Bug 1305970 - land NSS 0x3e7b53b18112, r=me
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Tue, 25 Oct 2016 20:38:17 +0200
changeset 319381 43f9a388633e084c9826673563f346e87830c151
parent 319380 b943d19facc65a7d74adcd9202055e2d1bd1cdbc
child 319382 2a18e840e4b8ac08fffe201e678a98eb45e9f8b1
push id83150
push userfranziskuskiefer@gmail.com
push dateTue, 25 Oct 2016 19:08:37 +0000
treeherdermozilla-inbound@43f9a388633e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1305970
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1305970 - land NSS 0x3e7b53b18112, r=me
security/nss/TAG-INFO
security/nss/automation/taskcluster/graph/npm-shrinkwrap.json
security/nss/automation/taskcluster/graph/src/extend.js
security/nss/automation/taskcluster/graph/src/try_syntax.js
security/nss/automation/taskcluster/scripts/build_gyp.sh
security/nss/automation/taskcluster/scripts/run_scan_build.sh
security/nss/build.sh
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/bltest/tests/ecdsa/README
security/nss/cmd/bltest/tests/ecdsa/key0
security/nss/cmd/bltest/tests/ecdsa/key1
security/nss/cmd/bltest/tests/ecdsa/key10
security/nss/cmd/bltest/tests/ecdsa/key11
security/nss/cmd/bltest/tests/ecdsa/key12
security/nss/cmd/bltest/tests/ecdsa/key13
security/nss/cmd/bltest/tests/ecdsa/key14
security/nss/cmd/bltest/tests/ecdsa/key15
security/nss/cmd/bltest/tests/ecdsa/key16
security/nss/cmd/bltest/tests/ecdsa/key17
security/nss/cmd/bltest/tests/ecdsa/key18
security/nss/cmd/bltest/tests/ecdsa/key19
security/nss/cmd/bltest/tests/ecdsa/key2
security/nss/cmd/bltest/tests/ecdsa/key20
security/nss/cmd/bltest/tests/ecdsa/key3
security/nss/cmd/bltest/tests/ecdsa/key4
security/nss/cmd/bltest/tests/ecdsa/key5
security/nss/cmd/bltest/tests/ecdsa/key6
security/nss/cmd/bltest/tests/ecdsa/key7
security/nss/cmd/bltest/tests/ecdsa/key8
security/nss/cmd/bltest/tests/ecdsa/key9
security/nss/cmd/certutil/certutil.c
security/nss/cmd/certutil/keystuff.c
security/nss/cmd/ecperf/ecperf.c
security/nss/cmd/lib/basicutil.c
security/nss/cmd/lib/basicutil.h
security/nss/cmd/lib/exports.gyp
security/nss/cmd/lib/lib.gyp
security/nss/cmd/modutil/modutil.gyp
security/nss/cmd/selfserv/selfserv.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/coreconf/config.gypi
security/nss/coreconf/config.mk
security/nss/coreconf/coreconf.dep
security/nss/coreconf/nspr_include_dir.py
security/nss/coreconf/nspr_lib_dir.py
security/nss/coreconf/pkg_config.py
security/nss/coreconf/sanitizers.mk
security/nss/coreconf/shlibsign.py
security/nss/coreconf/werror.py
security/nss/doc/certutil.xml
security/nss/doc/html/certutil.html
security/nss/doc/nroff/certutil.1
security/nss/exports.gyp
security/nss/external_tests/nss_bogo_shim/config.json
security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_gtest.gyp
security/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
security/nss/external_tests/ssl_gtest/tls_agent.cc
security/nss/external_tests/ssl_gtest/tls_agent.h
security/nss/external_tests/ssl_gtest/tls_connect.cc
security/nss/external_tests/ssl_gtest/tls_connect.h
security/nss/external_tests/ssl_gtest/tls_parser.h
security/nss/lib/base/exports.gyp
security/nss/lib/base/list.c
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/certt.h
security/nss/lib/certdb/crl.c
security/nss/lib/certdb/exports.gyp
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/secname.c
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/certhigh/certhigh.c
security/nss/lib/certhigh/exports.gyp
security/nss/lib/certhigh/ocsp.c
security/nss/lib/ckfw/builtins/exports.gyp
security/nss/lib/ckfw/exports.gyp
security/nss/lib/crmf/exports.gyp
security/nss/lib/cryptohi/exports.gyp
security/nss/lib/dbm/include/exports.gyp
security/nss/lib/dev/exports.gyp
security/nss/lib/freebl/blapit.h
security/nss/lib/freebl/ecdecode.c
security/nss/lib/freebl/ecl/README
security/nss/lib/freebl/ecl/README.FP
security/nss/lib/freebl/ecl/ec2.h
security/nss/lib/freebl/ecl/ec2_163.c
security/nss/lib/freebl/ecl/ec2_193.c
security/nss/lib/freebl/ecl/ec2_233.c
security/nss/lib/freebl/ecl/ec2_aff.c
security/nss/lib/freebl/ecl/ec2_mont.c
security/nss/lib/freebl/ecl/ec2_proj.c
security/nss/lib/freebl/ecl/ecl-curve.h
security/nss/lib/freebl/ecl/ecl-exp.h
security/nss/lib/freebl/ecl/ecl-priv.h
security/nss/lib/freebl/ecl/ecl.c
security/nss/lib/freebl/ecl/ecl_gf.c
security/nss/lib/freebl/ecl/ecp_192.c
security/nss/lib/freebl/ecl/ecp_224.c
security/nss/lib/freebl/ecl/ecp_fp.c
security/nss/lib/freebl/ecl/ecp_fp.h
security/nss/lib/freebl/ecl/ecp_fp160.c
security/nss/lib/freebl/ecl/ecp_fp192.c
security/nss/lib/freebl/ecl/ecp_fp224.c
security/nss/lib/freebl/ecl/ecp_fpinc.c
security/nss/lib/freebl/ecl/tests/ec2_test.c
security/nss/lib/freebl/ecl/tests/ecp_fpt.c
security/nss/lib/freebl/exports.gyp
security/nss/lib/freebl/fipsfreebl.c
security/nss/lib/freebl/freebl.gyp
security/nss/lib/freebl/manifest.mn
security/nss/lib/jar/exports.gyp
security/nss/lib/libpkix/include/exports.gyp
security/nss/lib/libpkix/pkix/certsel/exports.gyp
security/nss/lib/libpkix/pkix/checker/exports.gyp
security/nss/lib/libpkix/pkix/crlsel/exports.gyp
security/nss/lib/libpkix/pkix/params/exports.gyp
security/nss/lib/libpkix/pkix/results/exports.gyp
security/nss/lib/libpkix/pkix/store/exports.gyp
security/nss/lib/libpkix/pkix/top/exports.gyp
security/nss/lib/libpkix/pkix/util/exports.gyp
security/nss/lib/libpkix/pkix_pl_nss/module/exports.gyp
security/nss/lib/libpkix/pkix_pl_nss/pki/exports.gyp
security/nss/lib/libpkix/pkix_pl_nss/system/exports.gyp
security/nss/lib/nss/exports.gyp
security/nss/lib/pk11wrap/exports.gyp
security/nss/lib/pkcs12/exports.gyp
security/nss/lib/pkcs7/exports.gyp
security/nss/lib/pki/exports.gyp
security/nss/lib/smime/exports.gyp
security/nss/lib/softoken/exports.gyp
security/nss/lib/softoken/softkver.h
security/nss/lib/sqlite/exports.gyp
security/nss/lib/ssl/exports.gyp
security/nss/lib/ssl/ssl.def
security/nss/lib/ssl/ssl.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3ecc.c
security/nss/lib/ssl/sslsock.c
security/nss/lib/ssl/tls13con.c
security/nss/lib/util/exports.gyp
security/nss/lib/util/secoid.c
security/nss/lib/zlib/exports.gyp
security/nss/nss.gyp
security/nss/test.sh
security/nss/tests/all.sh
security/nss/tests/bogo/bogo.sh
security/nss/tests/cert/cert.sh
security/nss/tests/remote/Makefile
security/nss/tests/ssl_gtests/ssl_gtests.sh
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-0c845c900217
+3e7b53b18112
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/npm-shrinkwrap.json
@@ -0,0 +1,1643 @@
+{
+  "name": "decision-task",
+  "version": "0.0.1",
+  "dependencies": {
+    "amqplib": {
+      "version": "0.4.2",
+      "from": "amqplib@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.2.tgz",
+      "dependencies": {
+        "isarray": {
+          "version": "0.0.1",
+          "from": "isarray@0.0.1",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"
+        },
+        "readable-stream": {
+          "version": "1.1.14",
+          "from": "readable-stream@>=1.0.0 <2.0.0 >=1.1.9",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz"
+        }
+      }
+    },
+    "ansi-regex": {
+      "version": "2.0.0",
+      "from": "ansi-regex@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz"
+    },
+    "ansi-styles": {
+      "version": "2.2.1",
+      "from": "ansi-styles@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz"
+    },
+    "anymatch": {
+      "version": "1.3.0",
+      "from": "anymatch@>=1.3.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-1.3.0.tgz"
+    },
+    "argparse": {
+      "version": "1.0.9",
+      "from": "argparse@>=1.0.7 <2.0.0",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.9.tgz"
+    },
+    "arr-diff": {
+      "version": "2.0.0",
+      "from": "arr-diff@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-2.0.0.tgz"
+    },
+    "arr-flatten": {
+      "version": "1.0.1",
+      "from": "arr-flatten@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.0.1.tgz"
+    },
+    "array-find-index": {
+      "version": "1.0.2",
+      "from": "array-find-index@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz"
+    },
+    "array-uniq": {
+      "version": "1.0.3",
+      "from": "array-uniq@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz"
+    },
+    "array-unique": {
+      "version": "0.2.1",
+      "from": "array-unique@>=0.2.1 <0.3.0",
+      "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz"
+    },
+    "arrify": {
+      "version": "1.0.1",
+      "from": "arrify@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz"
+    },
+    "asap": {
+      "version": "1.0.0",
+      "from": "asap@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/asap/-/asap-1.0.0.tgz"
+    },
+    "asn1": {
+      "version": "0.2.3",
+      "from": "asn1@>=0.2.3 <0.3.0",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz"
+    },
+    "assert-plus": {
+      "version": "0.2.0",
+      "from": "assert-plus@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.2.0.tgz"
+    },
+    "async": {
+      "version": "2.1.1",
+      "from": "async@*",
+      "resolved": "https://registry.npmjs.org/async/-/async-2.1.1.tgz"
+    },
+    "async-each": {
+      "version": "1.0.1",
+      "from": "async-each@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz"
+    },
+    "asynckit": {
+      "version": "0.4.0",
+      "from": "asynckit@>=0.4.0 <0.5.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"
+    },
+    "aws-sign2": {
+      "version": "0.6.0",
+      "from": "aws-sign2@>=0.6.0 <0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.6.0.tgz"
+    },
+    "aws4": {
+      "version": "1.5.0",
+      "from": "aws4@>=1.2.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.5.0.tgz"
+    },
+    "babel-cli": {
+      "version": "6.16.0",
+      "from": "babel-cli@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-cli/-/babel-cli-6.16.0.tgz"
+    },
+    "babel-code-frame": {
+      "version": "6.16.0",
+      "from": "babel-code-frame@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.16.0.tgz"
+    },
+    "babel-compile": {
+      "version": "2.0.0",
+      "from": "babel-compile@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/babel-compile/-/babel-compile-2.0.0.tgz"
+    },
+    "babel-core": {
+      "version": "6.17.0",
+      "from": "babel-core@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-core/-/babel-core-6.17.0.tgz"
+    },
+    "babel-generator": {
+      "version": "6.17.0",
+      "from": "babel-generator@>=6.17.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-generator/-/babel-generator-6.17.0.tgz"
+    },
+    "babel-helper-call-delegate": {
+      "version": "6.8.0",
+      "from": "babel-helper-call-delegate@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-call-delegate/-/babel-helper-call-delegate-6.8.0.tgz"
+    },
+    "babel-helper-define-map": {
+      "version": "6.9.0",
+      "from": "babel-helper-define-map@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-define-map/-/babel-helper-define-map-6.9.0.tgz"
+    },
+    "babel-helper-function-name": {
+      "version": "6.8.0",
+      "from": "babel-helper-function-name@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-function-name/-/babel-helper-function-name-6.8.0.tgz"
+    },
+    "babel-helper-get-function-arity": {
+      "version": "6.8.0",
+      "from": "babel-helper-get-function-arity@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-get-function-arity/-/babel-helper-get-function-arity-6.8.0.tgz"
+    },
+    "babel-helper-hoist-variables": {
+      "version": "6.8.0",
+      "from": "babel-helper-hoist-variables@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-hoist-variables/-/babel-helper-hoist-variables-6.8.0.tgz"
+    },
+    "babel-helper-optimise-call-expression": {
+      "version": "6.8.0",
+      "from": "babel-helper-optimise-call-expression@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-optimise-call-expression/-/babel-helper-optimise-call-expression-6.8.0.tgz"
+    },
+    "babel-helper-regex": {
+      "version": "6.9.0",
+      "from": "babel-helper-regex@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-regex/-/babel-helper-regex-6.9.0.tgz"
+    },
+    "babel-helper-remap-async-to-generator": {
+      "version": "6.16.2",
+      "from": "babel-helper-remap-async-to-generator@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-remap-async-to-generator/-/babel-helper-remap-async-to-generator-6.16.2.tgz"
+    },
+    "babel-helper-replace-supers": {
+      "version": "6.16.0",
+      "from": "babel-helper-replace-supers@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-replace-supers/-/babel-helper-replace-supers-6.16.0.tgz"
+    },
+    "babel-helpers": {
+      "version": "6.16.0",
+      "from": "babel-helpers@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helpers/-/babel-helpers-6.16.0.tgz"
+    },
+    "babel-messages": {
+      "version": "6.8.0",
+      "from": "babel-messages@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-messages/-/babel-messages-6.8.0.tgz"
+    },
+    "babel-plugin-check-es2015-constants": {
+      "version": "6.8.0",
+      "from": "babel-plugin-check-es2015-constants@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-check-es2015-constants/-/babel-plugin-check-es2015-constants-6.8.0.tgz"
+    },
+    "babel-plugin-syntax-async-functions": {
+      "version": "6.13.0",
+      "from": "babel-plugin-syntax-async-functions@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz"
+    },
+    "babel-plugin-transform-async-to-generator": {
+      "version": "6.16.0",
+      "from": "babel-plugin-transform-async-to-generator@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-async-to-generator/-/babel-plugin-transform-async-to-generator-6.16.0.tgz"
+    },
+    "babel-plugin-transform-es2015-arrow-functions": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-arrow-functions@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-arrow-functions/-/babel-plugin-transform-es2015-arrow-functions-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-block-scoped-functions": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-block-scoped-functions@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-block-scoped-functions/-/babel-plugin-transform-es2015-block-scoped-functions-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-block-scoping": {
+      "version": "6.15.0",
+      "from": "babel-plugin-transform-es2015-block-scoping@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-block-scoping/-/babel-plugin-transform-es2015-block-scoping-6.15.0.tgz"
+    },
+    "babel-plugin-transform-es2015-classes": {
+      "version": "6.14.0",
+      "from": "babel-plugin-transform-es2015-classes@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-classes/-/babel-plugin-transform-es2015-classes-6.14.0.tgz"
+    },
+    "babel-plugin-transform-es2015-computed-properties": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-computed-properties@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-computed-properties/-/babel-plugin-transform-es2015-computed-properties-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-destructuring": {
+      "version": "6.16.0",
+      "from": "babel-plugin-transform-es2015-destructuring@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-destructuring/-/babel-plugin-transform-es2015-destructuring-6.16.0.tgz"
+    },
+    "babel-plugin-transform-es2015-duplicate-keys": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-duplicate-keys@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-duplicate-keys/-/babel-plugin-transform-es2015-duplicate-keys-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-for-of": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-for-of@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-for-of/-/babel-plugin-transform-es2015-for-of-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-function-name": {
+      "version": "6.9.0",
+      "from": "babel-plugin-transform-es2015-function-name@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-function-name/-/babel-plugin-transform-es2015-function-name-6.9.0.tgz"
+    },
+    "babel-plugin-transform-es2015-literals": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-literals@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-literals/-/babel-plugin-transform-es2015-literals-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-amd": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-modules-amd@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-amd/-/babel-plugin-transform-es2015-modules-amd-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-commonjs": {
+      "version": "6.16.0",
+      "from": "babel-plugin-transform-es2015-modules-commonjs@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-commonjs/-/babel-plugin-transform-es2015-modules-commonjs-6.16.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-systemjs": {
+      "version": "6.14.0",
+      "from": "babel-plugin-transform-es2015-modules-systemjs@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-systemjs/-/babel-plugin-transform-es2015-modules-systemjs-6.14.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-umd": {
+      "version": "6.12.0",
+      "from": "babel-plugin-transform-es2015-modules-umd@>=6.12.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-umd/-/babel-plugin-transform-es2015-modules-umd-6.12.0.tgz"
+    },
+    "babel-plugin-transform-es2015-object-super": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-object-super@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-object-super/-/babel-plugin-transform-es2015-object-super-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-parameters": {
+      "version": "6.17.0",
+      "from": "babel-plugin-transform-es2015-parameters@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-parameters/-/babel-plugin-transform-es2015-parameters-6.17.0.tgz"
+    },
+    "babel-plugin-transform-es2015-shorthand-properties": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-shorthand-properties@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-shorthand-properties/-/babel-plugin-transform-es2015-shorthand-properties-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-spread": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-spread@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-spread/-/babel-plugin-transform-es2015-spread-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-sticky-regex": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-sticky-regex@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-sticky-regex/-/babel-plugin-transform-es2015-sticky-regex-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-template-literals": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-template-literals@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-template-literals/-/babel-plugin-transform-es2015-template-literals-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-typeof-symbol": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-typeof-symbol@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-typeof-symbol/-/babel-plugin-transform-es2015-typeof-symbol-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-unicode-regex": {
+      "version": "6.11.0",
+      "from": "babel-plugin-transform-es2015-unicode-regex@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-unicode-regex/-/babel-plugin-transform-es2015-unicode-regex-6.11.0.tgz"
+    },
+    "babel-plugin-transform-regenerator": {
+      "version": "6.16.1",
+      "from": "babel-plugin-transform-regenerator@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-regenerator/-/babel-plugin-transform-regenerator-6.16.1.tgz"
+    },
+    "babel-plugin-transform-runtime": {
+      "version": "6.15.0",
+      "from": "babel-plugin-transform-runtime@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-runtime/-/babel-plugin-transform-runtime-6.15.0.tgz"
+    },
+    "babel-plugin-transform-strict-mode": {
+      "version": "6.11.3",
+      "from": "babel-plugin-transform-strict-mode@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-strict-mode/-/babel-plugin-transform-strict-mode-6.11.3.tgz"
+    },
+    "babel-polyfill": {
+      "version": "6.16.0",
+      "from": "babel-polyfill@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-polyfill/-/babel-polyfill-6.16.0.tgz"
+    },
+    "babel-preset-es2015": {
+      "version": "6.16.0",
+      "from": "babel-preset-es2015@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-preset-es2015/-/babel-preset-es2015-6.16.0.tgz"
+    },
+    "babel-preset-taskcluster": {
+      "version": "3.0.0",
+      "from": "babel-preset-taskcluster@>=3.0.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/babel-preset-taskcluster/-/babel-preset-taskcluster-3.0.0.tgz"
+    },
+    "babel-register": {
+      "version": "6.16.3",
+      "from": "babel-register@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-register/-/babel-register-6.16.3.tgz"
+    },
+    "babel-runtime": {
+      "version": "6.11.6",
+      "from": "babel-runtime@>=6.11.6 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.11.6.tgz"
+    },
+    "babel-template": {
+      "version": "6.16.0",
+      "from": "babel-template@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-template/-/babel-template-6.16.0.tgz"
+    },
+    "babel-traverse": {
+      "version": "6.16.0",
+      "from": "babel-traverse@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-traverse/-/babel-traverse-6.16.0.tgz"
+    },
+    "babel-types": {
+      "version": "6.16.0",
+      "from": "babel-types@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-types/-/babel-types-6.16.0.tgz"
+    },
+    "babylon": {
+      "version": "6.11.6",
+      "from": "babylon@>=6.11.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babylon/-/babylon-6.11.6.tgz"
+    },
+    "balanced-match": {
+      "version": "0.4.2",
+      "from": "balanced-match@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-0.4.2.tgz"
+    },
+    "bcrypt-pbkdf": {
+      "version": "1.0.0",
+      "from": "bcrypt-pbkdf@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.0.tgz"
+    },
+    "bin-version": {
+      "version": "1.0.4",
+      "from": "bin-version@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/bin-version/-/bin-version-1.0.4.tgz"
+    },
+    "bin-version-check": {
+      "version": "2.1.0",
+      "from": "bin-version-check@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/bin-version-check/-/bin-version-check-2.1.0.tgz"
+    },
+    "binary-extensions": {
+      "version": "1.7.0",
+      "from": "binary-extensions@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.7.0.tgz"
+    },
+    "bitsyntax": {
+      "version": "0.0.4",
+      "from": "bitsyntax@>=0.0.4 <0.1.0",
+      "resolved": "https://registry.npmjs.org/bitsyntax/-/bitsyntax-0.0.4.tgz"
+    },
+    "bl": {
+      "version": "1.1.2",
+      "from": "bl@>=1.1.2 <1.2.0",
+      "resolved": "https://registry.npmjs.org/bl/-/bl-1.1.2.tgz",
+      "dependencies": {
+        "readable-stream": {
+          "version": "2.0.6",
+          "from": "readable-stream@>=2.0.5 <2.1.0",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz"
+        }
+      }
+    },
+    "boom": {
+      "version": "2.10.1",
+      "from": "boom@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz"
+    },
+    "brace-expansion": {
+      "version": "1.1.6",
+      "from": "brace-expansion@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz"
+    },
+    "braces": {
+      "version": "1.8.5",
+      "from": "braces@>=1.8.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-1.8.5.tgz"
+    },
+    "buffer-more-ints": {
+      "version": "0.0.2",
+      "from": "buffer-more-ints@0.0.2",
+      "resolved": "https://registry.npmjs.org/buffer-more-ints/-/buffer-more-ints-0.0.2.tgz"
+    },
+    "buffer-shims": {
+      "version": "1.0.0",
+      "from": "buffer-shims@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/buffer-shims/-/buffer-shims-1.0.0.tgz"
+    },
+    "builtin-modules": {
+      "version": "1.1.1",
+      "from": "builtin-modules@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz"
+    },
+    "camelcase": {
+      "version": "2.1.1",
+      "from": "camelcase@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz"
+    },
+    "camelcase-keys": {
+      "version": "2.1.0",
+      "from": "camelcase-keys@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-2.1.0.tgz"
+    },
+    "caseless": {
+      "version": "0.11.0",
+      "from": "caseless@>=0.11.0 <0.12.0",
+      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.11.0.tgz"
+    },
+    "chalk": {
+      "version": "1.1.1",
+      "from": "chalk@1.1.1",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.1.tgz"
+    },
+    "chokidar": {
+      "version": "1.6.0",
+      "from": "chokidar@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-1.6.0.tgz"
+    },
+    "combined-stream": {
+      "version": "1.0.5",
+      "from": "combined-stream@>=1.0.5 <1.1.0",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.5.tgz"
+    },
+    "commander": {
+      "version": "2.9.0",
+      "from": "commander@>=2.8.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.9.0.tgz"
+    },
+    "component-emitter": {
+      "version": "1.2.1",
+      "from": "component-emitter@>=1.2.0 <1.3.0",
+      "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.2.1.tgz"
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "from": "concat-map@0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz"
+    },
+    "convert-source-map": {
+      "version": "1.3.0",
+      "from": "convert-source-map@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.3.0.tgz"
+    },
+    "cookiejar": {
+      "version": "2.0.6",
+      "from": "cookiejar@2.0.6",
+      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.0.6.tgz"
+    },
+    "core-js": {
+      "version": "2.4.1",
+      "from": "core-js@>=2.4.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.4.1.tgz"
+    },
+    "core-util-is": {
+      "version": "1.0.2",
+      "from": "core-util-is@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"
+    },
+    "cryptiles": {
+      "version": "2.0.5",
+      "from": "cryptiles@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz"
+    },
+    "currently-unhandled": {
+      "version": "0.4.1",
+      "from": "currently-unhandled@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/currently-unhandled/-/currently-unhandled-0.4.1.tgz"
+    },
+    "dashdash": {
+      "version": "1.14.0",
+      "from": "dashdash@>=1.12.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.0.tgz",
+      "dependencies": {
+        "assert-plus": {
+          "version": "1.0.0",
+          "from": "assert-plus@>=1.0.0 <2.0.0",
+          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"
+        }
+      }
+    },
+    "debug": {
+      "version": "2.2.0",
+      "from": "debug@>=2.1.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz"
+    },
+    "decamelize": {
+      "version": "1.2.0",
+      "from": "decamelize@>=1.1.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz"
+    },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "from": "delayed-stream@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"
+    },
+    "detect-indent": {
+      "version": "3.0.1",
+      "from": "detect-indent@>=3.0.1 <4.0.0",
+      "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-3.0.1.tgz"
+    },
+    "ecc-jsbn": {
+      "version": "0.1.1",
+      "from": "ecc-jsbn@>=0.1.1 <0.2.0",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz"
+    },
+    "error-ex": {
+      "version": "1.3.0",
+      "from": "error-ex@>=1.2.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.0.tgz"
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "from": "escape-string-regexp@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz"
+    },
+    "esprima": {
+      "version": "2.7.3",
+      "from": "esprima@>=2.6.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-2.7.3.tgz"
+    },
+    "esutils": {
+      "version": "2.0.2",
+      "from": "esutils@>=2.0.2 <3.0.0",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz"
+    },
+    "eventsource": {
+      "version": "0.1.6",
+      "from": "eventsource@>=0.1.6 <0.2.0",
+      "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-0.1.6.tgz"
+    },
+    "expand-brackets": {
+      "version": "0.1.5",
+      "from": "expand-brackets@>=0.1.4 <0.2.0",
+      "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-0.1.5.tgz"
+    },
+    "expand-range": {
+      "version": "1.8.2",
+      "from": "expand-range@>=1.8.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/expand-range/-/expand-range-1.8.2.tgz"
+    },
+    "extend": {
+      "version": "3.0.0",
+      "from": "extend@>=3.0.0 <3.1.0",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.0.tgz"
+    },
+    "extglob": {
+      "version": "0.3.2",
+      "from": "extglob@>=0.3.1 <0.4.0",
+      "resolved": "https://registry.npmjs.org/extglob/-/extglob-0.3.2.tgz"
+    },
+    "extsprintf": {
+      "version": "1.0.2",
+      "from": "extsprintf@1.0.2",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.0.2.tgz"
+    },
+    "faye-websocket": {
+      "version": "0.11.0",
+      "from": "faye-websocket@>=0.11.0 <0.12.0",
+      "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.0.tgz"
+    },
+    "filename-regex": {
+      "version": "2.0.0",
+      "from": "filename-regex@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/filename-regex/-/filename-regex-2.0.0.tgz"
+    },
+    "fill-range": {
+      "version": "2.2.3",
+      "from": "fill-range@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-2.2.3.tgz"
+    },
+    "find-up": {
+      "version": "1.1.2",
+      "from": "find-up@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz",
+      "dependencies": {
+        "path-exists": {
+          "version": "2.1.0",
+          "from": "path-exists@>=2.0.0 <3.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz"
+        }
+      }
+    },
+    "find-versions": {
+      "version": "1.2.1",
+      "from": "find-versions@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/find-versions/-/find-versions-1.2.1.tgz"
+    },
+    "flatmap": {
+      "version": "0.0.3",
+      "from": "flatmap@0.0.3",
+      "resolved": "https://registry.npmjs.org/flatmap/-/flatmap-0.0.3.tgz"
+    },
+    "for-in": {
+      "version": "0.1.6",
+      "from": "for-in@>=0.1.5 <0.2.0",
+      "resolved": "https://registry.npmjs.org/for-in/-/for-in-0.1.6.tgz"
+    },
+    "for-own": {
+      "version": "0.1.4",
+      "from": "for-own@>=0.1.3 <0.2.0",
+      "resolved": "https://registry.npmjs.org/for-own/-/for-own-0.1.4.tgz"
+    },
+    "forever-agent": {
+      "version": "0.6.1",
+      "from": "forever-agent@>=0.6.1 <0.7.0",
+      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"
+    },
+    "form-data": {
+      "version": "2.0.0",
+      "from": "form-data@>=2.0.0 <2.1.0",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.0.0.tgz"
+    },
+    "formidable": {
+      "version": "1.0.17",
+      "from": "formidable@>=1.0.14 <1.1.0",
+      "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz"
+    },
+    "fs-readdir-recursive": {
+      "version": "0.1.2",
+      "from": "fs-readdir-recursive@>=0.1.0 <0.2.0",
+      "resolved": "https://registry.npmjs.org/fs-readdir-recursive/-/fs-readdir-recursive-0.1.2.tgz"
+    },
+    "fs-walk": {
+      "version": "0.0.1",
+      "from": "fs-walk@0.0.1",
+      "resolved": "https://registry.npmjs.org/fs-walk/-/fs-walk-0.0.1.tgz"
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "from": "fs.realpath@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"
+    },
+    "generate-function": {
+      "version": "2.0.0",
+      "from": "generate-function@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/generate-function/-/generate-function-2.0.0.tgz"
+    },
+    "generate-object-property": {
+      "version": "1.2.0",
+      "from": "generate-object-property@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/generate-object-property/-/generate-object-property-1.2.0.tgz"
+    },
+    "get-stdin": {
+      "version": "4.0.1",
+      "from": "get-stdin@>=4.0.1 <5.0.0",
+      "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz"
+    },
+    "getpass": {
+      "version": "0.1.6",
+      "from": "getpass@>=0.1.1 <0.2.0",
+      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.6.tgz",
+      "dependencies": {
+        "assert-plus": {
+          "version": "1.0.0",
+          "from": "assert-plus@>=1.0.0 <2.0.0",
+          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"
+        }
+      }
+    },
+    "glob": {
+      "version": "5.0.15",
+      "from": "glob@>=5.0.5 <6.0.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz"
+    },
+    "glob-base": {
+      "version": "0.3.0",
+      "from": "glob-base@>=0.3.0 <0.4.0",
+      "resolved": "https://registry.npmjs.org/glob-base/-/glob-base-0.3.0.tgz"
+    },
+    "glob-parent": {
+      "version": "2.0.0",
+      "from": "glob-parent@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz"
+    },
+    "globals": {
+      "version": "8.18.0",
+      "from": "globals@>=8.3.0 <9.0.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-8.18.0.tgz"
+    },
+    "graceful-fs": {
+      "version": "4.1.9",
+      "from": "graceful-fs@>=4.1.2 <5.0.0",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.9.tgz"
+    },
+    "graceful-readlink": {
+      "version": "1.0.1",
+      "from": "graceful-readlink@>=1.0.0",
+      "resolved": "https://registry.npmjs.org/graceful-readlink/-/graceful-readlink-1.0.1.tgz"
+    },
+    "har-validator": {
+      "version": "2.0.6",
+      "from": "har-validator@>=2.0.6 <2.1.0",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-2.0.6.tgz"
+    },
+    "has-ansi": {
+      "version": "2.0.0",
+      "from": "has-ansi@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz"
+    },
+    "hawk": {
+      "version": "3.1.3",
+      "from": "hawk@>=3.1.3 <3.2.0",
+      "resolved": "https://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz"
+    },
+    "hoek": {
+      "version": "2.16.3",
+      "from": "hoek@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz"
+    },
+    "home-or-tmp": {
+      "version": "1.0.0",
+      "from": "home-or-tmp@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/home-or-tmp/-/home-or-tmp-1.0.0.tgz"
+    },
+    "hosted-git-info": {
+      "version": "2.1.5",
+      "from": "hosted-git-info@>=2.1.4 <3.0.0",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.1.5.tgz"
+    },
+    "http-signature": {
+      "version": "1.1.1",
+      "from": "http-signature@>=1.1.0 <1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.1.1.tgz"
+    },
+    "indent-string": {
+      "version": "2.1.0",
+      "from": "indent-string@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-2.1.0.tgz",
+      "dependencies": {
+        "repeating": {
+          "version": "2.0.1",
+          "from": "repeating@>=2.0.0 <3.0.0",
+          "resolved": "https://registry.npmjs.org/repeating/-/repeating-2.0.1.tgz"
+        }
+      }
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "from": "inflight@>=1.0.4 <2.0.0",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz"
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "from": "inherits@>=2.0.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz"
+    },
+    "intersect": {
+      "version": "1.0.1",
+      "from": "intersect@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/intersect/-/intersect-1.0.1.tgz"
+    },
+    "invariant": {
+      "version": "2.2.1",
+      "from": "invariant@>=2.2.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.1.tgz"
+    },
+    "is-arrayish": {
+      "version": "0.2.1",
+      "from": "is-arrayish@>=0.2.1 <0.3.0",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz"
+    },
+    "is-binary-path": {
+      "version": "1.0.1",
+      "from": "is-binary-path@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-1.0.1.tgz"
+    },
+    "is-buffer": {
+      "version": "1.1.4",
+      "from": "is-buffer@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.4.tgz"
+    },
+    "is-builtin-module": {
+      "version": "1.0.0",
+      "from": "is-builtin-module@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz"
+    },
+    "is-dotfile": {
+      "version": "1.0.2",
+      "from": "is-dotfile@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-dotfile/-/is-dotfile-1.0.2.tgz"
+    },
+    "is-equal-shallow": {
+      "version": "0.1.3",
+      "from": "is-equal-shallow@>=0.1.3 <0.2.0",
+      "resolved": "https://registry.npmjs.org/is-equal-shallow/-/is-equal-shallow-0.1.3.tgz"
+    },
+    "is-extendable": {
+      "version": "0.1.1",
+      "from": "is-extendable@>=0.1.1 <0.2.0",
+      "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz"
+    },
+    "is-extglob": {
+      "version": "1.0.0",
+      "from": "is-extglob@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-1.0.0.tgz"
+    },
+    "is-finite": {
+      "version": "1.0.2",
+      "from": "is-finite@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-finite/-/is-finite-1.0.2.tgz"
+    },
+    "is-glob": {
+      "version": "2.0.1",
+      "from": "is-glob@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-2.0.1.tgz"
+    },
+    "is-my-json-valid": {
+      "version": "2.15.0",
+      "from": "is-my-json-valid@>=2.12.4 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.15.0.tgz"
+    },
+    "is-number": {
+      "version": "2.1.0",
+      "from": "is-number@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz"
+    },
+    "is-posix-bracket": {
+      "version": "0.1.1",
+      "from": "is-posix-bracket@>=0.1.0 <0.2.0",
+      "resolved": "https://registry.npmjs.org/is-posix-bracket/-/is-posix-bracket-0.1.1.tgz"
+    },
+    "is-primitive": {
+      "version": "2.0.0",
+      "from": "is-primitive@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-primitive/-/is-primitive-2.0.0.tgz"
+    },
+    "is-property": {
+      "version": "1.0.2",
+      "from": "is-property@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz"
+    },
+    "is-typedarray": {
+      "version": "1.0.0",
+      "from": "is-typedarray@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz"
+    },
+    "is-utf8": {
+      "version": "0.2.1",
+      "from": "is-utf8@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz"
+    },
+    "isarray": {
+      "version": "1.0.0",
+      "from": "isarray@1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz"
+    },
+    "isobject": {
+      "version": "2.1.0",
+      "from": "isobject@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz"
+    },
+    "isstream": {
+      "version": "0.1.2",
+      "from": "isstream@>=0.1.2 <0.2.0",
+      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"
+    },
+    "jodid25519": {
+      "version": "1.0.2",
+      "from": "jodid25519@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/jodid25519/-/jodid25519-1.0.2.tgz"
+    },
+    "js-tokens": {
+      "version": "2.0.0",
+      "from": "js-tokens@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-2.0.0.tgz"
+    },
+    "js-yaml": {
+      "version": "3.6.1",
+      "from": "js-yaml@>=3.6.1 <4.0.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.6.1.tgz"
+    },
+    "jsbn": {
+      "version": "0.1.0",
+      "from": "jsbn@>=0.1.0 <0.2.0",
+      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.0.tgz"
+    },
+    "jsesc": {
+      "version": "1.3.0",
+      "from": "jsesc@>=1.3.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-1.3.0.tgz"
+    },
+    "json-schema": {
+      "version": "0.2.3",
+      "from": "json-schema@0.2.3",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"
+    },
+    "json-stringify-safe": {
+      "version": "5.0.1",
+      "from": "json-stringify-safe@>=5.0.1 <5.1.0",
+      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"
+    },
+    "json3": {
+      "version": "3.3.2",
+      "from": "json3@>=3.3.2 <4.0.0",
+      "resolved": "https://registry.npmjs.org/json3/-/json3-3.3.2.tgz"
+    },
+    "json5": {
+      "version": "0.4.0",
+      "from": "json5@>=0.4.0 <0.5.0",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-0.4.0.tgz"
+    },
+    "jsonpointer": {
+      "version": "4.0.0",
+      "from": "jsonpointer@>=4.0.0 <5.0.0",
+      "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.0.0.tgz"
+    },
+    "jsprim": {
+      "version": "1.3.1",
+      "from": "jsprim@>=1.2.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.3.1.tgz"
+    },
+    "kind-of": {
+      "version": "3.0.4",
+      "from": "kind-of@>=3.0.2 <4.0.0",
+      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.0.4.tgz"
+    },
+    "load-json-file": {
+      "version": "1.1.0",
+      "from": "load-json-file@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz"
+    },
+    "lodash": {
+      "version": "4.16.4",
+      "from": "lodash@>=4.2.0 <5.0.0",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.16.4.tgz"
+    },
+    "log-symbols": {
+      "version": "1.0.2",
+      "from": "log-symbols@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz"
+    },
+    "loose-envify": {
+      "version": "1.2.0",
+      "from": "loose-envify@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.2.0.tgz",
+      "dependencies": {
+        "js-tokens": {
+          "version": "1.0.3",
+          "from": "js-tokens@>=1.0.1 <2.0.0",
+          "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-1.0.3.tgz"
+        }
+      }
+    },
+    "loud-rejection": {
+      "version": "1.6.0",
+      "from": "loud-rejection@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.6.0.tgz"
+    },
+    "map-obj": {
+      "version": "1.0.1",
+      "from": "map-obj@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz"
+    },
+    "meow": {
+      "version": "3.7.0",
+      "from": "meow@>=3.5.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/meow/-/meow-3.7.0.tgz"
+    },
+    "merge": {
+      "version": "1.2.0",
+      "from": "merge@>=1.2.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/merge/-/merge-1.2.0.tgz"
+    },
+    "methods": {
+      "version": "1.1.2",
+      "from": "methods@>=1.1.1 <1.2.0",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz"
+    },
+    "micromatch": {
+      "version": "2.3.11",
+      "from": "micromatch@>=2.1.5 <3.0.0",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-2.3.11.tgz"
+    },
+    "mime": {
+      "version": "1.3.4",
+      "from": "mime@1.3.4",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.3.4.tgz"
+    },
+    "mime-db": {
+      "version": "1.24.0",
+      "from": "mime-db@>=1.24.0 <1.25.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.24.0.tgz"
+    },
+    "mime-types": {
+      "version": "2.1.12",
+      "from": "mime-types@>=2.1.7 <2.2.0",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.12.tgz"
+    },
+    "minimatch": {
+      "version": "3.0.3",
+      "from": "minimatch@>=3.0.2 <4.0.0",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.3.tgz"
+    },
+    "minimist": {
+      "version": "1.2.0",
+      "from": "minimist@>=1.2.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz"
+    },
+    "mkdirp": {
+      "version": "0.5.1",
+      "from": "mkdirp@>=0.5.1 <0.6.0",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
+      "dependencies": {
+        "minimist": {
+          "version": "0.0.8",
+          "from": "minimist@0.0.8",
+          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz"
+        }
+      }
+    },
+    "ms": {
+      "version": "0.7.1",
+      "from": "ms@0.7.1",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz"
+    },
+    "node-uuid": {
+      "version": "1.4.7",
+      "from": "node-uuid@>=1.4.7 <1.5.0",
+      "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.7.tgz"
+    },
+    "normalize-package-data": {
+      "version": "2.3.5",
+      "from": "normalize-package-data@>=2.3.4 <3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.3.5.tgz"
+    },
+    "normalize-path": {
+      "version": "2.0.1",
+      "from": "normalize-path@>=2.0.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.0.1.tgz"
+    },
+    "number-is-nan": {
+      "version": "1.0.1",
+      "from": "number-is-nan@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz"
+    },
+    "oauth-sign": {
+      "version": "0.8.2",
+      "from": "oauth-sign@>=0.8.1 <0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz"
+    },
+    "object-assign": {
+      "version": "4.1.0",
+      "from": "object-assign@>=4.0.1 <5.0.0",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.0.tgz"
+    },
+    "object.omit": {
+      "version": "2.0.0",
+      "from": "object.omit@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/object.omit/-/object.omit-2.0.0.tgz"
+    },
+    "once": {
+      "version": "1.4.0",
+      "from": "once@>=1.3.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz"
+    },
+    "original": {
+      "version": "1.0.0",
+      "from": "original@>=0.0.5",
+      "resolved": "https://registry.npmjs.org/original/-/original-1.0.0.tgz",
+      "dependencies": {
+        "url-parse": {
+          "version": "1.0.5",
+          "from": "url-parse@>=1.0.0 <1.1.0",
+          "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.0.5.tgz"
+        }
+      }
+    },
+    "os-tmpdir": {
+      "version": "1.0.2",
+      "from": "os-tmpdir@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz"
+    },
+    "output-file-sync": {
+      "version": "1.1.2",
+      "from": "output-file-sync@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/output-file-sync/-/output-file-sync-1.1.2.tgz"
+    },
+    "parse-glob": {
+      "version": "3.0.4",
+      "from": "parse-glob@>=3.0.4 <4.0.0",
+      "resolved": "https://registry.npmjs.org/parse-glob/-/parse-glob-3.0.4.tgz"
+    },
+    "parse-json": {
+      "version": "2.2.0",
+      "from": "parse-json@>=2.2.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz"
+    },
+    "path-exists": {
+      "version": "1.0.0",
+      "from": "path-exists@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-1.0.0.tgz"
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "from": "path-is-absolute@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz"
+    },
+    "path-type": {
+      "version": "1.1.0",
+      "from": "path-type@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz"
+    },
+    "pify": {
+      "version": "2.3.0",
+      "from": "pify@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz"
+    },
+    "pinkie": {
+      "version": "2.0.4",
+      "from": "pinkie@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz"
+    },
+    "pinkie-promise": {
+      "version": "2.0.1",
+      "from": "pinkie-promise@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz"
+    },
+    "preserve": {
+      "version": "0.2.0",
+      "from": "preserve@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/preserve/-/preserve-0.2.0.tgz"
+    },
+    "private": {
+      "version": "0.1.6",
+      "from": "private@>=0.1.6 <0.2.0",
+      "resolved": "https://registry.npmjs.org/private/-/private-0.1.6.tgz"
+    },
+    "process-nextick-args": {
+      "version": "1.0.7",
+      "from": "process-nextick-args@>=1.0.6 <1.1.0",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-1.0.7.tgz"
+    },
+    "promise": {
+      "version": "6.1.0",
+      "from": "promise@>=6.1.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/promise/-/promise-6.1.0.tgz"
+    },
+    "qs": {
+      "version": "6.2.1",
+      "from": "qs@>=6.2.0 <6.3.0",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.2.1.tgz"
+    },
+    "querystringify": {
+      "version": "0.0.4",
+      "from": "querystringify@>=0.0.0 <0.1.0",
+      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-0.0.4.tgz"
+    },
+    "randomatic": {
+      "version": "1.1.5",
+      "from": "randomatic@>=1.1.3 <2.0.0",
+      "resolved": "https://registry.npmjs.org/randomatic/-/randomatic-1.1.5.tgz"
+    },
+    "read-pkg": {
+      "version": "1.1.0",
+      "from": "read-pkg@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz"
+    },
+    "read-pkg-up": {
+      "version": "1.0.1",
+      "from": "read-pkg-up@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz"
+    },
+    "readable-stream": {
+      "version": "2.1.5",
+      "from": "readable-stream@>=2.0.2 <3.0.0",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.1.5.tgz"
+    },
+    "readdirp": {
+      "version": "2.1.0",
+      "from": "readdirp@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-2.1.0.tgz"
+    },
+    "redent": {
+      "version": "1.0.0",
+      "from": "redent@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/redent/-/redent-1.0.0.tgz"
+    },
+    "reduce-component": {
+      "version": "1.0.1",
+      "from": "reduce-component@1.0.1",
+      "resolved": "https://registry.npmjs.org/reduce-component/-/reduce-component-1.0.1.tgz"
+    },
+    "regenerate": {
+      "version": "1.3.1",
+      "from": "regenerate@>=1.2.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.3.1.tgz"
+    },
+    "regenerator-runtime": {
+      "version": "0.9.5",
+      "from": "regenerator-runtime@>=0.9.5 <0.10.0",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.9.5.tgz"
+    },
+    "regex-cache": {
+      "version": "0.4.3",
+      "from": "regex-cache@>=0.4.2 <0.5.0",
+      "resolved": "https://registry.npmjs.org/regex-cache/-/regex-cache-0.4.3.tgz"
+    },
+    "regexpu-core": {
+      "version": "2.0.0",
+      "from": "regexpu-core@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-2.0.0.tgz"
+    },
+    "regjsgen": {
+      "version": "0.2.0",
+      "from": "regjsgen@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/regjsgen/-/regjsgen-0.2.0.tgz"
+    },
+    "regjsparser": {
+      "version": "0.1.5",
+      "from": "regjsparser@>=0.1.4 <0.2.0",
+      "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.1.5.tgz",
+      "dependencies": {
+        "jsesc": {
+          "version": "0.5.0",
+          "from": "jsesc@>=0.5.0 <0.6.0",
+          "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz"
+        }
+      }
+    },
+    "repeat-element": {
+      "version": "1.1.2",
+      "from": "repeat-element@>=1.1.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.2.tgz"
+    },
+    "repeat-string": {
+      "version": "1.5.4",
+      "from": "repeat-string@>=1.5.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.5.4.tgz"
+    },
+    "repeating": {
+      "version": "1.1.3",
+      "from": "repeating@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/repeating/-/repeating-1.1.3.tgz"
+    },
+    "request": {
+      "version": "2.75.0",
+      "from": "request@>=2.65.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.75.0.tgz"
+    },
+    "requires-port": {
+      "version": "1.0.0",
+      "from": "requires-port@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz"
+    },
+    "rimraf": {
+      "version": "2.5.4",
+      "from": "rimraf@>=2.4.3 <3.0.0",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.5.4.tgz",
+      "dependencies": {
+        "glob": {
+          "version": "7.1.1",
+          "from": "glob@>=7.0.5 <8.0.0",
+          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.1.tgz"
+        }
+      }
+    },
+    "semver": {
+      "version": "4.3.6",
+      "from": "semver@>=4.0.3 <5.0.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-4.3.6.tgz"
+    },
+    "semver-regex": {
+      "version": "1.0.0",
+      "from": "semver-regex@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-1.0.0.tgz"
+    },
+    "semver-truncate": {
+      "version": "1.1.2",
+      "from": "semver-truncate@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/semver-truncate/-/semver-truncate-1.1.2.tgz",
+      "dependencies": {
+        "semver": {
+          "version": "5.3.0",
+          "from": "semver@>=5.3.0 <6.0.0",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz"
+        }
+      }
+    },
+    "set-immediate-shim": {
+      "version": "1.0.1",
+      "from": "set-immediate-shim@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz"
+    },
+    "shebang-regex": {
+      "version": "1.0.0",
+      "from": "shebang-regex@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz"
+    },
+    "signal-exit": {
+      "version": "3.0.1",
+      "from": "signal-exit@>=3.0.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.1.tgz"
+    },
+    "slash": {
+      "version": "1.0.0",
+      "from": "slash@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-1.0.0.tgz"
+    },
+    "slugid": {
+      "version": "1.1.0",
+      "from": "slugid@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/slugid/-/slugid-1.1.0.tgz"
+    },
+    "sntp": {
+      "version": "1.0.9",
+      "from": "sntp@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz"
+    },
+    "sockjs-client": {
+      "version": "1.1.1",
+      "from": "sockjs-client@>=1.0.3 <2.0.0",
+      "resolved": "https://registry.npmjs.org/sockjs-client/-/sockjs-client-1.1.1.tgz"
+    },
+    "source-map": {
+      "version": "0.5.6",
+      "from": "source-map@>=0.5.0 <0.6.0",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.6.tgz"
+    },
+    "source-map-support": {
+      "version": "0.4.3",
+      "from": "source-map-support@>=0.4.2 <0.5.0",
+      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.4.3.tgz"
+    },
+    "spdx-correct": {
+      "version": "1.0.2",
+      "from": "spdx-correct@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-1.0.2.tgz"
+    },
+    "spdx-expression-parse": {
+      "version": "1.0.4",
+      "from": "spdx-expression-parse@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-1.0.4.tgz"
+    },
+    "spdx-license-ids": {
+      "version": "1.2.2",
+      "from": "spdx-license-ids@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-1.2.2.tgz"
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "from": "sprintf-js@>=1.0.2 <1.1.0",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz"
+    },
+    "sshpk": {
+      "version": "1.10.1",
+      "from": "sshpk@>=1.7.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.10.1.tgz",
+      "dependencies": {
+        "assert-plus": {
+          "version": "1.0.0",
+          "from": "assert-plus@>=1.0.0 <2.0.0",
+          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"
+        }
+      }
+    },
+    "string_decoder": {
+      "version": "0.10.31",
+      "from": "string_decoder@>=0.10.0 <0.11.0",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"
+    },
+    "stringstream": {
+      "version": "0.0.5",
+      "from": "stringstream@>=0.0.4 <0.1.0",
+      "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz"
+    },
+    "strip-ansi": {
+      "version": "3.0.1",
+      "from": "strip-ansi@>=3.0.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz"
+    },
+    "strip-bom": {
+      "version": "2.0.0",
+      "from": "strip-bom@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz"
+    },
+    "strip-indent": {
+      "version": "1.0.1",
+      "from": "strip-indent@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-1.0.1.tgz"
+    },
+    "superagent": {
+      "version": "1.7.2",
+      "from": "superagent@>=1.7.0 <1.8.0",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-1.7.2.tgz",
+      "dependencies": {
+        "async": {
+          "version": "0.9.2",
+          "from": "async@>=0.9.0 <0.10.0",
+          "resolved": "https://registry.npmjs.org/async/-/async-0.9.2.tgz"
+        },
+        "combined-stream": {
+          "version": "0.0.7",
+          "from": "combined-stream@>=0.0.4 <0.1.0",
+          "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-0.0.7.tgz"
+        },
+        "delayed-stream": {
+          "version": "0.0.5",
+          "from": "delayed-stream@0.0.5",
+          "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-0.0.5.tgz"
+        },
+        "form-data": {
+          "version": "0.2.0",
+          "from": "form-data@0.2.0",
+          "resolved": "https://registry.npmjs.org/form-data/-/form-data-0.2.0.tgz"
+        },
+        "isarray": {
+          "version": "0.0.1",
+          "from": "isarray@0.0.1",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"
+        },
+        "mime-db": {
+          "version": "1.12.0",
+          "from": "mime-db@>=1.12.0 <1.13.0",
+          "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.12.0.tgz"
+        },
+        "mime-types": {
+          "version": "2.0.14",
+          "from": "mime-types@>=2.0.3 <2.1.0",
+          "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.0.14.tgz"
+        },
+        "qs": {
+          "version": "2.3.3",
+          "from": "qs@2.3.3",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-2.3.3.tgz"
+        },
+        "readable-stream": {
+          "version": "1.0.27-1",
+          "from": "readable-stream@1.0.27-1",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.27-1.tgz"
+        }
+      }
+    },
+    "superagent-hawk": {
+      "version": "0.0.6",
+      "from": "superagent-hawk@>=0.0.6 <0.0.7",
+      "resolved": "https://registry.npmjs.org/superagent-hawk/-/superagent-hawk-0.0.6.tgz",
+      "dependencies": {
+        "boom": {
+          "version": "0.4.2",
+          "from": "boom@>=0.4.0 <0.5.0",
+          "resolved": "https://registry.npmjs.org/boom/-/boom-0.4.2.tgz"
+        },
+        "cryptiles": {
+          "version": "0.2.2",
+          "from": "cryptiles@>=0.2.0 <0.3.0",
+          "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-0.2.2.tgz"
+        },
+        "hawk": {
+          "version": "1.0.0",
+          "from": "hawk@>=1.0.0 <1.1.0",
+          "resolved": "https://registry.npmjs.org/hawk/-/hawk-1.0.0.tgz"
+        },
+        "hoek": {
+          "version": "0.9.1",
+          "from": "hoek@>=0.9.0 <0.10.0",
+          "resolved": "https://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz"
+        },
+        "qs": {
+          "version": "0.6.6",
+          "from": "qs@>=0.6.6 <0.7.0",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-0.6.6.tgz"
+        },
+        "sntp": {
+          "version": "0.2.4",
+          "from": "sntp@>=0.2.0 <0.3.0",
+          "resolved": "https://registry.npmjs.org/sntp/-/sntp-0.2.4.tgz"
+        }
+      }
+    },
+    "superagent-promise": {
+      "version": "0.2.0",
+      "from": "superagent-promise@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/superagent-promise/-/superagent-promise-0.2.0.tgz"
+    },
+    "supports-color": {
+      "version": "2.0.0",
+      "from": "supports-color@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz"
+    },
+    "taskcluster-client": {
+      "version": "1.4.0",
+      "from": "taskcluster-client@>=1.2.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/taskcluster-client/-/taskcluster-client-1.4.0.tgz",
+      "dependencies": {
+        "hawk": {
+          "version": "2.3.1",
+          "from": "hawk@>=2.3.1 <3.0.0",
+          "resolved": "https://registry.npmjs.org/hawk/-/hawk-2.3.1.tgz"
+        },
+        "lodash": {
+          "version": "3.10.1",
+          "from": "lodash@>=3.6.0 <4.0.0",
+          "resolved": "https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz"
+        }
+      }
+    },
+    "to-fast-properties": {
+      "version": "1.0.2",
+      "from": "to-fast-properties@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.2.tgz"
+    },
+    "tough-cookie": {
+      "version": "2.3.1",
+      "from": "tough-cookie@>=2.3.0 <2.4.0",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.1.tgz"
+    },
+    "trim-newlines": {
+      "version": "1.0.0",
+      "from": "trim-newlines@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz"
+    },
+    "tunnel-agent": {
+      "version": "0.4.3",
+      "from": "tunnel-agent@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz"
+    },
+    "tweetnacl": {
+      "version": "0.14.3",
+      "from": "tweetnacl@>=0.14.0 <0.15.0",
+      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.3.tgz"
+    },
+    "url-join": {
+      "version": "0.0.1",
+      "from": "url-join@>=0.0.1 <0.0.2",
+      "resolved": "https://registry.npmjs.org/url-join/-/url-join-0.0.1.tgz"
+    },
+    "url-parse": {
+      "version": "1.1.6",
+      "from": "url-parse@>=1.1.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.1.6.tgz"
+    },
+    "user-home": {
+      "version": "1.1.1",
+      "from": "user-home@>=1.1.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/user-home/-/user-home-1.1.1.tgz"
+    },
+    "util-deprecate": {
+      "version": "1.0.2",
+      "from": "util-deprecate@>=1.0.1 <1.1.0",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz"
+    },
+    "uuid": {
+      "version": "2.0.3",
+      "from": "uuid@>=2.0.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-2.0.3.tgz"
+    },
+    "v8flags": {
+      "version": "2.0.11",
+      "from": "v8flags@>=2.0.10 <3.0.0",
+      "resolved": "https://registry.npmjs.org/v8flags/-/v8flags-2.0.11.tgz"
+    },
+    "validate-npm-package-license": {
+      "version": "3.0.1",
+      "from": "validate-npm-package-license@>=3.0.1 <4.0.0",
+      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.1.tgz"
+    },
+    "verror": {
+      "version": "1.3.6",
+      "from": "verror@1.3.6",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.3.6.tgz"
+    },
+    "websocket-driver": {
+      "version": "0.6.5",
+      "from": "websocket-driver@>=0.5.1",
+      "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.6.5.tgz"
+    },
+    "websocket-extensions": {
+      "version": "0.1.1",
+      "from": "websocket-extensions@>=0.1.1",
+      "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.1.tgz"
+    },
+    "when": {
+      "version": "3.6.4",
+      "from": "when@>=3.6.2 <3.7.0",
+      "resolved": "https://registry.npmjs.org/when/-/when-3.6.4.tgz"
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "from": "wrappy@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz"
+    },
+    "xtend": {
+      "version": "4.0.1",
+      "from": "xtend@>=4.0.0 <5.0.0",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz"
+    }
+  }
+}
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -15,33 +15,24 @@ const WINDOWS_CHECKOUT_CMD =
 /*****************************************************************************/
 
 function isSanitizer(task) {
   return task.collection == "asan" || task.collection == "ubsan";
 }
 
 queue.filter(task => {
   if (task.group == "Builds") {
-    // Remove extra builds on UBSan and ARM.
-    if (task.collection == "ubsan" || task.collection == "arm-debug") {
+    // Remove extra builds on {A,UB}San and ARM.
+    if (isSanitizer(task) || task.collection == "arm-debug") {
       return false;
     }
 
-    // Remove extra builds w/o libpkix for non-asan.
-    if (task.symbol == "noLibpkix" && task.collection != "asan") {
-      return false;
-    }
-
-    // Remove extra builds w/ clang-3.9 on ASan.
-    if (task.symbol == "clang-3.9" && task.collection == "asan") {
-      return false;
-    }
-
-    // Remove extra builds w/ gcc-5 on non-ASan.
-    if (task.symbol == "gcc-5" && task.collection != "asan") {
+    // Remove extra builds w/o libpkix for non-linux64-debug.
+    if (task.symbol == "noLibpkix" &&
+        (task.platform != "linux64" || task.collection != "debug")) {
       return false;
     }
 
     // Remove extra builds on gyp builds (TODO: add when it supports CC/CCC).
     if (task.collection == "gyp") {
       return false;
     }
   }
@@ -53,18 +44,19 @@ queue.filter(task => {
     }
 
     // No BoGo tests on ARM.
     if (task.collection == "arm-debug") {
       return false;
     }
   }
 
-  // Start with BoGo on UBSan builds.
-  if (task.collection == "ubsan" && task.tests && task.tests != "bogo") {
+  // Filter test suites that currently fail with UBSan.
+  if (task.collection == "ubsan" &&
+      ["crmf", "cipher", "fips", "merge", "smime"].includes(task.tests)) {
     return false;
   }
 
   return true;
 });
 
 queue.map(task => {
   if (isSanitizer(task)) {
@@ -109,16 +101,23 @@ export default async function main() {
   });
 
   await scheduleLinux("Linux 64 (opt)", {
     env: {USE_64: "1", BUILD_OPT: "1"},
     platform: "linux64",
     image: LINUX_IMAGE
   });
 
+  await scheduleLinux("Linux 64 (debug)", {
+    env: {USE_64: "1"},
+    platform: "linux64",
+    collection: "debug",
+    image: LINUX_IMAGE
+  });
+
   await scheduleLinux("Linux 64 (debug, gyp)", {
     command: [
       "/bin/bash",
       "-c",
       "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
     ],
     env: {USE_64: "1"},
     platform: "linux64",
@@ -238,25 +237,16 @@ async function scheduleLinux(name, base)
     env: {
       CC: "gcc-4.8",
       CCC: "g++-4.8"
     },
     symbol: "gcc-4.8"
   }));
 
   queue.scheduleTask(merge(extra_base, {
-    name: `${name} w/ gcc-5`,
-    env: {
-      CC: "gcc-5",
-      CCC: "g++-5"
-    },
-    symbol: "gcc-5"
-  }));
-
-  queue.scheduleTask(merge(extra_base, {
     name: `${name} w/ gcc-6.1`,
     env: {
       CC: "gcc-6",
       CCC: "g++-6"
     },
     symbol: "gcc-6.1"
   }));
 
--- a/security/nss/automation/taskcluster/graph/src/try_syntax.js
+++ b/security/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -17,17 +17,17 @@ function parseOptions(opts) {
   let builds = intersect(opts.build.split(""), ["d", "o"]);
 
   // If the given value is nonsense default to debug and opt builds.
   if (builds.length == 0) {
     builds = ["d", "o"];
   }
 
   // Parse platforms.
-  let allPlatforms = ["linux", "linux64", "win64", "arm", "linux64-gyp"];
+  let allPlatforms = ["linux", "linux64", "linux64-asan", "win64", "arm", "linux64-gyp"];
   let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
 
   // If the given value is nonsense or "none" default to all platforms.
   if (platforms.length == 0 && opts.platform != "none") {
     platforms = allPlatforms;
   }
 
   // Parse unit tests.
@@ -95,31 +95,34 @@ function filter(opts) {
     }
 
     let coll = name => name == (task.collection || "opt");
 
     // Filter by platform.
     let found = opts.platforms.some(platform => {
       let aliases = {
         "linux": "linux32",
+        "linux64-asan": "linux64",
         "linux64-gyp": "linux64",
         "win64": "windows2012-64",
         "arm": "linux32"
       };
 
       // Check the platform name.
       let keep = (task.platform == (aliases[platform] || platform));
 
       // Additional checks.
-      if (platform == "arm") {
+      if (platform == "linux64-asan") {
+        keep &= coll("asan") || coll("ubsan");
+      } else if (platform == "arm") {
         keep &= coll("arm-opt") || coll("arm-debug");
       } else if (platform == "linux64-gyp") {
         keep &= coll("gyp");
       } else {
-        keep &= coll("opt") || coll("debug") || coll("asan") || coll("ubsan");
+        keep &= coll("opt") || coll("debug");
       }
 
       return keep;
     });
 
     if (!found) {
       return false;
     }
--- a/security/nss/automation/taskcluster/scripts/build_gyp.sh
+++ b/security/nss/automation/taskcluster/scripts/build_gyp.sh
@@ -6,16 +6,13 @@ if [[ $(id -u) -eq 0 ]]; then
     # Drop privileges by re-running this script.
     exec su worker $0
 fi
 
 # Clone NSPR if needed.
 hg_clone https://hg.mozilla.org/projects/nspr nspr default
 
 # Build.
-cd nss && NSS_GYP_GEN=1 ./build.sh
-if [ $? != 0 ]; then
-    exit 1
-fi
+nss/build.sh -g -v
 
 # Package.
-cd .. && mkdir artifacts
+mkdir artifacts
 tar cvfjh artifacts/dist.tar.bz2 dist
--- a/security/nss/automation/taskcluster/scripts/run_scan_build.sh
+++ b/security/nss/automation/taskcluster/scripts/run_scan_build.sh
@@ -15,28 +15,31 @@ fi
 # Build.
 cd nss
 make nss_build_all
 
 # What we want to scan.
 # key: directory to scan
 # value: number of errors expected in that directory
 declare -A scan=( \
+        [lib/base]=0 \
+        [lib/certdb]=0 \
+        [lib/certhigh]=0 \
         [lib/ssl]=0 \
         [lib/freebl]=0 \
         [lib/util]=0 \
     )
 
 # remove .OBJ directories to force a rebuild of just the select few
 for i in "${!scan[@]}"; do
    find "$i" -name "*.OBJ" -exec rm -rf {} \+
 done
 
 # run scan-build (only building affected directories)
-scan-build -o /home/worker/artifacts --use-cc=$(CC) --use-c++=$(CCC) make nss_build_all && cd ..
+scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..
 
 # print errors we found
 set +v +x
 STATUS=0
 for i in "${!scan[@]}"; do
    n=$(grep -Rn "$i" /home/worker/artifacts/*/report-*.html | wc -l)
    if [ $n -ne ${scan[$i]} ]; then
      STATUS=1
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -1,36 +1,72 @@
 #!/bin/bash
+# This script builds NSS with gyp and ninja.
+#
+# This build system is still under development.  It does not yet support all
+# the features or platforms that NSS supports.
+#
+# -c = clean before build
+# -g = force a rebuild of gyp (and NSPR, because why not)
+# -v = verbose build
+# --test = ignore map files and export everything we have
 
-CWD="$PWD/$(dirname $0)"
-OBJ_DIR="$(make platform)"
+set -e
+
+CWD=$(cd $(dirname $0); pwd -P)
+OBJ_DIR=$(make -s -C "$CWD" platform)
 DIST_DIR="$CWD/../dist/$OBJ_DIR"
 
-# do NSPR things
-NSS_GYP=1 make install_nspr
+if [ -n "$CCC" ] && [ -z "$CXX" ]; then
+    export CXX="$CCC"
+fi
 
-if [ -z "${USE_64}" ]; then
-    GYP_PARAMS="-Dtarget_arch=ia32"
+while [ $# -gt 0 ]; do
+    case $1 in
+        -c) CLEAN=1 ;;
+        -g) REBUILD_GYP=1 ;;
+        -v) VERBOSE=1 ;;
+        --test) GYP_PARAMS="$GYP_PARAMS -Dtest_build=1" ;;
+    esac
+    shift
+done
+
+# -c = clean first
+if [ "$CLEAN" = 1 ]; then
+    rm -rf "$CWD/out"
 fi
 
-# generate NSS build files only if asked for it
-if [ -n "${NSS_GYP_GEN}" -o ! -d out/Debug ]; then
-    PKG_CONFIG_PATH="$CWD/../nspr/$OBJ_DIR/config" gyp -f ninja $GYP_PARAMS --depth=. nss.gyp
+if [ "$BUILD_OPT" = "1" ]; then
+    TARGET=Release
+else
+    TARGET=Debug
+fi
+if [ "$USE_64" == "1" ]; then
+    TARGET="${TARGET}_x64"
+else
+    GYP_PARAMS="$GYP_PARAMS -Dtarget_arch=ia32"
 fi
-# build NSS
-# TODO: only doing this for debug build for now
-ninja -C out/Debug/
-if [ $? != 0 ]; then
-    exit 1
+TARGET_DIR="$CWD/out/$TARGET"
+
+# These steps can take a while, so don't overdo them.
+# Force a redo with -g.
+if [ "$REBUILD_GYP" = 1 -o ! -d "$TARGET_DIR" ]; then
+    # Build NSPR.
+    make -C "$CWD" NSS_GYP=1 install_nspr
+
+    # Run gyp.
+    PKG_CONFIG_PATH="$CWD/../nspr/$OBJ_DIR/config" $SCANBUILD \
+        gyp -f ninja $GYP_PARAMS --depth="$CWD" --generator-output="." "$CWD/nss.gyp"
 fi
 
-# sign libs
-# TODO: this is done every time at the moment.
-cd out/Debug/
-LD_LIBRARY_PATH=$DIST_DIR/lib/ ./shlibsign -v -i lib/libfreebl3.so
-LD_LIBRARY_PATH=$DIST_DIR/lib/ ./shlibsign -v -i lib/libfreeblpriv3.so
-LD_LIBRARY_PATH=$DIST_DIR/lib/ ./shlibsign -v -i lib/libnssdbm3.so
-LD_LIBRARY_PATH=$DIST_DIR/lib/ ./shlibsign -v -i lib/libsoftokn3.so
-
-# copy files over to the right directory
-cp * "$DIST_DIR/bin/"
-cp lib/* "$DIST_DIR/lib/"
-find . -name "*.a" | xargs cp -t "$DIST_DIR/lib/"
+# Run ninja.
+if which ninja >/dev/null 2>&1; then
+    NINJA=ninja
+elif which ninja-build >/dev/null 2>&1; then
+    NINJA=ninja-build
+else
+    echo "Please install ninja" 1>&2
+    exit 1
+fi
+if [ "$VERBOSE" = 1 ]; then
+    NINJA="$NINJA -v"
+fi
+$NINJA -C "$TARGET_DIR"
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -140,33 +140,17 @@ Usage()
 #endif
     PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
     PRINTUSAGE("", "-m", "cipher mode to use");
     PRINTUSAGE("", "-i", "file which contains input buffer");
     PRINTUSAGE("", "-o", "file for signature");
     PRINTUSAGE("", "-k", "file which contains key");
 #ifndef NSS_DISABLE_ECC
     PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
-    PRINTUSAGE("", "", "  sect163k1, nistk163, sect163r1, sect163r2,");
-    PRINTUSAGE("", "", "  nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
-    PRINTUSAGE("", "", "  sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
-    PRINTUSAGE("", "", "  sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
-    PRINTUSAGE("", "", "  nistb409, sect571k1, nistk571, sect571r1, nistb571,");
-    PRINTUSAGE("", "", "  secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,");
-    PRINTUSAGE("", "", "  nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
-    PRINTUSAGE("", "", "  secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
-    PRINTUSAGE("", "", "  nistp521, prime192v1, prime192v2, prime192v3,");
-    PRINTUSAGE("", "", "  prime239v1, prime239v2, prime239v3, c2pnb163v1,");
-    PRINTUSAGE("", "", "  c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
-    PRINTUSAGE("", "", "  c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
-    PRINTUSAGE("", "", "  c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
-    PRINTUSAGE("", "", "  c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
-    PRINTUSAGE("", "", "  c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
-    PRINTUSAGE("", "", "  secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
-    PRINTUSAGE("", "", "  sect131r1, sect131r2, curve25519");
+    PRINTUSAGE("", "", "  nistp256, nistp384, nistp521");
 #endif
     PRINTUSAGE("", "-p", "do performance test");
     PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
     PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer");
     PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]");
     PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
@@ -410,19 +394,16 @@ eckey_from_filedata(PLArenaPool *arena, 
     return key;
 }
 
 typedef struct curveNameTagPairStr {
     char *curveName;
     SECOidTag curveOidTag;
 } CurveNameTagPair;
 
-#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
-/* #define DEFAULT_CURVE_OID_TAG  SEC_OID_SECG_EC_SECP160R1 */
-
 static CurveNameTagPair nameTagPair[] =
     {
       { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
       { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
       { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
       { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
       { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
       { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
@@ -1858,17 +1839,17 @@ bltest_ecdsa_init(bltestCipherInfo *ciph
     }
     if (!asymk->privKey && asymk->key.buf.len > 0) {
         asymk->privKey = eckey_from_filedata(cipherInfo->arena, &asymk->key.buf);
     }
     if (encrypt) {
         cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
     } else {
         /* Have to convert private key to public key.  Memory
-     * is freed with private key's arena  */
+         * is freed with private key's arena  */
         ECPublicKey *pubkey;
         ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
         pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
                                                  sizeof(ECPublicKey));
         pubkey->ecParams.type = key->ecParams.type;
         pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
         pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
         pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
--- a/security/nss/cmd/bltest/tests/ecdsa/README
+++ b/security/nss/cmd/bltest/tests/ecdsa/README
@@ -1,22 +1,4 @@
-0  secp160k1
-1  secp160r1
-2  secp160r2
-3  nistk163
-4  sect163r1
-5  nistb163
-6  secp192k1
-7  nistp192
-8  secp224k1
-9  nistp224
-10 nistk233
-11 nistb233
-12 nistp256
-13 nistk283
-14 nistb283
-15 nistp384
-16 nistk409
-17 nistb409
-18 nistk571
-19 nistb571
+0 nistp256
+1 nistp384
 # the following tests are not yet implemented
-#20 nistp521
+2 nistp521
--- a/security/nss/cmd/bltest/tests/ecdsa/key0
+++ b/security/nss/cmd/bltest/tests/ecdsa/key0
@@ -1,2 +1,3 @@
-AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD
-WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ=
+AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
+NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
+7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
--- a/security/nss/cmd/bltest/tests/ecdsa/key1
+++ b/security/nss/cmd/bltest/tests/ecdsa/key1
@@ -1,2 +1,4 @@
-AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T
-5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ=
+AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
+r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
+q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
+yALMCiXJqRVXwbq42WMuaELMW+g=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key10
+++ /dev/null
@@ -1,3 +0,0 @@
-AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn
-dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p
-LYtBpK23jzfdVWO8SAY=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key11
+++ /dev/null
@@ -1,3 +0,0 @@
-AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv
-KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J
-LUg3xVL00vviR0KyFZY=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key12
+++ /dev/null
@@ -1,3 +0,0 @@
-AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
-NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
-7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key13
+++ /dev/null
@@ -1,3 +0,0 @@
-AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF
-7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX
-mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key14
+++ /dev/null
@@ -1,3 +0,0 @@
-AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi
-xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa
-d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key15
+++ /dev/null
@@ -1,4 +0,0 @@
-AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
-r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
-q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
-yALMCiXJqRVXwbq42WMuaELMW+g=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key16
+++ /dev/null
@@ -1,4 +0,0 @@
-AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz
-Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW
-2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T
-NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key17
+++ /dev/null
@@ -1,4 +0,0 @@
-AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K
-1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U
-V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx
-t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key18
+++ /dev/null
@@ -1,5 +0,0 @@
-AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+
-LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH
-NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF
-3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY
-poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key19
+++ /dev/null
@@ -1,5 +0,0 @@
-AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s
-6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy
-TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/
-amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc
-wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ=
--- a/security/nss/cmd/bltest/tests/ecdsa/key2
+++ b/security/nss/cmd/bltest/tests/ecdsa/key2
@@ -1,2 +1,5 @@
-AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA
-p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato=
+AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
+jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
+nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
+MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
+DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key20
+++ /dev/null
@@ -1,5 +0,0 @@
-AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
-jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
-nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
-MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
-DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key3
+++ /dev/null
@@ -1,2 +0,0 @@
-AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7
-gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key4
+++ /dev/null
@@ -1,2 +0,0 @@
-AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa
-dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key5
+++ /dev/null
@@ -1,2 +0,0 @@
-AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO
-Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key6
+++ /dev/null
@@ -1,2 +0,0 @@
-AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7
-uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key7
+++ /dev/null
@@ -1,2 +0,0 @@
-AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+
-D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key8
+++ /dev/null
@@ -1,3 +0,0 @@
-AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI
-gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G
-qkpgzPIwe7U=
deleted file mode 100644
--- a/security/nss/cmd/bltest/tests/ecdsa/key9
+++ /dev/null
@@ -1,3 +0,0 @@
-AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc
-rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b
-1NJv4ULUbIs=
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -1257,18 +1257,18 @@ luG(enum usage_level ul, const char *com
         "   -f password-file");
     FPS "%-20s Specify the noise file to be used\n",
         "   -z noisefile");
     FPS "%-20s read PQG value from pqgfile (dsa only)\n",
         "   -q pqgfile");
 #ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
-    FPS "%-20s One of nistp256, nistp384, nistp521, curve25519\n", "");
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
+    FPS "%-20s One of nistp256, nistp384, nistp521, curve25519.\n", "");
+    FPS "%-20s If a custom token is present, the following curves are also supported:\n", "");
     FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", "");
     FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", "");
     FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", "");
     FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", "");
     FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", "");
     FPS "%-20s secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", "");
     FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", "");
     FPS "%-20s secp256r1, secp384r1, secp521r1,\n", "");
@@ -1276,17 +1276,16 @@ luG(enum usage_level ul, const char *com
     FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", "");
     FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", "");
     FPS "%-20s c2tnb191v2, c2tnb191v3,  \n", "");
     FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", "");
     FPS "%-20s c2pnb272w1, c2pnb304w1, \n", "");
     FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", "");
     FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", "");
     FPS "%-20s sect131r1, sect131r2\n", "");
-#endif /* NSS_ECC_MORE_THAN_SUITE_B */
 #endif
     FPS "%-20s Key database directory (default is ~/.netscape)\n",
         "   -d keydir");
     FPS "%-20s Cert & Key database prefix\n",
         "   -P dbprefix");
     FPS "%-20s\n"
         "%-20s PKCS #11 key Attributes.\n",
         "   --keyAttrFlags attrflags", "");
--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -388,19 +388,16 @@ CERTUTIL_FileForRNG(const char *noise)
 }
 
 #ifndef NSS_DISABLE_ECC
 typedef struct curveNameTagPairStr {
     char *curveName;
     SECOidTag curveOidTag;
 } CurveNameTagPair;
 
-#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
-/* #define DEFAULT_CURVE_OID_TAG  SEC_OID_SECG_EC_SECP160R1 */
-
 static CurveNameTagPair nameTagPair[] =
     {
       { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
       { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
       { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
       { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
       { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
       { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
--- a/security/nss/cmd/ecperf/ecperf.c
+++ b/security/nss/cmd/ecperf/ecperf.c
@@ -465,17 +465,17 @@ ectest_curve_pkcs11(ECCurveName curve, i
     SECItem digest;
     SECKEYECParams ecParams;
     CK_MECHANISM mech;
     CK_ECDH1_DERIVE_PARAMS ecdh_params;
     unsigned char sigData[256];
     unsigned char digestData[20];
     unsigned char pubKeyData[256];
     PRLock *lock = NULL;
-    double signRate, deriveRate;
+    double signRate, deriveRate = 0;
     CK_ATTRIBUTE template;
     SECStatus rv;
     CK_RV crv;
 
     ecParams.data = NULL;
     ecParams.len = 0;
     rv = ecName2params(curve, &ecParams);
     if (rv != SECSuccess) {
@@ -590,17 +590,17 @@ ectest_curve_freebl(ECCurveName curve, i
 {
     ECParams ecParams = { 0 };
     ECPrivateKey *ecPriv = NULL;
     ECPublicKey ecPub;
     SECItem sig;
     SECItem digest;
     unsigned char sigData[256];
     unsigned char digestData[20];
-    double signRate, deriveRate;
+    double signRate, deriveRate = 0;
     char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
     SECStatus rv = SECFailure;
     PLArenaPool *arena;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena) {
         return SECFailure;
     }
@@ -760,54 +760,21 @@ main(int argv, char **argc)
         if (crv != CKR_OK) {
             fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv);
             return SECFailure;
         }
     }
 
     /* specific arithmetic tests */
     if (nist) {
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-        ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
-        ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
-        ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
-#endif
         ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
         ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
         ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
         ECTEST_NAMED_CUSTOM("Curve25519", ECCurve25519);
     }
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-    if (ansi) {
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
-    }
-    if (secp) {
-        ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
-        ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
-        ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
-        ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
-        ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
-        ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
-        ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
-        ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1);
-        ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
-        ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
-        ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
-        ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
-        ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
-        ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
-        ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
-    }
-#endif
 
 cleanup:
     rv |= SECOID_Shutdown();
     RNG_RNGShutdown();
 
     if (rv != SECSuccess) {
         printf("Error: exiting with error value\n");
     }
--- a/security/nss/cmd/lib/basicutil.c
+++ b/security/nss/cmd/lib/basicutil.c
@@ -20,16 +20,17 @@
 #include <sys/stat.h>
 #include <errno.h>
 
 #ifdef XP_UNIX
 #include <unistd.h>
 #endif
 
 #include "secoid.h"
+#include "sslt.h"
 
 extern long DER_GetInteger(const SECItem *src);
 
 static PRBool wrapEnabled = PR_TRUE;
 
 void
 SECU_EnableWrap(PRBool enable)
 {
@@ -726,8 +727,102 @@ SECU_SECItemHexStringToBinary(SECItem *s
                                      nibble(srcdest->data[i + 1]);
     }
 
     /* adjust length */
     srcdest->len -= 2;
     srcdest->len /= 2;
     return SECSuccess;
 }
+
+SSLNamedGroup
+groupNameToNamedGroup(char *name)
+{
+    if (PL_strlen(name) == 4) {
+        if (!strncmp(name, "P256", 4)) {
+            return ssl_grp_ec_secp256r1;
+        }
+        if (!strncmp(name, "P384", 4)) {
+            return ssl_grp_ec_secp384r1;
+        }
+        if (!strncmp(name, "P521", 4)) {
+            return ssl_grp_ec_secp521r1;
+        }
+    }
+    if (PL_strlen(name) == 6) {
+        if (!strncmp(name, "x25519", 6)) {
+            return ssl_grp_ec_curve25519;
+        }
+        if (!strncmp(name, "FF2048", 6)) {
+            return ssl_grp_ffdhe_2048;
+        }
+        if (!strncmp(name, "FF3072", 6)) {
+            return ssl_grp_ffdhe_3072;
+        }
+        if (!strncmp(name, "FF4096", 6)) {
+            return ssl_grp_ffdhe_4096;
+        }
+        if (!strncmp(name, "FF6144", 6)) {
+            return ssl_grp_ffdhe_6144;
+        }
+        if (!strncmp(name, "FF8192", 6)) {
+            return ssl_grp_ffdhe_8192;
+        }
+    }
+
+    return ssl_grp_none;
+}
+
+SECStatus
+parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
+               unsigned int *enabledGroupsCount)
+{
+    SSLNamedGroup *groups;
+    char *str;
+    char *p;
+    unsigned int numValues = 0;
+    unsigned int count = 0;
+
+    /* Count the number of groups. */
+    str = PORT_Strdup(arg);
+    if (!str) {
+        return SECFailure;
+    }
+    p = strtok(str, ",");
+    while (p) {
+        ++numValues;
+        p = strtok(NULL, ",");
+    }
+    PORT_Free(str);
+    groups = PORT_ZNewArray(SSLNamedGroup, numValues);
+    if (!groups) {
+        goto done;
+    }
+
+    /* Get group names. */
+    str = PORT_Strdup(arg);
+    if (!str) {
+        goto done;
+    }
+    p = strtok(str, ",");
+    while (p) {
+        SSLNamedGroup group = groupNameToNamedGroup(p);
+        if (group == ssl_grp_none) {
+            count = 0;
+            goto done;
+        }
+        groups[count++] = group;
+        p = strtok(NULL, ",");
+    }
+
+done:
+    if (str) {
+        PORT_Free(str);
+    }
+    if (!count) {
+        PORT_Free(groups);
+        return SECFailure;
+    }
+
+    *enabledGroupsCount = count;
+    *enabledGroups = groups;
+    return SECSuccess;
+}
--- a/security/nss/cmd/lib/basicutil.h
+++ b/security/nss/cmd/lib/basicutil.h
@@ -8,16 +8,17 @@
 #include "secitem.h"
 #include "secoid.h"
 #include "secoidt.h"
 #include "secport.h"
 #include "prerror.h"
 #include "base64.h"
 #include "secasn1.h"
 #include "secder.h"
+#include "sslt.h"
 #include <stdio.h>
 
 #ifdef SECUTIL_NEW
 typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
                            char *msg, int level);
 #else
 typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
 #endif
@@ -107,16 +108,20 @@ typedef struct
 
 /*  fill the "arg" and "activated" fields for each flag  */
 SECStatus
 SECU_ParseCommandLine(int argc, char **argv, char *progName,
                       const secuCommand *cmd);
 char *
 SECU_GetOptionArg(const secuCommand *cmd, int optionNum);
 
+SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
+                         unsigned int *enabledGroupsCount);
+SSLNamedGroup groupNameToNamedGroup(char *name);
+
 /*
  *
  *  Error messaging
  *
  */
 
 void printflags(char *trusts, unsigned int flags);
 
--- a/security/nss/cmd/lib/exports.gyp
+++ b/security/nss/cmd/lib/exports.gyp
@@ -11,17 +11,17 @@
       'type': 'none',
       'copies': [
         {
           'files': [
             'basicutil.h',
             'pk11table.h',
             'secutil.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/cmd/lib/lib.gyp
+++ b/security/nss/cmd/lib/lib.gyp
@@ -4,16 +4,17 @@
 {
   'includes': [
     '../../coreconf/config.gypi'
   ],
   'targets': [
     {
       'target_name': 'sectool',
       'type': 'static_library',
+      'standalone_static_library': 1,
       'sources': [
         'basicutil.c',
         'derprint.c',
         'ffs.c',
         'moreoids.c',
         'pk11table.c',
         'pppolicy.c',
         'secpwd.c',
--- a/security/nss/cmd/modutil/modutil.gyp
+++ b/security/nss/cmd/modutil/modutil.gyp
@@ -24,18 +24,18 @@
         '<(DEPTH)/exports.gyp:dbm_exports',
         '<(DEPTH)/lib/jar/jar.gyp:jar',
         '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
       ]
     }
   ],
   'target_defaults': {
     'include_dirs': [
-      '<(PRODUCT_DIR)/dist/nss/private',
-      '<(PRODUCT_DIR)/dist/dbm/private'
+      '<(nss_dist_dir)/private/nss',
+      '<(nss_dist_dir)/private/dbm'
     ],
     'defines': [
       'NSPR20',
       'YY_NO_UNPUT',
       'YY_NO_INPUT'
     ]
   },
   'variables': {
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -159,17 +159,17 @@ static void
 PrintUsageHeader(const char *progName)
 {
     fprintf(stderr,
             "Usage: %s -n rsa_nickname -p port [-BDENRbjlmrsuvx] [-w password]\n"
             "         [-t threads] [-i pid_file] [-c ciphers] [-Y] [-d dbdir] [-g numblocks]\n"
             "         [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
             "         [-V [min-version]:[max-version]] [-a sni_name]\n"
             "         [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
-            "         [-C SSLCacheEntries] [-S dsa_nickname] -Q"
+            "         [-C SSLCacheEntries] [-S dsa_nickname] -Q [-I groups]"
 #ifndef NSS_DISABLE_ECC
             " [-e ec_nickname]"
 #endif /* NSS_DISABLE_ECC */
             "\n"
             "         -U [0|1] -H [0|1|2] -W [0|1]\n",
             progName);
 }
 
@@ -219,17 +219,20 @@ PrintParameterUsage()
         "-A <ca> Nickname of a CA used to sign a stapled cert status\n"
         "-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
         "-H override default DHE server support, 0: disable, 1: enable, "
         " 2: require DH named groups\n"
         "-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
         "-c Restrict ciphers\n"
         "-Y prints cipher values allowed for parameter -c and exits\n"
         "-G enables the extended master secret extension [RFC7627]\n"
-        "-Q enables ALPN for HTTP/1.1 [RFC7301]\n",
+        "-Q enables ALPN for HTTP/1.1 [RFC7301]\n"
+        "-I comma separated list of enabled groups for TLS key exchange.\n"
+        "   The following values are valid:\n"
+        "   P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n",
         stderr);
 }
 
 static void
 Usage(const char *progName)
 {
     PrintUsageHeader(progName);
     PrintParameterUsage();
@@ -796,16 +799,18 @@ PRBool NoReuse = PR_FALSE;
 PRBool hasSidCache = PR_FALSE;
 PRBool disableLocking = PR_FALSE;
 PRBool enableSessionTickets = PR_FALSE;
 PRBool enableCompression = PR_FALSE;
 PRBool failedToNegotiateName = PR_FALSE;
 PRBool enableExtendedMasterSecret = PR_FALSE;
 PRBool zeroRTT = PR_FALSE;
 PRBool enableALPN = PR_FALSE;
+SSLNamedGroup *enabledGroups = NULL;
+unsigned int enabledGroupsCount = 0;
 
 static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX];
 static int virtServerNameIndex = 1;
 
 static char *certNicknameArray[MAX_CERT_NICKNAME_ARRAY_INDEX];
 static int certNicknameIndex = 0;
 
 static const char stopCmd[] = { "GET /stop " };
@@ -1963,16 +1968,23 @@ server_main(
         }
 
         rv = SSL_SetNextProtoNego(model_sock, alpnVal, sizeof(alpnVal));
         if (rv != SECSuccess) {
             errExit("error enabling ALPN");
         }
     }
 
+    if (enabledGroups) {
+        rv = SSL_NamedGroupConfig(model_sock, enabledGroups, enabledGroupsCount);
+        if (rv < 0) {
+            errExit("SSL_NamedGroupConfig failed");
+        }
+    }
+
     /* This cipher is not on by default. The Acceptance test
      * would like it to be. Turn this cipher on.
      */
 
     secStatus = SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
     if (secStatus != SECSuccess) {
         errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
     }
@@ -2180,17 +2192,17 @@ main(int argc, char **argv)
     char *tmp;
     char *envString;
     PRFileDesc *listen_sock;
     CERTCertificate *cert[MAX_CERT_NICKNAME_ARRAY_INDEX] = { NULL };
     SECKEYPrivateKey *privKey[MAX_CERT_NICKNAME_ARRAY_INDEX] = { NULL };
     int optionsFound = 0;
     int maxProcs = 1;
     unsigned short port = 0;
-    SECStatus rv;
+    SECStatus rv = SECSuccess;
     PRStatus prStatus;
     PRBool bindOnly = PR_FALSE;
     PRBool useLocalThreads = PR_FALSE;
     PLOptState *optstate;
     PLOptStatus status;
     PRThread *loggerThread = NULL;
     PRBool debugCache = PR_FALSE; /* bug 90518 */
     char emptyString[] = { "" };
@@ -2209,17 +2221,17 @@ main(int argc, char **argv)
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
     SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
 
     /* please keep this list of options in ASCII collating sequence.
     ** numbers, then capital letters, then lower case, alphabetical.
     ** XXX: 'B', 'E', 'q', and 'x' were used in the past but removed
     **      in 3.28, please leave some time before resuing those. */
     optstate = PL_CreateOptState(argc, argv,
-                                 "2:A:C:DGH:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:yz");
+                                 "2:A:C:DGH:I:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:yz");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
         ++optionsFound;
         switch (optstate->option) {
             case '2':
                 fileName = optstate->value;
                 break;
 
             case 'A':
@@ -2237,19 +2249,16 @@ main(int argc, char **argv)
             case 'H':
                 configureDHE = (PORT_Atoi(optstate->value) != 0);
                 break;
 
             case 'G':
                 enableExtendedMasterSecret = PR_TRUE;
                 break;
 
-            case 'I': /* reserved for OCSP multi-stapling */
-                break;
-
             case 'L':
                 logStats = PR_TRUE;
                 if (optstate->value == NULL) {
                     logPeriod = 30;
                 } else {
                     logPeriod = PORT_Atoi(optstate->value);
                     if (logPeriod <= 0)
                         logPeriod = 30;
@@ -2437,16 +2446,26 @@ main(int argc, char **argv)
             case 'Z':
                 zeroRTT = PR_TRUE;
                 break;
 
             case 'Q':
                 enableALPN = PR_TRUE;
                 break;
 
+            case 'I':
+                rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount);
+                if (rv != SECSuccess) {
+                    PL_DestroyOptState(optstate);
+                    fprintf(stderr, "Bad group specified.\n");
+                    fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+                    exit(5);
+                }
+                break;
+
             default:
             case '?':
                 fprintf(stderr, "Unrecognized or bad option specified.\n");
                 fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
                 exit(4);
                 break;
         }
     }
@@ -2740,16 +2759,19 @@ cleanup:
     }
 
     if (hasSidCache) {
         SSL_ShutdownServerSessionIDCache();
     }
     if (certStatusArena) {
         PORT_FreeArena(certStatusArena, PR_FALSE);
     }
+    if (enabledGroups) {
+        PORT_Free(enabledGroups);
+    }
     if (NSS_Shutdown() != SECSuccess) {
         SECU_PrintError(progName, "NSS_Shutdown");
         if (loggerThread) {
             PR_JoinThread(loggerThread);
         }
         PR_Cleanup();
         exit(1);
     }
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -95,16 +95,19 @@ PRBool verbose;
 int dumpServerChain = 0;
 int renegotiationsToDo = 0;
 int renegotiationsDone = 0;
 
 static char *progName;
 
 secuPWData pwdata = { PW_NONE, 0 };
 
+SSLNamedGroup *enabledGroups = NULL;
+unsigned int enabledGroupsCount = 0;
+
 void
 printSecurityInfo(PRFileDesc *fd)
 {
     CERTCertificate *cert;
     const SECItemArray *csa;
     const SECItem *scts;
     SSL3Statistics *ssl3stats = SSL_GetStatistics();
     SECStatus result;
@@ -183,17 +186,17 @@ handshakeCallback(PRFileDesc *fd, void *
 static void
 PrintUsageHeader(const char *progName)
 {
     fprintf(stderr,
             "Usage:  %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
             "[-D | -d certdir] [-C] [-b | -R root-module] \n"
             "[-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n"
             "[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
-            "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n",
+            "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]] [-I groups]\n",
             progName);
 }
 
 static void
 PrintParameterUsage(void)
 {
     fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n"
                     "%-20s handshake, 2nd_hs_name - at second handshake.\n"
@@ -250,16 +253,20 @@ PrintParameterUsage(void)
     fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y");
     fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4");
     fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
     fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
     fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
     fprintf(stderr, "%-20s Require the use of FFDHE supported groups "
                     "[I-D.ietf-tls-negotiated-ff-dhe]\n",
             "-H");
+    fprintf(stderr, "%-20s Comma separated list of enabled groups for TLS key exchange.\n"
+                    "%-20s The following values are valid:\n"
+                    "%-20s P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n",
+            "-G", "", "");
 }
 
 static void
 Usage(const char *progName)
 {
     PrintUsageHeader(progName);
     PrintParameterUsage();
     exit(1);
@@ -954,17 +961,17 @@ main(int argc, char **argv)
         }
     }
 
     SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
 
     /* XXX: 'B' was used in the past but removed in 3.28,
      *      please leave some time before resuing it. */
     optstate = PL_CreateOptState(argc, argv,
-                                 "46CDFGHKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:z");
+                                 "46CDFGHI:KM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:z");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
         switch (optstate->option) {
             case '?':
             default:
                 Usage(progName);
                 break;
 
             case '4':
@@ -997,19 +1004,16 @@ main(int argc, char **argv)
             case 'G':
                 enableExtendedMasterSecret = PR_TRUE;
                 break;
 
             case 'H':
                 requireDHNamedGroups = PR_TRUE;
                 break;
 
-            case 'I': /* reserved for OCSP multi-stapling */
-                break;
-
             case 'O':
                 serverCertAuth.shouldPause = PR_FALSE;
                 break;
 
             case 'K':
                 forceFallbackSCSV = PR_TRUE;
                 break;
 
@@ -1144,23 +1148,33 @@ main(int argc, char **argv)
             case 'W':
                 pwdata.source = PW_FROMFILE;
                 pwdata.data = PORT_Strdup(optstate->value);
                 break;
 
             case 'z':
                 enableCompression = 1;
                 break;
+
+            case 'I':
+                rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount);
+                if (rv != SECSuccess) {
+                    PL_DestroyOptState(optstate);
+                    fprintf(stderr, "Bad group specified.\n");
+                    Usage(progName);
+                }
+                break;
         }
     }
 
     PL_DestroyOptState(optstate);
 
-    if (optstatus == PL_OPT_BAD)
+    if (optstatus == PL_OPT_BAD) {
         Usage(progName);
+    }
 
     if (!host || !portno) {
         fprintf(stderr, "%s: parameters -h and -p are mandatory\n", progName);
         Usage(progName);
     }
 
     if (serverCertAuth.testFreshStatusFromSideChannel &&
         serverCertAuth.shouldPause) {
@@ -1467,16 +1481,25 @@ main(int argc, char **argv)
     rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
                        enableSignedCertTimestamps);
     if (rv != SECSuccess) {
         SECU_PrintError(progName, "error enabling signed cert timestamps");
         error = 1;
         goto done;
     }
 
+    if (enabledGroups) {
+        rv = SSL_NamedGroupConfig(s, enabledGroups, enabledGroupsCount);
+        if (rv < 0) {
+            SECU_PrintError(progName, "SSL_NamedGroupConfig failed");
+            error = 1;
+            goto done;
+        }
+    }
+
     serverCertAuth.dbHandle = CERT_GetDefaultCertDB();
 
     SSL_AuthCertificateHook(s, ownAuthCertificate, &serverCertAuth);
     if (override) {
         SSL_BadCertHook(s, ownBadCertHandler, NULL);
     }
     SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
     SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
@@ -1733,16 +1756,19 @@ done:
     if (pwdata.data) {
         PORT_Free(pwdata.data);
     }
     PORT_Free(host);
 
     if (s) {
         PR_Close(s);
     }
+    if (enabledGroups) {
+        PORT_Free(enabledGroups);
+    }
 
     if (NSS_IsInitialized()) {
         SSL_ClearSessionCache();
         if (NSS_Shutdown() != SECSuccess) {
             error = 1;
         }
     }
 
--- a/security/nss/coreconf/config.gypi
+++ b/security/nss/coreconf/config.gypi
@@ -25,30 +25,33 @@
           'target_arch%': '<(host_arch)',
         }],
         ['OS=="win"', {
           'use_system_zlib%': 0,
           'nspr_libs%': ['nspr4.lib', 'plc4.lib', 'plds4.lib'],
           #XXX: gyp breaks if these are empty!
           'nspr_lib_dir%': ' ',
           'nspr_include_dir%': ' ',
+          'nss_dist_obj_dir%': ' ',
+          'nss_dist_dir%': ' ',
           'zlib_libs%': [],
           #TODO
           'moz_debug_flags%': '',
           'dll_prefix': '',
           'dll_suffix': 'dll',
         }, {
-          # On non-windows, default to a system NSPR.
           'nspr_libs%': ['-lplds4', '-lplc4', '-lnspr4'],
-          'nspr_lib_dir%': '<!(<(python) <(DEPTH)/coreconf/nspr_lib_dir.py)',
-          'nspr_include_dir%': '<!(<(python) <(DEPTH)/coreconf/nspr_include_dir.py)',
+          'nspr_lib_dir%': '<!(<(python) <(DEPTH)/coreconf/pkg_config.py . --libs nspr)',
+          'nspr_include_dir%': '<!(<(python) <(DEPTH)/coreconf/pkg_config.py . --cflags nspr)',
+          'nss_dist_obj_dir%': '<!(<(python) <(DEPTH)/coreconf/pkg_config.py ../.. --cflags nspr)',
+          'nss_dist_dir%': '<!(<(python) <(DEPTH)/coreconf/pkg_config.py ../../.. --cflags nspr)',
           'use_system_zlib%': 1,
         }],
         ['OS=="linux" or OS=="android"', {
-          'zlib_libs%': ['<!@(<(python) <(DEPTH)/coreconf/pkg_config.py --libs zlib)'],
+          'zlib_libs%': ['<!@(<(python) <(DEPTH)/coreconf/pkg_config.py raw --libs zlib)'],
           'moz_debug_flags%': '-gdwarf-2',
           'optimize_flags%': '-O2',
           'dll_prefix': 'lib',
           'dll_suffix': 'so',
         }],
         ['OS=="mac"', {
           'zlib_libs%': ['-lz'],
           'use_system_sqlite%': 1,
@@ -71,53 +74,70 @@
     'host_arch%': '<(host_arch)',
     'target_arch%': '<(target_arch)',
     'use_system_zlib%': '<(use_system_zlib)',
     'zlib_libs%': ['<@(zlib_libs)'],
     'moz_debug_flags%': '<(moz_debug_flags)',
     'nspr_libs%': ['<@(nspr_libs)'],
     'nspr_lib_dir%': '<(nspr_lib_dir)',
     'nspr_include_dir%': '<(nspr_include_dir)',
+    'nss_dist_obj_dir%': '<(nss_dist_obj_dir)',
+    'nss_dist_dir%': '<(nss_dist_dir)',
     'use_system_sqlite%': '<(use_system_sqlite)',
     'sqlite_libs%': ['-lsqlite3'],
     'dll_prefix': '<(dll_prefix)',
     'dll_suffix': '<(dll_suffix)',
     'cc_is_clang%': '<(cc_is_clang)',
+    # Some defaults
     'disable_tests%': 0,
     'disable_chachapoly%': 0,
     'disable_dbm%': 0,
     'disable_libpkix%': 0,
-    'ssl_enable_zlib%': 1,
-    'use_asan%': 0,
+    'disable_werror%': 0,
     'mozilla_client%': 0,
     'moz_fold_libs%': 0,
     'moz_folded_library_name%': '',
+    'ssl_enable_zlib%': 1,
+    'use_asan%': 0,
+    'test_build%': 0,
   },
   'target_defaults': {
     # Settings specific to targets should go here.
     # This is mostly for linking to libraries.
     'variables': {
       'mapfile%': '',
+      'test_build%': 0,
     },
+    'standalone_static_library': 0,
     'include_dirs': [
       '<(nspr_include_dir)',
-      '<(PRODUCT_DIR)/dist/<(module)/private',
+      '<(nss_dist_dir)/private/<(module)',
     ],
     'conditions': [
       [ 'OS=="linux"', {
         'libraries': [
           '-lpthread',
           '-ldl',
           '-lc',
         ],
       }],
     ],
     'target_conditions': [
+      # If we want to properly export a static library, and copy it to lib,
+      # we need to mark it as a 'standalone_static_library'. Otherwise,
+      # the relative paths in the thin archive will break linking.
+      [ '_type=="shared_library"', {
+        'product_dir': '<(nss_dist_obj_dir)/lib'
+      }, '_type=="executable"', {
+        'product_dir': '<(nss_dist_obj_dir)/bin'
+      }, '_standalone_static_library==1', {
+        'product_dir': '<(nss_dist_obj_dir)/lib'
+      }],
       # mapfile handling
-      [ 'mapfile!=""', {
+      [ 'test_build==0 and mapfile!=""', {
         # Work around a gyp bug. Fixed upstream but not in Ubuntu packages:
         # https://chromium.googlesource.com/external/gyp/+/b85ad3e578da830377dbc1843aa4fbc5af17a192%5E%21/
         'sources': [
           '<(DEPTH)/coreconf/empty.c',
         ],
         'xcode_settings': {
           'OTHER_LDFLAGS': [
             '-exported_symbols_list',
@@ -147,16 +167,24 @@
               ],
               'outputs': [
                 '<(INTERMEDIATE_DIR)/out.>(mapfile)',
               ],
               'action': ['<@(process_map_file)'],
             }],
           }]
         ],
+      }, 'test_build==1 and _type=="shared_library"', {
+        # When linking a shared lib against a static one, XCode doesn't
+        # export the latter's symbols by default. -all_load fixes that.
+        'xcode_settings': {
+          'OTHER_LDFLAGS': [
+            '-all_load',
+          ],
+        },
       }],
       [ '_type=="shared_library" or _type=="executable"', {
         'libraries': [
           '<@(nspr_libs)',
         ],
         'library_dirs': [
           '<(nspr_lib_dir)',
         ],
@@ -208,22 +236,19 @@
         },
         'xcode_settings': {
           'CLANG_CXX_LANGUAGE_STANDARD': 'c++0x',
           'OTHER_CFLAGS': [
             '-fPIC',
             '-fno-common',
             '-pipe',
           ],
-          # TODO:
-          # 'GCC_TREAT_WARNINGS_AS_ERRORS'
-          # 'WARNING_CFLAGS'
         },
         'conditions': [
-          ['OS=="linux" or OS=="android"', {
+          [ 'OS=="linux" or OS=="android"', {
             'defines': [
               'LINUX2_1',
               'LINUX',
               'linux',
               'HAVE_STRERROR',
               'XP_UNIX',
               '_REENTRANT',
             ],
@@ -244,16 +269,21 @@
                 'ldflags': ['-m32'],
               }],
               [ 'target_arch=="x64"', {
                 'cflags': ['-m64'],
                 'ldflags': ['-m64'],
               }],
             ],
           }],
+          [ 'disable_werror==0 and (OS=="linux" or OS=="mac")', {
+            'cflags': [
+              '<!@(<(python) <(DEPTH)/coreconf/werror.py)',
+            ],
+          }],
           [ 'OS=="android" and mozilla_client==0', {
             'defines': [
               'NO_SYSINFO',
               'NO_FORK_CHECK',
               'ANDROID',
             ],
           }],
           [ 'OS=="mac"', {
@@ -280,16 +310,25 @@
             'defines': [
               '_WINDOWS',
               'WIN95',
               '_CRT_SECURE_NO_WARNINGS',
               '_CRT_NONSTDC_NO_WARNINGS',
             ],
             'cflags': [
               '-W3',
+              '-w44267', # Disable C4267: conversion from 'size_t' to 'type', possible loss of data
+              '-w44244', # Disable C4244: conversion from 'type1' to 'type2', possible loss of data
+              '-w44018', # Disable C4018: 'expression' : signed/unsigned mismatch
+              '-w44312', # Disable C4312: 'type cast': conversion from 'type1' to 'type2' of greater size
+            ],
+            'conditions': [
+              [ 'disable_werror==0', {
+                'cflags': ['-WX']
+              }]
             ],
           }],
           [ 'disable_dbm==1', {
             'defines': [
               'NSS_DISABLE_DBM',
             ],
           }],
           [ 'disable_libpkix==1', {
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -145,20 +145,16 @@ endif
 #######################################################################
 # [16.0] Global environ ment defines
 #######################################################################
 
 ifdef NSS_DISABLE_ECC
 DEFINES += -DNSS_DISABLE_ECC
 endif
 
-ifdef NSS_ECC_MORE_THAN_SUITE_B
-DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B
-endif
-
 ifdef NSS_ALLOW_UNSUPPORTED_CRITICAL
 DEFINES += -DNSS_ALLOW_UNSUPPORTED_CRITICAL
 endif
 
 ifdef BUILD_LIBPKIX_TESTS
 DEFINES += -DBUILD_LIBPKIX_TESTS
 endif
 
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
deleted file mode 100644
--- a/security/nss/coreconf/nspr_include_dir.py
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env python
-
-import os
-import subprocess
-
-def main():
-    try:
-        for part in subprocess.Popen(['pkg-config', '--cflags', 'nspr'], stdout=subprocess.PIPE, stderr=open(os.devnull, 'wb')).communicate()[0].strip().split():
-            if part.startswith('-I'):
-                print part[2:]
-                return
-    except OSError:
-        # pkg-config is probably not installed
-        pass
-
-if __name__ == '__main__':
-    main()
deleted file mode 100644
--- a/security/nss/coreconf/nspr_lib_dir.py
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env python
-
-import os
-import subprocess
-
-def main():
-    try:
-        for part in subprocess.Popen(['pkg-config', '--libs', 'nspr'], stdout=subprocess.PIPE, stderr=open(os.devnull, 'wb')).communicate()[0].strip().split():
-            if part.startswith('-L'):
-                print part[2:]
-                return
-    except OSError:
-        # pkg-config is probably not installed
-        pass
-
-if __name__ == '__main__':
-    main()
--- a/security/nss/coreconf/pkg_config.py
+++ b/security/nss/coreconf/pkg_config.py
@@ -1,15 +1,39 @@
 #!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 import os
 import subprocess
 import sys
 
 def main():
+    is_raw = sys.argv[1] == 'raw'
+    stdout = None if is_raw else subprocess.PIPE
+
+    if sys.argv[2] == '--libs':
+        part_prefix = '-L'
+    elif sys.argv[2] == '--cflags':
+        part_prefix = '-I'
+    else:
+        raise 'Specify either --libs or --cflags as the second argument.'
+
     try:
-        subprocess.Popen(['pkg-config'] + sys.argv[1:], stderr=open(os.devnull, 'wb')).wait()
+        process = subprocess.Popen(['pkg-config'] + sys.argv[2:], stdout=stdout, stderr=open(os.devnull, 'wb'))
+
     except OSError:
         # pkg-config is probably not installed
-        pass
+        return
+
+    if is_raw:
+        process.wait()
+        return
+
+    for part in process.communicate()[0].strip().split():
+        if part.startswith(part_prefix):
+            print os.path.realpath(os.path.join(part[2:], sys.argv[1]))
+            return
 
 if __name__ == '__main__':
     main()
--- a/security/nss/coreconf/sanitizers.mk
+++ b/security/nss/coreconf/sanitizers.mk
@@ -18,12 +18,18 @@ SANITIZER_LDFLAGS = $(SANITIZER_FLAGS_CO
 OS_CFLAGS += $(SANITIZER_CFLAGS)
 LDFLAGS += $(SANITIZER_LDFLAGS)
 
 # ASan needs frame pointers to save stack traces for allocation/free sites.
 # (Warning: some platforms, like ARM Linux in Thumb mode, don't have useful
 # frame pointers even with this option.)
 SANITIZER_CFLAGS += -fno-omit-frame-pointer -fno-optimize-sibling-calls
 
+ifdef BUILD_OPT
 # You probably want to be able to get debug info for failures, even with an
 # optimized build.
 OPTIMIZER += -g
+else
+# Try maintaining reasonable performance, ASan and UBSan slow things down.
+OPTIMIZER += -O1
 endif
+
+endif
new file mode 100644
--- /dev/null
+++ b/security/nss/coreconf/shlibsign.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import os
+import subprocess
+import sys
+
+def main():
+    for lib_file in sys.argv[1:]:
+        if os.path.isfile(lib_file):
+            sign(lib_file)
+
+def sign(lib_file):
+    ld_lib_path = os.path.realpath(os.path.join(lib_file, '..'))
+    bin_path = os.path.realpath(os.path.join(ld_lib_path, '../bin'))
+
+    env = os.environ.copy()
+    env['LD_LIBRARY_PATH'] = env['DYLD_LIBRARY_PATH'] = ld_lib_path
+
+    dev_null = open(os.devnull, 'wb')
+    subprocess.Popen([os.path.join(bin_path, 'shlibsign'), '-v', '-i', lib_file], env=env, stdout=dev_null, stderr=dev_null).wait()
+
+if __name__ == '__main__':
+    main()
new file mode 100644
--- /dev/null
+++ b/security/nss/coreconf/werror.py
@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+
+import os
+import subprocess
+
+def main():
+    cc = os.environ.get('CC', 'cc')
+    sink = open(os.devnull, 'wb')
+    cc_is_clang = 'clang' in subprocess.check_output([cc, '--version'], stderr=sink)
+
+    def warning_supported(warning):
+        return subprocess.call([cc, '-x', 'c', '-E', '-Werror',
+                                '-W%s' % warning, os.devnull], stdout=sink, stderr=sink) == 0
+    def can_enable():
+        # This would be a problem
+        if not warning_supported('all'):
+            return False
+
+        # If we aren't clang, make sure we have gcc 4.8 at least
+        if not cc_is_clang:
+            try:
+                v = subprocess.check_output([cc, '-dumpversion'], stderr=sink)
+                v = v.strip(' \r\n').split('.')
+                if v[0] < 4 or (v[0] == 4 and v[1] < 8):
+                    # gcc 4.8 minimum
+                    return False
+            except OSError:
+                return False
+        return True
+
+    if not can_enable():
+        print('-DNSS_NO_GCC48')
+        return
+
+    print('-Werror')
+    print('-Wall')
+
+    def set_warning(warning, contra=''):
+        if warning_supported(warning):
+            print('-W%s%s' % (contra, warning))
+
+    if cc_is_clang:
+        # clang is unable to handle glib's expansion of strcmp and similar for
+        # optimized builds, so disable the resulting errors.
+        # See https://llvm.org/bugs/show_bug.cgi?id=20144
+        for w in ['array-bounds', 'unevaluated-expression',
+                  'parentheses-equality']:
+            set_warning(w, 'no-')
+        print('-Qunused-arguments')
+
+    # set_warning('shadow') # Bug 1309068
+
+if __name__ == '__main__':
+    main()
--- a/security/nss/doc/certutil.xml
+++ b/security/nss/doc/certutil.xml
@@ -309,38 +309,37 @@ Add one or multiple extensions that cert
         <term>-p phone</term>
         <listitem><para>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-q pqgfile or curve-name</term>
         <listitem>
         <para>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <command>certutil</command> generates its own PQG value. PQG files are created with a separate DSA utility.</para>
-        <para>Elliptic curve name is one of the ones from SUITE B: nistp256, nistp384, nistp521</para>
+        <para>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</para>
         <para>
-           If NSS has been compiled with support curves outside of SUITE B:
-              sect163k1, nistk163, sect163r1, sect163r2,            
-              nistb163,  sect193r1, sect193r2, sect233k1, nistk233,            
-              sect233r1, nistb233, sect239k1, sect283k1, nistk283,            
-              sect283r1, nistb283, sect409k1, nistk409, sect409r1,            
-              nistb409,  sect571k1, nistk571, sect571r1, nistb571,            
-              secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,            
-              nistp192,  secp224k1, secp224r1, nistp224, secp256k1,            
-              secp256r1, secp384r1, secp521r1,       
-              prime192v1, prime192v2, prime192v3,          
-              prime239v1, prime239v2, prime239v3, c2pnb163v1,             
-              c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,             
-              c2tnb191v2, c2tnb191v3,              
-              c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,             
-              c2pnb272w1, c2pnb304w1,             
-              c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,             
-              secp112r2, secp128r1, secp128r2, sect113r1, sect113r2            
-              sect131r1, sect131r2    
+           If a token is available that supports more curves, the foolowing curves are supported as well:
+           sect163k1, nistk163, sect163r1, sect163r2,
+           nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
+           sect233r1, nistb233, sect239k1, sect283k1, nistk283,
+           sect283r1, nistb283, sect409k1, nistk409, sect409r1,
+           nistb409,  sect571k1, nistk571, sect571r1, nistb571,
+           secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
+           nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
+           secp256r1, secp384r1, secp521r1,
+           prime192v1, prime192v2, prime192v3,
+           prime239v1, prime239v2, prime239v3, c2pnb163v1,
+           c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
+           c2tnb191v2, c2tnb191v3,
+           c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
+           c2pnb272w1, c2pnb304w1,
+           c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
+           secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
+           sect131r1, sect131r2
         </para>
-
         </listitem>
         
       </varlistentry>
 
       <varlistentry>
         <term>-r </term>
         <listitem><para>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</para></listitem>
       </varlistentry>
--- a/security/nss/doc/html/certutil.html
+++ b/security/nss/doc/html/certutil.html
@@ -15,36 +15,35 @@ Add one or multiple extensions that cert
            </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>OID (example): 1.2.3.4</p></li><li class="listitem"><p>critical-flag: critical or not-critical</p></li><li class="listitem"><p>filename: full path to a file containing an encoded extension</p></li></ul></div></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate 
  or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent 
  unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p>
            The valid key type options are rsa, dsa, ec, or all. The default 
            value is rsa. Specifying the type of key can avoid mistakes caused by
            duplicate nicknames. Giving a key type generates a new key pair; 
            giving the ID of an existing key reuses that key pair (which is 
            required to renew certificates).
-          </p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from SUITE B: nistp256, nistp384, nistp521</p><p>
-           If NSS has been compiled with support curves outside of SUITE B:
-              sect163k1, nistk163, sect163r1, sect163r2,            
-              nistb163,  sect193r1, sect193r2, sect233k1, nistk233,            
-              sect233r1, nistb233, sect239k1, sect283k1, nistk283,            
-              sect283r1, nistb283, sect409k1, nistk409, sect409r1,            
-              nistb409,  sect571k1, nistk571, sect571r1, nistb571,            
-              secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,            
-              nistp192,  secp224k1, secp224r1, nistp224, secp256k1,            
-              secp256r1, secp384r1, secp521r1,       
-              prime192v1, prime192v2, prime192v3,          
-              prime239v1, prime239v2, prime239v3, c2pnb163v1,             
-              c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,             
-              c2tnb191v2, c2tnb191v3,              
-              c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,             
-              c2pnb272w1, c2pnb304w1,             
-              c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,             
-              secp112r2, secp128r1, secp128r2, sect113r1, sect113r2            
-              sect131r1, sect131r2    
-        </p></dd><dt><span class="term">-r </span></dt><dd><p>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</p></dd><dt><span class="term">-s subject</span></dt><dd><p>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</p></dd><dt><span class="term">-t trustargs</span></dt><dd><p>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <span class="emphasis"><em>SSL, email, object signing</em></span> for each trust setting. In each category position, use none, any, or all
+          </p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>If a token is available that supports more curves, the foolowing curves are supported as well:
+          sect163k1, nistk163, sect163r1, sect163r2,
+          nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
+          sect233r1, nistb233, sect239k1, sect283k1, nistk283,
+          sect283r1, nistb283, sect409k1, nistk409, sect409r1,
+          nistb409,  sect571k1, nistk571, sect571r1, nistb571,
+          secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
+          nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
+          secp256r1, secp384r1, secp521r1,
+          prime192v1, prime192v2, prime192v3,
+          prime239v1, prime239v2, prime239v3, c2pnb163v1,
+          c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
+          c2tnb191v2, c2tnb191v3,
+          c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
+          c2pnb272w1, c2pnb304w1,
+          c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
+          secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
+          sect131r1, sect131r2</p>
+          </dd><dt><span class="term">-r </span></dt><dd><p>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</p></dd><dt><span class="term">-s subject</span></dt><dd><p>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</p></dd><dt><span class="term">-t trustargs</span></dt><dd><p>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <span class="emphasis"><em>SSL, email, object signing</em></span> for each trust setting. In each category position, use none, any, or all
 of the attribute codes: 
 	</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 		<span class="command"><strong>p</strong></span> - Valid peer
 	</p></li><li class="listitem"><p>
 		<span class="command"><strong>P</strong></span> - Trusted peer (implies p)
 	</p></li><li class="listitem"><p>
 		<span class="command"><strong>c</strong></span> - Valid CA
 	</p></li><li class="listitem"><p>
--- a/security/nss/doc/nroff/certutil.1
+++ b/security/nss/doc/nroff/certutil.1
@@ -366,19 +366,19 @@ Specify a contact telephone number to in
 .RE
 .PP
 \-q pqgfile or curve\-name
 .RS 4
 Read an alternate PQG value from the specified file when generating DSA key pairs\&. If this argument is not used,
 \fBcertutil\fR
 generates its own PQG value\&. PQG files are created with a separate DSA utility\&.
 .sp
-Elliptic curve name is one of the ones from SUITE B: nistp256, nistp384, nistp521
+Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.
 .sp
-If NSS has been compiled with support curves outside of SUITE B: sect163k1, nistk163, sect163r1, sect163r2, nistb163, sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409, sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192, secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2 sect131r1, sect131r2
+If a token is available that supports more curves, the foolowing curves are supported as well: sect163k1, nistk163, sect163r1, sect163r2, nistb163,  sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409,  sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192,  secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2
 .RE
 .PP
 \-r
 .RS 4
 Display a certificate\*(Aqs binary DER encoding when listing information about that certificate with the \-L option\&.
 .RE
 .PP
 \-s subject
--- a/security/nss/exports.gyp
+++ b/security/nss/exports.gyp
@@ -6,17 +6,17 @@
     'coreconf/config.gypi'
   ],
   'targets': [
     {
       'target_name': 'nss_exports',
       'type': 'none',
       'direct_dependent_settings': {
         'include_dirs': [
-          '<(PRODUCT_DIR)/dist/nss/public'
+          '<(nss_dist_dir)/public/nss'
         ]
       },
       'dependencies': [
         'cmd/lib/exports.gyp:cmd_lib_exports',
         'lib/base/exports.gyp:lib_base_exports',
         'lib/certdb/exports.gyp:lib_certdb_exports',
         'lib/certhigh/exports.gyp:lib_certhigh_exports',
         'lib/ckfw/builtins/exports.gyp:lib_ckfw_builtins_exports',
@@ -59,17 +59,17 @@
     },
     {
       'target_name': 'dbm_exports',
       'type': 'none',
       'conditions': [
         ['disable_dbm==0', {
           'direct_dependent_settings': {
             'include_dirs': [
-              '<(PRODUCT_DIR)/dist/dbm/public'
+              '<(nss_dist_dir)/public/dbm'
             ]
           },
           'dependencies': [
             'lib/dbm/include/exports.gyp:lib_dbm_include_exports'
           ],
         }],
       ],
     }
--- a/security/nss/external_tests/nss_bogo_shim/config.json
+++ b/security/nss/external_tests/nss_bogo_shim/config.json
@@ -1,23 +1,11 @@
 {
     "DisabledTests": {
-        "*TLS13*":"Draft version mismatch (NSS=15, BoGo=14)",
         "FallbackSCSV-VersionMatch":"Draft version mismatch (NSS=15, BoGo=14)",
-        "SendEmptyRecords-Pass":"Draft version mismatch (NSS=15, BoGo=14)",
-        "SendSNIWarningAlert":"Draft version mismatch (NSS=15, BoGo=14)",
-        "UnknownCipher":"Draft version mismatch (NSS=15, BoGo=14)",
-        "UnknownCurve":"Draft version mismatch (NSS=15, BoGo=14)",
-        "*TrailingMessageData*":"Draft version mismatch (NSS=15, BoGo=14)",
-        "*Downgrade-TLS12*":"Draft version mismatch (NSS=15, BoGo=14)",
-        "UnknownCurve":"Draft version mismatch (NSS=15, BoGo=14)",
-        "*MissingKeyShare*":"Draft version mismatch (NSS=15, BoGo=14)",
-        "SecondClientHelloWrongCurve":"Draft version mismatch (NSS=15, BoGo=14)",
-        "*HelloRetryRequest*":"Draft version mismatch (NSS=15, BoGo=14)",
-        "*PartialEncryptedExtensionsWithServerHello*":"Draft version mismatch (NSS=15, BoGo=14)",
         "*KeyUpdate*":"KeyUpdate Unimplemented",
         "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
         "ClientAuth-SHA1-Fallback":"Disagreement about alerts. Bug 1294975",
         "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
         "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
         "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
         "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
         "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
--- a/security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
@@ -94,168 +94,154 @@ TEST_P(TlsConnectTls12, ServerAuthCheckS
 
   const DataBuffer& buffer = capture_ske->buffer();
   EXPECT_LT(3U, buffer.len());
   EXPECT_EQ(3U, buffer.data()[0]) << "curve_type == named_curve";
   uint32_t tmp;
   EXPECT_TRUE(buffer.Read(1, 2, &tmp)) << "read NamedCurve";
   EXPECT_EQ(ssl_grp_ec_curve25519, tmp);
   EXPECT_TRUE(buffer.Read(3, 1, &tmp)) << " read ECPoint";
-  CheckSigScheme(capture_ske, 4 + tmp, client_, kTlsSigSchemeRsaPssSha256,
-                 1024);
+  CheckSigScheme(capture_ske, 4 + tmp, client_, ssl_sig_rsa_pss_sha256, 1024);
 }
 
 TEST_P(TlsConnectTls12, ClientAuthCheckSigAlg) {
   EnsureTlsSetup();
   auto capture_cert_verify =
       new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
   client_->SetPacketFilter(capture_cert_verify);
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   Connect();
   CheckKeys();
 
-  CheckSigScheme(capture_cert_verify, 0, server_, kTlsSigSchemeRsaPkcs1Sha1,
-                 1024);
+  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pkcs1_sha1, 1024);
 }
 
 TEST_P(TlsConnectTls12, ClientAuthBigRsaCheckSigAlg) {
   Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
   auto capture_cert_verify =
       new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
   client_->SetPacketFilter(capture_cert_verify);
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   Connect();
   CheckKeys();
-  CheckSigScheme(capture_cert_verify, 0, server_, kTlsSigSchemeRsaPssSha256,
-                 2048);
+  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_sha256, 2048);
 }
 
-static const SSLSignatureAndHashAlg SignatureEcdsaSha384[] = {
-    {ssl_hash_sha384, ssl_sign_ecdsa}};
-static const SSLSignatureAndHashAlg SignatureEcdsaSha256[] = {
-    {ssl_hash_sha256, ssl_sign_ecdsa}};
-static const SSLSignatureAndHashAlg SignatureRsaSha384[] = {
-    {ssl_hash_sha384, ssl_sign_rsa}};
-static const SSLSignatureAndHashAlg SignatureRsaSha256[] = {
-    {ssl_hash_sha256, ssl_sign_rsa}};
+static const SSLSignatureScheme SignatureSchemeEcdsaSha384[] = {
+    ssl_sig_ecdsa_secp384r1_sha384};
+static const SSLSignatureScheme SignatureSchemeEcdsaSha256[] = {
+    ssl_sig_ecdsa_secp256r1_sha256};
+static const SSLSignatureScheme SignatureSchemeRsaSha384[] = {
+    ssl_sig_rsa_pkcs1_sha384};
+static const SSLSignatureScheme SignatureSchemeRsaSha256[] = {
+    ssl_sig_rsa_pkcs1_sha256};
 
 static SSLNamedGroup NamedGroupForEcdsa384(uint16_t version) {
   // NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and
   // 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so
   // we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519.
   if (version <= SSL_LIBRARY_VERSION_TLS_1_1) {
     return ssl_grp_ec_secp384r1;
   }
   return ssl_grp_ec_curve25519;
 }
 
 // When signature algorithms match up, this should connect successfully; even
 // for TLS 1.1 and 1.0, where they should be ignored.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmServerAuth) {
   Reset(TlsAgent::kServerEcdsa384);
-  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
   Connect();
   CheckKeys(ssl_kea_ecdh, NamedGroupForEcdsa384(version_), ssl_auth_ecdsa,
             ssl_sig_ecdsa_secp384r1_sha384);
 }
 
 // Here the client picks a single option, which should work in all versions.
 // Defaults on the server include the first option.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) {
   const SSLSignatureAndHashAlg clientAlgorithms[] = {
       {ssl_hash_sha384, ssl_sign_ecdsa},
       {ssl_hash_sha384, ssl_sign_rsa},  // supported but unusable
       {ssl_hash_md5, ssl_sign_ecdsa}    // unsupported and ignored
   };
   Reset(TlsAgent::kServerEcdsa384);
-  client_->SetSignatureAlgorithms(clientAlgorithms,
-                                  PR_ARRAY_SIZE(clientAlgorithms));
+  EnsureTlsSetup();
+  // Use the old API for this function.
+  EXPECT_EQ(SECSuccess,
+            SSL_SignaturePrefSet(client_->ssl_fd(), clientAlgorithms,
+                                 PR_ARRAY_SIZE(clientAlgorithms)));
   Connect();
   CheckKeys(ssl_kea_ecdh, NamedGroupForEcdsa384(version_), ssl_auth_ecdsa,
             ssl_sig_ecdsa_secp384r1_sha384);
 }
 
 // Here the server picks a single option, which should work in all versions.
 // Defaults on the client include the provided option.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmServerOnly) {
   Reset(TlsAgent::kServerEcdsa384);
-  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
   Connect();
   CheckKeys(ssl_kea_ecdh, NamedGroupForEcdsa384(version_), ssl_auth_ecdsa,
             ssl_sig_ecdsa_secp384r1_sha384);
 }
 
-// In TlS 1.2, a P-256 cert can be used with SHA-384.
-TEST_P(TlsConnectTls12, SignatureSchemeCurveMismatch12) {
+TEST_P(TlsConnectTls12Plus, SignatureSchemeCurveMismatch) {
   Reset(TlsAgent::kServerEcdsa256);
-  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  Connect();
-  // The scheme is reported as using secp384r1, but this is just the generic
-  // ECDSA + SHA-384 codepoint as defined in TLS 1.2.
-  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_ecdsa,
-            ssl_sig_ecdsa_secp384r1_sha384);
-}
-
-#ifndef NSS_DISABLE_TLS_1_3
-TEST_P(TlsConnectTls13, SignatureAlgorithmServerUnsupported) {
-  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
-  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
   ConnectExpectFail();
   server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
   client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
 }
 
-TEST_P(TlsConnectTls13, SignatureAlgorithmClientUnsupported) {
-  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
-  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+TEST_P(TlsConnectTls12Plus, SignatureSchemeBadConfig) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert can't be used.
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
   ConnectExpectFail();
   server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
   client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
 }
-#endif
 
 // Where there is no overlap on signature schemes, we still connect successfully
 // if we aren't going to use a signature.
 TEST_P(TlsConnectGenericPre13, SignatureAlgorithmNoOverlapStaticRsa) {
-  client_->SetSignatureAlgorithms(SignatureRsaSha384,
-                                  PR_ARRAY_SIZE(SignatureRsaSha384));
-  server_->SetSignatureAlgorithms(SignatureRsaSha256,
-                                  PR_ARRAY_SIZE(SignatureRsaSha256));
+  client_->SetSignatureSchemes(SignatureSchemeRsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeRsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeRsaSha256,
+                               PR_ARRAY_SIZE(SignatureSchemeRsaSha256));
   EnableOnlyStaticRsaCiphers();
   Connect();
   CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt);
 }
 
 TEST_P(TlsConnectTls12Plus, SignatureAlgorithmNoOverlapEcdsa) {
   Reset(TlsAgent::kServerEcdsa256);
-  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha256));
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha256,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha256));
   ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
   server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
 }
 
 // Pre 1.2, a mismatch on signature algorithms shouldn't affect anything.
 TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) {
   Reset(TlsAgent::kServerEcdsa256);
-  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
-                                  PR_ARRAY_SIZE(SignatureEcdsaSha256));
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha256,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha256));
   Connect();
 }
 
 // The signature_algorithms extension is mandatory in TLS 1.3.
 TEST_P(TlsConnectTls13, SignatureAlgorithmDrop) {
   client_->SetPacketFilter(
       new TlsExtensionDropper(ssl_signature_algorithms_xtn));
   ConnectExpectFail();
@@ -269,18 +255,18 @@ TEST_P(TlsConnectTls12, SignatureAlgorit
   client_->SetPacketFilter(
       new TlsExtensionDropper(ssl_signature_algorithms_xtn));
   ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
   server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
 }
 
 TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
-  server_->SetSignatureAlgorithms(SignatureRsaSha384,
-                                  PR_ARRAY_SIZE(SignatureRsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeRsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeRsaSha384));
   server_->RequestClientAuth(false);
   Connect();
 }
 
 class BeforeFinished : public TlsRecordFilter {
  private:
   enum HandshakeState { BEFORE_CCS, AFTER_CCS, DONE };
 
@@ -620,9 +606,122 @@ TEST_F(TlsAgentStreamTestServer, Configu
                                         &ServerCertDataRsaPkcs1Sign));
   EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
                                         &ServerCertDataRsaPkcs1Decrypt));
 
   // Configuring for only rsa_pss should work.
   EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
                                        &ServerCertDataRsaPss));
 }
+
+// mode, version, certificate, auth type, signature scheme
+typedef std::tuple<std::string, uint16_t, std::string, SSLAuthType,
+                   SSLSignatureScheme>
+    SignatureSchemeProfile;
+
+class TlsSignatureSchemeConfiguration
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<SignatureSchemeProfile> {
+ public:
+  TlsSignatureSchemeConfiguration()
+      : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())),
+        certificate_(std::get<2>(GetParam())),
+        auth_type_(std::get<3>(GetParam())),
+        signature_scheme_(std::get<4>(GetParam())) {}
+
+ protected:
+  void TestSignatureSchemeConfig(TlsAgent* configPeer) {
+    EnsureTlsSetup();
+    configPeer->SetSignatureSchemes(&signature_scheme_, 1);
+    Connect();
+    CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, auth_type_,
+              signature_scheme_);
+  }
+
+  std::string certificate_;
+  SSLAuthType auth_type_;
+  SSLSignatureScheme signature_scheme_;
+};
+
+TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigServer) {
+  Reset(certificate_);
+  TestSignatureSchemeConfig(server_);
 }
+
+TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigClient) {
+  Reset(certificate_);
+  TlsExtensionCapture* capture =
+      new TlsExtensionCapture(ssl_signature_algorithms_xtn);
+  client_->SetPacketFilter(capture);
+  TestSignatureSchemeConfig(client_);
+
+  const DataBuffer& ext = capture->extension();
+  ASSERT_EQ(2U + 2U, ext.len());
+  uint32_t v = 0;
+  ASSERT_TRUE(ext.Read(0, 2, &v));
+  EXPECT_EQ(2U, v);
+  ASSERT_TRUE(ext.Read(2, 2, &v));
+  EXPECT_EQ(signature_scheme_, static_cast<SSLSignatureScheme>(v));
+}
+
+TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigBoth) {
+  Reset(certificate_);
+  EnsureTlsSetup();
+  client_->SetSignatureSchemes(&signature_scheme_, 1);
+  server_->SetSignatureSchemes(&signature_scheme_, 1);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, auth_type_, signature_scheme_);
+}
+
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(
+        TlsConnectTestBase::kTlsModesAll, TlsConnectTestBase::kTlsV12Plus,
+        ::testing::Values(TlsAgent::kServerRsaSign),
+        ::testing::Values(ssl_auth_rsa_sign),
+        ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
+                          ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_sha256,
+                          ssl_sig_rsa_pss_sha384)));
+// PSS with SHA-512 needs a bigger key to work.
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kRsa2048),
+                       ::testing::Values(ssl_auth_rsa_sign),
+                       ::testing::Values(ssl_sig_rsa_pss_sha512)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeRsaSha1, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12,
+                       ::testing::Values(TlsAgent::kServerRsa),
+                       ::testing::Values(ssl_auth_rsa_sign),
+                       ::testing::Values(ssl_sig_rsa_pkcs1_sha1)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaP256, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kServerEcdsa256),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kServerEcdsa384),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kServerEcdsa521),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_secp521r1_sha512)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12,
+                       ::testing::Values(TlsAgent::kServerEcdsa256,
+                                         TlsAgent::kServerEcdsa384),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_sha1)));
+}
--- a/security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -19,25 +19,25 @@ extern "C" {
 #include "gtest_utils.h"
 #include "tls_connect.h"
 #include "tls_parser.h"
 
 namespace nss_test {
 
 // mode, version, cipher suite
 typedef std::tuple<std::string, uint16_t, uint16_t, SSLNamedGroup,
-                   TlsSignatureScheme>
+                   SSLSignatureScheme>
     CipherSuiteProfile;
 
 class TlsCipherSuiteTestBase : public TlsConnectTestBase {
  public:
-  TlsCipherSuiteTestBase(std::string mode, uint16_t version,
+  TlsCipherSuiteTestBase(const std::string &mode, uint16_t version,
                          uint16_t cipher_suite, SSLNamedGroup group,
-                         TlsSignatureScheme signature_scheme)
-      : TlsConnectTestBase(TlsConnectTestBase::ToMode(mode), version),
+                         SSLSignatureScheme signature_scheme)
+      : TlsConnectTestBase(mode, version),
         cipher_suite_(cipher_suite),
         group_(group),
         signature_scheme_(signature_scheme),
         csinfo_({0}) {
     SECStatus rv =
         SSL_GetCipherSuiteInfo(cipher_suite_, &csinfo_, sizeof(csinfo_));
     EXPECT_EQ(SECSuccess, rv);
     if (rv == SECSuccess) {
@@ -55,48 +55,45 @@ class TlsCipherSuiteTestBase : public Tl
     server_->EnableSingleCipher(cipher_suite_);
 
     if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
       std::vector<SSLNamedGroup> groups = {group_};
       client_->ConfigNamedGroups(groups);
       server_->ConfigNamedGroups(groups);
       kea_type_ = SSLInt_GetKEAType(group_);
 
-      SSLSignatureAndHashAlg signature_scheme = {
-          static_cast<SSLHashType>(signature_scheme_ >> 8),
-          static_cast<SSLSignType>(signature_scheme_ & 0xff)};
-      client_->SetSignatureAlgorithms(&signature_scheme, 1);
-      server_->SetSignatureAlgorithms(&signature_scheme, 1);
+      client_->SetSignatureSchemes(&signature_scheme_, 1);
+      server_->SetSignatureSchemes(&signature_scheme_, 1);
     }
   }
 
   virtual void SetupCertificate() {
     if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
       switch (signature_scheme_) {
-        case kTlsSignatureRsaPkcs1Sha256:
-        case kTlsSignatureRsaPkcs1Sha384:
-        case kTlsSignatureRsaPkcs1Sha512:
+        case ssl_sig_rsa_pkcs1_sha256:
+        case ssl_sig_rsa_pkcs1_sha384:
+        case ssl_sig_rsa_pkcs1_sha512:
           Reset(TlsAgent::kServerRsaSign);
           auth_type_ = ssl_auth_rsa_sign;
           break;
-        case kTlsSignatureRsaPssSha256:
-        case kTlsSignatureRsaPssSha384:
+        case ssl_sig_rsa_pss_sha256:
+        case ssl_sig_rsa_pss_sha384:
           Reset(TlsAgent::kServerRsaSign);
           auth_type_ = ssl_auth_rsa_sign;
           break;
-        case kTlsSignatureRsaPssSha512:
+        case ssl_sig_rsa_pss_sha512:
           // You can't fit SHA-512 PSS in a 1024-bit key.
           Reset(TlsAgent::kRsa2048);
           auth_type_ = ssl_auth_rsa_sign;
           break;
-        case kTlsSignatureEcdsaSecp256r1Sha256:
+        case ssl_sig_ecdsa_secp256r1_sha256:
           Reset(TlsAgent::kServerEcdsa256);
           auth_type_ = ssl_auth_ecdsa;
           break;
-        case kTlsSignatureEcdsaSecp384r1Sha384:
+        case ssl_sig_ecdsa_secp384r1_sha384:
           Reset(TlsAgent::kServerEcdsa384);
           auth_type_ = ssl_auth_ecdsa;
           break;
         default:
           ASSERT_TRUE(false) << "Unsupported signature scheme: "
                              << signature_scheme_;
           break;
       }
@@ -179,17 +176,17 @@ class TlsCipherSuiteTestBase : public Tl
     return limit;
   }
 
  protected:
   uint16_t cipher_suite_;
   SSLAuthType auth_type_;
   SSLKEAType kea_type_;
   SSLNamedGroup group_;
-  TlsSignatureScheme signature_scheme_;
+  SSLSignatureScheme signature_scheme_;
   SSLCipherSuiteInfo csinfo_;
 };
 
 class TlsCipherSuiteTest
     : public TlsCipherSuiteTestBase,
       public ::testing::WithParamInterface<CipherSuiteProfile> {
  public:
   TlsCipherSuiteTest()
@@ -289,30 +286,26 @@ TEST_P(TlsCipherSuiteTest, WriteLimit) {
   static const ::testing::internal::ParamGenerator<uint16_t>                   \
       k##name##Ciphers = ::testing::ValuesIn(k##name##CiphersArr);             \
   INSTANTIATE_TEST_CASE_P(                                                     \
       CipherSuite##name, TlsCipherSuiteTest,                                   \
       ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,                 \
                          TlsConnectTestBase::kTls##versions, k##name##Ciphers, \
                          groups, sigalgs));
 
-static const SSLNamedGroup kDummyNamedGroupParamsArr[] = {ssl_grp_none};
-static const auto kDummyNamedGroupParams =
-    ::testing::ValuesIn(kDummyNamedGroupParamsArr);
-static const TlsSignatureScheme kDummySignatureSchemesParamsArr[] = {
-    kTlsSignatureNone};
+static const auto kDummyNamedGroupParams = ::testing::Values(ssl_grp_none);
 static const auto kDummySignatureSchemesParams =
-    ::testing::ValuesIn(kDummySignatureSchemesParamsArr);
+    ::testing::Values(ssl_sig_none);
 
 #ifndef NSS_DISABLE_TLS_1_3
-static TlsSignatureScheme kSignatureSchemesParamsArr[] = {
-    kTlsSignatureRsaPkcs1Sha256,       kTlsSignatureRsaPkcs1Sha384,
-    kTlsSignatureRsaPkcs1Sha512,       kTlsSignatureEcdsaSecp256r1Sha256,
-    kTlsSignatureEcdsaSecp384r1Sha384, kTlsSignatureRsaPssSha256,
-    kTlsSignatureRsaPssSha384,         kTlsSignatureRsaPssSha512,
+static SSLSignatureScheme kSignatureSchemesParamsArr[] = {
+    ssl_sig_rsa_pkcs1_sha256,       ssl_sig_rsa_pkcs1_sha384,
+    ssl_sig_rsa_pkcs1_sha512,       ssl_sig_ecdsa_secp256r1_sha256,
+    ssl_sig_ecdsa_secp384r1_sha384, ssl_sig_rsa_pss_sha256,
+    ssl_sig_rsa_pss_sha384,         ssl_sig_rsa_pss_sha512,
 };
 #endif
 
 INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
                           kDummySignatureSchemesParams,
                           TLS_RSA_WITH_RC4_128_SHA,
                           TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
                           TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
@@ -367,17 +360,17 @@ INSTANTIATE_CIPHER_TEST_P(
 #ifndef NSS_DISABLE_TLS_1_3
 INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
                           ::testing::ValuesIn(kFasterDHEGroups),
                           ::testing::ValuesIn(kSignatureSchemesParamsArr),
                           TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
                           TLS_AES_256_GCM_SHA384);
 INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
                           ::testing::ValuesIn(kAllDHEGroups),
-                          ::testing::Values(kTlsSignatureEcdsaSecp384r1Sha384),
+                          ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384),
                           TLS_AES_256_GCM_SHA384);
 #endif
 
 // Fields are: version, cipher suite, bulk cipher name, secretKeySize
 struct SecStatusParams {
   uint16_t version;
   uint16_t cipher_suite;
   std::string name;
@@ -400,17 +393,17 @@ inline std::ostream &operator<<(std::ost
 
 class SecurityStatusTest
     : public TlsCipherSuiteTestBase,
       public ::testing::WithParamInterface<SecStatusParams> {
  public:
   SecurityStatusTest()
       : TlsCipherSuiteTestBase("TLS", GetParam().version,
                                GetParam().cipher_suite, ssl_grp_none,
-                               kTlsSignatureNone) {}
+                               ssl_sig_none) {}
 };
 
 // SSL_SecurityStatus produces fairly useless output when compared to
 // SSL_GetCipherSuiteInfo and SSL_GetChannelInfo, but we can't break it, so we
 // need to check it.
 TEST_P(SecurityStatusTest, CheckSecurityStatus) {
   SetupCertificate();
   EnableSingleCipher();
--- a/security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
@@ -274,18 +274,17 @@ class TlsDheSkeChangeYClient : public Tl
  * groups.  Test all combinations. */
 typedef std::tuple<std::string, uint16_t, TlsDheSkeChangeY::ChangeYTo, bool>
     DamageDHYProfile;
 class TlsDamageDHYTest
     : public TlsConnectTestBase,
       public ::testing::WithParamInterface<DamageDHYProfile> {
  public:
   TlsDamageDHYTest()
-      : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
-                           std::get<1>(GetParam())) {}
+      : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
 };
 
 TEST_P(TlsDamageDHYTest, DamageServerY) {
   EnableOnlyDheCiphers();
   if (std::get<3>(GetParam())) {
     EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
                                         SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   }
@@ -441,16 +440,64 @@ TEST_P(TlsConnectGenericPre13, WeakDHGro
 TEST_P(TlsConnectGeneric, Ffdhe3072) {
   EnableOnlyDheCiphers();
   static const std::vector<SSLNamedGroup> groups = {ssl_grp_ffdhe_3072};
   client_->ConfigNamedGroups(groups);
 
   Connect();
 }
 
+// Even though the client doesn't have DHE groups enabled the server assumes it
+// does. Because the client doesn't require named groups it accepts FF3072 as
+// custom group.
+TEST_P(TlsConnectGenericPre13, NamedGroupMismatchPre13) {
+  EnableOnlyDheCiphers();
+  static const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_3072};
+  static const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_secp256r1};
+  server_->ConfigNamedGroups(server_groups);
+  client_->ConfigNamedGroups(client_groups);
+
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_custom, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+// Same test but for TLS 1.3. This has to fail.
+TEST_P(TlsConnectTls13, NamedGroupMismatch13) {
+  EnableOnlyDheCiphers();
+  static const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_3072};
+  static const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_secp256r1};
+  server_->ConfigNamedGroups(server_groups);
+  client_->ConfigNamedGroups(client_groups);
+
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+// Even though the client doesn't have DHE groups enabled the server assumes it
+// does. The client requires named groups and thus does not accept FF3072 as
+// custom group in contrast to the previous test.
+TEST_P(TlsConnectGenericPre13, RequireNamedGroupsMismatchPre13) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  static const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_3072};
+  static const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1,
+                                                           ssl_grp_ffdhe_2048};
+  server_->ConfigNamedGroups(server_groups);
+  client_->ConfigNamedGroups(client_groups);
+
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
 TEST_P(TlsConnectGenericPre13, PreferredFfdhe) {
   EnableOnlyDheCiphers();
   static const SSLDHEGroupType groups[] = {ssl_ff_dhe_3072_group,
                                            ssl_ff_dhe_2048_group};
   EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), groups,
                                             PR_ARRAY_SIZE(groups)));
 
   Connect();
--- a/security/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
@@ -52,20 +52,18 @@ TEST_P(TlsConnectGeneric, ConnectEcdhe) 
 
 // If we pick a 256-bit cipher suite and use a P-384 certificate, the server
 // should choose P-384 for key exchange too.  Only valid for TLS == 1.2 because
 // we don't have 256-bit ciphers before then and 1.3 doesn't try to couple
 // DHE size to symmetric size.
 TEST_P(TlsConnectTls12, ConnectEcdheP384) {
   Reset(TlsAgent::kServerEcdsa384);
   ConnectWithCipherSuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
-  // This uses SHA-256 because TLS 1.2 doesn't care for the
-  // pairing of curve and hash function like in TLS 1.3.
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_ecdsa,
-            ssl_sig_ecdsa_secp256r1_sha256);
+            ssl_sig_ecdsa_secp384r1_sha384);
 }
 
 TEST_P(TlsConnectGeneric, ConnectEcdheP384Client) {
   EnsureTlsSetup();
   const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
                                              ssl_grp_ffdhe_2048};
   client_->ConfigNamedGroups(groups);
   server_->ConfigNamedGroups(groups);
@@ -173,20 +171,16 @@ TEST_P(TlsConnectGenericPre13, P384Prior
 
   Connect();
 
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
             ssl_sig_rsa_pss_sha256);
 }
 
 TEST_P(TlsConnectGenericPre13, P384PriorityFromModelSocket) {
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-  // We can't run this test with a model socket and more than suite B.
-  return;
-#endif
   EnsureModelSockets();
 
   /* Both prefer P384, set on the model socket. */
   const std::vector<SSLNamedGroup> groups = {
       ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1,
       ssl_grp_ffdhe_2048};
   client_model_->ConfigNamedGroups(groups);
   server_model_->ConfigNamedGroups(groups);
@@ -208,19 +202,17 @@ TEST_P(TlsConnectGenericPre13, UseLameGr
 
 // In TLS 1.3, we can't generate the ClientHello.
 TEST_P(TlsConnectTls13, UseLameGroup) {
   const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_sect283k1};
   client_->ConfigNamedGroups(groups);
   server_->ConfigNamedGroups(groups);
   client_->StartConnect();
   client_->Handshake();
-#ifndef NSS_ECC_MORE_THAN_SUITE_B  // TODO: remove this guard
   client_->CheckErrorCode(SSL_ERROR_NO_CIPHERS_SUPPORTED);
-#endif
 }
 
 TEST_P(TlsConnectStreamPre13, ConfiguredGroupsRenegotiate) {
   EnsureTlsSetup();
   client_->DisableAllCiphers();
   client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
 
   const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1};
@@ -358,17 +350,17 @@ TEST_P(TlsKeyExchangeTest13, NotEqualPri
 
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
             ssl_sig_rsa_pss_sha256);
   const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
   CheckKEXDetails(client_groups, shares, true);
 }
 
 TEST_P(TlsKeyExchangeTest13,
-       NotEqualPriorityWithUnsupportedIntermediateGroup13) {
+       NotEqualPriorityWithUnsupportedFFIntermediateGroup13) {
   EnsureKeyShareSetup();
 
   // As in the previous test, the server prefers ffdhe_2048. Thus, even though
   // the client doesn't support this group, the server must not regard x25519 as
   // equivalent to P-256.
   const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_curve25519,
                                                     ssl_grp_ec_secp256r1};
   const std::vector<SSLNamedGroup> server_groups = {
@@ -379,16 +371,38 @@ TEST_P(TlsKeyExchangeTest13,
   Connect();
 
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
             ssl_sig_rsa_pss_sha256);
   const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
   CheckKEXDetails(client_groups, shares, true);
 }
 
+TEST_P(TlsKeyExchangeTest13,
+       NotEqualPriorityWithUnsupportedECIntermediateGroup13) {
+  EnsureKeyShareSetup();
+
+  // As in the previous test, the server prefers P-384. Thus, even though
+  // the client doesn't support this group, the server must not regard x25519 as
+  // equivalent to P-256. The server sends a HelloRetryRequest.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_curve25519,
+                                                    ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(client_groups, shares, true);
+}
+
 TEST_P(TlsKeyExchangeTest13, EqualPriority13) {
   EnsureKeyShareSetup();
 
   // The client sends a 25519 key share while the server prefers P256.
   // We have to accept 25519 without retry because it's considered equivalent to
   // P256 by the server.
   const std::vector<SSLNamedGroup> client_groups = {
       ssl_grp_ec_curve25519, ssl_grp_ffdhe_2048, ssl_grp_ec_secp256r1};
--- a/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
@@ -113,16 +113,18 @@ class TlsExtensionInjector : public TlsH
   const uint16_t extension_;
   const DataBuffer data_;
 };
 
 class TlsExtensionTestBase : public TlsConnectTestBase {
  protected:
   TlsExtensionTestBase(Mode mode, uint16_t version)
       : TlsConnectTestBase(mode, version) {}
+  TlsExtensionTestBase(const std::string& mode, uint16_t version)
+      : TlsConnectTestBase(mode, version) {}
 
   void ClientHelloErrorTest(PacketFilter* filter,
                             uint8_t alert = kTlsAlertDecodeError) {
     auto alert_recorder = new TlsAlertRecorder();
     server_->SetPacketFilter(alert_recorder);
     if (filter) {
       client_->SetPacketFilter(filter);
     }
@@ -160,37 +162,34 @@ class TlsExtensionTestDtls : public TlsE
   TlsExtensionTestDtls() : TlsExtensionTestBase(DGRAM, GetParam()) {}
 };
 
 class TlsExtensionTest12Plus
     : public TlsExtensionTestBase,
       public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
  public:
   TlsExtensionTest12Plus()
-      : TlsExtensionTestBase(
-            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
-            std::get<1>(GetParam())) {}
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
 };
 
 class TlsExtensionTest12
     : public TlsExtensionTestBase,
       public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
  public:
   TlsExtensionTest12()
-      : TlsExtensionTestBase(
-            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
-            std::get<1>(GetParam())) {}
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
 };
 
 class TlsExtensionTest13 : public TlsExtensionTestBase,
                            public ::testing::WithParamInterface<std::string> {
  public:
   TlsExtensionTest13()
-      : TlsExtensionTestBase(TlsConnectTestBase::ToMode(GetParam()),
-                             SSL_LIBRARY_VERSION_TLS_1_3) {}
+      : TlsExtensionTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_3) {}
 
   void ConnectWithBogusVersionList(const uint8_t* buf, size_t len) {
     DataBuffer versions_buf(buf, len);
     client_->SetPacketFilter(new TlsExtensionReplacer(
         ssl_tls13_supported_versions_xtn, versions_buf));
     ConnectExpectFail();
     client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
     server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
@@ -213,29 +212,27 @@ class TlsExtensionTest13Stream : public 
       : TlsExtensionTestBase(STREAM, SSL_LIBRARY_VERSION_TLS_1_3) {}
 };
 
 class TlsExtensionTestGeneric
     : public TlsExtensionTestBase,
       public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
  public:
   TlsExtensionTestGeneric()
-      : TlsExtensionTestBase(
-            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
-            std::get<1>(GetParam())) {}
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
 };
 
 class TlsExtensionTestPre13
     : public TlsExtensionTestBase,
       public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
  public:
   TlsExtensionTestPre13()
-      : TlsExtensionTestBase(
-            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
-            std::get<1>(GetParam())) {}
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
 };
 
 TEST_P(TlsExtensionTestGeneric, DamageSniLength) {
   ClientHelloErrorTest(new TlsExtensionDamager(ssl_server_name_xtn, 1));
 }
 
 TEST_P(TlsExtensionTestGeneric, DamageSniHostLength) {
   ClientHelloErrorTest(new TlsExtensionDamager(ssl_server_name_xtn, 4));
@@ -481,35 +478,34 @@ TEST_P(TlsExtensionTestPre13, Renegotiat
   DataBuffer extension;
   ClientHelloErrorTest(
       new TlsExtensionReplacer(ssl_renegotiation_info_xtn, extension));
 }
 
 // This only works on TLS 1.2, since it relies on static RSA; otherwise libssl
 // picks the wrong cipher suite.
 TEST_P(TlsExtensionTest12, SignatureAlgorithmConfiguration) {
-  const SSLSignatureAndHashAlg algorithms[] = {
-      {ssl_hash_sha512, ssl_sign_rsa}, {ssl_hash_sha384, ssl_sign_ecdsa}};
+  const SSLSignatureScheme schemes[] = {ssl_sig_rsa_pss_sha512,
+                                        ssl_sig_rsa_pss_sha384};
 
   TlsExtensionCapture* capture =
       new TlsExtensionCapture(ssl_signature_algorithms_xtn);
-  client_->SetSignatureAlgorithms(algorithms, PR_ARRAY_SIZE(algorithms));
+  client_->SetSignatureSchemes(schemes, PR_ARRAY_SIZE(schemes));
   client_->SetPacketFilter(capture);
   EnableOnlyStaticRsaCiphers();
   Connect();
 
   const DataBuffer& ext = capture->extension();
-  EXPECT_EQ(2 + PR_ARRAY_SIZE(algorithms) * 2, ext.len());
+  EXPECT_EQ(2 + PR_ARRAY_SIZE(schemes) * 2, ext.len());
   for (size_t i = 0, cursor = 2;
-       i < PR_ARRAY_SIZE(algorithms) && cursor < ext.len(); ++i) {
-    uint32_t v;
-    EXPECT_TRUE(ext.Read(cursor++, 1, &v));
-    EXPECT_EQ(algorithms[i].hashAlg, static_cast<SSLHashType>(v));
-    EXPECT_TRUE(ext.Read(cursor++, 1, &v));
-    EXPECT_EQ(algorithms[i].sigAlg, static_cast<SSLSignType>(v));
+       i < PR_ARRAY_SIZE(schemes) && cursor < ext.len(); ++i) {
+    uint32_t v = 0;
+    EXPECT_TRUE(ext.Read(cursor, 2, &v));
+    cursor += 2;
+    EXPECT_EQ(schemes[i], static_cast<SSLSignatureScheme>(v));
   }
 }
 
 // Temporary test to verify that we choke on an empty ClientKeyShare.
 // This test will fail when we implement HelloRetryRequest.
 TEST_P(TlsExtensionTest13, EmptyClientKeyShare) {
   ClientHelloErrorTest(new TlsExtensionTruncator(ssl_tls13_key_share_xtn, 2),
                        kTlsAlertHandshakeFailure);
@@ -576,17 +572,17 @@ TEST_F(TlsExtensionTest13Stream, DropSer
   EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
 }
 
 TEST_F(TlsExtensionTest13Stream, NonEmptySignatureAlgorithms) {
   EnsureTlsSetup();
   DataBuffer sig_algs;
   size_t index = 0;
   index = sig_algs.Write(index, 2, 2);
-  index = sig_algs.Write(index, kTlsSignatureRsaPssSha256, 2);
+  index = sig_algs.Write(index, ssl_sig_rsa_pss_sha256, 2);
   server_->SetPacketFilter(
       new TlsExtensionReplacer(ssl_signature_algorithms_xtn, sig_algs));
   ConnectExpectFail();
   EXPECT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
   EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
 }
 
 TEST_F(TlsExtensionTest13Stream, AddServerSignatureAlgorithmsOnResumption) {
--- a/security/nss/external_tests/ssl_gtest/ssl_gtest.gyp
+++ b/security/nss/external_tests/ssl_gtest/ssl_gtest.gyp
@@ -7,25 +7,31 @@
     '../common/gtest.gypi',
   ],
   'targets': [
     {
       'target_name': 'ssl_gtest',
       'type': 'executable',
       'sources': [
         'libssl_internals.c',
+        'ssl_0rtt_unittest.cc',
         'ssl_agent_unittest.cc',
         'ssl_auth_unittest.cc',
+        'ssl_cert_ext_unittest.cc',
         'ssl_ciphersuite_unittest.cc',
+        'ssl_damage_unittest.cc',
         'ssl_dhe_unittest.cc',
         'ssl_drop_unittest.cc',
+        'ssl_ecdh_unittest.cc',
         'ssl_ems_unittest.cc',
         'ssl_extension_unittest.cc',
         'ssl_gtest.cc',
+        'ssl_hrr_unittest.cc',
         'ssl_loopback_unittest.cc',
+        'ssl_record_unittest.cc',
         'ssl_resumption_unittest.cc',
         'ssl_skip_unittest.cc',
         'ssl_staticrsa_unittest.cc',
         'ssl_v2_client_hello_unittest.cc',
         'ssl_version_unittest.cc',
         'test_io.cc',
         'tls_agent.cc',
         'tls_connect.cc',
--- a/security/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
@@ -165,23 +165,19 @@ TEST_P(TlsConnectGeneric, ConnectResumeC
   Reset();
   ConfigureSessionCache(RESUME_NONE, RESUME_BOTH);
   ExpectResumption(RESUME_NONE);
   Connect();
   SendReceive();
 }
 
 TEST_P(TlsConnectGenericPre13, ConnectResumeWithHigherVersion) {
-  EnsureTlsSetup();
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_1);
   SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
-  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_1);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_1);
   Connect();
 
   Reset();
   EnsureTlsSetup();
   SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_2);
   client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                            SSL_LIBRARY_VERSION_TLS_1_2);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
@@ -214,34 +210,32 @@ static int32_t SwitchCertificates(TlsAge
   return 0;  // first config
 };
 
 TEST_P(TlsConnectGeneric, ServerSNICertSwitch) {
   Connect();
   ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
 
   Reset();
-  EnsureTlsSetup();
   ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
 
   server_->SetSniCallback(SwitchCertificates);
 
   Connect();
   ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
   CheckKeys();
   EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
 }
 
 TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) {
   Reset(TlsAgent::kServerEcdsa256);
   Connect();
   ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
 
   Reset();
-  EnsureTlsSetup();
   ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
 
   // Because we configure an RSA certificate here, it only adds a second, unused
   // certificate, which has no effect on what the server uses.
   server_->SetSniCallback(SwitchCertificates);
 
   Connect();
   ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
@@ -323,93 +317,230 @@ TEST_P(TlsConnectTls13, TestTls13ResumeD
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ExpectResumption(RESUME_TICKET);
   client_->ConfigNamedGroups(kFFDHEGroups);
   server_->ConfigNamedGroups(kFFDHEGroups);
   Connect();
   CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign, ssl_sig_none);
 }
 
+// We need to enable different cipher suites at different times in the following
+// tests.  Those cipher suites need to be suited to the version.
+static uint16_t ChooseOneCipher(uint16_t version) {
+  if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    return TLS_AES_128_GCM_SHA256;
+  }
+  return TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
+}
+
+static uint16_t ChooseAnotherCipher(uint16_t version) {
+  if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    return TLS_CHACHA20_POLY1305_SHA256;
+  }
+  return TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
+}
+
 // Test that we don't resume when we can't negotiate the same cipher.
-TEST_P(TlsConnectTls13, TestTls13ResumeClientDifferentCipher) {
+TEST_P(TlsConnectGeneric, TestResumeClientDifferentCipher) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->EnableSingleCipher(ChooseOneCipher(version_));
+  Connect();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  client_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+  ExpectResumption(RESUME_NONE);
+  client_->EnableSingleCipher(ChooseAnotherCipher(version_));
+  uint16_t ticket_extension;
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    ticket_extension = ssl_tls13_pre_shared_key_xtn;
+  } else {
+    ticket_extension = ssl_session_ticket_xtn;
+  }
+  auto ticket_capture = new TlsExtensionCapture(ticket_extension);
+  client_->SetPacketFilter(ticket_capture);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  EXPECT_EQ(0U, ticket_capture->extension().len());
+}
+
+// Test that we don't resume when we can't negotiate the same cipher.
+TEST_P(TlsConnectGeneric, TestResumeServerDifferentCipher) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  server_->EnableSingleCipher(ChooseOneCipher(version_));
   Connect();
   SendReceive();  // Need to read so that we absorb the session ticket.
   CheckKeys();
 
   Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ExpectResumption(RESUME_NONE);
-  client_->EnableSingleCipher(TLS_AES_256_GCM_SHA384);
+  server_->EnableSingleCipher(ChooseAnotherCipher(version_));
   Connect();
   CheckKeys();
 }
 
-// Test that we don't resume when we can't negotiate the same cipher.
-TEST_P(TlsConnectTls13, TestTls13ResumeServerDifferentCipher) {
+class SelectedCipherSuiteReplacer : public TlsHandshakeFilter {
+ public:
+  SelectedCipherSuiteReplacer(uint16_t suite) : cipher_suite_(suite) {}
+
+ protected:
+  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerHello) {
+      return KEEP;
+    }
+
+    *output = input;
+    uint32_t temp = 0;
+    EXPECT_TRUE(input.Read(0, 2, &temp));
+    // Cipher suite is after version(2) and random(32).
+    size_t pos = 34;
+    if (temp < SSL_LIBRARY_VERSION_TLS_1_3) {
+      // In old versions, we have to skip a session_id too.
+      EXPECT_TRUE(input.Read(pos, 1, &temp));
+      pos += 1 + temp;
+    }
+    output->Write(pos, static_cast<uint32_t>(cipher_suite_), 2);
+    return CHANGE;
+  }
+
+ private:
+  uint16_t cipher_suite_;
+};
+
+// Test that the client doesn't tolerate the server picking a different cipher
+// suite for resumption.
+TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+  server_->EnableSingleCipher(ChooseOneCipher(version_));
   Connect();
-  SendReceive();  // Need to read so that we absorb the session ticket.
-  CheckKeys();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
 
   Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ExpectResumption(RESUME_NONE);
-  server_->EnableSingleCipher(TLS_AES_256_GCM_SHA384);
+  server_->SetPacketFilter(
+      new SelectedCipherSuiteReplacer(ChooseAnotherCipher(version_)));
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // The reason this test is stream only: the server is unable to decrypt
+    // the alert that the client sends, see bug 1304603.
+    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  } else {
+    server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
+  }
+}
+
+class SelectedVersionReplacer : public TlsHandshakeFilter {
+ public:
+  SelectedVersionReplacer(uint16_t version) : version_(version) {}
+
+ protected:
+  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerHello) {
+      return KEEP;
+    }
+
+    *output = input;
+    output->Write(0, static_cast<uint32_t>(version_), 2);
+    return CHANGE;
+  }
+
+ private:
+  uint16_t version_;
+};
+
+// Test how the client handles the case where the server picks a
+// lower version number on resumption.
+TEST_P(TlsConnectGenericPre13, TestResumptionOverrideVersion) {
+  uint16_t override_version = 0;
+  if (mode_ == STREAM) {
+    switch (version_) {
+      case SSL_LIBRARY_VERSION_TLS_1_0:
+        return;  // Skip the test.
+      case SSL_LIBRARY_VERSION_TLS_1_1:
+        override_version = SSL_LIBRARY_VERSION_TLS_1_0;
+        break;
+      case SSL_LIBRARY_VERSION_TLS_1_2:
+        override_version = SSL_LIBRARY_VERSION_TLS_1_1;
+        break;
+      default:
+        ASSERT_TRUE(false) << "unknown version";
+    }
+  } else {
+    if (version_ == SSL_LIBRARY_VERSION_TLS_1_2) {
+      override_version = SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+    } else {
+      ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, version_);
+      return;  // Skip the test.
+    }
+  }
+
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  // Need to use a cipher that is plausible for the lower version.
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
   Connect();
-  CheckKeys();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  // Enable the lower version on the client.
+  client_->SetVersionRange(version_ - 1, version_);
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  server_->SetPacketFilter(new SelectedVersionReplacer(override_version));
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
 }
 
 // Test that two TLS resumptions work and produce the same ticket.
 // This will change after bug 1257047 is fixed.
 TEST_F(TlsConnectTest, TestTls13ResumptionTwice) {
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+
   Connect();
   SendReceive();  // Need to read so that we absorb the session ticket.
   CheckKeys();
   uint16_t original_suite;
   EXPECT_TRUE(client_->cipher_suite(&original_suite));
 
   Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  ExpectResumption(RESUME_TICKET);
   TlsExtensionCapture* c1 =
       new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
   client_->SetPacketFilter(c1);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  ExpectResumption(RESUME_TICKET);
   Connect();
   SendReceive();
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
             ssl_sig_none);
   // The filter will go away when we reset, so save the captured extension.
   DataBuffer initialTicket(c1->extension());
   ASSERT_LT(0U, initialTicket.len());
 
   ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
   ASSERT_TRUE(!!cert1.get());
 
   Reset();
   ClearStats();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   TlsExtensionCapture* c2 =
       new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
   client_->SetPacketFilter(c2);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
   ExpectResumption(RESUME_TICKET);
   Connect();
   SendReceive();
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
             ssl_sig_none);
   ASSERT_LT(0U, c2->extension().len());
 
   ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
@@ -420,9 +551,10 @@ TEST_F(TlsConnectTest, TestTls13Resumpti
   uint16_t resumed_suite;
   EXPECT_TRUE(server_->cipher_suite(&resumed_suite));
   EXPECT_EQ(original_suite, resumed_suite);
   EXPECT_TRUE(client_->cipher_suite(&resumed_suite));
   EXPECT_EQ(original_suite, resumed_suite);
 
   ASSERT_NE(initialTicket, c2->extension());
 }
+
 }  // namespace nss_test
--- a/security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
@@ -78,18 +78,17 @@ class TlsHandshakeSkipFilter : public Tl
   bool skipped_;
 };
 
 class TlsSkipTest
     : public TlsConnectTestBase,
       public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
  protected:
   TlsSkipTest()
-      : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
-                           std::get<1>(GetParam())) {}
+      : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
 
   void ServerSkipTest(PacketFilter* filter,
                       uint8_t alert = kTlsAlertUnexpectedMessage) {
     auto alert_recorder = new TlsAlertRecorder();
     client_->SetPacketFilter(alert_recorder);
     if (filter) {
       server_->SetPacketFilter(filter);
     }
--- a/security/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
@@ -199,21 +199,19 @@ class SSLv2ClientHelloTest : public SSLv
 // Test negotiating TLS 1.0 - 1.2.
 TEST_P(SSLv2ClientHelloTest, Connect) {
   SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
   Connect();
 }
 
 // Test negotiating TLS 1.3.
 TEST_F(SSLv2ClientHelloTestF, Connect13) {
+  EnsureTlsSetup();
   SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
 
   std::vector<uint16_t> cipher_suites = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256};
   SetAvailableCipherSuites(cipher_suites);
 
   ConnectExpectFail();
   EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
 }
 
@@ -312,21 +310,19 @@ TEST_P(SSLv2ClientHelloTest, RequireSafe
   SetAvailableCipherSuites(cipher_suites);
   Connect();
 }
 
 // Connect to the server with TLS 1.1, signalling that this is a fallback from
 // a higher version. As the server doesn't support anything higher than TLS 1.1
 // it must accept the connection.
 TEST_F(SSLv2ClientHelloTestF, FallbackSCSV) {
+  EnsureTlsSetup();
   SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_1);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_1);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_1);
 
   std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                                          TLS_FALLBACK_SCSV};
   SetAvailableCipherSuites(cipher_suites);
   Connect();
 }
 
 // Connect to the server with TLS 1.1, signalling that this is a fallback from
--- a/security/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
@@ -201,31 +201,27 @@ TEST_P(TlsConnectStream, ConnectTls10And
     server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
   } else {
     client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
     server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
   }
 }
 
 TEST_F(TlsConnectTest, Tls13RejectsRehandshakeClient) {
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
+  EnsureTlsSetup();
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   Connect();
   SECStatus rv = SSL_ReHandshake(client_->ssl_fd(), PR_TRUE);
   EXPECT_EQ(SECFailure, rv);
   EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
 }
 
 TEST_F(TlsConnectTest, Tls13RejectsRehandshakeServer) {
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
+  EnsureTlsSetup();
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   Connect();
   SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
   EXPECT_EQ(SECFailure, rv);
   EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
 }
 
 TEST_P(TlsConnectGeneric, AlertBeforeServerHello) {
   EnsureTlsSetup();
--- a/security/nss/external_tests/ssl_gtest/tls_agent.cc
+++ b/security/nss/external_tests/ssl_gtest/tls_agent.cc
@@ -32,16 +32,17 @@ const char* TlsAgent::states[] = {"INIT"
 const std::string TlsAgent::kClient = "client";    // both sign and encrypt
 const std::string TlsAgent::kRsa2048 = "rsa2048";  // bigger
 const std::string TlsAgent::kServerRsa = "rsa";    // both sign and encrypt
 const std::string TlsAgent::kServerRsaSign = "rsa_sign";
 const std::string TlsAgent::kServerRsaPss = "rsa_pss";
 const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt";
 const std::string TlsAgent::kServerEcdsa256 = "ecdsa256";
 const std::string TlsAgent::kServerEcdsa384 = "ecdsa384";
+const std::string TlsAgent::kServerEcdsa521 = "ecdsa521";
 const std::string TlsAgent::kServerEcdhRsa = "ecdh_rsa";
 const std::string TlsAgent::kServerEcdhEcdsa = "ecdh_ecdsa";
 const std::string TlsAgent::kServerDsa = "dsa";
 
 TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode)
     : name_(name),
       mode_(mode),
       server_key_bits_(0),
@@ -360,83 +361,90 @@ void TlsAgent::GetVersionRange(uint16_t*
 void TlsAgent::SetExpectedVersion(uint16_t version) {
   expected_version_ = version;
 }
 
 void TlsAgent::SetServerKeyBits(uint16_t bits) { server_key_bits_ = bits; }
 
 void TlsAgent::ExpectReadWriteError() { expect_readwrite_error_ = true; }
 
-void TlsAgent::SetSignatureAlgorithms(const SSLSignatureAndHashAlg* algorithms,
-                                      size_t count) {
+void TlsAgent::SetSignatureSchemes(const SSLSignatureScheme* schemes,
+                                   size_t count) {
   EXPECT_TRUE(EnsureTlsSetup());
   EXPECT_LE(count, SSL_SignatureMaxCount());
-  EXPECT_EQ(SECSuccess, SSL_SignaturePrefSet(ssl_fd_, algorithms,
-                                             static_cast<unsigned int>(count)));
-  EXPECT_EQ(SECFailure, SSL_SignaturePrefSet(ssl_fd_, algorithms, 0))
-      << "setting no algorithms should fail and do nothing";
+  EXPECT_EQ(SECSuccess,
+            SSL_SignatureSchemePrefSet(ssl_fd_, schemes,
+                                       static_cast<unsigned int>(count)));
+  EXPECT_EQ(SECFailure, SSL_SignatureSchemePrefSet(ssl_fd_, schemes, 0))
+      << "setting no schemes should fail and do nothing";
 
-  std::vector<SSLSignatureAndHashAlg> configuredAlgorithms(count);
+  std::vector<SSLSignatureScheme> configuredSchemes(count);
   unsigned int configuredCount;
   EXPECT_EQ(SECFailure,
-            SSL_SignaturePrefGet(ssl_fd_, nullptr, &configuredCount, 1))
-      << "get algorithms, algorithms is nullptr";
-  EXPECT_EQ(SECFailure, SSL_SignaturePrefGet(ssl_fd_, &configuredAlgorithms[0],
-                                             &configuredCount, 0))
-      << "get algorithms, too little space";
+            SSL_SignatureSchemePrefGet(ssl_fd_, nullptr, &configuredCount, 1))
+      << "get schemes, schemes is nullptr";
+  EXPECT_EQ(SECFailure,
+            SSL_SignatureSchemePrefGet(ssl_fd_, &configuredSchemes[0],
+                                       &configuredCount, 0))
+      << "get schemes, too little space";
   EXPECT_EQ(SECFailure,
-            SSL_SignaturePrefGet(ssl_fd_, &configuredAlgorithms[0], nullptr,
-                                 configuredAlgorithms.size()))
-      << "get algorithms, algCountOut is nullptr";
+            SSL_SignatureSchemePrefGet(ssl_fd_, &configuredSchemes[0], nullptr,
+                                       configuredSchemes.size()))
+      << "get schemes, countOut is nullptr";
 
-  EXPECT_EQ(SECSuccess, SSL_SignaturePrefGet(ssl_fd_, &configuredAlgorithms[0],
-                                             &configuredCount,
-                                             configuredAlgorithms.size()));
-  // SignaturePrefSet drops unsupported algorithms silently, so the number that
-  // are configured might be fewer.
+  EXPECT_EQ(SECSuccess, SSL_SignatureSchemePrefGet(
+                            ssl_fd_, &configuredSchemes[0], &configuredCount,
+                            configuredSchemes.size()));
+  // SignatureSchemePrefSet drops unsupported algorithms silently, so the
+  // number that are configured might be fewer.
   EXPECT_LE(configuredCount, count);
   unsigned int i = 0;
   for (unsigned int j = 0; j < count && i < configuredCount; ++j) {
-    if (i < configuredCount &&
-        algorithms[j].hashAlg == configuredAlgorithms[i].hashAlg &&
-        algorithms[j].sigAlg == configuredAlgorithms[i].sigAlg) {
+    if (i < configuredCount && schemes[j] == configuredSchemes[i]) {
       ++i;
     }
   }
-  EXPECT_EQ(i, configuredCount) << "algorithms in use were all set";
+  EXPECT_EQ(i, configuredCount) << "schemes in use were all set";
 }
 
 void TlsAgent::CheckKEA(SSLKEAType kea_type, SSLNamedGroup kea_group,
                         size_t kea_size) const {
   EXPECT_EQ(STATE_CONNECTED, state_);
   EXPECT_EQ(kea_type, info_.keaType);
-  EXPECT_EQ(kea_group, info_.keaGroup);
   if (kea_size == 0) {
     switch (kea_group) {
       case ssl_grp_ec_curve25519:
         kea_size = 255;
         break;
       case ssl_grp_ec_secp256r1:
         kea_size = 256;
         break;
       case ssl_grp_ec_secp384r1:
         kea_size = 384;
         break;
       case ssl_grp_ffdhe_2048:
         kea_size = 2048;
         break;
+      case ssl_grp_ffdhe_3072:
+        kea_size = 3072;
+        break;
+      case ssl_grp_ffdhe_custom:
+        break;
       default:
         if (kea_type == ssl_kea_rsa) {
           kea_size = server_key_bits_;
         } else {
           EXPECT_TRUE(false) << "need to update group sizes";
         }
     }
   }
-  EXPECT_EQ(kea_size, info_.keaKeyBits);
+  if (kea_group != ssl_grp_ffdhe_custom) {
+    EXPECT_EQ(kea_size, info_.keaKeyBits);
+    EXPECT_EQ(kea_group, info_.keaGroup);
+  }
 }
 
 void TlsAgent::CheckAuthType(SSLAuthType auth_type,
                              SSLSignatureScheme sig_scheme) const {
   EXPECT_EQ(STATE_CONNECTED, state_);
   EXPECT_EQ(auth_type, info_.authType);
   EXPECT_EQ(server_key_bits_, info_.authKeyBits);
   if (expected_version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
--- a/security/nss/external_tests/ssl_gtest/tls_agent.h
+++ b/security/nss/external_tests/ssl_gtest/tls_agent.h
@@ -59,16 +59,17 @@ class TlsAgent : public PollTarget {
   static const std::string kClient;     // the client key is sign only
   static const std::string kRsa2048;    // bigger sign and encrypt for either
   static const std::string kServerRsa;  // both sign and encrypt
   static const std::string kServerRsaSign;
   static const std::string kServerRsaPss;
   static const std::string kServerRsaDecrypt;
   static const std::string kServerEcdsa256;
   static const std::string kServerEcdsa384;
+  static const std::string kServerEcdsa521;
   static const std::string kServerEcdhEcdsa;
   static const std::string kServerEcdhRsa;
   static const std::string kServerDsa;
 
   TlsAgent(const std::string& name, Role role, Mode mode);
   virtual ~TlsAgent();
 
   bool Init() {
@@ -122,18 +123,17 @@ class TlsAgent : public PollTarget {
   void GetVersionRange(uint16_t* minver, uint16_t* maxver);
   void CheckPreliminaryInfo();
   void ResetPreliminaryInfo();
   void SetExpectedVersion(uint16_t version);
   void SetServerKeyBits(uint16_t bits);
   void ExpectReadWriteError();
   void EnableFalseStart();
   void ExpectResumption();
-  void SetSignatureAlgorithms(const SSLSignatureAndHashAlg* algorithms,
-                              size_t count);
+  void SetSignatureSchemes(const SSLSignatureScheme* schemes, size_t count);
   void EnableAlpn(const uint8_t* val, size_t len);
   void CheckAlpn(SSLNextProtoState expected_state,
                  const std::string& expected = "") const;
   void EnableSrtp();
   void CheckSrtp() const;
   void CheckErrorCode(int32_t expected) const;
   void WaitForErrorCode(int32_t expected, uint32_t delay) const;
   // Send data on the socket, encrypting it.
--- a/security/nss/external_tests/ssl_gtest/tls_connect.cc
+++ b/security/nss/external_tests/ssl_gtest/tls_connect.cc
@@ -114,16 +114,20 @@ TlsConnectTestBase::TlsConnectTestBase(M
   if (mode_ == DGRAM && version_ == SSL_LIBRARY_VERSION_TLS_1_1) {
     v = "1.0";
   } else {
     v = VersionString(version_);
   }
   std::cerr << "Version: " << mode_ << " " << v << std::endl;
 }
 
+TlsConnectTestBase::TlsConnectTestBase(const std::string& mode,
+                                       uint16_t version)
+    : TlsConnectTestBase(TlsConnectTestBase::ToMode(mode), version) {}
+
 TlsConnectTestBase::~TlsConnectTestBase() {}
 
 // Check the group of each of the supported groups
 void TlsConnectTestBase::CheckGroups(
     const DataBuffer& groups, std::function<void(SSLNamedGroup)> check_group) {
   DuplicateGroupChecker group_set;
   uint32_t tmp = 0;
   EXPECT_TRUE(groups.Read(0, 2, &tmp));
@@ -190,18 +194,17 @@ void TlsConnectTestBase::TearDown() {
 void TlsConnectTestBase::Init() {
   EXPECT_TRUE(client_->Init());
   EXPECT_TRUE(server_->Init());
 
   client_->SetPeer(server_);
   server_->SetPeer(client_);
 
   if (version_) {
-    client_->SetVersionRange(version_, version_);
-    server_->SetVersionRange(version_, version_);
+    ConfigureVersion(version_);
   }
 }
 
 void TlsConnectTestBase::Reset() {
   // Take a copy of the names because they are about to disappear.
   std::string server_name = server_->name();
   std::string client_name = client_->name();
   Reset(server_name, client_name);
@@ -365,16 +368,21 @@ void TlsConnectTestBase::CheckKeys() con
 void TlsConnectTestBase::ConnectExpectFail() {
   server_->StartConnect();
   client_->StartConnect();
   Handshake();
   ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state());
   ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state());
 }
 
+void TlsConnectTestBase::ConfigureVersion(uint16_t version) {
+  client_->SetVersionRange(version, version);
+  server_->SetVersionRange(version, version);
+}
+
 void TlsConnectTestBase::SetExpectedVersion(uint16_t version) {
   client_->SetExpectedVersion(version);
   server_->SetExpectedVersion(version);
 }
 
 void TlsConnectTestBase::DisableAllCiphers() {
   EnsureTlsSetup();
   client_->DisableAllCiphers();
@@ -583,34 +591,29 @@ void TlsConnectTestBase::ExpectEarlyData
 }
 
 void TlsConnectTestBase::CheckEarlyDataAccepted() {
   client_->CheckEarlyDataAccepted(expect_early_data_accepted_);
   server_->CheckEarlyDataAccepted(expect_early_data_accepted_);
 }
 
 TlsConnectGeneric::TlsConnectGeneric()
-    : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
-                         std::get<1>(GetParam())) {}
+    : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
 
 TlsConnectPre12::TlsConnectPre12()
-    : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
-                         std::get<1>(GetParam())) {}
+    : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
 
 TlsConnectTls12::TlsConnectTls12()
-    : TlsConnectTestBase(TlsConnectTestBase::ToMode(GetParam()),
-                         SSL_LIBRARY_VERSION_TLS_1_2) {}
+    : TlsConnectTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_2) {}
 
 TlsConnectTls12Plus::TlsConnectTls12Plus()
-    : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
-                         std::get<1>(GetParam())) {}
+    : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
 
 TlsConnectTls13::TlsConnectTls13()
-    : TlsConnectTestBase(TlsConnectTestBase::ToMode(GetParam()),
-                         SSL_LIBRARY_VERSION_TLS_1_3) {}
+    : TlsConnectTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_3) {}
 
 void TlsKeyExchangeTest::EnsureKeyShareSetup() {
   EnsureTlsSetup();
   groups_capture_ = new TlsExtensionCapture(ssl_supported_groups_xtn);
   shares_capture_ = new TlsExtensionCapture(ssl_tls13_key_share_xtn);
   std::vector<PacketFilter*> captures;
   captures.push_back(groups_capture_);
   captures.push_back(shares_capture_);
--- a/security/nss/external_tests/ssl_gtest/tls_connect.h
+++ b/security/nss/external_tests/ssl_gtest/tls_connect.h
@@ -34,21 +34,18 @@ class TlsConnectTestBase : public ::test
   static ::testing::internal::ParamGenerator<uint16_t> kTlsV10V11;
   static ::testing::internal::ParamGenerator<uint16_t> kTlsV11V12;
   static ::testing::internal::ParamGenerator<uint16_t> kTlsV10ToV12;
   static ::testing::internal::ParamGenerator<uint16_t> kTlsV13;
   static ::testing::internal::ParamGenerator<uint16_t> kTlsV11Plus;
   static ::testing::internal::ParamGenerator<uint16_t> kTlsV12Plus;
   static ::testing::internal::ParamGenerator<uint16_t> kTlsVAll;
 
-  static inline Mode ToMode(const std::string& str) {
-    return str == "TLS" ? STREAM : DGRAM;
-  }
-
   TlsConnectTestBase(Mode mode, uint16_t version);
+  TlsConnectTestBase(const std::string& mode, uint16_t version);
   virtual ~TlsConnectTestBase();
 
   void SetUp();
   void TearDown();
 
   // Initialize client and server.
   void Init();
   // Clear the statistics.
@@ -79,16 +76,17 @@ class TlsConnectTestBase : public ::test
   void CheckKeys(SSLKEAType kea_type, SSLAuthType auth_type) const;
   // This version assumes defaults.
   void CheckKeys() const;
   void CheckGroups(const DataBuffer& groups,
                    std::function<void(SSLNamedGroup)> check_group);
   void CheckShares(const DataBuffer& shares,
                    std::function<void(SSLNamedGroup)> check_group);
 
+  void ConfigureVersion(uint16_t version);
   void SetExpectedVersion(uint16_t version);
   // Expect resumption of a particular type.
   void ExpectResumption(SessionResumptionMode expected);
   void DisableAllCiphers();
   void EnableOnlyStaticRsaCiphers();
   void EnableOnlyDheCiphers();
   void EnableSomeEcdhCiphers();
   void EnableExtendedMasterSecret();
@@ -122,16 +120,20 @@ class TlsConnectTestBase : public ::test
 
   // A simple value of "a", "b".  Note that the preferred value of "a" is placed
   // at the end, because the NSS API follows the now defunct NPN specification,
   // which places the preferred (and default) entry at the end of the list.
   // NSS will move this final entry to the front when used with ALPN.
   const uint8_t alpn_dummy_val_[4] = {0x01, 0x62, 0x01, 0x61};
 
  private:
+  static inline Mode ToMode(const std::string& str) {
+    return str == "TLS" ? STREAM : DGRAM;
+  }
+
   void CheckResumption(SessionResumptionMode expected);
   void CheckExtendedMasterSecret();
   void CheckEarlyDataAccepted();
 
   bool expect_extended_master_secret_;
   bool expect_early_data_accepted_;
 
   // Track groups and make sure that there are no duplicates.
--- a/security/nss/external_tests/ssl_gtest/tls_parser.h
+++ b/security/nss/external_tests/ssl_gtest/tls_parser.h
@@ -43,19 +43,16 @@ const uint8_t kTlsAlertHandshakeFailure 
 const uint8_t kTlsAlertIllegalParameter = 47;
 const uint8_t kTlsAlertDecodeError = 50;
 const uint8_t kTlsAlertDecryptError = 51;
 const uint8_t kTlsAlertMissingExtension = 109;
 const uint8_t kTlsAlertUnsupportedExtension = 110;
 const uint8_t kTlsAlertUnrecognizedName = 112;
 const uint8_t kTlsAlertNoApplicationProtocol = 120;
 
-const uint16_t kTlsSigSchemeRsaPkcs1Sha1 = 0x0201;
-const uint16_t kTlsSigSchemeRsaPssSha256 = 0x0804;
-
 const uint8_t kTlsFakeChangeCipherSpec[] = {
     kTlsChangeCipherSpecType,  // Type
     0xfe,
     0xff,  // Version
     0x00,
     0x00,
     0x00,
     0x00,
@@ -63,38 +60,16 @@ const uint8_t kTlsFakeChangeCipherSpec[]
     0x00,
     0x00,
     0x10,  // Fictitious sequence #
     0x00,
     0x01,  // Length
     0x01   // Value
 };
 
-// We don't export this yet. Yuck.
-enum TlsSignatureScheme {
-  kTlsSignatureNone = 0,
-  kTlsSignatureRsaPkcs1Sha1 = 0x0201,
-  kTlsSignatureRsaPkcs1Sha256 = 0x0401,
-  kTlsSignatureRsaPkcs1Sha384 = 0x0501,
-  kTlsSignatureRsaPkcs1Sha512 = 0x0601,
-  kTlsSignatureEcdsaSecp256r1Sha256 = 0x0403,
-  kTlsSignatureEcdsaSecp384r1Sha384 = 0x0503,
-  kTlsSignatureEcdsaSecp521r1Sha512 = 0x0603,
-  kTlsSignatureRsaPssSha256 = 0x0804,
-  kTlsSignatureRsaPssSha384 = 0x0805,
-  kTlsSignatureRsaPssSha512 = 0x0806,
-  kTlsSignatureEd25519 = 0x0807,
-  kTlsSignatureEd448 = 0x0808,
-  kTlsSignatureDsaSha1 = 0x0202,
-  kTlsSignatureDsaSha256 = 0x0402,
-  kTlsSignatureDsaSha384 = 0x0502,
-  kTlsSignatureDsaSha512 = 0x0602,
-  kTlsSignatureEcdsaSha1 = 0x0203
-};
-
 static const uint8_t kTls13PskKe = 0;
 static const uint8_t kTls13PskDhKe = 1;
 static const uint8_t kTls13PskAuth = 0;
 static const uint8_t kTls13PskSignAuth = 1;
 
 inline bool IsDtls(uint16_t version) { return (version & 0x8000) == 0x8000; }
 
 inline uint16_t NormalizeTlsVersion(uint16_t version) {
--- a/security/nss/lib/base/exports.gyp
+++ b/security/nss/lib/base/exports.gyp
@@ -10,24 +10,24 @@
       'target_name': 'lib_base_exports',
       'type': 'none',
       'copies': [
         {
           'files': [
             'nssbase.h',
             'nssbaset.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         },
         {
           'files': [
             'base.h',
             'baset.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/base/list.c
+++ b/security/nss/lib/base/list.c
@@ -47,30 +47,27 @@ static PRBool
 pointer_compare(void *a, void *b)
 {
     return (PRBool)(a == b);
 }
 
 static nssListElement *
 nsslist_get_matching_element(nssList *list, void *data)
 {
-    PRCList *link;
     nssListElement *node;
     node = list->head;
     if (!node) {
         return NULL;
     }
-    link = &node->link;
     while (node) {
         /* using a callback slows things down when it's just compare ... */
         if (list->compareFunc(node->data, data)) {
             break;
         }
-        link = &node->link;
-        if (link == PR_LIST_TAIL(&list->head->link)) {
+        if (&node->link == PR_LIST_TAIL(&list->head->link)) {
             node = NULL;
             break;
         }
         node = (nssListElement *)PR_NEXT_LINK(&node->link);
     }
     return node;
 }
 
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1290,22 +1290,26 @@ CERT_AddOKDomainName(CERTCertificate *ce
 {
     CERTOKDomainName *domainOK;
     int newNameLen;
 
     if (!hn || !(newNameLen = strlen(hn))) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
-    domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(
-        cert->arena, (sizeof *domainOK) + newNameLen);
-    if (!domainOK)
+    domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(cert->arena, sizeof(*domainOK));
+    if (!domainOK) {
         return SECFailure; /* error code is already set. */
-
-    PORT_Strcpy(domainOK->name, hn);
+    }
+    domainOK->name = (char *)PORT_ArenaZAlloc(cert->arena, newNameLen + 1);
+    if (!domainOK->name) {
+        return SECFailure; /* error code is already set. */
+    }
+
+    PORT_Strncpy(domainOK->name, hn, newNameLen + 1);
     sec_lower_string(domainOK->name);
 
     /* put at head of list. */
     domainOK->next = cert->domainOK;
     cert->domainOK = domainOK;
     return SECSuccess;
 }
 
@@ -1397,17 +1401,16 @@ cert_VerifySubjectAltName(const CERTCert
     cnBufLen = sizeof cnbuf;
 
     rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
                                 &subAltName);
     if (rv != SECSuccess) {
         goto fail;
     }
     isIPaddr = (PR_SUCCESS == PR_StringToNetAddr(hn, &netAddr));
-    rv = SECFailure;
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
         goto fail;
 
     nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
     if (!current)
         goto fail;
 
--- a/security/nss/lib/certdb/certt.h
+++ b/security/nss/lib/certdb/certt.h
@@ -728,17 +728,17 @@ struct CERTVerifyLogStr {
     PLArenaPool *arena;
     unsigned int count;
     struct CERTVerifyLogNodeStr *head;
     struct CERTVerifyLogNodeStr *tail;
 };
 
 struct CERTOKDomainNameStr {
     CERTOKDomainName *next;
-    char name[1]; /* actual length may be longer. */
+    char *name;
 };
 
 typedef SECStatus(PR_CALLBACK *CERTStatusChecker)(CERTCertDBHandle *handle,
                                                   CERTCertificate *cert,
                                                   PRTime time, void *pwArg);
 
 typedef SECStatus(PR_CALLBACK *CERTStatusDestroy)(CERTStatusConfig *handle);
 
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -2777,17 +2777,17 @@ cert_CacheCRLByGeneralName(CERTCertDBHan
     PORT_Assert(SECSuccess == rv);
     if (SECSuccess != rv) {
         SECITEM_ZfreeItem(crl, PR_TRUE);
         return SECFailure;
     }
     rv = cert_FindCRLByGeneralName(ncc, canonicalizedName, &oldEntry);
     PORT_Assert(SECSuccess == rv);
     if (SECSuccess != rv) {
-        rv = cert_ReleaseNamedCRLCache(ncc);
+        (void)cert_ReleaseNamedCRLCache(ncc);
         SECITEM_ZfreeItem(crl, PR_TRUE);
         return SECFailure;
     }
     if (SECSuccess ==
         addCRLToCache(dbhandle, crl, canonicalizedName, &newEntry)) {
         if (!oldEntry) {
             /* add new good entry to the hash table */
             if (NULL == PL_HashTableAdd(namedCRLCache.entries,
--- a/security/nss/lib/certdb/exports.gyp
+++ b/security/nss/lib/certdb/exports.gyp
@@ -11,26 +11,26 @@
       'type': 'none',
       'copies': [
         {
           'files': [
             'cert.h',
             'certdb.h',
             'certt.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         },
         {
           'files': [
             'certi.h',
             'certxutl.h',
             'genname.h',
             'xconst.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -298,17 +298,17 @@ CERT_GetPrevNameConstraint(CERTNameConst
 SECItem *
 CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
                        PLArenaPool *arena)
 {
 
     const SEC_ASN1Template *template;
 
     PORT_Assert(arena);
-    if (arena == NULL) {
+    if (arena == NULL || !genName) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     /* TODO: mark arena */
     if (dest == NULL) {
         dest = PORT_ArenaZNew(arena, SECItem);
         if (!dest)
             goto loser;
@@ -371,26 +371,27 @@ loser:
     return NULL;
 }
 
 SECItem **
 cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names)
 {
     CERTGeneralName *current_name;
     SECItem **items = NULL;
-    int count = 0;
+    int count = 1;
     int i;
     PRCList *head;
 
+    if (!names) {
+        return NULL;
+    }
+
     PORT_Assert(arena);
     /* TODO: mark arena */
     current_name = names;
-    if (names != NULL) {
-        count = 1;
-    }
     head = &(names->l);
     while (current_name->l.next != head) {
         current_name = CERT_GetNextGeneralName(current_name);
         ++count;
     }
     current_name = CERT_GetNextGeneralName(current_name);
     items = PORT_ArenaNewArray(arena, SECItem *, count + 1);
     if (items == NULL) {
@@ -705,18 +706,20 @@ cert_DecodeNameConstraintSubTree(PLArena
             first = current;
         } else {
             current->l.prev = &(last->l);
             last->l.next = &(current->l);
         }
         last = current;
         i++;
     }
-    first->l.prev = &(last->l);
-    last->l.next = &(first->l);
+    if (first && last) {
+        first->l.prev = &(last->l);
+        last->l.next = &(first->l);
+    }
     /* TODO: unmark arena */
     return first;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 CERTNameConstraints *
@@ -1064,17 +1067,17 @@ cert_ExtractDNEmailAddrs(CERTGeneralName
                 SECITEM_FreeItem(avaValue, PR_TRUE);
                 if (rv != SECSuccess)
                     goto loser;
                 nameList = cert_CombineNamesLists(nameList, newName);
             } /* handle one email AVA */
         }     /* loop over AVAs */
     }         /* loop over RDNs */
     /* combine new names with old one. */
-    name = cert_CombineNamesLists(name, nameList);
+    (void)cert_CombineNamesLists(name, nameList);
     /* TODO: unmark arena */
     return SECSuccess;
 
 loser:
     /* TODO: release arena back to mark */
     return SECFailure;
 }
 
--- a/security/nss/lib/certdb/secname.c
+++ b/security/nss/lib/certdb/secname.c
@@ -583,18 +583,21 @@ CERT_CompareName(const CERTName *a, cons
     ac = CountArray((void **)ardns);
     bc = CountArray((void **)brdns);
     if (ac < bc)
         return SECLessThan;
     if (ac > bc)
         return SECGreaterThan;
 
     for (;;) {
-        ardn = *ardns++;
-        brdn = *brdns++;
+        if (!ardns++ || !brdns++) {
+            break;
+        }
+        ardn = *ardns;
+        brdn = *brdns;
         if (!ardn) {
             break;
         }
         rv = CERT_CompareRDN(ardn, brdn);
         if (rv)
             return rv;
     }
     return rv;
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -153,18 +153,16 @@ extern const NSSError NSS_ERROR_PKCS11;
 void
 CERT_MapStanError()
 {
     PRInt32 *errorStack;
     NSSError error, prevError;
     int secError;
     int i;
 
-    error = 0;
-
     errorStack = NSS_GetErrorStack();
     if (errorStack == 0) {
         PORT_SetError(0);
         return;
     }
     error = prevError = CKR_GENERAL_ERROR;
     /* get the 'top 2' error codes from the stack */
     for (i = 0; errorStack[i]; i++) {
@@ -854,17 +852,17 @@ certdb_SaveSingleProfile(CERTCertificate
             }
         } else {
             saveit = PR_TRUE;
         }
     }
 
     if (saveit) {
         if (cc) {
-            if (stanProfile) {
+            if (stanProfile && profileTime && emailProfile) {
                 /* stanProfile is already stored in the crypto context,
                  * overwrite the data
                  */
                 NSSArena *arena = stanProfile->object.arena;
                 stanProfile->profileTime = nssItem_Create(
                     arena, NULL, profileTime->len, profileTime->data);
                 stanProfile->profileData = nssItem_Create(
                     arena, NULL, emailProfile->len, emailProfile->data);
--- a/security/nss/lib/certhigh/certhigh.c
+++ b/security/nss/lib/certhigh/certhigh.c
@@ -50,22 +50,22 @@ CERT_MatchNickname(char *name1, char *na
     }
     /* Bug 1192443 - compare the other token with the internal slot here */
     return PR_TRUE;
 }
 
 /*
  * Find all user certificates that match the given criteria.
  *
- *	"handle" - database to search
- *	"usage" - certificate usage to match
- *	"oneCertPerName" - if set then only return the "best" cert per
- *			name
- *	"validOnly" - only return certs that are curently valid
- *	"proto_win" - window handle passed to pkcs11
+ *      "handle" - database to search
+ *      "usage" - certificate usage to match
+ *      "oneCertPerName" - if set then only return the "best" cert per
+ *                      name
+ *      "validOnly" - only return certs that are curently valid
+ *      "proto_win" - window handle passed to pkcs11
  */
 CERTCertList *
 CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
                           SECCertUsage usage,
                           PRBool oneCertPerName,
                           PRBool validOnly,
                           void *proto_win)
 {
@@ -90,30 +90,30 @@ CERT_FindUserCertsByUsage(CERTCertDBHand
     }
 
     nnptr = nicknames->nicknames;
     nn = nicknames->numnicknames;
 
     while (nn > 0) {
         cert = NULL;
         /* use the pk11 call so that we pick up any certs on tokens,
-	 * which may require login
-	 */
+         * which may require login
+         */
         if (proto_win != NULL) {
             cert = PK11_FindCertFromNickname(*nnptr, proto_win);
         }
 
         /* Sigh, It turns out if the cert is already in the temp db, because
-	 * it's in the perm db, then the nickname lookup doesn't work.
-	 * since we already have the cert here, though, than we can just call
-	 * CERT_CreateSubjectCertList directly. For those cases where we didn't
-	 * find the cert in pkcs #11 (because we didn't have a password arg,
-	 * or because the nickname is for a peer, server, or CA cert, then we
-	 * go look the cert up.
-	 */
+         * it's in the perm db, then the nickname lookup doesn't work.
+         * since we already have the cert here, though, than we can just call
+         * CERT_CreateSubjectCertList directly. For those cases where we didn't
+         * find the cert in pkcs #11 (because we didn't have a password arg,
+         * or because the nickname is for a peer, server, or CA cert, then we
+         * go look the cert up.
+         */
         if (cert == NULL) {
             cert = CERT_FindCertByNickname(handle, *nnptr);
         }
 
         if (cert != NULL) {
             /* collect certs for this nickname, sorting them into the list */
             certList = CERT_CreateSubjectCertList(certList, handle,
                                                   &cert->derSubject, time, validOnly);
@@ -137,55 +137,59 @@ CERT_FindUserCertsByUsage(CERTCertDBHand
 
     /* remove any extra certs for each name */
     if (oneCertPerName) {
         PRBool *flags;
 
         nn = nicknames->numnicknames;
         nnptr = nicknames->nicknames;
 
+        if (!certList) {
+            goto loser;
+        }
+
         flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
         if (flags == NULL) {
             goto loser;
         }
 
         node = CERT_LIST_HEAD(certList);
 
         /* treverse all certs in the list */
         while (!CERT_LIST_END(node, certList)) {
 
             /* find matching nickname index */
             for (n = 0; n < nn; n++) {
                 if (CERT_MatchNickname(nnptr[n], node->cert->nickname)) {
                     /* We found a match.  If this is the first one, then
-		     * set the flag and move on to the next cert.  If this
-		     * is not the first one then delete it from the list.
-		     */
+                     * set the flag and move on to the next cert.  If this
+                     * is not the first one then delete it from the list.
+                     */
                     if (flags[n]) {
                         /* We have already seen a cert with this nickname,
-			 * so delete this one.
-			 */
+                         * so delete this one.
+                         */
                         freenode = node;
                         node = CERT_LIST_NEXT(node);
                         CERT_RemoveCertListNode(freenode);
                     } else {
                         /* keep the first cert for each nickname, but set the
-			 * flag so we know to delete any others with the same
-			 * nickname.
-			 */
+                         * flag so we know to delete any others with the same
+                         * nickname.
+                         */
                         flags[n] = PR_TRUE;
                         node = CERT_LIST_NEXT(node);
                     }
                     break;
                 }
             }
             if (n == nn) {
                 /* if we get here it means that we didn't find a matching
-		 * nickname, which should not happen.
-		 */
+                 * nickname, which should not happen.
+                 */
                 PORT_Assert(0);
                 node = CERT_LIST_NEXT(node);
             }
         }
         PORT_Free(flags);
     }
 
     goto done;
@@ -202,21 +206,21 @@ done:
     }
 
     return (certList);
 }
 
 /*
  * Find a user certificate that matchs the given criteria.
  *
- *	"handle" - database to search
- *	"nickname" - nickname to match
- *	"usage" - certificate usage to match
- *	"validOnly" - only return certs that are curently valid
- *	"proto_win" - window handle passed to pkcs11
+ *      "handle" - database to search
+ *      "nickname" - nickname to match
+ *      "usage" - certificate usage to match
+ *      "validOnly" - only return certs that are curently valid
+ *      "proto_win" - window handle passed to pkcs11
  */
 CERTCertificate *
 CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
                          const char *nickname,
                          SECCertUsage usage,
                          PRBool validOnly,
                          void *proto_win)
 {
@@ -397,17 +401,17 @@ CollectNicknames(NSSCertificate *c, void
     }
 
     /* traverse the list of collected nicknames and make sure we don't make
      * a duplicate
      */
     if (saveit) {
         nickname = STAN_GetCERTCertificateName(NULL, c);
         /* nickname can only be NULL here if we are having memory
-	 * alloc problems */
+         * alloc problems */
         if (nickname == NULL) {
             return PR_FAILURE;
         }
         node = (stringNode *)names->head;
         while (node != NULL) {
             if (PORT_Strcmp(nickname, node->string) == 0) {
                 /* if the string matches, then don't save this one */
                 saveit = PR_FALSE;
@@ -888,19 +892,19 @@ cert_ImportCAChain(SECItem *certs, int n
             if (rv == SECFailure) {
                 goto endloop;
             }
         }
 
         /* does it have the CA extension */
 
         /*
-	 * Make sure that if this is an intermediate CA in the chain that
-	 * it was given permission by its signer to be a CA.
-	 */
+         * Make sure that if this is an intermediate CA in the chain that
+         * it was given permission by its signer to be a CA.
+         */
         isca = CERT_IsCACert(newcert, &certtype);
 
         if (!isca) {
             if (!trusted) {
                 goto endloop;
             }
             trust.sslFlags = CERTDB_VALID_CA;
             trust.emailFlags = CERTDB_VALID_CA;
@@ -1075,18 +1079,18 @@ CERT_CertChainFromCert(CERTCertificate *
         }
         derCert.len = (unsigned int)stanCert->encoding.size;
         derCert.data = (unsigned char *)stanCert->encoding.data;
         derCert.type = siBuffer;
         SECITEM_CopyItem(arena, &chain->certs[i], &derCert);
         stanCert = stanChain[++i];
         if (!stanCert && !cCert->isRoot) {
             /* reached the end of the chain, but the final cert is
-	     * not a root.  Don't discard it.
-	     */
+             * not a root.  Don't discard it.
+             */
             includeRoot = PR_TRUE;
         }
         CERT_DestroyCertificate(cCert);
     }
     if (!includeRoot && len > 1) {
         chain->len = len - 1;
     } else {
         chain->len = len;
--- a/security/nss/lib/certhigh/exports.gyp
+++ b/security/nss/lib/certhigh/exports.gyp
@@ -10,24 +10,24 @@
       'target_name': 'lib_certhigh_exports',
       'type': 'none',
       'copies': [
         {
           'files': [
             'ocsp.h',
             'ocspt.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         },
         {
           'files': [
             'ocspi.h',
             'ocspti.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -4123,19 +4123,17 @@ CERT_VerifyOCSPResponseSignature(CERTOCS
     rv = DER_GeneralizedTimeToTime(&producedAt, &tbsData->producedAt);
     if (rv != SECSuccess)
         goto finish;
 
     /*
      * Just because we have a cert does not mean it is any good; check
      * it for validity, trust and usage.
      */
-    if (ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
-        rv = SECSuccess;
-    } else {
+    if (!ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
         SECCertUsage certUsage;
         if (CERT_IsCACert(signerCert, NULL)) {
             certUsage = certUsageAnyCA;
         } else {
             certUsage = certUsageStatusResponder;
         }
         rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage,
                                       producedAt, CERT_VERIFYCERT_SKIP_OCSP,
--- a/security/nss/lib/ckfw/builtins/exports.gyp
+++ b/security/nss/lib/ckfw/builtins/exports.gyp
@@ -9,17 +9,17 @@
     {
       'target_name': 'lib_ckfw_builtins_exports',
       'type': 'none',
       'copies': [
         {
           'files': [
             'nssckbi.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/ckfw/exports.gyp
+++ b/security/nss/lib/ckfw/exports.gyp
@@ -17,28 +17,28 @@
             'nssckft.h',
             'nssckfw.h',
             'nssckfwc.h',
             'nssckfwt.h',
             'nssckg.h',
             'nssckmdt.h',
             'nssckt.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         },
         {
           'files': [
             'ck.h',
             'ckfw.h',
             'ckfwm.h',
             'ckfwtm.h',
             'ckmd.h',
             'ckt.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/crmf/exports.gyp
+++ b/security/nss/lib/crmf/exports.gyp
@@ -12,26 +12,26 @@
       'copies': [
         {
           'files': [
             'cmmf.h',
             'cmmft.h',
             'crmf.h',
             'crmft.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         },
         {
           'files': [
             'cmmfi.h',
             'cmmfit.h',
             'crmfi.h',
             'crmfit.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/cryptohi/exports.gyp
+++ b/security/nss/lib/cryptohi/exports.gyp
@@ -18,20 +18,20 @@
             'cryptohi.h',
             'cryptoht.h',
             'key.h',
             'keyhi.h',
             'keyt.h',
             'keythi.h',
             'sechash.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         },
         {
           'files': [
             'keyi.h',
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
 }
--- a/security/nss/lib/dbm/include/exports.gyp
+++ b/security/nss/lib/dbm/include/exports.gyp
@@ -11,28 +11,28 @@
       'type': 'none',
       'copies': [
         {
           'files': [
             'mcom_db.h',
             'ncompat.h',
             'winfile.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/public'
+          'destination': '<(nss_dist_dir)/public/<(module)'
         },
         {
           'files': [
             'extern.h',
             'hash.h',
             'hsearch.h',
             'page.h',
             'queue.h',
             'search.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'dbm'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/dev/exports.gyp
+++ b/security/nss/lib/dev/exports.gyp
@@ -15,17 +15,17 @@
             'ckhelper.h',
             'dev.h',
             'devm.h',
             'devt.h',
             'devtm.h',
             'nssdev.h',
             'nssdevt.h'
           ],
-          'destination': '<(PRODUCT_DIR)/dist/<(module)/private'
+          'destination': '<(nss_dist_dir)/private/<(module)'
         }
       ]
     }
   ],
   'variables': {
     'module': 'nss'
   }
-}
\ No newline at end of file
+}
--- a/security/nss/lib/freebl/blapit.h
+++ b/security/nss/lib/freebl/blapit.h
@@ -73,23 +73,18 @@ typedef int __BLAPI_DEPRECATED __attribu
 /* XXX We shouldn't have to hard code this limit. For
  * now, this is the quickest way to support ECDSA signature
  * processing (ECDSA signature lengths depend on curve
  * size). This limit is sufficient for curves upto
  * 576 bits.
  */
 #define MAX_ECKEY_LEN 72 /* Bytes */
 
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-#define EC_MAX_KEY_BITS 571 /* in bits */
-#define EC_MIN_KEY_BITS 112 /* in bits */
-#else
 #define EC_MAX_KEY_BITS 521 /* in bits */
 #define EC_MIN_KEY_BITS 256 /* in bits */
-#endif
 
 /* EC point compression format */
 #define EC_POINT_FORM_COMPRESSED_Y0 0x02
 #define EC_POINT_FORM_COMPRESSED_Y1 0x03
 #define EC_POINT_FORM_UNCOMPRESSED 0x04
 #define EC_POINT_FORM_HYBRID_Y0 0x06
 #define EC_POINT_FORM_HYBRID_Y1 0x07
 
--- a/security/nss/lib/freebl/ecdecode.c
+++ b/security/nss/lib/freebl/ecdecode.c
@@ -209,371 +209,36 @@ EC_FillParams(PLArenaPool *arena, const 
         goto cleanup;
     memcpy(params->curveOID.data, oid.data, oid.len);
 
 #if EC_DEBUG
     printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
 #endif
 
     switch (tag) {
-
-        /* Binary curves */
-
-        case SEC_OID_ANSIX962_EC_C2PNB163V1:
-            /* Populate params for c2pnb163v1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2PNB163V2:
-            /* Populate params for c2pnb163v2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2PNB163V3:
-            /* Populate params for c2pnb163v3 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2PNB176V1:
-            /* Populate params for c2pnb176v1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB191V1:
-            /* Populate params for c2tnb191v1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB191V2:
-            /* Populate params for c2tnb191v2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB191V3:
-            /* Populate params for c2tnb191v3 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2PNB208W1:
-            /* Populate params for c2pnb208w1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB239V1:
-            /* Populate params for c2tnb239v1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB239V2:
-            /* Populate params for c2tnb239v2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB239V3:
-            /* Populate params for c2tnb239v3 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2PNB272W1:
-            /* Populate params for c2pnb272w1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2PNB304W1:
-            /* Populate params for c2pnb304w1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB359V1:
-            /* Populate params for c2tnb359v1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2PNB368W1:
-            /* Populate params for c2pnb368w1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_C2TNB431R1:
-            /* Populate params for c2tnb431r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT113R1:
-            /* Populate params for sect113r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT113R2:
-            /* Populate params for sect113r2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT131R1:
-            /* Populate params for sect131r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT131R2:
-            /* Populate params for sect131r2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT163K1:
-            /* Populate params for sect163k1
-     * (the NIST K-163 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT163R1:
-            /* Populate params for sect163r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT163R2:
-            /* Populate params for sect163r2
-     * (the NIST B-163 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT193R1:
-            /* Populate params for sect193r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT193R2:
-            /* Populate params for sect193r2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT233K1:
-            /* Populate params for sect233k1
-     * (the NIST K-233 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT233R1:
-            /* Populate params for sect233r1
-     * (the NIST B-233 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT239K1:
-            /* Populate params for sect239k1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT283K1:
-            /* Populate params for sect283k1
-     * (the NIST K-283 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT283R1:
-            /* Populate params for sect283r1
-     * (the NIST B-283 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT409K1:
-            /* Populate params for sect409k1
-     * (the NIST K-409 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT409R1:
-            /* Populate params for sect409r1
-     * (the NIST B-409 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT571K1:
-            /* Populate params for sect571k1
-     * (the NIST K-571 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECT571R1:
-            /* Populate params for sect571r1
-     * (the NIST B-571 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m,
-                                            params));
-            break;
-
-        /* Prime curves */
-
-        case SEC_OID_ANSIX962_EC_PRIME192V1:
-            /* Populate params for prime192v1 aka secp192r1
-     * (the NIST P-192 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_PRIME192V2:
-            /* Populate params for prime192v2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_PRIME192V3:
-            /* Populate params for prime192v3 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_PRIME239V1:
-            /* Populate params for prime239v1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_PRIME239V2:
-            /* Populate params for prime239v2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_ANSIX962_EC_PRIME239V3:
-            /* Populate params for prime239v3 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp,
-                                            params));
-            break;
-
         case SEC_OID_ANSIX962_EC_PRIME256V1:
             /* Populate params for prime256v1 aka secp256r1
-     * (the NIST P-256 curve)
-     */
+             * (the NIST P-256 curve)
+             */
             CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
                                             params));
             break;
 
-        case SEC_OID_SECG_EC_SECP112R1:
-            /* Populate params for secp112r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP112R2:
-            /* Populate params for secp112r2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP128R1:
-            /* Populate params for secp128r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP128R2:
-            /* Populate params for secp128r2 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP160K1:
-            /* Populate params for secp160k1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP160R1:
-            /* Populate params for secp160r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP160R2:
-            /* Populate params for secp160r1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP192K1:
-            /* Populate params for secp192k1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP224K1:
-            /* Populate params for secp224k1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP224R1:
-            /* Populate params for secp224r1
-     * (the NIST P-224 curve)
-     */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp,
-                                            params));
-            break;
-
-        case SEC_OID_SECG_EC_SECP256K1:
-            /* Populate params for secp256k1 */
-            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp,
-                                            params));
-            break;
-
         case SEC_OID_SECG_EC_SECP384R1:
             /* Populate params for secp384r1
-     * (the NIST P-384 curve)
-     */
+             * (the NIST P-384 curve)
+             */
             CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
                                             params));
             break;
 
         case SEC_OID_SECG_EC_SECP521R1:
             /* Populate params for secp521r1
-     * (the NIST P-521 curve)
-     */
+             * (the NIST P-521 curve)
+             */
             CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
                                             params));
             break;
 
         case SEC_OID_CURVE25519:
             /* Populate params for Curve25519 */
             CHECK_SEC_OK(gf_populate_params(ECCurve25519, ec_field_plain, params));
             break;
--- a/security/nss/lib/freebl/ecl/README
+++ b/security/nss/lib/freebl/ecl/README
@@ -19,19 +19,16 @@ access to mp_ints.
 
 ecl.h - Interface to constructors for curve parameters and group object,
 and point multiplication operations. Used by higher level algorithms
 (like ECDH and ECDSA) to actually perform elliptic curve cryptography.
 
 ecl-priv.h - Data structures and functions for internal use within the
 library.
 
-ec2.h - Internal header file that contains all functions for point
-arithmetic over binary polynomial fields.
-
 ecp.h - Internal header file that contains all functions for point
 arithmetic over prime fields.
 
 DATA STRUCTURES AND TYPES
 =========================
 
 ECCurveName (from ecl-exp.h) - Opaque name for standardized elliptic
 curve domain parameters.
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/README.FP
+++ /dev/null
@@ -1,284 +0,0 @@
-This Source Code Form is subject to the terms of the Mozilla Public
-License, v. 2.0. If a copy of the MPL was not distributed with this
-file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-The ECL exposes routines for constructing and converting curve
-parameters for internal use.
-
-The floating point code of the ECL provides algorithms for performing
-elliptic-curve point multiplications in floating point.
-
-The point multiplication algorithms perform calculations almost
-exclusively in floating point for efficiency, but have the same
-(integer) interface as the ECL for compatibility and to be easily
-wired-in to the ECL.  Please see README file (not this README.FP file)
-for information on wiring-in.
-
-This has been implemented for 3 curves as specified in [1]:
-	secp160r1
-	secp192r1
-	secp224r1
-
-RATIONALE
-=========
-Calculations are done in the  floating-point unit (FPU) since it
-gives better performance on the UltraSPARC III chips.  This is
-because the FPU allows for faster multiplication than the integer unit.
-The integer unit has a longer multiplication instruction latency, and
-does not allow full pipelining, as described in [2].
-Since performance is an important selling feature of Elliptic Curve
-Cryptography (ECC), this implementation was created.
-
-DATA REPRESENTATION
-===================
-Data is primarily represented in an array of double-precision floating
-point numbers.  Generally, each array element has 24 bits of precision
-(i.e. be x * 2^y, where x is an integer of at most 24 bits, y some positive
-integer), although the actual implementation details are more complicated.
-
-e.g. a way to store an 80 bit number might be:
-double p[4] = { 632613 * 2^0, 329841 * 2^24, 9961 * 2^48, 51 * 2^64 };
-See section ARITHMETIC OPERATIONS for more details.
-
-This implementation assumes that the floating-point unit rounding mode 
-is round-to-even as specified in IEEE 754
-(as opposed to chopping, rounding up, or rounding down).
-When subtracting integers represented as arrays of floating point 
-numbers, some coefficients (array elements) may become negative.
-This effectively gives an extra bit of precision that is important
-for correctness in some cases.
-
-The described number presentation limits the size of integers to 1023 bits.
-This is due to an upper bound of 1024 for the exponent of a double precision
-floating point number as specified in IEEE-754.
-However, this is acceptable for ECC key sizes of the foreseeable future.
-
-DATA STRUCTURES
-===============
-For more information on coordinate representations, see [3].
-
-ecfp_aff_pt
------------
-Affine EC Point Representation.  This is the basic 
-representation (x, y) of an elliptic curve point.
-
-ecfp_jac_pt
------------
-Jacobian EC Point.  This stores a point as (X, Y, Z), where
-the affine point corresponds to (X/Z^2, Y/Z^3).  This allows
-for fewer inversions in calculations.
-
-ecfp_chud_pt
-------------
-Chudnovsky Jacobian Point.  This representation stores a point
-as (X, Y, Z, Z^2, Z^3), the same as a Jacobian representation
-but also storing Z^2 and Z^3 for faster point additions.
-
-ecfp_jm_pt
-----------
-Modified Jacobian Point.  This representation stores a point
-as (X, Y, Z, a*Z^4), the same as Jacobian representation but
-also storing a*Z^4 for faster point doublings.  Here "a" represents
-the linear coefficient of x defining the curve.
-
-EC_group_fp
------------
-Stores information on the elliptic curve group for floating
-point calculations.  Contains curve specific information, as
-well as function pointers to routines, allowing different
-optimizations to be easily wired in.
-This should be made accessible from an ECGroup for the floating
-point implementations of point multiplication.
-
-POINT MULTIPLICATION ALGORITHMS
-===============================
-Elliptic Curve Point multiplication can be done at a higher level orthogonal
-to the implementation of point additions and point doublings.  There
-are a variety of algorithms that can be used.
-
-The following algorithms have been implemented:
-
-4-bit Window (Jacobian Coordinates)
-Double & Add (Jacobian & Affine Coordinates)
-5-bit Non-Adjacent Form (Modified Jacobian & Chudnovsky Jacobian)
-
-Currently, the fastest algorithm for multiplying a generic point
-is the 5-bit Non-Adjacent Form.
-
-See comments in ecp_fp.c for more details and references.
-
-SOURCE / HEADER FILES
-=====================
-
-ecp_fp.c
---------
-Main source file for floating point calculations.  Contains routines
-to convert from floating-point to integer (mp_int format), point
-multiplication algorithms, and several other routines.
-
-ecp_fp.h
---------
-Main header file.  Contains most constants used and function prototypes.
-
-ecp_fp[160, 192, 224].c
------------------------
-Source files for specific curves.  Contains curve specific code such
-as specialized reduction based on the field defining prime.  Contains
-code wiring-in different algorithms and optimizations.
-
-ecp_fpinc.c
------------
-Source file that is included by ecp_fp[160, 192, 224].c.  This generates
-functions with different preprocessor-defined names and loop iterations,
-allowing for static linking and strong compiler optimizations without
-code duplication.
-
-TESTING
-=======
-The test suite can be found in ecl/tests/ecp_fpt.  This tests and gets
-timings of the different algorithms for the curves implemented.
-
-ARITHMETIC OPERATIONS
----------------------
-The primary operations in ECC over the prime fields are modular arithmetic:
-i.e. n * m (mod p) and n + m (mod p).  In this implementation, multiplication,
-addition, and reduction are implemented as separate functions.  This
-enables computation of formulae with fewer reductions, e.g.
-(a * b) + (c * d) (mod p) rather than:
-((a * b) (mod p)) + ((c * d) (mod p)) (mod p)
-This takes advantage of the fact that the double precision mantissa in
-floating point can hold numbers up to 2^53, i.e. it has some leeway to
-store larger intermediate numbers.  See further detail in the section on 
-FLOATING POINT PRECISION.
-
-Multiplication
---------------
-Multiplication is implemented in a standard polynomial multiplication
-fashion.  The terms in opposite factors are pairwise multiplied and
-added together appropriately.  Note that the result requires twice 
-as many doubles for storage, as the bit size of the product is twice
-that of the multiplicands.
-e.g. suppose we have double n[3], m[3], r[6], and want to calculate r = n * m
-r[0] = n[0] * m[0]
-r[1] = n[0] * m[1] + n[1] * m[0]
-r[2] = n[0] * m[2] + n[1] * m[1] + n[2] * m[0]
-r[3] = n[1] * m[2] + n[2] * m[1]
-r[4] = n[2] * m[2]
-r[5] = 0 (This is used later to hold spillover from r[4], see tidying in
-the reduction section.)
-
-Addition
---------
-Addition is done term by term.  The only caveat is to be careful with
-the number of terms that need to be added.  When adding results of
-multiplication (before reduction), twice as many terms need to be added
-together.  This is done in the addLong function.
-e.g. for double n[4], m[4], r[4]:  r = n + m
-r[0] = n[0] + m[0]
-r[1] = n[1] + m[1]
-r[2] = n[2] + m[2]
-r[3] = n[3] + m[3]
-
-Modular Reduction
------------------
-For the curves implemented, reduction is possible by fast reduction
-for Generalized Mersenne Primes, as described in [4].  For the 
-floating point implementation, a significant step of the reduction 
-process is tidying:  that is, the propagation of carry bits from 
-low-order to high-order coefficients to reduce the precision of each 
-coefficient to 24 bits.
-This is done by adding and then subtracting
-ecfp_alpha, a large floating point number that induces precision roundoff.
-See [5] for more details on tidying using floating point arithmetic.
-e.g. suppose we have r = 961838 * 2^24 + 519308
-then if we set alpha = 3 * 2^51 * 2^24,
-FP(FP(r + alpha) - alpha) = 961838 * 2^24, because the precision for
-the intermediate results is limited.  Our values of alpha are chosen
-to truncate to a desired number of bits.
-
-The reduction is then performed as in [4], adding multiples of prime p.
-e.g. suppose we are working over a polynomial of 10^2.  Take the number
-2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95, stored in 5 elements
-for coefficients of 10^0, 10^2, ..., 10^8.
-We wish to reduce modulo p = 10^6 - 2 * 10^4 + 1
-We can subtract off from the higher terms
-(2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95) - (2 * 10^2) * (10^6 - 2 * 10^4 + 1)
-= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95
-= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95 - (15) * (10^6 - 2 * 10^4 + 1)
-= 83 * 10^4 + 21 * 10^2 + 80
-
-Integrated Example
-------------------
-This example shows how multiplication, addition, tidying, and reduction
-work together in our modular arithmetic.  This is simplified from the
-actual implementation, but should convey the main concepts.  
-Working over polynomials of 10^2 and with p as in the prior example,
-Let a = 16 * 10^4 + 53 * 10^2 + 33
-let b = 81 * 10^4 + 31 * 10^2 + 49
-let c = 22 * 10^4 +  0 * 10^2 + 95
-And suppose we want to compute a * b + c mod p.  
-We first do a multiplication:  then a * b =
-0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5100 * 10^4 + 3620 * 10^2 + 1617
-Then we add in c before doing reduction, allowing us to get a * b + c =
-0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712
-We then perform a tidying on the upper half of the terms:
-0 * 10^10 + 1296 * 10^8 + 4789 * 10^6
-0 * 10^10 + (1296 + 47) * 10^8 + 89 * 10^6
-0 * 10^10 + 1343 * 10^8 + 89 * 10^6
-13 * 10^10 + 43 * 10^8 + 89 * 10^6
-which then gives us
-13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712
-we then reduce modulo p similar to the reduction example above:
-13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712 
-	- (13 * 10^4 * p)
-69 * 10^8 + 89 * 10^6 + 5109 * 10^4 + 3620 * 10^2 + 1712
-	- (69 * 10^2 * p)
-227 * 10^6 + 5109 * 10^4 + 3551 * 10^2 + 1712
-	- (227 * p)
-5563 * 10^4 + 3551 * 10^2 + 1485
-finally, we do tidying to get the precision of each term down to 2 digits
-5563 * 10^4 + 3565 * 10^2 + 85
-5598 * 10^4 + 65 * 10^2 + 85
-55 * 10^6 + 98 * 10^4 + 65 * 10^2 + 85
-and perform another reduction step
-	- (55 * p)
-208 * 10^4 + 65 * 10^2 + 30
-There may be a small number of further reductions that could be done at
-this point, but this is typically done only at the end when converting
-from floating point  to an integer unit representation.
-
-FLOATING POINT PRECISION
-========================
-This section discusses the precision of floating point numbers, which
-one writing new formulae or a larger bit size should be aware of.  The
-danger is that an intermediate result may be required to store a
-mantissa larger than 53 bits, which would cause error by rounding off.
-
-Note that the tidying with IEEE rounding mode set to round-to-even
-allows negative numbers, which actually reduces the size of the double
-mantissa to 23 bits - since it rounds the mantissa to the nearest number 
-modulo 2^24, i.e. roughly between -2^23 and 2^23.
-A multiplication increases the bit size to 2^46 * n, where n is the number
-of doubles to store a number.  For the 224 bit curve, n = 10.  This gives 
-doubles of size 5 * 2^47.  Adding two of these doubles gives a result
-of size 5 * 2^48, which is less than 2^53, so this is safe.  
-Similar analysis can be done for other formulae to ensure numbers remain
-below 2^53.
-
-Extended-Precision Floating Point
----------------------------------
-Some platforms, notably x86 Linux, may use an extended-precision floating
-point representation that has a 64-bit mantissa.  [6]  Although this
-implementation is optimized for the IEEE standard 53-bit mantissa,
-it should work with the 64-bit mantissa.  A check is done at run-time
-in the function ec_set_fp_precision that detects if the precision is
-greater than 53 bits, and runs code for the 64-bit mantissa accordingly.
-
-REFERENCES
-==========
-[1] Certicom Corp., "SEC 2: Recommended Elliptic Curve Domain Parameters", Sept. 20, 2000.  www.secg.org
-[2] Sun Microsystems Inc.  UltraSPARC III Cu User's Manual, Version 1.0, May 2002, Table 4.4
-[3] H. Cohen, A. Miyaji, and T. Ono, "Efficient Elliptic Curve Exponentiation Using Mixed Coordinates".
-[4] Henk C.A. van Tilborg, Generalized Mersenne Prime.  http://www.win.tue.nl/~henkvt/GenMersenne.pdf
-[5] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2.
-[6] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2 Notes.
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/ec2.h
+++ /dev/null
@@ -1,92 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __ec2_h_
-#define __ec2_h_
-
-#include "ecl-priv.h"
-
-/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
-mp_err ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py);
-
-/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
-mp_err ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py);
-
-/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx,
- * qy). Uses affine coordinates. */
-mp_err ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py,
-                          const mp_int *qx, const mp_int *qy, mp_int *rx,
-                          mp_int *ry, const ECGroup *group);
-
-/* Computes R = P - Q.  Uses affine coordinates. */
-mp_err ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py,
-                          const mp_int *qx, const mp_int *qy, mp_int *rx,
-                          mp_int *ry, const ECGroup *group);
-
-/* Computes R = 2P.  Uses affine coordinates. */
-mp_err ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
-                          mp_int *ry, const ECGroup *group);
-
-/* Validates a point on a GF2m curve. */
-mp_err ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group);
-
-/* by default, this routine is unused and thus doesn't need to be compiled */
-#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the irreducible that
- * determines the field GF2m.  Uses affine coordinates. */
-mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px,
-                          const mp_int *py, mp_int *rx, mp_int *ry,
-                          const ECGroup *group);
-#endif
-
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the irreducible that
- * determines the field GF2m.  Uses Montgomery projective coordinates. */
-mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px,
-                           const mp_int *py, mp_int *rx, mp_int *ry,
-                           const ECGroup *group);
-
-#ifdef ECL_ENABLE_GF2M_PROJ
-/* Converts a point P(px, py) from affine coordinates to projective
- * coordinates R(rx, ry, rz). */
-mp_err ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
-                           mp_int *ry, mp_int *rz, const ECGroup *group);
-
-/* Converts a point P(px, py, pz) from projective coordinates to affine
- * coordinates R(rx, ry). */
-mp_err ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py,
-                           const mp_int *pz, mp_int *rx, mp_int *ry,
-                           const ECGroup *group);
-
-/* Checks if point P(px, py, pz) is at infinity.  Uses projective
- * coordinates. */
-mp_err ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
-                              const mp_int *pz);
-
-/* Sets P(px, py, pz) to be the point at infinity.  Uses projective
- * coordinates. */
-mp_err ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz);
-
-/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
- * (qx, qy, qz).  Uses projective coordinates. */
-mp_err ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py,
-                           const mp_int *pz, const mp_int *qx,
-                           const mp_int *qy, mp_int *rx, mp_int *ry,
-                           mp_int *rz, const ECGroup *group);
-
-/* Computes R = 2P.  Uses projective coordinates. */
-mp_err ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py,
-                           const mp_int *pz, mp_int *rx, mp_int *ry,
-                           mp_int *rz, const ECGroup *group);
-
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the prime that
- * determines the field GF2m.  Uses projective coordinates. */
-mp_err ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px,
-                           const mp_int *py, mp_int *rx, mp_int *ry,
-                           const ECGroup *group);
-#endif
-
-#endif /* __ec2_h_ */
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/ec2_163.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ec2.h"
-#include "mp_gf2m.h"
-#include "mp_gf2m-priv.h"
-#include "mpi.h"
-#include "mpi-priv.h"
-#include <stdlib.h>
-
-/* Fast reduction for polynomials over a 163-bit curve. Assumes reduction
- * polynomial with terms {163, 7, 6, 3, 0}. */
-mp_err
-ec_GF2m_163_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit *u, z;
-
-    if (a != r) {
-        MP_CHECKOK(mp_copy(a, r));
-    }
-#ifdef ECL_SIXTY_FOUR_BIT
-    if (MP_USED(r) < 6) {
-        MP_CHECKOK(s_mp_pad(r, 6));
-    }
-    u = MP_DIGITS(r);
-    MP_USED(r) = 6;
-
-    /* u[5] only has 6 significant bits */
-    z = u[5];
-    u[2] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
-    z = u[4];
-    u[2] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
-    u[1] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
-    z = u[3];
-    u[1] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
-    u[0] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
-    z = u[2] >> 35; /* z only has 29 significant bits */
-    u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
-    /* clear bits above 163 */
-    u[5] = u[4] = u[3] = 0;
-    u[2] ^= z << 35;
-#else
-    if (MP_USED(r) < 11) {
-        MP_CHECKOK(s_mp_pad(r, 11));
-    }
-    u = MP_DIGITS(r);
-    MP_USED(r) = 11;
-
-    /* u[11] only has 6 significant bits */
-    z = u[10];
-    u[5] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
-    u[4] ^= (z << 29);
-    z = u[9];
-    u[5] ^= (z >> 28) ^ (z >> 29);
-    u[4] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
-    u[3] ^= (z << 29);
-    z = u[8];
-    u[4] ^= (z >> 28) ^ (z >> 29);
-    u[3] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
-    u[2] ^= (z << 29);
-    z = u[7];
-    u[3] ^= (z >> 28) ^ (z >> 29);
-    u[2] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
-    u[1] ^= (z << 29);
-    z = u[6];
-    u[2] ^= (z >> 28) ^ (z >> 29);
-    u[1] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
-    u[0] ^= (z << 29);
-    z = u[5] >> 3; /* z only has 29 significant bits */
-    u[1] ^= (z >> 25) ^ (z >> 26);
-    u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
-    /* clear bits above 163 */
-    u[11] = u[10] = u[9] = u[8] = u[7] = u[6] = 0;
-    u[5] ^= z << 3;
-#endif
-    s_mp_clamp(r);
-
-CLEANUP:
-    return res;
-}
-
-/* Fast squaring for polynomials over a 163-bit curve. Assumes reduction
- * polynomial with terms {163, 7, 6, 3, 0}. */
-mp_err
-ec_GF2m_163_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit *u, *v;
-
-    v = MP_DIGITS(a);
-
-#ifdef ECL_SIXTY_FOUR_BIT
-    if (MP_USED(a) < 3) {
-        return mp_bsqrmod(a, meth->irr_arr, r);
-    }
-    if (MP_USED(r) < 6) {
-        MP_CHECKOK(s_mp_pad(r, 6));
-    }
-    MP_USED(r) = 6;
-#else
-    if (MP_USED(a) < 6) {
-        return mp_bsqrmod(a, meth->irr_arr, r);
-    }
-    if (MP_USED(r) < 12) {
-        MP_CHECKOK(s_mp_pad(r, 12));
-    }
-    MP_USED(r) = 12;
-#endif
-    u = MP_DIGITS(r);
-
-#ifdef ECL_THIRTY_TWO_BIT
-    u[11] = gf2m_SQR1(v[5]);
-    u[10] = gf2m_SQR0(v[5]);
-    u[9] = gf2m_SQR1(v[4]);
-    u[8] = gf2m_SQR0(v[4]);
-    u[7] = gf2m_SQR1(v[3]);
-    u[6] = gf2m_SQR0(v[3]);
-#endif
-    u[5] = gf2m_SQR1(v[2]);
-    u[4] = gf2m_SQR0(v[2]);
-    u[3] = gf2m_SQR1(v[1]);
-    u[2] = gf2m_SQR0(v[1]);
-    u[1] = gf2m_SQR1(v[0]);
-    u[0] = gf2m_SQR0(v[0]);
-    return ec_GF2m_163_mod(r, r, meth);
-
-CLEANUP:
-    return res;
-}
-
-/* Fast multiplication for polynomials over a 163-bit curve. Assumes
- * reduction polynomial with terms {163, 7, 6, 3, 0}. */
-mp_err
-ec_GF2m_163_mul(const mp_int *a, const mp_int *b, mp_int *r,
-                const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit a2 = 0, a1 = 0, a0, b2 = 0, b1 = 0, b0;
-
-#ifdef ECL_THIRTY_TWO_BIT
-    mp_digit a5 = 0, a4 = 0, a3 = 0, b5 = 0, b4 = 0, b3 = 0;
-    mp_digit rm[6];
-#endif
-
-    if (a == b) {
-        return ec_GF2m_163_sqr(a, r, meth);
-    } else {
-        switch (MP_USED(a)) {
-#ifdef ECL_THIRTY_TWO_BIT
-            case 6:
-                a5 = MP_DIGIT(a, 5);
-            case 5:
-                a4 = MP_DIGIT(a, 4);
-            case 4:
-                a3 = MP_DIGIT(a, 3);
-#endif
-            case 3:
-                a2 = MP_DIGIT(a, 2);
-            case 2:
-                a1 = MP_DIGIT(a, 1);
-            default:
-                a0 = MP_DIGIT(a, 0);
-        }
-        switch (MP_USED(b)) {
-#ifdef ECL_THIRTY_TWO_BIT
-            case 6:
-                b5 = MP_DIGIT(b, 5);
-            case 5:
-                b4 = MP_DIGIT(b, 4);
-            case 4:
-                b3 = MP_DIGIT(b, 3);
-#endif
-            case 3:
-                b2 = MP_DIGIT(b, 2);
-            case 2:
-                b1 = MP_DIGIT(b, 1);
-            default:
-                b0 = MP_DIGIT(b, 0);
-        }
-#ifdef ECL_SIXTY_FOUR_BIT
-        MP_CHECKOK(s_mp_pad(r, 6));
-        s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
-        MP_USED(r) = 6;
-        s_mp_clamp(r);
-#else
-        MP_CHECKOK(s_mp_pad(r, 12));
-        s_bmul_3x3(MP_DIGITS(r) + 6, a5, a4, a3, b5, b4, b3);
-        s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
-        s_bmul_3x3(rm, a5 ^ a2, a4 ^ a1, a3 ^ a0, b5 ^ b2, b4 ^ b1,
-                   b3 ^ b0);
-        rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 11);
-        rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 10);
-        rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 9);
-        rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 8);
-        rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 7);
-        rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 6);
-        MP_DIGIT(r, 8) ^= rm[5];
-        MP_DIGIT(r, 7) ^= rm[4];
-        MP_DIGIT(r, 6) ^= rm[3];
-        MP_DIGIT(r, 5) ^= rm[2];
-        MP_DIGIT(r, 4) ^= rm[1];
-        MP_DIGIT(r, 3) ^= rm[0];
-        MP_USED(r) = 12;
-        s_mp_clamp(r);
-#endif
-        return ec_GF2m_163_mod(r, r, meth);
-    }
-
-CLEANUP:
-    return res;
-}
-
-/* Wire in fast field arithmetic for 163-bit curves. */
-mp_err
-ec_group_set_gf2m163(ECGroup *group, ECCurveName name)
-{
-    group->meth->field_mod = &ec_GF2m_163_mod;
-    group->meth->field_mul = &ec_GF2m_163_mul;
-    group->meth->field_sqr = &ec_GF2m_163_sqr;
-    return MP_OKAY;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/ec2_193.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ec2.h"
-#include "mp_gf2m.h"
-#include "mp_gf2m-priv.h"
-#include "mpi.h"
-#include "mpi-priv.h"
-#include <stdlib.h>
-
-/* Fast reduction for polynomials over a 193-bit curve. Assumes reduction
- * polynomial with terms {193, 15, 0}. */
-mp_err
-ec_GF2m_193_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit *u, z;
-
-    if (a != r) {
-        MP_CHECKOK(mp_copy(a, r));
-    }
-#ifdef ECL_SIXTY_FOUR_BIT
-    if (MP_USED(r) < 7) {
-        MP_CHECKOK(s_mp_pad(r, 7));
-    }
-    u = MP_DIGITS(r);
-    MP_USED(r) = 7;
-
-    /* u[6] only has 2 significant bits */
-    z = u[6];
-    u[3] ^= (z << 14) ^ (z >> 1);
-    u[2] ^= (z << 63);
-    z = u[5];
-    u[3] ^= (z >> 50);
-    u[2] ^= (z << 14) ^ (z >> 1);
-    u[1] ^= (z << 63);
-    z = u[4];
-    u[2] ^= (z >> 50);
-    u[1] ^= (z << 14) ^ (z >> 1);
-    u[0] ^= (z << 63);
-    z = u[3] >> 1; /* z only has 63 significant bits */
-    u[1] ^= (z >> 49);
-    u[0] ^= (z << 15) ^ z;
-    /* clear bits above 193 */
-    u[6] = u[5] = u[4] = 0;
-    u[3] ^= z << 1;
-#else
-    if (MP_USED(r) < 13) {
-        MP_CHECKOK(s_mp_pad(r, 13));
-    }
-    u = MP_DIGITS(r);
-    MP_USED(r) = 13;
-
-    /* u[12] only has 2 significant bits */
-    z = u[12];
-    u[6] ^= (z << 14) ^ (z >> 1);
-    u[5] ^= (z << 31);
-    z = u[11];
-    u[6] ^= (z >> 18);
-    u[5] ^= (z << 14) ^ (z >> 1);
-    u[4] ^= (z << 31);
-    z = u[10];
-    u[5] ^= (z >> 18);
-    u[4] ^= (z << 14) ^ (z >> 1);
-    u[3] ^= (z << 31);
-    z = u[9];
-    u[4] ^= (z >> 18);
-    u[3] ^= (z << 14) ^ (z >> 1);
-    u[2] ^= (z << 31);
-    z = u[8];
-    u[3] ^= (z >> 18);
-    u[2] ^= (z << 14) ^ (z >> 1);
-    u[1] ^= (z << 31);
-    z = u[7];
-    u[2] ^= (z >> 18);
-    u[1] ^= (z << 14) ^ (z >> 1);
-    u[0] ^= (z << 31);
-    z = u[6] >> 1; /* z only has 31 significant bits */
-    u[1] ^= (z >> 17);
-    u[0] ^= (z << 15) ^ z;
-    /* clear bits above 193 */
-    u[12] = u[11] = u[10] = u[9] = u[8] = u[7] = 0;
-    u[6] ^= z << 1;
-#endif
-    s_mp_clamp(r);
-
-CLEANUP:
-    return res;
-}
-
-/* Fast squaring for polynomials over a 193-bit curve. Assumes reduction
- * polynomial with terms {193, 15, 0}. */
-mp_err
-ec_GF2m_193_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit *u, *v;
-
-    v = MP_DIGITS(a);
-
-#ifdef ECL_SIXTY_FOUR_BIT
-    if (MP_USED(a) < 4) {
-        return mp_bsqrmod(a, meth->irr_arr, r);
-    }
-    if (MP_USED(r) < 7) {
-        MP_CHECKOK(s_mp_pad(r, 7));
-    }
-    MP_USED(r) = 7;
-#else
-    if (MP_USED(a) < 7) {
-        return mp_bsqrmod(a, meth->irr_arr, r);
-    }
-    if (MP_USED(r) < 13) {
-        MP_CHECKOK(s_mp_pad(r, 13));
-    }
-    MP_USED(r) = 13;
-#endif
-    u = MP_DIGITS(r);
-
-#ifdef ECL_THIRTY_TWO_BIT
-    u[12] = gf2m_SQR0(v[6]);
-    u[11] = gf2m_SQR1(v[5]);
-    u[10] = gf2m_SQR0(v[5]);
-    u[9] = gf2m_SQR1(v[4]);
-    u[8] = gf2m_SQR0(v[4]);
-    u[7] = gf2m_SQR1(v[3]);
-#endif
-    u[6] = gf2m_SQR0(v[3]);
-    u[5] = gf2m_SQR1(v[2]);
-    u[4] = gf2m_SQR0(v[2]);
-    u[3] = gf2m_SQR1(v[1]);
-    u[2] = gf2m_SQR0(v[1]);
-    u[1] = gf2m_SQR1(v[0]);
-    u[0] = gf2m_SQR0(v[0]);
-    return ec_GF2m_193_mod(r, r, meth);
-
-CLEANUP:
-    return res;
-}
-
-/* Fast multiplication for polynomials over a 193-bit curve. Assumes
- * reduction polynomial with terms {193, 15, 0}. */
-mp_err
-ec_GF2m_193_mul(const mp_int *a, const mp_int *b, mp_int *r,
-                const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
-
-#ifdef ECL_THIRTY_TWO_BIT
-    mp_digit a6 = 0, a5 = 0, a4 = 0, b6 = 0, b5 = 0, b4 = 0;
-    mp_digit rm[8];
-#endif
-
-    if (a == b) {
-        return ec_GF2m_193_sqr(a, r, meth);
-    } else {
-        switch (MP_USED(a)) {
-#ifdef ECL_THIRTY_TWO_BIT
-            case 7:
-                a6 = MP_DIGIT(a, 6);
-            case 6:
-                a5 = MP_DIGIT(a, 5);
-            case 5:
-                a4 = MP_DIGIT(a, 4);
-#endif
-            case 4:
-                a3 = MP_DIGIT(a, 3);
-            case 3:
-                a2 = MP_DIGIT(a, 2);
-            case 2:
-                a1 = MP_DIGIT(a, 1);
-            default:
-                a0 = MP_DIGIT(a, 0);
-        }
-        switch (MP_USED(b)) {
-#ifdef ECL_THIRTY_TWO_BIT
-            case 7:
-                b6 = MP_DIGIT(b, 6);
-            case 6:
-                b5 = MP_DIGIT(b, 5);
-            case 5:
-                b4 = MP_DIGIT(b, 4);
-#endif
-            case 4:
-                b3 = MP_DIGIT(b, 3);
-            case 3:
-                b2 = MP_DIGIT(b, 2);
-            case 2:
-                b1 = MP_DIGIT(b, 1);
-            default:
-                b0 = MP_DIGIT(b, 0);
-        }
-#ifdef ECL_SIXTY_FOUR_BIT
-        MP_CHECKOK(s_mp_pad(r, 8));
-        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
-        MP_USED(r) = 8;
-        s_mp_clamp(r);
-#else
-        MP_CHECKOK(s_mp_pad(r, 14));
-        s_bmul_3x3(MP_DIGITS(r) + 8, a6, a5, a4, b6, b5, b4);
-        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
-        s_bmul_4x4(rm, a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b3, b6 ^ b2, b5 ^ b1,
-                   b4 ^ b0);
-        rm[7] ^= MP_DIGIT(r, 7);
-        rm[6] ^= MP_DIGIT(r, 6);
-        rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
-        rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
-        rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
-        rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
-        rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
-        rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
-        MP_DIGIT(r, 11) ^= rm[7];
-        MP_DIGIT(r, 10) ^= rm[6];
-        MP_DIGIT(r, 9) ^= rm[5];
-        MP_DIGIT(r, 8) ^= rm[4];
-        MP_DIGIT(r, 7) ^= rm[3];
-        MP_DIGIT(r, 6) ^= rm[2];
-        MP_DIGIT(r, 5) ^= rm[1];
-        MP_DIGIT(r, 4) ^= rm[0];
-        MP_USED(r) = 14;
-        s_mp_clamp(r);
-#endif
-        return ec_GF2m_193_mod(r, r, meth);
-    }
-
-CLEANUP:
-    return res;
-}
-
-/* Wire in fast field arithmetic for 193-bit curves. */
-mp_err
-ec_group_set_gf2m193(ECGroup *group, ECCurveName name)
-{
-    group->meth->field_mod = &ec_GF2m_193_mod;
-    group->meth->field_mul = &ec_GF2m_193_mul;
-    group->meth->field_sqr = &ec_GF2m_193_sqr;
-    return MP_OKAY;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/ec2_233.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ec2.h"
-#include "mp_gf2m.h"
-#include "mp_gf2m-priv.h"
-#include "mpi.h"
-#include "mpi-priv.h"
-#include <stdlib.h>
-
-/* Fast reduction for polynomials over a 233-bit curve. Assumes reduction
- * polynomial with terms {233, 74, 0}. */
-mp_err
-ec_GF2m_233_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit *u, z;
-
-    if (a != r) {
-        MP_CHECKOK(mp_copy(a, r));
-    }
-#ifdef ECL_SIXTY_FOUR_BIT
-    if (MP_USED(r) < 8) {
-        MP_CHECKOK(s_mp_pad(r, 8));
-    }
-    u = MP_DIGITS(r);
-    MP_USED(r) = 8;
-
-    /* u[7] only has 18 significant bits */
-    z = u[7];
-    u[4] ^= (z << 33) ^ (z >> 41);
-    u[3] ^= (z << 23);
-    z = u[6];
-    u[4] ^= (z >> 31);
-    u[3] ^= (z << 33) ^ (z >> 41);
-    u[2] ^= (z << 23);
-    z = u[5];
-    u[3] ^= (z >> 31);
-    u[2] ^= (z << 33) ^ (z >> 41);
-    u[1] ^= (z << 23);
-    z = u[4];
-    u[2] ^= (z >> 31);
-    u[1] ^= (z << 33) ^ (z >> 41);
-    u[0] ^= (z << 23);
-    z = u[3] >> 41; /* z only has 23 significant bits */
-    u[1] ^= (z << 10);
-    u[0] ^= z;
-    /* clear bits above 233 */
-    u[7] = u[6] = u[5] = u[4] = 0;
-    u[3] ^= z << 41;
-#else
-    if (MP_USED(r) < 15) {
-        MP_CHECKOK(s_mp_pad(r, 15));
-    }
-    u = MP_DIGITS(r);
-    MP_USED(r) = 15;
-
-    /* u[14] only has 18 significant bits */
-    z = u[14];
-    u[9] ^= (z << 1);
-    u[7] ^= (z >> 9);
-    u[6] ^= (z << 23);
-    z = u[13];
-    u[9] ^= (z >> 31);
-    u[8] ^= (z << 1);
-    u[6] ^= (z >> 9);
-    u[5] ^= (z << 23);
-    z = u[12];
-    u[8] ^= (z >> 31);
-    u[7] ^= (z << 1);
-    u[5] ^= (z >> 9);
-    u[4] ^= (z << 23);
-    z = u[11];
-    u[7] ^= (z >> 31);
-    u[6] ^= (z << 1);
-    u[4] ^= (z >> 9);
-    u[3] ^= (z << 23);
-    z = u[10];
-    u[6] ^= (z >> 31);
-    u[5] ^= (z << 1);
-    u[3] ^= (z >> 9);
-    u[2] ^= (z << 23);
-    z = u[9];
-    u[5] ^= (z >> 31);
-    u[4] ^= (z << 1);
-    u[2] ^= (z >> 9);
-    u[1] ^= (z << 23);
-    z = u[8];
-    u[4] ^= (z >> 31);
-    u[3] ^= (z << 1);
-    u[1] ^= (z >> 9);
-    u[0] ^= (z << 23);
-    z = u[7] >> 9; /* z only has 23 significant bits */
-    u[3] ^= (z >> 22);
-    u[2] ^= (z << 10);
-    u[0] ^= z;
-    /* clear bits above 233 */
-    u[14] = u[13] = u[12] = u[11] = u[10] = u[9] = u[8] = 0;
-    u[7] ^= z << 9;
-#endif
-    s_mp_clamp(r);
-
-CLEANUP:
-    return res;
-}
-
-/* Fast squaring for polynomials over a 233-bit curve. Assumes reduction
- * polynomial with terms {233, 74, 0}. */
-mp_err
-ec_GF2m_233_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit *u, *v;
-
-    v = MP_DIGITS(a);
-
-#ifdef ECL_SIXTY_FOUR_BIT
-    if (MP_USED(a) < 4) {
-        return mp_bsqrmod(a, meth->irr_arr, r);
-    }
-    if (MP_USED(r) < 8) {
-        MP_CHECKOK(s_mp_pad(r, 8));
-    }
-    MP_USED(r) = 8;
-#else
-    if (MP_USED(a) < 8) {
-        return mp_bsqrmod(a, meth->irr_arr, r);
-    }
-    if (MP_USED(r) < 15) {
-        MP_CHECKOK(s_mp_pad(r, 15));
-    }
-    MP_USED(r) = 15;
-#endif
-    u = MP_DIGITS(r);
-
-#ifdef ECL_THIRTY_TWO_BIT
-    u[14] = gf2m_SQR0(v[7]);
-    u[13] = gf2m_SQR1(v[6]);
-    u[12] = gf2m_SQR0(v[6]);
-    u[11] = gf2m_SQR1(v[5]);
-    u[10] = gf2m_SQR0(v[5]);
-    u[9] = gf2m_SQR1(v[4]);
-    u[8] = gf2m_SQR0(v[4]);
-#endif
-    u[7] = gf2m_SQR1(v[3]);
-    u[6] = gf2m_SQR0(v[3]);
-    u[5] = gf2m_SQR1(v[2]);
-    u[4] = gf2m_SQR0(v[2]);
-    u[3] = gf2m_SQR1(v[1]);
-    u[2] = gf2m_SQR0(v[1]);
-    u[1] = gf2m_SQR1(v[0]);
-    u[0] = gf2m_SQR0(v[0]);
-    return ec_GF2m_233_mod(r, r, meth);
-
-CLEANUP:
-    return res;
-}
-
-/* Fast multiplication for polynomials over a 233-bit curve. Assumes
- * reduction polynomial with terms {233, 74, 0}. */
-mp_err
-ec_GF2m_233_mul(const mp_int *a, const mp_int *b, mp_int *r,
-                const GFMethod *meth)
-{
-    mp_err res = MP_OKAY;
-    mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
-
-#ifdef ECL_THIRTY_TWO_BIT
-    mp_digit a7 = 0, a6 = 0, a5 = 0, a4 = 0, b7 = 0, b6 = 0, b5 = 0, b4 =
-                                                                         0;
-    mp_digit rm[8];
-#endif
-
-    if (a == b) {
-        return ec_GF2m_233_sqr(a, r, meth);
-    } else {
-        switch (MP_USED(a)) {
-#ifdef ECL_THIRTY_TWO_BIT
-            case 8:
-                a7 = MP_DIGIT(a, 7);
-            case 7:
-                a6 = MP_DIGIT(a, 6);
-            case 6:
-                a5 = MP_DIGIT(a, 5);
-            case 5:
-                a4 = MP_DIGIT(a, 4);
-#endif
-            case 4:
-                a3 = MP_DIGIT(a, 3);
-            case 3:
-                a2 = MP_DIGIT(a, 2);
-            case 2:
-                a1 = MP_DIGIT(a, 1);
-            default:
-                a0 = MP_DIGIT(a, 0);
-        }
-        switch (MP_USED(b)) {
-#ifdef ECL_THIRTY_TWO_BIT
-            case 8:
-                b7 = MP_DIGIT(b, 7);
-            case 7:
-                b6 = MP_DIGIT(b, 6);
-            case 6:
-                b5 = MP_DIGIT(b, 5);
-            case 5:
-                b4 = MP_DIGIT(b, 4);
-#endif
-            case 4:
-                b3 = MP_DIGIT(b, 3);
-            case 3:
-                b2 = MP_DIGIT(b, 2);
-            case 2:
-                b1 = MP_DIGIT(b, 1);
-            default:
-                b0 = MP_DIGIT(b, 0);
-        }
-#ifdef ECL_SIXTY_FOUR_BIT
-        MP_CHECKOK(s_mp_pad(r, 8));
-        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
-        MP_USED(r) = 8;
-        s_mp_clamp(r);
-#else
-        MP_CHECKOK(s_mp_pad(r, 16));
-        s_bmul_4x4(MP_DIGITS(r) + 8, a7, a6, a5, a4, b7, b6, b5, b4);
-        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
-        s_bmul_4x4(rm, a7 ^ a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b7 ^ b3,
-                   b6 ^ b2, b5 ^ b1, b4 ^ b0);
-        rm[7] ^= MP_DIGIT(r, 7) ^ MP_DIGIT(r, 15);
-        rm[6] ^= MP_DIGIT(r, 6) ^ MP_DIGIT(r, 14);
-        rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
-        rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
-        rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
-        rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
-        rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
-        rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
-        MP_DIGIT(r, 11) ^= rm[7];
-        MP_DIGIT(r, 10) ^= rm[6];
-        MP_DIGIT(r, 9) ^= rm[5];
-        MP_DIGIT(r, 8) ^= rm[4];
-        MP_DIGIT(r, 7) ^= rm[3];
-        MP_DIGIT(r, 6) ^= rm[2];
-        MP_DIGIT(r, 5) ^= rm[1];
-        MP_DIGIT(r, 4) ^= rm[0];
-        MP_USED(r) = 16;
-        s_mp_clamp(r);
-#endif
-        return ec_GF2m_233_mod(r, r, meth);
-    }
-
-CLEANUP:
-    return res;
-}
-
-/* Wire in fast field arithmetic for 233-bit curves. */
-mp_err
-ec_group_set_gf2m233(ECGroup *group, ECCurveName name)
-{
-    group->meth->field_mod = &ec_GF2m_233_mod;
-    group->meth->field_mul = &ec_GF2m_233_mul;
-    group->meth->field_sqr = &ec_GF2m_233_sqr;
-    return MP_OKAY;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/ec2_aff.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ec2.h"
-#include "mplogic.h"
-#include "mp_gf2m.h"
-#include <stdlib.h>
-
-/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
-mp_err
-ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py)
-{
-
-    if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
-        return MP_YES;
-    } else {
-        return MP_NO;
-    }
-}
-
-/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
-mp_err
-ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py)
-{
-    mp_zero(px);
-    mp_zero(py);
-    return MP_OKAY;
-}
-
-/* Computes R = P + Q based on IEEE P1363 A.10.2. Elliptic curve points P,
- * Q, and R can all be identical. Uses affine coordinates. */
-mp_err
-ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
-                   const mp_int *qy, mp_int *rx, mp_int *ry,
-                   const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int lambda, tempx, tempy;
-
-    MP_DIGITS(&lambda) = 0;
-    MP_DIGITS(&tempx) = 0;
-    MP_DIGITS(&tempy) = 0;
-    MP_CHECKOK(mp_init(&lambda));
-    MP_CHECKOK(mp_init(&tempx));
-    MP_CHECKOK(mp_init(&tempy));
-    /* if P = inf, then R = Q */
-    if (ec_GF2m_pt_is_inf_aff(px, py) == 0) {
-        MP_CHECKOK(mp_copy(qx, rx));
-        MP_CHECKOK(mp_copy(qy, ry));
-        res = MP_OKAY;
-        goto CLEANUP;
-    }
-    /* if Q = inf, then R = P */
-    if (ec_GF2m_pt_is_inf_aff(qx, qy) == 0) {
-        MP_CHECKOK(mp_copy(px, rx));
-        MP_CHECKOK(mp_copy(py, ry));
-        res = MP_OKAY;
-        goto CLEANUP;
-    }
-    /* if px != qx, then lambda = (py+qy) / (px+qx), tempx = a + lambda^2
-     * + lambda + px + qx */
-    if (mp_cmp(px, qx) != 0) {
-        MP_CHECKOK(group->meth->field_add(py, qy, &tempy, group->meth));
-        MP_CHECKOK(group->meth->field_add(px, qx, &tempx, group->meth));
-        MP_CHECKOK(group->meth->field_div(&tempy, &tempx, &lambda, group->meth));
-        MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
-        MP_CHECKOK(group->meth->field_add(&tempx, &lambda, &tempx, group->meth));
-        MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
-        MP_CHECKOK(group->meth->field_add(&tempx, px, &tempx, group->meth));
-        MP_CHECKOK(group->meth->field_add(&tempx, qx, &tempx, group->meth));
-    } else {
-        /* if py != qy or qx = 0, then R = inf */
-        if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) {
-            mp_zero(rx);
-            mp_zero(ry);
-            res = MP_OKAY;
-            goto CLEANUP;
-        }
-        /* lambda = qx + qy / qx */
-        MP_CHECKOK(group->meth->field_div(qy, qx, &lambda, group->meth));
-        MP_CHECKOK(group->meth->field_add(&lambda, qx, &lambda, group->meth));
-        /* tempx = a + lambda^2 + lambda */
-        MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
-        MP_CHECKOK(group->meth->field_add(&tempx, &lambda, &tempx, group->meth));
-        MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
-    }
-    /* ry = (qx + tempx) * lambda + tempx + qy */
-    MP_CHECKOK(group->meth->field_add(qx, &tempx, &tempy, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&tempy, &lambda, &tempy, group->meth));
-    MP_CHECKOK(group->meth->field_add(&tempy, &tempx, &tempy, group->meth));
-    MP_CHECKOK(group->meth->field_add(&tempy, qy, ry, group->meth));
-    /* rx = tempx */
-    MP_CHECKOK(mp_copy(&tempx, rx));
-
-CLEANUP:
-    mp_clear(&lambda);
-    mp_clear(&tempx);
-    mp_clear(&tempy);
-    return res;
-}
-
-/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be
- * identical. Uses affine coordinates. */
-mp_err
-ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
-                   const mp_int *qy, mp_int *rx, mp_int *ry,
-                   const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int nqy;
-
-    MP_DIGITS(&nqy) = 0;
-    MP_CHECKOK(mp_init(&nqy));
-    /* nqy = qx+qy */
-    MP_CHECKOK(group->meth->field_add(qx, qy, &nqy, group->meth));
-    MP_CHECKOK(group->point_add(px, py, qx, &nqy, rx, ry, group));
-CLEANUP:
-    mp_clear(&nqy);
-    return res;
-}
-
-/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
- * affine coordinates. */
-mp_err
-ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
-                   mp_int *ry, const ECGroup *group)
-{
-    return group->point_add(px, py, px, py, rx, ry, group);
-}
-
-/* by default, this routine is unused and thus doesn't need to be compiled */
-#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
-/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and
- * R can be identical. Uses affine coordinates. */
-mp_err
-ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py,
-                   mp_int *rx, mp_int *ry, const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int k, k3, qx, qy, sx, sy;
-    int b1, b3, i, l;
-
-    MP_DIGITS(&k) = 0;
-    MP_DIGITS(&k3) = 0;
-    MP_DIGITS(&qx) = 0;
-    MP_DIGITS(&qy) = 0;
-    MP_DIGITS(&sx) = 0;
-    MP_DIGITS(&sy) = 0;
-    MP_CHECKOK(mp_init(&k));
-    MP_CHECKOK(mp_init(&k3));
-    MP_CHECKOK(mp_init(&qx));
-    MP_CHECKOK(mp_init(&qy));
-    MP_CHECKOK(mp_init(&sx));
-    MP_CHECKOK(mp_init(&sy));
-
-    /* if n = 0 then r = inf */
-    if (mp_cmp_z(n) == 0) {
-        mp_zero(rx);
-        mp_zero(ry);
-        res = MP_OKAY;
-        goto CLEANUP;
-    }
-    /* Q = P, k = n */
-    MP_CHECKOK(mp_copy(px, &qx));
-    MP_CHECKOK(mp_copy(py, &qy));
-    MP_CHECKOK(mp_copy(n, &k));
-    /* if n < 0 then Q = -Q, k = -k */
-    if (mp_cmp_z(n) < 0) {
-        MP_CHECKOK(group->meth->field_add(&qx, &qy, &qy, group->meth));
-        MP_CHECKOK(mp_neg(&k, &k));
-    }
-#ifdef ECL_DEBUG /* basic double and add method */
-    l = mpl_significant_bits(&k) - 1;
-    MP_CHECKOK(mp_copy(&qx, &sx));
-    MP_CHECKOK(mp_copy(&qy, &sy));
-    for (i = l - 1; i >= 0; i--) {
-        /* S = 2S */
-        MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
-        /* if k_i = 1, then S = S + Q */
-        if (mpl_get_bit(&k, i) != 0) {
-            MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
-        }
-    }
-#else /* double and add/subtract method from \
-               * standard */
-    /* k3 = 3 * k */
-    MP_CHECKOK(mp_set_int(&k3, 3));
-    MP_CHECKOK(mp_mul(&k, &k3, &k3));
-    /* S = Q */
-    MP_CHECKOK(mp_copy(&qx, &sx));
-    MP_CHECKOK(mp_copy(&qy, &sy));
-    /* l = index of high order bit in binary representation of 3*k */
-    l = mpl_significant_bits(&k3) - 1;
-    /* for i = l-1 downto 1 */
-    for (i = l - 1; i >= 1; i--) {
-        /* S = 2S */
-        MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
-        b3 = MP_GET_BIT(&k3, i);
-        b1 = MP_GET_BIT(&k, i);
-        /* if k3_i = 1 and k_i = 0, then S = S + Q */
-        if ((b3 == 1) && (b1 == 0)) {
-            MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
-            /* if k3_i = 0 and k_i = 1, then S = S - Q */
-        } else if ((b3 == 0) && (b1 == 1)) {
-            MP_CHECKOK(group->point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
-        }
-    }
-#endif
-    /* output S */
-    MP_CHECKOK(mp_copy(&sx, rx));
-    MP_CHECKOK(mp_copy(&sy, ry));
-
-CLEANUP:
-    mp_clear(&k);
-    mp_clear(&k3);
-    mp_clear(&qx);
-    mp_clear(&qy);
-    mp_clear(&sx);
-    mp_clear(&sy);
-    return res;
-}
-#endif
-
-/* Validates a point on a GF2m curve. */
-mp_err
-ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
-{
-    mp_err res = MP_NO;
-    mp_int accl, accr, tmp, pxt, pyt;
-
-    MP_DIGITS(&accl) = 0;
-    MP_DIGITS(&accr) = 0;
-    MP_DIGITS(&tmp) = 0;
-    MP_DIGITS(&pxt) = 0;
-    MP_DIGITS(&pyt) = 0;
-    MP_CHECKOK(mp_init(&accl));
-    MP_CHECKOK(mp_init(&accr));
-    MP_CHECKOK(mp_init(&tmp));
-    MP_CHECKOK(mp_init(&pxt));
-    MP_CHECKOK(mp_init(&pyt));
-
-    /* 1: Verify that publicValue is not the point at infinity */
-    if (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES) {
-        res = MP_NO;
-        goto CLEANUP;
-    }
-    /* 2: Verify that the coordinates of publicValue are elements
-     *    of the field.
-     */
-    if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) ||
-        (MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
-        res = MP_NO;
-        goto CLEANUP;
-    }
-    /* 3: Verify that publicValue is on the curve. */
-    if (group->meth->field_enc) {
-        group->meth->field_enc(px, &pxt, group->meth);
-        group->meth->field_enc(py, &pyt, group->meth);
-    } else {
-        mp_copy(px, &pxt);
-        mp_copy(py, &pyt);
-    }
-    /* left-hand side: y^2 + x*y  */
-    MP_CHECKOK(group->meth->field_sqr(&pyt, &accl, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&pxt, &pyt, &tmp, group->meth));
-    MP_CHECKOK(group->meth->field_add(&accl, &tmp, &accl, group->meth));
-    /* right-hand side: x^3 + a*x^2 + b */
-    MP_CHECKOK(group->meth->field_sqr(&pxt, &tmp, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&pxt, &tmp, &accr, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&group->curvea, &tmp, &tmp, group->meth));
-    MP_CHECKOK(group->meth->field_add(&tmp, &accr, &accr, group->meth));
-    MP_CHECKOK(group->meth->field_add(&accr, &group->curveb, &accr, group->meth));
-    /* check LHS - RHS == 0 */
-    MP_CHECKOK(group->meth->field_add(&accl, &accr, &accr, group->meth));
-    if (mp_cmp_z(&accr) != 0) {
-        res = MP_NO;
-        goto CLEANUP;
-    }
-    /* 4: Verify that the order of the curve times the publicValue
-     *    is the point at infinity.
-     */
-    MP_CHECKOK(ECPoint_mul(group, &group->order, px, py, &pxt, &pyt));
-    if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
-        res = MP_NO;
-        goto CLEANUP;
-    }
-
-    res = MP_YES;
-
-CLEANUP:
-    mp_clear(&accl);
-    mp_clear(&accr);
-    mp_clear(&tmp);
-    mp_clear(&pxt);
-    mp_clear(&pyt);
-    return res;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/ec2_mont.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ec2.h"
-#include "mplogic.h"
-#include "mp_gf2m.h"
-#include <stdlib.h>
-
-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery
- * projective coordinates. Uses algorithm Mdouble in appendix of Lopez, J.
- * and Dahab, R.  "Fast multiplication on elliptic curves over GF(2^m)
- * without precomputation". modified to not require precomputation of
- * c=b^{2^{m-1}}. */
-static mp_err
-gf2m_Mdouble(mp_int *x, mp_int *z, const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int t1;
-
-    MP_DIGITS(&t1) = 0;
-    MP_CHECKOK(mp_init(&t1));
-
-    MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
-    MP_CHECKOK(group->meth->field_sqr(z, &t1, group->meth));
-    MP_CHECKOK(group->meth->field_mul(x, &t1, z, group->meth));
-    MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
-    MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&group->curveb, &t1, &t1, group->meth));
-    MP_CHECKOK(group->meth->field_add(x, &t1, x, group->meth));
-
-CLEANUP:
-    mp_clear(&t1);
-    return res;
-}
-
-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in
- * Montgomery projective coordinates. Uses algorithm Madd in appendix of
- * Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- * GF(2^m) without precomputation". */
-static mp_err
-gf2m_Madd(const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, mp_int *z2,
-          const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int t1, t2;
-
-    MP_DIGITS(&t1) = 0;
-    MP_DIGITS(&t2) = 0;
-    MP_CHECKOK(mp_init(&t1));
-    MP_CHECKOK(mp_init(&t2));
-
-    MP_CHECKOK(mp_copy(x, &t1));
-    MP_CHECKOK(group->meth->field_mul(x1, z2, x1, group->meth));
-    MP_CHECKOK(group->meth->field_mul(z1, x2, z1, group->meth));
-    MP_CHECKOK(group->meth->field_mul(x1, z1, &t2, group->meth));
-    MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
-    MP_CHECKOK(group->meth->field_sqr(z1, z1, group->meth));
-    MP_CHECKOK(group->meth->field_mul(z1, &t1, x1, group->meth));
-    MP_CHECKOK(group->meth->field_add(x1, &t2, x1, group->meth));
-
-CLEANUP:
-    mp_clear(&t1);
-    mp_clear(&t2);
-    return res;
-}
-
-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
- * using Montgomery point multiplication algorithm Mxy() in appendix of
- * Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- * GF(2^m) without precomputation". Returns: 0 on error 1 if return value
- * should be the point at infinity 2 otherwise */
-static int
-gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1,
-         mp_int *x2, mp_int *z2, const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    int ret = 0;
-    mp_int t3, t4, t5;
-
-    MP_DIGITS(&t3) = 0;
-    MP_DIGITS(&t4) = 0;
-    MP_DIGITS(&t5) = 0;
-    MP_CHECKOK(mp_init(&t3));
-    MP_CHECKOK(mp_init(&t4));
-    MP_CHECKOK(mp_init(&t5));
-
-    if (mp_cmp_z(z1) == 0) {
-        mp_zero(x2);
-        mp_zero(z2);
-        ret = 1;
-        goto CLEANUP;
-    }
-
-    if (mp_cmp_z(z2) == 0) {
-        MP_CHECKOK(mp_copy(x, x2));
-        MP_CHECKOK(group->meth->field_add(x, y, z2, group->meth));
-        ret = 2;
-        goto CLEANUP;
-    }
-
-    MP_CHECKOK(mp_set_int(&t5, 1));
-    if (group->meth->field_enc) {
-        MP_CHECKOK(group->meth->field_enc(&t5, &t5, group->meth));
-    }
-
-    MP_CHECKOK(group->meth->field_mul(z1, z2, &t3, group->meth));
-
-    MP_CHECKOK(group->meth->field_mul(z1, x, z1, group->meth));
-    MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
-    MP_CHECKOK(group->meth->field_mul(z2, x, z2, group->meth));
-    MP_CHECKOK(group->meth->field_mul(z2, x1, x1, group->meth));
-    MP_CHECKOK(group->meth->field_add(z2, x2, z2, group->meth));
-
-    MP_CHECKOK(group->meth->field_mul(z2, z1, z2, group->meth));
-    MP_CHECKOK(group->meth->field_sqr(x, &t4, group->meth));
-    MP_CHECKOK(group->meth->field_add(&t4, y, &t4, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&t4, &t3, &t4, group->meth));
-    MP_CHECKOK(group->meth->field_add(&t4, z2, &t4, group->meth));
-
-    MP_CHECKOK(group->meth->field_mul(&t3, x, &t3, group->meth));
-    MP_CHECKOK(group->meth->field_div(&t5, &t3, &t3, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&t3, &t4, &t4, group->meth));
-    MP_CHECKOK(group->meth->field_mul(x1, &t3, x2, group->meth));
-    MP_CHECKOK(group->meth->field_add(x2, x, z2, group->meth));
-
-    MP_CHECKOK(group->meth->field_mul(z2, &t4, z2, group->meth));
-    MP_CHECKOK(group->meth->field_add(z2, y, z2, group->meth));
-
-    ret = 2;
-
-CLEANUP:
-    mp_clear(&t3);
-    mp_clear(&t4);
-    mp_clear(&t5);
-    if (res == MP_OKAY) {
-        return ret;
-    } else {
-        return 0;
-    }
-}
-
-/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R.  "Fast
- * multiplication on elliptic curves over GF(2^m) without
- * precomputation". Elliptic curve points P and R can be identical. Uses
- * Montgomery projective coordinates. */
-mp_err
-ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py,
-                    mp_int *rx, mp_int *ry, const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int x1, x2, z1, z2;
-    int i, j;
-    mp_digit top_bit, mask;
-
-    MP_DIGITS(&x1) = 0;
-    MP_DIGITS(&x2) = 0;
-    MP_DIGITS(&z1) = 0;
-    MP_DIGITS(&z2) = 0;
-    MP_CHECKOK(mp_init(&x1));
-    MP_CHECKOK(mp_init(&x2));
-    MP_CHECKOK(mp_init(&z1));
-    MP_CHECKOK(mp_init(&z2));
-
-    /* if result should be point at infinity */
-    if ((mp_cmp_z(n) == 0) || (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES)) {
-        MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
-        goto CLEANUP;
-    }
-
-    MP_CHECKOK(mp_copy(px, &x1));                              /* x1 = px */
-    MP_CHECKOK(mp_set_int(&z1, 1));                            /* z1 = 1 */
-    MP_CHECKOK(group->meth->field_sqr(&x1, &z2, group->meth)); /* z2 = x1^2 = px^2 */
-    MP_CHECKOK(group->meth->field_sqr(&z2, &x2, group->meth));
-    MP_CHECKOK(group->meth->field_add(&x2, &group->curveb, &x2, group->meth)); /* x2 = px^4 + b */
-
-    /* find top-most bit and go one past it */
-    i = MP_USED(n) - 1;
-    j = MP_DIGIT_BIT - 1;
-    top_bit = 1;
-    top_bit <<= MP_DIGIT_BIT - 1;
-    mask = top_bit;
-    while (!(MP_DIGITS(n)[i] & mask)) {
-        mask >>= 1;
-        j--;
-    }
-    mask >>= 1;
-    j--;
-
-    /* if top most bit was at word break, go to next word */
-    if (!mask) {
-        i--;
-        j = MP_DIGIT_BIT - 1;
-        mask = top_bit;
-    }
-
-    for (; i >= 0; i--) {
-        for (; j >= 0; j--) {
-            if (MP_DIGITS(n)[i] & mask) {
-                MP_CHECKOK(gf2m_Madd(px, &x1, &z1, &x2, &z2, group));
-                MP_CHECKOK(gf2m_Mdouble(&x2, &z2, group));
-            } else {
-                MP_CHECKOK(gf2m_Madd(px, &x2, &z2, &x1, &z1, group));
-                MP_CHECKOK(gf2m_Mdouble(&x1, &z1, group));
-            }
-            mask >>= 1;
-        }
-        j = MP_DIGIT_BIT - 1;
-        mask = top_bit;
-    }
-
-    /* convert out of "projective" coordinates */
-    i = gf2m_Mxy(px, py, &x1, &z1, &x2, &z2, group);
-    if (i == 0) {
-        res = MP_BADARG;
-        goto CLEANUP;
-    } else if (i == 1) {
-        MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
-    } else {
-        MP_CHECKOK(mp_copy(&x2, rx));
-        MP_CHECKOK(mp_copy(&z2, ry));
-    }
-
-CLEANUP:
-    mp_clear(&x1);
-    mp_clear(&x2);
-    mp_clear(&z1);
-    mp_clear(&z2);
-    return res;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/ecl/ec2_proj.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ec2.h"
-#include "mplogic.h"
-#include "mp_gf2m.h"
-#include <stdlib.h>
-#ifdef ECL_DEBUG
-#include <assert.h>
-#endif
-
-/* by default, these routines are unused and thus don't need to be compiled */
-#ifdef ECL_ENABLE_GF2M_PROJ
-/* Converts a point P(px, py) from affine coordinates to projective
- * coordinates R(rx, ry, rz). Assumes input is already field-encoded using
- * field_enc, and returns output that is still field-encoded. */
-mp_err
-ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
-                    mp_int *ry, mp_int *rz, const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-
-    MP_CHECKOK(mp_copy(px, rx));
-    MP_CHECKOK(mp_copy(py, ry));
-    MP_CHECKOK(mp_set_int(rz, 1));
-    if (group->meth->field_enc) {
-        MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
-    }
-CLEANUP:
-    return res;
-}
-
-/* Converts a point P(px, py, pz) from projective coordinates to affine
- * coordinates R(rx, ry).  P and R can share x and y coordinates. Assumes
- * input is already field-encoded using field_enc, and returns output that
- * is still field-encoded. */
-mp_err
-ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
-                    mp_int *rx, mp_int *ry, const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int z1, z2;
-
-    MP_DIGITS(&z1) = 0;
-    MP_DIGITS(&z2) = 0;
-    MP_CHECKOK(mp_init(&z1));
-    MP_CHECKOK(mp_init(&z2));
-
-    /* if point at infinity, then set point at infinity and exit */
-    if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
-        MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
-        goto CLEANUP;
-    }
-
-    /* transform (px, py, pz) into (px / pz, py / pz^2) */
-    if (mp_cmp_d(pz, 1) == 0) {
-        MP_CHECKOK(mp_copy(px, rx));
-        MP_CHECKOK(mp_copy(py, ry));
-    } else {
-        MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
-        MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
-        MP_CHECKOK(group->meth->field_mul(px, &z1, rx, group->meth));
-        MP_CHECKOK(group->meth->field_mul(py, &z2, ry, group->meth));
-    }
-
-CLEANUP:
-    mp_clear(&z1);
-    mp_clear(&z2);
-    return res;
-}
-
-/* Checks if point P(px, py, pz) is at infinity. Uses projective
- * coordinates. */
-mp_err
-ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
-                       const mp_int *pz)
-{
-    return mp_cmp_z(pz);
-}
-
-/* Sets P(px, py, pz) to be the point at infinity.  Uses projective
- * coordinates. */
-mp_err
-ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz)
-{
-    mp_zero(pz);
-    return MP_OKAY;
-}
-
-/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
- * (qx, qy, 1).  Elliptic curve points P, Q, and R can all be identical.
- * Uses mixed projective-affine coordinates. Assumes input is already
- * field-encoded using field_enc, and returns output that is still
- * field-encoded. Uses equation (3) from Hankerson, Hernandez, Menezes.
- * Software Implementation of Elliptic Curve Cryptography Over Binary
- * Fields. */
-mp_err
-ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
-                    const mp_int *qx, const mp_int *qy, mp_int *rx,
-                    mp_int *ry, mp_int *rz, const ECGroup *group)
-{
-    mp_err res = MP_OKAY;
-    mp_int A, B, C, D, E, F, G;
-
-    /* If either P or Q is the point at infinity, then return the other
-     * point */
-    if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
-        return ec_GF2m_pt_aff2proj(qx, qy, rx, ry, rz, group);
-    }
-    if (ec_GF2m_pt_is_inf_aff(qx, qy) == MP_YES) {
-        MP_CHECKOK(mp_copy(px, rx));
-        MP_CHECKOK(mp_copy(py, ry));
-        return mp_copy(pz, rz);
-    }
-
-    MP_DIGITS(&A) = 0;
-    MP_DIGITS(&B) = 0;
-    MP_DIGITS(&C) = 0;
-    MP_DIGITS(&D) = 0;
-    MP_DIGITS(&E) = 0;
-    MP_DIGITS(&F) = 0;
-    MP_DIGITS(&G) = 0;
-    MP_CHECKOK(mp_init(&A));
-    MP_CHECKOK(mp_init(&B));
-    MP_CHECKOK(mp_init(&C));
-    MP_CHECKOK(mp_init(&D));
-    MP_CHECKOK(mp_init(&E));
-    MP_CHECKOK(mp_init(&F));
-    MP_CHECKOK(mp_init(&G));
-
-    /* D = pz^2 */
-    MP_CHECKOK(group->meth->field_sqr(pz, &D, group->meth));
-
-    /* A = qy * pz^2 + py */
-    MP_CHECKOK(group->meth->field_mul(qy, &D, &A, group->meth));
-    MP_CHECKOK(group->meth->field_add(&A, py, &A, group->meth));
-
-    /* B = qx * pz + px */
-    MP_CHECKOK(group->meth->field_mul(qx, pz, &B, group->meth));
-    MP_CHECKOK(group->meth->field_add(&B, px, &B, group->meth));
-
-    /* C = pz * B */
-    MP_CHECKOK(group->meth->field_mul(pz, &B, &C, group->meth));
-
-    /* D = B^2 * (C + a * pz^2) (using E as a temporary variable) */
-    MP_CHECKOK(group->meth->field_mul(&group->curvea, &D, &D, group->meth));
-    MP_CHECKOK(group->meth->field_add(&C, &D, &D, group->meth));
-    MP_CHECKOK(group->meth->field_sqr(&B, &E, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&E, &D, &D, group->meth));
-
-    /* rz = C^2 */
-    MP_CHECKOK(group->meth->field_sqr(&C, rz, group->meth));
-
-    /* E = A * C */
-    MP_CHECKOK(group->meth->field_mul(&A, &C, &E, group->meth));
-
-    /* rx = A^2 + D + E */
-    MP_CHECKOK(group->meth->field_sqr(&A, rx, group->meth));
-    MP_CHECKOK(group->meth->field_add(rx, &D, rx, group->meth));
-    MP_CHECKOK(group->meth->field_add(rx, &E, rx, group->meth));
-
-    /* F = rx + qx * rz */
-    MP_CHECKOK(group->meth->field_mul(qx, rz, &F, group->meth));
-    MP_CHECKOK(group->meth->field_add(rx, &F, &F, group->meth));
-
-    /* G = rx + qy * rz */
-    MP_CHECKOK(group->meth->field_mul(qy, rz, &G, group->meth));
-    MP_CHECKOK(group->meth->field_add(rx, &G, &G, group->meth));
-
-    /* ry = E * F + rz * G (using G as a temporary variable) */
-    MP_CHECKOK(group->meth->field_mul(rz, &G, &G, group->meth));
-    MP_CHECKOK(group->meth->field_mul(&E, &F, ry, group->meth));
-    MP_CHECKOK(group->meth->field_add(ry, &G, ry, group->meth));
-
-CLEANUP:
-    mp_clear(&A);
-    mp_clear(&B);
-    mp_clear(&C);
-    mp_clear(&D);
-    mp_clear(&E);
-    mp_clear(&F);
-    mp_clear(&G);
-    return res;
-}
-
-/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses
- * projective coordinates.
- *
- * Assumes input is already field-encoded using field_enc, and returns
- * output that is still field-encoded.
- *
- * Uses equation (3) from Hankerson, Hernandez, Menezes. Software
- * Implementation of Elliptic Curve Cryptography Over Binary Fields.
- */
-mp_err
-ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py, const mp_int *pz