Bug 1296266 - Land NSS_3_27_BETA1, r=kaie
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Fri, 19 Aug 2016 11:20:21 +0200
changeset 310172 b671b4869b1096c40cc9202ecd297d68ed769aed
parent 310171 4d05a40172cadd1c34d051520f049ca7c6e2679b
child 310173 835eee39bb16b33dbdb26271be170c65f8df7761
push id80793
push userfranziskuskiefer@gmail.com
push dateFri, 19 Aug 2016 09:22:20 +0000
treeherdermozilla-inbound@b671b4869b10 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskaie
bugs1296266
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1296266 - Land NSS_3_27_BETA1, r=kaie
old-configure.in
security/nss/.taskcluster.yml
security/nss/TAG-INFO
security/nss/automation/buildbot-slave/build.sh
security/nss/automation/buildbot-slave/startbuild.bat
security/nss/automation/release/nss-release-helper.py
security/nss/automation/taskcluster/decision_task.yml
security/nss/automation/taskcluster/docker-arm/Dockerfile
security/nss/automation/taskcluster/docker-arm/bin/checkout.sh
security/nss/automation/taskcluster/docker-arm/setup.sh
security/nss/automation/taskcluster/docker/bin/checkout.sh
security/nss/automation/taskcluster/docker/setup.sh
security/nss/automation/taskcluster/graph/arm/_build_base.yml
security/nss/automation/taskcluster/graph/arm/_test_base.yml
security/nss/automation/taskcluster/graph/arm/build32-debug.yml
security/nss/automation/taskcluster/graph/build.js
security/nss/automation/taskcluster/graph/linux/_build_base.yml
security/nss/automation/taskcluster/graph/linux/_test_base.yml
security/nss/automation/taskcluster/graph/linux/build32-debug.yml
security/nss/automation/taskcluster/graph/linux/build32-opt.yml
security/nss/automation/taskcluster/graph/linux/build64-asan.yml
security/nss/automation/taskcluster/graph/linux/build64-debug.yml
security/nss/automation/taskcluster/graph/linux/build64-lsan.yml
security/nss/automation/taskcluster/graph/linux/build64-opt.yml
security/nss/automation/taskcluster/graph/package.json
security/nss/automation/taskcluster/graph/tests/chains.yml
security/nss/automation/taskcluster/graph/tests/crmf.yml
security/nss/automation/taskcluster/graph/tests/fips.yml
security/nss/automation/taskcluster/graph/tests/memleak.yml
security/nss/automation/taskcluster/graph/tests/ssl.yml
security/nss/automation/taskcluster/graph/tools/_build_base.yml
security/nss/automation/taskcluster/graph/tools/clang-format.yml
security/nss/automation/taskcluster/graph/tools/scan-build.yml
security/nss/automation/taskcluster/graph/try_syntax.js
security/nss/automation/taskcluster/graph/windows/_build_base.yml
security/nss/automation/taskcluster/graph/windows/_test_base.yml
security/nss/automation/taskcluster/graph/windows/build64-debug.yml
security/nss/automation/taskcluster/graph/windows/build64-opt.yml
security/nss/automation/taskcluster/scripts/build.sh
security/nss/automation/taskcluster/scripts/extend_task_graph.sh
security/nss/automation/taskcluster/scripts/run_clang_format.sh
security/nss/automation/taskcluster/scripts/tools.sh
security/nss/automation/taskcluster/windows/build.sh
security/nss/automation/taskcluster/windows/releng.manifest
security/nss/automation/taskcluster/windows/setup.sh
security/nss/cmd/Makefile
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/certcgi/certcgi.c
security/nss/cmd/certutil/certutil.c
security/nss/cmd/ecperf/ecperf.c
security/nss/cmd/ectest/ectest.c
security/nss/cmd/httpserv/httpserv.c
security/nss/cmd/lib/basicutil.c
security/nss/cmd/libpkix/testutil/testutil.h
security/nss/cmd/manifest.mn
security/nss/cmd/modutil/install.c
security/nss/cmd/modutil/installparse.c
security/nss/cmd/multinit/multinit.c
security/nss/cmd/p7env/p7env.c
security/nss/cmd/pk11util/pk11util.c
security/nss/cmd/pk12util/pk12util.c
security/nss/cmd/selfserv/selfserv.c
security/nss/cmd/signtool/javascript.c
security/nss/cmd/signtool/sign.c
security/nss/cmd/signtool/verify.c
security/nss/cmd/signtool/zip.c
security/nss/cmd/signver/signver.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/coreconf/OS2.mk
security/nss/coreconf/WIN32.mk
security/nss/coreconf/arch.mk
security/nss/coreconf/command.mk
security/nss/coreconf/config.mk
security/nss/coreconf/coreconf.dep
security/nss/coreconf/rules.mk
security/nss/external_tests/.clang-format
security/nss/external_tests/common/scoped_ptrs.h
security/nss/external_tests/der_gtest/der_getint_unittest.cc
security/nss/external_tests/manifest.mn
security/nss/external_tests/nss_bogo_shim/Makefile
security/nss/external_tests/nss_bogo_shim/config.cc
security/nss/external_tests/nss_bogo_shim/config.h
security/nss/external_tests/nss_bogo_shim/config.json
security/nss/external_tests/nss_bogo_shim/manifest.mn
security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
security/nss/external_tests/nss_bogo_shim/nsskeys.cc
security/nss/external_tests/nss_bogo_shim/nsskeys.h
security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
security/nss/external_tests/ssl_gtest/Makefile
security/nss/external_tests/ssl_gtest/databuffer.h
security/nss/external_tests/ssl_gtest/libssl_internals.c
security/nss/external_tests/ssl_gtest/libssl_internals.h
security/nss/external_tests/ssl_gtest/manifest.mn
security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_damage_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_drop_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ems_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_gtest.cc
security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_record_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
security/nss/external_tests/ssl_gtest/test_io.cc
security/nss/external_tests/ssl_gtest/test_io.h
security/nss/external_tests/ssl_gtest/tls_agent.cc
security/nss/external_tests/ssl_gtest/tls_agent.h
security/nss/external_tests/ssl_gtest/tls_connect.cc
security/nss/external_tests/ssl_gtest/tls_connect.h
security/nss/external_tests/ssl_gtest/tls_filter.cc
security/nss/external_tests/ssl_gtest/tls_filter.h
security/nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc
security/nss/external_tests/ssl_gtest/tls_parser.cc
security/nss/external_tests/ssl_gtest/tls_parser.h
security/nss/external_tests/util_gtest/util_utf8_unittest.cc
security/nss/lib/base/base.h
security/nss/lib/base/list.c
security/nss/lib/base/nssbase.h
security/nss/lib/base/utf8.c
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/certdb.h
security/nss/lib/certdb/certi.h
security/nss/lib/certdb/certt.h
security/nss/lib/certdb/crl.c
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/secname.c
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/certdb/xbsconst.c
security/nss/lib/certhigh/certhigh.c
security/nss/lib/certhigh/certvfy.c
security/nss/lib/certhigh/ocsp.c
security/nss/lib/ckfw/instance.c
security/nss/lib/crmf/cmmfchal.c
security/nss/lib/crmf/cmmfresp.c
security/nss/lib/crmf/crmfcont.c
security/nss/lib/crmf/crmfget.c
security/nss/lib/crmf/crmfreq.c
security/nss/lib/crmf/respcmn.c
security/nss/lib/cryptohi/keythi.h
security/nss/lib/cryptohi/seckey.c
security/nss/lib/cryptohi/secsign.c
security/nss/lib/dbm/include/hash.h
security/nss/lib/dbm/include/ncompat.h
security/nss/lib/dbm/src/h_func.c
security/nss/lib/dbm/src/hash_buf.c
security/nss/lib/dbm/src/memmove.c
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/mpi/mpprime.c
security/nss/lib/nss/nss.h
security/nss/lib/softoken/fipsaudt.c
security/nss/lib/softoken/fipstest.c
security/nss/lib/softoken/fipstokn.c
security/nss/lib/softoken/jpakesftk.c
security/nss/lib/softoken/legacydb/cdbhdl.h
security/nss/lib/softoken/legacydb/dbmshim.c
security/nss/lib/softoken/legacydb/keydb.c
security/nss/lib/softoken/legacydb/keydbi.h
security/nss/lib/softoken/legacydb/lgattr.c
security/nss/lib/softoken/legacydb/lgcreate.c
security/nss/lib/softoken/legacydb/lgdb.h
security/nss/lib/softoken/legacydb/lgdestroy.c
security/nss/lib/softoken/legacydb/lgfind.c
security/nss/lib/softoken/legacydb/lgfips.c
security/nss/lib/softoken/legacydb/lginit.c
security/nss/lib/softoken/legacydb/lgutil.c
security/nss/lib/softoken/legacydb/lowcert.c
security/nss/lib/softoken/legacydb/lowkey.c
security/nss/lib/softoken/legacydb/lowkeyi.h
security/nss/lib/softoken/legacydb/lowkeyti.h
security/nss/lib/softoken/legacydb/manifest.mn
security/nss/lib/softoken/legacydb/nssdbm.def
security/nss/lib/softoken/legacydb/pcert.h
security/nss/lib/softoken/legacydb/pcertdb.c
security/nss/lib/softoken/legacydb/pcertt.h
security/nss/lib/softoken/legacydb/pk11db.c
security/nss/lib/softoken/lgglue.c
security/nss/lib/softoken/lgglue.h
security/nss/lib/softoken/lowkey.c
security/nss/lib/softoken/lowkeyi.h
security/nss/lib/softoken/lowkeyti.h
security/nss/lib/softoken/lowpbe.c
security/nss/lib/softoken/lowpbe.h
security/nss/lib/softoken/manifest.mn
security/nss/lib/softoken/padbuf.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/pkcs11i.h
security/nss/lib/softoken/pkcs11ni.h
security/nss/lib/softoken/pkcs11u.c
security/nss/lib/softoken/sdb.c
security/nss/lib/softoken/sdb.h
security/nss/lib/softoken/sftkdb.c
security/nss/lib/softoken/sftkdb.h
security/nss/lib/softoken/sftkdbt.h
security/nss/lib/softoken/sftkdbti.h
security/nss/lib/softoken/sftkhmac.c
security/nss/lib/softoken/sftkpars.c
security/nss/lib/softoken/sftkpars.h
security/nss/lib/softoken/sftkpwd.c
security/nss/lib/softoken/softkver.h
security/nss/lib/softoken/softoken.h
security/nss/lib/softoken/softokn.def
security/nss/lib/softoken/softoknt.h
security/nss/lib/softoken/tlsprf.c
security/nss/lib/ssl/SSLerrs.h
security/nss/lib/ssl/config.mk
security/nss/lib/ssl/dhe-param.c
security/nss/lib/ssl/ssl.def
security/nss/lib/ssl/ssl.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3ecc.c
security/nss/lib/ssl/ssl3ext.c
security/nss/lib/ssl/ssl3prot.h
security/nss/lib/ssl/sslauth.c
security/nss/lib/ssl/sslcert.c
security/nss/lib/ssl/sslcon.c
security/nss/lib/ssl/sslerr.h
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslsecur.c
security/nss/lib/ssl/sslsnce.c
security/nss/lib/ssl/sslsock.c
security/nss/lib/ssl/sslt.h
security/nss/lib/ssl/tls13con.c
security/nss/lib/ssl/tls13con.h
security/nss/lib/ssl/tls13hkdf.c
security/nss/lib/util/nssutil.h
security/nss/pkg/pkg-config/nss-config.in
security/nss/pkg/pkg-config/nss.pc.in
security/nss/tests/common/init.sh
security/nss/tests/ec/ecperf.sh
security/nss/tests/ec/ectest.sh
security/nss/tests/gtests/gtests.sh
security/nss/tests/ssl_gtests/ssl_gtests.sh
--- a/old-configure.in
+++ b/old-configure.in
@@ -2138,17 +2138,17 @@ dnl = If NSS was not detected in the sys
 dnl = use the one in the source tree (mozilla/security/nss)
 dnl ========================================================
 
 MOZ_ARG_WITH_BOOL(system-nss,
 [  --with-system-nss       Use system installed NSS],
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.26, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.27, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_SYSTEM_NSS"; then
    NSS_LIBS="$NSS_LIBS -lcrmf"
 else
    NSS_CFLAGS="-I${DIST}/include/nss"
 fi
 
deleted file mode 100644
--- a/security/nss/.taskcluster.yml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-version: 0
-metadata:
-  name: "NSS Continuous Integration"
-  description: "The Taskcluster task graph for the NSS tree"
-  owner: "mozilla-taskcluster-maintenance@mozilla.com"
-  source: {{{source}}}
-
-scopes:
-  # Note the below scopes are insecure however these get overriden on the server
-  # side to whatever scopes are set by mozilla-taskcluster.
-  - queue:*
-  - docker-worker:*
-  - scheduler:*
-
-# Available mustache parameters (see the mozilla-taskcluster source):
-#
-# - owner:          push user (email address)
-# - source:         URL of this YAML file
-# - url:            repository URL
-# - project:        alias for the destination repository (basename of
-#                   the repo url)
-# - level:          SCM level of the destination repository
-#                   (1 = try, 3 = core)
-# - revision:       (short) hg revision of the head of the push
-# - revision_hash:  (long) hg revision of the head of the push
-# - comment:        comment of the push
-# - pushlog_id:     id in the pushlog table of the repository
-#
-# and functions:
-# - as_slugid:      convert a label into a slugId
-# - from_now:       generate a timestamp at a fixed offset from now
-
-tasks:
-  - taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
-    reruns: 3
-    task:
-      created: '{{now}}'
-      deadline: '{{#from_now}}1 day{{/from_now}}'
-      expires: '{{#from_now}}14 days{{/from_now}}'
-
-      metadata:
-        owner: mozilla-taskcluster-maintenance@mozilla.com
-        source: {{{source}}}
-        name: "NSS Decision Task"
-        description: |
-            The task that creates all of the other tasks in the task graph
-
-      workerType: "hg-worker"
-      provisionerId: "aws-provisioner-v1"
-
-      tags:
-        createdForUser: {{owner}}
-
-      routes:
-        - "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
-        - "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
-
-      payload:
-        image: "ttaubert/nss-ci:0.0.17"
-
-        env:
-          TC_OWNER: {{owner}}
-          TC_SOURCE: {{{source}}}
-          TC_PROJECT: {{project}}
-          NSS_PUSHLOG_ID: '{{pushlog_id}}'
-          NSS_HEAD_REPOSITORY: '{{{url}}}'
-          NSS_HEAD_REVISION: '{{revision}}'
-
-        maxRunTime: 1800
-
-        command:
-          - bash
-          - -cx
-          - >
-            bin/checkout.sh &&
-            nss/automation/taskcluster/scripts/extend_task_graph.sh
-
-        artifacts:
-          public:
-            type: "directory"
-            path: "/home/worker/artifacts"
-            expires: "{{#from_now}}7 days{{/from_now}}"
-
-        graphs:
-          - /home/worker/artifacts/graph.json
-
-      extra:
-        treeherder:
-          symbol: D
-          build:
-            platform: nss-decision
-          machine:
-            platform: nss-decision
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_26_RTM
+NSS_3_27_BETA1
--- a/security/nss/automation/buildbot-slave/build.sh
+++ b/security/nss/automation/buildbot-slave/build.sh
@@ -194,26 +194,26 @@ test_nss()
 	cd ${HGDIR}/nss/tests/remote
 	print_log "$ make test_android"
 	make test_android 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
 	OUTPUTFILE=${HGDIR}/tests_results/security/*.1/output.log
     else
 	print_log "$ cd ${HGDIR}/nss/tests"
 	cd ${HGDIR}/nss/tests
 	print_log "$ ./all.sh"
-	./all.sh 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
+	./all.sh 2>&1 | tee ${LOG_TMP} | egrep ${GREP_BUFFER} ": #|^\[.{10}\] "
 	OUTPUTFILE=${LOG_TMP}
     fi
 
     cat ${LOG_TMP} >> ${LOG_ALL}
     tail -n2 ${HGDIR}/tests_results/security/*.1/results.html | grep END_OF_TEST >> ${LOG_ALL}
     RET=$?
 
     print_log "######## details of detected failures (if any) ########"
-    grep -B50 FAIL ${OUTPUTFILE}
+    grep -B50 FAILED ${OUTPUTFILE}
     [ $? -eq 1 ] || RET=1
 
     print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
     return ${RET}
 }
 
 test_jss()
 {
--- a/security/nss/automation/buildbot-slave/startbuild.bat
+++ b/security/nss/automation/buildbot-slave/startbuild.bat
@@ -1,12 +1,12 @@
 echo running > ..\buildbot-is-building
 
-echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
-"%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
+echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
+"%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
 
 if %errorlevel% neq 0 (
   set EXITCODE=1
 ) else (
   set EXITCODE=0
 )
 
 del ..\buildbot-is-building
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/release/nss-release-helper.py
@@ -0,0 +1,250 @@
+#!/usr/bin/python
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import os
+import sys
+import datetime
+import shutil
+import glob
+from optparse import OptionParser
+from subprocess import check_call
+
+nssutil_h = "lib/util/nssutil.h"
+softkver_h = "lib/softoken/softkver.h"
+nss_h = "lib/nss/nss.h"
+nssckbi_h = "lib/ckfw/builtins/nssckbi.h"
+
+def check_call_noisy(cmd, *args, **kwargs):
+    print "Executing command:", cmd
+    check_call(cmd, *args, **kwargs)
+
+o = OptionParser(usage="client.py [options] remove_beta | set_beta | print_library_versions | print_root_ca_version | set_root_ca_version | set_version_to_minor_release | set_version_to_patch_release | set_release_candidate_number | set_4_digit_release_number | create_nss_release_archive")
+
+try:
+    options, args = o.parse_args()
+    action = args[0]
+except IndexError:
+    o.print_help()
+    sys.exit(2)
+
+def exit_with_failure(what):
+    print "failure: ", what
+    sys.exit(2)
+
+def check_files_exist():
+    if (not os.path.exists(nssutil_h) or not os.path.exists(softkver_h)
+        or not os.path.exists(nss_h) or not os.path.exists(nssckbi_h)):
+        exit_with_failure("cannot find expected header files, must run from inside NSS hg directory")
+
+def sed_inplace(sed_expression, filename):
+    backup_file = filename + '.tmp'
+    check_call_noisy(["sed", "-i.tmp", sed_expression, filename])
+    os.remove(backup_file)
+
+def toggle_beta_status(is_beta):
+    check_files_exist()
+    if (is_beta):
+        print "adding Beta status to version numbers"
+        sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\)\" *$/\\1 Beta\"/', nssutil_h)
+        sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nssutil_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *$/\\1 \" Beta"/', softkver_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_FALSE *$/\\1PR_TRUE/', softkver_h)
+        sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *$/\\1 \" Beta"/', nss_h)
+        sed_inplace('s/^\(#define *NSS_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nss_h)
+    else:
+        print "removing Beta status from version numbers"
+        sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\) *Beta\" *$/\\1\"/', nssutil_h)
+        sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nssutil_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *\" *Beta\" *$/\\1/', softkver_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_TRUE *$/\\1PR_FALSE/', softkver_h)
+        sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *\" *Beta\" *$/\\1/', nss_h)
+        sed_inplace('s/^\(#define *NSS_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nss_h)
+    print "please run 'hg stat' and 'hg diff' to verify the files have been verified correctly"
+
+def print_beta_versions():
+    check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define *NSSUTIL_BETA", nssutil_h])
+    check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define *SOFTOKEN_BETA", softkver_h])
+    check_call_noisy(["egrep", "#define *NSS_VERSION|#define *NSS_BETA", nss_h])
+
+def remove_beta_status():
+    print "--- removing beta flags. Existing versions were:"
+    print_beta_versions()
+    toggle_beta_status(False)
+    print "--- finished modifications, new versions are:"
+    print_beta_versions()
+
+def set_beta_status():
+    print "--- adding beta flags. Existing versions were:"
+    print_beta_versions()
+    toggle_beta_status(True)
+    print "--- finished modifications, new versions are:"
+    print_beta_versions()
+
+def print_library_versions():
+    check_files_exist()
+    check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define NSSUTIL_VMAJOR|#define *NSSUTIL_VMINOR|#define *NSSUTIL_VPATCH|#define *NSSUTIL_VBUILD|#define *NSSUTIL_BETA", nssutil_h])
+    check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define SOFTOKEN_VMAJOR|#define *SOFTOKEN_VMINOR|#define *SOFTOKEN_VPATCH|#define *SOFTOKEN_VBUILD|#define *SOFTOKEN_BETA", softkver_h])
+    check_call_noisy(["egrep", "#define *NSS_VERSION|#define NSS_VMAJOR|#define *NSS_VMINOR|#define *NSS_VPATCH|#define *NSS_VBUILD|#define *NSS_BETA", nss_h])
+
+def print_root_ca_version():
+    check_files_exist()
+    check_call_noisy(["grep", "define *NSS_BUILTINS_LIBRARY_VERSION", nssckbi_h])
+
+
+def ensure_arguments_after_action(how_many, usage):
+    if (len(sys.argv) != (2+how_many)):
+        exit_with_failure("incorrect number of arguments, expected parameters are:\n" + usage)
+
+def set_major_versions(major):
+    sed_inplace('s/^\(#define *NSSUTIL_VMAJOR *\).*$/\\1' + major + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VMAJOR *\).*$/\\1' + major + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VMAJOR *\).*$/\\1' + major + '/', nss_h)
+
+def set_minor_versions(minor):
+    sed_inplace('s/^\(#define *NSSUTIL_VMINOR *\).*$/\\1' + minor + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VMINOR *\).*$/\\1' + minor + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VMINOR *\).*$/\\1' + minor + '/', nss_h)
+
+def set_patch_versions(patch):
+    sed_inplace('s/^\(#define *NSSUTIL_VPATCH *\).*$/\\1' + patch + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VPATCH *\).*$/\\1' + patch + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VPATCH *\).*$/\\1' + patch + '/', nss_h)
+
+def set_build_versions(build):
+    sed_inplace('s/^\(#define *NSSUTIL_VBUILD *\).*$/\\1' + build + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VBUILD *\).*$/\\1' + build + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VBUILD *\).*$/\\1' + build + '/', nss_h)
+
+def set_full_lib_versions(version):
+    sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nss_h)
+
+def set_root_ca_version():
+    ensure_arguments_after_action(2, "major_version  minor_version")
+    major = args[1].strip()
+    minor = args[2].strip()
+    version = major + '.' + minor
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION *\"\).*$/\\1' + version + '/', nssckbi_h)
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MAJOR *\).*$/\\1' + major + '/', nssckbi_h)
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MINOR *\).*$/\\1' + minor + '/', nssckbi_h)
+
+def set_all_lib_versions(version, major, minor, patch, build):
+    set_full_lib_versions(version)
+    set_major_versions(major)
+    set_minor_versions(minor)
+    set_patch_versions(patch)
+    set_build_versions(build)
+
+def set_version_to_minor_release():
+    ensure_arguments_after_action(2, "major_version  minor_version")
+    major = args[1].strip()
+    minor = args[2].strip()
+    version = major + '.' + minor
+    patch = "0"
+    build = "0"
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def set_version_to_patch_release():
+    ensure_arguments_after_action(3, "major_version  minor_version  patch_release")
+    major = args[1].strip()
+    minor = args[2].strip()
+    patch = args[3].strip()
+    version = major + '.' + minor + '.' + patch
+    build = "0"
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def set_release_candidate_number():
+    ensure_arguments_after_action(1, "release_candidate_number")
+    build = args[1].strip()
+    set_build_versions(build)
+
+def set_4_digit_release_number():
+    ensure_arguments_after_action(4, "major_version  minor_version  patch_release  4th_digit_release_number")
+    major = args[1].strip()
+    minor = args[2].strip()
+    patch = args[3].strip()
+    build = args[4].strip()
+    version = major + '.' + minor + '.' + patch + '.' + build
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def create_nss_release_archive():
+    ensure_arguments_after_action(4, "nss_release_version  nss_hg_release_tag  nspr_release_version  path_to_stage_directory")
+    nssrel = args[1].strip() #e.g. 3.19.3
+    nssreltag = args[2].strip() #e.g. NSS_3_19_3_RTM
+    nsprrel = args[3].strip() #e.g. 4.10.8
+    stagedir = args[4].strip() #e.g. ../stage
+
+    nspr_tar = "nspr-" + nsprrel + ".tar.gz"
+    nsprtar_with_path= stagedir + "/v" + nsprrel + "/src/" + nspr_tar
+    if (not os.path.exists(nsprtar_with_path)):
+        exit_with_failure("cannot find nspr archive at expected location " + nsprtar_with_path)
+
+    nss_stagedir= stagedir + "/" + nssreltag + "/src"
+    if (os.path.exists(nss_stagedir)):
+        exit_with_failure("nss stage directory already exists: " + nss_stagedir)
+
+    nss_tar = "nss-" + nssrel + ".tar.gz"
+
+    check_call_noisy(["mkdir", "-p", nss_stagedir])
+    check_call_noisy(["hg", "archive", "-r", nssreltag, "--prefix=nss-" + nssrel + "/nss",
+                      stagedir + "/" + nssreltag + "/src/" + nss_tar, "-X", ".hgtags"])
+    check_call_noisy(["tar", "-xz", "-C", nss_stagedir, "-f", nsprtar_with_path])
+    print "changing to directory " + nss_stagedir
+    os.chdir(nss_stagedir)
+    check_call_noisy(["tar", "-xz", "-f", nss_tar])
+    check_call_noisy(["mv", "-i", "nspr-" + nsprrel + "/nspr", "nss-" + nssrel + "/"])
+    check_call_noisy(["rmdir", "nspr-" + nsprrel])
+
+    nss_nspr_tar = "nss-" + nssrel + "-with-nspr-" + nsprrel + ".tar.gz"
+
+    check_call_noisy(["tar", "-cz", "--remove-files", "-f", nss_nspr_tar, "nss-" + nssrel])
+    check_call("sha1sum " + nss_tar + " " + nss_nspr_tar + " > SHA1SUMS", shell=True)
+    check_call("sha256sum " + nss_tar + " " + nss_nspr_tar + " > SHA256SUMS", shell=True)
+    print "created directory " + nss_stagedir + " with files:"
+    check_call_noisy(["ls", "-l"])
+
+if action in ('remove_beta'):
+    remove_beta_status()
+
+elif action in ('set_beta'):
+    set_beta_status()
+
+elif action in ('print_library_versions'):
+    print_library_versions()
+
+elif action in ('print_root_ca_version'):
+    print_root_ca_version()
+
+elif action in ('set_root_ca_version'):
+    set_root_ca_version()
+
+# x.y version number - 2 parameters
+elif action in ('set_version_to_minor_release'):
+    set_version_to_minor_release()
+
+# x.y.z version number - 3 parameters
+elif action in ('set_version_to_patch_release'):
+    set_version_to_patch_release()
+
+# change the release candidate number, usually increased by one,
+# usually if previous release candiate had a bug
+# 1 parameter
+elif action in ('set_release_candidate_number'):
+    set_release_candidate_number()
+
+# use the build/release candiate number in the identifying version number
+# 4 parameters
+elif action in ('set_4_digit_release_number'):
+    set_4_digit_release_number()
+
+elif action in ('create_nss_release_archive'):
+    create_nss_release_archive()
+
+else:
+    o.print_help()
+    sys.exit(2)
+
+sys.exit(0)
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/decision_task.yml
@@ -0,0 +1,96 @@
+---
+version: 0
+metadata:
+  name: "NSS Continuous Integration"
+  description: "The Taskcluster task graph for the NSS tree"
+  owner: "mozilla-taskcluster-maintenance@mozilla.com"
+  source: {{{source}}}
+
+scopes:
+  # Note the below scopes are insecure however these get overriden on the server
+  # side to whatever scopes are set by mozilla-taskcluster.
+  - queue:*
+  - docker-worker:*
+  - scheduler:*
+
+# Available mustache parameters (see the mozilla-taskcluster source):
+#
+# - owner:          push user (email address)
+# - source:         URL of this YAML file
+# - url:            repository URL
+# - project:        alias for the destination repository (basename of
+#                   the repo url)
+# - level:          SCM level of the destination repository
+#                   (1 = try, 3 = core)
+# - revision:       (short) hg revision of the head of the push
+# - revision_hash:  (long) hg revision of the head of the push
+# - comment:        comment of the push
+# - pushlog_id:     id in the pushlog table of the repository
+#
+# and functions:
+# - as_slugid:      convert a label into a slugId
+# - from_now:       generate a timestamp at a fixed offset from now
+
+tasks:
+  - taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
+    reruns: 3
+    task:
+      created: '{{now}}'
+      deadline: '{{#from_now}}1 day{{/from_now}}'
+      expires: '{{#from_now}}14 days{{/from_now}}'
+
+      metadata:
+        owner: mozilla-taskcluster-maintenance@mozilla.com
+        source: {{{source}}}
+        name: "NSS Decision Task"
+        description: |
+            The task that creates all of the other tasks in the task graph
+
+      workerType: "hg-worker"
+      provisionerId: "aws-provisioner-v1"
+
+      tags:
+        createdForUser: {{owner}}
+
+      routes:
+        - "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
+        - "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
+
+      payload:
+        image: "ttaubert/nss-ci:0.0.22"
+
+        env:
+          TC_OWNER: {{owner}}
+          TC_SOURCE: {{{source}}}
+          TC_PROJECT: {{project}}
+          TC_COMMENT: '{{comment}}'
+          TC_IMAGE: "ttaubert/nss-ci:0.0.22"
+          NSS_PUSHLOG_ID: '{{pushlog_id}}'
+          NSS_HEAD_REPOSITORY: '{{{url}}}'
+          NSS_HEAD_REVISION: '{{revision}}'
+
+        maxRunTime: 1800
+
+        command:
+          - bash
+          - -cx
+          - >
+            bin/checkout.sh &&
+            nss/automation/taskcluster/scripts/extend_task_graph.sh
+
+        artifacts:
+          public:
+            type: "directory"
+            path: "/home/worker/artifacts"
+            expires: "{{#from_now}}7 days{{/from_now}}"
+
+        graphs:
+          - /home/worker/artifacts/graph.json
+
+      extra:
+        treeherder:
+          symbol: D
+          build:
+            platform: nss-decision
+          machine:
+            platform: nss-decision
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-arm/Dockerfile
@@ -0,0 +1,27 @@
+FROM armv7/armhf-ubuntu:16.04
+MAINTAINER Tim Taubert <ttaubert@mozilla.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Add build and test scripts.
+ADD bin /home/worker/bin
+RUN chmod +x /home/worker/bin/*
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
new file mode 100755
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-arm/bin/checkout.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
new file mode 100755
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-arm/setup.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+export DEBIAN_FRONTEND=noninteractive
+
+# Update.
+apt-get -y update
+apt-get -y dist-upgrade
+
+apt_packages=()
+apt_packages+=('build-essential')
+apt_packages+=('ca-certificates')
+apt_packages+=('curl')
+apt_packages+=('python-dev')
+apt_packages+=('python-pip')
+apt_packages+=('python-setuptools')
+apt_packages+=('zlib1g-dev')
+
+# Install packages.
+apt-get install -y --no-install-recommends ${apt_packages[@]}
+
+# Latest Mercurial.
+pip install --upgrade pip
+pip install Mercurial
+
+# Compiler options.
+update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 30
+update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 30
+
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+rm $0
--- a/security/nss/automation/taskcluster/docker/bin/checkout.sh
+++ b/security/nss/automation/taskcluster/docker/bin/checkout.sh
@@ -7,9 +7,14 @@ if [ $(id -u) = 0 ]; then
     exec su worker $0
 fi
 
 # Default values for testing.
 REVISION=${NSS_HEAD_REVISION:-default}
 REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
 
 # Clone NSS.
-hg clone -r $REVISION $REPOSITORY nss
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
--- a/security/nss/automation/taskcluster/docker/setup.sh
+++ b/security/nss/automation/taskcluster/docker/setup.sh
@@ -1,46 +1,48 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
+# Update packages.
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y update && apt-get -y upgrade
+
+# Need this to add keys for PPAs below.
+apt-get install -y --no-install-recommends apt-utils
+
 apt_packages=()
 apt_packages+=('build-essential')
 apt_packages+=('ca-certificates')
 apt_packages+=('curl')
-apt_packages+=('mercurial')
 apt_packages+=('npm')
 apt_packages+=('git')
-apt_packages+=('valgrind')
+apt_packages+=('ninja-build')
+apt_packages+=('pkg-config')
 apt_packages+=('zlib1g-dev')
 
 # 32-bit builds
 apt_packages+=('lib32z1-dev')
 apt_packages+=('gcc-multilib')
 apt_packages+=('g++-multilib')
 
-# Install prerequisites.
-apt-get -y update
-export DEBIAN_FRONTEND=noninteractive
-apt-get install -y --no-install-recommends curl apt-utils
+# Latest Mercurial.
+apt_packages+=('mercurial')
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
+echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
 
-# Install the first round of packages.
-apt-get -y update
-apt-get install -y --no-install-recommends ${apt_packages[@]}
-
-# gcc 6
-apt_packages=()
+# gcc 4.8 and 6
 apt_packages+=('g++-6')
 apt_packages+=('g++-4.8')
 apt_packages+=('g++-6-multilib')
 apt_packages+=('g++-4.8-multilib')
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 60C317803A41BA51845E371A1E9377A2BA9EF27F
 echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu xenial main" > /etc/apt/sources.list.d/toolchain.list
 
-# Install the second round of packages.
+# Install packages.
 apt-get -y update
 apt-get install -y --no-install-recommends ${apt_packages[@]}
 
 # 32-bit builds
 ln -s /usr/include/x86_64-linux-gnu/zconf.h /usr/include
 
 # Install clang-3.8 into /usr/local/.
 curl http://llvm.org/releases/3.8.0/clang+llvm-3.8.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz | tar xJv -C /usr/local --strip-components=1
@@ -53,16 +55,14 @@ update-alternatives --install /usr/bin/g
 update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-6 20
 update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-6 20
 update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 30
 update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 30
 
 locale-gen en_US.UTF-8
 dpkg-reconfigure locales
 
-# Install required Node modules.
-su -c "npm install flatmap js-yaml merge slugid" worker
-
 # Cleanup.
 rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
 apt-get clean
 apt-get autoclean
 rm $0
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/arm/_build_base.yml
@@ -0,0 +1,40 @@
+---
+reruns: 2
+
+task:
+  created: !from_now 0
+  deadline: !from_now 24
+  provisionerId: localprovisioner
+  workerType: nss-rpi
+  schedulerId: task-graph-scheduler
+
+  metadata:
+    owner: !env TC_OWNER
+    source: !env TC_SOURCE
+
+  payload:
+    maxRunTime: 7200
+    image: ttaubert/nss-rpi-ci:0.0.3
+
+    artifacts:
+      public:
+        type: directory
+        path: /home/worker/artifacts
+        expires: !from_now 24
+
+    command:
+      - "/bin/bash"
+      - "-c"
+      - "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
+
+    env:
+      NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
+      NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
+      GCC_VERSION: gcc-5
+      GXX_VERSION: g++-5
+
+  extra:
+    treeherder:
+      tier: 3 # hide jobs by default
+      jobKind: build
+      symbol: B
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/arm/_test_base.yml
@@ -0,0 +1,27 @@
+---
+reruns: 2
+
+task:
+  created: !from_now 0
+  deadline: !from_now 24
+  provisionerId: localprovisioner
+  workerType: nss-rpi
+  schedulerId: task-graph-scheduler
+
+  metadata:
+    owner: !env TC_OWNER
+    source: !env TC_SOURCE
+
+  payload:
+    maxRunTime: 7200
+    image: ttaubert/nss-rpi-ci:0.0.3
+
+    command:
+      - "/bin/bash"
+      - "-c"
+      - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+
+  extra:
+    treeherder:
+      tier: 3 # hide jobs by default
+      jobKind: test
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/arm/build32-debug.yml
@@ -0,0 +1,29 @@
+---
+- task:
+    metadata:
+      name: "Linux 32 (ARM, debug)"
+      description: "Linux 32 (ARM, debug)"
+
+    extra:
+      treeherder:
+        build:
+          platform: linux32
+        machine:
+          platform: linux32
+        collection:
+          arm-debug: true
+
+  tests:
+    - chains
+    - cipher
+    - crmf
+    - db
+    - ec
+    - fips
+    - gtests
+    - lowhash
+    - merge
+    - sdr
+    - smime
+    - ssl
+    - tools
--- a/security/nss/automation/taskcluster/graph/build.js
+++ b/security/nss/automation/taskcluster/graph/build.js
@@ -3,23 +3,24 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 var fs = require("fs");
 var path = require("path");
 var merge = require("merge");
 var yaml = require("js-yaml");
 var slugid = require("slugid");
 var flatmap = require("flatmap");
+var try_syntax = require("./try_syntax");
 
 // Default values for debugging.
 var TC_OWNER = process.env.TC_OWNER || "{{tc_owner}}";
 var TC_SOURCE = process.env.TC_SOURCE || "{{tc_source}}";
 var TC_PROJECT = process.env.TC_PROJECT || "{{tc_project}}";
+var TC_COMMENT = process.env.TC_COMMENT || "{{tc_comment}}";
 var NSS_PUSHLOG_ID = process.env.NSS_PUSHLOG_ID || "{{nss_pushlog_id}}";
-var NSS_HEAD_REPOSITORY = process.env.NSS_HEAD_REPOSITORY || "{{nss_head_repo}}";
 var NSS_HEAD_REVISION = process.env.NSS_HEAD_REVISION || "{{nss_head_rev}}";
 
 // Register custom YAML types.
 var YAML_SCHEMA = yaml.Schema.create([
   // Point in time at $now + x hours.
   new yaml.Type('!from_now', {
     kind: "scalar",
 
@@ -38,17 +39,17 @@ var YAML_SCHEMA = yaml.Schema.create([
   new yaml.Type('!env', {
     kind: "scalar",
 
     resolve: function (data) {
       return true;
     },
 
     construct: function (data) {
-      return process.env[data];
+      return process.env[data] || "{{" + data.toLowerCase() + "}}";
     }
   })
 ]);
 
 // Parse a given YAML file.
 function parseYamlFile(file, fallback) {
   // Return fallback if the file doesn't exist.
   if (!fs.existsSync(file) && fallback) {
@@ -165,13 +166,18 @@ function generatePlatformTasks(platform)
 
       return tasks;
     }
   });
 }
 
 // Construct the task graph.
 var graph = {
-  tasks: flatmap(["linux", "windows", "tools"], generatePlatformTasks)
+  tasks: flatmap(["linux", "windows", "arm", "tools"], generatePlatformTasks)
 };
 
+// Filter tasks when try syntax is given.
+if (TC_PROJECT == "nss-try") {
+  graph.tasks = try_syntax.filterTasks(graph.tasks, TC_COMMENT);
+}
+
 // Output the final graph.
 process.stdout.write(JSON.stringify(graph, null, 2));
--- a/security/nss/automation/taskcluster/graph/linux/_build_base.yml
+++ b/security/nss/automation/taskcluster/graph/linux/_build_base.yml
@@ -9,17 +9,17 @@ task:
   schedulerId: task-graph-scheduler
 
   metadata:
     owner: !env TC_OWNER
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
-    image: ttaubert/nss-ci:0.0.17
+    image: !env TC_IMAGE
 
     artifacts:
       public:
         type: directory
         path: /home/worker/artifacts
         expires: !from_now 24
 
     command:
@@ -30,9 +30,10 @@ task:
     env:
       NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
       NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
       GCC_VERSION: gcc-5
       GXX_VERSION: g++-5
 
   extra:
     treeherder:
+      jobKind: build
       symbol: B
--- a/security/nss/automation/taskcluster/graph/linux/_test_base.yml
+++ b/security/nss/automation/taskcluster/graph/linux/_test_base.yml
@@ -9,14 +9,18 @@ task:
   schedulerId: task-graph-scheduler
 
   metadata:
     owner: !env TC_OWNER
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
-    image: ttaubert/nss-ci:0.0.17
+    image: !env TC_IMAGE
 
     command:
       - "/bin/bash"
       - "-c"
       - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+
+  extra:
+    treeherder:
+      jobKind: test
--- a/security/nss/automation/taskcluster/graph/linux/build32-debug.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build32-debug.yml
@@ -1,18 +1,14 @@
 ---
 - task:
     metadata:
       name: "Linux 32 (debug)"
       description: "Linux 32 (debug)"
 
-    payload:
-      env:
-        NSS_ENABLE_TLS_1_3: 1
-
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
         collection:
           debug: true
@@ -29,39 +25,21 @@
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 32 (debug, no TLS 1.3)"
-      description: "Linux 32 (debug, no TLS 1.3)"
-
-    extra:
-      treeherder:
-        build:
-          platform: linux32
-        machine:
-          platform: linux32
-        collection:
-          debug: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 32 (debug, clang-3.8)"
       description: "Linux 32 (debug, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
@@ -74,17 +52,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (debug, gcc-4.8)"
       description: "Linux 32 (debug, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
@@ -97,17 +74,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (debug, gcc-6.1)"
       description: "Linux 32 (debug, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
@@ -121,17 +97,16 @@
 - task:
     metadata:
       name: "Linux 32 (debug, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 32 (debug, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
         collection:
--- a/security/nss/automation/taskcluster/graph/linux/build32-opt.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build32-opt.yml
@@ -1,17 +1,16 @@
 ---
 - task:
     metadata:
       name: "Linux 32 (opt)"
       description: "Linux 32 (opt)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
@@ -30,43 +29,21 @@
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 32 (opt, no TLS 1.3)"
-      description: "Linux 32 (opt, no TLS 1.3)"
-
-    payload:
-      env:
-        BUILD_OPT: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux32
-        machine:
-          platform: linux32
-        collection:
-          opt: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 32 (opt, clang-3.8)"
       description: "Linux 32 (opt, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
@@ -80,17 +57,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (opt, gcc-4.8)"
       description: "Linux 32 (opt, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
@@ -104,17 +80,16 @@
 
 - task:
     metadata:
       name: "Linux 32 (opt, gcc-6.1)"
       description: "Linux 32 (opt, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
@@ -129,17 +104,16 @@
 - task:
     metadata:
       name: "Linux 32 (opt, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 32 (opt, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
 
     extra:
       treeherder:
         build:
           platform: linux32
         machine:
           platform: linux32
--- a/security/nss/automation/taskcluster/graph/linux/build64-asan.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build64-asan.yml
@@ -3,17 +3,18 @@
     metadata:
       name: "Linux 64 (ASan, debug)"
       description: "Linux 64 (ASan, debug)"
 
     payload:
       env:
         GCC_VERSION: clang
         GXX_VERSION: clang++
-        NSS_ENABLE_TLS_1_3: 1
+        NSS_DISABLE_ARENA_FREE_LIST: 1
+        NSS_DISABLE_UNLOAD: 1
         USE_ASAN: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
--- a/security/nss/automation/taskcluster/graph/linux/build64-debug.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build64-debug.yml
@@ -1,17 +1,16 @@
 ---
 - task:
     metadata:
       name: "Linux 64 (debug)"
       description: "Linux 64 (debug)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
           platform: linux64
@@ -22,52 +21,29 @@
     - chains
     - cipher
     - crmf
     - db
     - ec
     - fips
     - gtests
     - lowhash
-    - memleak
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 64 (debug, no TLS 1.3)"
-      description: "Linux 64 (debug, no TLS 1.3)"
-
-    payload:
-      env:
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux64
-        machine:
-          platform: linux64
-        collection:
-          debug: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 64 (debug, clang-3.8)"
       description: "Linux 64 (debug, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
@@ -81,17 +57,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (debug, gcc-4.8)"
       description: "Linux 64 (debug, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
@@ -105,17 +80,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (debug, gcc-6.1)"
       description: "Linux 64 (debug, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
@@ -130,17 +104,16 @@
 - task:
     metadata:
       name: "Linux 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
           platform: linux64
@@ -152,17 +125,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (debug, NSS_DISABLE_LIBPKIX=1)"
       description: "Linux 64 (debug, NSS_DISABLE_LIBPKIX=1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         NSS_DISABLE_LIBPKIX: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
deleted file mode 100644
--- a/security/nss/automation/taskcluster/graph/linux/build64-lsan.yml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-- task:
-    metadata:
-      name: "Linux 64 (LSan, debug)"
-      description: "Linux 64 (LSan, debug)"
-
-    payload:
-      env:
-        GCC_VERSION: clang
-        GXX_VERSION: clang++
-        NSS_DISABLE_ARENA_FREE_LIST: 1
-        NSS_DISABLE_UNLOAD: 1
-        NSS_ENABLE_TLS_1_3: 1
-        NSS_ENABLE_LSAN: 1
-        USE_ASAN: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux64
-        machine:
-          platform: linux64
-        collection:
-          lsan: true
-
-  tests:
-    - chains
-    - cipher
-    - db
-    - ec
-    - gtests
-    - lowhash
-    - merge
-    - sdr
-    - smime
-    - ssl
-    - tools
--- a/security/nss/automation/taskcluster/graph/linux/build64-opt.yml
+++ b/security/nss/automation/taskcluster/graph/linux/build64-opt.yml
@@ -1,17 +1,16 @@
 ---
 - task:
     metadata:
       name: "Linux 64 (opt)"
       description: "Linux 64 (opt)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
@@ -31,44 +30,21 @@
     - merge
     - sdr
     - smime
     - ssl
     - tools
 
 - task:
     metadata:
-      name: "Linux 64 (opt, no TLS 1.3)"
-      description: "Linux 64 (opt, no TLS 1.3)"
-
-    payload:
-      env:
-        BUILD_OPT: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: linux64
-        machine:
-          platform: linux64
-        collection:
-          opt: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
-
-- task:
-    metadata:
       name: "Linux 64 (opt, clang-3.8)"
       description: "Linux 64 (opt, clang-3.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: clang
         GXX_VERSION: clang++
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
@@ -83,17 +59,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (opt, gcc-4.8)"
       description: "Linux 64 (opt, gcc-4.8)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-4.8
         GXX_VERSION: g++-4.8
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
@@ -108,17 +83,16 @@
 
 - task:
     metadata:
       name: "Linux 64 (opt, gcc-6.1)"
       description: "Linux 64 (opt, gcc-6.1)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
         GCC_VERSION: gcc-6
         GXX_VERSION: g++-6
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
@@ -134,17 +108,16 @@
 - task:
     metadata:
       name: "Linux 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
       description: "Linux 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: linux64
         machine:
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "decision-task",
+  "version": "0.0.1",
+  "private": true,
+  "author": "Tim Taubert <ttaubert@mozilla.com>",
+  "description": "Decision Task for NSS",
+  "dependencies": {
+    "flatmap": "0.0.3",
+    "intersect": "^1.0.1",
+    "js-yaml": "^3.6.1",
+    "merge": "^1.2.0",
+    "minimist": "^1.2.0",
+    "slugid": "^1.1.0"
+  }
+}
--- a/security/nss/automation/taskcluster/graph/tests/chains.yml
+++ b/security/nss/automation/taskcluster/graph/tests/chains.yml
@@ -1,13 +1,14 @@
 ---
 - task:
     metadata:
       name: Chains tests
       description: Chains tests
 
     payload:
+      maxRunTime: 14400
       env:
         NSS_TESTS: chains
 
     extra:
       treeherder:
         symbol: Chains
--- a/security/nss/automation/taskcluster/graph/tests/crmf.yml
+++ b/security/nss/automation/taskcluster/graph/tests/crmf.yml
@@ -1,13 +1,14 @@
 ---
 - task:
     metadata:
       name: CRMF tests
       description: CRMF tests
 
     payload:
       env:
+        ASAN_OPTIONS: detect_leaks=0
         NSS_TESTS: crmf
 
     extra:
       treeherder:
         symbol: CRMF
--- a/security/nss/automation/taskcluster/graph/tests/fips.yml
+++ b/security/nss/automation/taskcluster/graph/tests/fips.yml
@@ -1,13 +1,14 @@
 ---
 - task:
     metadata:
       name: FIPS tests
       description: FIPS tests
 
     payload:
       env:
+        ASAN_OPTIONS: detect_leaks=0
         NSS_TESTS: fips
 
     extra:
       treeherder:
         symbol: FIPS
deleted file mode 100644
--- a/security/nss/automation/taskcluster/graph/tests/memleak.yml
+++ /dev/null
@@ -1,228 +0,0 @@
----
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, standard)"
-      description: "MemLeak tests (ssl_server, standard)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: standard
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: standard
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, pkix)"
-      description: "MemLeak tests (ssl_server, pkix)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: pkix
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: pkix
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, sharedb)"
-      description: "MemLeak tests (ssl_server, sharedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: sharedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: sharedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_server, upgradedb)"
-      description: "MemLeak tests (ssl_server, upgradedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_server
-        NSS_CYCLES: upgradedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Server
-        groupName: MemLeak tests (ssl_server)
-        symbol: upgradedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, standard)"
-      description: "MemLeak tests (ssl_client, standard)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_CYCLES: standard
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: standard
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, pkix)"
-      description: "MemLeak tests (ssl_client, pkix)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_TESTS: memleak
-        NSS_CYCLES: pkix
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: pkix
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, sharedb)"
-      description: "MemLeak tests (ssl_client, sharedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_CYCLES: sharedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: sharedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (ssl_client, upgradedb)"
-      description: "MemLeak tests (ssl_client, upgradedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: ssl_client
-        NSS_CYCLES: upgradedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Client
-        groupName: MemLeak tests (ssl_client)
-        symbol: upgradedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, standard)"
-      description: "MemLeak tests (chains, standard)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_CYCLES: standard
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: standard
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, pkix)"
-      description: "MemLeak tests (chains, pkix)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_TESTS: memleak
-        NSS_CYCLES: pkix
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: pkix
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, sharedb)"
-      description: "MemLeak tests (chains, sharedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_CYCLES: sharedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: sharedb
-        collection:
-          memleak: true
-
-- task:
-    metadata:
-      name: "MemLeak tests (chains, upgradedb)"
-      description: "MemLeak tests (chains, upgradedb)"
-
-    payload:
-      env:
-        NSS_MEMLEAK_TESTS: chains
-        NSS_CYCLES: upgradedb
-        NSS_TESTS: memleak
-
-    extra:
-      treeherder:
-        groupSymbol: Chains
-        groupName: MemLeak tests (chains)
-        symbol: upgradedb
-        collection:
-          memleak: true
--- a/security/nss/automation/taskcluster/graph/tests/ssl.yml
+++ b/security/nss/automation/taskcluster/graph/tests/ssl.yml
@@ -1,16 +1,16 @@
 ---
 - task:
     metadata:
       name: "SSL tests (standard)"
       description: "SSL tests (standard)"
 
     payload:
-      maxRunTime: 7200
+      maxRunTime: 14400
       env:
         NSS_CYCLES: standard
         NSS_TESTS: ssl
 
     extra:
       treeherder:
         symbol: standard
         groupSymbol: SSL
--- a/security/nss/automation/taskcluster/graph/tools/_build_base.yml
+++ b/security/nss/automation/taskcluster/graph/tools/_build_base.yml
@@ -9,20 +9,21 @@ task:
   schedulerId: task-graph-scheduler
 
   metadata:
     owner: !env TC_OWNER
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
-    image: ttaubert/nss-ci:0.0.17
+    image: !env TC_IMAGE
 
     env:
       NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
       NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
 
   extra:
     treeherder:
       build:
         platform: nss-tools
       machine:
         platform: nss-tools
+      jobKind: test
--- a/security/nss/automation/taskcluster/graph/tools/clang-format.yml
+++ b/security/nss/automation/taskcluster/graph/tools/clang-format.yml
@@ -3,13 +3,13 @@
     metadata:
       name: clang-format-3.8
       description: clang-format-3.8
 
     payload:
       command:
         - "/bin/bash"
         - "-c"
-        - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh nss/lib/ssl"
+        - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh"
 
     extra:
       treeherder:
         symbol: clang-format-3.8
--- a/security/nss/automation/taskcluster/graph/tools/scan-build.yml
+++ b/security/nss/automation/taskcluster/graph/tools/scan-build.yml
@@ -14,14 +14,13 @@
       command:
         - "/bin/bash"
         - "-c"
         - "bin/checkout.sh && nss/automation/taskcluster/scripts/run_scan_build.sh"
 
       env:
         GCC_VERSION: clang
         GXX_VERSION: clang++
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         symbol: scan-build-3.8
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/taskcluster/graph/try_syntax.js
@@ -0,0 +1,143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var intersect = require("intersect");
+var parse_args = require("minimist");
+
+function parseOptions(opts) {
+  opts = parse_args(opts.split(/\s+/), {
+    default: {build: "do", platform: "all", unittests: "none", tools: "none"},
+    alias: {b: "build", p: "platform", u: "unittests", t: "tools", e: "extra-builds"},
+    string: ["build", "platform", "unittests", "tools", "extra-builds"]
+  });
+
+  // Parse build types (d=debug, o=opt).
+  var builds = intersect(opts.build.split(""), ["d", "o"]);
+
+  // If the given value is nonsense default to debug and opt builds.
+  if (builds.length == 0) {
+    builds = ["d", "o"];
+  }
+
+  // Parse platforms.
+  var allPlatforms = ["linux", "linux64", "linux64-asan", "win64", "arm"];
+  var platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
+
+  // If the given value is nonsense or "none" default to all platforms.
+  if (platforms.length == 0 && opts.platform != "none") {
+    platforms = allPlatforms;
+  }
+
+  // Parse unit tests.
+  var allUnitTests = ["crmf", "chains", "cipher", "db", "ec", "fips", "gtest",
+                      "lowhash", "merge", "sdr", "smime", "tools", "ssl"];
+  var unittests = intersect(opts.unittests.split(/\s*,\s*/), allUnitTests);
+
+  // If the given value is "all" run all tests.
+  // If it's nonsense then don't run any tests.
+  if (opts.unittests == "all") {
+    unittests = allUnitTests;
+  } else if (unittests.length == 0) {
+    unittests = [];
+  }
+
+  // Parse tools.
+  var allTools = ["clang-format", "scan-build"];
+  var tools = intersect(opts.tools.split(/\s*,\s*/), allTools);
+
+  // If the given value is "all" run all tools.
+  // If it's nonsense then don't run any tools.
+  if (opts.tools == "all") {
+    tools = allTools;
+  } else if (tools.length == 0) {
+    tools = [];
+  }
+
+  return {
+    builds: builds,
+    platforms: platforms,
+    unittests: unittests,
+    extra: (opts.e == "all"),
+    tools: tools
+  };
+}
+
+function filterTasks(tasks, comment) {
+  // Check for try syntax in changeset comment.
+  var match = comment.match(/^\s*try:\s*(.*)\s*$/);
+  if (!match) {
+    return tasks;
+  }
+
+  var opts = parseOptions(match[1]);
+
+  return tasks.filter(function (task) {
+    var env = task.task.payload.env || {};
+    var th = task.task.extra.treeherder;
+    var machine = th.machine.platform;
+    var coll = th.collection || {};
+    var found;
+
+    // Filter tools. We can immediately return here as those
+    // are not affected by platform or build type selectors.
+    if (machine == "nss-tools") {
+      return opts.tools.some(function (tool) {
+        var symbol = th.symbol.toLowerCase();
+        return symbol.startsWith(tool);
+      });
+    }
+
+    // Filter unit tests.
+    if (env.NSS_TESTS && env.TC_PARENT_TASK_ID) {
+      found = opts.unittests.some(function (test) {
+        var symbol = (th.groupSymbol || th.symbol).toLowerCase();
+        return symbol.startsWith(test);
+      });
+
+      if (!found) {
+        return false;
+      }
+    }
+
+    // Filter extra builds.
+    if (th.groupSymbol == "Builds" && !opts.extra) {
+      return false;
+    }
+
+    // Filter by platform.
+    found = opts.platforms.some(function (platform) {
+      var aliases = {
+        "linux": "linux32",
+        "linux64-asan": "linux64",
+        "win64": "windows2012-64",
+        "arm": "linux32"
+      };
+
+      // Check the platform name.
+      var keep = machine == (aliases[platform] || platform);
+
+      // Additional checks.
+      if (platform == "linux64-asan") {
+        keep &= coll.asan;
+      } else if (platform == "arm") {
+        keep &= (coll["arm-opt"] || coll["arm-debug"]);
+      } else {
+        keep &= (coll.opt || coll.debug);
+      }
+
+      return keep;
+    });
+
+    if (!found) {
+      return false;
+    }
+
+    // Finally, filter by build type.
+    var isDebug = coll.debug || coll.asan || coll["arm-debug"];
+    return (isDebug && opts.builds.indexOf("d") > -1) ||
+           (!isDebug && opts.builds.indexOf("o") > -1);
+  });
+}
+
+module.exports.filterTasks = filterTasks;
--- a/security/nss/automation/taskcluster/graph/windows/_build_base.yml
+++ b/security/nss/automation/taskcluster/graph/windows/_build_base.yml
@@ -16,21 +16,22 @@ task:
     maxRunTime: 3600
 
     artifacts:
       - type: directory
         path: "public\\build"
         expires: !from_now 24
 
     command:
-      - "hg clone -r %NSS_HEAD_REVISION% %NSS_HEAD_REPOSITORY% nss"
+      - "bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || (sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || (sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\""
       - "bash -c nss/automation/taskcluster/windows/build.sh"
 
     env:
       PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;c:\\mozilla-build\\python\\Scripts;c:\\mozilla-build\\yasm;c:\\mozilla-build\\msys\\bin;c:\\Windows\\system32;c:\\mozilla-build\\upx391w;c:\\mozilla-build\\moztools-x64\\bin;c:\\mozilla-build\\wget"
       NSS_HEAD_REPOSITORY: !env NSS_HEAD_REPOSITORY
       NSS_HEAD_REVISION: !env NSS_HEAD_REVISION
       DOMSUF: localdomain
       HOST: localhost
 
   extra:
     treeherder:
+      jobKind: build
       symbol: B
--- a/security/nss/automation/taskcluster/graph/windows/_test_base.yml
+++ b/security/nss/automation/taskcluster/graph/windows/_test_base.yml
@@ -13,8 +13,12 @@ task:
     source: !env TC_SOURCE
 
   payload:
     maxRunTime: 3600
 
     command:
       - "hg clone -r %NSS_HEAD_REVISION% %NSS_HEAD_REPOSITORY% nss"
       - "bash -c nss/automation/taskcluster/windows/run_tests.sh"
+
+  extra:
+    treeherder:
+      jobKind: test
--- a/security/nss/automation/taskcluster/graph/windows/build64-debug.yml
+++ b/security/nss/automation/taskcluster/graph/windows/build64-debug.yml
@@ -1,71 +1,50 @@
 ---
 - task:
     metadata:
       name: "Windows 2012 64 (debug)"
       description: "Windows 2012 64 (debug)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: windows2012-64
-        machine:
-          platform: windows2012-64
-        collection:
-          debug: true
-
-  tests:
-    - cipher
-    - crmf
-    - db
-    - ec
-    - fips
-    - gtests
-    - lowhash
-    - merge
-    - sdr
-    - smime
-    - tools
-
-- task:
-    metadata:
-      name: "Windows 2012 64 (debug, no TLS 1.3)"
-      description: "Windows 2012 64 (debug, no TLS 1.3)"
-
-    payload:
-      env:
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
           platform: windows2012-64
         collection:
           debug: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
+
+  tests:
+    - chains
+    - cipher
+    - crmf
+    - db
+    - ec
+    - fips
+    - gtests
+    - lowhash
+    - merge
+    - sdr
+    - smime
+    - ssl
+    - tools
 
 - task:
     metadata:
       name: "Windows 2012 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
       description: "Windows 2012 64 (debug, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
           platform: windows2012-64
--- a/security/nss/automation/taskcluster/graph/windows/build64-opt.yml
+++ b/security/nss/automation/taskcluster/graph/windows/build64-opt.yml
@@ -1,73 +1,51 @@
 ---
 - task:
     metadata:
       name: "Windows 2012 64 (opt)"
       description: "Windows 2012 64 (opt)"
 
     payload:
       env:
-        NSS_ENABLE_TLS_1_3: 1
-        BUILD_OPT: 1
-        USE_64: 1
-
-    extra:
-      treeherder:
-        build:
-          platform: windows2012-64
-        machine:
-          platform: windows2012-64
-        collection:
-          opt: true
-
-  tests:
-    - cipher
-    - crmf
-    - db
-    - ec
-    - fips
-    - gtests
-    - lowhash
-    - merge
-    - sdr
-    - smime
-    - tools
-
-- task:
-    metadata:
-      name: "Windows 2012 64 (opt, no TLS 1.3)"
-      description: "Windows 2012 64 (opt, no TLS 1.3)"
-
-    payload:
-      env:
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
           platform: windows2012-64
         collection:
           opt: true
-        groupSymbol: Builds
-        groupName: Various builds
-        symbol: noTLSv1.3
+
+  tests:
+    - chains
+    - cipher
+    - crmf
+    - db
+    - ec
+    - fips
+    - gtests
+    - lowhash
+    - merge
+    - sdr
+    - smime
+    - ssl
+    - tools
 
 - task:
     metadata:
       name: "Windows 2012 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
       description: "Windows 2012 64 (opt, NSS_NO_PKCS11_BYPASS=1)"
 
     payload:
       env:
         NSS_NO_PKCS11_BYPASS: 1
-        NSS_ENABLE_TLS_1_3: 1
         BUILD_OPT: 1
         USE_64: 1
 
     extra:
       treeherder:
         build:
           platform: windows2012-64
         machine:
--- a/security/nss/automation/taskcluster/scripts/build.sh
+++ b/security/nss/automation/taskcluster/scripts/build.sh
@@ -1,29 +1,27 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-if [ $(id -u) = 0 ]; then
-    source $(dirname $0)/tools.sh
+source $(dirname $0)/tools.sh
 
+if [[ $(id -u) -eq 0 ]]; then
     # Set compiler.
     switch_compilers
 
     # Drop privileges by re-running this script.
     exec su worker $0
 fi
 
 # Clone NSPR if needed.
-if [ ! -d "nspr" ]; then
-    hg clone https://hg.mozilla.org/projects/nspr
-fi
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
 
 # Build.
-cd nss && make nss_build_all && cd ..
+make -C nss nss_build_all
 
 # Generate certificates.
 NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" $(dirname $0)/run_tests.sh
 
 # Reset test counter so that test runs pick up our certificates.
 echo 1 > tests_results/security/localhost
 
 # Package.
--- a/security/nss/automation/taskcluster/scripts/extend_task_graph.sh
+++ b/security/nss/automation/taskcluster/scripts/extend_task_graph.sh
@@ -4,10 +4,13 @@ set -v -e -x
 
 if [ $(id -u) = 0 ]; then
     # Drop privileges by re-running this script.
     exec su worker $0
 fi
 
 mkdir -p /home/worker/artifacts
 
+# Install Node.JS dependencies.
+cd nss/automation/taskcluster/graph/ && npm install
+
 # Build the task graph definition.
-nodejs nss/automation/taskcluster/graph/build.js > /home/worker/artifacts/graph.json
+nodejs build.js > /home/worker/artifacts/graph.json
--- a/security/nss/automation/taskcluster/scripts/run_clang_format.sh
+++ b/security/nss/automation/taskcluster/scripts/run_clang_format.sh
@@ -1,21 +1,57 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-if [ $(id -u) = 0 ]; then
+if [ $(id -u) -eq 0 ]; then
     # Drop privileges by re-running this script.
-    exec su worker $0 $@
+    exec su worker $0 "$@"
 fi
 
 # Apply clang-format 3.8 on the provided folder and verify that this doesn't change any file.
 # If any file differs after formatting, the script eventually exits with 1.
 # Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
 
+# Includes a default set of directories.
+
+apply=false
+if [ $1 = "--apply" ]; then
+    apply=true
+    shift
+fi
+
+if [ $# -gt 0 ]; then
+    dirs=("$@")
+else
+    top=$(dirname $0)/../../..
+    dirs=( \
+         "$top/cmd" \
+         "$top/lib/base" \
+         "$top/lib/certdb" \
+         "$top/lib/certhigh" \
+         "$top/lib/ckfw" \
+         "$top/lib/crmf" \
+         "$top/lib/cryptohi" \
+         "$top/lib/dbm" \
+         "$top/lib/dev" \
+         "$top/lib/softoken" \
+         "$top/lib/ssl" \
+         "$top/external_tests/common" \
+         "$top/external_tests/der_gtest" \
+         "$top/external_tests/pk11_gtest" \
+         "$top/external_tests/ssl_gtest" \
+         "$top/external_tests/util_gtest" \
+    )
+fi
+
 STATUS=0
-for i in $(find $1 -type f -name '*.[ch]' -print); do
-    if ! clang-format $i | diff -Naur $i -; then
-        echo "Sorry, $i is not formatted properly. Please use clang-format 3.8 on your patch before landing."
-        STATUS=1
-    fi
+for dir in "${dirs[@]}"; do
+    for i in $(find "$dir" -type f \( -name '*.[ch]' -o -name '*.cc' \) -print); do
+        if $apply; then
+            clang-format -i "$i"
+        elif ! clang-format "$i" | diff -Naur "$i" -; then
+            echo "Sorry, $i is not formatted properly. Please use clang-format 3.8 on your patch before landing."
+            STATUS=1
+        fi
+    done
 done
 exit $STATUS
--- a/security/nss/automation/taskcluster/scripts/tools.sh
+++ b/security/nss/automation/taskcluster/scripts/tools.sh
@@ -9,8 +9,21 @@ switch_compilers() {
     if [ -e "$GCC" ] && [ -e "$GXX" ]; then
         update-alternatives --set gcc $GCC
         update-alternatives --set g++ $GXX
     else
         echo "Unknown compiler $GCC_VERSION/$GXX_VERSION."
         exit 1
     fi
 }
+
+# Usage: hg_clone repo dir [revision=@]
+hg_clone() {
+    repo=$1
+    dir=$2
+    rev=${3:-@}
+    for i in 0 2 5; do
+        sleep $i
+        hg clone -r "$rev" "$repo" "$dir" && return
+        rm -rf "$dir"
+    done
+    exit 1
+}
--- a/security/nss/automation/taskcluster/windows/build.sh
+++ b/security/nss/automation/taskcluster/windows/build.sh
@@ -1,21 +1,21 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
 # Set up the toolchain.
 source $(dirname $0)/setup.sh
 
 # Clone NSPR.
-hg clone https://hg.mozilla.org/projects/nspr
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
 
 # Build.
-cd nss && make nss_build_all
+make -C nss nss_build_all
 
 # Generate certificates.
-cd tests && NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" ./all.sh
+NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" nss/tests/all.sh
 
 # Reset test counter so that test runs pick up our certificates.
-cd ../../ && echo 1 > tests_results/security/localhost
+echo 1 > tests_results/security/localhost
 
 # Package.
 7z a public/build/dist.7z dist tests_results
--- a/security/nss/automation/taskcluster/windows/releng.manifest
+++ b/security/nss/automation/taskcluster/windows/releng.manifest
@@ -1,10 +1,10 @@
 [
   {
     "version": "Visual Studio 2015 Update 2 / SDK 10.0.10586.0/212",
-    "size": 332343834,
-    "digest": "55814aaabcd4aa51fe85918ec02a8c29bc067d41ee79ddcfd628daaba5a06d4241a73a51bf5a8bc69cc762b52551009f44b05e65682c45b4684c17fb2d017c2c",
+    "size": 332442800,
+    "digest": "995394a4a515c7cb0f8595f26f5395361a638870dd0bbfcc22193fe1d98a0c47126057d5999cc494f3f3eac5cb49160e79757c468f83ee5797298e286ef6252c",
     "algorithm": "sha512",
     "filename": "vs2015u2.zip",
     "unpack": true
   }
 ]
--- a/security/nss/automation/taskcluster/windows/setup.sh
+++ b/security/nss/automation/taskcluster/windows/setup.sh
@@ -1,17 +1,30 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-hg clone https://hg.mozilla.org/build/tools
+# Usage: hg_clone repo dir [revision=@]
+hg_clone() {
+    repo=$1
+    dir=$2
+    rev=${3:-@}
+    for i in 0 2 5; do
+        sleep $i
+        hg clone -r "$rev" "$repo" "$dir" && return
+        rm -rf "$dir"
+    done
+    exit 1
+}
+
+hg_clone https://hg.mozilla.org/build/tools tools default
 
 tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://api.pub.build.mozilla.org/tooltool/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache
 VSPATH="$(pwd)/vs2015u2"
 
 export WINDOWSSDKDIR="${VSPATH}/SDK"
 export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
 export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
 
-export PATH="${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${VSPATH}/DIASDK/bin/amd64:${PATH}"
+export PATH="${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
 
-export INCLUDE="${VSPATH}/VC/include:${VSPATH}/VC/atlmfc/include:${VSPATH}/SDK/Include/ucrt:${VSPATH}/SDK/Include/shared:${VSPATH}/SDK/Include/um:${VSPATH}/SDK/Include/winrt:${VSPATH}/DIASDK/include"
-export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/VC/atlmfc/lib/amd64:${VSPATH}/SDK/lib/ucrt/x64:${VSPATH}/SDK/lib/um/x64:${VSPATH}/DIASDK/lib/amd64"
+export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.10586.0/ucrt:${VSPATH}/SDK/Include/10.0.10586.0/shared:${VSPATH}/SDK/Include/10.0.10586.0/um"
+export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.10586.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.10586.0/um/x64"
--- a/security/nss/cmd/Makefile
+++ b/security/nss/cmd/Makefile
@@ -11,20 +11,24 @@ include manifest.mn
 include $(CORE_DEPTH)/coreconf/config.mk
 
 ifdef BUILD_LIBPKIX_TESTS
 DIRS += libpkix
 endif
 
 ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
 BLTEST_SRCDIR =
+ECPERF_SRCDIR =
+ECTEST_SRCDIR =
 FIPSTEST_SRCDIR =
 SHLIBSIGN_SRCDIR =
 else
 BLTEST_SRCDIR = bltest
+ECPERF_SRCDIR = ecperf
+ECTEST_SRCDIR = ectest
 FIPSTEST_SRCDIR = fipstest
 SHLIBSIGN_SRCDIR = shlibsign
 endif
 
 LOWHASHTEST_SRCDIR=
 ifeq ($(FREEBL_LOWHASH),1)
 LOWHASHTEST_SRCDIR = lowhashtest  # Add the lowhashtest directory to DIRS.
 endif
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -1231,31 +1231,29 @@ seed_Decrypt(void *cx, unsigned char *ou
 
 SECStatus
 rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey;
     SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
     if (rv == SECSuccess) {
-        output->len = pubKey->modulus.data[0] ? pubKey->modulus.len :
-                                              pubKey->modulus.len - 1;
+        output->len = pubKey->modulus.data[0] ? pubKey->modulus.len : pubKey->modulus.len - 1;
     }
     return rv;
 }
 
 SECStatus
 rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     RSAPrivateKey *privKey = (RSAPrivateKey *)params->privKey;
     SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data);
     if (rv == SECSuccess) {
-        output->len = privKey->modulus.data[0] ? privKey->modulus.len :
-                                               privKey->modulus.len - 1;
+        output->len = privKey->modulus.data[0] ? privKey->modulus.len : privKey->modulus.len - 1;
     }
     return rv;
 }
 
 SECStatus
 rsa_signDigestPSS(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
@@ -2844,18 +2842,17 @@ print_td:
 #ifndef NSS_DISABLE_ECC
         case bltestECDSA:
             if (td) {
                 fprintf(stdout, "%12s", "ec_curve");
             } else {
                 ECPrivateKey *key = (ECPrivateKey *)info->params.asymk.privKey;
                 ECCurveName curveName = key->ecParams.name;
                 fprintf(stdout, "%12s",
-                        ecCurve_map[curveName] ? ecCurve_map[curveName]->text :
-                                               "Unsupported curve");
+                        ecCurve_map[curveName] ? ecCurve_map[curveName]->text : "Unsupported curve");
             }
             break;
 #endif
         case bltestMD2:
         case bltestMD5:
         case bltestSHA1:
         case bltestSHA256:
         case bltestSHA384:
@@ -3156,17 +3153,17 @@ verify_self_test(bltestIO *result, bltes
         }
     }
     return equal ? SECSuccess : SECFailure;
 }
 
 static SECStatus
 ReadFileToItem(PLArenaPool *arena, SECItem *dst, const char *filename)
 {
-    SECItem tmp = {siBuffer, NULL, 0};
+    SECItem tmp = { siBuffer, NULL, 0 };
     PRFileDesc *file;
     SECStatus rv;
 
     file = PR_Open(filename, PR_RDONLY, 00660);
     if (!file) {
         return SECFailure;
     }
     rv = SECU_FileToItem(&tmp, file);
--- a/security/nss/cmd/certcgi/certcgi.c
+++ b/security/nss/cmd/certcgi/certcgi.c
@@ -878,18 +878,17 @@ AddAuthKeyID(void *extHandle,
         }
         rv = CERT_CopyName(arena, &genNames->name.directoryName,
                            directoryName);
         CERT_DestroyName(directoryName);
         if (rv != SECSuccess) {
             error_out("ERROR: Unable to copy Directory Name");
         }
         authKeyID->authCertIssuer = genNames;
-        if (authKeyID->authCertIssuer == NULL && SECFailure ==
-                                                     PORT_GetError()) {
+        if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) {
             error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
         }
         authKeyID->authCertSerialNumber = issuerCert->serialNumber;
     }
     rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE,
                                     SEC_OID_X509_AUTH_KEY_ID,
                                     (EXTEN_VALUE_ENCODER)
                                         CERT_EncodeAuthKeyID);
@@ -2030,26 +2029,26 @@ main(int argc, char **argv)
     int n;
     int i;
     int serial;
     int chainLen;
     int which_key;
     char *pos;
 #ifdef OFFLINE
     char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7"
-        "SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2"
-        "jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iyd"
-        "zPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0"
-        "GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXc"
-        "sAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQ"
-        "ikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZ"
-        "aOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%"
-        "26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dt"
-        "rue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoi"
-        "ceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
+                        "SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2"
+                        "jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iyd"
+                        "zPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0"
+                        "GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXc"
+                        "sAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQ"
+                        "ikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZ"
+                        "aOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%"
+                        "26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dt"
+                        "rue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoi"
+                        "ceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
 #else
     char *form_output;
 #endif
     char *issuerNameStr;
     char *certName;
     char *DBdir = DB_DIRECTORY;
     char *prefixs[10] = { "CA#1-", "CA#2-", "CA#3-",
                           "CA#4-", "CA#5-", "CA#6-",
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -179,48 +179,55 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHa
     return rv;
 }
 
 static SECStatus
 CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
         SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii,
         const char *emailAddrs, const char *dnsNames,
         certutilExtnList extnList, const char *extGeneric,
-        /*out*/ SECItem *result)
+        PRBool pssCertificate, /*out*/ SECItem *result)
 {
     CERTSubjectPublicKeyInfo *spki;
     CERTCertificateRequest *cr;
     SECItem *encoding;
     SECOidTag signAlgTag;
     SECStatus rv;
     PLArenaPool *arena;
     void *extHandle;
     SECItem signedReq = { siBuffer, NULL, 0 };
 
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
     /* Create info about public key */
     spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
     if (!spki) {
         SECU_PrintError(progName, "unable to create subject public key");
         return SECFailure;
     }
 
+    /* Change cert type to RSA-PSS, if desired. */
+    if (pssCertificate) {
+        spki->algorithm.parameters.data = NULL;
+        rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE, 0);
+    }
+
     /* Generate certificate request */
     cr = CERT_CreateCertificateRequest(subject, spki, NULL);
     SECKEY_DestroySubjectPublicKeyInfo(spki);
     if (!cr) {
         SECU_PrintError(progName, "unable to make certificate request");
         return SECFailure;
     }
 
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-        SECU_PrintError(progName, "out of memory");
-        return SECFailure;
-    }
-
     extHandle = CERT_StartCertificateRequestAttributes(cr);
     if (extHandle == NULL) {
         PORT_FreeArena(arena, PR_FALSE);
         CERT_DestroyCertificateRequest(cr);
         return SECFailure;
     }
     if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) !=
         SECSuccess) {
@@ -2349,16 +2356,17 @@ enum certutilOpts {
     opt_KeyOpFlagsOff,
     opt_KeyAttrFlags,
     opt_EmptyPassword,
     opt_CertVersion,
     opt_AddSubjectAltNameExt,
     opt_DumpExtensionValue,
     opt_GenericExtensions,
     opt_NewNickname,
+    opt_Pss,
     opt_Help
 };
 
 static const secuCommandFlag commands_init[] =
     {
       { /* cmd_AddCert             */ 'A', PR_FALSE, 0, PR_FALSE },
       { /* cmd_CreateNewCert       */ 'C', PR_FALSE, 0, PR_FALSE },
       { /* cmd_DeleteCert          */ 'D', PR_FALSE, 0, PR_FALSE },
@@ -2467,16 +2475,18 @@ static const secuCommandFlag options_ini
         "certVersion" },
       { /* opt_AddSubjectAltExt    */ 0, PR_TRUE, 0, PR_FALSE, "extSAN" },
       { /* opt_DumpExtensionValue  */ 0, PR_TRUE, 0, PR_FALSE,
         "dump-ext-val" },
       { /* opt_GenericExtensions   */ 0, PR_TRUE, 0, PR_FALSE,
         "extGeneric" },
       { /* opt_NewNickname         */ 0, PR_TRUE, 0, PR_FALSE,
         "new-n" },
+      { /* opt_Pss                 */ 0, PR_FALSE, 0, PR_FALSE,
+        "pss" },
     };
 #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
 
 static secuCommandFlag certutil_commands[NUM_COMMANDS];
 static secuCommandFlag certutil_options[NUM_OPTIONS];
 
 static const secuCommand certutil = {
     NUM_COMMANDS,
@@ -3317,16 +3327,32 @@ certutil_main(int argc, char **argv, PRB
 
         /*  If all that was needed was keygen, exit.  */
         if (certutil.commands[cmd_GenKeyPair].activated) {
             rv = SECSuccess;
             goto shutdown;
         }
     }
 
+    if (certutil.options[opt_Pss].activated) {
+        if (!certutil.commands[cmd_CertReq].activated &&
+            !certutil.commands[cmd_CreateAndAddCert].activated) {
+            PR_fprintf(PR_STDERR,
+                       "%s -%c: --pss only works with -R or -S.\n",
+                       progName, commandToRun);
+            return 255;
+        }
+        if (keytype != rsaKey) {
+            PR_fprintf(PR_STDERR,
+                       "%s -%c: --pss only works with RSA keys.\n",
+                       progName, commandToRun);
+            return 255;
+        }
+    }
+
     /* If we need a list of extensions convert the flags into list format */
     if (certutil.commands[cmd_CertReq].activated ||
         certutil.commands[cmd_CreateAndAddCert].activated ||
         certutil.commands[cmd_CreateNewCert].activated) {
         certutil_extns[ext_keyUsage].activated =
             certutil.options[opt_AddCmdKeyUsageExt].activated;
         if (!certutil_extns[ext_keyUsage].activated) {
             certutil_extns[ext_keyUsage].activated =
@@ -3404,19 +3430,19 @@ certutil_main(int argc, char **argv, PRB
     /*  Make a cert request (-R).  */
     if (certutil.commands[cmd_CertReq].activated) {
         rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
                      certutil.options[opt_PhoneNumber].arg,
                      certutil.options[opt_ASCIIForIO].activated,
                      certutil.options[opt_ExtendedEmailAddrs].arg,
                      certutil.options[opt_ExtendedDNSNames].arg,
                      certutil_extns,
-                     (certutil.options[opt_GenericExtensions].activated ?
-                                                                        certutil.options[opt_GenericExtensions].arg
+                     (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
                                                                         : NULL),
+                     certutil.options[opt_Pss].activated,
                      &certReqDER);
         if (rv)
             goto shutdown;
         privkey->wincx = &pwdata;
     }
 
     /*
      *  Certificate creation
@@ -3429,19 +3455,19 @@ certutil_main(int argc, char **argv, PRB
     if (certutil.commands[cmd_CreateAndAddCert].activated) {
         static certutilExtnList nullextnlist = { { PR_FALSE, NULL } };
         rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
                      certutil.options[opt_PhoneNumber].arg,
                      PR_FALSE, /* do not BASE64-encode regardless of -a option */
                      NULL,
                      NULL,
                      nullextnlist,
-                     (certutil.options[opt_GenericExtensions].activated ?
-                                                                        certutil.options[opt_GenericExtensions].arg
+                     (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
                                                                         : NULL),
+                     certutil.options[opt_Pss].activated,
                      &certReqDER);
         if (rv)
             goto shutdown;
         privkey->wincx = &pwdata;
     }
 
     /*  Create a certificate (-C or -S).  */
     if (certutil.commands[cmd_CreateAndAddCert].activated ||
@@ -3451,18 +3477,17 @@ certutil_main(int argc, char **argv, PRB
                         &certReqDER, &privkey, &pwdata, hashAlgTag,
                         serialNumber, warpmonths, validityMonths,
                         certutil.options[opt_ExtendedEmailAddrs].arg,
                         certutil.options[opt_ExtendedDNSNames].arg,
                         certutil.options[opt_ASCIIForIO].activated &&
                             certutil.commands[cmd_CreateNewCert].activated,
                         certutil.options[opt_SelfSign].activated,
                         certutil_extns,
-                        (certutil.options[opt_GenericExtensions].activated ?
-                                                                           certutil.options[opt_GenericExtensions].arg
+                        (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
                                                                            : NULL),
                         certVersion,
                         &certDER);
         if (rv)
             goto shutdown;
     }
 
     /*
--- a/security/nss/cmd/ecperf/ecperf.c
+++ b/security/nss/cmd/ecperf/ecperf.c
@@ -1,17 +1,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "blapi.h"
 #include "ec.h"
 #include "ecl-curve.h"
-#include "nss.h"
-#include "secutil.h"
+#include "prprf.h"
+#include "basicutil.h"
 #include "pkcs11.h"
 #include "nspr.h"
 #include <stdio.h>
 
 #define __PASTE(x, y) x##y
 
 /*
  * Get the NSS specific PKCS #11 function names.
@@ -81,22 +81,24 @@ static SECOidTag ecCurve_oid_map[] = {
     SEC_OID_SECG_EC_SECT131R2,
     SEC_OID_SECG_EC_SECT163R1,
     SEC_OID_SECG_EC_SECT193R1,
     SEC_OID_SECG_EC_SECT193R2,
     SEC_OID_SECG_EC_SECT239K1,
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_1 */
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_8 */
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_9 */
-    SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */
+    SEC_OID_UNKNOWN  /* ECCurve_pastLastCurve */
 };
 
 typedef SECStatus (*op_func)(void *, void *, void *);
 typedef SECStatus (*pk11_op_func)(CK_SESSION_HANDLE, void *, void *, void *);
 
+typedef SECItem SECKEYECParams;
+
 typedef struct ThreadDataStr {
     op_func op;
     void *p1;
     void *p2;
     void *p3;
     int iters;
     PRLock *lock;
     int count;
@@ -705,19 +707,26 @@ main(int argv, char **argc)
 
     if ((ansi | nist | secp) == 0) {
         nist = 1;
     }
     if ((usepkcs11 | usefreebl) == 0) {
         usefreebl = 1;
     }
 
-    rv = NSS_NoDB_Init(NULL);
+    rv = RNG_RNGInit();
     if (rv != SECSuccess) {
-        SECU_PrintError("Error:", "NSS_NoDB_Init");
+        SECU_PrintError("Error:", "RNG_RNGInit");
+        return -1;
+    }
+    RNG_SystemInfoForRNG();
+
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", "SECOID_Init");
         goto cleanup;
     }
 
     if (usepkcs11) {
         CK_RV crv = NSC_Initialize((CK_VOID_PTR)&pk11args);
         if (crv != CKR_OK) {
             fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv);
             return SECFailure;
@@ -760,15 +769,16 @@ main(int argv, char **argc)
         ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
         ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
         ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
         ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
     }
 #endif
 
 cleanup:
-    rv |= NSS_Shutdown();
+    rv |= SECOID_Shutdown();
+    RNG_RNGShutdown();
 
     if (rv != SECSuccess) {
         printf("Error: exiting with error value\n");
     }
     return rv;
 }
--- a/security/nss/cmd/ectest/ectest.c
+++ b/security/nss/cmd/ectest/ectest.c
@@ -1,17 +1,18 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "blapi.h"
 #include "ec.h"
 #include "ecl-curve.h"
-#include "nss.h"
-#include "secutil.h"
+#include "prprf.h"
+#include "basicutil.h"
+#include "secder.h"
 #include "secitem.h"
 #include "nspr.h"
 #include <stdio.h>
 
 typedef struct {
     ECCurveName curve;
     char *privhex;
     char *our_pubhex;
@@ -150,19 +151,20 @@ cleanup:
  * tests fail, then it prints an error message, aborts, and returns an
  * error code. Otherwise, returns 0. */
 int
 main(int argv, char **argc)
 {
     SECStatus rv = SECSuccess;
     int numkats = 0;
     int i = 0;
-    rv = NSS_NoDB_Init(NULL);
+
+    rv = SECOID_Init();
     if (rv != SECSuccess) {
-        SECU_PrintError("Error:", "NSS_NoDB_Init");
+        SECU_PrintError("Error:", "SECOID_Init");
         goto cleanup;
     }
 
     while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
         numkats++;
     }
     printf("1..%d\n", numkats);
     for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
@@ -170,15 +172,15 @@ main(int argv, char **argc)
         if (rv != SECSuccess) {
             printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
         } else {
             printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
         }
     }
 
 cleanup:
-    rv |= NSS_Shutdown();
+    rv |= SECOID_Shutdown();
 
     if (rv != SECSuccess) {
         printf("Error: exiting with error value\n");
     }
     return rv;
 }
--- a/security/nss/cmd/httpserv/httpserv.c
+++ b/security/nss/cmd/httpserv/httpserv.c
@@ -740,20 +740,18 @@ handle_connection(
                         if (entry) {
                             /* revoked status response */
                             revoked = PR_TRUE;
                             DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
                         } else {
                             /* else good status response */
                             if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
                                 unknown = PR_TRUE;
-                                nextUpdate = PR_Now() + (PRTime)60 * 60 *
-                                                            24 * PR_USEC_PER_SEC; /*tomorrow*/
-                                revoDate = PR_Now() - (PRTime)60 * 60 *
-                                                          24 * PR_USEC_PER_SEC; /*yesterday*/
+                                nextUpdate = PR_Now() + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /*tomorrow*/
+                                revoDate = PR_Now() - (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC;   /*yesterday*/
                             }
                         }
                     }
 
                     {
                         PRTime now = PR_Now();
                         PLArenaPool *arena = NULL;
                         CERTOCSPSingleResponse *sr;
--- a/security/nss/cmd/lib/basicutil.c
+++ b/security/nss/cmd/lib/basicutil.c
@@ -682,23 +682,22 @@ SECU_SECItemToHex(const SECItem *item, c
         *dst = '\0';
     }
 }
 
 static unsigned char
 nibble(char c)
 {
     c = PORT_Tolower(c);
-    return (c >= '0' && c <= '9') ? c - '0' :
-                                  (c >=
-                                       'a' &&
-                                   c <=
-                                       'f')
-                                      ? c - 'a' + 10
-                                      : -1;
+    return (c >= '0' && c <= '9') ? c - '0' : (c >=
+                                                   'a' &&
+                                               c <=
+                                                   'f')
+                                                  ? c - 'a' + 10
+                                                  : -1;
 }
 
 SECStatus
 SECU_SECItemHexStringToBinary(SECItem *srcdest)
 {
     unsigned int i;
 
     if (!srcdest) {
--- a/security/nss/cmd/libpkix/testutil/testutil.h
+++ b/security/nss/cmd/libpkix/testutil/testutil.h
@@ -224,19 +224,18 @@ extern "C" {
 
 #define PKIX_TEST_ABORT_ON_NULL(obj) \
     do {                             \
         if (!obj) {                  \
             goto cleanup;            \
         }                            \
     } while (0)
 
-#define PKIX_TEST_ARENAS_ARG(arena)                                           \
-    (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : \
-           PKIX_FALSE)
+#define PKIX_TEST_ARENAS_ARG(arena) \
+    (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : PKIX_FALSE)
 
 #define PKIX_TEST_ERROR_RECEIVED (pkixTestErrorMsg || pkixTestErrorResult)
 
 /* see source file for function documentation */
 
 void startTests(char *testName);
 
 void endTests(char *testName);
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -17,16 +17,18 @@ REQUIRES = nss nspr libdbm
 LIB_SRCDIRS = \
  lib \
  $(NULL)
 endif
 
 ifndef NSS_BUILD_UTIL_ONLY
 SOFTOKEN_SRCDIRS = \
  $(BLTEST_SRCDIR) \
+ $(ECPERF_SRCDIR) \
+ $(ECTEST_SRCDIR) \
  $(FIPSTEST_SRCDIR)  \
  $(LOWHASHTEST_SRCDIR)  \
  $(SHLIBSIGN_SRCDIR) \
  $(NULL)
 endif
 
 ifndef NSS_BUILD_SOFTOKEN_ONLY
 ifndef NSS_BUILD_UTIL_ONLY
@@ -37,18 +39,16 @@ NSS_SRCDIRS = \
  certcgi \
  certutil  \
  chktest  \
  crlutil  \
  crmftest \
  dbtest \
  derdump  \
  digest  \
- ecperf \
- ectest \
  httpserv  \
  listsuites \
  makepqg  \
  multinit \
  ocspclnt  \
  ocspresp \
  oidcalc  \
  p7content  \
--- a/security/nss/cmd/modutil/install.c
+++ b/security/nss/cmd/modutil/install.c
@@ -401,20 +401,18 @@ Pk11Install_DoInstall(char *jarFile, con
         goto loser;
     }
     /*printf("passed the archive\n");*/
 
     /*
      * Show the user security information, allow them to abort or continue
      */
     if (Pk11Install_UserVerifyJar(jar, PR_STDOUT,
-                                  force ?
-                                        PR_FALSE
-                                        :
-                                        PR_TRUE) &&
+                                  force ? PR_FALSE
+                                        : PR_TRUE) &&
         !force) {
         if (feedback) {
             PR_fprintf(feedback, msgStrings[USER_ABORT]);
         }
         ret = PK11_INSTALL_USER_ABORT;
         goto loser;
     }
 
@@ -534,17 +532,16 @@ Pk11Install_DoInstall(char *jarFile, con
     if (ret) {
         goto loser;
     }
 
     ret = PK11_INSTALL_SUCCESS;
 loser:
     if (Pk11Install_valueList) {
         Pk11Install_ValueList_delete(Pk11Install_valueList);
-        PR_Free(Pk11Install_valueList);
         Pk11Install_valueList = NULL;
     }
     if (jar) {
         JAR_destroy(jar);
     }
     if (made_temp_file) {
         PR_Delete(SCRIPT_TEMP_FILE);
     }
@@ -559,34 +556,30 @@ loser:
 // actually run the installation, copying files to and fro
 */
 static Pk11Install_Error
 DoInstall(JAR *jar, const char *installDir, const char *tempDir,
           Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify)
 {
     Pk11Install_File *file;
     Pk11Install_Error ret;
-    char *reldir;
-    char *dest;
     char *modDest;
     char *cp;
     int i;
     int status;
     char *tempname, *temp;
     StringList executables;
     StringNode *execNode;
     PRProcessAttr *attr;
     PRProcess *proc;
     char *argv[2];
     char *envp[1];
     int errcode;
 
     ret = PK11_INSTALL_UNSPECIFIED;
-    reldir = NULL;
-    dest = NULL;
     modDest = NULL;
     tempname = NULL;
 
     StringList_new(&executables);
     /*
     // Create Temporary directory
     */
     tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME);
@@ -599,21 +592,27 @@ DoInstall(JAR *jar, const char *installD
         ret = PK11_INSTALL_CREATE_DIR;
         goto loser;
     }
 
     /*
     // Install all the files
     */
     for (i = 0; i < platform->numFiles; i++) {
+        char *dest;
         file = &platform->files[i];
 
         if (file->relativePath) {
             PRBool foundMarker = PR_FALSE;
-            reldir = PR_Strdup(file->relativePath);
+            char *reldir = PR_Strdup(file->relativePath);
+
+            if (!reldir) {
+                error(PK11_INSTALL_UNSPECIFIED);
+                goto loser;
+            }
 
             /* Replace all the markers with the directories for which they stand */
             while (1) {
                 if ((cp = PL_strcasestr(reldir, ROOT_MARKER))) {
                     /* Has a %root% marker  */
                     *cp = '\0';
                     temp = PR_smprintf("%s%s%s", reldir, installDir,
                                        cp + strlen(ROOT_MARKER));
@@ -631,22 +630,25 @@ DoInstall(JAR *jar, const char *installD
                 } else {
                     break;
                 }
             }
             if (!foundMarker) {
                 /* Has no markers...this isn't really a relative directory */
                 error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath);
                 ret = PK11_INSTALL_BOGUS_REL_DIR;
+                PR_Free(reldir);
                 goto loser;
             }
             dest = reldir;
-            reldir = NULL;
         } else if (file->absolutePath) {
             dest = PR_Strdup(file->absolutePath);
+        } else {
+            error(PK11_INSTALL_UNSPECIFIED);
+            goto loser;
         }
 
         /* Remember if this is the module file, we'll need to add it later */
         if (i == platform->modFile) {
             modDest = PR_Strdup(dest);
         }
 
         /* Remember is this is an executable, we'll need to run it later */
@@ -680,28 +682,20 @@ DoInstall(JAR *jar, const char *installD
         }
         if (feedback) {
             PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG],
                        file->jarPath, dest);
         }
 
 /* no NSPR command to change permissions? */
 #ifdef XP_UNIX
-        chmod(dest, file->permissions);
+        (void)chmod(dest, file->permissions);
 #endif
 
-        /* Memory clean-up tasks */
-        if (reldir) {
-            PR_Free(reldir);
-            reldir = NULL;
-        }
-        if (dest) {
-            PR_Free(dest);
-            dest = NULL;
-        }
+        PR_Free(dest);
     }
     /* Make sure we found the module file */
     if (!modDest) {
         /* Internal problem here, since every platform is supposed to have
            a module file */
         error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName);
         ret = PK11_INSTALL_NO_MOD_FILE;
         goto loser;
@@ -772,22 +766,16 @@ DoInstall(JAR *jar, const char *installD
 
     if (feedback) {
         PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]);
     }
 
     ret = PK11_INSTALL_SUCCESS;
 
 loser:
-    if (reldir) {
-        PR_Free(reldir);
-    }
-    if (dest) {
-        PR_Free(dest);
-    }
     if (modDest) {
         PR_Free(modDest);
     }
     if (tempname) {
         PRFileInfo info;
         if (PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
             if (info.type == PR_FILE_DIRECTORY) {
                 /* Recursively remove temporary directory */
--- a/security/nss/cmd/modutil/installparse.c
+++ b/security/nss/cmd/modutil/installparse.c
@@ -41,95 +41,104 @@ extern char *Pk11Install_yytext;
 char *Pk11Install_yyerrstr = NULL;
 
 #line 40 "ytab.c"
 #define OPENBRACE 257
 #define CLOSEBRACE 258
 #define STRING 259
 #define YYERRCODE 256
 /* clang-format on */
-short yylhs[] = {                                        -1,
-    0,    1,    1,    2,    2,    3,    4,
+short yylhs[] = {
+    -1,
+    0, 1, 1, 2, 2, 3, 4,
 };
-short yylen[] = {                                         2,
-    1,    2,    0,    1,    1,    4,    1,
+short yylen[] = {
+    2,
+    1, 2, 0, 1, 1, 4, 1,
 };
-short yydefred[] = {                                      0,
-    0,    0,    1,    0,    4,    0,    2,    0,    0,    6,
+short yydefred[] = {
+    0,
+    0, 0, 1, 0, 4, 0, 2, 0, 0, 6,
 };
-short yydgoto[] = {                                       2,
-    3,    4,    5,    6,
+short yydgoto[] = {
+    2,
+    3, 4, 5, 6,
 };
-short yysindex[] = {                                   -257,
-    0,    0,    0, -257,    0, -252,    0, -257, -251,    0,
+short yysindex[] = {
+    -257,
+    0, 0, 0, -257, 0, -252, 0, -257, -251, 0,
 };
-short yyrindex[] = {                                      6,
-    1,    0,    0,    3,    0,    0,    0, -250,    0,    0,
+short yyrindex[] = {
+    6,
+    1, 0, 0, 3, 0, 0, 0, -250, 0, 0,
 };
-short yygindex[] = {                                      0,
-   -4,    0,    0,    0,
+short yygindex[] = {
+    0,
+    -4, 0, 0, 0,
 };
 #define YYTABLESIZE 261
-short yytable[] = {                                       7,
-    5,    1,    3,    9,    8,    3,   10,    3,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-    0,    0,    0,    0,    0,    0,    0,    7,    5,    5,
+short yytable[] = {
+    7,
+    5, 1, 3, 9, 8, 3, 10, 3, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 7, 5, 5,
     3,
 };
-short yycheck[] = {                                       4,
-    0,  259,    0,    8,  257,    0,  258,  258,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
-   -1,   -1,   -1,   -1,   -1,   -1,   -1,  257,  258,  259,
-  258,
+short yycheck[] = {
+    4,
+    0, 259, 0, 8, 257, 0, 258, 258, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, 257, 258, 259,
+    258,
 };
 /* clang-format on */
 #define YYFINAL 2
 #ifndef YYDEBUG
 #define YYDEBUG 0
 #endif
 #define YYMAXTOKEN 259
 #if YYDEBUG
--- a/security/nss/cmd/multinit/multinit.c
+++ b/security/nss/cmd/multinit/multinit.c
@@ -497,18 +497,17 @@ do_list_certs(const char *progName, int 
 
     for (node = CERT_LIST_HEAD(sorted); !CERT_LIST_END(node, sorted);
          node = CERT_LIST_NEXT(node)) {
         CERTCertificate *cert = node->cert;
         char *commonName;
 
         SECU_PrintCertNickname(node, stderr);
         if (log) {
-            fprintf(stderr, "*	Slot=%s*\n", cert->slot ?
-                                                        PK11_GetTokenName(cert->slot)
+            fprintf(stderr, "*	Slot=%s*\n", cert->slot ? PK11_GetTokenName(cert->slot)
                                                         : "none");
             fprintf(stderr, "*	Nickname=%s*\n", cert->nickname);
             fprintf(stderr, "*	Subject=<%s>*\n", cert->subjectName);
             fprintf(stderr, "*	Issuer=<%s>*\n", cert->issuerName);
             fprintf(stderr, "*	SN=");
             for (i = 0; i < cert->serialNumber.len; i++) {
                 if (i != 0)
                     fprintf(stderr, ":");
--- a/security/nss/cmd/p7env/p7env.c
+++ b/security/nss/cmd/p7env/p7env.c
@@ -232,17 +232,17 @@ main(int argc, char **argv)
     }
 
     if (EncryptFile(outFile, inFile, recipients, progName)) {
         SECU_PrintError(progName, "problem encrypting data");
         return -1;
     }
 
     /* free certs */
-    for (rcpt = recipients; rcpt != NULL; ) {
+    for (rcpt = recipients; rcpt != NULL;) {
         struct recipient *next = rcpt->next;
         CERT_DestroyCertificate(rcpt->cert);
         PORT_Free(rcpt->nickname);
         PORT_Free(rcpt);
         rcpt = next;
     }
 
     if (inFile && inFile != stdin) {
--- a/security/nss/cmd/pk11util/pk11util.c
+++ b/security/nss/cmd/pk11util/pk11util.c
@@ -1092,20 +1092,18 @@ printArg(Value *ptr, int arg_number)
             printConst(attribute->type, ConstAttribute, 1);
             printf(" Attribute Data: ");
             if (attribute->pValue == NULL) {
                 printf("NULL\n");
                 printf("Attribute Len: %lu\n", attribute->ulValueLen);
             } else {
                 constType = getConstFromAttribute(attribute->type);
                 if (constType != ConstNone) {
-                    CK_ULONG value = (constType == ConstBool) ?
-                                                              *(CK_BBOOL *)attribute->pValue
-                                                              :
-                                                              *(CK_ULONG *)attribute->pValue;
+                    CK_ULONG value = (constType == ConstBool) ? *(CK_BBOOL *)attribute->pValue
+                                                              : *(CK_ULONG *)attribute->pValue;
                     printConst(value, constType, 1);
                 } else {
                     printf("\n");
                     printDump(attribute->pValue, attribute->ulValueLen);
                 }
             }
             break;
         case ArgMechanism:
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -747,18 +747,17 @@ P12U_ListPKCS12File(char *in_file, PK11S
                         if (!fd) {
                             SECU_PrintError(progName,
                                             "Cannot create output file");
                         } else {
                             PR_Write(fd, dip->der->data, dip->der->len);
                             PR_Close(fd);
                         }
                     } else if (SECU_PrintSignedData(stdout, dip->der,
-                                                    (dip->hasKey) ?
-                                                                  "(has private key)"
+                                                    (dip->hasKey) ? "(has private key)"
                                                                   : "",
                                                     0, (SECU_PPFunc)SECU_PrintCertificate) !=
                                0) {
                         SECU_PrintError(progName, "PKCS12 print cert bag failed");
                     }
                     if (dip->friendlyName != NULL) {
                         printf("    Friendly Name: %s\n\n",
                                dip->friendlyName->data);
@@ -977,20 +976,18 @@ main(int argc, char **argv)
 
     if (pk12util.options[opt_Export].activated &&
         !pk12util.options[opt_Nickname].activated) {
         Usage(progName);
     }
 
     slotname = SECU_GetOptionArg(&pk12util, opt_TokenName);
 
-    import_file = (pk12util.options[opt_List].activated) ?
-                                                         SECU_GetOptionArg(&pk12util, opt_List)
-                                                         :
-                                                         SECU_GetOptionArg(&pk12util, opt_Import);
+    import_file = (pk12util.options[opt_List].activated) ? SECU_GetOptionArg(&pk12util, opt_List)
+                                                         : SECU_GetOptionArg(&pk12util, opt_Import);
     export_file = SECU_GetOptionArg(&pk12util, opt_Export);
 
     if (pk12util.options[opt_P12FilePWFile].activated) {
         p12FilePw.source = PW_FROMFILE;
         p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePWFile].arg);
     }
 
     if (pk12util.options[opt_P12FilePW].activated) {
@@ -1047,18 +1044,17 @@ main(int argc, char **argv)
         if (cipher == SEC_OID_UNKNOWN) {
             PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
             SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
             pk12uErrno = PK12UERR_INVALIDALGORITHM;
             goto done;
         }
     }
 
-    certCipher = PK11_IsFIPS() ? SEC_OID_UNKNOWN :
-                               SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+    certCipher = PK11_IsFIPS() ? SEC_OID_UNKNOWN : SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
     if (pk12util.options[opt_CertCipher].activated) {
         char *cipherString = pk12util.options[opt_CertCipher].arg;
 
         if (PORT_Strcasecmp(cipherString, "none") == 0) {
             certCipher = SEC_OID_UNKNOWN;
         } else {
             certCipher = PKCS12U_MapCipherFromString(cipherString, certKeyLen);
             /* If the user requested a cipher and we didn't find it, then
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -215,17 +215,17 @@ PrintParameterUsage()
         "   badsig: use a good status but with an invalid signature\n"
         "   corrupted: stapled cert status is an invalid block of data\n"
         "   random: each connection uses a random status from this list:\n"
         "           good, revoked, unknown, failure, badsig, corrupted\n"
         "   ocsp: fetch from external OCSP server using AIA, or none\n"
         "-A <ca> Nickname of a CA used to sign a stapled cert status\n"
         "-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
         "-H override default DHE server support, 0: disable, 1: enable, "
-            " 2: require DH named groups\n"
+        " 2: require DH named groups\n"
         "-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
         "-c Restrict ciphers\n"
         "-Y prints cipher values allowed for parameter -c and exits\n"
         "-G enables the extended master secret extension [RFC7627]\n"
         "-Q enables ALPN for HTTP/1.1 [RFC7301]\n",
         stderr);
 }
 
@@ -513,18 +513,17 @@ mySSLSNISocketConfig(PRFileDesc *fd, con
                 cert = PK11_FindCertFromNickname(nickName, &pwdata);
                 if (cert == NULL) {
                     goto loser; /* Send alert */
                 }
                 privKey = PK11_FindKeyByAnyCert(cert, &pwdata);
                 if (privKey == NULL) {
                     goto loser; /* Send alert */
                 }
-                if (SSL_ConfigServerCert(fd, cert, privKey, NULL, 0)
-                    != SECSuccess) {
+                if (SSL_ConfigServerCert(fd, cert, privKey, NULL, 0) != SECSuccess) {
                     goto loser; /* Send alert */
                 }
                 SECKEY_DestroyPrivateKey(privKey);
                 CERT_DestroyCertificate(cert);
                 return i;
             }
         }
     }
@@ -2010,18 +2009,18 @@ server_main(
         }
         rv = SSL_OptionSet(model_sock, SSL_ENABLE_0RTT_DATA, PR_TRUE);
         if (rv != SECSuccess) {
             errExit("error enabling 0RTT ");
         }
     }
 
     if (enableALPN) {
-        PRUint8 alpnVal[] = {0x08,
-                             0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
+        PRUint8 alpnVal[] = { 0x08,
+                              0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 };
         rv = SSL_OptionSet(model_sock, SSL_ENABLE_ALPN, PR_TRUE);
         if (rv != SECSuccess) {
             errExit("error enabling ALPN");
         }
 
         rv = SSL_SetNextProtoNego(model_sock, alpnVal, sizeof(alpnVal));
         if (rv != SECSuccess) {
             errExit("error enabling ALPN");
@@ -2856,18 +2855,17 @@ main(int argc, char **argv)
     }
 
     /* allocate the array of thread slots, and launch the worker threads. */
     rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
 
     if (rv == SECSuccess && logStats) {
         loggerThread = PR_CreateThread(PR_SYSTEM_THREAD,
                                        logger, NULL, PR_PRIORITY_NORMAL,
-                                       useLocalThreads ?
-                                                       PR_LOCAL_THREAD
+                                       useLocalThreads ? PR_LOCAL_THREAD
                                                        : PR_GLOBAL_THREAD,
                                        PR_JOINABLE_THREAD, 0);
         if (loggerThread == NULL) {
             fprintf(stderr, "selfserv: Failed to launch logger thread!\n");
             rv = SECFailure;
         }
     }
 
--- a/security/nss/cmd/signtool/javascript.c
+++ b/security/nss/cmd/signtool/javascript.c
@@ -77,22 +77,19 @@ InlineJavaScript(char *dir, PRBool recur
  */
 static int
 javascript_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
 {
     char fullname[FNSIZE];
 
     /* only process inline scripts from .htm, .html, and .shtml*/
 
-    if (!(PL_strcaserstr(filename, ".htm") == filename + strlen(filename) -
-                                                  4) &&
-        !(PL_strcaserstr(filename, ".html") == filename + strlen(filename) -
-                                                   5) &&
-        !(PL_strcaserstr(filename, ".shtml") == filename + strlen(filename) -
-                                                    6)) {
+    if (!(PL_strcaserstr(filename, ".htm") == filename + strlen(filename) - 4) &&
+        !(PL_strcaserstr(filename, ".html") == filename + strlen(filename) - 5) &&
+        !(PL_strcaserstr(filename, ".shtml") == filename + strlen(filename) - 6)) {
         return 0;
     }
 
     /* don't process scripts that signtool has already
      extracted (those that are inside .arc directories) */
 
     if (PL_strcaserstr(filename, ".arc") == filename + strlen(filename) - 4)
         return 0;
@@ -377,18 +374,17 @@ ProcessTag(FileBuffer *fb, char **errStr
                             hyphenCount = 0;
                         }
                     }
                     ti->type = COMMENT_TAG;
                     break;
                 }
             /* fall through */
             case GET_ATT_STATE:
-                if (isspace(curchar) || curchar == '=' || curchar ==
-                                                              '>') {
+                if (isspace(curchar) || curchar == '=' || curchar == '>') {
                     /* end of the current attribute */
                     curPos = FB_GetPointer(fb) - 2;
                     if (curPos >= startID) {
                         /* We have an attribute */
                         curPair = (AVPair *)PR_Malloc(sizeof(AVPair));
                         if (!curPair)
                             out_of_memory();
                         curPair->value = NULL;
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -76,20 +76,18 @@ SignArchive(char *tree, char *keyName, c
     /* Add the rsa/dsa file as the first file in the archive. This is crucial
      * for a XPInstall compatible archive */
     if (xpi_arc) {
         if (verbosity >= 0) {
             PR_fprintf(outputFD, "%s \n", XPI_TEXT);
         }
 
         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
-                                                                   "dsa"
-                                                                   :
-                                                                   "rsa"));
+        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
+                                                                   : "rsa"));
         sprintf(fullfn, "%s/%s", tree, tempfn);
         JzipAdd(fullfn, tempfn, zipfile, compression_level);
 
         /* Loop through all files & subdirectories, add to archive */
         foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
                  (void *)NULL)
             ;
     }
@@ -101,20 +99,18 @@ SignArchive(char *tree, char *keyName, c
     /* sf to zip */
     sprintf(tempfn, "META-INF/%s.sf", base);
     sprintf(fullfn, "%s/%s", tree, tempfn);
     JzipAdd(fullfn, tempfn, zipfile, compression_level);
 
     /* Add the rsa/dsa file to the zip archive normally */
     if (!xpi_arc) {
         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
-                                                                   "dsa"
-                                                                   :
-                                                                   "rsa"));
+        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
+                                                                   : "rsa"));
         sprintf(fullfn, "%s/%s", tree, tempfn);
         JzipAdd(fullfn, tempfn, zipfile, compression_level);
     }
 
     JzipClose(zipfile);
 
     if (verbosity >= 0) {
         if (javascript) {
@@ -166,18 +162,17 @@ sign_all_arc_fn(char *relpath, char *bas
 {
     char *zipfile = NULL;
     char *arc = NULL, *archive = NULL;
     int retval = 0;
     SignArcInfo *infop = (SignArcInfo *)arg;
 
     /* Make sure there is one and only one ".arc" in the relative path,
      * and that it is at the end of the path (don't sign .arcs within .arcs) */
-    if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) -
-                                                4) &&
+    if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) &&
         (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4)) {
 
         if (!infop) {
             PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
             errorCount++;
             retval = -1;
             goto finish;
         }
--- a/security/nss/cmd/signtool/verify.c
+++ b/security/nss/cmd/signtool/verify.c
@@ -207,27 +207,25 @@ verify_global(JAR *jar)
                     }
 
                     globaldig = jar->globalmeta;
 
                     if (globaldig && md5_digest && verbosity >= 0) {
                         PR_fprintf(outputFD,
                                    "  md5 digest on global metainfo: %s\n",
                                    PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
-                                       ?
-                                       "no match"
+                                       ? "no match"
                                        : "match");
                     }
 
                     if (globaldig && sha1_digest && verbosity >= 0) {
                         PR_fprintf(outputFD,
                                    "  sha digest on global metainfo: %s\n",
                                    PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
-                                       ?
-                                       "no match"
+                                       ? "no match"
                                        : "match");
                     }
 
                     if (globaldig == NULL && verbosity >= 0) {
                         PR_fprintf(outputFD,
                                    "global metadigest is not available, strange.\n");
                     }
 
--- a/security/nss/cmd/signtool/zip.c
+++ b/security/nss/cmd/signtool/zip.c
@@ -154,18 +154,17 @@ JzipAdd(char *fullname, char *filename, 
     if ((readfp = PR_Open(fullname, PR_RDONLY, 0777)) == NULL) {
         char *nsprErr;
         if (PR_GetErrorTextLength()) {
             nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
             PR_GetErrorText(nsprErr);
         } else {
             nsprErr = NULL;
         }
-        PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr :
-                                                          "");
+        PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr : "");
         errorCount++;
         if (nsprErr)
             PR_Free(nsprErr);
         exit(ERRX);
     }
 
     /*
      * Make sure the input file is not the output file.
@@ -275,35 +274,33 @@ JzipAdd(char *fullname, char *filename, 
         sizeof(struct ZipLocal)) {
         char *nsprErr;
         if (PR_GetErrorTextLength()) {
             nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
             PR_GetErrorText(nsprErr);
         } else {
             nsprErr = NULL;
         }
-        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
-                                                              "");
+        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
         if (nsprErr)
             PR_Free(nsprErr);
         errorCount++;
         exit(ERRX);
     }
 
     /* File Name */
     if (PR_Write(zipfp, filename, strlen(filename)) < strlen(filename)) {
         char *nsprErr;
         if (PR_GetErrorTextLength()) {
             nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
             PR_GetErrorText(nsprErr);
         } else {
             nsprErr = NULL;
         }
-        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
-                                                              "");
+        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
         if (nsprErr)
             PR_Free(nsprErr);
         errorCount++;
         exit(ERRX);
     }
 
     /*
      * File data
--- a/security/nss/cmd/signver/signver.c
+++ b/security/nss/cmd/signver/signver.c
@@ -79,17 +79,16 @@ enum {
     cmd_DisplayAllPCKS7Info = 0,
     cmd_VerifySignedObj
 };
 
 enum {
     opt_ASCII,
     opt_CertDir,
     opt_InputDataFile,
-    opt_ItemNumber,
     opt_OutputFile,
     opt_InputSigFile,
     opt_PrintWhyFailure,
     opt_DebugInfo
 };
 
 static secuCommandFlag signver_commands[] =
     {
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -251,17 +251,18 @@ PrintParameterUsage(void)
     fprintf(stderr, "%-20s Test -F allows 0=any (default), 1=only OCSP, 2=only CRL\n", "-M");
     fprintf(stderr, "%-20s Restrict ciphers\n", "-c ciphers");
     fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y");
     fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4");
     fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
     fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
     fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
     fprintf(stderr, "%-20s Require the use of FFDHE supported groups "
-                    "[I-D.ietf-tls-negotiated-ff-dhe]\n", "-H");
+                    "[I-D.ietf-tls-negotiated-ff-dhe]\n",
+            "-H");
 }
 
 static void
 Usage(const char *progName)
 {
     PrintUsageHeader(progName);
     PrintParameterUsage();
     exit(1);
@@ -1345,16 +1346,18 @@ main(int argc, char **argv)
 
     s = SSL_ImportFD(NULL, s);
     if (s == NULL) {
         SECU_PrintError(progName, "error importing socket");
         error = 1;
         goto done;
     }
 
+    SSL_SetPKCS11PinArg(s, &pwdata);
+
     rv = SSL_OptionSet(s, SSL_SECURITY, 1);
     if (rv != SECSuccess) {
         SECU_PrintError(progName, "error enabling socket");
         error = 1;
         goto done;
     }
 
     rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, 1);
@@ -1495,18 +1498,16 @@ main(int argc, char **argv)
     rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
                        enableSignedCertTimestamps);
     if (rv != SECSuccess) {
         SECU_PrintError(progName, "error enabling signed cert timestamps");
         error = 1;
         goto done;
     }
 
-    SSL_SetPKCS11PinArg(s, &pwdata);
-
     serverCertAuth.dbHandle = CERT_GetDefaultCertDB();
 
     SSL_AuthCertificateHook(s, ownAuthCertificate, &serverCertAuth);
     if (override) {
         SSL_BadCertHook(s, ownBadCertHandler, NULL);
     }
     SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
     SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
--- a/security/nss/coreconf/OS2.mk
+++ b/security/nss/coreconf/OS2.mk
@@ -15,17 +15,17 @@ LIB_PREFIX  = $(NULL)
 # Override suffix in suffix.mk
 LIB_SUFFIX  = lib
 # the DLL_SUFFIX must be uppercase for FIPS mode to work. bugzilla 240784
 DLL_SUFFIX  = DLL
 PROG_SUFFIX = .exe
 
 
 CCC			= gcc
-LINK			= gcc
+LD  			= gcc
 AR                      = emxomfar r $@
 # Keep AR_FLAGS blank so that we do not have to change rules.mk
 AR_FLAGS                = 
 RANLIB 			= @echo OS2 RANLIB
 BSDECHO 		= @echo OS2 BSDECHO
 IMPLIB			= emximp -o
 FILTER			= emxexp -o
 
--- a/security/nss/coreconf/WIN32.mk
+++ b/security/nss/coreconf/WIN32.mk
@@ -8,27 +8,27 @@
 # and Windows 95
 #
 
 DEFAULT_COMPILER = cl
 
 ifdef NS_USE_GCC
 	CC           = gcc
 	CCC          = g++
-	LINK         = ld
+	LD           = ld
 	AR           = ar
 	AR          += cr $@
 	RANLIB       = ranlib
 	BSDECHO      = echo
 	RC           = windres.exe -O coff --use-temp-file
 	LINK_DLL      = $(CC) $(OS_DLLFLAGS) $(DLLFLAGS)
 else
 	CC           = cl
 	CCC          = cl
-	LINK         = link
+	LD           = link
         LDFLAGS += -nologo
 	AR           = lib
 	AR          += -nologo -OUT:$@
 	RANLIB       = echo
 	BSDECHO      = echo
 	RC           = rc.exe
 	MT           = mt.exe
 	# Check for clang-cl
@@ -214,28 +214,30 @@ endif
 
 ifeq (,$(filter-out x386 x86_64,$(CPU_ARCH)))
 ifdef USE_64
 	DEFINES += -D_AMD64_
 	# Use subsystem 5.02 to allow running on Windows XP.
 	ifeq ($(_MSC_VER_GE_11),1)
 		LDFLAGS += -SUBSYSTEM:CONSOLE,5.02
 	endif
+	CPU_ARCH = x86_64
 else
 	DEFINES += -D_X86_
 	# VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring
 	# SSE2. Clang-cl gets confused by -arch:IA32, so don't add it.
 	# (See https://llvm.org/bugs/show_bug.cgi?id=24335)
 	# Use subsystem 5.01 to allow running on Windows XP.
 	ifeq ($(_MSC_VER_GE_11),1)
 		ifneq ($(CLANG_CL),1)
 			OS_CFLAGS += -arch:IA32
 		endif
 		LDFLAGS += -SUBSYSTEM:CONSOLE,5.01
 	endif
+	CPU_ARCH = x386
 endif
 endif
 ifeq ($(CPU_ARCH), ALPHA)
 	DEFINES += -D_ALPHA_=1
 endif
 
 ifdef MAPFILE
 ifndef NS_USE_GCC
--- a/security/nss/coreconf/arch.mk
+++ b/security/nss/coreconf/arch.mk
@@ -201,29 +201,29 @@ ifeq (CYGWIN_NT,$(findstring CYGWIN_NT,$
 	# Cygwin's uname -m returns "i686" on a Pentium Pro machine.
 	#
 	ifneq (,$(findstring 86,$(CPU_ARCH)))
 	    CPU_ARCH = x386
 	endif
     endif
 endif
 #
-# If uname -s returns "MINGW32_NT-*", we assume that we are using
+# If uname -s returns "MINGW*_NT-*", we assume that we are using
 # the uname.exe in the MSYS toolkit.
 #
-ifeq (MINGW32_NT,$(findstring MINGW32_NT,$(OS_ARCH)))
-    OS_RELEASE := $(patsubst MINGW32_NT-%,%,$(OS_ARCH))
+ifneq (,$(filter MINGW32_NT-% MINGW64_NT-%,$(OS_ARCH)))
+    OS_RELEASE := $(patsubst MINGW64_NT-%,%,$(patsubst MINGW32_NT-%,%,$(OS_ARCH)))
     OS_ARCH = WINNT
     USE_MSYS = 1
     ifndef CPU_ARCH
 	CPU_ARCH := $(shell uname -m)
 	#
 	# MSYS's uname -m returns "i686" on a Pentium Pro machine.
 	#
-	ifneq (,$(findstring 86,$(CPU_ARCH)))
+	ifneq (,$(filter i%86,$(CPU_ARCH)))
 	    CPU_ARCH = x386
 	endif
     endif
 endif
 
 ifeq ($(OS_TARGET),Android)
 #
 # this should be  configurable from the user
--- a/security/nss/coreconf/command.mk
+++ b/security/nss/coreconf/command.mk
@@ -6,17 +6,17 @@
 #######################################################################
 # Master "Core Components" default command macros;                    #
 # can be overridden in <arch>.mk                                      #
 #######################################################################
 
 AS            = $(CC)
 ASFLAGS      += $(CFLAGS)
 CCF           = $(CC) $(CFLAGS)
-LINK_DLL      = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
+LINK_DLL      = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
 CFLAGS        = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
                 $(DEFINES) $(INCLUDES) $(XCFLAGS)
 PERL          = perl
 RANLIB        = echo
 TAR           = /bin/tar
 #
 # For purify
 #
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -212,16 +212,8 @@ DEFINES += -DSSL_DISABLE_DEPRECATED_CIPH
 # exported symbols, which causes problem when NSS is built as part of Mozilla.
 # So we add a NSS_SSL_ENABLE_ZLIB variable to allow Mozilla to turn this off.
 NSS_SSL_ENABLE_ZLIB = 1
 
 # Allow disabling PKCS11 bypass.
 ifdef NSS_NO_PKCS11_BYPASS
 DEFINES += -DNO_PKCS11_BYPASS
 endif
-
-# Allow build-time configuration of TLS 1.3 (Experimental)
-ifdef NSS_ENABLE_TLS_1_3
-ifdef NSS_DISABLE_ECC
-$(error Setting NSS_ENABLE_TLS_1_3 and NSS_DISABLE_ECC isn't a good idea.)
-endif
-DEFINES += -DNSS_ENABLE_TLS_1_3
-endif
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/coreconf/rules.mk
+++ b/security/nss/coreconf/rules.mk
@@ -359,17 +359,21 @@ ifeq (,$(filter-out OS2 AIX,$(OS_TARGET)
 # OS/2 and AIX
 NEED_ABSOLUTE_PATH := 1
 PWD := $(shell pwd)
 
 else
 # Windows
 ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
 NEED_ABSOLUTE_PATH := 1
-ifdef .PYMAKE
+# CURDIR is always an absolute path. If it doesn't start with a /, it's a
+# Windows path meaning we're running under MINGW make (as opposed to MSYS
+# make), or pymake. In both cases, it's preferable to use a Windows path,
+# so use $(CURDIR) as is.
+ifeq (,$(filter /%,$(CURDIR)))
 PWD := $(CURDIR)
 else
 PWD := $(shell pwd)
 ifeq (,$(findstring ;,$(PATH)))
 ifndef USE_MSYS
 PWD := $(subst \,/,$(shell cygpath -w $(PWD)))
 endif
 endif
@@ -377,17 +381,17 @@ endif
 
 else
 # everything else
 PWD := $(shell pwd)
 endif
 endif
 
 # The quotes allow absolute paths to contain spaces.
-core_abspath = "$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(1)),$(1),$(PWD)/$(1)))"
+core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(1)),$(1),$(PWD)/$(1)))'
 
 $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
 	@$(MAKE_OBJDIR)
 ifdef USE_NT_C_SYNTAX
 	$(CC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<)
 else
 ifdef NEED_ABSOLUTE_PATH
 	$(CC) -o $@ -c $(CFLAGS) $(call core_abspath,$<)
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/.clang-format
@@ -0,0 +1,4 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+...
--- a/security/nss/external_tests/common/scoped_ptrs.h
+++ b/security/nss/external_tests/common/scoped_ptrs.h
@@ -22,22 +22,27 @@ struct ScopedDelete {
   void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
   void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
   void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
   void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
   void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
   void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
 };
 
-template<class T>
+template <class T>
 struct ScopedMaybeDelete {
-  void operator()(T* ptr) { if (ptr) { ScopedDelete del; del(ptr); } }
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDelete del;
+      del(ptr);
+    }
+  }
 };
 
-#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped ## x
+#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
 
 SCOPED(CERTCertificate);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);
 SCOPED(SECAlgorithmID);
 SCOPED(SECItem);
 SCOPED(SECKEYPublicKey);
--- a/security/nss/external_tests/der_gtest/der_getint_unittest.cc
+++ b/security/nss/external_tests/der_gtest/der_getint_unittest.cc
@@ -1,43 +1,41 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <climits>
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
 #include "secutil.h"
-#include <memory>
-#include <climits>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 class DERIntegerDecodingTest : public ::testing::Test {
  public:
-  void TestGetInteger(long number, unsigned char *der_number, unsigned int len)
-  {
+  void TestGetInteger(long number, unsigned char *der_number,
+                      unsigned int len) {
     SECItem input = {siBuffer, der_number, len};
     EXPECT_EQ(number, DER_GetInteger(&input));
   }
 
-  void GetDerLongMax(unsigned char *der_number, unsigned int len)
-  {
+  void GetDerLongMax(unsigned char *der_number, unsigned int len) {
     der_number[0] = 0x7F;
     for (unsigned int i = 1; i < len; ++i) {
       der_number[i] = 0xFF;
     }
   }
 
-  void GetDerLongMin(unsigned char *der_number, unsigned int len)
-  {
+  void GetDerLongMin(unsigned char *der_number, unsigned int len) {
     der_number[0] = 0x80;
     for (unsigned int i = 1; i < len; ++i) {
       der_number[i] = 0x00;
     }
   }
 };
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMinus126) {
@@ -75,39 +73,38 @@ TEST_F(DERIntegerDecodingTest, DecodeLon
   unsigned char der[sizeof(long)];
   GetDerLongMin(der, sizeof(long));
   TestGetInteger(LONG_MIN, der, sizeof(der));
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMaxMinus1) {
   unsigned char der[sizeof(long)];
   GetDerLongMax(der, sizeof(long));
-  der[sizeof(long)-1] = 0xFE;
-  TestGetInteger(LONG_MAX-1, der, sizeof(der));
+  der[sizeof(long) - 1] = 0xFE;
+  TestGetInteger(LONG_MAX - 1, der, sizeof(der));
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMinPlus1) {
   unsigned char der[sizeof(long)];
   GetDerLongMin(der, sizeof(long));
-  der[sizeof(long)-1] = 0x01;
-  TestGetInteger(LONG_MIN+1, der, sizeof(der));
+  der[sizeof(long) - 1] = 0x01;
+  TestGetInteger(LONG_MIN + 1, der, sizeof(der));
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMinMinus1) {
-  unsigned char der[sizeof(long)+1];
-  GetDerLongMax(der, sizeof(long)+1);
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMax(der, sizeof(long) + 1);
   der[0] = 0xFF;
   der[1] = 0x7F;
   TestGetInteger(LONG_MIN, der, sizeof(der));
   EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
 }
 
 TEST_F(DERIntegerDecodingTest, DecodeLongMaxPlus1) {
-  unsigned char der[sizeof(long)+1];
-  GetDerLongMin(der, sizeof(long)+1);
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMin(der, sizeof(long) + 1);
   der[0] = 0x00;
   der[1] = 0x80;
   TestGetInteger(LONG_MAX, der, sizeof(der));
   EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/manifest.mn
+++ b/security/nss/external_tests/manifest.mn
@@ -7,9 +7,10 @@ DEPTH      = ..
 
 DIRS = \
 	google_test \
 	common \
 	der_gtest \
 	util_gtest \
 	pk11_gtest \
 	ssl_gtest \
+        nss_bogo_shim \
 	$(NULL)
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/Makefile
@@ -0,0 +1,52 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+CXXFLAGS += -std=c++0x
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/ssl
+
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/config.cc
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <queue>
+#include <string>
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args,
+                                    std::string *out) {
+  if (args->empty()) return false;
+  *out = args->front();
+  args->pop();
+  return true;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, int *out) {
+  if (args->empty()) return false;
+
+  char *endptr;
+  *out = strtol(args->front(), &endptr, 10);
+  args->pop();
+
+  return !*endptr;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, bool *out) {
+  *out = true;
+  return true;
+}
+
+std::string Config::XformFlag(const std::string &arg) {
+  if (arg.empty()) return "";
+
+  if (arg[0] != '-') return "";
+
+  return arg.substr(1);
+}
+
+Config::Status Config::ParseArgs(int argc, char **argv) {
+  std::queue<const char *> args;
+  for (int i = 1; i < argc; ++i) {
+    args.push(argv[i]);
+  }
+  while (!args.empty()) {
+    auto e = entries_.find(XformFlag(args.front()));
+    args.pop();
+    if (e == entries_.end()) {
+      return kUnknownFlag;
+    }
+    if (!e->second->Parse(&args)) return kMalformedArgument;
+  }
+
+  return kOK;
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/config.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Generic command line flags system for NSS BoGo shim.  This class
+// could actually in principle handle other programs. The flags are
+// defined in the consumer code.
+
+#ifndef config_h_
+#define config_h_
+
+#include <cassert>
+
+#include <iostream>
+#include <map>
+#include <queue>
+#include <string>
+#include <typeinfo>
+
+// Abstract base class for a given config flag.
+class ConfigEntryBase {
+ public:
+  ConfigEntryBase(const std::string& name, const std::string& type)
+      : name_(name), type_(type) {}
+
+  const std::string& type() const { return type_; }
+  virtual bool Parse(std::queue<const char*>* args) = 0;
+
+ protected:
+  bool ParseInternal(std::queue<const char*>* args, std::string* out);
+  bool ParseInternal(std::queue<const char*>* args, int* out);
+  bool ParseInternal(std::queue<const char*>* args, bool* out);
+
+  const std::string name_;
+  const std::string type_;
+};
+
+// Template specializations for the concrete flag types.
+template <typename T>
+class ConfigEntry : public ConfigEntryBase {
+ public:
+  ConfigEntry(const std::string& name, T init)
+      : ConfigEntryBase(name, typeid(T).name()), value_(init) {}
+  T get() const { return value_; }
+
+  bool Parse(std::queue<const char*>* args) {
+    return ParseInternal(args, &value_);
+  }
+
+ private:
+  T value_;
+};
+
+// The overall configuration (I.e., the total set of flags).
+class Config {
+ public:
+  enum Status { kOK, kUnknownFlag, kMalformedArgument, kMissingValue };
+
+  Config() : entries_() {}
+
+  template <typename T>
+  void AddEntry(const std::string& name, T init) {
+    entries_[name] = new ConfigEntry<T>(name, init);
+  }
+
+  Status ParseArgs(int argc, char** argv);
+
+  template <typename T>
+  T get(const std::string& key) const {
+    auto e = entry(key);
+    assert(e->type() == typeid(T).name());
+    return static_cast<const ConfigEntry<T>*>(e)->get();
+  }
+
+ private:
+  static std::string XformFlag(const std::string& arg);
+
+  std::map<std::string, ConfigEntryBase*> entries_;
+
+  const ConfigEntryBase* entry(const std::string& key) const {
+    auto e = entries_.find(key);
+    if (e == entries_.end()) return nullptr;
+    return e->second;
+  }
+};
+
+#endif  // config_h_
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/config.json
@@ -0,0 +1,41 @@
+{
+    "DisabledTests": {
+        "*HelloRetryRequest*":"HRR hasn't landed yet",
+        "SecondClientHelloWrongCurve":"HRR hasn't landed yet",
+        "KeyUpdate":"KeyUpdate Unimplemented",
+        "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
+        "ClientAuth-SHA1-Fallback":"Disagreement about alerts. Bug 1294975",
+        "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
+        "*SignatureType-TLS13":"SignatureScheme patch",
+        "ECDSACurveMismatch-Verify-TLS13":"SignatureScheme patch",
+        "ServerAuth-NoFallback-TLS13":"PSS",
+        "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
+        "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
+        "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
+        "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
+        "*VersionTolerance":"BoGo expects us to negotiate 1.3 but we negotiate 1.2 because BoGo didn't send draft version",
+        "*SSL3*":"NSS disables SSLv3",
+        "*SSLv3*":"NSS disables SSLv3",
+        "*AES256*":"Inconsistent support for AES256",
+        "*AES128-SHA256*":"No support for Suite B ciphers",
+        "*CHACHA20-POLY1305-OLD*":"Old ChaCha/Poly",
+        "DuplicateExtension*":"NSS sends unexpected_extension alert",
+        "WeakDH":"NSS supports 768-bit DH",
+        "SillyDH":"NSS supports 4097-bit DH",
+        "SendWarningAlerts":"This appears to be Boring-specific",
+        "V2ClientHello-WarningAlertPrefix":"Bug 1292893",
+        "TLS12-AES128-GCM-client":"Bug 1292895",
+        "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895",
+        "Renegotiate-Client-Forbidden-1":"Bug 1292898",
+        "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default",
+        "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default",
+        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default"
+    },
+    "ErrorMap" : {
+        ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP"
+    }
+}
+
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/manifest.mn
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      config.cc \
+      nsskeys.cc \
+      nss_bogo_shim.cc \
+      $(NULL)
+
+REQUIRES = nspr nss libdbm
+
+PROGRAM = nss_bogo_shim
+#EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
+
+USE_STATIC_LIBS = 1
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
@@ -0,0 +1,314 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <iostream>
+#include <memory>
+#include "nspr.h"
+#include "nss.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "nsskeys.h"
+
+std::string FormatError(PRErrorCode code) {
+  return std::string(":") + PORT_ErrorToName(code) + ":" + ":" +
+         PORT_ErrorToString(code);
+}
+
+class TestAgent {
+ public:
+  TestAgent(const Config& cfg)
+      : cfg_(cfg),
+        pr_fd_(nullptr),
+        ssl_fd_(nullptr),
+        cert_(nullptr),
+        key_(nullptr) {}
+
+  ~TestAgent() {
+    if (pr_fd_) {
+      PR_Close(pr_fd_);
+    }
+
+    if (ssl_fd_) {
+      PR_Close(ssl_fd_);
+    }
+
+    if (key_) {
+      SECKEY_DestroyPrivateKey(key_);
+    }
+
+    if (cert_) {
+      CERT_DestroyCertificate(cert_);
+    }
+  }
+
+  static std::unique_ptr<TestAgent> Create(const Config& cfg) {
+    std::unique_ptr<TestAgent> agent(new TestAgent(cfg));
+
+    if (!agent->Init()) return nullptr;
+
+    return agent;
+  }
+
+  bool Init() {
+    if (!ConnectTcp()) {
+      return false;
+    }
+
+    if (!SetupKeys()) {
+      std::cerr << "Couldn't set up keys/certs\n";
+      return false;
+    }
+
+    if (!SetupOptions()) {
+      std::cerr << "Couldn't configure socket\n";
+      return false;
+    }
+
+    SECStatus rv = SSL_ResetHandshake(ssl_fd_, cfg_.get<bool>("server"));
+    if (rv != SECSuccess) return false;
+
+    return true;
+  }
+
+  bool ConnectTcp() {
+    PRStatus prv;
+    PRNetAddr addr;
+
+    prv = PR_StringToNetAddr("127.0.0.1", &addr);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+    addr.inet.port = PR_htons(cfg_.get<int>("port"));
+
+    pr_fd_ = PR_OpenTCPSocket(addr.raw.family);
+    if (!pr_fd_) return false;
+
+    prv = PR_Connect(pr_fd_, &addr, PR_INTERVAL_NO_TIMEOUT);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+
+    ssl_fd_ = SSL_ImportFD(NULL, pr_fd_);
+    if (!ssl_fd_) return false;
+    pr_fd_ = nullptr;
+
+    return true;
+  }
+
+  bool SetupKeys() {
+    SECStatus rv;
+
+    if (cfg_.get<std::string>("key-file") != "") {
+      key_ = ReadPrivateKey(cfg_.get<std::string>("key-file"));
+      if (!key_) exit(89);  // Temporary to handle our inability to handle ECDSA
+    }
+    if (cfg_.get<std::string>("cert-file") != "") {
+      cert_ = ReadCertificate(cfg_.get<std::string>("cert-file"));
+      if (!cert_) return false;
+    }
+    if (cfg_.get<bool>("server")) {
+      // Server
+      rv = SSL_ConfigServerCert(ssl_fd_, cert_, key_, nullptr, 0);
+      if (rv != SECSuccess) {
+        std::cerr << "Couldn't configure server cert\n";
+        return false;
+      }
+      rv = SSL_ConfigServerSessionIDCache(1024, 0, 0, ".");
+      if (rv != SECSuccess) {
+        std::cerr << "Couldn't configure session cache\n";
+        return false;
+      }
+    } else {
+      // Client.
+
+      // Needed because server certs are not entirely valid.
+      rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, this);
+      if (rv != SECSuccess) return false;
+
+      if (key_ && cert_) {
+        rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, this);
+        if (rv != SECSuccess) return false;
+      }
+    }
+
+    return true;
+  }
+
+  bool SetupOptions() {
+    SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    SSLVersionRange vrange = {SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_3};
+    rv = SSL_VersionRangeSet(ssl_fd_, &vrange);
+    if (rv != SECSuccess) return false;
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE, false);
+    if (rv != SECSuccess) return false;
+
+    if (!cfg_.get<bool>("server")) {
+      // Needed to make resumption work.
+      rv = SSL_SetURL(ssl_fd_, "server");
+      if (rv != SECSuccess) return false;
+    }
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    if (!EnableNonExportCiphers()) return false;
+
+    return true;
+  }
+
+  bool EnableNonExportCiphers() {
+    for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+      SSLCipherSuiteInfo csinfo;
+
+      SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                            sizeof(csinfo));
+      if (rv != SECSuccess) return false;
+      if (!csinfo.isExportable) {
+        rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
+        if (rv != SECSuccess) {
+          return false;
+        }
+      }
+    }
+    return true;
+  }
+
+  // Dummy auth certificate hook.
+  static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    return SECSuccess;
+  }
+
+  static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                         CERTDistNames* caNames,
+                                         CERTCertificate** cert,
+                                         SECKEYPrivateKey** privKey) {
+    TestAgent* a = static_cast<TestAgent*>(self);
+    *cert = CERT_DupCertificate(a->cert_);
+    *privKey = SECKEY_CopyPrivateKey(a->key_);
+    return SECSuccess;
+  }
+
+  SECStatus Handshake() { return SSL_ForceHandshake(ssl_fd_); }
+
+  // Implement a trivial echo client/server. Read bytes from the other side,
+  // flip all the bits, and send them back.
+  SECStatus ReadWrite() {
+    for (;;) {
+      uint8_t block[512];
+      int32_t rv = PR_Read(ssl_fd_, block, sizeof(block));
+      if (rv < 0) {
+        std::cerr << "Failure reading\n";
+        return SECFailure;
+      }
+      if (rv == 0) return SECSuccess;
+
+      int32_t len = rv;
+      for (int32_t i = 0; i < len; ++i) {
+        block[i] ^= 0xff;
+      }
+
+      rv = PR_Write(ssl_fd_, block, len);
+      if (rv != len) {
+        std::cerr << "Write failure\n";
+        return SECFailure;
+      }
+    }
+    return SECSuccess;
+  }
+
+  SECStatus DoExchange() {
+    SECStatus rv = Handshake();
+    if (rv != SECSuccess) {
+      PRErrorCode err = PR_GetError();
+      std::cerr << "Handshake failed with error=" << err << FormatError(err)
+                << std::endl;
+      return SECFailure;
+    }
+
+    rv = ReadWrite();
+    if (rv != SECSuccess) {
+      PRErrorCode err = PR_GetError();
+      std::cerr << "ReadWrite failed with error=" << FormatError(err)
+                << std::endl;
+      return SECFailure;
+    }
+
+    return SECSuccess;
+  }
+
+ private:
+  const Config& cfg_;
+  PRFileDesc* pr_fd_;
+  PRFileDesc* ssl_fd_;
+  CERTCertificate* cert_;
+  SECKEYPrivateKey* key_;
+};
+
+std::unique_ptr<const Config> ReadConfig(int argc, char** argv) {
+  std::unique_ptr<Config> cfg(new Config());
+
+  cfg->AddEntry<int>("port", 0);
+  cfg->AddEntry<bool>("server", false);
+  cfg->AddEntry<bool>("resume", false);
+  cfg->AddEntry<std::string>("key-file", "");
+  cfg->AddEntry<std::string>("cert-file", "");
+
+  auto rv = cfg->ParseArgs(argc, argv);
+  switch (rv) {
+    case Config::kOK:
+      break;
+    case Config::kUnknownFlag:
+      exit(89);
+      break;
+    default:
+      exit(1);
+  }
+
+  // Needed to change to std::unique_ptr<const Config>
+  return std::move(cfg);
+}
+
+void RunCycle(std::unique_ptr<const Config>& cfg) {
+  std::unique_ptr<TestAgent> agent(TestAgent::Create(*cfg));
+  if (!agent) {
+    exit(1);
+  }
+
+  SECStatus rv = agent->DoExchange();
+  if (rv) {
+    exit(1);
+  }
+}
+
+int main(int argc, char** argv) {
+  std::unique_ptr<const Config> cfg = ReadConfig(argc, argv);
+
+  SECStatus rv = NSS_NoDB_Init(nullptr);
+  if (rv != SECSuccess) return 1;
+  rv = NSS_SetDomesticPolicy();
+  if (rv != SECSuccess) return 1;
+
+  // Run a single test cycle.
+  RunCycle(cfg);
+
+  if (cfg->get<bool>("resume")) {
+    std::cout << "Resuming" << std::endl;
+    RunCycle(cfg);
+  }
+
+  exit(0);
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/nsskeys.cc
@@ -0,0 +1,84 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsskeys.h"
+
+#include <cstring>
+
+#include <fstream>
+#include <iostream>
+#include <string>
+
+#include "cert.h"
+#include "keyhi.h"
+#include "nspr.h"
+#include "nss.h"
+#include "nssb64.h"
+#include "pk11pub.h"
+
+const std::string kPEMBegin = "-----BEGIN ";
+const std::string kPEMEnd = "-----END ";
+
+// Read a PEM file, base64 decode it, and return the result.
+static bool ReadPEMFile(const std::string& filename, SECItem* item) {
+  std::ifstream in(filename);
+  if (in.bad()) return false;
+
+  char buf[1024];
+  in.getline(buf, sizeof(buf));
+  if (in.bad()) return false;
+
+  if (strncmp(buf, kPEMBegin.c_str(), kPEMBegin.size())) return false;
+
+  std::string value = "";
+  for (;;) {
+    in.getline(buf, sizeof(buf));
+    if (in.bad()) return false;
+
+    if (!strncmp(buf, kPEMEnd.c_str(), kPEMEnd.size())) break;
+
+    value += buf;
+  }
+
+  // Now we have a base64-encoded block.
+  if (!NSSBase64_DecodeBuffer(nullptr, item, value.c_str(), value.size()))
+    return false;
+
+  return true;
+}
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+  SECKEYPrivateKey* privkey = NULL;
+  PK11SlotInfo* slot = PK11_GetInternalSlot();
+  SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+      slot, &item, nullptr, nullptr, PR_FALSE, PR_FALSE,
+      KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE,
+      &privkey, nullptr);
+  PK11_FreeSlot(slot);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  if (rv != SECSuccess) {
+    // This is probably due to this being an ECDSA key (Bug 1295121).
+    std::cerr << "Couldn't import key " << PORT_ErrorToString(PORT_GetError())
+              << "\n";
+    return nullptr;
+  }
+
+  return privkey;
+}
+
+CERTCertificate* ReadCertificate(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+
+  CERTCertificate* cert = CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &item, NULL, PR_FALSE, PR_TRUE);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  return cert;
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/nss_bogo_shim/nsskeys.h
@@ -0,0 +1,20 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Utilities to pull in OpenSSL-formatted keys.
+
+#ifndef nsskeys_h_
+#define nsskeys_h_
+
+#include "cert.h"
+#include "keyhi.h"
+
+#include <string>
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file);
+CERTCertificate* ReadCertificate(const std::string& file);
+
+#endif
--- a/security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
@@ -1,128 +1,103 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 // Test vectors from https://tools.ietf.org/html/rfc3394#section-4.1 to 4.6
-unsigned char kKEK1[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
+unsigned char kKEK1[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
 
-unsigned char kKD1[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
-};
+unsigned char kKD1[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
 
-unsigned char kC1[] = {
-  0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
-  0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
-  0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
-};
+unsigned char kC1[] = {0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
+                       0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
+                       0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5};
 
-unsigned char kKEK2[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
-};
+unsigned char kKEK2[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17};
 
-unsigned char kC2[] = {
-  0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
-  0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
-  0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
-};
+unsigned char kC2[] = {0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
+                       0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
+                       0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D};
 
-unsigned char kKEK3[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
-};
+unsigned char kKEK3[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                         0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
 
-unsigned char kC3[] = {
-  0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
-  0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
-  0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
-};
+unsigned char kC3[] = {0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
+                       0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
+                       0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7};
 
-unsigned char kKD4[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
-};
+unsigned char kKD4[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
 
-unsigned char kC4[] = {
-  0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
-  0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
-  0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
-  0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
-};
+unsigned char kC4[] = {0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
+                       0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
+                       0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
+                       0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2};
 
-unsigned char kC5[] = {
-  0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
-  0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
-  0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
-  0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
-};
+unsigned char kC5[] = {0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
+                       0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
+                       0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
+                       0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1};
 
-unsigned char kKD6[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
+unsigned char kKD6[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
 
-unsigned char kC6[] = {
-  0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
-  0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
-  0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
-  0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
-  0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
-};
+unsigned char kC6[] = {0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
+                       0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
+                       0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
+                       0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
+                       0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21};
 
 class Pkcs11AESKeyWrapTest : public ::testing::Test {
  protected:
   CK_MECHANISM_TYPE mechanism = CKM_NSS_AES_KEY_WRAP;
 
-  void
-  WrapUnwrap(unsigned char* kek, unsigned int kekLen, unsigned char* keyData,
-             unsigned int keyDataLen, unsigned char* expectedCiphertext)
-  {
+  void WrapUnwrap(unsigned char* kek, unsigned int kekLen,
+                  unsigned char* keyData, unsigned int keyDataLen,
+                  unsigned char* expectedCiphertext) {
     unsigned char wrappedKey[40];
     unsigned int wrappedKeyLen;
     unsigned char unwrappedKey[40];
     unsigned int unwrappedKeyLen = 0;
     SECStatus rv;
 
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     ASSERT_NE(nullptr, slot);
 
     // Import encryption key.
-    SECItem keyItem = { siBuffer, kek, kekLen };
-    ScopedPK11SymKey encryptionKey(PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP,
-                                                     PK11_OriginUnwrap, CKA_ENCRYPT,
-                                                     &keyItem, nullptr));
+    SECItem keyItem = {siBuffer, kek, kekLen};
+    ScopedPK11SymKey encryptionKey(
+        PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP, PK11_OriginUnwrap,
+                          CKA_ENCRYPT, &keyItem, nullptr));
     EXPECT_TRUE(!!encryptionKey);
 
     // Wrap key
     rv = PK11_Encrypt(encryptionKey.get(), mechanism, nullptr /* param */,
-                      wrappedKey, &wrappedKeyLen, sizeof(wrappedKey),
-                      keyData, keyDataLen);
+                      wrappedKey, &wrappedKeyLen, sizeof(wrappedKey), keyData,
+                      keyDataLen);
     EXPECT_EQ(rv, SECSuccess) << "CKM_NSS_AES_KEY_WRAP encrypt failed";
     EXPECT_TRUE(!memcmp(expectedCiphertext, wrappedKey, wrappedKeyLen));
 
     // Unwrap key
     rv = PK11_Decrypt(encryptionKey.get(), mechanism, nullptr /* param */,
                       unwrappedKey, &unwrappedKeyLen, sizeof(unwrappedKey),
                       wrappedKey, wrappedKeyLen);
     EXPECT_EQ(rv, SECSuccess) << " CKM_NSS_AES_KEY_WRAP decrypt failed\n";
--- a/security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -1,140 +1,134 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
 #include "sechash.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 // ChaCha20/Poly1305 Test Vector 1, RFC 7539
 // <http://tools.ietf.org/html/rfc7539#section-2.8.2>
 const uint8_t kTestVector1Data[] = {
-  0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65,
-  0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68,
-  0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39,
-  0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, 0x6f, 0x75, 0x6c, 0x64,
-  0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, 0x6e,
-  0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f,
-  0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c,
-  0x20, 0x73, 0x75, 0x6e, 0x73, 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
-  0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e
-};
-const uint8_t kTestVector1AAD[] = {
-  0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7
-};
+    0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
+    0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+    0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
+    0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+    0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+    0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+    0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
+    0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+    0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+    0x62, 0x65, 0x20, 0x69, 0x74, 0x2e};
+const uint8_t kTestVector1AAD[] = {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1,
+                                   0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7};
 const uint8_t kTestVector1Key[] = {
-  0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c,
-  0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99,
-  0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
-};
-const uint8_t kTestVector1IV[] = {
-  0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47
-};
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+    0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+    0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f};
+const uint8_t kTestVector1IV[] = {0x07, 0x00, 0x00, 0x00, 0x40, 0x41,
+                                  0x42, 0x43, 0x44, 0x45, 0x46, 0x47};
 const uint8_t kTestVector1CT[] = {
-  0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53,
-  0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, 0xa9, 0xe2,
-  0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67,
-  0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, 0x1a, 0x71, 0xde, 0x0a,
-  0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, 0x92,
-  0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09,
-  0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80,
-  0x8b, 0x48, 0x31, 0xd7, 0xbc, 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
-  0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b,
-  0x59, 0x4f, 0x09, 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
-};
+    0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
+    0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+    0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
+    0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+    0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
+    0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+    0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
+    0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+    0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
+    0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+    0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91};
 
 // ChaCha20/Poly1305 Test Vector 2, RFC 7539
 // <http://tools.ietf.org/html/rfc7539#appendix-A.5>
 const uint8_t kTestVector2Data[] = {
-  0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, 0x66,
-  0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, 0x74, 0x20,
-  0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c,
-  0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, 0x6d, 0x61, 0x78, 0x69,
-  0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d, 0x6f,
-  0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20,
-  0x62, 0x65, 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72,
-  0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
-  0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f,
-  0x74, 0x68, 0x65, 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
-  0x73, 0x20, 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65,
-  0x2e, 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
-  0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x75,
-  0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44,
-  0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, 0x65, 0x66, 0x65,
-  0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
-  0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, 0x63, 0x69, 0x74, 0x65, 0x20,
-  0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, 0x74, 0x68,
-  0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72,
-  0x6b, 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73,
-  0x2e, 0x2f, 0xe2, 0x80, 0x9d
-};
-const uint8_t kTestVector2AAD[] = {
-  0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91
-};
+    0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
+    0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
+    0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
+    0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73,
+    0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
+    0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64,
+    0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
+    0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c,
+    0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
+    0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
+    0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
+    0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
+    0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
+    0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
+    0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74,
+    0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
+    0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74,
+    0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
+    0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20,
+    0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
+    0x9d};
+const uint8_t kTestVector2AAD[] = {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00,
+                                   0x00, 0x00, 0x00, 0x00, 0x4e, 0x91};
 const uint8_t kTestVector2Key[] = {
-  0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88, 0x86, 0x04,
-  0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, 0x9d, 0xca,
-  0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
-};
-const uint8_t kTestVector2IV[] = {
-  0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
-};
+    0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88,
+    0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b,
+    0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0};
+const uint8_t kTestVector2IV[] = {0x00, 0x00, 0x00, 0x00, 0x01, 0x02,
+                                  0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
 const uint8_t kTestVector2CT[] = {
-  0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7, 0x9b,
-  0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, 0xf1, 0x08,
-  0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43,
-  0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, 0xbd, 0xb7, 0xb7, 0x3c,
-  0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf, 0x33,
-  0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b,
-  0x94, 0x81, 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82,
-  0xb1, 0xff, 0x37, 0xc8, 0x55, 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
-  0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a,
-  0x7c, 0x02, 0xb0, 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16,
-  0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4,
-  0xe9, 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
-  0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, 0x5b,
-  0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56,
-  0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, 0x0b, 0xb2, 0x31,
-  0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
-  0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, 0x73, 0xa6, 0x72, 0x76, 0x27,
-  0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68,
-  0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04,
-  0xdf, 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4,
-  0x02, 0x2b, 0x02, 0x70, 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
-  0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
-};
+    0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7,
+    0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
+    0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18,
+    0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
+    0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f,
+    0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
+    0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e,
+    0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
+    0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e,
+    0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
+    0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76,
+    0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
+    0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
+    0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
+    0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04,
+    0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
+    0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6,
+    0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
+    0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9,
+    0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
+    0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d,
+    0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
+    0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36,
+    0xfe, 0xa1, 0x85, 0x1f, 0x38};
 
 class Pkcs11ChaCha20Poly1305Test : public ::testing::Test {
  public:
-  void EncryptDecrypt(PK11SymKey* symKey,
-                      const uint8_t* data, size_t data_len,
-                      const uint8_t* aad, size_t aad_len,
-                      const uint8_t* iv, size_t iv_len,
-                      const uint8_t* ct = nullptr, size_t ct_len = 0)
-  {
+  void EncryptDecrypt(PK11SymKey* symKey, const uint8_t* data, size_t data_len,
+                      const uint8_t* aad, size_t aad_len, const uint8_t* iv,
+                      size_t iv_len, const uint8_t* ct = nullptr,
+                      size_t ct_len = 0) {
     // Prepare AEAD params.
     CK_NSS_AEAD_PARAMS aead_params;
     aead_params.pNonce = toUcharPtr(iv);
     aead_params.ulNonceLen = iv_len;
     aead_params.pAAD = toUcharPtr(aad);
     aead_params.ulAADLen = aad_len;
     aead_params.ulTagLen = 16;
 
-    SECItem params = { siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
-                       sizeof(aead_params) };
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                      sizeof(aead_params)};
 
     // Encrypt.
     unsigned int outputLen = 0;
     std::vector<uint8_t> output(data_len + aead_params.ulTagLen);
     SECStatus rv = PK11_Encrypt(symKey, mech, &params, &output[0], &outputLen,
                                 output.size(), data, data_len);
     EXPECT_EQ(rv, SECSuccess);
 
@@ -197,52 +191,45 @@ class Pkcs11ChaCha20Poly1305Test : publi
       bogusAAD[0] ^= 0xff;
 
       rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
                         &decryptedLen, data_len, &output[0], outputLen);
       EXPECT_NE(rv, SECSuccess);
     }
   }
 
-  void EncryptDecrypt(const uint8_t* key, size_t key_len,
-                      const uint8_t* data, size_t data_len,
-                      const uint8_t* aad, size_t aad_len,
-                      const uint8_t* iv, size_t iv_len,
-                      const uint8_t* ct, size_t ct_len)
-  {
+  void EncryptDecrypt(const uint8_t* key, size_t key_len, const uint8_t* data,
+                      size_t data_len, const uint8_t* aad, size_t aad_len,
+                      const uint8_t* iv, size_t iv_len, const uint8_t* ct,
+                      size_t ct_len) {
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
-    SECItem keyItem = { siBuffer, toUcharPtr(key),
-                        static_cast<unsigned int>(key_len) };
+    SECItem keyItem = {siBuffer, toUcharPtr(key),
+                       static_cast<unsigned int>(key_len)};
 
     // Import key.
-    ScopedPK11SymKey symKey(PK11_ImportSymKey(slot.get(), mech,
-                                              PK11_OriginUnwrap, CKA_ENCRYPT,
-                                              &keyItem, nullptr));
+    ScopedPK11SymKey symKey(PK11_ImportSymKey(
+        slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
     EXPECT_TRUE(!!symKey);
 
     // Check.
     EncryptDecrypt(symKey.get(), data, data_len, aad, aad_len, iv, iv_len, ct,
                    ct_len);
   }
 
  protected:
   CK_MECHANISM_TYPE mech = CKM_NSS_CHACHA20_POLY1305;
 
   unsigned char* toUcharPtr(const uint8_t* v) {
-    return const_cast<unsigned char*>(
-      static_cast<const unsigned char*>(v));
+    return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
   }
 };
 
-#define ENCRYPT_DECRYPT(v) \
-  EncryptDecrypt(v ## Key, sizeof(v ## Key), \
-                 v ## Data, sizeof(v ## Data), \
-                 v ## AAD, sizeof(v ## AAD), \
-                 v ## IV, sizeof(v ## IV), \
-                 v ## CT, sizeof(v ## CT));
+#define ENCRYPT_DECRYPT(v)                                                 \
+  EncryptDecrypt(v##Key, sizeof(v##Key), v##Data, sizeof(v##Data), v##AAD, \
+                 sizeof(v##AAD), v##IV, sizeof(v##IV), v##CT, sizeof(v##CT));
 
 TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) {
   // Generate a random key.
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   ScopedPK11SymKey symKey(PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr));
   EXPECT_TRUE(!!symKey);
 
   // Generate random data.
@@ -269,9 +256,8 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, Check
   ENCRYPT_DECRYPT(kTestVector1);
 }
 
 TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector2) {
   ENCRYPT_DECRYPT(kTestVector2);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
@@ -1,32 +1,31 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 static unsigned char* ToUcharPtr(std::string& str) {
   return const_cast<unsigned char*>(
-    reinterpret_cast<const unsigned char*>(str.c_str()));
+      reinterpret_cast<const unsigned char*>(str.c_str()));
 }
 
 class Pkcs11Pbkdf2Test : public ::testing::Test {
  public:
-  void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg)
-  {
+  void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg) {
     // Shared between test vectors.
     const unsigned int iterations = 4096;
     std::string pass("passwordPASSWORDpassword");
     std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
 
     // Derivation must succeed with the right values.
     EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations));
 
@@ -44,57 +43,54 @@ class Pkcs11Pbkdf2Test : public ::testin
 
     // Derivation must fail when using the wrong number of iterations.
     EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1));
   }
 
  private:
   bool DeriveBytes(std::string& pass, std::string& salt,
                    std::vector<uint8_t>& derived, SECOidTag hash_alg,
-                   unsigned int iterations)
-  {
-    SECItem passItem = { siBuffer, ToUcharPtr(pass),
-                         static_cast<unsigned int>(pass.length()) };
-    SECItem saltItem = { siBuffer, ToUcharPtr(salt),
-                         static_cast<unsigned int>(salt.length()) };
+                   unsigned int iterations) {
+    SECItem passItem = {siBuffer, ToUcharPtr(pass),
+                        static_cast<unsigned int>(pass.length())};
+    SECItem saltItem = {siBuffer, ToUcharPtr(salt),
+                        static_cast<unsigned int>(salt.length())};
 
     // Set up PBKDF2 params.
     ScopedSECAlgorithmID alg_id(
-      PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
-                                  derived.size(), iterations, &saltItem));
+        PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
+                                    derived.size(), iterations, &saltItem));
 
     // Derive.
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     ScopedPK11SymKey symKey(
-      PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
+        PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
 
     SECStatus rv = PK11_ExtractKeyValue(symKey.get());
     EXPECT_EQ(rv, SECSuccess);
 
     SECItem* keyData = PK11_GetKeyData(symKey.get());
     return !memcmp(&derived[0], keyData->data, keyData->len);
   }
 };
 
 // RFC 6070 <http://tools.ietf.org/html/rfc6070>
 TEST_F(Pkcs11Pbkdf2Test, DeriveKnown1) {
-  std::vector<uint8_t> derived = {
-    0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 0x80, 0xc8, 0xd8, 0x36,
-    0x62, 0xc0, 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 0x38
-  };
+  std::vector<uint8_t> derived = {0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84,
+                                  0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0,
+                                  0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c,
+                                  0xf2, 0xf0, 0x70, 0x38};
 
   Derive(derived, SEC_OID_HMAC_SHA1);
 }
 
 // https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
 TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) {
   std::vector<uint8_t> derived = {
-    0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8,
-    0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
-    0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, 0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c,
-    0x7d, 0xac, 0x47, 0xe9
-  };
+      0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8,
+      0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e,
+      0xbc, 0x18, 0x00, 0x18, 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd,
+      0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9};
 
   Derive(derived, SEC_OID_HMAC_SHA256);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
@@ -1,200 +1,189 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 
 namespace nss_test {
 
 const size_t kPmsSize = 48;
 const size_t kMasterSecretSize = 48;
 const size_t kPrfSeedSizeSha256 = 32;
 const size_t kPrfSeedSizeTlsPrf = 36;
 
 // This is not the right size for anything
 const size_t kIncorrectSize = 17;
 
 const uint8_t kPmsData[] = {
-  0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
-  0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
-  0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
-  0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
-  0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,
-  0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f
-};
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
 
 const uint8_t kPrfSeed[] = {
-  0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
-  0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
-  0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,
-  0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,
-  0xd0,0xd1,0xd2,0xd3
-};
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3};
 
 const uint8_t kExpectedOutputEmsSha256[] = {
-  0x75,0xa7,0xa5,0x98,0xef,0xab,0x90,0xe7,
-  0x7c,0x67,0x80,0xde,0xab,0x3a,0x11,0xf3,
-  0x5d,0xb2,0xf8,0x47,0xff,0x09,0x01,0xec,
-  0xf8,0x93,0x89,0xfc,0x98,0x2e,0x6e,0xf9,
-  0x2c,0xf5,0x9b,0x04,0x04,0x6f,0xd7,0x28,
-  0x6e,0xea,0xe3,0x83,0xc4,0x4a,0xff,0x03
-};
+    0x75, 0xa7, 0xa5, 0x98, 0xef, 0xab, 0x90, 0xe7, 0x7c, 0x67, 0x80, 0xde,
+    0xab, 0x3a, 0x11, 0xf3, 0x5d, 0xb2, 0xf8, 0x47, 0xff, 0x09, 0x01, 0xec,
+    0xf8, 0x93, 0x89, 0xfc, 0x98, 0x2e, 0x6e, 0xf9, 0x2c, 0xf5, 0x9b, 0x04,
+    0x04, 0x6f, 0xd7, 0x28, 0x6e, 0xea, 0xe3, 0x83, 0xc4, 0x4a, 0xff, 0x03};
 
 const uint8_t kExpectedOutputEmsTlsPrf[] = {
-  0x06,0xbf,0x29,0x86,0x5d,0xf3,0x3e,0x38,
-  0xfd,0xfa,0x91,0x10,0x2a,0x20,0xff,0xd6,
-  0xb9,0xd5,0x72,0x5a,0x6d,0x42,0x20,0x16,
-  0xde,0xa4,0xa0,0x51,0xe5,0x53,0xc1,0x28,
-  0x04,0x99,0xbc,0xb1,0x2c,0x9d,0xe8,0x0b,
-  0x18,0xa2,0x0e,0x48,0x52,0x8d,0x61,0x13
-};
+    0x06, 0xbf, 0x29, 0x86, 0x5d, 0xf3, 0x3e, 0x38, 0xfd, 0xfa, 0x91, 0x10,
+    0x2a, 0x20, 0xff, 0xd6, 0xb9, 0xd5, 0x72, 0x5a, 0x6d, 0x42, 0x20, 0x16,
+    0xde, 0xa4, 0xa0, 0x51, 0xe5, 0x53, 0xc1, 0x28, 0x04, 0x99, 0xbc, 0xb1,
+    0x2c, 0x9d, 0xe8, 0x0b, 0x18, 0xa2, 0x0e, 0x48, 0x52, 0x8d, 0x61, 0x13};
 
 static unsigned char* toUcharPtr(const uint8_t* v) {
-  return const_cast<unsigned char*>(
-    static_cast<const unsigned char *>(v));
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
 }
 
 class TlsPrfTest : public ::testing::Test {
  public:
   TlsPrfTest()
-    : params_({siBuffer, nullptr, 0})
-    , pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize})
-    , key_mech_(0)
-    , slot_(nullptr)
-    , pms_(nullptr)
-    , ms_(nullptr)
-    , pms_version_({0, 0}) {}
+      : params_({siBuffer, nullptr, 0}),
+        pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize}),
+        key_mech_(0),
+        slot_(nullptr),
+        pms_(nullptr),
+        ms_(nullptr),
+        pms_version_({0, 0}) {}
 
   ~TlsPrfTest() {
-    if (slot_) { PK11_FreeSlot(slot_); }
+    if (slot_) {
+      PK11_FreeSlot(slot_);
+    }
     ClearTempVars();
   }
 
   void ClearTempVars() {
-    if (pms_) { PK11_FreeSymKey(pms_); }
-    if (ms_)  { PK11_FreeSymKey(ms_);  }
+    if (pms_) {
+      PK11_FreeSymKey(pms_);
+    }
+    if (ms_) {
+      PK11_FreeSymKey(ms_);
+    }
   }
 
   void Init() {
     params_.type = siBuffer;
 
     pms_item_.type = siBuffer;
-    pms_item_.data = const_cast<unsigned char*>(
-                        static_cast<const unsigned char *>(kPmsData));
+    pms_item_.data =
+        const_cast<unsigned char*>(static_cast<const unsigned char*>(kPmsData));
 
     slot_ = PK11_GetInternalSlot();
     ASSERT_NE(nullptr, slot_);
   }
 
-  void CheckForError(CK_MECHANISM_TYPE hash_mech,
-                     size_t seed_len,
-                     size_t pms_len,
-                     size_t output_len) {
+  void CheckForError(CK_MECHANISM_TYPE hash_mech, size_t seed_len,
+                     size_t pms_len, size_t output_len) {
     // Error tests don't depend on the derivation mechansim
-    Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech,
-          seed_len, pms_len, output_len, nullptr, nullptr);
+    Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech, seed_len, pms_len,
+          output_len, nullptr, nullptr);
   }
 
   void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech,
-                          CK_MECHANISM_TYPE hash_mech,
-                          CK_VERSION* version,
+                          CK_MECHANISM_TYPE hash_mech, CK_VERSION* version,
                           const uint8_t* expected) {
     // Infer seed length from mechanism
     int seed_len = 0;
     switch (hash_mech) {
-      case CKM_TLS_PRF: seed_len = kPrfSeedSizeTlsPrf; break;
-      case CKM_SHA256:  seed_len = kPrfSeedSizeSha256; break;
-      default:          ASSERT_TRUE(false);
+      case CKM_TLS_PRF:
+        seed_len = kPrfSeedSizeTlsPrf;
+        break;
+      case CKM_SHA256:
+        seed_len = kPrfSeedSizeSha256;
+        break;
+      default:
+        ASSERT_TRUE(false);
     }
 
-    Inner(derive_mech, hash_mech, seed_len,
-          kPmsSize, 0, version, expected);
+    Inner(derive_mech, hash_mech, seed_len, kPmsSize, 0, version, expected);
   }
 
-
   // Set output == nullptr to test when errors occur
-  void Inner(
-      CK_MECHANISM_TYPE derive_mech,
-      CK_MECHANISM_TYPE hash_mech,
-      size_t seed_len,
-      size_t pms_len,
-      size_t output_len,
-      CK_VERSION* version,
-      const uint8_t* expected) {
+  void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech,
+             size_t seed_len, size_t pms_len, size_t output_len,
+             CK_VERSION* version, const uint8_t* expected) {
     ClearTempVars();
 
     // Infer the key mechanism from the hash type
     switch (hash_mech) {
-      case CKM_TLS_PRF: key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE; break;
-      case CKM_SHA256:  key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; break;
-      default:          ASSERT_TRUE(false);
+      case CKM_TLS_PRF:
+        key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE;
+        break;
+      case CKM_SHA256:
+        key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+        break;
+      default:
+        ASSERT_TRUE(false);
     }
 
     // Import the params
     CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = {
-      hash_mech,
-      toUcharPtr(kPrfSeed),
-      static_cast<CK_ULONG>(seed_len),
-      version
-    };
+        hash_mech, toUcharPtr(kPrfSeed), static_cast<CK_ULONG>(seed_len),
+        version};
     params_.data = reinterpret_cast<unsigned char*>(&master_params);
     params_.len = sizeof(master_params);
 
     // Import the PMS
     pms_item_.len = pms_len;
-    pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap,
-                            CKA_DERIVE, &pms_item_, NULL);
+    pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, CKA_DERIVE,
+                             &pms_item_, NULL);
     ASSERT_NE(nullptr, pms_);
 
-
     // Compute the EMS
     ms_ = PK11_DeriveWithFlags(pms_, derive_mech, &params_, key_mech_,
-        CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
+                               CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
 
     // Verify the EMS has the expected value (null or otherwise)
     if (!expected) {
       EXPECT_EQ(nullptr, ms_);
     } else {
       ASSERT_NE(nullptr, ms_);
 
       SECStatus rv = PK11_ExtractKeyValue(ms_);
       ASSERT_EQ(SECSuccess, rv);
 
-      SECItem *msData = PK11_GetKeyData(ms_);
+      SECItem* msData = PK11_GetKeyData(ms_);
       ASSERT_NE(nullptr, msData);
 
       ASSERT_EQ(kMasterSecretSize, msData->len);
-      EXPECT_EQ(0,
-                memcmp(msData->data, expected, kMasterSecretSize));
+      EXPECT_EQ(0, memcmp(msData->data, expected, kMasterSecretSize));
     }
   }
 
  protected:
   SECItem params_;
   SECItem pms_item_;
   CK_MECHANISM_TYPE key_mech_;
-  PK11SlotInfo *slot_;
-  PK11SymKey *pms_;
-  PK11SymKey *ms_;
+  PK11SlotInfo* slot_;
+  PK11SymKey* pms_;
+  PK11SymKey* ms_;
   CK_VERSION pms_version_;
 };
 
 TEST_F(TlsPrfTest, ExtendedMsParamErr) {
   Init();
 
   // This should fail; it's the correct set from which the below are derived
-  // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, 0);
+  // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+  // kPrfSeedSizeTlsPrf, kPmsSize, 0);
 
   // Output key size != 0, SSL3_MASTER_SECRET_LENGTH
   CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize);
 
   // not-DH && pms size != SSL3_PMS_LENGTH
   CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
 
   // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
@@ -206,45 +195,35 @@ TEST_F(TlsPrfTest, ExtendedMsParamErr) {
 
 // Test matrix:
 //
 //            DH  RSA
 //  TLS_PRF   1   2
 //  SHA256    3   4
 TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
-                     CKM_TLS_PRF,
-                     nullptr,
-                     kExpectedOutputEmsTlsPrf);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_TLS_PRF,
+                     nullptr, kExpectedOutputEmsTlsPrf);
 }
 
 TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
-                     CKM_TLS_PRF,
-                     &pms_version_,
-                     kExpectedOutputEmsTlsPrf);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+                     &pms_version_, kExpectedOutputEmsTlsPrf);
   EXPECT_EQ(0, pms_version_.major);
   EXPECT_EQ(1, pms_version_.minor);
 }
 
-
 TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
-                     CKM_SHA256,
-                     nullptr,
-                     kExpectedOutputEmsSha256);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_SHA256,
+                     nullptr, kExpectedOutputEmsSha256);
 }
 
 TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
   Init();
-  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
-                     CKM_SHA256,
-                     &pms_version_,
-                     kExpectedOutputEmsSha256);
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_SHA256,
+                     &pms_version_, kExpectedOutputEmsSha256);
   EXPECT_EQ(0, pms_version_.major);
   EXPECT_EQ(1, pms_version_.minor);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
+++ b/security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -1,215 +1,212 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <memory>
 #include "nss.h"
 #include "pk11pub.h"
 #include "sechash.h"
-#include <memory>
 
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
 namespace nss_test {
 
 // RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
 const uint8_t kTestVector1Spki[] = {
-  0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-  0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
-  0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
-  0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52,
-  0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56,
-  0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94,
-  0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0,
-  0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5,
-  0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70,
-  0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0,
-  0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22,
-  0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
-  0x37, 0x02, 0x03, 0x01, 0x00, 0x01
-};
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17,
+    0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec,
+    0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9,
+    0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2,
+    0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91,
+    0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95,
+    0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63,
+    0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e,
+    0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35,
+    0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1,
+    0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
+    0x37, 0x02, 0x03, 0x01, 0x00, 0x01};
 // RSA-PSS test vectors, pss-vect.txt, Example 1.1
 const uint8_t kTestVector1Data[] = {
-  0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb, 0xbc,
-  0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54, 0x75, 0xcc,
-  0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c, 0xe2, 0x39, 0x2e,
-  0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15, 0x6a, 0x0d, 0x8d, 0x52,
-  0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09, 0x57, 0x86, 0xcb, 0x76, 0x97,
-  0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe, 0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5,
-  0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2, 0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67,
-  0x69, 0x3f, 0x90, 0xdf, 0xb0, 0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44,
-  0x72, 0xc0, 0x0e, 0x5f, 0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06,
-  0xce, 0x78, 0xe0, 0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0,
-  0x31, 0x7e, 0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38,
-  0x08, 0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
-  0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41, 0x62,
-  0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9, 0xea, 0x8f,
-  0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16, 0xbe, 0x02, 0x54,
-  0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26, 0x76, 0xe0, 0x8a, 0xed,
-  0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67, 0xd0
-};
+    0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb,
+    0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54,
+    0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c,
+    0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15,
+    0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09,
+    0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe,
+    0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2,
+    0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0,
+    0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f,
+    0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0,
+    0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e,
+    0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08,
+    0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
+    0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41,
+    0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9,
+    0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16,
+    0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26,
+    0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67,
+    0xd0};
 const uint8_t kTestVector1Sig[] = {
-  0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38, 0x8e,
-  0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1, 0x85, 0xdf,
-  0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd, 0x44, 0xdc, 0x86,
-  0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2, 0x26, 0xf3, 0xec, 0x22,
-  0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31, 0xf5, 0x05, 0x12, 0x15, 0xdf,
-  0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa, 0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14,
-  0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4, 0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa,
-  0x35, 0x42, 0xff, 0xee, 0x65, 0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d,
-  0xeb, 0x27, 0xdc, 0xa1, 0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00,
-  0xf1, 0xff, 0x2b, 0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c
-};
+    0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38,
+    0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1,
+    0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd,
+    0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2,
+    0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31,
+    0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa,
+    0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4,
+    0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65,
+    0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1,
+    0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b,
+    0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c};
 
 // RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
 const uint8_t kTestVector2Spki[] = {
-  0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-  0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00, 0x30, 0x82,
-  0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a, 0xc4, 0xcb, 0x02,
-  0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70, 0xef, 0x99, 0x1c, 0x56,
-  0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa, 0x89, 0x37, 0xce, 0xa5, 0x7b,
-  0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00, 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22,
-  0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27, 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80,
-  0x90, 0xfe, 0xe2, 0xa7, 0xad, 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49,
-  0x97, 0xc7, 0xa4, 0x2d, 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f,
-  0xe5, 0x21, 0xc1, 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e,
-  0x4c, 0x7e, 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57,
-  0x7e, 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
-  0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc, 0x95,
-  0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79, 0x25, 0xfe,
-  0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea, 0x45, 0x49, 0xc5,
-  0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9, 0x1f, 0xff, 0x58, 0x73,
-  0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70, 0x5a, 0x33, 0xe3, 0x91, 0x90,
-  0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1, 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c,
-  0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17, 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d,
-  0xce, 0x09, 0xcb, 0x4a, 0xd0, 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98,
-  0xee, 0x27, 0xcf, 0x55, 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec,
-  0x8b, 0x17, 0x4b, 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21,
-  0xae, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01
-};
+    0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00,
+    0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a,
+    0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70,
+    0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa,
+    0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00,
+    0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27,
+    0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad,
+    0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d,
+    0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1,
+    0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e,
+    0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e,
+    0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
+    0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc,
+    0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79,
+    0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea,
+    0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9,
+    0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70,
+    0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1,
+    0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17,
+    0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0,
+    0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55,
+    0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b,
+    0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05,
+    0x02, 0x03, 0x01, 0x00, 0x01};
 // RSA-PSS test vectors, pss-vect.txt, Example 10.1
 const uint8_t kTestVector2Data[] = {
-  0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9, 0x68, 0x03, 0x27,
-  0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f, 0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a,
-  0x3a, 0xd6, 0x09
-};
+    0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9,
+    0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f,
+    0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09};
 const uint8_t kTestVector2Sig[] = {
-  0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b, 0x19,
-  0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f, 0xce, 0x54,
-  0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd, 0xfd, 0xac, 0xe1,
-  0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14, 0x8e, 0xba, 0xd7, 0xa0,
-  0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5, 0x72, 0x7d, 0x05, 0xf2, 0x1e,
-  0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20, 0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a,
-  0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6, 0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59,
-  0x61, 0xc8, 0xbf, 0xad, 0x74, 0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39,
-  0x3e, 0x72, 0x23, 0x73, 0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55,
-  0x5b, 0x0e, 0xc0, 0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76,
-  0x14, 0xce, 0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95,
-  0x16, 0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
-  0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8, 0xfe,
-  0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77, 0x55, 0x92,
-  0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00, 0x0b, 0xe2, 0x5b,
-  0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86, 0x18, 0x4d, 0xd1, 0xc8,
-  0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f, 0x60, 0x66, 0x3d, 0xe7, 0xf5,
-  0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f, 0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4,
-  0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1, 0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2,
-  0x38, 0x52, 0x30, 0xd0, 0x70, 0xd0, 0x7e, 0x16, 0x66
-};
+    0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b,
+    0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f,
+    0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd,
+    0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14,
+    0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5,
+    0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20,
+    0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6,
+    0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74,
+    0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73,
+    0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0,
+    0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce,
+    0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16,
+    0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
+    0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8,
+    0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77,
+    0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00,
+    0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86,
+    0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f,
+    0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f,
+    0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1,
+    0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70,
+    0xd0, 0x7e, 0x16, 0x66};
 
 static unsigned char* toUcharPtr(const uint8_t* v) {
-  return const_cast<unsigned char*>(
-    static_cast<const unsigned char*>(v));
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
 }
 
-class Pkcs11RsaPssTest : public ::testing::Test {
-};
+class Pkcs11RsaPssTest : public ::testing::Test {};
 
 class Pkcs11RsaPssVectorTest : public Pkcs11RsaPssTest {
  public:
   void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data,
               size_t data_len, const uint8_t* sig, size_t sig_len) {
     // Verify data signed with PSS/SHA-1.
     SECOidTag hashOid = SEC_OID_SHA1;
     CK_MECHANISM_TYPE hashMech = CKM_SHA_1;
     CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA1;
 
     // Set up PSS parameters.
     unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
-    CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
-    SECItem params = { siBuffer,
-                       reinterpret_cast<unsigned char*>(&rsaPssParams),
-                       sizeof(rsaPssParams) };
+    CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+                      sizeof(rsaPssParams)};
 
     // Import public key.
-    SECItem spkiItem = { siBuffer, toUcharPtr(spki),
-                         static_cast<unsigned int>(spki_len) };
+    SECItem spkiItem = {siBuffer, toUcharPtr(spki),
+                        static_cast<unsigned int>(spki_len)};
     ScopedCERTSubjectPublicKeyInfo certSpki(
-      SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+        SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
     ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
 
     // Hash the data.
     std::vector<uint8_t> hashBuf(hLen);
-    SECItem hash = { siBuffer, &hashBuf[0],
-                     static_cast<unsigned int>(hashBuf.size()) };
-    SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data),
-                                data_len);
+    SECItem hash = {siBuffer, &hashBuf[0],
+                    static_cast<unsigned int>(hashBuf.size())};
+    SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data), data_len);
     EXPECT_EQ(rv, SECSuccess);
 
     // Verify.
     CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
-    SECItem sigItem = { siBuffer, toUcharPtr(sig),
-                        static_cast<unsigned int>(sig_len) };
+    SECItem sigItem = {siBuffer, toUcharPtr(sig),
+                       static_cast<unsigned int>(sig_len)};
     rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sigItem, &hash,
                                   nullptr);
     EXPECT_EQ(rv, SECSuccess);
   }
 };
 
 #define PSS_TEST_VECTOR_VERIFY(spki, data, sig) \
   Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
 
 TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
   // Sign data with a 1024-bit RSA key, using PSS/SHA-256.
   SECOidTag hashOid = SEC_OID_SHA256;
   CK_MECHANISM_TYPE hashMech = CKM_SHA256;
   CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA256;
-  PK11RSAGenParams rsaGenParams = { 1024, 0x10001 };
+  PK11RSAGenParams rsaGenParams = {1024, 0x10001};
 
   // Generate RSA key pair.
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   SECKEYPublicKey* pubKeyRaw = nullptr;
-  ScopedSECKEYPrivateKey privKey(PK11_GenerateKeyPair(slot.get(),
-                                                      CKM_RSA_PKCS_KEY_PAIR_GEN,
-                                                      &rsaGenParams, &pubKeyRaw,
-                                                      false, false, nullptr));
+  ScopedSECKEYPrivateKey privKey(
+      PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaGenParams,
+                           &pubKeyRaw, false, false, nullptr));
   ASSERT_TRUE(!!privKey && pubKeyRaw);
   ScopedSECKEYPublicKey pubKey(pubKeyRaw);
 
   // Generate random data to sign.
   uint8_t dataBuf[50];
-  SECItem data = { siBuffer, dataBuf, sizeof(dataBuf) };
+  SECItem data = {siBuffer, dataBuf, sizeof(dataBuf)};
   unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
   SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), data.data, data.len);
   EXPECT_EQ(rv, SECSuccess);
 
   // Allocate memory for the signature.
   std::vector<uint8_t> sigBuf(PK11_SignatureLen(privKey.get()));
-  SECItem sig = { siBuffer, &sigBuf[0],
-                  static_cast<unsigned int>(sigBuf.size()) };
+  SECItem sig = {siBuffer, &sigBuf[0],
+                 static_cast<unsigned int>(sigBuf.size())};
 
   // Set up PSS parameters.
-  CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
-  SECItem params = { siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
-                     sizeof(rsaPssParams) };
+  CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
+  SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+                    sizeof(rsaPssParams)};
 
   // Sign.
   CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
   rv = PK11_SignWithMechanism(privKey.get(), mech, &params, &sig, &data);
   EXPECT_EQ(rv, SECSuccess);
 
   // Verify.
   rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
@@ -218,17 +215,17 @@ TEST_F(Pkcs11RsaPssTest, GenerateAndSign
 
   // Verification with modified data must fail.
   data.data[0] ^= 0xff;
   rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
                                 nullptr);
   EXPECT_EQ(rv, SECFailure);
 
   // Verification with original data but the wrong signature must fail.
-  data.data[0] ^= 0xff; // Revert previous changes.
+  data.data[0] ^= 0xff;  // Revert previous changes.
   sig.data[0] ^= 0xff;
   rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
                                 nullptr);
   EXPECT_EQ(rv, SECFailure);
 }
 
 // RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
@@ -238,9 +235,8 @@ TEST_F(Pkcs11RsaPssVectorTest, VerifyKno
 
 // RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
 TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
   PSS_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
 }
 
 }  // namespace nss_test
-
--- a/security/nss/external_tests/ssl_gtest/Makefile
+++ b/security/nss/external_tests/ssl_gtest/Makefile
@@ -28,26 +28,28 @@ include $(CORE_DEPTH)/coreconf/config.mk
 include ../common/gtest.mk
 
 CFLAGS += -I$(CORE_DEPTH)/lib/ssl
 
 ifdef NSS_SSL_ENABLE_ZLIB
 include $(CORE_DEPTH)/coreconf/zlib.mk
 endif
 
+ifdef NSS_DISABLE_TLS_1_3
+# Run parameterized tests only, for which we can easily exclude TLS 1.3
+CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
+CFLAGS += -DNSS_DISABLE_TLS_1_3
+endif
+
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
 
 include $(CORE_DEPTH)/coreconf/rules.mk
 
 #######################################################################
 # (6) Execute "component" rules. (OPTIONAL)                           #
 #######################################################################
 
 
 #######################################################################
 # (7) Execute "local" rules. (OPTIONAL).                              #
 #######################################################################
-
-ifndef NSS_ENABLE_TLS_1_3
-CPPSRCS := $(filter-out ssl_0rtt_unittest.cc, $(CPPSRCS))
-endif
--- a/security/nss/external_tests/ssl_gtest/databuffer.h
+++ b/security/nss/external_tests/ssl_gtest/databuffer.h
@@ -13,22 +13,24 @@
 #include <iomanip>
 #include <iostream>
 #if defined(WIN32) || defined(WIN64)
 #include <winsock2.h>
 #else
 #include <arpa/inet.h>
 #endif
 
+extern bool g_ssl_gtest_verbose;
+
 namespace nss_test {
 
 class DataBuffer {
  public:
   DataBuffer() : data_(nullptr), len_(0) {}
-  DataBuffer(const uint8_t *data, size_t len) : data_(nullptr), len_(0) {
+  DataBuffer(const uint8_t* data, size_t len) : data_(nullptr), len_(0) {
     Assign(data, len);
   }
   explicit DataBuffer(const DataBuffer& other) : data_(nullptr), len_(0) {
     Assign(other);
   }
   ~DataBuffer() { delete[] data_; }
 
   DataBuffer& operator=(const DataBuffer& other) {
@@ -39,52 +41,47 @@ class DataBuffer {
   }
 
   void Allocate(size_t len) {
     delete[] data_;
     data_ = new uint8_t[len ? len : 1];  // Don't depend on new [0].
     len_ = len;
   }
 
-  void Truncate(size_t len) {
-    len_ = std::min(len_, len);
-  }
+  void Truncate(size_t len) { len_ = std::min(len_, len); }
 
-  void Assign(const DataBuffer& other) {
-    Assign(other.data(), other.len());
-  }
+  void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
 
   void Assign(const uint8_t* data, size_t len) {
     if (data) {
       Allocate(len);
-      memcpy(static_cast<void *>(data_), static_cast<const void *>(data), len);
+      memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
     } else {
       assert(len == 0);
       data_ = nullptr;
       len_ = 0;
     }
   }
 
   // Write will do a new allocation and expand the size of the buffer if needed.
   // Returns the offset of the end of the write.
   size_t Write(size_t index, const uint8_t* val, size_t count) {
     if (index + count > len_) {
       size_t newlen = index + count;
-      uint8_t* tmp = new uint8_t[newlen]; // Always > 0.
-      memcpy(static_cast<void*>(tmp),
-             static_cast<const void*>(data_), len_);
+      uint8_t* tmp = new uint8_t[newlen];  // Always > 0.
+      memcpy(static_cast<void*>(tmp), static_cast<const void*>(data_), len_);
       if (index > len_) {
         memset(static_cast<void*>(tmp + len_), 0, index - len_);
       }
       delete[] data_;
       data_ = tmp;
       len_ = newlen;
     }
-    memcpy(static_cast<void*>(data_ + index),
-           static_cast<const void*>(val), count);
+    memcpy(static_cast<void*>(data_ + index), static_cast<const void*>(val),
+           count);
     return index + count;
   }
 
   size_t Write(size_t index, const DataBuffer& buf) {
     return Write(index, buf.data(), buf.len());
   }
 
   // Write an integer, also performing host-to-network order conversion.
@@ -112,17 +109,18 @@ class DataBuffer {
   }
 
   // Starting at |index|, remove |remove| bytes and replace them with the
   // contents of |buf|.
   void Splice(const DataBuffer& buf, size_t index, size_t remove = 0) {
     Splice(buf.data(), buf.len(), index, remove);
   }
 
-  void Splice(const uint8_t* ins, size_t ins_len, size_t index, size_t remove = 0) {
+  void Splice(const uint8_t* ins, size_t ins_len, size_t index,
+              size_t remove = 0) {
     uint8_t* old_value = data_;
     size_t old_len = len_;
 
     // The amount of stuff remaining from the tail of the old.
     size_t tail_len = old_len - std::min(old_len, index + remove);
     // The new length: the head of the old, the new, and the tail of the old.
     len_ = index + ins_len + tail_len;
     data_ = new uint8_t[len_ ? len_ : 1];
@@ -132,59 +130,54 @@ class DataBuffer {
     // Maybe a gap.
     if (index > old_len) {
       memset(old_value + index, 0, index - old_len);
     }
     // The new.
     Write(index, ins, ins_len);
     // The tail of the old.
     if (tail_len > 0) {
-      Write(index + ins_len,
-            old_value + index + remove, tail_len);
+      Write(index + ins_len, old_value + index + remove, tail_len);
     }
 
     delete[] old_value;
   }
 
   void Append(const DataBuffer& buf) { Splice(buf, len_); }
 
-  const uint8_t *data() const { return data_; }
+  const uint8_t* data() const { return data_; }
   uint8_t* data() { return data_; }
   size_t len() const { return len_; }
   bool empty() const { return len_ == 0; }
 
  private:
   uint8_t* data_;
   size_t len_;
 };
 
-#ifdef DEBUG
-static const size_t kMaxBufferPrint = 10000;
-#else
 static const size_t kMaxBufferPrint = 32;
-#endif
 
 inline std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf) {
   stream << "[" << buf.len() << "] ";
   for (size_t i = 0; i < buf.len(); ++i) {
-    if (i >= kMaxBufferPrint) {
+    if (!g_ssl_gtest_verbose && i >= kMaxBufferPrint) {
       stream << "...";
       break;
     }
     stream << std::hex << std::setfill('0') << std::setw(2)
            << static_cast<unsigned>(buf.data()[i]);
   }
   stream << std::dec;
   return stream;
 }
 
 inline bool operator==(const DataBuffer& a, const DataBuffer& b) {
   return (a.empty() && b.empty()) ||
-    (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
+         (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
 }
 
 inline bool operator!=(const DataBuffer& a, const DataBuffer& b) {
   return !(a == b);
 }
 
-} // namespace nss_test
+}  // namespace nss_test
 
 #endif
--- a/security/nss/external_tests/ssl_gtest/libssl_internals.c
+++ b/security/nss/external_tests/ssl_gtest/libssl_internals.c
@@ -1,186 +1,164 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* This file contains functions for frobbing the internals of libssl */
 #include "libssl_internals.h"
 
 #include "nss.h"
 #include "pk11pub.h"
 #include "seccomon.h"
 #include "ssl.h"
 #include "sslimpl.h"
 
-SECStatus
-SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure;
-    }
+SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
 
-    ++ss->clientHelloVersion;
+  ++ss->clientHelloVersion;
 
-    return SECSuccess;
+  return SECSuccess;
 }
 
-PRUint32
-SSLInt_DetermineKEABits(PRUint16 serverKeyBits, SSLAuthType authAlgorithm) {
-    // For ECDSA authentication we expect a curve for key exchange with the
-    // same strength as the one used for the certificate's signature.
-    if (authAlgorithm == ssl_auth_ecdsa ||
-        authAlgorithm == ssl_auth_ecdh_rsa ||
-        authAlgorithm == ssl_auth_ecdh_ecdsa) {
-        return serverKeyBits;
-    }
-
+// This function guesses what key exchange strength libssl will choose.
+PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
+                                 const SSLCipherSuiteInfo *info) {
+  PRUint32 authBits;
+  SSLAuthType authAlgorithm = info->authType;
+  if (authAlgorithm == ssl_auth_ecdsa || authAlgorithm == ssl_auth_ecdh_rsa ||
+      authAlgorithm == ssl_auth_ecdh_ecdsa) {
+    authBits = serverKeyBits;
+  } else {
     PORT_Assert(authAlgorithm == ssl_auth_rsa_decrypt ||
                 authAlgorithm == ssl_auth_rsa_sign);
-    PRUint32 minKeaBits;
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-    // P-192 is the smallest curve we want to use.
-    minKeaBits = 192U;
-#else
-    // P-256 is the smallest supported curve.
-    minKeaBits = 256U;
-#endif
+    authBits = SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits);
+  }
 
-    return PR_MAX(SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits), minKeaBits);
+  // We expect a curve for key exchange to be selected based on the symmetric
+  // key strength (times 2) or the server key size, whichever is smaller.
+  PRUint32 targetKeaBits = PR_MIN(info->symKeyBits * 2, authBits);
+
+  // P-256 is the preferred curve of minimum size.
+  return PR_MAX(256U, targetKeaBits);
 }
 
 /* Use this function to update the ClientRandom of a client's handshake state
  * after replacing its ClientHello message. We for example need to do this
  * when replacing an SSLv3 ClientHello with its SSLv2 equivalent. */
-SECStatus
-SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd, size_t rnd_len,
-                               uint8_t *msg, size_t msg_len)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure;
-    }
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
 
-    SECStatus rv = ssl3_InitState(ss);
-    if (rv != SECSuccess) {
-        return rv;
-    }
+  SECStatus rv = ssl3_InitState(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
 
-    rv = ssl3_RestartHandshakeHashes(ss);
-    if (rv != SECSuccess) {
-        return rv;
-    }
+  rv = ssl3_RestartHandshakeHashes(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
 
-    // Zero the client_random struct.
-    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
+  // Zero the client_random struct.
+  PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
 
-    // Copy over the challenge bytes.
-    size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
-    PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
+  // Copy over the challenge bytes.
+  size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
+  PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
 
-    // Rehash the SSLv2 client hello message.
-    return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
+  // Rehash the SSLv2 client hello message.
+  return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
 }
 
-PRBool
-SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
+PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
 }
 
-void
-SSLInt_ClearSessionTicketKey()
-{
+void SSLInt_ClearSessionTicketKey() {
   ssl3_SessionTicketShutdown(NULL, NULL);
   NSS_UnregisterShutdown(ssl3_SessionTicketShutdown, NULL);
 }
 
-SECStatus
-SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu)
-{
+SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (ss) {
     ss->ssl3.mtu = mtu;
     return SECSuccess;
   }
   return SECFailure;
 }
 
-PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd)
-{
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd) {
   PRCList *cur_p;
   PRInt32 ct = 0;
 
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return -1;
   }
 
   for (cur_p = PR_NEXT_LINK(&ss->ssl3.hs.cipherSpecs);
-       cur_p != &ss->ssl3.hs.cipherSpecs;
-       cur_p = PR_NEXT_LINK(cur_p)) {
+       cur_p != &ss->ssl3.hs.cipherSpecs; cur_p = PR_NEXT_LINK(cur_p)) {
     ++ct;
   }
   return ct;
 }
 
 /* Force a timer expiry by backdating when the timer was started.
  * We could set the remaining time to 0 but then backoff would not
  * work properly if we decide to test it. */
-void SSLInt_ForceTimerExpiry(PRFileDesc *fd)
-{
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return;
   }
 
-  if (!ss->ssl3.hs.rtTimerCb)
-    return;
+  if (!ss->ssl3.hs.rtTimerCb) return;
 
-  ss->ssl3.hs.rtTimerStarted = PR_IntervalNow() -
-      PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
+  ss->ssl3.hs.rtTimerStarted =
+      PR_IntervalNow() - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
 }
 
-#define CHECK_SECRET(secret)                    \
-  if (ss->ssl3.hs.secret) {                     \
-    fprintf(stderr, "%s != NULL\n", #secret);   \
-    return PR_FALSE;                            \
+#define CHECK_SECRET(secret)                  \
+  if (ss->ssl3.hs.secret) {                   \
+    fprintf(stderr, "%s != NULL\n", #secret); \
+    return PR_FALSE;                          \
   }
 
-PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd)
-{
+PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return PR_FALSE;
   }
 
   CHECK_SECRET(currentSecret);
   CHECK_SECRET(resumptionPsk);
   CHECK_SECRET(dheSecret);
   CHECK_SECRET(earlyTrafficSecret);
   CHECK_SECRET(hsTrafficSecret);
 
   return PR_TRUE;
 }
 
-PRBool sslint_DamageTrafficSecret(PRFileDesc *fd,
-                                  size_t offset)
-{
+PRBool sslint_DamageTrafficSecret(PRFileDesc *fd, size_t offset) {
   unsigned char data[32] = {0};
   PK11SymKey **keyPtr;
   PK11SlotInfo *slot = PK11_GetInternalSlot();
-  SECItem key_item = {
-      siBuffer,
-      data,
-      sizeof(data)
-  };
+  SECItem key_item = {siBuffer, data, sizeof(data)};
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return PR_FALSE;
   }
   if (!slot) {
     return PR_FALSE;
   }
   keyPtr = (PK11SymKey **)((char *)&ss->ssl3.hs + offset);
@@ -193,43 +171,54 @@ PRBool sslint_DamageTrafficSecret(PRFile
   PK11_FreeSlot(slot);
   if (!*keyPtr) {
     return PR_FALSE;
   }
 
   return PR_TRUE;
 }
 
-
-PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd)
-{
+PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd) {
   return sslint_DamageTrafficSecret(
-      fd,
-      offsetof(SSL3HandshakeState,
-               hsTrafficSecret));
+      fd, offsetof(SSL3HandshakeState, hsTrafficSecret));
 }
 
-PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd)
-{
+PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd) {
   return sslint_DamageTrafficSecret(
-      fd,
-      offsetof(SSL3HandshakeState,
-               earlyTrafficSecret));
+      fd, offsetof(SSL3HandshakeState, earlyTrafficSecret));
 }
 
-SECStatus
-SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len)
-{
+SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return SECFailure;
   }
 
   ss->ssl3.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
   if (ss->ssl3.nextProto.data) {
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
   }
-  if (!SECITEM_AllocItem(NULL, &ss->ssl3.nextProto, len))
-    return SECFailure;
+  if (!SECITEM_AllocItem(NULL, &ss->ssl3.nextProto, len)) return SECFailure;
   PORT_Memcpy(ss->ssl3.nextProto.data, data, len);
 
   return SECSuccess;
 }
+
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  return (PRBool)(!!ssl_FindServerCertByAuthType(ss, authType));
+}
+
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  SECStatus rv = SSL3_SendAlert(ss, level, type);
+  if (rv != SECSuccess) return PR_FALSE;
+
+  return PR_TRUE;
+}
--- a/security/nss/external_tests/ssl_gtest/libssl_internals.h
+++ b/security/nss/external_tests/ssl_gtest/libssl_internals.h
@@ -11,25 +11,27 @@
 
 #include "prio.h"
 #include "seccomon.h"
 #include "sslt.h"
 
 SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
 
 PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
-                                 SSLAuthType authAlgorithm);
+                                 const SSLCipherSuiteInfo *info);
 
-SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd,
-                                         uint8_t *rnd, size_t rnd_len,
-                                         uint8_t *msg, size_t msg_len);
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len);
 
 PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
 void SSLInt_ClearSessionTicketKey();
 PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd);
 void SSLInt_ForceTimerExpiry(PRFileDesc *fd);
 SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu);
 PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd);
 PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd);
 PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd);
 SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len);
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType);
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type);
 
-#endif // ndef libssl_internals_h_
+#endif  // ndef libssl_internals_h_
--- a/security/nss/external_tests/ssl_gtest/manifest.mn
+++ b/security/nss/external_tests/ssl_gtest/manifest.mn
@@ -10,23 +10,27 @@ MODULE = nss
 CSRCS = \
       libssl_internals.c \
       $(NULL)
 
 CPPSRCS = \
       ssl_0rtt_unittest.cc \
       ssl_agent_unittest.cc \
       ssl_auth_unittest.cc \
+      ssl_cert_ext_unittest.cc \
       ssl_ciphersuite_unittest.cc \
+      ssl_damage_unittest.cc \
       ssl_dhe_unittest.cc \
       ssl_drop_unittest.cc \
+      ssl_ecdh_unittest.cc \
       ssl_ems_unittest.cc \
       ssl_extension_unittest.cc \
       ssl_gtest.cc \
       ssl_loopback_unittest.cc \
+      ssl_record_unittest.cc \
       ssl_resumption_unittest.cc \
       ssl_skip_unittest.cc \
       ssl_staticrsa_unittest.cc \
       ssl_v2_client_hello_unittest.cc \
       ssl_version_unittest.cc \
       test_io.cc \
       tls_agent.cc \
       tls_connect.cc \
--- a/security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
@@ -1,43 +1,40 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include "ssl.h"
 #include "secerr.h"
-#include "ssl.h"
 #include "sslerr.h"
 #include "sslproto.h"
 
 extern "C" {
 // This is not something that should make you happy.
 #include "libssl_internals.h"
 }
 
+#include "gtest_utils.h"
 #include "scoped_ptrs.h"
-#include "tls_parser.h"
+#include "tls_connect.h"
 #include "tls_filter.h"
-#include "tls_connect.h"
-#include "gtest_utils.h"
+#include "tls_parser.h"
 
 namespace nss_test {
 
 TEST_F(TlsConnectTest, DamageSecretHandleZeroRttClientFinished) {
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   client_->SetPacketFilter(new AfterRecordN(
-      client_,
-      server_,
-      0, // ClientHello.
-      [this]() {
-        SSLInt_DamageEarlyTrafficSecret(server_->ssl_fd());
-      }));
+      client_, server_,
+      0,  // ClientHello.
+      [this]() { SSLInt_DamageEarlyTrafficSecret(server_->ssl_fd()); }));
   ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
   server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
 }
 
 TEST_F(TlsConnectTest, ZeroRttServerRejectByOption) {
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
@@ -103,60 +100,60 @@ TEST_F(TlsConnectTest, TestTls13ZeroRttA
   EnableAlpn();
   SetupForZeroRtt();
   EnableAlpn();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ExpectEarlyDataAccepted(true);
   ZeroRttSendReceive(true, [this]() {
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
-      return true;
-    });
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
   Handshake();
   CheckConnected();
   SendReceive();
   CheckAlpn("a");
 }
 
 // Remove the old ALPN value and so the client will not offer ALPN.
 TEST_F(TlsConnectTest, TestTls13ZeroRttAlpnChangeBoth) {
   EnableAlpn();
   SetupForZeroRtt();
-  static const uint8_t alpn[] = { 0x01, 0x62 };  // "b"
+  static const uint8_t alpn[] = {0x01, 0x62};  // "b"
   EnableAlpn(alpn, sizeof(alpn));
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(false, [this]() {
-      client_->CheckAlpn(SSL_NEXT_PROTO_NO_SUPPORT);
-      return false;
-    });
+    client_->CheckAlpn(SSL_NEXT_PROTO_NO_SUPPORT);
+    return false;
+  });
   Handshake();
   CheckConnected();
   SendReceive();
   CheckAlpn("b");
 }
 
 // Have the server negotiate a different ALPN value, and therefore
 // reject 0-RTT.
 TEST_F(TlsConnectTest, TestTls13ZeroRttAlpnChangeServer) {
   EnableAlpn();
   SetupForZeroRtt();
-  static const uint8_t client_alpn[] = { 0x01, 0x61, 0x01, 0x62 }; // "a", "b"
-  static const uint8_t server_alpn[] = { 0x01, 0x62 };  // "b"
+  static const uint8_t client_alpn[] = {0x01, 0x61, 0x01, 0x62};  // "a", "b"
+  static const uint8_t server_alpn[] = {0x01, 0x62};              // "b"
   client_->EnableAlpn(client_alpn, sizeof(client_alpn));
   server_->EnableAlpn(server_alpn, sizeof(server_alpn));
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(false, [this]() {
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
-      return true;
-    });
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
   Handshake();
   CheckConnected();
   SendReceive();
   CheckAlpn("b");
 }
 
 // Check that the client validates the ALPN selection of the server.
 // Stomp the ALPN on the client after sending the ClientHello so
@@ -165,40 +162,39 @@ TEST_F(TlsConnectTest, TestTls13ZeroRttA
 TEST_F(TlsConnectTest, TestTls13ZeroRttNoAlpnServer) {
   EnableAlpn();
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   EnableAlpn();
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(true, [this]() {
-      PRUint8 b[] = {'b'};
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
-      EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b,
-                                               sizeof(b)));
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
-      return true;
-    });
+    PRUint8 b[] = {'b'};
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, sizeof(b)));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
   Handshake();
   client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
   server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
 // Set up with no ALPN and then set the client so it thinks it has ALPN.
 // The server responds without the extension and the client returns an
 // error.
 TEST_F(TlsConnectTest, TestTls13ZeroRttNoAlpnClient) {
   SetupForZeroRtt();
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
   ZeroRttSendReceive(true, [this]() {
-      PRUint8 b[] = {'b'};
-      EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
-      client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
-      return true;
-    });
+    PRUint8 b[] = {'b'};
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
   Handshake();
   client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
   server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
-} // namespace nss_test
+}  // namespace nss_test
--- a/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
@@ -13,236 +13,185 @@
 #include "databuffer.h"
 #include "tls_agent.h"
 #include "tls_connect.h"
 #include "tls_filter.h"
 #include "tls_parser.h"
 
 namespace nss_test {
 
-#ifdef NSS_ENABLE_TLS_1_3
 // This is a 1-RTT ClientHello with ECDHE and DHE.
 const static uint8_t kCannedTls13ClientHello[] = {
-  0x01, 0x00, 0x01, 0xfc, 0x03, 0x04, 0x77, 0x5c,
-  0x3a, 0xd8, 0x3f, 0x43, 0x63, 0x98, 0xfa, 0x68,
-  0xfb, 0x01, 0x39, 0xff, 0x7c, 0x1a, 0x51, 0xa7,
-  0x92, 0xda, 0x97, 0xf5, 0x15, 0x78, 0xb3, 0xbb,
-  0x26, 0xa7, 0xed, 0x6f, 0x69, 0x71, 0x00, 0x00,
-  0x2a, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc,
-  0xa8, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0,
-  0x14, 0x00, 0x9e, 0xcc, 0xaa, 0x00, 0x33, 0x00,
-  0x32, 0x00, 0x39, 0x00, 0x38, 0x00, 0x16, 0x00,
-  0x13, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00,
-  0x05, 0x00, 0x04, 0x01, 0x00, 0x01, 0xa9, 0x00,
-  0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
-  0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01,
-  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
-  0x08, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
-  0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0xff,
-  0x02, 0x00, 0x02, 0x00, 0x0d, 0x00, 0x28, 0x01,
-  0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04,
-  0xbf, 0x31, 0xb4, 0x29, 0x96, 0xf4, 0xe6, 0x4a,
-  0xe3, 0xea, 0x87, 0x05, 0x38, 0x0e, 0x68, 0x02,
-  0xbc, 0x4a, 0x5d, 0x90, 0xed, 0xe7, 0xaa, 0x8e,
-  0xb8, 0x42, 0x84, 0xaa, 0x3a, 0x4f, 0x2b, 0xe3,
-  0x52, 0x9a, 0x9a, 0x76, 0xab, 0xf8, 0x2e, 0x59,
-  0xea, 0xcd, 0x2b, 0x2f, 0x03, 0x18, 0xd2, 0x0c,
-  0xc9, 0x07, 0x15, 0xca, 0xe6, 0x61, 0xf7, 0x79,
-  0x9f, 0xfe, 0xc5, 0x10, 0x40, 0x9e, 0x38, 0x33,
-  0x01, 0x00, 0x01, 0x00, 0xd8, 0x80, 0x1f, 0x06,
-  0x9a, 0xbb, 0xf7, 0xbb, 0xd4, 0x5c, 0x75, 0x1d,
-  0x8e, 0x09, 0x27, 0xad, 0x08, 0xb8, 0x16, 0x0f,
-  0x4f, 0x50, 0x79, 0xe1, 0x7e, 0xd4, 0x3b, 0xc0,
-  0x57, 0xcc, 0x00, 0x5e, 0x28, 0xd8, 0xb3, 0x16,
-  0x7f, 0x36, 0x48, 0x75, 0x8d, 0x03, 0xa4, 0x71,
-  0x86, 0x06, 0xf0, 0xe7, 0x57, 0x47, 0x35, 0xf0,
-  0x04, 0xfb, 0xf7, 0x6c, 0x7a, 0xdd, 0x05, 0x93,
-  0x53, 0x16, 0x12, 0x49, 0xbe, 0x35, 0x67, 0x47,
-  0x6e, 0x3a, 0x91, 0xef, 0x50, 0x09, 0x14, 0x98,
-  0x8b, 0x83, 0xc4, 0x62, 0x77, 0xf3, 0x57, 0x53,
-  0x3f, 0xf4, 0x82, 0xc0, 0x70, 0x25, 0x19, 0x9d,
-  0x93, 0xe2, 0xb9, 0x7b, 0xb4, 0x83, 0x31, 0xef,
-  0xd8, 0x3b, 0xd5, 0x25, 0x70, 0x64, 0x29, 0xa2,
-  0xc2, 0xc5, 0x73, 0x9a, 0xfe, 0x27, 0xca, 0xc0,
-  0x55, 0x34, 0x91, 0x95, 0x05, 0xbf, 0x5e, 0x54,
-  0x4d, 0x95, 0x43, 0x3d, 0x54, 0x6a, 0x89, 0x0b,
-  0x5e, 0xab, 0x08, 0x7b, 0xf8, 0x38, 0x0a, 0x56,
-  0x51, 0x9d, 0xbc, 0xdd, 0x46, 0xa9, 0xfc, 0x95,
-  0xe9, 0x75, 0x1c, 0xc8, 0x18, 0x7f, 0xed, 0xa9,
-  0xca, 0xb6, 0x5e, 0x77, 0x63, 0x33, 0xb1, 0xb5,
-  0x68, 0xce, 0xa5, 0x98, 0xec, 0x8c, 0x34, 0x98,
-  0x1c, 0xa9, 0xa5, 0x84, 0xec, 0xe6, 0xba, 0x0b,
-  0x11, 0xbf, 0x40, 0xa5, 0xf0, 0x3c, 0xd5, 0xd3,
-  0xac, 0x2f, 0x46, 0xed, 0xab, 0xc0, 0xc1, 0x78,
-  0x3f, 0x18, 0x64, 0x5b, 0xff, 0x31, 0xeb, 0x74,
-  0x06, 0x92, 0x42, 0x1e, 0x90, 0xf7, 0xea, 0xa5,
-  0x02, 0x33, 0x8e, 0x01, 0xe3, 0xfa, 0x70, 0x82,
-  0xe5, 0xe7, 0x67, 0x8b, 0x96, 0x20, 0x13, 0x2e,
-  0x65, 0x86, 0xab, 0x28, 0xc8, 0x1b, 0xfe, 0xb4,
-  0x98, 0xed, 0xa4, 0xa0, 0xee, 0xf9, 0x53, 0x74,
-  0x30, 0xac, 0x79, 0x2d, 0xf2, 0x92, 0xd0, 0x5e,
-  0x10, 0xd7, 0xb9, 0x41, 0x00, 0x0d, 0x00, 0x18,
-  0x00, 0x16, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
-  0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03,
-  0x02, 0x03, 0x05, 0x02, 0x04, 0x02, 0x02, 0x02,
-  0x00, 0x15, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
+    0x01, 0x00, 0x01, 0xfc, 0x03, 0x04, 0x77, 0x5c, 0x3a, 0xd8, 0x3f, 0x43,
+    0x63, 0x98, 0xfa, 0x68, 0xfb, 0x01, 0x39, 0xff, 0x7c, 0x1a, 0x51, 0xa7,
+    0x92, 0xda, 0x97, 0xf5, 0x15, 0x78, 0xb3, 0xbb, 0x26, 0xa7, 0xed, 0x6f,
+    0x69, 0x71, 0x00, 0x00, 0x2a, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc,
+    0xa8, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9e, 0xcc,
+    0xaa, 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x38, 0x00, 0x16, 0x00,
+    0x13, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01,
+    0x00, 0x01, 0xa9, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
+    0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+    0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
+    0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0xff, 0x02, 0x00, 0x02, 0x00,
+    0x0e, 0x00, 0x28, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04,
+    0xbf, 0x31, 0xb4, 0x29, 0x96, 0xf4, 0xe6, 0x4a, 0xe3, 0xea, 0x87, 0x05,
+    0x38, 0x0e, 0x68, 0x02, 0xbc, 0x4a, 0x5d, 0x90, 0xed, 0xe7, 0xaa, 0x8e,
+    0xb8, 0x42, 0x84, 0xaa, 0x3a, 0x4f, 0x2b, 0xe3, 0x52, 0x9a, 0x9a, 0x76,
+    0xab, 0xf8, 0x2e, 0x59, 0xea, 0xcd, 0x2b, 0x2f, 0x03, 0x18, 0xd2, 0x0c,
+    0xc9, 0x07, 0x15, 0xca, 0xe6, 0x61, 0xf7, 0x79, 0x9f, 0xfe, 0xc5, 0x10,
+    0x40, 0x9e, 0x38, 0x33, 0x01, 0x00, 0x01, 0x00, 0xd8, 0x80, 0x1f, 0x06,
+    0x9a, 0xbb, 0xf7, 0xbb, 0xd4, 0x5c, 0x75, 0x1d, 0x8e, 0x09, 0x27, 0xad,
+    0x08, 0xb8, 0x16, 0x0f, 0x4f, 0x50, 0x79, 0xe1, 0x7e, 0xd4, 0x3b, 0xc0,
+    0x57, 0xcc, 0x00, 0x5e, 0x28, 0xd8, 0xb3, 0x16, 0x7f, 0x36, 0x48, 0x75,
+    0x8d, 0x03, 0xa4, 0x71, 0x86, 0x06, 0xf0, 0xe7, 0x57, 0x47, 0x35, 0xf0,
+    0x04, 0xfb, 0xf7, 0x6c, 0x7a, 0xdd, 0x05, 0x93, 0x53, 0x16, 0x12, 0x49,
+    0xbe, 0x35, 0x67, 0x47, 0x6e, 0x3a, 0x91, 0xef, 0x50, 0x09, 0x14, 0x98,
+    0x8b, 0x83, 0xc4, 0x62, 0x77, 0xf3, 0x57, 0x53, 0x3f, 0xf4, 0x82, 0xc0,
+    0x70, 0x25, 0x19, 0x9d, 0x93, 0xe2, 0xb9, 0x7b, 0xb4, 0x83, 0x31, 0xef,
+    0xd8, 0x3b, 0xd5, 0x25, 0x70, 0x64, 0x29, 0xa2, 0xc2, 0xc5, 0x73, 0x9a,
+    0xfe, 0x27, 0xca, 0xc0, 0x55, 0x34, 0x91, 0x95, 0x05, 0xbf, 0x5e, 0x54,
+    0x4d, 0x95, 0x43, 0x3d, 0x54, 0x6a, 0x89, 0x0b, 0x5e, 0xab, 0x08, 0x7b,
+    0xf8, 0x38, 0x0a, 0x56, 0x51, 0x9d, 0xbc, 0xdd, 0x46, 0xa9, 0xfc, 0x95,
+    0xe9, 0x75, 0x1c, 0xc8, 0x18, 0x7f, 0xed, 0xa9, 0xca, 0xb6, 0x5e, 0x77,
+    0x63, 0x33, 0xb1, 0xb5, 0x68, 0xce, 0xa5, 0x98, 0xec, 0x8c, 0x34, 0x98,
+    0x1c, 0xa9, 0xa5, 0x84, 0xec, 0xe6, 0xba, 0x0b, 0x11, 0xbf, 0x40, 0xa5,
+    0xf0, 0x3c, 0xd5, 0xd3, 0xac, 0x2f, 0x46, 0xed, 0xab, 0xc0, 0xc1, 0x78,
+    0x3f, 0x18, 0x64, 0x5b, 0xff, 0x31, 0xeb, 0x74, 0x06, 0x92, 0x42, 0x1e,
+    0x90, 0xf7, 0xea, 0xa5, 0x02, 0x33, 0x8e, 0x01, 0xe3, 0xfa, 0x70, 0x82,
+    0xe5, 0xe7, 0x67, 0x8b, 0x96, 0x20, 0x13, 0x2e, 0x65, 0x86, 0xab, 0x28,
+    0xc8, 0x1b, 0xfe, 0xb4, 0x98, 0xed, 0xa4, 0xa0, 0xee, 0xf9, 0x53, 0x74,
+    0x30, 0xac, 0x79, 0x2d, 0xf2, 0x92, 0xd0, 0x5e, 0x10, 0xd7, 0xb9, 0x41,
+    0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
+    0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03, 0x05, 0x02,
+    0x04, 0x02, 0x02, 0x02, 0x00, 0x15, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 
 const static uint8_t kCannedTls13ServerHello[] = {
-  0x03, 0x04, 0xe9, 0x01, 0xa0, 0x81, 0x37, 0x97,
-  0xaa, 0x8c, 0x7e, 0x21, 0x1c, 0x66, 0x3f, 0xa4,
-  0x0f, 0x4d, 0x74, 0x7a, 0xcd, 0x4b, 0xe1, 0x7f,
-  0x37, 0x85, 0x14, 0xb5, 0x7e, 0x30, 0x15, 0x91,
-  0xdf, 0x18, 0xc0, 0x2f, 0x00, 0x49, 0x00, 0x28,
-  0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x1a,
-  0x53, 0x9b, 0x39, 0xe6, 0xda, 0x66, 0xfc, 0x8a,
-  0x75, 0x68, 0xb7, 0x73, 0xc7, 0x21, 0x1f, 0x01,
-  0x04, 0x54, 0xb4, 0x99, 0x1f, 0x0b, 0x7e, 0xea,
-  0x95, 0xec, 0x78, 0x5c, 0x37, 0x7c, 0x31, 0x56,
-  0x04, 0xc8, 0xbf, 0x79, 0x47, 0x56, 0xb9, 0x87,
-  0x06, 0xc1, 0xfc, 0x63, 0x09, 0x5d, 0xfc, 0x1a,
-  0x9e, 0x2b, 0xb9, 0xca, 0xdb, 0x0e, 0x10, 0xec,
-  0xd5, 0x95, 0x0d, 0x0a, 0x5e, 0x3c, 0xf7
-};
+    0x03, 0x04, 0xe9, 0x01, 0xa0, 0x81, 0x37, 0x97, 0xaa, 0x8c, 0x7e, 0x21,
+    0x1c, 0x66, 0x3f, 0xa4, 0x0f, 0x4d, 0x74, 0x7a, 0xcd, 0x4b, 0xe1, 0x7f,
+    0x37, 0x85, 0x14, 0xb5, 0x7e, 0x30, 0x15, 0x91, 0xdf, 0x18, 0xc0, 0x2f,
+    0x00, 0x49, 0x00, 0x28, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x1a,
+    0x53, 0x9b, 0x39, 0xe6, 0xda, 0x66, 0xfc, 0x8a, 0x75, 0x68, 0xb7, 0x73,
+    0xc7, 0x21, 0x1f, 0x01, 0x04, 0x54, 0xb4, 0x99, 0x1f, 0x0b, 0x7e, 0xea,
+    0x95, 0xec, 0x78, 0x5c, 0x37, 0x7c, 0x31, 0x56, 0x04, 0xc8, 0xbf, 0x79,
+    0x47, 0x56, 0xb9, 0x87, 0x06, 0xc1, 0xfc, 0x63, 0x09, 0x5d, 0xfc, 0x1a,
+    0x9e, 0x2b, 0xb9, 0xca, 0xdb, 0x0e, 0x10, 0xec, 0xd5, 0x95, 0x0d, 0x0a,
+    0x5e, 0x3c, 0xf7};
 
 static const char *k0RttData = "ABCDEF";
-#endif
 
 TEST_P(TlsAgentTest, EarlyFinished) {
   DataBuffer buffer;
   MakeTrivialHandshakeRecord(kTlsHandshakeFinished, 0, &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_FINISHED);
 }
 
 TEST_P(TlsAgentTest, EarlyCertificateVerify) {
   DataBuffer buffer;
   MakeTrivialHandshakeRecord(kTlsHandshakeCertificateVerify, 0, &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
 }
 
-#ifdef NSS_ENABLE_TLS_1_3
 TEST_P(TlsAgentTestClient, CannedHello) {
   DataBuffer buffer;
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
-  uint16_t wire_version = mode_ == STREAM ?
-      SSL_LIBRARY_VERSION_TLS_1_3:
-      TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  uint16_t wire_version =
+      mode_ == STREAM ? SSL_LIBRARY_VERSION_TLS_1_3
+                      : TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   server_hello_inner.Write(0, wire_version, 2);
   DataBuffer server_hello;
-  MakeHandshakeMessage(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello);
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
   MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
              server_hello.data(), server_hello.len(), &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
 }
 
 TEST_P(TlsAgentTestClient, EncryptedExtensionsInClear) {
   DataBuffer buffer;
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
-  server_hello_inner.Write(0,
-                           mode_ == STREAM ?
-                           SSL_LIBRARY_VERSION_TLS_1_3:
-                           TlsVersionToDtlsVersion(
-                               SSL_LIBRARY_VERSION_TLS_1_3),
-                           2);
+  server_hello_inner.Write(
+      0, mode_ == STREAM ? SSL_LIBRARY_VERSION_TLS_1_3
+                         : TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3),
+      2);
   DataBuffer server_hello;
-  MakeHandshakeMessage(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello);
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
   DataBuffer encrypted_extensions;
   MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
                        &encrypted_extensions, 1);
   server_hello.Append(encrypted_extensions);
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello.data(),
-             server_hello.len(), &buffer);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), server_hello.len(), &buffer);
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
 }
 
 TEST_F(TlsAgentStreamTestClient, EncryptedExtensionsInClearTwoPieces) {
   DataBuffer buffer;
   DataBuffer buffer2;
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
   server_hello_inner.Write(0, SSL_LIBRARY_VERSION_TLS_1_3, 2);
   DataBuffer server_hello;
-  MakeHandshakeMessage(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello);
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
   DataBuffer encrypted_extensions;
   MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
                        &encrypted_extensions, 1);
   server_hello.Append(encrypted_extensions);
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello.data(), 20,
-             &buffer);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), 20, &buffer);
 
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello.data() + 20,
-             server_hello.len() - 20, &buffer2);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data() + 20, server_hello.len() - 20, &buffer2);
 
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
   ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
 }
 
-
 TEST_F(TlsAgentDgramTestClient, EncryptedExtensionsInClearTwoPieces) {
   DataBuffer buffer;
   DataBuffer buffer2;
   DataBuffer server_hello_inner(kCannedTls13ServerHello,
                                 sizeof(kCannedTls13ServerHello));
   server_hello_inner.Write(
       0, TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3), 2);
   DataBuffer server_hello_frag1;
-  MakeHandshakeMessageFragment(kTlsHandshakeServerHello,
-                       server_hello_inner.data(),
-                       server_hello_inner.len(),
-                       &server_hello_frag1, 0,
-                       0, 20);
+  MakeHandshakeMessageFragment(
+      kTlsHandshakeServerHello, server_hello_inner.data(),
+      server_hello_inner.len(), &server_hello_frag1, 0, 0, 20);
   DataBuffer server_hello_frag2;
   MakeHandshakeMessageFragment(kTlsHandshakeServerHello,
-                       server_hello_inner.data() + 20,
-                       server_hello_inner.len(), &server_hello_frag2, 0,
-                       20, server_hello_inner.len() - 20);
+                               server_hello_inner.data() + 20,
+                               server_hello_inner.len(), &server_hello_frag2, 0,
+                               20, server_hello_inner.len() - 20);
   DataBuffer encrypted_extensions;
   MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
                        &encrypted_extensions, 1);
   server_hello_frag2.Append(encrypted_extensions);
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello_frag1.data(), server_hello_frag1.len(),
-             &buffer);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag1.data(), server_hello_frag1.len(), &buffer);
 
-  MakeRecord(kTlsHandshakeType,
-             SSL_LIBRARY_VERSION_TLS_1_3,
-             server_hello_frag2.data(), server_hello_frag2.len(),
-             &buffer2, 1);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag2.data(), server_hello_frag2.len(), &buffer2, 1);
 
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
   ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
 }
@@ -251,62 +200,55 @@ TEST_F(TlsAgentStreamTestClient, Set0Rtt
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   agent_->StartConnect();
   agent_->Set0RttEnabled(true);
   auto filter =
       new TlsInspectorRecordHandshakeMessage(kTlsHandshakeClientHello);
   agent_->SetPacketFilter(filter);
-  PRInt32 rv = PR_Write(agent_->ssl_fd(),
-                        k0RttData, strlen(k0RttData));
+  PRInt32 rv = PR_Write(agent_->ssl_fd(), k0RttData, strlen(k0RttData));
   EXPECT_EQ(-1, rv);
   int32_t err = PORT_GetError();
   EXPECT_EQ(PR_WOULD_BLOCK_ERROR, err);
   EXPECT_LT(0UL, filter->buffer().len());
 }
 
 TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenRead) {
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   agent_->StartConnect();
   agent_->Set0RttEnabled(true);
   DataBuffer buffer;
   MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
-             reinterpret_cast<const uint8_t *>(k0RttData),
-             strlen(k0RttData), &buffer);
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
 }
 
 // The server is allowing 0-RTT but the client doesn't offer it,
 // so trial decryption isn't engaged and 0-RTT messages cause
 // an error.
 TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
   EnsureInit();
   agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                           SSL_LIBRARY_VERSION_TLS_1_3);
   agent_->StartConnect();
   agent_->Set0RttEnabled(true);
   DataBuffer buffer;
   MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
-             kCannedTls13ClientHello, sizeof(kCannedTls13ClientHello),
-             &buffer);
+             kCannedTls13ClientHello, sizeof(kCannedTls13ClientHello), &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
   MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
-             reinterpret_cast<const uint8_t *>(k0RttData),
-             strlen(k0RttData), &buffer);
-  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
-                 SSL_ERROR_BAD_MAC_READ);
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR, SSL_ERROR_BAD_MAC_READ);
 }
 
-#endif
-
-INSTANTIATE_TEST_CASE_P(AgentTests, TlsAgentTest,
-                        ::testing::Combine(
-                             TlsAgentTestBase::kTlsRolesAll,
-                             TlsConnectTestBase::kTlsModesStream));
-#ifdef NSS_ENABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(
+    AgentTests, TlsAgentTest,
+    ::testing::Combine(TlsAgentTestBase::kTlsRolesAll,
+                       TlsConnectTestBase::kTlsModesStream));
 INSTANTIATE_TEST_CASE_P(ClientTests, TlsAgentTestClient,
                         TlsConnectTestBase::kTlsModesAll);
-#endif
-} // namespace nss_test
+}  // namespace nss_test
--- a/security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
@@ -1,32 +1,38 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include "ssl.h"
 #include "secerr.h"
-#include "ssl.h"
 #include "sslerr.h"
 #include "sslproto.h"
 
 extern "C" {
 // This is not something that should make you happy.
 #include "libssl_internals.h"
 }
 
+#include "gtest_utils.h"
 #include "scoped_ptrs.h"
-#include "tls_parser.h"
+#include "tls_connect.h"
 #include "tls_filter.h"
-#include "tls_connect.h"
-#include "gtest_utils.h"
+#include "tls_parser.h"
 
 namespace nss_test {
 
+TEST_P(TlsConnectGeneric, ServerAuthBigRsa) {
+  Reset(TlsAgent::kRsa2048);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
 TEST_P(TlsConnectGeneric, ClientAuth) {
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
 }
 
 // In TLS 1.3, the client sends its cert rejection on the
@@ -40,133 +46,222 @@ TEST_P(TlsConnectStream, DISABLED_Client
 }
 
 TEST_P(TlsConnectGeneric, ClientAuthRequestedRejected) {
   server_->RequestClientAuth(false);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
 }
 
-
 TEST_P(TlsConnectGeneric, ClientAuthEcdsa) {
-  Reset(TlsAgent::kServerEcdsa);
+  Reset(TlsAgent::kServerEcdsa256);
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
+TEST_P(TlsConnectGeneric, ClientAuthBigRsa) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+// Offset is the position in the captured buffer where the signature sits.
+static void CheckSigAlgs(TlsInspectorRecordHandshakeMessage* capture,
+                         size_t offset, TlsAgent* peer,
+                         SSLHashType expected_hash, size_t expected_size) {
+  EXPECT_LT(offset + 2U, capture->buffer().len());
+  EXPECT_EQ(expected_hash, capture->buffer().data()[offset]);
+  EXPECT_EQ(ssl_sign_rsa, capture->buffer().data()[offset + 1]);
+
+  ScopedCERTCertificate remote_cert(SSL_PeerCertificate(peer->ssl_fd()));
+  ScopedSECKEYPublicKey remote_key(CERT_ExtractPublicKey(remote_cert.get()));
+  EXPECT_EQ(expected_size, SECKEY_PublicKeyStrengthInBits(remote_key.get()));
+}
+
+// The server should prefer SHA-256 by default, even for the small key size used
+// in the default certificate.
+TEST_P(TlsConnectTls12, ServerAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_ske =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(capture_ske);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  const DataBuffer& buffer = capture_ske->buffer();
+  EXPECT_LT(3U, buffer.len());
+  EXPECT_EQ(3U, buffer.data()[0]) << "curve_type == named_curve";
+  uint32_t tmp;
+  EXPECT_TRUE(buffer.Read(1, 2, &tmp)) << "read NamedCurve";
+  EXPECT_EQ(ssl_grp_ec_secp256r1, tmp);
+  EXPECT_TRUE(buffer.Read(3, 1, &tmp)) << " read ECPoint";
+  CheckSigAlgs(capture_ske, 4 + tmp, client_, ssl_hash_sha256, 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_cert_verify =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  CheckSigAlgs(capture_cert_verify, 0, server_, ssl_hash_sha1, 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthBigRsaCheckSigAlg) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  auto capture_cert_verify =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  CheckSigAlgs(capture_cert_verify, 0, server_, ssl_hash_sha256, 2048);
+}
+
 static const SSLSignatureAndHashAlg SignatureEcdsaSha384[] = {
-  {ssl_hash_sha384, ssl_sign_ecdsa}
-};
+    {ssl_hash_sha384, ssl_sign_ecdsa}};
 static const SSLSignatureAndHashAlg SignatureEcdsaSha256[] = {
-  {ssl_hash_sha256, ssl_sign_ecdsa}
-};
+    {ssl_hash_sha256, ssl_sign_ecdsa}};
 static const SSLSignatureAndHashAlg SignatureRsaSha384[] = {
-  {ssl_hash_sha384, ssl_sign_rsa}
-};
+    {ssl_hash_sha384, ssl_sign_rsa}};
 static const SSLSignatureAndHashAlg SignatureRsaSha256[] = {
-  {ssl_hash_sha256, ssl_sign_rsa}
-};
+    {ssl_hash_sha256, ssl_sign_rsa}};
 
 // When signature algorithms match up, this should connect successfully; even
 // for TLS 1.1 and 1.0, where they should be ignored.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmServerAuth) {
+  Reset(TlsAgent::kServerEcdsa384);
   client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
   server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  Reset(TlsAgent::kServerEcdsa);
   Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
 // Here the client picks a single option, which should work in all versions.
 // Defaults on the server include the first option.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) {
   const SSLSignatureAndHashAlg clientAlgorithms[] = {
-    {ssl_hash_sha384, ssl_sign_ecdsa},
-    {ssl_hash_sha384, ssl_sign_rsa}, // supported but unusable
-    {ssl_hash_md5, ssl_sign_ecdsa} // unsupported and ignored
+      {ssl_hash_sha384, ssl_sign_ecdsa},
+      {ssl_hash_sha384, ssl_sign_rsa},  // supported but unusable
+      {ssl_hash_md5, ssl_sign_ecdsa}    // unsupported and ignored
   };
+  Reset(TlsAgent::kServerEcdsa384);
   client_->SetSignatureAlgorithms(clientAlgorithms,
                                   PR_ARRAY_SIZE(clientAlgorithms));
-  Reset(TlsAgent::kServerEcdsa);
   Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
 // Here the server picks a single option, which should work in all versions.
 // Defaults on the client include the provided option.
 TEST_P(TlsConnectGeneric, SignatureAlgorithmServerOnly) {
+  Reset(TlsAgent::kServerEcdsa384);
   server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
-  Reset(TlsAgent::kServerEcdsa);
   Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+// In TlS 1.2, a P-256 cert can be used with SHA-384.
+TEST_P(TlsConnectTls12, SignatureSchemeCurveMismatch12) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
 }
 
-// There is no need for overlap on signatures; since we don't actually use the
-// signatures for static RSA, this should still connect successfully.
-// This should also work in TLS 1.0 and 1.1 where the algorithms aren't used.
+#ifdef NSS_ENABLE_TLS_1_3
+TEST_P(TlsConnectTls13, SignatureAlgorithmServerUnsupported) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
+  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectTls13, SignatureAlgorithmClientUnsupported) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+#endif
+
+// Where there is no overlap on signature schemes, we still connect successfully
+// if we aren't going to use a signature.
 TEST_P(TlsConnectGenericPre13, SignatureAlgorithmNoOverlapStaticRsa) {
   client_->SetSignatureAlgorithms(SignatureRsaSha384,
                                   PR_ARRAY_SIZE(SignatureRsaSha384));
   server_->SetSignatureAlgorithms(SignatureRsaSha256,
                                   PR_ARRAY_SIZE(SignatureRsaSha256));
   EnableOnlyStaticRsaCiphers();
   Connect();
   CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt);
 }
 
-// TODO(ekr@rtfm.com): We need to enable this for 1.3 when we fix
-// bug 1287267.
-TEST_P(TlsConnectTls12, SignatureAlgorithmNoOverlapEcdsa) {
-  Reset(TlsAgent::kServerEcdsa);
+TEST_P(TlsConnectTls12Plus, SignatureAlgorithmNoOverlapEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
   client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
   server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha256));
   ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
 }
 
 // Pre 1.2, a mismatch on signature algorithms shouldn't affect anything.
 TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) {
-  Reset(TlsAgent::kServerEcdsa);
+  Reset(TlsAgent::kServerEcdsa256);
   client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha384));
   server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
                                   PR_ARRAY_SIZE(SignatureEcdsaSha256));
   Connect();
 }
 
 TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
   server_->SetSignatureAlgorithms(SignatureRsaSha384,
                                   PR_ARRAY_SIZE(SignatureRsaSha384));
   server_->RequestClientAuth(false);
   Connect();
 }
 
 class BeforeFinished : public TlsRecordFilter {
  private:
-  enum HandshakeState {
-    BEFORE_CCS,
-    AFTER_CCS,
-    DONE
-  };
+  enum HandshakeState { BEFORE_CCS, AFTER_CCS, DONE };
 
  public:
-  BeforeFinished(TlsAgent* client, TlsAgent* server,
-                 VoidFunction before_ccs, VoidFunction before_finished)
+  BeforeFinished(TlsAgent* client, TlsAgent* server, VoidFunction before_ccs,
+                 VoidFunction before_finished)
       : client_(client),
         server_(server),
         before_ccs_(before_ccs),
         before_finished_(before_finished),
         state_(BEFORE_CCS) {}
 
  protected:
-  virtual PacketFilter::Action FilterRecord(
-      const RecordHeader& header, const DataBuffer& body, DataBuffer* out) {
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& body,
+                                            DataBuffer* out) {
     switch (state_) {
       case BEFORE_CCS:
         // Awaken when we see the CCS.
         if (header.content_type() == kTlsChangeCipherSpecType) {
           before_ccs_();
 
           // Write the CCS out as a separate write, so that we can make
           // progress. Ordinarily, libssl sends the CCS and Finished together,
@@ -218,123 +313,206 @@ class BeforeFinished13 : public PacketFi
   enum HandshakeState {
     INIT,
     BEFORE_FIRST_FRAGMENT,
     BEFORE_SECOND_FRAGMENT,
     DONE
   };
 
  public:
-  BeforeFinished13(TlsAgent* client, TlsAgent *server,
+  BeforeFinished13(TlsAgent* client, TlsAgent* server,
                    VoidFunction before_finished)
       : client_(client),
         server_(server),
         before_finished_(before_finished),
         records_(0) {}
 
  protected:
   virtual PacketFilter::Action Filter(const DataBuffer& input,
                                       DataBuffer* output) {
     switch (++records_) {
       case 1:
         // Packet 1 is the server's entire first flight.  Drop it.
         EXPECT_EQ(SECSuccess,
                   SSLInt_SetMTU(server_->ssl_fd(), input.len() - 1));
         return DROP;
 
-        // Packet 2 is the first part of the server's retransmitted first
-        // flight.  Keep that.
+      // Packet 2 is the first part of the server's retransmitted first
+      // flight.  Keep that.
 
       case 3:
         // Packet 3 is the second part of the server's retransmitted first
         // flight.  Before passing that on, make sure that the client processes
         // packet 2, then call the before_finished_() callback.
         client_->Handshake();
         before_finished_();
         break;
 
       default:
         break;
     }
     return KEEP;
   }
 
  private:
-  TlsAgent *client_;
-  TlsAgent *server_;
+  TlsAgent* client_;
+  TlsAgent* server_;
   VoidFunction before_finished_;
   size_t records_;
 };
 
-#ifdef NSS_ENABLE_TLS_1_3
 // This test uses an AuthCertificateCallback that blocks.  A filter is used to
 // split the server's first flight into two pieces.  Before the second piece is
 // processed by the client, SSL_AuthCertificateComplete() is called.
 TEST_F(TlsConnectDatagram13, AuthCompleteBeforeFinished) {
   client_->SetAuthCertificateCallback(
-      [](TlsAgent&, PRBool, PRBool) -> SECStatus {
-        return SECWouldBlock;
-      });
+      [](TlsAgent*, PRBool, PRBool) -> SECStatus { return SECWouldBlock; });
   server_->SetPacketFilter(new BeforeFinished13(client_, server_, [this]() {
-        EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
-      }));
+    EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+  }));
   Connect();
 }
 
-static void TriggerAuthComplete(PollTarget *target, Event event) {
+static void TriggerAuthComplete(PollTarget* target, Event event) {
   std::cerr << "client: call SSL_AuthCertificateComplete" << std::endl;
   EXPECT_EQ(TIMER_EVENT, event);
   TlsAgent* client = static_cast<TlsAgent*>(target);
   EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client->ssl_fd(), 0));
 }
 
 // This test uses a simple AuthCertificateCallback.  Due to the way that the
 // entire server flight is processed, the call to SSL_AuthCertificateComplete
 // will trigger after the Finished message is processed.
 TEST_F(TlsConnectDatagram13, AuthCompleteAfterFinished) {
   client_->SetAuthCertificateCallback(
-      [this](TlsAgent&, PRBool, PRBool) -> SECStatus {
-        Poller::Timer *timer_handle;
+      [this](TlsAgent*, PRBool, PRBool) -> SECStatus {
+        Poller::Timer* timer_handle;
         // This is really just to unroll the stack.
         Poller::Instance()->SetTimer(1U, client_, TriggerAuthComplete,
                                      &timer_handle);
         return SECWouldBlock;
       });
   Connect();
 }
-#endif
 
 TEST_P(TlsConnectGenericPre13, ClientWriteBetweenCCSAndFinishedWithFalseStart) {
   client_->EnableFalseStart();
-  server_->SetPacketFilter(new BeforeFinished(client_, server_, [this]() {
-        EXPECT_TRUE(client_->can_falsestart_hook_called());
-      }, [this]() {
+  server_->SetPacketFilter(new BeforeFinished(
+      client_, server_,
+      [this]() { EXPECT_TRUE(client_->can_falsestart_hook_called()); },
+      [this]() {
         // Write something, which used to fail: bug 1235366.
         client_->SendData(10);
       }));
 
   Connect();
   server_->SendData(10);
   Receive(10);
 }
 
 TEST_P(TlsConnectGenericPre13, AuthCompleteBeforeFinishedWithFalseStart) {
   client_->EnableFalseStart();
   client_->SetAuthCertificateCallback(
-      [](TlsAgent&, PRBool, PRBool) -> SECStatus {
-        return SECWouldBlock;
-      });
-  server_->SetPacketFilter(new BeforeFinished(client_, server_, []() {
+      [](TlsAgent*, PRBool, PRBool) -> SECStatus { return SECWouldBlock; });
+  server_->SetPacketFilter(new BeforeFinished(
+      client_, server_,
+      []() {
         // Do nothing before CCS
-      }, [this]() {
+      },
+      [this]() {
         EXPECT_FALSE(client_->can_falsestart_hook_called());
         // AuthComplete before Finished still enables false start.
-        EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+        EXPECT_EQ(SECSuccess,
+                  SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
         EXPECT_TRUE(client_->can_falsestart_hook_called());
         client_->SendData(10);
       }));
 
   Connect();
   server_->SendData(10);
   Receive(10);
 }
 
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Decrypt = {
+    ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Sign = {
+    ssl_auth_rsa_sign, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPss = {
+    ssl_auth_rsa_pss, nullptr, nullptr, nullptr};
+
+// Test RSA cert with usage=[signature, encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1SignAndKEX) {
+  Reset(TlsAgent::kServerRsa);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign, rsa_pss, or rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPss));
 }
+
+// Test RSA cert with usage=[signature].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1Sign) {
+  Reset(TlsAgent::kServerRsaSign);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_sign or rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPss));
+}
+
+// Test RSA cert with usage=[encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1KEX) {
+  Reset(TlsAgent::kServerRsaDecrypt);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_pss should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPss));
+
+  // Configuring for only rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+}
+
+// Test configuring an RSA-PSS cert.
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPss) {
+  Reset(TlsAgent::kServerRsaPss);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                       &ServerCertDataRsaPss));
+}
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
@@ -0,0 +1,214 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// Tests for Certificate Transparency (RFC 6962)
+// These don't work with TLS 1.3: see bug 1252745.
+
+// Helper class - stores signed certificate timestamps as provided
+// by the relevant callbacks on the client.
+class SignedCertificateTimestampsExtractor {
+ public:
+  SignedCertificateTimestampsExtractor(TlsAgent* client) {
+    client->SetAuthCertificateCallback(
+        [&](TlsAgent* agent, bool checksig, bool isServer) -> SECStatus {
+          const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+          EXPECT_TRUE(scts);
+          if (!scts) {
+            return SECFailure;
+          }
+          auth_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+          return SECSuccess;
+        });
+    client->SetHandshakeCallback([&](TlsAgent* agent) {
+      const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+      ASSERT_TRUE(scts);
+      handshake_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+    });
+  }
+
+  void assertTimestamps(const DataBuffer& timestamps) {
+    EXPECT_TRUE(auth_timestamps_);
+    EXPECT_EQ(timestamps, *auth_timestamps_);
+
+    EXPECT_TRUE(handshake_timestamps_);
+    EXPECT_EQ(timestamps, *handshake_timestamps_);
+  }
+
+ private:
+  std::unique_ptr<DataBuffer> auth_timestamps_;
+  std::unique_ptr<DataBuffer> handshake_timestamps_;
+};
+
+static const uint8_t kSctValue[] = {0x01, 0x23, 0x45, 0x67, 0x89};
+static const SECItem kSctItem = {siBuffer, const_cast<uint8_t*>(kSctValue),
+                                 sizeof(kSctValue)};
+static const DataBuffer kSctBuffer(kSctValue, sizeof(kSctValue));
+
+// Test timestamps extraction during a successful handshake.
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsHandshake) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+                                                    &kSctItem, ssl_kea_rsa));
+  EXPECT_EQ(SECSuccess,