt->next;
         CERT_DestroyCertificate(rcpt->cert);
         PORT_Free(rcpt->nickname);
         PORT_Free(rcpt);
         rcpt = next;
     }
 
     if (inFile && inFile != stdin) {
--- a/security/nss/cmd/pk11util/pk11util.c
+++ b/security/nss/cmd/pk11util/pk11util.c
@@ -1092,20 +1092,18 @@ printArg(Value *ptr, int arg_number)
             printConst(attribute->type, ConstAttribute, 1);
             printf(" Attribute Data: ");
             if (attribute->pValue == NULL) {
                 printf("NULL\n");
                 printf("Attribute Len: %lu\n", attribute->ulValueLen);
             } else {
                 constType = getConstFromAttribute(attribute->type);
                 if (constType != ConstNone) {
-                    CK_ULONG value = (constType == ConstBool) ?
-                                                              *(CK_BBOOL *)attribute->pValue
-                                                              :
-                                                              *(CK_ULONG *)attribute->pValue;
+                    CK_ULONG value = (constType == ConstBool) ? *(CK_BBOOL *)attribute->pValue
+                                                              : *(CK_ULONG *)attribute->pValue;
                     printConst(value, constType, 1);
                 } else {
                     printf("\n");
                     printDump(attribute->pValue, attribute->ulValueLen);
                 }
             }
             break;
         case ArgMechanism:
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -747,18 +747,17 @@ P12U_ListPKCS12File(char *in_file, PK11S
                         if (!fd) {
                             SECU_PrintError(progName,
                                             "Cannot create output file");
                         } else {
                             PR_Write(fd, dip->der->data, dip->der->len);
                             PR_Close(fd);
                         }
                     } else if (SECU_PrintSignedData(stdout, dip->der,
-                                                    (dip->hasKey) ?
-                                                                  "(has private key)"
+                                                    (dip->hasKey) ? "(has private key)"
                                                                   : "",
                                                     0, (SECU_PPFunc)SECU_PrintCertificate) !=
                                0) {
                         SECU_PrintError(progName, "PKCS12 print cert bag failed");
                     }
                     if (dip->friendlyName != NULL) {
                         printf("    Friendly Name: %s\n\n",
                                dip->friendlyName->data);
@@ -977,20 +976,18 @@ main(int argc, char **argv)
 
     if (pk12util.options[opt_Export].activated &&
         !pk12util.options[opt_Nickname].activated) {
         Usage(progName);
     }
 
     slotname = SECU_GetOptionArg(&pk12util, opt_TokenName);
 
-    import_file = (pk12util.options[opt_List].activated) ?
-                                                         SECU_GetOptionArg(&pk12util, opt_List)
-                                                         :
-                                                         SECU_GetOptionArg(&pk12util, opt_Import);
+    import_file = (pk12util.options[opt_List].activated) ? SECU_GetOptionArg(&pk12util, opt_List)
+                                                         : SECU_GetOptionArg(&pk12util, opt_Import);
     export_file = SECU_GetOptionArg(&pk12util, opt_Export);
 
     if (pk12util.options[opt_P12FilePWFile].activated) {
         p12FilePw.source = PW_FROMFILE;
         p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePWFile].arg);
     }
 
     if (pk12util.options[opt_P12FilePW].activated) {
@@ -1047,18 +1044,17 @@ main(int argc, char **argv)
         if (cipher == SEC_OID_UNKNOWN) {
             PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
             SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
             pk12uErrno = PK12UERR_INVALIDALGORITHM;
             goto done;
         }
     }
 
-    certCipher = PK11_IsFIPS() ? SEC_OID_UNKNOWN :
-                               SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+    certCipher = PK11_IsFIPS() ? SEC_OID_UNKNOWN : SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
     if (pk12util.options[opt_CertCipher].activated) {
         char *cipherString = pk12util.options[opt_CertCipher].arg;
 
         if (PORT_Strcasecmp(cipherString, "none") == 0) {
             certCipher = SEC_OID_UNKNOWN;
         } else {
             certCipher = PKCS12U_MapCipherFromString(cipherString, certKeyLen);
             /* If the user requested a cipher and we didn't find it, then
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -215,17 +215,17 @@ PrintParameterUsage()
         "   badsig: use a good status but with an invalid signature\n"
         "   corrupted: stapled cert status is an invalid block of data\n"
         "   random: each connection uses a random status from this list:\n"
         "           good, revoked, unknown, failure, badsig, corrupted\n"
         "   ocsp: fetch from external OCSP server using AIA, or none\n"
         "-A <ca> Nickname of a CA used to sign a stapled cert status\n"
         "-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
         "-H override default DHE server support, 0: disable, 1: enable, "
-            " 2: require DH named groups\n"
+        " 2: require DH named groups\n"
         "-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
         "-c Restrict ciphers\n"
         "-Y prints cipher values allowed for parameter -c and exits\n"
         "-G enables the extended master secret extension [RFC7627]\n"
         "-Q enables ALPN for HTTP/1.1 [RFC7301]\n",
         stderr);
 }
 
@@ -513,18 +513,17 @@ mySSLSNISocketConfig(PRFileDesc *fd, con
                 cert = PK11_FindCertFromNickname(nickName, &pwdata);
                 if (cert == NULL) {
                     goto loser; /* Send alert */
                 }
                 privKey = PK11_FindKeyByAnyCert(cert, &pwdata);
                 if (privKey == NULL) {
                     goto loser; /* Send alert */
                 }
-                if (SSL_ConfigServerCert(fd, cert, privKey, NULL, 0)
-                    != SECSuccess) {
+                if (SSL_ConfigServerCert(fd, cert, privKey, NULL, 0) != SECSuccess) {
                     goto loser; /* Send alert */
                 }
                 SECKEY_DestroyPrivateKey(privKey);
                 CERT_DestroyCertificate(cert);
                 return i;
             }
         }
     }
@@ -2010,18 +2009,18 @@ server_main(
         }
         rv = SSL_OptionSet(model_sock, SSL_ENABLE_0RTT_DATA, PR_TRUE);
         if (rv != SECSuccess) {
             errExit("error enabling 0RTT ");
         }
     }
 
     if (enableALPN) {
-        PRUint8 alpnVal[] = {0x08,
-                             0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
+        PRUint8 alpnVal[] = { 0x08,
+                              0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 };
         rv = SSL_OptionSet(model_sock, SSL_ENABLE_ALPN, PR_TRUE);
         if (rv != SECSuccess) {
             errExit("error enabling ALPN");
         }
 
         rv = SSL_SetNextProtoNego(model_sock, alpnVal, sizeof(alpnVal));
         if (rv != SECSuccess) {
             errExit("error enabling ALPN");
@@ -2856,18 +2855,17 @@ main(int argc, char **argv)
     }
 
     /* allocate the array of thread slots, and launch the worker threads. */
     rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
 
     if (rv == SECSuccess && logStats) {
         loggerThread = PR_CreateThread(PR_SYSTEM_THREAD,
                                        logger, NULL, PR_PRIORITY_NORMAL,
-                                       useLocalThreads ?
-                                                       PR_LOCAL_THREAD
+                                       useLocalThreads ? PR_LOCAL_THREAD
                                                        : PR_GLOBAL_THREAD,
                                        PR_JOINABLE_THREAD, 0);
         if (loggerThread == NULL) {
             fprintf(stderr, "selfserv: Failed to launch logger thread!\n");
             rv = SECFailure;
         }
     }
 
--- a/security/nss/cmd/signtool/javascript.c
+++ b/security/nss/cmd/signtool/javascript.c
@@ -77,22 +77,19 @@ InlineJavaScript(char *dir, PRBool recur
  */
 static int
 javascript_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
 {
     char fullname[FNSIZE];
 
     /* only process inline scripts from .htm, .html, and .shtml*/
 
-    if (!(PL_strcaserstr(filename, ".htm") == filename + strlen(filename) -
-                                                  4) &&
-        !(PL_strcaserstr(filename, ".html") == filename + strlen(filename) -
-                                                   5) &&
-        !(PL_strcaserstr(filename, ".shtml") == filename + strlen(filename) -
-                                                    6)) {
+    if (!(PL_strcaserstr(filename, ".htm") == filename + strlen(filename) - 4) &&
+        !(PL_strcaserstr(filename, ".html") == filename + strlen(filename) - 5) &&
+        !(PL_strcaserstr(filename, ".shtml") == filename + strlen(filename) - 6)) {
         return 0;
     }
 
     /* don't process scripts that signtool has already
      extracted (those that are inside .arc directories) */
 
     if (PL_strcaserstr(filename, ".arc") == filename + strlen(filename) - 4)
         return 0;
@@ -377,18 +374,17 @@ ProcessTag(FileBuffer *fb, char **errStr
                             hyphenCount = 0;
                         }
                     }
                     ti->type = COMMENT_TAG;
                     break;
                 }
             /* fall through */
             case GET_ATT_STATE:
-                if (isspace(curchar) || curchar == '=' || curchar ==
-                                                              '>') {
+                if (isspace(curchar) || curchar == '=' || curchar == '>') {
                     /* end of the current attribute */
                     curPos = FB_GetPointer(fb) - 2;
                     if (curPos >= startID) {
                         /* We have an attribute */
                         curPair = (AVPair *)PR_Malloc(sizeof(AVPair));
                         if (!curPair)
                             out_of_memory();
                         curPair->value = NULL;
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -76,20 +76,18 @@ SignArchive(char *tree, char *keyName, c
     /* Add the rsa/dsa file as the first file in the archive. This is crucial
      * for a XPInstall compatible archive */
     if (xpi_arc) {
         if (verbosity >= 0) {
             PR_fprintf(outputFD, "%s \n", XPI_TEXT);
         }
 
         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
-                                                                   "dsa"
-                                                                   :
-                                                                   "rsa"));
+        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
+                                                                   : "rsa"));
         sprintf(fullfn, "%s/%s", tree, tempfn);
         JzipAdd(fullfn, tempfn, zipfile, compression_level);
 
         /* Loop through all files & subdirectories, add to archive */
         foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
                  (void *)NULL)
             ;
     }
@@ -101,20 +99,18 @@ SignArchive(char *tree, char *keyName, c
     /* sf to zip */
     sprintf(tempfn, "META-INF/%s.sf", base);
     sprintf(fullfn, "%s/%s", tree, tempfn);
     JzipAdd(fullfn, tempfn, zipfile, compression_level);
 
     /* Add the rsa/dsa file to the zip archive normally */
     if (!xpi_arc) {
         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
-                                                                   "dsa"
-                                                                   :
-                                                                   "rsa"));
+        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
+                                                                   : "rsa"));
         sprintf(fullfn, "%s/%s", tree, tempfn);
         JzipAdd(fullfn, tempfn, zipfile, compression_level);
     }
 
     JzipClose(zipfile);
 
     if (verbosity >= 0) {
         if (javascript) {
@@ -166,18 +162,17 @@ sign_all_arc_fn(char *relpath, char *bas
 {
     char *zipfile = NULL;
     char *arc = NULL, *archive = NULL;
     int retval = 0;
     SignArcInfo *infop = (SignArcInfo *)arg;
 
     /* Make sure there is one and only one ".arc" in the relative path,
      * and that it is at the end of the path (don't sign .arcs within .arcs) */
-    if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) -
-                                                4) &&
+    if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) &&
         (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4)) {
 
         if (!infop) {
             PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
             errorCount++;
             retval = -1;
             goto finish;
         }
--- a/security/nss/cmd/signtool/verify.c
+++ b/security/nss/cmd/signtool/verify.c
@@ -207,27 +207,25 @@ verify_global(JAR *jar)
                     }
 
                     globaldig = jar->globalmeta;
 
                     if (globaldig && md5_digest && verbosity >= 0) {
                         PR_fprintf(outputFD,
                                    "  md5 digest on global metainfo: %s\n",
                                    PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
-                                       ?
-                                       "no match"
+                                       ? "no match"
                                        : "match");
                     }
 
                     if (globaldig && sha1_digest && verbosity >= 0) {
                         PR_fprintf(outputFD,
                                    "  sha digest on global metainfo: %s\n",
                                    PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
-                                       ?
-                                       "no match"
+                                       ? "no match"
                                        : "match");
                     }
 
                     if (globaldig == NULL && verbosity >= 0) {
                         PR_fprintf(outputFD,
                                    "global metadigest is not available, strange.\n");
                     }
 
--- a/security/nss/cmd/signtool/zip.c
+++ b/security/nss/cmd/signtool/zip.c
@@ -154,18 +154,17 @@ JzipAdd(char *fullname, char *filename, 
     if ((readfp = PR_Open(fullname, PR_RDONLY, 0777)) == NULL) {
         char *nsprErr;
         if (PR_GetErrorTextLength()) {
             nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
             PR_GetErrorText(nsprErr);
         } else {
             nsprErr = NULL;
         }
-        PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr :
-                                                          "");
+        PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr : "");
         errorCount++;
         if (nsprErr)
             PR_Free(nsprErr);
         exit(ERRX);
     }
 
     /*
      * Make sure the input file is not the output file.
@@ -275,35 +274,33 @@ JzipAdd(char *fullname, char *filename, 
         sizeof(struct ZipLocal)) {
         char *nsprErr;
         if (PR_GetErrorTextLength()) {
             nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
             PR_GetErrorText(nsprErr);
         } else {
             nsprErr = NULL;
         }
-        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
-                                                              "");
+        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
         if (nsprErr)
             PR_Free(nsprErr);
         errorCount++;
         exit(ERRX);
     }
 
     /* File Name */
     if (PR_Write(zipfp, filename, strlen(filename)) < strlen(filename)) {
         char *nsprErr;
         if (PR_GetErrorTextLength()) {
             nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
             PR_GetErrorText(nsprErr);
         } else {
             nsprErr = NULL;
         }
-        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
-                                                              "");
+        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
         if (nsprErr)
             PR_Free(nsprErr);
         errorCount++;
         exit(ERRX);
     }
 
     /*
      * File data
--- a/security/nss/cmd/signver/signver.c
+++ b/security/nss/cmd/signver/signver.c
@@ -79,17 +79,16 @@ enum {
     cmd_DisplayAllPCKS7Info = 0,
     cmd_VerifySignedObj
 };
 
 enum {
     opt_ASCII,
     opt_CertDir,
     opt_InputDataFile,
-    opt_ItemNumber,
     opt_OutputFile,
     opt_InputSigFile,
     opt_PrintWhyFailure,
     opt_DebugInfo
 };
 
 static secuCommandFlag signver_commands[] =
     {
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -251,17 +251,18 @@ PrintParameterUsage(void)
     fprintf(stderr, "%-20s Test -F allows 0=any (default), 1=only OCSP, 2=only CRL\n", "-M");
     fprintf(stderr, "%-20s Restrict ciphers\n", "-c ciphers");
     fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y");
     fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4");
     fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
     fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
     fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
     fprintf(stderr, "%-20s Require the use of FFDHE supported groups "
-                    "[I-D.ietf-tls-negotiated-ff-dhe]\n", "-H");
+                    "[I-D.ietf-tls-negotiated-ff-dhe]\n",
+            "-H");
 }
 
 static void
 Usage(const char *progName)
 {
     PrintUsageHeader(progName);
     PrintParameterUsage();
     exit(1);
@@ -1345,16 +1346,18 @@ main(int argc, char **argv)
 
     s = SSL_ImportFD(NULL, s);
     if (s == NULL) {
         SECU_PrintError(progName, "error importing socket");
         error = 1;
         goto done;
     }
 
+    SSL_SetPKCS11PinArg(s, &pwdata);
+
     rv = SSL_OptionSet(s, SSL_SECURITY, 1);
     if (rv != SECSuccess) {
         SECU_PrintError(progName, "error enabling socket");
         error = 1;
         goto done;
     }
 
     rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, 1);
@@ -1495,18 +1498,16 @@ main(int argc, char **argv)
     rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
                        enableSignedCertTimestamps);
     if (rv != SECSuccess) {
         SECU_PrintError(progName, "error enabling signed cert timestamps");
         error = 1;
         goto done;
     }
 
-    SSL_SetPKCS11PinArg(s, &pwdata);
-
     serverCertAuth.dbHandle = CERT_GetDefaultCertDB();
 
     SSL_AuthCertificateHook(s, ownAuthCertificate, &serverCertAuth);
     if (override) {
         SSL_BadCertHook(s, ownBadCertHandler, NULL);
     }
     SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
     SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
--- a/security/nss/coreconf/OS2.mk
+++ b/security/nss/coreconf/OS2.mk
@@ -15,17 +15,17 @@ LIB_PREFIX  = $(NULL)
 # Override suffix in suffix.mk
 LIB_SUFFIX  = lib
 # the DLL_SUFFIX must be uppercase for FIPS mode to work. bugzilla 240784
 DLL_SUFFIX  = DLL
 PROG_SUFFIX = .exe
 
 
 CCC			= gcc
-LINK			= gcc
+LD  			= gcc
 AR                      = emxomfar r $@
 # Keep AR_FLAGS blank so that we do not have to change rules.mk
 AR_FLAGS                = 
 RANLIB 			= @echo OS2 RANLIB
 BSDECHO 		= @echo OS2 BSDECHO
 IMPLIB			= emximp -o
 FILTER			= emxexp -o
 
--- a/security/nss/coreconf/WIN32.mk
+++ b/security/nss/coreconf/WIN32.mk
@@ -8,27 +8,27 @@
 # and Windows 95
 #
 
 DEFAULT_COMPILER = cl
 
 ifdef NS_USE_GCC
 	CC           = gcc
 	CCC          = g++
-	LINK         = ld
+	LD           = ld
 	AR           = ar
 	AR          += cr $@
 	RANLIB       = ranlib
 	BSDECHO      = echo
 	RC           = windres.exe -O coff --use-temp-file
 	LINK_DLL      = $(CC) $(OS_DLLFLAGS) $(DLLFLAGS)
 else
 	CC           = cl
 	CCC          = cl
-	LINK         = link
+	LD           = link
         LDFLAGS += -nologo
 	AR           = lib
 	AR          += -nologo -OUT:$@
 	RANLIB       = echo
 	BSDECHO      = echo
 	RC           = rc.exe
 	MT           = mt.exe
 	# Check for clang-cl
@@ -214,28 +214,30 @@ endif
 
 ifeq (,$(filter-out x386 x86_64,$(CPU_ARCH)))
 ifdef USE_64
 	DEFINES += -D_AMD64_
 	# Use subsystem 5.02 to allow running on Windows XP.
 	ifeq ($(_MSC_VER_GE_11),1)
 		LDFLAGS += -SUBSYSTEM:CONSOLE,5.02
 	endif
+	CPU_ARCH = x86_64
 else
 	DEFINES += -D_X86_
 	# VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring
 	# SSE2. Clang-cl gets confused by -arch:IA32, so don't add it.
 	# (See https://llvm.org/bugs/show_bug.cgi?id=24335)
 	# Use subsystem 5.01 to allow running on Windows XP.
 	ifeq ($(_MSC_VER_GE_11),1)
 		ifneq ($(CLANG_CL),1)
 			OS_CFLAGS += -arch:IA32
 		endif
 		LDFLAGS += -SUBSYSTEM:CONSOLE,5.01
 	endif
+	CPU_ARCH = x386
 endif
 endif
 ifeq ($(CPU_ARCH), ALPHA)
 	DEFINES += -D_ALPHA_=1
 endif
 
 ifdef MAPFILE
 ifndef NS_USE_GCC
--- a/security/nss/coreconf/arch.mk
+++ b/security/nss/coreconf/arch.mk
@@ -201,29 +201,29 @@ ifeq (CYGWIN_NT,$(findstring CYGWIN_NT,$
 	# Cygwin's uname -m returns "i686" on a Pentium Pro machine.
 	#
 	ifneq (,$(findstring 86,$(CPU_ARCH)))
 	    CPU_ARCH = x386
 	endif
     endif
 endif
 #
-# If uname -s returns "MINGW32_NT-*", we assume that we are using
+# If uname -s returns "MINGW*_NT-*", we assume that we are using
 # the uname.exe in the MSYS toolkit.
 #
-ifeq (MINGW32_NT,$(findstring MINGW32_NT,$(OS_ARCH)))
-    OS_RELEASE := $(patsubst MINGW32_NT-%,%,$(OS_ARCH))
+ifneq (,$(filter MINGW32_NT-% MINGW64_NT-%,$(OS_ARCH)))
+    OS_RELEASE := $(patsubst MINGW64_NT-%,%,$(patsubst MINGW32_NT-%,%,$(OS_ARCH)))
     OS_ARCH = WINNT
     USE_MSYS = 1
     ifndef CPU_ARCH
 	CPU_ARCH := $(shell uname -m)
 	#
 	# MSYS's uname -m returns "i686" on a Pentium Pro machine.
 	#
-	ifneq (,$(findstring 86,$(CPU_ARCH)))
+	ifneq (,$(filter i%86,$(CPU_ARCH)))
 	    CPU_ARCH = x386
 	endif
     endif
 endif
 
 ifeq ($(OS_TARGET),Android)
 #
 # this should be  configurable from the user
--- a/security/nss/coreconf/command.mk
+++ b/security/nss/coreconf/command.mk
@@ -6,17 +6,17 @@
 #######################################################################
 # Master "Core Components" default command macros;                    #
 # can be overridden in <arch>.mk                                      #
 #######################################################################
 
 AS            = $(CC)
 ASFLAGS      += $(CFLAGS)
 CCF           = $(CC) $(CFLAGS)
-LINK_DLL      = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
+LINK_DLL      = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
 CFLAGS        = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
                 $(DEFINES) $(INCLUDES) $(XCFLAGS)
 PERL          = perl
 RANLIB        = echo
 TAR           = /bin/tar
 #
 # For purify
 #
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -212,16 +212,8 @@ DEFINES += -DSSL_DISABLE_DEPRECATED_CIPH
 # exported symbols, which causes problem when NSS is built as part of Mozilla.
 # So we add a NSS_SSL_ENABLE_ZLIB variable to allow Mozilla to turn this off.
 NSS_SSL_ENABLE_ZLIB = 1
 
 # Allow disabling PKCS11 bypass.
 ifdef NSS_NO_PKCS11_BYPASS
 DEFINES += -DNO_PKCS11_BYPASS
 endif
-
-# Allow build-time configuration of TLS 1.3 (Experimental)
-ifdef NSS_ENABLE_TLS_1_3
-ifdef NSS_DISABLE_ECC
-$(error Setting NSS_ENABLE_TLS_1_3 and NSS_DISABLE_ECC isn't a good idea.)
-endif
-DEFINES += -DNSS_ENABLE_TLS_1_3
-endif
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/coreconf/rules.mk
+++ b/security/nss/coreconf/rules.mk
@@ -359,17 +359,21 @@ ifeq (,$(filter-out OS2 AIX,$(OS_TARGET)
 # OS/2 and AIX
 NEED_ABSOLUTE_PATH := 1
 PWD := $(shell pwd)
 
 else
 # Windows
 ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
 NEED_ABSOLUTE_PATH := 1
-ifdef .PYMAKE
+# CURDIR is always an absolute path. If it doesn't start with a /, it's a
+# Windows path meaning we're running under MINGW make (as opposed to MSYS
+# make), or pymake. In both cases, it's preferable to use a Windows path,
+# so use $(CURDIR) as is.
+ifeq (,$(filter /%,$(CURDIR)))
 PWD := $(CURDIR)
 else
 PWD := $(shell pwd)
 ifeq (,$(findstring ;,$(PATH)))
 ifndef USE_MSYS
 PWD := $(subst \,/,$(shell cygpath -w $(PWD)))
 endif
 endif
@@ -377,17 +381,17 @@ endif
 
 else
 # everything else
 PWD := $(shell pwd)
 endif
 endif
 
 # The quotes allow absolute paths to contain spaces.
-core_abspath = "$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(1)),$(1),$(PWD)/$(1)))"
+core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(1)),$(1),$(PWD)/$(1)))'
 
 $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
 	@$(MAKE_OBJDIR)
 ifdef USE_NT_C_SYNTAX
 	$(CC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<)
 else
 ifdef NEED_ABSOLUTE_PATH
 	$(CC) -o $@ -c $(CFLAGS) $(call core_abspath,$<)
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/.clang-format
@@ -0,0 +1,4 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+...
--- a/security/nss/external_tests/common/scoped_ptrs.h
+++ b/security/nss/external_tests/common/scoped_ptrs.h
@@ -22,22 +22,27 @@ struct ScopedDelete {
   void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
   void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
   void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
   void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
   void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
   void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
 };
 
-template<class T>
+template <class T>
 struct ScopedMaybeDelete {
-  void operator()(T* ptr) { if (ptr) { ScopedDelete del; del(ptr); } }
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDelete del;
+      del(ptr);
+    }
+  }
 };
 
-#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped ## x
+#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
 
 SCOPED(CERTCertificate);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);
 SCOPED(SECAlgorithmID);
 SCOPED(SECItem);
 SCOPED(SECKEYPublicKey);
--- a/security/nss/external_tests/der_gtest/der_getint_unittest.cc
+++ b/security/nss/external_tests/der_gtest/der_getint_unittest.cc
@@ -1,43 +1,41 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <climits>
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
 #include "secutil.h"
-#include <memory>
-#include <climits>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 class DERIntegerDecodingTest : public ::testing::Test {
  public:
-  void TestGetInteger(long number, unsigned char *der_number, unsigned int len)
-  {
+  void TestGetInteger(long number, unsigned char *der_number,
+                      unsigned int len) {
     SECItem input = {siBuffer, der_number, len};
     EXPECT_EQ(number, DER_GetInteger(&input));
   }
 
-  void GetDerLongMax(unsigned char *der_number, unsigned int len)
-  {
+  void GetDerLongMax(unsigned char *der_number, unsigned int len) {
     der_number[0] = 0x7F;
     for (unsigned int i = 1; i < len; ++i) {
       der_number[i] = 0xFF;
     }
   }
 
-  void GetDerLongMin(unsigned char *der_number, unsigned int len)
-  {
+  void GetDerLongMin(unsigned char *der_number, unsigned int len) {
     der_number[0] = 0x80;
     for (unsigned int i = 1; i < len; ++i) {
       der_number[i] = 0x00;
     }
   }
 };
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMinus126) {
@@ -75,39 +73,38 @@ TEST_F(DERIntegerDecodingTest, DecodeLon
   unsigned char der[sizeof(long)];
   GetDerLongMin(der, sizeof(long));
   TestGetInteger(LONG_MIN, der, sizeof(der));
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMaxMinus1) {
   unsigned char der[sizeof(long)];
   GetDerLongMax(der, sizeof(long));
-  der[sizeof(long)-1] = 0xFE;
-  TestGetInteger(LONG_MAX-1, der, sizeof(der));
+  der[sizeof(long) - 1] = 0xFE;
+  TestGetInteger(LONG_MAX - 1, der, sizeof(der));
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMinPlus1) {
   unsigned char der[sizeof(long)];
   GetDerLongMin(der, sizeof(long));
-  der[sizeof(long)-1] = 0x01;
-  TestGetInteger(LONG_MIN+1, der, sizeof(der));
+  der[sizeof(long) - 1] = 0x01;
+  TestGetInteger(LONG_MIN + 1, der, sizeof(der));
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMinMinus1) {
-  unsigned char der[sizeof(long)+1];
-  GetDerLongMax(der, sizeof(long)+1);
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMax(der, sizeof(long) + 1);
   der[0] = 0xFF;
   der[1] = 0x7F;
   TestGetInteger(LONG_MIN, der, sizeof(der));
   EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMaxPlus1) {
-  unsigned char der[sizeof(long)+1];
-  GetDerLongMin(der, sizeof(long)+1);
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMin(der, sizeof(long) + 1);
   der[0] = 0x00;
   der[1] = 0x80;
   TestGetInteger(LONG_MAX, der, sizeof(der));
   EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/manifest.mn
+++ b/security/nss/external_tests/manifest.mn
@@ -7,9 +7,10 @@ DEPTH      = ..
 
 DIRS = \
 	google_test \
 	common \
 	der_gtest \
 	util_gtest \
 	pk11_gtest \
 	ssl_gtest \
+        nss_bogo_shim \
 	$(NULL)
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/Makefile
@@ -0,0 +1,52 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+CXXFLAGS += -std=c++0x
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/ssl
+
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/config.cc
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <queue>
+#include <string>
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args,
+                                    std::string *out) {
+  if (args->empty()) return false;
+  *out = args->front();
+  args->pop();
+  return true;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, int *out) {
+  if (args->empty()) return false;
+
+  char *endptr;
+  *out = strtol(args->front(), &endptr, 10);
+  args->pop();
+
+  return !*endptr;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, bool *out) {
+  *out = true;
+  return true;
+}
+
+std::string Config::XformFlag(const std::string &arg) {
+  if (arg.empty()) return "";
+
+  if (arg[0] != '-') return "";
+
+  return arg.substr(1);
+}
+
+Config::Status Config::ParseArgs(int argc, char **argv) {
+  std::queue<const char *> args;
+  for (int i = 1; i < argc; ++i) {
+    args.push(argv[i]);
+  }
+  while (!args.empty()) {
+    auto e = entries_.find(XformFlag(args.front()));
+    args.pop();
+    if (e == entries_.end()) {
+      return kUnknownFlag;
+    }
+    if (!e->second->Parse(&args)) return kMalformedArgument;
+  }
+
+  return kOK;
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/config.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Generic command line flags system for NSS BoGo shim.  This class
+// could actually in principle handle other programs. The flags are
+// defined in the consumer code.
+
+#ifndef config_h_
+#define config_h_
+
+#include <cassert>
+
+#include <iostream>
+#include <map>
+#include <queue>
+#include <string>
+#include <typeinfo>
+
+// Abstract base class for a given config flag.
+class ConfigEntryBase {
+ public:
+  ConfigEntryBase(const std::string& name, const std::string& type)
+      : name_(name), type_(type) {}
+
+  const std::string& type() const { return type_; }
+  virtual bool Parse(std::queue<const char*>* args) = 0;
+
+ protected:
+  bool ParseInternal(std::queue<const char*>* args, std::string* out);
+  bool ParseInternal(std::queue<const char*>* args, int* out);
+  bool ParseInternal(std::queue<const char*>* args, bool* out);
+
+  const std::string name_;
+  const std::string type_;
+};
+
+// Template specializations for the concrete flag types.
+template <typename T>
+class ConfigEntry : public ConfigEntryBase {
+ public:
+  ConfigEntry(const std::string& name, T init)
+      : ConfigEntryBase(name, typeid(T).name()), value_(init) {}
+  T get() const { return value_; }
+
+  bool Parse(std::queue<const char*>* args) {
+    return ParseInternal(args, &value_);
+  }
+
+ private:
+  T value_;
+};
+
+// The overall configuration (I.e., the total set of flags).
+class Config {
+ public:
+  enum Status { kOK, kUnknownFlag, kMalformedArgument, kMissingValue };
+
+  Config() : entries_() {}
+
+  template <typename T>
+  void AddEntry(const std::string& name, T init) {
+    entries_[name] = new ConfigEntry<T>(name, init);
+  }
+
+  Status ParseArgs(int argc, char** argv);
+
+  template <typename T>
+  T get(const std::string& key) const {
+    auto e = entry(key);
+    assert(e->type() == typeid(T).name());
+    return static_cast<const ConfigEntry<T>*>(e)->get();
+  }
+
+ private:
+  static std::string XformFlag(const std::string& arg);
+
+  std::map<std::string, ConfigEntryBase*> entries_;
+
+  const ConfigEntryBase* entry(const std::string& key) const {
+    auto e = entries_.find(key);
+    if (e == entries_.end()) return nullptr;
+    return e->second;
+  }
+};
+
+#endif  // config_h_
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/config.json
@@ -0,0 +1,41 @@
+{
+    "DisabledTests": {
+        "*HelloRetryRequest*":"HRR hasn't landed yet",
+        "SecondClientHelloWrongCurve":"HRR hasn't landed yet",
+        "KeyUpdate":"KeyUpdate Unimplemented",
+        "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
+        "ClientAuth-SHA1-Fallback":"Disagreement about alerts. Bug 1294975",
+        "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
+        "*SignatureType-TLS13":"SignatureScheme patch",
+        "ECDSACurveMismatch-Verify-TLS13":"SignatureScheme patch",
+        "ServerAuth-NoFallback-TLS13":"PSS",
+        "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
+        "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
+        "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
+        "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
+        "*VersionTolerance":"BoGo expects us to negotiate 1.3 but we negotiate 1.2 because BoGo didn't send draft version",
+        "*SSL3*":"NSS disables SSLv3",
+        "*SSLv3*":"NSS disables SSLv3",
+        "*AES256*":"Inconsistent support for AES256",
+        "*AES128-SHA256*":"No support for Suite B ciphers",
+        "*CHACHA20-POLY1305-OLD*":"Old ChaCha/Poly",
+        "DuplicateExtension*":"NSS sends unexpected_extension alert",
+        "WeakDH":"NSS supports 768-bit DH",
+        "SillyDH":"NSS supports 4097-bit DH",
+        "SendWarningAlerts":"This appears to be Boring-specific",
+        "V2ClientHello-WarningAlertPrefix":"Bug 1292893",
+        "TLS12-AES128-GCM-client":"Bug 1292895",
+        "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895",
+        "Renegotiate-Client-Forbidden-1":"Bug 1292898",
+        "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default",
+        "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default",
+        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default"
+    },
+    "ErrorMap" : {
+        ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP"
+    }
+}
+
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/manifest.mn
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      config.cc \
+      nsskeys.cc \
+      nss_bogo_shim.cc \
+      $(NULL)
+
+REQUIRES = nspr nss libdbm
+
+PROGRAM = nss_bogo_shim
+#EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
+
+USE_STATIC_LIBS = 1
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
@@ -0,0 +1,314 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <iostream>
+#include <memory>
+#include "nspr.h"
+#include "nss.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "nsskeys.h"
+
+std::string FormatError(PRErrorCode code) {
+  return std::string(":") + PORT_ErrorToName(code) + ":" + ":" +
+         PORT_ErrorToString(code);
+}
+
+class TestAgent {
+ public:
+  TestAgent(const Config& cfg)
+      : cfg_(cfg),
+        pr_fd_(nullptr),
+        ssl_fd_(nullptr),
+        cert_(nullptr),
+        key_(nullptr) {}
+
+  ~TestAgent() {
+    if (pr_fd_) {
+      PR_Close(pr_fd_);
+    }
+
+    if (ssl_fd_) {
+      PR_Close(ssl_fd_);
+    }
+
+    if (key_) {
+      SECKEY_DestroyPrivateKey(key_);
+    }
+
+    if (cert_) {
+      CERT_DestroyCertificate(cert_);
+    }
+  }
+
+  static std::unique_ptr<TestAgent> Create(const Config& cfg) {
+    std::unique_ptr<TestAgent> agent(new TestAgent(cfg));
+
+    if (!agent->Init()) return nullptr;
+
+    return agent;
+  }
+
+  bool Init() {
+    if (!ConnectTcp()) {
+      return false;
+    }
+
+    if (!SetupKeys()) {
+      std::cerr << "Couldn't set up keys/certs\n";
+      return false;
+    }
+
+    if (!SetupOptions()) {
+      std::cerr << "Couldn't configure socket\n";
+      return false;
+    }
+
+    SECStatus rv = SSL_ResetHandshake(ssl_fd_, cfg_.get<bool>("server"));
+    if (rv != SECSuccess) return false;
+
+    return true;
+  }
+
+  bool ConnectTcp() {
+    PRStatus prv;
+    PRNetAddr addr;
+
+    prv = PR_StringToNetAddr("127.0.0.1", &addr);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+    addr.inet.port = PR_htons(cfg_.get<int>("port"));
+
+    pr_fd_ = PR_OpenTCPSocket(addr.raw.family);
+    if (!pr_fd_) return false;
+
+    prv = PR_Connect(pr_fd_, &addr, PR_INTERVAL_NO_TIMEOUT);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+
+    ssl_fd_ = SSL_ImportFD(NULL, pr_fd_);
+    if (!ssl_fd_) return false;
+    pr_fd_ = nullptr;
+
+    return true;
+  }
+
+  bool SetupKeys() {
+    SECStatus rv;
+
+    if (cfg_.get<std::string>("key-file") != "") {
+      key_ = ReadPrivateKey(cfg_.get<std::string>("key-file"));
+      if (!key_) exit(89);  // Temporary to handle our inability to handle ECDSA
+    }
+    if (cfg_.get<std::string>("cert-file") != "") {
+      cert_ = ReadCertificate(cfg_.get<std::string>("cert-file"));
+      if (!cert_) return false;
+    }
+    if (cfg_.get<bool>("server")) {
+      // Server
+      rv = SSL_ConfigServerCert(ssl_fd_, cert_, key_, nullptr, 0);
+      if (rv != SECSuccess) {
+        std::cerr << "Couldn't configure server cert\n";
+        return false;
+      }
+      rv = SSL_ConfigServerSessionIDCache(1024, 0, 0, ".");
+      if (rv != SECSuccess) {
+        std::cerr << "Couldn't configure session cache\n";
+        return false;
+      }
+    } else {
+      // Client.
+
+      // Needed because server certs are not entirely valid.
+      rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, this);
+      if (rv != SECSuccess) return false;
+
+      if (key_ && cert_) {
+        rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, this);
+        if (rv != SECSuccess) return false;
+      }
+    }
+
+    return true;
+  }
+
+  bool SetupOptions() {
+    SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    SSLVersionRange vrange = {SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_3};
+    rv = SSL_VersionRangeSet(ssl_fd_, &vrange);
+    if (rv != SECSuccess) return false;
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE, false);
+    if (rv != SECSuccess) return false;
+
+    if (!cfg_.get<bool>("server")) {
+      // Needed to make resumption work.
+      rv = SSL_SetURL(ssl_fd_, "server");
+      if (rv != SECSuccess) return false;
+    }
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    if (!EnableNonExportCiphers()) return false;
+
+    return true;
+  }
+
+  bool EnableNonExportCiphers() {
+    for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+      SSLCipherSuiteInfo csinfo;
+
+      SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                            sizeof(csinfo));
+      if (rv != SECSuccess) return false;
+      if (!csinfo.isExportable) {
+        rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
+        if (rv != SECSuccess) {
+          return false;
+        }
+      }
+    }
+    return true;
+  }
+
+  // Dummy auth certificate hook.
+  static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    return SECSuccess;
+  }
+
+  static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                         CERTDistNames* caNames,
+                                         CERTCertificate** cert,
+                                         SECKEYPrivateKey** privKey) {
+    TestAgent* a = static_cast<TestAgent*>(self);
+    *cert = CERT_DupCertificate(a->cert_);
+    *privKey = SECKEY_CopyPrivateKey(a->key_);
+    return SECSuccess;
+  }
+
+  SECStatus Handshake() { return SSL_ForceHandshake(ssl_fd_); }
+
+  // Implement a trivial echo client/server. Read bytes from the other side,
+  // flip all the bits, and send them back.
+  SECStatus ReadWrite() {
+    for (;;) {
+      uint8_t block[512];
+      int32_t rv = PR_Read(ssl_fd_, block, sizeof(block));
+      if (rv < 0) {
+        std::cerr << "Failure reading\n";
+        return SECFailure;
+      }
+      if (rv == 0) return SECSuccess;
+
+      int32_t len = rv;
+      for (int32_t i = 0; i < len; ++i) {
+        block[i] ^= 0xff;
+      }
+
+      rv = PR_Write(ssl_fd_, block, len);
+      if (rv != len) {
+        std::cerr << "Write failure\n";
+        return SECFailure;
+      }
+    }
+    return SECSuccess;
+  }
+
+  SECStatus DoExchange() {
+    SECStatus rv = Handshake();
+    if (rv != SECSuccess) {
+      PRErrorCode err = PR_GetError();
+      std::cerr << "Handshake failed with error=" << err << FormatError(err)
+                << std::endl;
+      return SECFailure;
+    }
+
+    rv = ReadWrite();
+    if (rv != SECSuccess) {
+      PRErrorCode err = PR_GetError();
+      std::cerr << "ReadWrite failed with error=" << FormatError(err)
+                << std::endl;
+      return SECFailure;
+    }
+
+    return SECSuccess;
+  }
+
+ private:
+  const Config& cfg_;
+  PRFileDesc* pr_fd_;
+  PRFileDesc* ssl_fd_;
+  CERTCertificate* cert_;
+  SECKEYPrivateKey* key_;
+};
+
+std::unique_ptr<const Config> ReadConfig(int argc, char** argv) {
+  std::unique_ptr<Config> cfg(new Config());
+
+  cfg->AddEntry<int>("port", 0);
+  cfg->AddEntry<bool>("server", false);
+  cfg->AddEntry<bool>("resume", false);
+  cfg->AddEntry<std::string>("key-file", "");
+  cfg->AddEntry<std::string>("cert-file", "");
+
+  auto rv = cfg->ParseArgs(argc, argv);
+  switch (rv) {
+    case Config::kOK:
+      break;
+    case Config::kUnknownFlag:
+      exit(89);
+      break;
+    default:
+      exit(1);
+  }
+
+  // Needed to change to std::unique_ptr<const Config>
+  return std::move(cfg);
+}
+
+void RunCycle(std::unique_ptr<const Config>& cfg) {
+  std::unique_ptr<TestAgent> agent(TestAgent::Create(*cfg));
+  if (!agent) {
+    exit(1);
+  }
+
+  SECStatus rv = agent->DoExchange();
+  if (rv) {
+    exit(1);
+  }
+}
+
+int main(int argc, char** argv) {
+  std::unique_ptr<const Config> cfg = ReadConfig(argc, argv);
+
+  SECStatus rv = NSS_NoDB_Init(nullptr);
+  if (rv != SECSuccess) return 1;
+  rv = NSS_SetDomesticPolicy();
+  if (rv != SECSuccess) return 1;
+
+  // Run a single test cycle.
+  RunCycle(cfg);
+
+  if (cfg->get<bool>("resume")) {
+    std::cout << "Resuming" << std::endl;
+    RunCycle(cfg);
+  }
+
+  exit(0);
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/nsskeys.cc
@@ -0,0 +1,84 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsskeys.h"
+
+#include <cstring>
+
+#include <fstream>
+#include <iostream>
+#include <string>
+
+#include "cert.h"
+#include "keyhi.h"
+#include "nspr.h"
+#include "nss.h"
+#include "nssb64.h"
+#include "pk11pub.h"
+
+const std::string kPEMBegin = "-----BEGIN ";
+const std::string kPEMEnd = "-----END ";
+
+// Read a PEM file, base64 decode it, and return the result.
+static bool ReadPEMFile(const std::string& filename, SECItem* item) {
+  std::ifstream in(filename);
+  if (in.bad()) return false;
+
+  char buf[1024];
+  in.getline(buf, sizeof(buf));
+  if (in.bad()) return false;
+
+  if (strncmp(buf, kPEMBegin.c_str(), kPEMBegin.size())) return false;
+
+  std::string value = "";
+  for (;;) {
+    in.getline(buf, sizeof(buf));
+    if (in.bad()) return false;
+
+    if (!strncmp(buf, kPEMEnd.c_str(), kPEMEnd.size())) break;
+
+    value += buf;
+  }
+
+  // Now we have a base64-encoded block.
+  if (!NSSBase64_DecodeBuffer(nullptr, item, value.c_str(), value.size()))
+    return false;
+
+  return true;
+}
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+  SECKEYPrivateKey* privkey = NULL;
+  PK11SlotInfo* slot = PK11_GetInternalSlot();
+  SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+      slot, &item, nullptr, nullptr, PR_FALSE, PR_FALSE,
+      KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE,
+      &privkey, nullptr);
+  PK11_FreeSlot(slot);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  if (rv != SECSuccess) {
+    // This is probably due to this being an ECDSA key (Bug 1295121).
+    std::cerr << "Couldn't import key " << PORT_ErrorToString(PORT_GetError())
+              << "\n";
+    return nullptr;
+  }
+
+  return privkey;
+}
+
+CERTCertificate* ReadCertificate(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+
+  CERTCertificate* cert = CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &item, NULL, PR_FALSE, PR_TRUE);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  return cert;
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/nsskeys.h
@@ -0,0 +1,20 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Utilities to pull in OpenSSL-formatted keys.
+
+#ifndef nsskeys_h_
+#define nsskeys_h_
+
+#include "cert.h"
+#include "keyhi.h"
+
+#include <string>
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file);
+CERTCertificate* ReadCertificate(const std::string& file);
+
+#endif
--- a/security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
@@ -1,128 +1,103 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 // Test vectors from https://tools.ietf.org/html/rfc3394#section-4.1 to 4.6
-unsigned char kKEK1[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
+unsigned char kKEK1[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
 
-unsigned char kKD1[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
-};
+unsigned char kKD1[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
 
-unsigned char kC1[] = {
-  0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
-  0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
-  0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
-};
+unsigned char kC1[] = {0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
+                       0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
+                       0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5};
 
-unsigned char kKEK2[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
-};
+unsigned char kKEK2[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17};
 
-unsigned char kC2[] = {
-  0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
-  0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
-  0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
-};
+unsigned char kC2[] = {0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
+                       0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
+                       0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D};
 
-unsigned char kKEK3[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
-};
+unsigned char kKEK3[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                         0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
 
-unsigned char kC3[] = {
-  0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
-  0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
-  0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
-};
+unsigned char kC3[] = {0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
+                       0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
+                       0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7};
 
-unsigned char kKD4[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
-};
+unsigned char kKD4[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
 
-unsigned char kC4[] = {
-  0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
-  0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
-  0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
-  0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
-};
+unsigned char kC4[] = {0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
+                       0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
+                       0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
+                       0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2};
 
-unsigned char kC5[] = {
-  0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
-  0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
-  0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
-  0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
-};
+unsigned char kC5[] = {0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
+                       0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
+                       0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
+                       0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1};
 
-unsigned char kKD6[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
+unsigned char kKD6[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
 
-unsigned char kC6[] = {
-  0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
-  0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
-  0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
-  0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
-  0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
-};
+unsigned char kC6[] = {0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
+                       0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
+                       0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
+                       0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
+                       0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21};
 
 class Pkcs11AESKeyWrapTest : public ::testing::Test {
  protected:
   CK_MECHANISM_TYPE mechanism = CKM_NSS_AES_KEY_WRAP;
 
-  void
-  WrapUnwrap(unsigned char* kek, unsigned int kekLen, unsigned char* keyData,
-             unsigned int keyDataLen, unsigned char* expectedCiphertext)
-  {
+  void WrapUnwrap(unsigned char* kek, unsigned int kekLen,
+                  unsigned char* keyData, unsigned int keyDataLen,
+                  unsigned char* expectedCiphertext) {
     unsigned char wrappedKey[40];
     unsigned int wrappedKeyLen;
     unsigned char unwrappedKey[40];
     unsigned int unwrappedKeyLen = 0;
     SECStatus rv;
 
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     ASSERT_NE(nullptr, slot);
 
     // Import encryption key.
-    SECItem keyItem = { siBuffer, kek, kekLen };
-    ScopedPK11SymKey encryptionKey(PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP,
-                                                     PK11_OriginUnwrap, CKA_ENCRYPT,
-                                                     &keyItem, nullptr));
+    SECItem keyItem = {siBuffer, kek, kekLen};
+    ScopedPK11SymKey encryptionKey(
+        PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP, PK11_OriginUnwrap,
+                          CKA_ENCRYPT, &keyItem, nullptr));
     EXPECT_TRUE(!!encryptionKey);
 
     // Wrap key
     rv = PK11_Encrypt(encryptionKey.get(), mechanism, nullptr /* param */,
-                      wrappedKey, &wrappedKeyLen, sizeof(wrappedKey),
-                      keyData, keyDataLen);
+                      wrappedKey, &wrappedKeyLen, sizeof(wrappedKey), keyData,
+                      keyDataLen);
     EXPECT_EQ(rv, SECSuccess) << "CKM_NSS_AES_KEY_WRAP encrypt failed";
     EXPECT_TRUE(!memcmp(expectedCiphertext, wrappedKey, wrappedKeyLen));
 
     // Unwrap key
     rv = PK11_Decrypt(encryptionKey.get(), mechanism, nullptr /* param */,
                       unwrappedKey, &unwrappedKeyLen, sizeof(unwrappedKey),
                       wrappedKey, wrappedKeyLen);
     EXPECT_EQ(rv, SECSuccess) << " CKM_NSS_AES_KEY_WRAP decrypt failed\n";
--- a/security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -1,140 +1,134 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
 #include "sechash.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 // ChaCha20/Poly1305 Test Vector 1, RFC 7539
 // <http://tools.ietf.org/html/rfc7539#section-2.8.2>
 const uint8_t kTestVector1Data[] = {
-  0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65,
-  0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68,
-  0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39,
-  0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, 0x6f, 0x75, 0x6c, 0x64,
-  0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, 0x6e,
-  0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f,
-  0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c,
-  0x20, 0x73, 0x75, 0x6e, 0x73, 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
-  0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e
-};
-const uint8_t kTestVector1AAD[] = {
-  0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7
-};
+    0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
+    0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+    0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
+    0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+    0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+    0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+    0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
+    0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+    0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+    0x62, 0x65, 0x20, 0x69, 0x74, 0x2e};
+const uint8_t kTestVector1AAD[] = {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1,
+                                   0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7};
 const uint8_t kTestVector1Key[] = {
-  0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c,
-  0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99,
-  0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
-};
-const uint8_t kTestVector1IV[] = {
-  0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47
-};
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+    0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+    0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f};
+const uint8_t kTestVector1IV[] = {0x07, 0x00, 0x00, 0x00, 0x40, 0x41,
+                                  0x42, 0x43, 0x44, 0x45, 0x46, 0x47};
 const uint8_t kTestVector1CT[] = {
-  0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53,
-  0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, 0xa9, 0xe2,
-  0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67,
-  0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, 0x1a, 0x71, 0xde, 0x0a,
-  0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, 0x92,
-  0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09,
-  0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80,
-  0x8b, 0x48, 0x31, 0xd7, 0xbc, 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
-  0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b,
-  0x59, 0x4f, 0x09, 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
-};
+    0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
+    0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+    0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
+    0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+    0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
+    0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+    0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
+    0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+    0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
+    0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+    0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91};
 
 // ChaCha20/Poly1305 Test Vector 2, RFC 7539
 // <http://tools.ietf.org/html/rfc7539#appendix-A.5>
 const uint8_t kTestVector2Data[] = {
-  0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, 0x66,
-  0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, 0x74, 0x20,
-  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c,
-  0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, 0x6d, 0x61, 0x78, 0x69,
-  0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d, 0x6f,
-  0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20,
-  0x62, 0x65, 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72,
-  0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
-  0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f,
-  0x74, 0x68, 0x65, 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
-  0x73, 0x20, 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65,
-  0x2e, 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
-  0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x75,
-  0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44,
-  0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, 0x65, 0x66, 0x65,
-  0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
-  0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, 0x63, 0x69, 0x74, 0x65, 0x20,
-  0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, 0x74, 0x68,
-  0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72,
-  0x6b, 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73,
-  0x2e, 0x2f, 0xe2, 0x80, 0x9d
-};
-const uint8_t kTestVector2AAD[] = {
-  0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91
-};
+    0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
+    0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
+    0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
+    0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73,
+    0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
+    0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64,
+    0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
+    0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c,
+    0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
+    0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
+    0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
+    0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
+    0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
+    0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
+    0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74,
+    0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
+    0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74,
+    0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
+    0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20,
+    0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
+    0x9d};
+const uint8_t kTestVector2AAD[] = {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00,
+                                   0x00, 0x00, 0x00, 0x00, 0x4e, 0x91};
 const uint8_t kTestVector2Key[] = {
-  0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88, 0x86, 0x04,
-  0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, 0x9d, 0xca,
-  0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
-};
-const uint8_t kTestVector2IV[] = {
-  0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
-};
+    0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88,
+    0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b,
+    0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0};
+const uint8_t kTestVector2IV[] = {0x00, 0x00, 0x00, 0x00, 0x01, 0x02,
+                                  0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
 const uint8_t kTestVector2CT[] = {
-  0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7, 0x9b,
-  0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, 0xf1, 0x08,
-  0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43,
-  0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, 0xbd, 0xb7, 0xb7, 0x3c,
-  0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf, 0x33,
-  0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b,
-  0x94, 0x81, 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82,
-  0xb1, 0xff, 0x37, 0xc8, 0x55, 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
-  0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a,
-  0x7c, 0x02, 0xb0, 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16,
-  0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4,
-  0xe9, 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
-  0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, 0x5b,
-  0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56,
-  0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, 0x0b, 0xb2, 0x31,
-  0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
-  0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, 0x73, 0xa6, 0x72, 0x76, 0x27,
-  0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68,
-  0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04,
-  0xdf, 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4,
-  0x02, 0x2b, 0x02, 0x70, 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
-  0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
-};
+    0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7,
+    0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
+    0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18,
+    0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
+    0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f,
+    0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
+    0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e,
+    0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
+    0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e,
+    0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
+    0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76,
+    0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
+    0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
+    0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
+    0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04,
+    0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
+    0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6,
+    0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
+    0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9,
+    0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
+    0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d,
+    0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
+    0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36,
+    0xfe, 0xa1, 0x85, 0x1f, 0x38};
 
 class Pkcs11ChaCha20Poly1305Test : public ::testing::Test {
  public:
-  void EncryptDecrypt(PK11SymKey* symKey,
-                      const uint8_t* data, size_t data_len,
-                      const uint8_t* aad, size_t aad_len,
-                      const uint8_t* iv, size_t iv_len,
-                      const uint8_t* ct = nullptr, size_t ct_len = 0)
-  {
+  void EncryptDecrypt(PK11SymKey* symKey, const uint8_t* data, size_t data_len,
+                      const uint8_t* aad, size_t aad_len, const uint8_t* iv,
+                      size_t iv_len, const uint8_t* ct = nullptr,
+                      size_t ct_len = 0) {
     // Prepare AEAD params.
     CK_NSS_AEAD_PARAMS aead_params;
     aead_params.pNonce = toUcharPtr(iv);
     aead_params.ulNonceLen = iv_len;
     aead_params.pAAD = toUcharPtr(aad);
     aead_params.ulAADLen = aad_len;
     aead_params.ulTagLen = 16;
 
-    SECItem params = { siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
-                       sizeof(aead_params) };
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                      sizeof(aead_params)};
 
     // Encrypt.
     unsigned int outputLen = 0;
     std::vector<uint8_t> output(data_len + aead_params.ulTagLen);
     SECStatus rv = PK11_Encrypt(symKey, mech, &params, &output[0], &outputLen,
                                 output.size(), data, data_len);
     EXPECT_EQ(rv, SECSuccess);
 
@@ -197,52 +191,45 @@ class Pkcs11ChaCha20Poly1305Test : publi
       bogusAAD[0] ^= 0xff;
 
       rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
                         &decryptedLen, data_len, &output[0], outputLen);
       EXPECT_NE(rv, SECSuccess);
     }
   }
 
-  void EncryptDecrypt(const uint8_t* key, size_t key_len,
-                      const uint8_t* data, size_t data_len,
-                      const uint8_t* aad, size_t aad_len,
-                      const uint8_t* iv, size_t iv_len,
-                      const uint8_t* ct, size_t ct_len)
-  {
+  void EncryptDecrypt(const uint8_t* key, size_t key_len, const uint8_t* data,
+                      size_t data_len, const uint8_t* aad, size_t aad_len,
+                      const uint8_t* iv, size_t iv_len, const uint8_t* ct,
+                      size_t ct_len) {
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
-    SECItem keyItem = { siBuffer, toUcharPtr(key),
-                        static_cast<unsigned int>(key_len) };
+    SECItem keyItem = {siBuffer, toUcharPtr(key),
+                       static_cast<unsigned int>(key_len)};
 
     // Import key.
-    ScopedPK11SymKey symKey(PK11_ImportSymKey(slot.get(), mech,
-                                              PK11_OriginUnwrap, CKA_ENCRYPT,
-                                              &keyItem, nullptr));
+    ScopedPK11SymKey symKey(PK11_ImportSymKey(
+        slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
     EXPECT_TRUE(!!symKey);
 
     // Check.
     EncryptDecrypt(symKey.get(), data, data_len, aad, aad_len, iv, iv_len, ct,
                    ct_len);
   }
 
  protected:
   CK_MECHANISM_TYPE mech = CKM_NSS_CHACHA20_POLY1305;
 
   unsigned char* toUcharPtr(const uint8_t* v) {
-    return const_cast<unsigned char*>(
-      static_cast<const unsigned char*>(v));
+    return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
   }
 };
 
-#define ENCRYPT_DECRYPT(v) \
-  EncryptDecrypt(v ## Key, sizeof(v ## Key), \
-                 v ## Data, sizeof(v ## Data), \
-                 v ## AAD, sizeof(v ## AAD), \
-                 v ## IV, sizeof(v ## IV), \
-                 v ## CT, sizeof(v ## CT));
+#define ENCRYPT_DECRYPT(v)                                                 \
+  EncryptDecrypt(v##Key, sizeof(v##Key), v##Data, sizeof(v##Data), v##AAD, \
+                 sizeof(v##AAD), v##IV, sizeof(v##IV), v##CT, sizeof(v##CT));
 
 TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) {
   // Generate a random key.
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   ScopedPK11SymKey symKey(PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr));
   EXPECT_TRUE(!!symKey);
 
   // Generate random data.
@@ -269,9 +256,8 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, Check
   ENCRYPT_DECRYPT(kTestVector1);
 }
 
 TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector2) {
   ENCRYPT_DECRYPT(kTestVector2);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
@@ -1,32 +1,31 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 static unsigned char* ToUcharPtr(std::string& str) {
   return const_cast<unsigned char*>(
-    reinterpret_cast<const unsigned char*>(str.c_str()));
+      reinterpret_cast<const unsigned char*>(str.c_str()));
 }
 
 class Pkcs11Pbkdf2Test : public ::testing::Test {
  public:
-  void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg)
-  {
+  void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg) {
     // Shared between test vectors.
     const unsigned int iterations = 4096;
     std::string pass("passwordPASSWORDpassword");
     std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
 
     // Derivation must succeed with the right values.
     EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations));
 
@@ -44,57 +43,54 @@ class Pkcs11Pbkdf2Test : public ::testin
 
     // Derivation must fail when using the wrong number of iterations.
     EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1));
   }
 
  private:
   bool DeriveBytes(std::string& pass, std::string& salt,
                    std::vector<uint8_t>& derived, SECOidTag hash_alg,
-                   unsigned int iterations)
-  {
-    SECItem passItem = { siBuffer, ToUcharPtr(pass),
-                         static_cast<unsigned int>(pass.length()) };
-    SECItem saltItem = { siBuffer, ToUcharPtr(salt),
-                         static_cast<unsigned int>(salt.length()) };
+                   unsigned int iterations) {
+    SECItem passItem = {siBuffer, ToUcharPtr(pass),
+                        static_cast<unsigned int>(pass.length())};
+    SECItem saltItem = {siBuffer, ToUcharPtr(salt),
+                        static_cast<unsigned int>(salt.length())};
 
     // Set up PBKDF2 params.
     ScopedSECAlgorithmID alg_id(
-      PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
-                                  derived.size(), iterations, &saltItem));
+        PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
+                                    derived.size(), iterations, &saltItem));
 
     // Derive.
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     ScopedPK11SymKey symKey(
-      PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
+        PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
 
     SECStatus rv = PK11_ExtractKeyValue(symKey.get());
     EXPECT_EQ(rv, SECSuccess);
 
     SECItem* keyData = PK11_GetKeyData(symKey.get());
     return !memcmp(&derived[0], keyData->data, keyData->len);
   }
 };
 
 // RFC 6070 <http://tools.ietf.org/html/rfc6070>
 TEST_F(Pkcs11Pbkdf2Test, DeriveKnown1) {
-  std::vector<uint8_t> derived = {
-    0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 0x80, 0xc8, 0xd8, 0x36,
-    0x62, 0xc0, 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 0x38
-  };
+  std::vector<uint8_t> derived = {0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84,
+                                  0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0,
+                                  0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c,
+                                  0xf2, 0xf0, 0x70, 0x38};
 
   Derive(derived, SEC_OID_HMAC_SHA1);
 }
 
 // https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
 TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) {
   std::vector<uint8_t> derived = {
-    0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8,
-    0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
-    0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, 0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c,
-    0x7d, 0xac, 0x47, 0xe9
-  };
+      0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8,
+      0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e,
+      0xbc, 0x18, 0x00, 0x18, 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd,
+      0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9};
 
   Derive(derived, SEC_OID_HMAC_SHA256);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
@@ -1,200 +1,189 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 
 namespace nss_test {
 
 const size_t kPmsSize = 48;
 const size_t kMasterSecretSize = 48;
 const size_t kPrfSeedSizeSha256 = 32;
 const size_t kPrfSeedSizeTlsPrf = 36;
 
 // This is not the right size for anything
 const size_t kIncorrectSize = 17;
 
 const uint8_t kPmsData[] = {
-  0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
-  0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
-  0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
-  0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
-  0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,
-  0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f
-};
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
 
 const uint8_t kPrfSeed[] = {
-  0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
-  0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
-  0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,
-  0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,
-  0xd0,0xd1,0xd2,0xd3
-};
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3};
 
 const uint8_t kExpectedOutputEmsSha256[] = {
-  0x75,0xa7,0xa5,0x98,0xef,0xab,0x90,0xe7,
-  0x7c,0x67,0x80,0xde,0xab,0x3a,0x11,0xf3,
-  0x5d,0xb2,0xf8,0x47,0xff,0x09,0x01,0xec,
-  0xf8,0x93,0x89,0xfc,0x98,0x2e,0x6e,0xf9,
-  0x2c,0xf5,0x9b,0x04,0x04,0x6f,0xd7,0x28,
-  0x6e,0xea,0xe3,0x83,0xc4,0x4a,0xff,0x03
-};
+    0x75, 0xa7, 0xa5, 0x98, 0xef, 0xab, 0x90, 0xe7, 0x7c, 0x67, 0x80, 0xde,
+    0xab, 0x3a, 0x11, 0xf3, 0x5d, 0xb2, 0xf8, 0x47, 0xff, 0x09, 0x01, 0xec,
+    0xf8, 0x93, 0x89, 0xfc, 0x98, 0x2e, 0x6e, 0xf9, 0x2c, 0xf5, 0x9b, 0x04,
+    0x04, 0x6f, 0xd7, 0x28, 0x6e, 0xea, 0xe3, 0x83, 0xc4, 0x4a, 0xff, 0x03};
 
 const uint8_t kExpectedOutputEmsTlsPrf[] = {
-  0x06,0xbf,0x29,0x86,0x5d,0xf3,0x3e,0x38,
-  0xfd,0xfa,0x91,0x10,0x2a,0x20,0xff,0xd6,
-  0xb9,0xd5,0x72,0x5a,0x6d,0x42,0x20,0x16,
-  0xde,0xa4,0xa0,0x51,0xe5,0x53,0xc1,0x28,
-  0x04,0x99,0xbc,0xb1,0x2c,0x9d,0xe8,0x0b,
-  0x18,0xa2,0x0e,0x48,0x52,0x8d,0x61,0x13
-};
+    0x06, 0xbf, 0x29, 0x86, 0x5d, 0xf3, 0x3e, 0x38, 0xfd, 0xfa, 0x91, 0x10,
+    0x2a, 0x20, 0xff, 0xd6, 0xb9, 0xd5, 0x72, 0x5a, 0x6d, 0x42, 0x20, 0x16,
+    0xde, 0xa4, 0xa0, 0x51, 0xe5, 0x53, 0xc1, 0x28, 0x04, 0x99, 0xbc, 0xb1,
+    0x2c, 0x9d, 0xe8, 0x0b, 0x18, 0xa2, 0x0e, 0x48, 0x52, 0x8d, 0x61, 0x13};
 
 static unsigned char* toUcharPtr(const uint8_t* v) {
-  return const_cast<unsigned char*>(
-    static_cast<const unsigned char *>(v));
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
 }
 
 class TlsPrfTest : public ::testing::Test {
  public:
   TlsPrfTest()
-    : params_({siBuffer, nullptr, 0})
-    , pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize})
-    , key_mech_(0)
-    , slot_(nullptr)
-    , pms_(nullptr)
-    , ms_(nullptr)
-    , pms_version_({0, 0}) {}
+      : params_({siBuffer, nullptr, 0}),
+        pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize}),
+        key_mech_(0),
+        slot_(nullptr),
+        pms_(nullptr),
+        ms_(nullptr),
+        pms_version_({0, 0}) {}
 
   ~TlsPrfTest() {
-    if (slot_) { PK11_FreeSlot(slot_); }
+    if (slot_) {
+      PK11_FreeSlot(slot_);
+    }
     ClearTempVars();
   }
 
   void ClearTempVars() {
-    if (pms_) { PK11_FreeSymKey(pms_); }
-    if (ms_)  { PK11_FreeSymKey(ms_);  }
+    if (pms_) {
+      PK11_FreeSymKey(pms_);
+    }
+    if (ms_) {
+      PK11_FreeSymKey(ms_);
+    }
   }
 
   void Init() {
     params_.type = siBuffer;
 
     pms_item_.type = siBuffer;
-    pms_item_.data = const_cast<unsigned char*>(
-                        static_cast<const unsigned char *>(kPmsData));
+    pms_item_.data =
+        const_cast<unsigned char*>(static_cast<const unsigned char*>(kPmsData));
 
     slot_ = PK11_GetInternalSlot();
     ASSERT_NE(nullptr, slot_);
   }
 
-  void CheckForError(CK_MECHANISM_TYPE hash_mech,
-                     size_t seed_len,
-                     size_t pms_len,
-                     size_t output_len) {
+  void CheckForError(CK_MECHANISM_TYPE hash_mech, size_t seed_len,
+                     size_t pms_len, size_t output_len) {
     // Error tests don't depend on the derivation mechansim
-    Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech,
-          seed_len, pms_len, output_len, nullptr, nullptr);
+    Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech, seed_len, pms_len,
+          output_len, nullptr, nullptr);
   }
 
   void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech,
-                          CK_MECHANISM_TYPE hash_mech,
-                          CK_VERSION* version,
+                          CK_MECHANISM_TYPE hash_mech, CK_VERSION* version,
                           const uint8_t* expected) {
     // Infer seed length from mechanism
     int seed_len = 0;
     switch (hash_mech) {
-      case CKM_TLS_PRF: seed_len = kPrfSeedSizeTlsPrf; break;
-      case CKM_SHA256:  seed_len = kPrfSeedSizeSha256; break;
-      default:          ASSERT_TRUE(false);
+      case CKM_TLS_PRF:
+        seed_len = kPrfSeedSizeTlsPrf;
+        break;
+      case CKM_SHA256:
+        seed_len = kPrfSeedSizeSha256;
+        break;
+      default:
+        ASSERT_TRUE(false);
     }
 
-    Inner(derive_mech, hash_mech, seed_len,
-          kPmsSize, 0, version, expected);
+    Inner(derive_mech, hash_mech, seed_len, kPmsSize, 0, version, expected);
   }
 
-
   // Set output == nullptr to test when errors occur
-  void Inner(
-      CK_MECHANISM_TYPE derive_mech,
-      CK_MECHANISM_TYPE hash_mech,
-      size_t seed_len,
-      size_t pms_len,
-      size_t output_len,
-      CK_VERSION* version,
-      const uint8_t* expected) {
+  void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech,
+             size_t seed_len, size_t pms_len, size_t output_len,
+             CK_VERSION* version, const uint8_t* expected) {
     ClearTempVars();
 
     // Infer the key mechanism from the hash type
     switch (hash_mech) {
-      case CKM_TLS_PRF: key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE; break;
-      case CKM_SHA256:  key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; break;
-      default:          ASSERT_TRUE(false);
+      case CKM_TLS_PRF:
+        key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE;
+        break;
+      case CKM_SHA256:
+        key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+        break;
+      default:
+        ASSERT_TRUE(false);
     }
 
     // Import the params
     CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = {
-      hash_mech,
-      toUcharPtr(kPrfSeed),
-      static_cast<CK_ULONG>(seed_len),
-      version
-    };
+        hash_mech, toUcharPtr(kPrfSeed), static_cast<CK_ULONG>(seed_len),
+        version};
     params_.data = reinterpret_cast<unsigned char*>(&master_params);
     params_.len = sizeof(master_params);
 
     // Import the PMS
     pms_item_.len = pms_len;
-    pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap,
-                            CKA_DERIVE, &pms_item_, NULL);
+    pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, CKA_DERIVE,
+                             &pms_item_, NULL);
     ASSERT_NE(nullptr, pms_);
 
-
     // Compute the EMS
     ms_ = PK11_DeriveWithFlags(pms_, derive_mech, &params_, key_mech_,
-        CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
+                               CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
 
     // Verify the EMS has the expected value (null or otherwise)
     if (!expected) {
       EXPECT_EQ(nullptr, ms_);
     } else {
       ASSERT_NE(nullptr, ms_);
 
       SECStatus rv = PK11_ExtractKeyValue(ms_);
       ASSERT_EQ(SECSuccess, rv);
 
-      SECItem *msData = PK11_GetKeyData(ms_);
+      SECItem* msData = PK11_GetKeyData(ms_);
       ASSERT_NE(nullptr, msData);
 
       ASSERT_EQ(kMasterSecretSize, msData->len);
-      EXPECT_EQ(0,
-                memcmp(msData->data, expected, kMasterSecretSize));
+      EXPECT_EQ(0, memcmp(msData->data, expected, kMasterSecretSize));
     }
   }
 
  protected:
   SECItem params_;
   SECItem pms_item_;
   CK_MECHANISM_TYPE key_mech_;
-  PK11SlotInfo *slot_;
-  PK11SymKey *pms_;
-  PK11SymKey *ms_;
+  PK11SlotInfo* slot_;
+  PK11SymKey* pms_;
+  PK11SymKey* ms_;
   CK_VERSION pms_version_;
 };
 
 TEST_F(TlsPrfTest, ExtendedMsParamErr) {
   Init();
 
   // This should fail; it's the correct set from which the below are derived
-  // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, 0);
+  // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+  // kPrfSeedSizeTlsPrf, kPmsSize, 0);
 
   // Output key size != 0, SSL3_MASTER_SECRET_LENGTH
   CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize);
 
   // not-DH && pms size != SSL3_PMS_LENGTH
   CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
 
   // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
@@ -206,45 +195,35 @@ TEST_F(TlsPrfTest, ExtendedMsParamErr) {
 
 // Test matrix:
 //
 //            DH  RSA
 //  TLS_PRF   1   2
 //  SHA256    3   4
 TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
-                     CKM_TLS_PRF,
-                     nullptr,
-                     kExpectedOutputEmsTlsPrf);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_TLS_PRF,
+                     nullptr, kExpectedOutputEmsTlsPrf);
 }
 
 TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
-                     CKM_TLS_PRF,
-                     &pms_version_,
-                     kExpectedOutputEmsTlsPrf);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+                     &pms_version_, kExpectedOutputEmsTlsPrf);
   EXPECT_EQ(0, pms_version_.major);
   EXPECT_EQ(1, pms_version_.minor);
 }
 
-
 TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
-                     CKM_SHA256,
-                     nullptr,
-                     kExpectedOutputEmsSha256);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_SHA256,
+                     nullptr, kExpectedOutputEmsSha256);
 }
 
 TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
-                     CKM_SHA256,
-                     &pms_version_,
-                     kExpectedOutputEmsSha256);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_SHA256,
+                     &pms_version_, kExpectedOutputEmsSha256);
   EXPECT_EQ(0, pms_version_.major);
   EXPECT_EQ(1, pms_version_.minor);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -1,215 +1,212 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
 #include "sechash.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 // RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
 const uint8_t kTestVector1Spki[] = {
-  0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-  0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
-  0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
-  0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52,
-  0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56,
-  0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94,
-  0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0,
-  0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5,
-  0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70,
-  0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0,
-  0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22,
-  0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
-  0x37, 0x02, 0x03, 0x01, 0x00, 0x01
-};
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17,
+    0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec,
+    0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9,
+    0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2,
+    0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91,
+    0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95,
+    0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63,
+    0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e,
+    0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35,
+    0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1,
+    0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
+    0x37, 0x02, 0x03, 0x01, 0x00, 0x01};
 // RSA-PSS test vectors, pss-vect.txt, Example 1.1
 const uint8_t kTestVector1Data[] = {
-  0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb, 0xbc,
-  0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54, 0x75, 0xcc,
-  0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c, 0xe2, 0x39, 0x2e,
-  0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15, 0x6a, 0x0d, 0x8d, 0x52,
-  0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09, 0x57, 0x86, 0xcb, 0x76, 0x97,
-  0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe, 0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5,
-  0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2, 0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67,
-  0x69, 0x3f, 0x90, 0xdf, 0xb0, 0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44,
-  0x72, 0xc0, 0x0e, 0x5f, 0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06,
-  0xce, 0x78, 0xe0, 0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0,
-  0x31, 0x7e, 0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38,
-  0x08, 0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
-  0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41, 0x62,
-  0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9, 0xea, 0x8f,
-  0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16, 0xbe, 0x02, 0x54,
-  0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26, 0x76, 0xe0, 0x8a, 0xed,
-  0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67, 0xd0
-};
+    0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb,
+    0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54,
+    0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c,
+    0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15,
+    0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09,
+    0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe,
+    0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2,
+    0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0,
+    0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f,
+    0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0,
+    0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e,
+    0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08,
+    0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
+    0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41,
+    0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9,
+    0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16,
+    0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26,
+    0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67,
+    0xd0};
 const uint8_t kTestVector1Sig[] = {
-  0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38, 0x8e,
-  0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1, 0x85, 0xdf,
-  0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd, 0x44, 0xdc, 0x86,
-  0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2, 0x26, 0xf3, 0xec, 0x22,
-  0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31, 0xf5, 0x05, 0x12, 0x15, 0xdf,
-  0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa, 0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14,
-  0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4, 0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa,
-  0x35, 0x42, 0xff, 0xee, 0x65, 0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d,
-  0xeb, 0x27, 0xdc, 0xa1, 0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00,
-  0xf1, 0xff, 0x2b, 0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c
-};
+    0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38,
+    0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1,
+    0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd,
+    0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2,
+    0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31,
+    0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa,
+    0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4,
+    0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65,
+    0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1,
+    0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b,
+    0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c};
 
 // RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
 const uint8_t kTestVector2Spki[] = {
-  0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-  0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00, 0x30, 0x82,
-  0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a, 0xc4, 0xcb, 0x02,
-  0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70, 0xef, 0x99, 0x1c, 0x56,
-  0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa, 0x89, 0x37, 0xce, 0xa5, 0x7b,
-  0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00, 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22,
-  0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27, 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80,
-  0x90, 0xfe, 0xe2, 0xa7, 0xad, 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49,
-  0x97, 0xc7, 0xa4, 0x2d, 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f,
-  0xe5, 0x21, 0xc1, 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e,
-  0x4c, 0x7e, 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57,
-  0x7e, 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
-  0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc, 0x95,
-  0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79, 0x25, 0xfe,
-  0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea, 0x45, 0x49, 0xc5,
-  0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9, 0x1f, 0xff, 0x58, 0x73,
-  0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70, 0x5a, 0x33, 0xe3, 0x91, 0x90,
-  0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1, 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c,
-  0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17, 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d,
-  0xce, 0x09, 0xcb, 0x4a, 0xd0, 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98,
-  0xee, 0x27, 0xcf, 0x55, 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec,
-  0x8b, 0x17, 0x4b, 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21,
-  0xae, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01
-};
+    0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00,
+    0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a,
+    0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70,
+    0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa,
+    0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00,
+    0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27,
+    0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad,
+    0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d,
+    0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1,
+    0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e,
+    0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e,
+    0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
+    0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc,
+    0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79,
+    0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea,
+    0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9,
+    0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70,
+    0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1,
+    0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17,
+    0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0,
+    0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55,
+    0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b,
+    0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05,
+    0x02, 0x03, 0x01, 0x00, 0x01};
 // RSA-PSS test vectors, pss-vect.txt, Example 10.1
 const uint8_t kTestVector2Data[] = {
-  0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9, 0x68, 0x03, 0x27,
-  0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f, 0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a,
-  0x3a, 0xd6, 0x09
-};
+    0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9,
+    0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f,
+    0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09};
 const uint8_t kTestVector2Sig[] = {
-  0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b, 0x19,
-  0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f, 0xce, 0x54,
-  0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd, 0xfd, 0xac, 0xe1,
-  0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14, 0x8e, 0xba, 0xd7, 0xa0,
-  0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5, 0x72, 0x7d, 0x05, 0xf2, 0x1e,
-  0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20, 0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a,
-  0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6, 0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59,
-  0x61, 0xc8, 0xbf, 0xad, 0x74, 0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39,
-  0x3e, 0x72, 0x23, 0x73, 0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55,
-  0x5b, 0x0e, 0xc0, 0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76,
-  0x14, 0xce, 0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95,
-  0x16, 0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
-  0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8, 0xfe,
-  0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77, 0x55, 0x92,
-  0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00, 0x0b, 0xe2, 0x5b,
-  0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86, 0x18, 0x4d, 0xd1, 0xc8,
-  0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f, 0x60, 0x66, 0x3d, 0xe7, 0xf5,
-  0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f, 0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4,
-  0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1, 0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2,
-  0x38, 0x52, 0x30, 0xd0, 0x70, 0xd0, 0x7e, 0x16, 0x66
-};
+    0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b,
+    0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f,
+    0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd,
+    0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14,
+    0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5,
+    0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20,
+    0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6,
+    0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74,
+    0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73,
+    0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0,
+    0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce,
+    0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16,
+    0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
+    0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8,
+    0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77,
+    0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00,
+    0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86,
+    0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f,
+    0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f,
+    0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1,
+    0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70,
+    0xd0, 0x7e, 0x16, 0x66};
 
 static unsigned char* toUcharPtr(const uint8_t* v) {
-  return const_cast<unsigned char*>(
-    static_cast<const unsigned char*>(v));
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
 }
 
-class Pkcs11RsaPssTest : public ::testing::Test {
-};
+class Pkcs11RsaPssTest : public ::testing::Test {};
 
 class Pkcs11RsaPssVectorTest : public Pkcs11RsaPssTest {
  public:
   void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data,
               size_t data_len, const uint8_t* sig, size_t sig_len) {
     // Verify data signed with PSS/SHA-1.
     SECOidTag hashOid = SEC_OID_SHA1;
     CK_MECHANISM_TYPE hashMech = CKM_SHA_1;
     CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA1;
 
     // Set up PSS parameters.
     unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
-    CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
-    SECItem params = { siBuffer,
-                       reinterpret_cast<unsigned char*>(&rsaPssParams),
-                       sizeof(rsaPssParams) };
+    CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+                      sizeof(rsaPssParams)};
 
     // Import public key.
-    SECItem spkiItem = { siBuffer, toUcharPtr(spki),
-                         static_cast<unsigned int>(spki_len) };
+    SECItem spkiItem = {siBuffer, toUcharPtr(spki),
+                        static_cast<unsigned int>(spki_len)};
     ScopedCERTSubjectPublicKeyInfo certSpki(
-      SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+        SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
     ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
 
     // Hash the data.
     std::vector<uint8_t> hashBuf(hLen);
-    SECItem hash = { siBuffer, &hashBuf[0],
-                     static_cast<unsigned int>(hashBuf.size()) };
-    SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data),
-                                data_len);
+    SECItem hash = {siBuffer, &hashBuf[0],
+                    static_cast<unsigned int>(hashBuf.size())};
+    SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data), data_len);
     EXPECT_EQ(rv, SECSuccess);
 
     // Verify.
     CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
-    SECItem sigItem = { siBuffer, toUcharPtr(sig),
-                        static_cast<unsigned int>(sig_len) };
+    SECItem sigItem = {siBuffer, toUcharPtr(sig),
+                       static_cast<unsigned int>(sig_len)};
     rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sigItem, &hash,
                                   nullptr);
     EXPECT_EQ(rv, SECSuccess);
   }
 };
 
 #define PSS_TEST_VECTOR_VERIFY(spki, data, sig) \
   Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
 
 TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
   // Sign data with a 1024-bit RSA key, using PSS/SHA-256.
   SECOidTag hashOid = SEC_OID_SHA256;
   CK_MECHANISM_TYPE hashMech = CKM_SHA256;
   CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA256;
-  PK11RSAGenParams rsaGenParams = { 1024, 0x10001 };
+  PK11RSAGenParams rsaGenParams = {1024, 0x10001};
 
   // Generate RSA key pair.
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   SECKEYPublicKey* pubKeyRaw = nullptr;
-  ScopedSECKEYPrivateKey privKey(PK11_GenerateKeyPair(slot.get(),
-                                                      CKM_RSA_PKCS_KEY_PAIR_GEN,
-                                                      &rsaGenParams, &pubKeyRaw,
-                                                      false, false, nullptr));
+  ScopedSECKEYPrivateKey privKey(
+      PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaGenParams,
+                           &pubKeyRaw, false, false, nullptr));
   ASSERT_TRUE(!!privKey && pubKeyRaw);
   ScopedSECKEYPublicKey pubKey(pubKeyRaw);
 
   // Generate random data to sign.
   uint8_t dataBuf[50];
-  SECItem data = { siBuffer, dataBuf, sizeof(dataBuf) };
+  SECItem data = {siBuffer, dataBuf, sizeof(dataBuf)};
   unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
   SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), data.data, data.len);
   EXPECT_EQ(rv, SECSuccess);
 
   // Allocate memory for the signature.
   std::vector<uint8_t> sigBuf(PK11_SignatureLen(privKey.get()));
-  SECItem sig = { siBuffer, &sigBuf[0],
-                  static_cast<unsigned int>(sigBuf.size()) };
+  SECItem sig = {siBuffer, &sigBuf[0],
+                 static_cast<unsigned int>(sigBuf.size())};
 
   // Set up PSS parameters.
-  CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
-  SECItem params = { siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
-                     sizeof(rsaPssParams) };
+  CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
+  SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+                    sizeof(rsaPssParams)};
 
   // Sign.
   CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
   rv = PK11_SignWithMechanism(privKey.get(), mech, &params, &sig, &data);
   EXPECT_EQ(rv, SECSuccess);
 
   // Verify.
   rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
@@ -218,17 +215,17 @@ TEST_F(Pkcs11RsaPssTest, GenerateAndSign
 
   // Verification with modified data must fail.
   data.data[0] ^= 0xff;
   rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
                                 nullptr);
   EXPECT_EQ(rv, SECFailure);
 
   // Verification with original data but the wrong signature must fail.
-  data.data[0] ^= 0xff; // Revert previous changes.
+  data.data[0] ^= 0xff;  // Revert previous changes.
   sig.data[0] ^= 0xff;
   rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
                                 nullptr);
   EXPECT_EQ(rv, SECFailure);
 }
 
 // RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
@@ -238,9 +235,8 @@ TEST_F(Pkcs11RsaPssVectorTest, VerifyKno
 
 // RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
 TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
   PSS_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/ssl_gtest/Makefile
+++ b/security/nss/external_tests/ssl_gtest/Makefile
@@ -28,26 +28,28 @@ include $(CORE_DEPTH)/coreconf/config.mk
 include ../common/gtest.mk
 
 CFLAGS += -I$(CORE_DEPTH)/lib/ssl
 
 ifdef NSS_SSL_ENABLE_ZLIB
 include $(CORE_DEPTH)/coreconf/zlib.mk
 endif
 
+ifdef NSS_DISABLE_TLS_1_3
+# Run parameterized tests only, for which we can easily exclude TLS 1.3
+CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
+CFLAGS += -DNSS_DISABLE_TLS_1_3
+endif
+
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
 
 include $(CORE_DEPTH)/coreconf/rules.mk
 
 #######################################################################
 # (6) Execute "component" rules. (OPTIONAL)                           #
 #######################################################################
 
 
 #######################################################################
 # (7) Execute "local" rules. (OPTIONAL).                              #
 #######################################################################
-
-ifndef NSS_ENABLE_TLS_1_3
-CPPSRCS := $(filter-out ssl_0rtt_unittest.cc, $(CPPSRCS))
-endif
--- a/security/nss/external_tests/ssl_gtest/databuffer.h
+++ b/security/nss/external_tests/ssl_gtest/databuffer.h
@@ -13,22 +13,24 @@
 #include <iomanip>
 #include <iostream>
 #if defined(WIN32) || defined(WIN64)
 #include <winsock2.h>
 #else
 #include <arpa/inet.h>
 #endif
 
+extern bool g_ssl_gtest_verbose;
+
 namespace nss_test {
 
 class DataBuffer {
  public:
   DataBuffer() : data_(nullptr), len_(0) {}
-  DataBuffer(const uint8_t *data, size_t len) : data_(nullptr), len_(0) {
+  DataBuffer(const uint8_t* data, size_t len) : data_(nullptr), len_(0) {
     Assign(data, len);
   }
   explicit DataBuffer(const DataBuffer& other) : data_(nullptr), len_(0) {
     Assign(other);
   }
   ~DataBuffer() { delete[] data_; }
 
   DataBuffer& operator=(const DataBuffer& other) {
@@ -39,52 +41,47 @@ class DataBuffer {
   }
 
   void Allocate(size_t len) {
     delete[] data_;
     data_ = new uint8_t[len ? len : 1];  // Don't depend on new [0].
     len_ = len;
   }
 
-  void Truncate(size_t len) {
-    len_ = std::min(len_, len);
-  }
+  void Truncate(size_t len) { len_ = std::min(len_, len); }
 
-  void Assign(const DataBuffer& other) {
-    Assign(other.data(), other.len());
-  }
+  void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
 
   void Assign(const uint8_t* data, size_t len) {
     if (data) {
       Allocate(len);
-      memcpy(static_cast<void *>(data_), static_cast<const void *>(data), len);
+      memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
     } else {
       assert(len == 0);
       data_ = nullptr;
       len_ = 0;
     }
   }
 
   // Write will do a new allocation and expand the size of the buffer if needed.
   // Returns the offset of the end of the write.
   size_t Write(size_t index, const uint8_t* val, size_t count) {
     if (index + count > len_) {
       size_t newlen = index + count;
-      uint8_t* tmp = new uint8_t[newlen]; // Always > 0.
-      memcpy(static_cast<void*>(tmp),
-             static_cast<const void*>(data_), len_);
+      uint8_t* tmp = new uint8_t[newlen];  // Always > 0.
+      memcpy(static_cast<void*>(tmp), static_cast<const void*>(data_), len_);
       if (index > len_) {
         memset(static_cast<void*>(tmp + len_), 0, index - len_);
       }
       delete[] data_;
       data_ = tmp;
       len_ = newlen;
     }
-    memcpy(static_cast<void*>(data_ + index),
-           static_cast<const void*>(val), count);
+    memcpy(static_cast<void*>(data_ + index), static_cast<const void*>(val),
+           count);
     return index + count;
   }
 
   size_t Write(size_t index, const DataBuffer& buf) {
     return Write(index, buf.data(), buf.len());
   }
 
   // Write an integer, also performing host-to-network order conversion.
@@ -112,17 +109,18 @@ class DataBuffer {
   }
 
   // Starting at |index|, remove |remove| bytes and replace them with the
   // contents of |buf|.
   void Splice(const DataBuffer& buf, size_t index, size_t remove = 0) {
     Splice(buf.data(), buf.len(), index, remove);
   }
 
-  void Splice(const uint8_t* ins, size_t ins_len, size_t index, size_t remove = 0) {
+  void Splice(const uint8_t* ins, size_t ins_len, size_t index,
+              size_t remove = 0) {
     uint8_t* old_value = data_;
     size_t old_len = len_;
 
     // The amount of stuff remaining from the tail of the old.
     size_t tail_len = old_len - std::min(old_len, index + remove);
     // The new length: the head of the old, the new, and the tail of the old.
     len_ = index + ins_len + tail_len;
     data_ = new uint8_t[len_ ? len_ : 1];
@@ -132,59 +130,54 @@ class DataBuffer {
     // Maybe a gap.
     if (index > old_len) {
       memset(old_value + index, 0, index - old_len);
     }
     // The new.
     Write(index, ins, ins_len);
     // The tail of the old.
     if (tail_len > 0) {
-      Write(index + ins_len,
-            old_value + index + remove, tail_len);
+      Write(index + ins_len, old_value + index + remove, tail_len);
     }
 
     delete[] old_value;
   }
 
   void Append(const DataBuffer& buf) { Splice(buf, len_); }
 
-  const uint8_t *data() const { return data_; }
+  const uint8_t* data() const { return data_; }
   uint8_t* data() { return data_; }
   size_t len() const { return len_; }
   bool empty() const { return len_ == 0; }
 
  private:
   uint8_t* data_;
   size_t len_;
 };
 
-#ifdef DEBUG
-static const size_t kMaxBufferPrint = 10000;
-#else
 static const size_t kMaxBufferPrint = 32;
-#endif
 
 inline std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf) {
   stream << "[" << buf.len() << "] ";
   for (size_t i = 0; i < buf.len(); ++i) {
-    if (i >= kMaxBufferPrint) {
+    if (!g_ssl_gtest_verbose && i >= kMaxBufferPrint) {
       stream << "...";
       break;
     }
     stream << std::hex << std::setfill('0') << std::setw(2)
            << static_cast<unsigned>(buf.data()[i]);
   }
   stream << std::dec;
   return stream;
 }
 
 inline bool operator==(const DataBuffer& a, const DataBuffer& b) {
   return (a.empty() && b.empty()) ||
-    (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
+         (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
 }
 
 inline bool operator!=(const DataBuffer& a, const DataBuffer& b) {
   return !(a == b);
 }
 
-} // namespace nss_test
+}  // namespace nss_test
 
 #endif
--- a/security/nss/external_tests/ssl_gtest/libssl_internals.c
+++ b/security/nss/external_tests/ssl_gtest/libssl_internals.c
@@ -1,186 +1,164 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* This file contains functions for frobbing the internals of libssl */
 #include "libssl_internals.h"
 
 #include "nss.h"
 #include "pk11pub.h"
 #include "seccomon.h"
 #include "ssl.h"
 #include "sslimpl.h"
 
-SECStatus
-SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure;
-    }
+SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
 
-    ++ss->clientHelloVersion;
+  ++ss->clientHelloVersion;
 
-    return SECSuccess;
+  return SECSuccess;
 }
 
-PRUint32
-SSLInt_DetermineKEABits(PRUint16 serverKeyBits, SSLAuthType authAlgorithm) {
-    // For ECDSA authentication we expect a curve for key exchange with the
-    // same strength as the one used for the certificate's signature.
-    if (authAlgorithm == ssl_auth_ecdsa ||
-        authAlgorithm == ssl_auth_ecdh_rsa ||
-        authAlgorithm == ssl_auth_ecdh_ecdsa) {
-        return serverKeyBits;
-    }
-
+// This function guesses what key exchange strength libssl will choose.
+PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
+                                 const SSLCipherSuiteInfo *info) {
+  PRUint32 authBits;
+  SSLAuthType authAlgorithm = info->authType;
+  if (authAlgorithm == ssl_auth_ecdsa || authAlgorithm == ssl_auth_ecdh_rsa ||
+      authAlgorithm == ssl_auth_ecdh_ecdsa) {
+    authBits = serverKeyBits;
+  } else {
     PORT_Assert(authAlgorithm == ssl_auth_rsa_decrypt ||
                 authAlgorithm == ssl_auth_rsa_sign);
-    PRUint32 minKeaBits;
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-    // P-192 is the smallest curve we want to use.
-    minKeaBits = 192U;
-#else
-    // P-256 is the smallest supported curve.
-    minKeaBits = 256U;
-#endif
+    authBits = SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits);
+  }
 
-    return PR_MAX(SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits), minKeaBits);
+  // We expect a curve for key exchange to be selected based on the symmetric
+  // key strength (times 2) or the server key size, whichever is smaller.
+  PRUint32 targetKeaBits = PR_MIN(info->symKeyBits * 2, authBits);
+
+  // P-256 is the preferred curve of minimum size.
+  return PR_MAX(256U, targetKeaBits);
 }
 
 /* Use this function to update the ClientRandom of a client's handshake state
  * after replacing its ClientHello message. We for example need to do this
  * when replacing an SSLv3 ClientHello with its SSLv2 equivalent. */
-SECStatus
-SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd, size_t rnd_len,
-                               uint8_t *msg, size_t msg_len)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure;
-    }
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
 
-    SECStatus rv = ssl3_InitState(ss);
-    if (rv != SECSuccess) {
-        return rv;
-    }
+  SECStatus rv = ssl3_InitState(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
 
-    rv = ssl3_RestartHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        return rv;
-    }
+  rv = ssl3_RestartHandshakeHashes(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
 
-    // Zero the client_random struct.
-    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
+  // Zero the client_random struct.
+  PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
 
-    // Copy over the challenge bytes.
-    size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
-    PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
+  // Copy over the challenge bytes.
+  size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
+  PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
 
-    // Rehash the SSLv2 client hello message.
-    return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
+  // Rehash the SSLv2 client hello message.
+  return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
 }
 
-PRBool
-SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
+PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
 }
 
-void
-SSLInt_ClearSessionTicketKey()
-{
+void SSLInt_ClearSessionTicketKey() {
   ssl3_SessionTicketShutdown(NULL, NULL);
   NSS_UnregisterShutdown(ssl3_SessionTicketShutdown, NULL);
 }
 
-SECStatus
-SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu)
-{
+SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (ss) {
     ss->ssl3.mtu = mtu;
     return SECSuccess;
   }
   return SECFailure;
 }
 
-PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd)
-{
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd) {
   PRCList *cur_p;
   PRInt32 ct = 0;
 
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return -1;
   }
 
   for (cur_p = PR_NEXT_LINK(&ss->ssl3.hs.cipherSpecs);
-       cur_p != &ss->ssl3.hs.cipherSpecs;
-       cur_p = PR_NEXT_LINK(cur_p)) {
+       cur_p != &ss->ssl3.hs.cipherSpecs; cur_p = PR_NEXT_LINK(cur_p)) {
     ++ct;
   }
   return ct;
 }
 
 /* Force a timer expiry by backdating when the timer was started.
  * We could set the remaining time to 0 but then backoff would not
  * work properly if we decide to test it. */
-void SSLInt_ForceTimerExpiry(PRFileDesc *fd)
-{
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return;
   }
 
-  if (!ss->ssl3.hs.rtTimerCb)
-    return;
+  if (!ss->ssl3.hs.rtTimerCb) return;
 
-  ss->ssl3.hs.rtTimerStarted = PR_IntervalNow() -
-      PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
+  ss->ssl3.hs.rtTimerStarted =
+      PR_IntervalNow() - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
 }
 
-#define CHECK_SECRET(secret)                    \
-  if (ss->ssl3.hs.secret) {                     \
-    fprintf(stderr, "%s != NULL\n", #secret);   \
-    return PR_FALSE;                            \
+#define CHECK_SECRET(secret)                  \
+  if (ss->ssl3.hs.secret) {                   \
+    fprintf(stderr, "%s != NULL\n", #secret); \
+    return PR_FALSE;                          \
   }
 
-PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd)
-{
+PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return PR_FALSE;
   }
 
   CHECK_SECRET(currentSecret);
   CHECK_SECRET(resumptionPsk);
   CHECK_SECRET(dheSecret);
   CHECK_SECRET(earlyTrafficSecret);
   CHECK_SECRET(hsTrafficSecret);
 
   return PR_TRUE;
 }
 
-PRBool sslint_DamageTrafficSecret(PRFileDesc *fd,
-                                  size_t offset)
-{
+PRBool sslint_DamageTrafficSecret(PRFileDesc *fd, size_t offset) {
   unsigned char data[32] = {0};
   PK11SymKey **keyPtr;
   PK11SlotInfo *slot = PK11_GetInternalSlot();
-  SECItem key_item = {
-      siBuffer,
-      data,
-      sizeof(data)
-  };
+  SECItem key_item = {siBuffer, data, sizeof(data)};
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return PR_FALSE;
   }
   if (!slot) {
     return PR_FALSE;
   }
   keyPtr = (PK11SymKey **)((char *)&ss->ssl3.hs + offset);
@@ -193,43 +171,54 @@ PRBool sslint_DamageTrafficSecret(PRFile
   PK11_FreeSlot(slot);
   if (!*keyPtr) {
     return PR_FALSE;
   }
 
   return PR_TRUE;
 }
 
-
-PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd)
-{
+PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd) {
   return sslint_DamageTrafficSecret(
-      fd,
-      offsetof(SSL3HandshakeState,
-               hsTrafficSecret));
+      fd, offsetof(SSL3HandshakeState, hsTrafficSecret));
 }
 
-PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd)
-{
+PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd) {
   return sslint_DamageTrafficSecret(
-      fd,
-      offsetof(SSL3HandshakeState,
-               earlyTrafficSecret));
+      fd, offsetof(SSL3HandshakeState, earlyTrafficSecret));
 }
 
-SECStatus
-SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len)
-{
+SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return SECFailure;
   }
 
   ss->ssl3.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
   if (ss->ssl3.nextProto.data) {
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
   }
-  if (!SECITEM_AllocItem(NULL, &ss->ssl3.nextProto, len))
-    return SECFailure;
+  if (!SECITEM_AllocItem(NULL, &ss->ssl3.nextProto, len)) return SECFailure;
   PORT_Memcpy(ss->ssl3.nextProto.data, data, len);
 
   return SECSuccess;
 }
+
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  return (PRBool)(!!ssl_FindServerCertByAuthType(ss, authType));
+}
+
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  SECStatus rv = SSL3_SendAlert(ss, level, type);
+  if (rv != SECSuccess) return PR_FALSE;
+
+  return PR_TRUE;
+}
--- a/security/nss/external_tests/ssl_gtest/libssl_internals.h
+++ b/security/nss/external_tests/ssl_gtest/libssl_internals.h
@@ -11,25 +11,27 @@
 
 #include "prio.h"
 #include "seccomon.h"
 #include "sslt.h"
 
 SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
 
 PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
-                                 SSLAuthType authAlgorithm);
+                                 const SSLCipherSuiteInfo *info);
 
-SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd,
-                                         uint8_t *rnd, size_t rnd_len,
-                                         uint8_t *msg, size_t msg_len);
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len);
 
 PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
 void SSLInt_ClearSessionTicketKey();
 PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd);
 void SSLInt_ForceTimerExpiry(PRFileDesc *fd);
 SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu);
 PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd);
 PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd);
 PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd);
 SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len);
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType);
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type);
 
-#endif // ndef libssl_internals_h_
+#endif  // ndef libssl_internals_h_
--- a/security/nss/external_tests/ssl_gtest/manifest.mn
+++ b/security/nss/external_tests/ssl_gtest/manifest.mn
@@ -10,23 +10,27 @@ MODULE = nss
 CSRCS = \
       libssl_internals.c \
       $(NULL)
 
 CPPSRCS = \
       ssl_0rtt_unittest.cc \
       ssl_agent_unittest.cc \
       ssl_auth_unittest.cc \
+      ssl_cert_ext_unittest.cc \
       ssl_ciphersuite_unittest.cc \
+      ssl_damage_unittest.cc \
       ssl_dhe_unittest.cc \
       ssl_drop_unittest.cc \
+      ssl_ecdh_unittest.cc \
       ssl_ems_unittest.cc \
       ssl_extension_unittest.cc \
       ssl_gtest.cc \
       ssl_loopback_unittest.cc \
+      ssl_record_unittest.cc \
       ssl_resumption_unittest.cc \
       ssl_skip_unittest.cc \
       ssl_staticrsa_unittest.cc \
       ssl_v2_client_hello_unittest.cc \
       ssl_version_unittest.cc \
       test_io.cc \
       tls_agent.cc \
       tls_connect.cc \
--- a/security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
@@ -1,43 +1,40 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include "ssl.h"
 #include "secerr.h"
-#include "ssl.h"
 #include "sslerr.h"
 #include "sslproto.h"
 
 extern "C" {
 // This is not something that should make you happy.
 #include "libssl_internals.h"
 }
 
+#include "gtest_utils.h"
 #include "scoped_ptrs.h"
-#include "tls_parser.h"
+#include "tls_connect.h"
 #include "tls_filter.h"
-#include "tls_connect.h"
-#include "gtest_utils.h"
+#include "tls_parser.h"
 
 namespace nss_test {
 
 TEST_F(TlsConnectTest, DamageSecretHandleZeroRttClientFinished) {
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   client_->SetPacketFilter(new AfterRecordN(
-      client_,
-      server_,
-      0, // ClientHello.
-      [this]() {
-        SSLInt_DamageEarlyTrafficSecret(server_->ssl_fd());
-      }));
+      client_, server_,
+      0,  // ClientHello.
+      [this]() { SSLInt_DamageEarlyTrafficSecret(server_->ssl_fd()); }));
   ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
   server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
 }
 
 TEST_F(TlsConnectTest, ZeroRttServerRejectByOption) {
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
@@ -103,60 +100,60 @@ TEST_F(TlsConnectTest, TestTls13ZeroRttA
   EnableAlpn();
   SetupForZeroRtt();
   EnableAlpn();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ExpectEarlyDataAccepted(true);
   ZeroRttSendReceive(true, [this]() {
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
-      return true;
-    });
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
   Handshake();
   CheckConnected();
   SendReceive();
   CheckAlpn("a");
 }
 
 // Remove the old ALPN value and so the client will not offer ALPN.
 TEST_F(TlsConnectTest, TestTls13ZeroRttAlpnChangeBoth) {
   EnableAlpn();
   SetupForZeroRtt();
-  static const uint8_t alpn[] = { 0x01, 0x62 };  // "b"
+  static const uint8_t alpn[] = {0x01, 0x62};  // "b"
   EnableAlpn(alpn, sizeof(alpn));
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(false, [this]() {
-      client_->CheckAlpn(SSL_NEXT_PROTO_NO_SUPPORT);
-      return false;
-    });
+    client_->CheckAlpn(SSL_NEXT_PROTO_NO_SUPPORT);
+    return false;
+  });
   Handshake();
   CheckConnected();
   SendReceive();
   CheckAlpn("b");
 }
 
 // Have the server negotiate a different ALPN value, and therefore
 // reject 0-RTT.
 TEST_F(TlsConnectTest, TestTls13ZeroRttAlpnChangeServer) {
   EnableAlpn();
   SetupForZeroRtt();
-  static const uint8_t client_alpn[] = { 0x01, 0x61, 0x01, 0x62 }; // "a", "b"
-  static const uint8_t server_alpn[] = { 0x01, 0x62 };  // "b"
+  static const uint8_t client_alpn[] = {0x01, 0x61, 0x01, 0x62};  // "a", "b"
+  static const uint8_t server_alpn[] = {0x01, 0x62};              // "b"
   client_->EnableAlpn(client_alpn, sizeof(client_alpn));
   server_->EnableAlpn(server_alpn, sizeof(server_alpn));
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(false, [this]() {
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
-      return true;
-    });
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
   Handshake();
   CheckConnected();
   SendReceive();
   CheckAlpn("b");
 }
 
 // Check that the client validates the ALPN selection of the server.
 // Stomp the ALPN on the client after sending the ClientHello so
@@ -165,40 +162,39 @@ TEST_F(TlsConnectTest, TestTls13ZeroRttA
 TEST_F(TlsConnectTest, TestTls13ZeroRttNoAlpnServer) {
   EnableAlpn();
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   EnableAlpn();
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(true, [this]() {
-      PRUint8 b[] = {'b'};
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
-      EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b,
-                                               sizeof(b)));
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
-      return true;
-    });
+    PRUint8 b[] = {'b'};
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, sizeof(b)));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
   Handshake();
   client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
   server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
 // Set up with no ALPN and then set the client so it thinks it has ALPN.
 // The server responds without the extension and the client returns an
 // error.
 TEST_F(TlsConnectTest, TestTls13ZeroRttNoAlpnClient) {
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(true, [this]() {
-      PRUint8 b[] = {'b'};
-      EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
-      return true;
-    });
+    PRUint8 b[] = {'b'};
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
   Handshake();
   client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
   server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
-} // namespace nss_test
+}  // namespace nss_test
--- a/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
@@ -13,236 +13,185 @@
 #include "databuffer.h"
 #include "tls_agent.h"
 #include "tls_connect.h"
 #include "tls_filter.h"
 #include "tls_parser.h"
 
 namespace nss_test {
 
-#ifdef NSS_ENABLE_TLS_1_3
 // This is a 1-RTT ClientHello with ECDHE and DHE.
 const static uint8_t kCannedTls13ClientHello[] = {
-  0x01, 0x00, 0x01, 0xfc, 0x03, 0x04, 0x77, 0x5c,
-  0x3a, 0xd8, 0x3f, 0x43, 0x63, 0x98, 0xfa, 0x68,
-  0xfb, 0x01, 0x39, 0xff, 0x7c, 0x1a, 0x51, 0xa7,
-  0x92, 0xda, 0x97, 0xf5, 0x15, 0x78, 0xb3, 0xbb,
-  0x26, 0xa7, 0xed, 0x6f, 0x69, 0x71, 0x00, 0x00,
-  0x2a, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc,
-  0xa8, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0,
-  0x14, 0x00, 0x9e, 0xcc, 0xaa, 0x00, 0x33, 0x00,
-  0x32, 0x00, 0x39, 0x00, 0x38, 0x00, 0x16, 0x00,
-  0x13, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00,
-  0x05, 0x00, 0x04, 0x01, 0x00, 0x01, 0xa9, 0x00,
-  0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
-  0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01,
-  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
-  0x08, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
-  0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0xff,
-  0x02, 0x00, 0x02, 0x00, 0x0d, 0x00, 0x28, 0x01,
-  0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04,
-  0xbf, 0x31, 0xb4, 0x29, 0x96, 0xf4, 0xe6, 0x4a,
-  0xe3, 0xea, 0x87, 0x05, 0x38, 0x0e, 0x68, 0x02,
-  0xbc, 0x4a, 0x5d, 0x90, 0xed, 0xe7, 0xaa, 0x8e,
-  0xb8, 0x42, 0x84, 0xaa, 0x3a, 0x4f, 0x2b, 0xe3,
-  0x52, 0x9a, 0x9a, 0x76, 0xab, 0xf8, 0x2e, 0x59,
-  0xea, 0xcd, 0x2b, 0x2f, 0x03, 0x18, 0xd2, 0x0c,
-  0xc9, 0x07, 0x15, 0xca, 0xe6, 0x61, 0xf7, 0x79,
-  0x9f, 0xfe, 0xc5, 0x10, 0x40, 0x9e, 0x38, 0x33,
-  0x01, 0x00, 0x01, 0x00, 0xd8, 0x80, 0x1f, 0x06,
-  0x9a, 0xbb, 0xf7, 0xbb, 0xd4, 0x5c, 0x75, 0x1d,
-  0x8e, 0x09, 0x27, 0xad, 0x08, 0xb8, 0x16, 0x0f,
-  0x4f, 0x50, 0x79, 0xe1, 0x7e, 0xd4, 0x3b, 0xc0,
-  0x57, 0xcc, 0x00, 0x5e, 0x28, 0xd8, 0xb3, 0x16,
-  0x7f, 0x36, 0x48, 0x75, 0x8d, 0x03, 0xa4, 0x71,
-  0x86, 0x06, 0xf0, 0xe7, 0x57, 0x47, 0x35, 0xf0,
-  0x04, 0xfb, 0xf7, 0x6c, 0x7a, 0xdd, 0x05, 0x93,
-  0x53, 0x16, 0x12, 0x49, 0xbe, 0x35, 0x67, 0x47,
-  0x6e, 0x3a, 0x91, 0xef, 0x50, 0x09, 0x14, 0x98,
-  0x8b, 0x83, 0xc4, 0x62, 0x77, 0xf3, 0x57, 0x53,
-  0x3f, 0xf4, 0x82, 0xc0, 0x70, 0x25, 0x19, 0x9d,
-  0x93, 0xe2, 0xb9, 0x7b, 0xb4, 0x83, 0x31, 0xef,
-  0xd8, 0x3b, 0xd5, 0x25, 0x70, 0x64, 0x29, 0xa2,
-  0xc2, 0xc5, 0x73, 0x9a, 0xfe, 0x27, 0xca, 0xc0,
-  0x55, 0x34, 0x91, 0x95, 0x05, 0xbf, 0x5e, 0x54,
-  0x4d, 0x95, 0x43, 0x3d, 0x54, 0x6a, 0x89, 0x0b,
-  0x5e, 0xab, 0x08, 0x7b, 0xf8, 0x38, 0x0a, 0x56,
-  0x51, 0x9d, 0xbc, 0xdd, 0x46, 0xa9, 0xfc, 0x95,
-  0xe9, 0x75, 0x1c, 0xc8, 0x18, 0x7f, 0xed, 0xa9,
-  0xca, 0xb6, 0x5e, 0x77, 0x63, 0x33, 0xb1, 0xb5,
-  0x68, 0xce, 0xa5, 0x98, 0xec, 0x8c, 0x34, 0x98,
-  0x1c, 0xa9, 0xa5, 0x84, 0xec, 0xe6, 0xba, 0x0b,
-  0x11, 0xbf, 0x40, 0xa5, 0xf0, 0x3c, 0xd5, 0xd3,
-  0xac, 0x2f, 0x46, 0xed, 0xab, 0xc0, 0xc1, 0x78,
-  0x3f, 0x18, 0x64, 0x5b, 0xff, 0x31, 0xeb, 0x74,
-  0x06, 0x92, 0x42, 0x1e, 0x90, 0xf7, 0xea, 0xa5,
-  0x02, 0x33, 0x8e, 0x01, 0xe3, 0xfa, 0x70, 0x82,
-  0xe5, 0xe7, 0x67, 0x8b, 0x96, 0x20, 0x13, 0x2e,
-  0x65, 0x86, 0xab, 0x28, 0xc8, 0x1b, 0xfe, 0xb4,
-  0x98, 0xed, 0xa4, 0xa0, 0xee, 0xf9, 0x53, 0x74,
-  0x30, 0xac, 0x79, 0x2d, 0xf2, 0x92, 0xd0, 0x5e,
-  0x10, 0xd7, 0xb9, 0x41, 0x00, 0x0d, 0x00, 0x18,
-  0x00, 0x16, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
-  0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03,
-  0x02, 0x03, 0x05, 0x02, 0x04, 0x02, 0x02, 0x02,
-  0x00, 0x15, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
+    0x01, 0x00, 0x01, 0xfc, 0x03, 0x04, 0x77, 0x5c, 0x3a, 0xd8, 0x3f, 0x43,
+    0x63, 0x98, 0xfa, 0x68, 0xfb, 0x01, 0x39, 0xff, 0x7c, 0x1a, 0x51, 0xa7,
+    0x92, 0xda, 0x97, 0xf5, 0x15, 0x78, 0xb3, 0xbb, 0x26, 0xa7, 0xed, 0x6f,
+    0x69, 0x71, 0x00, 0x00, 0x2a, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc,
+    0xa8, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9e, 0xcc,
+    0xaa, 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x38, 0x00, 0x16, 0x00,
+    0x13, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01,
+    0x00, 0x01, 0xa9, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
+    0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+    0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
+    0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0xff, 0x02, 0x00, 0x02, 0x00,
+    0x0e, 0x00, 0x28, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04,
+    0xbf, 0x31, 0xb4, 0x29, 0x96, 0xf4, 0xe6, 0x4a, 0xe3, 0xea, 0x87, 0x05,
+    0x38, 0x0e, 0x68, 0x02, 0xbc, 0x4a, 0x5d, 0x90, 0xed, 0xe7, 0xaa, 0x8e,
+    0xb8, 0x42, 0x84, 0xaa, 0x3a, 0x4f, 0x2b, 0xe3, 0x52, 0x9a, 0x9a, 0x76,
+    0xab, 0xf8, 0x2e, 0x59, 0xea, 0xcd, 0x2b, 0x2f, 0x03, 0x18, 0xd2, 0x0c,
+    0xc9, 0x07, 0x15, 0xca, 0xe6, 0x61, 0xf7, 0x79, 0x9f, 0xfe, 0xc5, 0x10,
+    0x40, 0x9e, 0x38, 0x33, 0x01, 0x00, 0x01, 0x00, 0xd8, 0x80, 0x1f, 0x06,
+    0x9a, 0xbb, 0xf7, 0xbb, 0xd4, 0x5c, 0x75, 0x1d, 0x8e, 0x09, 0x27, 0xad,
+    0x08, 0xb8, 0x16, 0x0f, 0x4f, 0x50, 0x79, 0xe1, 0x7e, 0xd4, 0x3b, 0xc0,
+    0x57, 0xcc, 0x00, 0x5e, 0x28, 0xd8, 0xb3, 0x16, 0x7f, 0x36, 0x48, 0x75,
+    0x8d, 0x03, 0xa4, 0x71, 0x86, 0x06, 0xf0, 0xe7, 0x57, 0x47, 0x35, 0xf0,
+    0x04, 0xfb, 0xf7, 0x6c, 0x7a, 0xdd, 0x05, 0x93, 0x53, 0x16, 0x12, 0x49,
+    0xbe, 0x35, 0x67, 0x47, 0x6e, 0x3a, 0x91, 0xef, 0x50, 0x09, 0x14, 0x98,
+    0x8b, 0x83, 0xc4, 0x62, 0x77, 0xf3, 0x57, 0x53, 0x3f, 0xf4, 0x82, 0xc0,
+    0x70, 0x25, 0x19, 0x9d, 0x93, 0xe2, 0xb9, 0x7b, 0xb4, 0x83, 0x31, 0xef,
+    0xd8, 0x3b, 0xd5, 0x25, 0x70, 0x64, 0x29, 0xa2, 0xc2, 0xc5, 0x73, 0x9a,
+    0xfe, 0x27, 0xca, 0xc0, 0x55, 0x34, 0x91, 0x95, 0x05, 0xbf, 0x5e, 0x54,
+    0x4d, 0x95, 0x43, 0x3d, 0x54, 0x6a, 0x89, 0x0b, 0x5e, 0xab, 0x08, 0x7b,
+    0xf8, 0x38, 0x0a, 0x56, 0x51, 0x9d, 0xbc, 0xdd, 0x46, 0xa9, 0xfc, 0x95,
+    0xe9, 0x75, 0x1c, 0xc8, 0x18, 0x7f, 0xed, 0xa9, 0xca, 0xb6, 0x5e, 0x77,
+    0x63, 0x33, 0xb1, 0xb5, 0x68, 0xce, 0xa5, 0x98, 0xec, 0x8c, 0x34, 0x98,
+    0x1c, 0xa9, 0xa5, 0x84, 0xec, 0xe6, 0xba, 0x0b, 0x11, 0xbf, 0x40, 0xa5,
+    0xf0, 0x3c, 0xd5, 0xd3, 0xac, 0x2f, 0x46, 0xed, 0xab, 0xc0, 0xc1, 0x78,
+    0x3f, 0x18, 0x64, 0x5b, 0xff, 0x31, 0xeb, 0x74, 0x06, 0x92, 0x42, 0x1e,
+    0x90, 0xf7, 0xea, 0xa5, 0x02, 0x33, 0x8e, 0x01, 0xe3, 0xfa, 0x70, 0x82,
+    0xe5, 0xe7, 0x67, 0x8b, 0x96, 0x20, 0x13, 0x2e, 0x65, 0x86, 0xab, 0x28,
+    0xc8, 0x1b, 0xfe, 0xb4, 0x98, 0xed, 0xa4, 0xa0, 0xee, 0xf9, 0x53, 0x74,
+    0x30, 0xac, 0x79, 0x2d, 0xf2, 0x92, 0xd0, 0x5e, 0x10, 0xd7, 0xb9, 0x41,
+    0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
+    0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03, 0x05, 0x02,
+    0x04, 0x02, 0x02, 0x02, 0x00, 0x15, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 
 const static uint8_t kCannedTls13ServerHello[] = {
-  0x03, 0x04, 0xe9, 0x01, 0xa0, 0x81, 0x37, 0x97,
-  0xaa, 0x8c, 0x7e, 0x21, 0x1c, 0x66, 0x3f, 0xa4,
-  0x0f, 0x4d, 0x74, 0x7a, 0xcd, 0x4b, 0xe1, 0x7f,
-  0x37, 0x85, 0x14, 0xb5, 0x7e, 0x30, 0x15, 0x91,
-  0xdf, 0x18, 0xc0, 0x2f, 0x00, 0x49, 0x00, 0x28,
-  0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x1a,
-  0x53, 0x9b, 0x39, 0xe6, 0xda, 0x66, 0xfc, 0x8a,
-  0x75, 0x68, 0xb7, 0x73, 0xc7, 0x21, 0x1f, 0x01,
-  0x04, 0x54, 0xb4, 0x99, 0x1f, 0x0b, 0x7e, 0xea,
-  0x95, 0xec, 0x78, 0x5c, 0x37, 0x7c, 0x31, 0x56,
-  0x04, 0xc8, 0xbf, 0x79, 0x47, 0x56, 0xb9, 0x87,
-  0x06, 0xc1, 0xfc, 0x63, 0x09, 0x5d, 0xfc, 0x1a,
-  0x9e, 0x2b, 0xb9, 0xca, 0xdb, 0x0e, 0x10, 0xec,
-  0xd5, 0x95, 0x0d, 0x0a, 0x5e, 0x3c, 0xf7
-};
+    0x03, 0x04, 0xe9, 0x01, 0xa0, 0x81, 0x37, 0x97, 0xaa, 0x8c, 0x7e, 0x21,
+    0x1c, 0x66, 0x3f, 0xa4, 0x0f, 0x4d, 0x74, 0x7a, 0xcd, 0x4b, 0xe1, 0x7f,
+    0x37, 0x85, 0x14, 0xb5, 0x7e, 0x30, 0x15, 0x91, 0xdf, 0x18, 0xc0, 0x2f,
+    0x00, 0x49, 0x00, 0x28, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x1a,
+    0x53, 0x9b, 0x39, 0xe6, 0xda, 0x66, 0xfc, 0x8a, 0x75, 0x68, 0xb7, 0x73,
+    0xc7, 0x21, 0x1f, 0x01, 0x04, 0x54, 0xb4, 0x99, 0x1f, 0x0b, 0x7e, 0xea,
+    0x95, 0xec, 0x78, 0x5c, 0x37, 0x7c, 0x31, 0x56, 0x04, 0xc8, 0xbf, 0x79,
+    0x47, 0x56, 0xb9, 0x87, 0x06, 0xc1, 0xfc, 0x63, 0x09, 0x5d, 0xfc, 0x1a,
+    0x9e, 0x2b, 0xb9, 0xca, 0xdb, 0x0e, 0x10, 0xec, 0xd5, 0x95, 0x0d, 0x0a,
+    0x5e, 0x3c, 0xf7};
 
 static const char *k0RttData = "ABCDEF";
-#endif
 
 TEST_P(TlsAgentTest, EarlyFinished) {
   DataBuffer buffer;
   MakeTrivialHandshakeRecord(kTlsHandshakeFinished, 0, &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_FINISHED);
 }
 
 TEST_P(TlsAgentTest, EarlyCertificateVerify) {
   DataBuffer buffer;
   MakeTrivialHandshakeRecord(kTlsHandshakeCertificateVerify, 0, &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
 }
 
-#ifdef NSS_ENABLE_TLS_1_3
 TEST_P(TlsAgentTestClient, CannedHello) {
   DataBuffer buffer;
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
-  uint16_t wire_version = mode_ == STREAM ?
-      SSL_LIBRARY_VERSION_TLS_1_3:
-      TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  uint16_t wire_version =
+      mode_ == STREAM ? SSL_LIBRARY_VERSION_TLS_1_3
+                      : TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   server_hello_inner.Write(0, wire_version, 2);
   DataBuffer server_hello;
-  MakeHandshakeMessage(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello);
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
   MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
              server_hello.data(), server_hello.len(), &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
 }
 
 TEST_P(TlsAgentTestClient, EncryptedExtensionsInClear) {
   DataBuffer buffer;
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
-  server_hello_inner.Write(0,
-                           mode_ == STREAM ?
-                           SSL_LIBRARY_VERSION_TLS_1_3:
-                           TlsVersionToDtlsVersion(
-                               SSL_LIBRARY_VERSION_TLS_1_3),
-                           2);
+  server_hello_inner.Write(
+      0, mode_ == STREAM ? SSL_LIBRARY_VERSION_TLS_1_3
+                         : TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3),
+      2);
   DataBuffer server_hello;
-  MakeHandshakeMessage(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello);
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
   DataBuffer encrypted_extensions;
   MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
                        &encrypted_extensions, 1);
   server_hello.Append(encrypted_extensions);
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello.data(),
-             server_hello.len(), &buffer);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), server_hello.len(), &buffer);
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
 }
 
 TEST_F(TlsAgentStreamTestClient, EncryptedExtensionsInClearTwoPieces) {
   DataBuffer buffer;
   DataBuffer buffer2;
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
   server_hello_inner.Write(0, SSL_LIBRARY_VERSION_TLS_1_3, 2);
   DataBuffer server_hello;
-  MakeHandshakeMessage(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello);
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
   DataBuffer encrypted_extensions;
   MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
                        &encrypted_extensions, 1);
   server_hello.Append(encrypted_extensions);
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello.data(), 20,
-             &buffer);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), 20, &buffer);
 
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello.data() + 20,
-             server_hello.len() - 20, &buffer2);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data() + 20, server_hello.len() - 20, &buffer2);
 
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
   ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
 }
 
-
 TEST_F(TlsAgentDgramTestClient, EncryptedExtensionsInClearTwoPieces) {
   DataBuffer buffer;
   DataBuffer buffer2;
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
   server_hello_inner.Write(
       0, TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3), 2);
   DataBuffer server_hello_frag1;
-  MakeHandshakeMessageFragment(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello_frag1, 0,
-                       0, 20);
+  MakeHandshakeMessageFragment(
+      kTlsHandshakeServerHello, server_hello_inner.data(),
+      server_hello_inner.len(), &server_hello_frag1, 0, 0, 20);
   DataBuffer server_hello_frag2;
   MakeHandshakeMessageFragment(kTlsHandshakeServerHello,
-                       server_hello_inner.data() + 20,
-                       server_hello_inner.len(), &server_hello_frag2, 0,
-                       20, server_hello_inner.len() - 20);
+                               server_hello_inner.data() + 20,
+                               server_hello_inner.len(), &server_hello_frag2, 0,
+                               20, server_hello_inner.len() - 20);
   DataBuffer encrypted_extensions;
   MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
                        &encrypted_extensions, 1);
   server_hello_frag2.Append(encrypted_extensions);
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello_frag1.data(), server_hello_frag1.len(),
-             &buffer);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag1.data(), server_hello_frag1.len(), &buffer);
 
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello_frag2.data(), server_hello_frag2.len(),
-             &buffer2, 1);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag2.data(), server_hello_frag2.len(), &buffer2, 1);
 
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
   ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
 }
@@ -251,62 +200,55 @@ TEST_F(TlsAgentStreamTestClient, Set0Rtt
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   agent_->StartConnect();
   agent_->Set0RttEnabled(true);
   auto filter =
       new TlsInspectorRecordHandshakeMessage(kTlsHandshakeClientHello);
   agent_->SetPacketFilter(filter);
-  PRInt32 rv = PR_Write(agent_->ssl_fd(),
-                        k0RttData, strlen(k0RttData));
+  PRInt32 rv = PR_Write(agent_->ssl_fd(), k0RttData, strlen(k0RttData));
   EXPECT_EQ(-1, rv);
   int32_t err = PORT_GetError();
   EXPECT_EQ(PR_WOULD_BLOCK_ERROR, err);
   EXPECT_LT(0UL, filter->buffer().len());
 }
 
 TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenRead) {
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   agent_->StartConnect();
   agent_->Set0RttEnabled(true);
   DataBuffer buffer;
   MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
-             reinterpret_cast<const uint8_t *>(k0RttData),
-             strlen(k0RttData), &buffer);
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
 }
 
 // The server is allowing 0-RTT but the client doesn't offer it,
 // so trial decryption isn't engaged and 0-RTT messages cause
 // an error.
 TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   agent_->StartConnect();
   agent_->Set0RttEnabled(true);
   DataBuffer buffer;
   MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
-             kCannedTls13ClientHello, sizeof(kCannedTls13ClientHello),
-             &buffer);
+             kCannedTls13ClientHello, sizeof(kCannedTls13ClientHello), &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
   MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
-             reinterpret_cast<const uint8_t *>(k0RttData),
-             strlen(k0RttData), &buffer);
-  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
-                 SSL_ERROR_BAD_MAC_READ);
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR, SSL_ERROR_BAD_MAC_READ);
 }
 
-#endif
-
-INSTANTIATE_TEST_CASE_P(AgentTests, TlsAgentTest,
-                        ::testing::Combine(
-                             TlsAgentTestBase::kTlsRolesAll,
-                             TlsConnectTestBase::kTlsModesStream));
-#ifdef NSS_ENABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(
+    AgentTests, TlsAgentTest,
+    ::testing::Combine(TlsAgentTestBase::kTlsRolesAll,
+                       TlsConnectTestBase::kTlsModesStream));
 INSTANTIATE_TEST_CASE_P(ClientTests, TlsAgentTestClient,
                         TlsConnectTestBase::kTlsModesAll);
-#endif
-} // namespace nss_test
+}  // namespace nss_test
--- a/security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
@@ -1,32 +1,38 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include "ssl.h"
 #include "secerr.h"
-#include "ssl.h"
 #include "sslerr.h"
 #include "sslproto.h"
 
 extern "C" {
 // This is not something that should make you happy.
 #include "libssl_internals.h"
 }
 
+#include "gtest_utils.h"
 #include "scoped_ptrs.h"
-#include "tls_parser.h"
+#include "tls_connect.h"
 #include "tls_filter.h"
-#include "tls_connect.h"
-#include "gtest_utils.h"
+#include "tls_parser.h"
 
 namespace nss_test {
 
+TEST_P(TlsConnectGeneric, ServerAuthBigRsa) {
+  Reset(TlsAgent::kRsa2048);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
 TEST_P(TlsConnectGeneric, ClientAuth) {
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
 }
 
 // In TLS 1.3, the client sends its cert rejection on the
@@ -40,133 +46,222 @@ TEST_P(TlsConnectStream, DISABLED_Client
 }
 
 TEST_P(TlsConnectGeneric, ClientAuthRequestedRejected) {
   server_->RequestClientAuth(false);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
 }
 
-
 TEST_P(TlsConnectGeneric, ClientAuthEcdsa) {
-  Reset(TlsAgent::kServerEcdsa);
+  Reset(TlsAgent::kServerEcdsa256);
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
+TEST_P(TlsConnectGeneric, ClientAuthBigRsa) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+// Offset is the position in the captured buffer where the signature sits.
+static void CheckSigAlgs(TlsInspectorRecordHandshakeMessage* capture,
+                         size_t offset, TlsAgent* peer,
+                         SSLHashType expected_hash, size_t expected_size) {
+  EXPECT_LT(offset + 2U, capture->buffer().len());
+  EXPECT_EQ(expected_hash, capture->buffer().data()[offset]);
+  EXPECT_EQ(ssl_sign_rsa, capture->buffer().data()[offset + 1]);
+
+  ScopedCERTCertificate remote_cert(SSL_PeerCertificate(peer->ssl_fd()));
+  ScopedSECKEYPublicKey remote_key(CERT_ExtractPublicKey(remote_cert.get()));
+  EXPECT_EQ(expected_size, SECKEY_PublicKeyStrengthInBits(remote_key.get()));
+}
+
+// The server should prefer SHA-256 by default, even for the small key size used
+// in the default certificate.
+TEST_P(TlsConnectTls12, ServerAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_ske =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(capture_ske);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  const DataBuffer& buffer = capture_ske->buffer();
+  EXPECT_LT(3U, buffer.len());
+  EXPECT_EQ(3U, buffer.data()[0]) << "curve_type == named_curve";
+  uint32_t tmp;
+  EXPECT_TRUE(buffer.Read(1, 2, &tmp)) << "read NamedCurve";
+  EXPECT_EQ(ssl_grp_ec_secp256r1, tmp);
+  EXPECT_TRUE(buffer.Read(3, 1, &tmp)) << " read ECPoint";
+  CheckSigAlgs(capture_ske, 4 + tmp, client_, ssl_hash_sha256, 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_cert_verify =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  CheckSigAlgs(capture_cert_verify, 0, server_, ssl_hash_sha1, 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthBigRsaCheckSigAlg) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  auto capture_cert_verify =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  CheckSigAlgs(capture_cert_verify, 0, server_, ssl_hash_sha256, 2048);
+}
+
 static const SSLSignatureAndHashAlg SignatureEcdsaSha384[] = {
-  {ssl_hash_sha384, ssl_sign_ecdsa}
-};
+    {ssl_hash_sha384, ssl_sign_ecdsa}};
 static const SSLSignatureAndHashAlg SignatureEcdsaSha256[] = {
-  {ssl_hash_sha256, ssl_sign_ecdsa}
-};
+    {ssl_hash_sha256, ssl_sign_ecdsa}};
 static const SSLSignatureAndHashAlg SignatureRsaSha384[] = {
-  {ssl_hash_sha384, ssl_sign_rsa}
-};
+    {ssl_hash_sha384, ssl_sign_rsa}};
 static const SSLSignatureAndHashAlg SignatureRsaSha256[] = {
-  {ssl_hash_sha256, ssl_sign_rsa}
-};
+    {ssl_hash_sha256, ssl_sign_rsa}};
 
 // When signature algorithms match up, this should connect successfully; even
 // for TLS 1.1 and 1.0, where they should be ignored.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmServerAuth) {
+  Reset(TlsAgent::kServerEcdsa384);
   client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
   server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  Reset(TlsAgent::kServerEcdsa);
   Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
 // Here the client picks a single option, which should work in all versions.
 // Defaults on the server include the first option.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) {
   const SSLSignatureAndHashAlg clientAlgorithms[] = {
-    {ssl_hash_sha384, ssl_sign_ecdsa},
-    {ssl_hash_sha384, ssl_sign_rsa}, // supported but unusable
-    {ssl_hash_md5, ssl_sign_ecdsa} // unsupported and ignored
+      {ssl_hash_sha384, ssl_sign_ecdsa},
+      {ssl_hash_sha384, ssl_sign_rsa},  // supported but unusable
+      {ssl_hash_md5, ssl_sign_ecdsa}    // unsupported and ignored
   };
+  Reset(TlsAgent::kServerEcdsa384);
   client_->SetSignatureAlgorithms(clientAlgorithms,
                                   PR_ARRAY_SIZE(clientAlgorithms));
-  Reset(TlsAgent::kServerEcdsa);
   Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
 // Here the server picks a single option, which should work in all versions.
 // Defaults on the client include the provided option.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmServerOnly) {
+  Reset(TlsAgent::kServerEcdsa384);
   server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  Reset(TlsAgent::kServerEcdsa);
   Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+// In TlS 1.2, a P-256 cert can be used with SHA-384.
+TEST_P(TlsConnectTls12, SignatureSchemeCurveMismatch12) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
-// There is no need for overlap on signatures; since we don't actually use the
-// signatures for static RSA, this should still connect successfully.
-// This should also work in TLS 1.0 and 1.1 where the algorithms aren't used.
+#ifdef NSS_ENABLE_TLS_1_3
+TEST_P(TlsConnectTls13, SignatureAlgorithmServerUnsupported) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
+  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectTls13, SignatureAlgorithmClientUnsupported) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+#endif
+
+// Where there is no overlap on signature schemes, we still connect successfully
+// if we aren't going to use a signature.
 TEST_P(TlsConnectGenericPre13, SignatureAlgorithmNoOverlapStaticRsa) {
   client_->SetSignatureAlgorithms(SignatureRsaSha384,
                                   PR_ARRAY_SIZE(SignatureRsaSha384));
   server_->SetSignatureAlgorithms(SignatureRsaSha256,
                                   PR_ARRAY_SIZE(SignatureRsaSha256));
   EnableOnlyStaticRsaCiphers();
   Connect();
   CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt);
 }
 
-// TODO(ekr@rtfm.com): We need to enable this for 1.3 when we fix
-// bug 1287267.
-TEST_P(TlsConnectTls12, SignatureAlgorithmNoOverlapEcdsa) {
-  Reset(TlsAgent::kServerEcdsa);
+TEST_P(TlsConnectTls12Plus, SignatureAlgorithmNoOverlapEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
   client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
   server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha256));
   ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
 }
 
 // Pre 1.2, a mismatch on signature algorithms shouldn't affect anything.
 TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) {
-  Reset(TlsAgent::kServerEcdsa);
+  Reset(TlsAgent::kServerEcdsa256);
   client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
   server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha256));
   Connect();
 }
 
 TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
   server_->SetSignatureAlgorithms(SignatureRsaSha384,
                                   PR_ARRAY_SIZE(SignatureRsaSha384));
   server_->RequestClientAuth(false);
   Connect();
 }
 
 class BeforeFinished : public TlsRecordFilter {
  private:
-  enum HandshakeState {
-    BEFORE_CCS,
-    AFTER_CCS,
-    DONE
-  };
+  enum HandshakeState { BEFORE_CCS, AFTER_CCS, DONE };
 
  public:
-  BeforeFinished(TlsAgent* client, TlsAgent* server,
-                 VoidFunction before_ccs, VoidFunction before_finished)
+  BeforeFinished(TlsAgent* client, TlsAgent* server, VoidFunction before_ccs,
+                 VoidFunction before_finished)
       : client_(client),
         server_(server),
         before_ccs_(before_ccs),
         before_finished_(before_finished),
         state_(BEFORE_CCS) {}
 
  protected:
-  virtual PacketFilter::Action FilterRecord(
-      const RecordHeader& header, const DataBuffer& body, DataBuffer* out) {
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& body,
+                                            DataBuffer* out) {
     switch (state_) {
       case BEFORE_CCS:
         // Awaken when we see the CCS.
         if (header.content_type() == kTlsChangeCipherSpecType) {
           before_ccs_();
 
           // Write the CCS out as a separate write, so that we can make
           // progress. Ordinarily, libssl sends the CCS and Finished together,
@@ -218,123 +313,206 @@ class BeforeFinished13 : public PacketFi
   enum HandshakeState {
     INIT,
     BEFORE_FIRST_FRAGMENT,
     BEFORE_SECOND_FRAGMENT,
     DONE
   };
 
  public:
-  BeforeFinished13(TlsAgent* client, TlsAgent *server,
+  BeforeFinished13(TlsAgent* client, TlsAgent* server,
                    VoidFunction before_finished)
       : client_(client),
         server_(server),
         before_finished_(before_finished),
         records_(0) {}
 
  protected:
   virtual PacketFilter::Action Filter(const DataBuffer& input,
                                       DataBuffer* output) {
     switch (++records_) {
       case 1:
         // Packet 1 is the server's entire first flight.  Drop it.
         EXPECT_EQ(SECSuccess,
                   SSLInt_SetMTU(server_->ssl_fd(), input.len() - 1));
         return DROP;
 
-        // Packet 2 is the first part of the server's retransmitted first
-        // flight.  Keep that.
+      // Packet 2 is the first part of the server's retransmitted first
+      // flight.  Keep that.
 
       case 3:
         // Packet 3 is the second part of the server's retransmitted first
         // flight.  Before passing that on, make sure that the client processes
         // packet 2, then call the before_finished_() callback.
         client_->Handshake();
         before_finished_();
         break;
 
       default:
         break;
     }
     return KEEP;
   }
 
  private:
-  TlsAgent *client_;
-  TlsAgent *server_;
+  TlsAgent* client_;
+  TlsAgent* server_;
   VoidFunction before_finished_;
   size_t records_;
 };
 
-#ifdef NSS_ENABLE_TLS_1_3
 // This test uses an AuthCertificateCallback that blocks.  A filter is used to
 // split the server's first flight into two pieces.  Before the second piece is
 // processed by the client, SSL_AuthCertificateComplete() is called.
 TEST_F(TlsConnectDatagram13, AuthCompleteBeforeFinished) {
   client_->SetAuthCertificateCallback(
-      [](TlsAgent&, PRBool, PRBool) -> SECStatus {
-        return SECWouldBlock;
-      });
+      [](TlsAgent*, PRBool, PRBool) -> SECStatus { return SECWouldBlock; });
   server_->SetPacketFilter(new BeforeFinished13(client_, server_, [this]() {
-        EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
-      }));
+    EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+  }));
   Connect();
 }
 
-static void TriggerAuthComplete(PollTarget *target, Event event) {
+static void TriggerAuthComplete(PollTarget* target, Event event) {
   std::cerr << "client: call SSL_AuthCertificateComplete" << std::endl;
   EXPECT_EQ(TIMER_EVENT, event);
   TlsAgent* client = static_cast<TlsAgent*>(target);
   EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client->ssl_fd(), 0));
 }
 
 // This test uses a simple AuthCertificateCallback.  Due to the way that the
 // entire server flight is processed, the call to SSL_AuthCertificateComplete
 // will trigger after the Finished message is processed.
 TEST_F(TlsConnectDatagram13, AuthCompleteAfterFinished) {
   client_->SetAuthCertificateCallback(
-      [this](TlsAgent&, PRBool, PRBool) -> SECStatus {
-        Poller::Timer *timer_handle;
+      [this](TlsAgent*, PRBool, PRBool) -> SECStatus {
+        Poller::Timer* timer_handle;
         // This is really just to unroll the stack.
         Poller::Instance()->SetTimer(1U, client_, TriggerAuthComplete,
                                      &timer_handle);
         return SECWouldBlock;
       });
   Connect();
 }
-#endif
 
 TEST_P(TlsConnectGenericPre13, ClientWriteBetweenCCSAndFinishedWithFalseStart) {
   client_->EnableFalseStart();
-  server_->SetPacketFilter(new BeforeFinished(client_, server_, [this]() {
-        EXPECT_TRUE(client_->can_falsestart_hook_called());
-      }, [this]() {
+  server_->SetPacketFilter(new BeforeFinished(
+      client_, server_,
+      [this]() { EXPECT_TRUE(client_->can_falsestart_hook_called()); },
+      [this]() {
         // Write something, which used to fail: bug 1235366.
         client_->SendData(10);
       }));
 
   Connect();
   server_->SendData(10);
   Receive(10);
 }
 
 TEST_P(TlsConnectGenericPre13, AuthCompleteBeforeFinishedWithFalseStart) {
   client_->EnableFalseStart();
   client_->SetAuthCertificateCallback(
-      [](TlsAgent&, PRBool, PRBool) -> SECStatus {
-        return SECWouldBlock;
-      });
-  server_->SetPacketFilter(new BeforeFinished(client_, server_, []() {
+      [](TlsAgent*, PRBool, PRBool) -> SECStatus { return SECWouldBlock; });
+  server_->SetPacketFilter(new BeforeFinished(
+      client_, server_,
+      []() {
         // Do nothing before CCS
-      }, [this]() {
+      },
+      [this]() {
         EXPECT_FALSE(client_->can_falsestart_hook_called());
         // AuthComplete before Finished still enables false start.
-        EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+        EXPECT_EQ(SECSuccess,
+                  SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
         EXPECT_TRUE(client_->can_falsestart_hook_called());
         client_->SendData(10);
       }));
 
   Connect();
   server_->SendData(10);
   Receive(10);
 }
 
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Decrypt = {
+    ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Sign = {
+    ssl_auth_rsa_sign, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPss = {
+    ssl_auth_rsa_pss, nullptr, nullptr, nullptr};
+
+// Test RSA cert with usage=[signature, encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1SignAndKEX) {
+  Reset(TlsAgent::kServerRsa);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign, rsa_pss, or rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPss));
 }
+
+// Test RSA cert with usage=[signature].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1Sign) {
+  Reset(TlsAgent::kServerRsaSign);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_sign or rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPss));
+}
+
+// Test RSA cert with usage=[encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1KEX) {
+  Reset(TlsAgent::kServerRsaDecrypt);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_pss should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPss));
+
+  // Configuring for only rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+}
+
+// Test configuring an RSA-PSS cert.
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPss) {
+  Reset(TlsAgent::kServerRsaPss);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                       &ServerCertDataRsaPss));
+}
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
@@ -0,0 +1,214 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// Tests for Certificate Transparency (RFC 6962)
+// These don't work with TLS 1.3: see bug 1252745.
+
+// Helper class - stores signed certificate timestamps as provided
+// by the relevant callbacks on the client.
+class SignedCertificateTimestampsExtractor {
+ public:
+  SignedCertificateTimestampsExtractor(TlsAgent* client) {
+    client->SetAuthCertificateCallback(
+        [&](TlsAgent* agent, bool checksig, bool isServer) -> SECStatus {
+          const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+          EXPECT_TRUE(scts);
+          if (!scts) {
+            return SECFailure;
+          }
+          auth_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+          return SECSuccess;
+        });
+    client->SetHandshakeCallback([&](TlsAgent* agent) {
+      const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+      ASSERT_TRUE(scts);
+      handshake_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+    });
+  }
+
+  void assertTimestamps(const DataBuffer& timestamps) {
+    EXPECT_TRUE(auth_timestamps_);
+    EXPECT_EQ(timestamps, *auth_timestamps_);
+
+    EXPECT_TRUE(handshake_timestamps_);
+    EXPECT_EQ(timestamps, *handshake_timestamps_);
+  }
+
+ private:
+  std::unique_ptr<DataBuffer> auth_timestamps_;
+  std::unique_ptr<DataBuffer> handshake_timestamps_;
+};
+
+static const uint8_t kSctValue[] = {0x01, 0x23, 0x45, 0x67, 0x89};
+static const SECItem kSctItem = {siBuffer, const_cast<uint8_t*>(kSctValue),
+                                 sizeof(kSctValue)};
+static const DataBuffer kSctBuffer(kSctValue, sizeof(kSctValue));
+
+// Test timestamps extraction during a successful handshake.
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsHandshake) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+                                                    &kSctItem, ssl_kea_rsa));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+
+  timestamps_extractor.assertTimestamps(kSctBuffer);
+  const SECItem* c_timestamps = SSL_PeerSignedCertTimestamps(client_->ssl_fd());
+  EXPECT_EQ(SECEqual, SECITEM_CompareItem(&kSctItem, c_timestamps));
+}
+
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsConfig) {
+  static const SSLExtraServerCertData kExtraData = {ssl_auth_rsa_sign, nullptr,
+                                                    nullptr, &kSctItem};
+
+  EnsureTlsSetup();
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kExtraData));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+
+  timestamps_extractor.assertTimestamps(kSctBuffer);
+  const SECItem* c_timestamps = SSL_PeerSignedCertTimestamps(client_->ssl_fd());
+  EXPECT_EQ(SECEqual, SECITEM_CompareItem(&kSctItem, c_timestamps));
+}
+
+// Test SSL_PeerSignedCertTimestamps returning zero-length SECItem
+// when the client / the server / both have not enabled the feature.
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsInactiveClient) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+                                                    &kSctItem, ssl_kea_rsa));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsInactiveServer) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsInactiveBoth) {
+  EnsureTlsSetup();
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+// Check that the given agent doesn't have an OCSP response for its peer.
+static SECStatus CheckNoOCSP(TlsAgent* agent, bool checksig, bool isServer) {
+  const SECItemArray* ocsp = SSL_PeerStapledOCSPResponses(agent->ssl_fd());
+  EXPECT_TRUE(ocsp);
+  EXPECT_EQ(0U, ocsp->len);
+  return SECSuccess;
+}
+
+static const uint8_t kOcspValue1[] = {1, 2, 3, 4, 5, 6};
+static const uint8_t kOcspValue2[] = {7, 8, 9};
+static const SECItem kOcspItems[] = {
+    {siBuffer, const_cast<uint8_t*>(kOcspValue1), sizeof(kOcspValue1)},
+    {siBuffer, const_cast<uint8_t*>(kOcspValue2), sizeof(kOcspValue2)}};
+static const SECItemArray kOcspResponses = {const_cast<SECItem*>(kOcspItems),
+                                            PR_ARRAY_SIZE(kOcspItems)};
+const static SSLExtraServerCertData kOcspExtraData = {
+    ssl_auth_rsa_sign, nullptr, &kOcspResponses, nullptr};
+
+TEST_P(TlsConnectGeneric, NoOcsp) {
+  EnsureTlsSetup();
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  Connect();
+}
+
+// The client doesn't get OCSP stapling unless it asks.
+TEST_P(TlsConnectGeneric, OcspNotRequested) {
+  EnsureTlsSetup();
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+  Connect();
+}
+
+// Even if the client asks, the server has nothing unless it is configured.
+TEST_P(TlsConnectGeneric, OcspNotProvided) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, OcspMangled) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+
+  static const uint8_t val[] = {1};
+  auto replacer = new TlsExtensionReplacer(ssl_cert_status_xtn,
+                                           DataBuffer(val, sizeof(val)));
+  server_->SetPacketFilter(replacer);
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+TEST_P(TlsConnectGeneric, OcspSuccess) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  auto capture_ocsp = new TlsExtensionCapture(ssl_cert_status_xtn);
+  server_->SetPacketFilter(capture_ocsp);
+
+  // The value should be available during the AuthCertificateCallback
+  client_->SetAuthCertificateCallback([](TlsAgent* agent, bool checksig,
+                                         bool isServer) -> SECStatus {
+    const SECItemArray* ocsp = SSL_PeerStapledOCSPResponses(agent->ssl_fd());
+    if (!ocsp) {
+      return SECFailure;
+    }
+    EXPECT_EQ(1U, ocsp->len) << "We only provide the first item";
+    EXPECT_EQ(0, SECITEM_CompareItem(&kOcspItems[0], &ocsp->items[0]));
+    return SECSuccess;
+  });
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+
+  Connect();
+  // In TLS 1.3, the server doesn't provide a visible ServerHello extension.
+  // For earlier versions, the extension is just empty.
+  EXPECT_EQ(0U, capture_ocsp->extension().len());
+}
+
+}  // namespace