Bug 1305970 - land NSS 0x0cccc59d04dd, r=me
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Wed, 02 Nov 2016 10:29:58 +0100
changeset 320628 214a61dbd0397b702fc1d0243ae6a4cca7635a97
parent 320627 03ccd2a9b30cddc081644cdaa9204a64a575115e
child 320629 4135fed00f09d87196f3b1382285b900615faf17
push id30902
push userphilringnalda@gmail.com
push dateThu, 03 Nov 2016 02:30:31 +0000
treeherdermozilla-central@ade8d4a63e57 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1305970
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1305970 - land NSS 0x0cccc59d04dd, r=me
security/nss/Makefile
security/nss/TAG-INFO
security/nss/automation/taskcluster/graph/src/extend.js
security/nss/automation/taskcluster/graph/src/try_syntax.js
security/nss/automation/taskcluster/scripts/build_gyp.sh
security/nss/automation/taskcluster/scripts/run_clang_format.sh
security/nss/automation/taskcluster/scripts/run_scan_build.sh
security/nss/automation/travis/validate-formatting.sh
security/nss/build.sh
security/nss/cmd/lib/basicutil.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/coreconf/config.gypi
security/nss/coreconf/coreconf.dep
security/nss/external_tests/.clang-format
security/nss/external_tests/Makefile
security/nss/external_tests/README
security/nss/external_tests/common/Makefile
security/nss/external_tests/common/common.gyp
security/nss/external_tests/common/gtest.gypi
security/nss/external_tests/common/gtest.mk
security/nss/external_tests/common/gtests.cc
security/nss/external_tests/common/manifest.mn
security/nss/external_tests/common/scoped_ptrs.h
security/nss/external_tests/der_gtest/Makefile
security/nss/external_tests/der_gtest/der_getint_unittest.cc
security/nss/external_tests/der_gtest/der_gtest.gyp
security/nss/external_tests/der_gtest/der_private_key_import_unittest.cc
security/nss/external_tests/der_gtest/manifest.mn
security/nss/external_tests/google_test/Makefile
security/nss/external_tests/google_test/google_test.gyp
security/nss/external_tests/google_test/gtest/CHANGES
security/nss/external_tests/google_test/gtest/CMakeLists.txt
security/nss/external_tests/google_test/gtest/CONTRIBUTORS
security/nss/external_tests/google_test/gtest/LICENSE
security/nss/external_tests/google_test/gtest/Makefile.am
security/nss/external_tests/google_test/gtest/README
security/nss/external_tests/google_test/gtest/build-aux/.keep
security/nss/external_tests/google_test/gtest/cmake/internal_utils.cmake
security/nss/external_tests/google_test/gtest/codegear/gtest.cbproj
security/nss/external_tests/google_test/gtest/codegear/gtest.groupproj
security/nss/external_tests/google_test/gtest/codegear/gtest_all.cc
security/nss/external_tests/google_test/gtest/codegear/gtest_link.cc
security/nss/external_tests/google_test/gtest/codegear/gtest_main.cbproj
security/nss/external_tests/google_test/gtest/codegear/gtest_unittest.cbproj
security/nss/external_tests/google_test/gtest/configure.ac
security/nss/external_tests/google_test/gtest/include/gtest/gtest-death-test.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest-message.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h.pump
security/nss/external_tests/google_test/gtest/include/gtest/gtest-printers.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest-spi.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest-test-part.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest-typed-test.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest_pred_impl.h
security/nss/external_tests/google_test/gtest/include/gtest/gtest_prod.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-filepath.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-port.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-string.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h
security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
security/nss/external_tests/google_test/gtest/m4/acx_pthread.m4
security/nss/external_tests/google_test/gtest/m4/gtest.m4
security/nss/external_tests/google_test/gtest/make/Makefile
security/nss/external_tests/google_test/gtest/msvc/gtest-md.sln
security/nss/external_tests/google_test/gtest/msvc/gtest-md.vcproj
security/nss/external_tests/google_test/gtest/msvc/gtest.sln
security/nss/external_tests/google_test/gtest/msvc/gtest.vcproj
security/nss/external_tests/google_test/gtest/msvc/gtest_main-md.vcproj
security/nss/external_tests/google_test/gtest/msvc/gtest_main.vcproj
security/nss/external_tests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
security/nss/external_tests/google_test/gtest/msvc/gtest_prod_test.vcproj
security/nss/external_tests/google_test/gtest/msvc/gtest_unittest-md.vcproj
security/nss/external_tests/google_test/gtest/msvc/gtest_unittest.vcproj
security/nss/external_tests/google_test/gtest/samples/prime_tables.h
security/nss/external_tests/google_test/gtest/samples/sample1.cc
security/nss/external_tests/google_test/gtest/samples/sample1.h
security/nss/external_tests/google_test/gtest/samples/sample10_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample1_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample2.cc
security/nss/external_tests/google_test/gtest/samples/sample2.h
security/nss/external_tests/google_test/gtest/samples/sample2_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample3-inl.h
security/nss/external_tests/google_test/gtest/samples/sample3_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample4.cc
security/nss/external_tests/google_test/gtest/samples/sample4.h
security/nss/external_tests/google_test/gtest/samples/sample4_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample5_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample6_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample7_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample8_unittest.cc
security/nss/external_tests/google_test/gtest/samples/sample9_unittest.cc
security/nss/external_tests/google_test/gtest/scripts/common.py
security/nss/external_tests/google_test/gtest/scripts/fuse_gtest_files.py
security/nss/external_tests/google_test/gtest/scripts/gen_gtest_pred_impl.py
security/nss/external_tests/google_test/gtest/scripts/gtest-config.in
security/nss/external_tests/google_test/gtest/scripts/pump.py
security/nss/external_tests/google_test/gtest/scripts/release_docs.py
security/nss/external_tests/google_test/gtest/scripts/test/Makefile
security/nss/external_tests/google_test/gtest/scripts/upload.py
security/nss/external_tests/google_test/gtest/scripts/upload_gtest.py
security/nss/external_tests/google_test/gtest/src/gtest-all.cc
security/nss/external_tests/google_test/gtest/src/gtest-death-test.cc
security/nss/external_tests/google_test/gtest/src/gtest-filepath.cc
security/nss/external_tests/google_test/gtest/src/gtest-internal-inl.h
security/nss/external_tests/google_test/gtest/src/gtest-port.cc
security/nss/external_tests/google_test/gtest/src/gtest-printers.cc
security/nss/external_tests/google_test/gtest/src/gtest-test-part.cc
security/nss/external_tests/google_test/gtest/src/gtest-typed-test.cc
security/nss/external_tests/google_test/gtest/src/gtest.cc
security/nss/external_tests/google_test/gtest/src/gtest_main.cc
security/nss/external_tests/google_test/gtest/test/gtest-death-test_ex_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-death-test_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-filepath_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-linked_ptr_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-listener_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-message_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-options_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-param-test2_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-param-test_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-param-test_test.h
security/nss/external_tests/google_test/gtest/test/gtest-port_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-printers_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-test-part_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-tuple_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-typed-test2_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.cc
security/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.h
security/nss/external_tests/google_test/gtest/test/gtest-unittest-api_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_all_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest.py
security/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
security/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test.py
security/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_color_test.py
security/nss/external_tests/google_test/gtest/test/gtest_color_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_env_var_test.py
security/nss/external_tests/google_test/gtest/test/gtest_env_var_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_environment_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_filter_unittest.py
security/nss/external_tests/google_test/gtest/test/gtest_filter_unittest_.cc
security/nss/external_tests/google_test/gtest/test/gtest_help_test.py
security/nss/external_tests/google_test/gtest/test/gtest_help_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest.py
security/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest_.cc
security/nss/external_tests/google_test/gtest/test/gtest_main_unittest.cc
security/nss/external_tests/google_test/gtest/test/gtest_no_test_unittest.cc
security/nss/external_tests/google_test/gtest/test/gtest_output_test.py
security/nss/external_tests/google_test/gtest/test/gtest_output_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_output_test_golden_lin.txt
security/nss/external_tests/google_test/gtest/test/gtest_pred_impl_unittest.cc
security/nss/external_tests/google_test/gtest/test/gtest_premature_exit_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_prod_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_repeat_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_shuffle_test.py
security/nss/external_tests/google_test/gtest/test/gtest_shuffle_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_sole_header_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_stress_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_test_utils.py
security/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
security/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test.py
security/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test.py
security/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_unittest.cc
security/nss/external_tests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
security/nss/external_tests/google_test/gtest/test/gtest_xml_outfiles_test.py
security/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest.py
security/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest_.cc
security/nss/external_tests/google_test/gtest/test/gtest_xml_test_utils.py
security/nss/external_tests/google_test/gtest/test/production.cc
security/nss/external_tests/google_test/gtest/test/production.h
security/nss/external_tests/google_test/gtest/xcode/Config/DebugProject.xcconfig
security/nss/external_tests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
security/nss/external_tests/google_test/gtest/xcode/Config/General.xcconfig
security/nss/external_tests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
security/nss/external_tests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
security/nss/external_tests/google_test/gtest/xcode/Config/TestTarget.xcconfig
security/nss/external_tests/google_test/gtest/xcode/Resources/Info.plist
security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
security/nss/external_tests/google_test/gtest/xcode/Scripts/runtests.sh
security/nss/external_tests/google_test/gtest/xcode/Scripts/versiongenerate.py
security/nss/external_tests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
security/nss/external_tests/google_test/manifest.mn
security/nss/external_tests/manifest.mn
security/nss/external_tests/nss_bogo_shim/Makefile
security/nss/external_tests/nss_bogo_shim/config.cc
security/nss/external_tests/nss_bogo_shim/config.h
security/nss/external_tests/nss_bogo_shim/config.json
security/nss/external_tests/nss_bogo_shim/manifest.mn
security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.gyp
security/nss/external_tests/nss_bogo_shim/nsskeys.cc
security/nss/external_tests/nss_bogo_shim/nsskeys.h
security/nss/external_tests/pk11_gtest/Makefile
security/nss/external_tests/pk11_gtest/manifest.mn
security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_export_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_gtest.gyp
security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
security/nss/external_tests/ssl_gtest/Makefile
security/nss/external_tests/ssl_gtest/databuffer.h
security/nss/external_tests/ssl_gtest/gtest_utils.h
security/nss/external_tests/ssl_gtest/libssl_internals.c
security/nss/external_tests/ssl_gtest/libssl_internals.h
security/nss/external_tests/ssl_gtest/manifest.mn
security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_damage_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_drop_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_ems_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_gtest.cc
security/nss/external_tests/ssl_gtest/ssl_gtest.gyp
security/nss/external_tests/ssl_gtest/ssl_hrr_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_record_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
security/nss/external_tests/ssl_gtest/test_io.cc
security/nss/external_tests/ssl_gtest/test_io.h
security/nss/external_tests/ssl_gtest/tls_agent.cc
security/nss/external_tests/ssl_gtest/tls_agent.h
security/nss/external_tests/ssl_gtest/tls_connect.cc
security/nss/external_tests/ssl_gtest/tls_connect.h
security/nss/external_tests/ssl_gtest/tls_filter.cc
security/nss/external_tests/ssl_gtest/tls_filter.h
security/nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc
security/nss/external_tests/ssl_gtest/tls_parser.cc
security/nss/external_tests/ssl_gtest/tls_parser.h
security/nss/external_tests/util_gtest/Makefile
security/nss/external_tests/util_gtest/manifest.mn
security/nss/external_tests/util_gtest/util_gtest.gyp
security/nss/external_tests/util_gtest/util_utf8_unittest.cc
security/nss/fuzz/nssfuzz/registry.h
security/nss/fuzz/nssfuzz/shared.h
security/nss/fuzz/warning.txt
security/nss/gtests/.clang-format
security/nss/gtests/Makefile
security/nss/gtests/README
security/nss/gtests/common/Makefile
security/nss/gtests/common/common.gyp
security/nss/gtests/common/gtest.gypi
security/nss/gtests/common/gtest.mk
security/nss/gtests/common/gtests.cc
security/nss/gtests/common/manifest.mn
security/nss/gtests/common/scoped_ptrs.h
security/nss/gtests/der_gtest/Makefile
security/nss/gtests/der_gtest/der_getint_unittest.cc
security/nss/gtests/der_gtest/der_gtest.gyp
security/nss/gtests/der_gtest/der_private_key_import_unittest.cc
security/nss/gtests/der_gtest/manifest.mn
security/nss/gtests/google_test/Makefile
security/nss/gtests/google_test/google_test.gyp
security/nss/gtests/google_test/gtest/CHANGES
security/nss/gtests/google_test/gtest/CMakeLists.txt
security/nss/gtests/google_test/gtest/CONTRIBUTORS
security/nss/gtests/google_test/gtest/LICENSE
security/nss/gtests/google_test/gtest/Makefile.am
security/nss/gtests/google_test/gtest/README
security/nss/gtests/google_test/gtest/build-aux/.keep
security/nss/gtests/google_test/gtest/cmake/internal_utils.cmake
security/nss/gtests/google_test/gtest/codegear/gtest.cbproj
security/nss/gtests/google_test/gtest/codegear/gtest.groupproj
security/nss/gtests/google_test/gtest/codegear/gtest_all.cc
security/nss/gtests/google_test/gtest/codegear/gtest_link.cc
security/nss/gtests/google_test/gtest/codegear/gtest_main.cbproj
security/nss/gtests/google_test/gtest/codegear/gtest_unittest.cbproj
security/nss/gtests/google_test/gtest/configure.ac
security/nss/gtests/google_test/gtest/include/gtest/gtest-death-test.h
security/nss/gtests/google_test/gtest/include/gtest/gtest-message.h
security/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h
security/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h.pump
security/nss/gtests/google_test/gtest/include/gtest/gtest-printers.h
security/nss/gtests/google_test/gtest/include/gtest/gtest-spi.h
security/nss/gtests/google_test/gtest/include/gtest/gtest-test-part.h
security/nss/gtests/google_test/gtest/include/gtest/gtest-typed-test.h
security/nss/gtests/google_test/gtest/include/gtest/gtest.h
security/nss/gtests/google_test/gtest/include/gtest/gtest_pred_impl.h
security/nss/gtests/google_test/gtest/include/gtest/gtest_prod.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-filepath.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-internal.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-port.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-string.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h
security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
security/nss/gtests/google_test/gtest/m4/acx_pthread.m4
security/nss/gtests/google_test/gtest/m4/gtest.m4
security/nss/gtests/google_test/gtest/make/Makefile
security/nss/gtests/google_test/gtest/msvc/gtest-md.sln
security/nss/gtests/google_test/gtest/msvc/gtest-md.vcproj
security/nss/gtests/google_test/gtest/msvc/gtest.sln
security/nss/gtests/google_test/gtest/msvc/gtest.vcproj
security/nss/gtests/google_test/gtest/msvc/gtest_main-md.vcproj
security/nss/gtests/google_test/gtest/msvc/gtest_main.vcproj
security/nss/gtests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
security/nss/gtests/google_test/gtest/msvc/gtest_prod_test.vcproj
security/nss/gtests/google_test/gtest/msvc/gtest_unittest-md.vcproj
security/nss/gtests/google_test/gtest/msvc/gtest_unittest.vcproj
security/nss/gtests/google_test/gtest/samples/prime_tables.h
security/nss/gtests/google_test/gtest/samples/sample1.cc
security/nss/gtests/google_test/gtest/samples/sample1.h
security/nss/gtests/google_test/gtest/samples/sample10_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample1_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample2.cc
security/nss/gtests/google_test/gtest/samples/sample2.h
security/nss/gtests/google_test/gtest/samples/sample2_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample3-inl.h
security/nss/gtests/google_test/gtest/samples/sample3_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample4.cc
security/nss/gtests/google_test/gtest/samples/sample4.h
security/nss/gtests/google_test/gtest/samples/sample4_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample5_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample6_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample7_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample8_unittest.cc
security/nss/gtests/google_test/gtest/samples/sample9_unittest.cc
security/nss/gtests/google_test/gtest/scripts/common.py
security/nss/gtests/google_test/gtest/scripts/fuse_gtest_files.py
security/nss/gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py
security/nss/gtests/google_test/gtest/scripts/gtest-config.in
security/nss/gtests/google_test/gtest/scripts/pump.py
security/nss/gtests/google_test/gtest/scripts/release_docs.py
security/nss/gtests/google_test/gtest/scripts/test/Makefile
security/nss/gtests/google_test/gtest/scripts/upload.py
security/nss/gtests/google_test/gtest/scripts/upload_gtest.py
security/nss/gtests/google_test/gtest/src/gtest-all.cc
security/nss/gtests/google_test/gtest/src/gtest-death-test.cc
security/nss/gtests/google_test/gtest/src/gtest-filepath.cc
security/nss/gtests/google_test/gtest/src/gtest-internal-inl.h
security/nss/gtests/google_test/gtest/src/gtest-port.cc
security/nss/gtests/google_test/gtest/src/gtest-printers.cc
security/nss/gtests/google_test/gtest/src/gtest-test-part.cc
security/nss/gtests/google_test/gtest/src/gtest-typed-test.cc
security/nss/gtests/google_test/gtest/src/gtest.cc
security/nss/gtests/google_test/gtest/src/gtest_main.cc
security/nss/gtests/google_test/gtest/test/gtest-death-test_ex_test.cc
security/nss/gtests/google_test/gtest/test/gtest-death-test_test.cc
security/nss/gtests/google_test/gtest/test/gtest-filepath_test.cc
security/nss/gtests/google_test/gtest/test/gtest-linked_ptr_test.cc
security/nss/gtests/google_test/gtest/test/gtest-listener_test.cc
security/nss/gtests/google_test/gtest/test/gtest-message_test.cc
security/nss/gtests/google_test/gtest/test/gtest-options_test.cc
security/nss/gtests/google_test/gtest/test/gtest-param-test2_test.cc
security/nss/gtests/google_test/gtest/test/gtest-param-test_test.cc
security/nss/gtests/google_test/gtest/test/gtest-param-test_test.h
security/nss/gtests/google_test/gtest/test/gtest-port_test.cc
security/nss/gtests/google_test/gtest/test/gtest-printers_test.cc
security/nss/gtests/google_test/gtest/test/gtest-test-part_test.cc
security/nss/gtests/google_test/gtest/test/gtest-tuple_test.cc
security/nss/gtests/google_test/gtest/test/gtest-typed-test2_test.cc
security/nss/gtests/google_test/gtest/test/gtest-typed-test_test.cc
security/nss/gtests/google_test/gtest/test/gtest-typed-test_test.h
security/nss/gtests/google_test/gtest/test/gtest-unittest-api_test.cc
security/nss/gtests/google_test/gtest/test/gtest_all_test.cc
security/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest.py
security/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
security/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test.py
security/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_color_test.py
security/nss/gtests/google_test/gtest/test/gtest_color_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_env_var_test.py
security/nss/gtests/google_test/gtest/test/gtest_env_var_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_environment_test.cc
security/nss/gtests/google_test/gtest/test/gtest_filter_unittest.py
security/nss/gtests/google_test/gtest/test/gtest_filter_unittest_.cc
security/nss/gtests/google_test/gtest/test/gtest_help_test.py
security/nss/gtests/google_test/gtest/test/gtest_help_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest.py
security/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest_.cc
security/nss/gtests/google_test/gtest/test/gtest_main_unittest.cc
security/nss/gtests/google_test/gtest/test/gtest_no_test_unittest.cc
security/nss/gtests/google_test/gtest/test/gtest_output_test.py
security/nss/gtests/google_test/gtest/test/gtest_output_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_output_test_golden_lin.txt
security/nss/gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc
security/nss/gtests/google_test/gtest/test/gtest_premature_exit_test.cc
security/nss/gtests/google_test/gtest/test/gtest_prod_test.cc
security/nss/gtests/google_test/gtest/test/gtest_repeat_test.cc
security/nss/gtests/google_test/gtest/test/gtest_shuffle_test.py
security/nss/gtests/google_test/gtest/test/gtest_shuffle_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_sole_header_test.cc
security/nss/gtests/google_test/gtest/test/gtest_stress_test.cc
security/nss/gtests/google_test/gtest/test/gtest_test_utils.py
security/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
security/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test.py
security/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_uninitialized_test.py
security/nss/gtests/google_test/gtest/test/gtest_uninitialized_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_unittest.cc
security/nss/gtests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
security/nss/gtests/google_test/gtest/test/gtest_xml_outfiles_test.py
security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py
security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc
security/nss/gtests/google_test/gtest/test/gtest_xml_test_utils.py
security/nss/gtests/google_test/gtest/test/production.cc
security/nss/gtests/google_test/gtest/test/production.h
security/nss/gtests/google_test/gtest/xcode/Config/DebugProject.xcconfig
security/nss/gtests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
security/nss/gtests/google_test/gtest/xcode/Config/General.xcconfig
security/nss/gtests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
security/nss/gtests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
security/nss/gtests/google_test/gtest/xcode/Config/TestTarget.xcconfig
security/nss/gtests/google_test/gtest/xcode/Resources/Info.plist
security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
security/nss/gtests/google_test/gtest/xcode/Scripts/runtests.sh
security/nss/gtests/google_test/gtest/xcode/Scripts/versiongenerate.py
security/nss/gtests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
security/nss/gtests/google_test/manifest.mn
security/nss/gtests/manifest.mn
security/nss/gtests/nss_bogo_shim/Makefile
security/nss/gtests/nss_bogo_shim/config.cc
security/nss/gtests/nss_bogo_shim/config.h
security/nss/gtests/nss_bogo_shim/config.json
security/nss/gtests/nss_bogo_shim/manifest.mn
security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc
security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
security/nss/gtests/nss_bogo_shim/nsskeys.cc
security/nss/gtests/nss_bogo_shim/nsskeys.h
security/nss/gtests/pk11_gtest/Makefile
security/nss/gtests/pk11_gtest/manifest.mn
security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
security/nss/gtests/pk11_gtest/pk11_export_unittest.cc
security/nss/gtests/pk11_gtest/pk11_gtest.gyp
security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc
security/nss/gtests/pk11_gtest/pk11_prng_unittest.cc
security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
security/nss/gtests/ssl_gtest/Makefile
security/nss/gtests/ssl_gtest/databuffer.h
security/nss/gtests/ssl_gtest/gtest_utils.h
security/nss/gtests/ssl_gtest/libssl_internals.c
security/nss/gtests/ssl_gtest/libssl_internals.h
security/nss/gtests/ssl_gtest/manifest.mn
security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
security/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
security/nss/gtests/ssl_gtest/ssl_ems_unittest.cc
security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
security/nss/gtests/ssl_gtest/ssl_gtest.cc
security/nss/gtests/ssl_gtest/ssl_gtest.gyp
security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
security/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
security/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
security/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
security/nss/gtests/ssl_gtest/test_io.cc
security/nss/gtests/ssl_gtest/test_io.h
security/nss/gtests/ssl_gtest/tls_agent.cc
security/nss/gtests/ssl_gtest/tls_agent.h
security/nss/gtests/ssl_gtest/tls_connect.cc
security/nss/gtests/ssl_gtest/tls_connect.h
security/nss/gtests/ssl_gtest/tls_filter.cc
security/nss/gtests/ssl_gtest/tls_filter.h
security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
security/nss/gtests/ssl_gtest/tls_parser.cc
security/nss/gtests/ssl_gtest/tls_parser.h
security/nss/gtests/util_gtest/Makefile
security/nss/gtests/util_gtest/manifest.mn
security/nss/gtests/util_gtest/util_gtest.gyp
security/nss/gtests/util_gtest/util_utf8_unittest.cc
security/nss/lib/ckfw/mechanism.c
security/nss/lib/crmf/cmmfchal.c
security/nss/lib/crmf/crmfpop.c
security/nss/lib/cryptohi/seckey.c
security/nss/lib/freebl/alg2268.c
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/camellia.c
security/nss/lib/freebl/det_rng.c
security/nss/lib/freebl/det_rng.h
security/nss/lib/freebl/drbg.c
security/nss/lib/freebl/freebl.gyp
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/mpi/mpi.c
security/nss/lib/freebl/sha_fast.c
security/nss/lib/jar/jarfile.c
security/nss/lib/nss/nssinit.c
security/nss/lib/pk11wrap/debug_module.c
security/nss/lib/pk11wrap/dev3hack.c
security/nss/lib/pk11wrap/dev3hack.h
security/nss/lib/pk11wrap/pk11akey.c
security/nss/lib/pk11wrap/pk11auth.c
security/nss/lib/pk11wrap/pk11cert.c
security/nss/lib/pk11wrap/pk11cxt.c
security/nss/lib/pk11wrap/pk11err.c
security/nss/lib/pk11wrap/pk11kea.c
security/nss/lib/pk11wrap/pk11list.c
security/nss/lib/pk11wrap/pk11load.c
security/nss/lib/pk11wrap/pk11mech.c
security/nss/lib/pk11wrap/pk11merge.c
security/nss/lib/pk11wrap/pk11nobj.c
security/nss/lib/pk11wrap/pk11obj.c
security/nss/lib/pk11wrap/pk11pars.c
security/nss/lib/pk11wrap/pk11pbe.c
security/nss/lib/pk11wrap/pk11pk12.c
security/nss/lib/pk11wrap/pk11pqg.c
security/nss/lib/pk11wrap/pk11pqg.h
security/nss/lib/pk11wrap/pk11priv.h
security/nss/lib/pk11wrap/pk11pub.h
security/nss/lib/pk11wrap/pk11sdr.c
security/nss/lib/pk11wrap/pk11skey.c
security/nss/lib/pk11wrap/pk11slot.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/pk11wrap/secmod.h
security/nss/lib/pk11wrap/secmodi.h
security/nss/lib/pk11wrap/secmodt.h
security/nss/lib/pk11wrap/secmodti.h
security/nss/lib/pk11wrap/secpkcs5.h
security/nss/lib/pkcs12/p12.h
security/nss/lib/pkcs12/p12creat.c
security/nss/lib/pkcs12/p12d.c
security/nss/lib/pkcs12/p12dec.c
security/nss/lib/pkcs12/p12e.c
security/nss/lib/pkcs12/p12exp.c
security/nss/lib/pkcs12/p12local.c
security/nss/lib/pkcs12/p12local.h
security/nss/lib/pkcs12/p12plcy.c
security/nss/lib/pkcs12/p12t.h
security/nss/lib/pkcs12/p12tmpl.c
security/nss/lib/pkcs12/pkcs12.h
security/nss/lib/pkcs12/pkcs12t.h
security/nss/lib/pkcs7/certread.c
security/nss/lib/pkcs7/p7common.c
security/nss/lib/pkcs7/p7create.c
security/nss/lib/pkcs7/p7decode.c
security/nss/lib/pkcs7/p7encode.c
security/nss/lib/pkcs7/p7local.c
security/nss/lib/pkcs7/p7local.h
security/nss/lib/pkcs7/pkcs7t.h
security/nss/lib/pkcs7/secmime.c
security/nss/lib/pkcs7/secmime.h
security/nss/lib/pkcs7/secpkcs7.h
security/nss/lib/pki/asymmkey.c
security/nss/lib/pki/certdecode.c
security/nss/lib/pki/certificate.c
security/nss/lib/pki/cryptocontext.c
security/nss/lib/pki/nsspki.h
security/nss/lib/pki/nsspkit.h
security/nss/lib/pki/pki.h
security/nss/lib/pki/pki3hack.c
security/nss/lib/pki/pki3hack.h
security/nss/lib/pki/pkibase.c
security/nss/lib/pki/pkim.h
security/nss/lib/pki/pkistore.c
security/nss/lib/pki/pkistore.h
security/nss/lib/pki/pkit.h
security/nss/lib/pki/pkitm.h
security/nss/lib/pki/symmkey.c
security/nss/lib/pki/tdcache.c
security/nss/lib/pki/trustdomain.c
security/nss/lib/smime/cms.h
security/nss/lib/smime/cmsarray.c
security/nss/lib/smime/cmsasn1.c
security/nss/lib/smime/cmsattr.c
security/nss/lib/smime/cmscinfo.c
security/nss/lib/smime/cmscipher.c
security/nss/lib/smime/cmsdecode.c
security/nss/lib/smime/cmsdigdata.c
security/nss/lib/smime/cmsdigest.c
security/nss/lib/smime/cmsencdata.c
security/nss/lib/smime/cmsencode.c
security/nss/lib/smime/cmsenvdata.c
security/nss/lib/smime/cmslocal.h
security/nss/lib/smime/cmsmessage.c
security/nss/lib/smime/cmspubkey.c
security/nss/lib/smime/cmsrecinfo.c
security/nss/lib/smime/cmsreclist.c
security/nss/lib/smime/cmsreclist.h
security/nss/lib/smime/cmssigdata.c
security/nss/lib/smime/cmssiginfo.c
security/nss/lib/smime/cmst.h
security/nss/lib/smime/cmsudf.c
security/nss/lib/smime/cmsutil.c
security/nss/lib/smime/smime.h
security/nss/lib/smime/smimemessage.c
security/nss/lib/smime/smimesym.c
security/nss/lib/smime/smimeutil.c
security/nss/lib/softoken/legacydb/lgutil.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/sdb.c
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3ecc.c
security/nss/lib/ssl/sslgrp.c
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/ssltrace.c
security/nss/lib/ssl/tls13con.c
security/nss/manifest.mn
security/nss/nss.gyp
security/nss/test.sh
security/nss/tests/bogo/bogo.sh
security/nss/tests/gtests/gtests.sh
security/nss/tests/merge/merge.sh
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -22,17 +22,17 @@ include $(CORE_DEPTH)/coreconf/config.mk
 
 
 
 #######################################################################
 # (4) Include "local" platform-dependent assignments (OPTIONAL).      #
 #######################################################################
 
 ifdef NSS_DISABLE_GTESTS
-DIRS := $(filter-out external_tests,$(DIRS))
+DIRS := $(filter-out gtests,$(DIRS))
 endif
 
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
 
 include $(CORE_DEPTH)/coreconf/rules.mk
 
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-3e7b53b18112
+0cccc59d04dd
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -9,62 +9,47 @@ const LINUX_IMAGE = {name: "linux", path
 
 const WINDOWS_CHECKOUT_CMD =
   "bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " +
     "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " +
     "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\"";
 
 /*****************************************************************************/
 
-function isSanitizer(task) {
-  return task.collection == "asan" || task.collection == "ubsan";
-}
-
 queue.filter(task => {
   if (task.group == "Builds") {
     // Remove extra builds on {A,UB}San and ARM.
-    if (isSanitizer(task) || task.collection == "arm-debug") {
+    if (task.collection == "asan" || task.collection == "arm-debug") {
       return false;
     }
 
     // Remove extra builds w/o libpkix for non-linux64-debug.
     if (task.symbol == "noLibpkix" &&
         (task.platform != "linux64" || task.collection != "debug")) {
       return false;
     }
-
-    // Remove extra builds on gyp builds (TODO: add when it supports CC/CCC).
-    if (task.collection == "gyp") {
-      return false;
-    }
   }
 
   if (task.tests == "bogo") {
     // No BoGo tests on Windows.
     if (task.platform == "windows2012-64") {
       return false;
     }
 
     // No BoGo tests on ARM.
     if (task.collection == "arm-debug") {
       return false;
     }
   }
 
-  // Filter test suites that currently fail with UBSan.
-  if (task.collection == "ubsan" &&
-      ["crmf", "cipher", "fips", "merge", "smime"].includes(task.tests)) {
-    return false;
-  }
-
   return true;
 });
 
 queue.map(task => {
-  if (isSanitizer(task)) {
+  if (task.collection == "asan") {
     // CRMF and FIPS tests still leak, unfortunately.
     if (task.tests == "crmf" || task.tests == "fips") {
       task.env.ASAN_OPTIONS = "detect_leaks=0";
     }
 
     // SSL(standard) runs on ASan take some time.
     if (task.tests == "ssl" && task.cycle == "standard") {
       task.maxRunTime = 7200;
@@ -114,60 +99,48 @@ export default async function main() {
   });
 
   await scheduleLinux("Linux 64 (debug, gyp)", {
     command: [
       "/bin/bash",
       "-c",
       "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
     ],
-    env: {USE_64: "1"},
+    env: {USE_64: "1"}, // This is only necessary for tests to work.
     platform: "linux64",
     collection: "gyp",
     image: LINUX_IMAGE
   });
 
   await scheduleLinux("Linux 64 (ASan, debug)", {
     env: {
-      NSS_DISABLE_ARENA_FREE_LIST: "1",
-      NSS_DISABLE_UNLOAD: "1",
-      CC: "clang",
-      CCC: "clang++",
-      USE_ASAN: "1",
-      USE_64: "1"
-    },
-    platform: "linux64",
-    collection: "asan",
-    image: LINUX_IMAGE
-  });
-
-  await scheduleLinux("Linux 64 (ASan+UBSan, debug)", {
-    env: {
       UBSAN_OPTIONS: "print_stacktrace=1",
       NSS_DISABLE_ARENA_FREE_LIST: "1",
       NSS_DISABLE_UNLOAD: "1",
       CC: "clang",
       CCC: "clang++",
       USE_UBSAN: "1",
       USE_ASAN: "1",
       USE_64: "1"
     },
     platform: "linux64",
-    collection: "ubsan",
+    collection: "asan",
     image: LINUX_IMAGE
   });
 
   await scheduleWindows("Windows 2012 64 (opt)", {
     env: {BUILD_OPT: "1"}
   });
 
   await scheduleWindows("Windows 2012 64 (debug)", {
     collection: "debug"
   });
 
+  await scheduleFuzzing();
+
   await scheduleTools();
 
   await scheduleLinux("Linux 32 (ARM, debug)", {
     image: "franziskus/nss-arm-ci",
     provisioner: "localprovisioner",
     collection: "arm-debug",
     workerType: "nss-rpi",
     platform: "linux32",
@@ -256,16 +229,75 @@ async function scheduleLinux(name, base)
     symbol: "noLibpkix"
   }));
 
   return queue.submit();
 }
 
 /*****************************************************************************/
 
+async function scheduleFuzzing() {
+  let base = {
+    env: {
+      ASAN_OPTIONS: "allocator_may_return_null=1",
+      UBSAN_OPTIONS: "print_stacktrace=1",
+      CC: "clang",
+      CCC: "clang++",
+      USE_64: "1" // This is only necessary for tests to work.
+    },
+    platform: "linux64",
+    collection: "fuzz",
+    image: LINUX_IMAGE
+  };
+
+  // Build base definition.
+  let build_base = merge({
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && " +
+      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz"
+    ],
+    artifacts: {
+      public: {
+        expires: 24 * 7,
+        type: "directory",
+        path: "/home/worker/artifacts"
+      }
+    },
+    kind: "build",
+    symbol: "B"
+  }, base);
+
+  // The task that builds NSPR+NSS.
+  let task_build = queue.scheduleTask(merge(build_base, {
+    name: "Linux x64 (debug, fuzz)"
+  }));
+
+  // Schedule tests.
+  queue.scheduleTask(merge(base, {
+    parent: task_build,
+    name: "Gtests",
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+    ],
+    env: {GTESTFILTER: "*Fuzz*"},
+    symbol: "Gtest",
+    tests: "gtests",
+    cycle: "standard",
+    kind: "test"
+  }));
+
+  return queue.submit();
+}
+
+/*****************************************************************************/
+
 async function scheduleWindows(name, base) {
   base = merge(base, {
     workerType: "nss-win2012r2",
     platform: "windows2012-64",
     env: {
       PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;" +
             "c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;" +
             "c:\\mozilla-build\\python\\Scripts;c:\\mozilla-build\\yasm;" +
--- a/security/nss/automation/taskcluster/graph/src/try_syntax.js
+++ b/security/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -17,17 +17,18 @@ function parseOptions(opts) {
   let builds = intersect(opts.build.split(""), ["d", "o"]);
 
   // If the given value is nonsense default to debug and opt builds.
   if (builds.length == 0) {
     builds = ["d", "o"];
   }
 
   // Parse platforms.
-  let allPlatforms = ["linux", "linux64", "linux64-asan", "win64", "arm", "linux64-gyp"];
+  let allPlatforms = ["linux", "linux64", "linux64-asan", "win64", "arm",
+                      "linux64-gyp", "linux64-fuzz"];
   let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
 
   // If the given value is nonsense or "none" default to all platforms.
   if (platforms.length == 0 && opts.platform != "none") {
     platforms = allPlatforms;
   }
 
   // Parse unit tests.
@@ -96,44 +97,48 @@ function filter(opts) {
 
     let coll = name => name == (task.collection || "opt");
 
     // Filter by platform.
     let found = opts.platforms.some(platform => {
       let aliases = {
         "linux": "linux32",
         "linux64-asan": "linux64",
+        "linux64-fuzz": "linux64",
         "linux64-gyp": "linux64",
         "win64": "windows2012-64",
         "arm": "linux32"
       };
 
       // Check the platform name.
       let keep = (task.platform == (aliases[platform] || platform));
 
       // Additional checks.
       if (platform == "linux64-asan") {
-        keep &= coll("asan") || coll("ubsan");
+        keep &= coll("asan");
       } else if (platform == "arm") {
         keep &= coll("arm-opt") || coll("arm-debug");
       } else if (platform == "linux64-gyp") {
         keep &= coll("gyp");
+      } else if (platform == "linux64-fuzz") {
+        keep &= coll("fuzz");
       } else {
         keep &= coll("opt") || coll("debug");
       }
 
       return keep;
     });
 
     if (!found) {
       return false;
     }
 
     // Finally, filter by build type.
-    let isDebug = coll("debug") || coll("asan") || coll("ubsan") || coll("arm-debug") || coll("gyp");
+    let isDebug = coll("debug") || coll("asan") || coll("arm-debug") ||
+                  coll("gyp") || coll("fuzz");
     return (isDebug && opts.builds.includes("d")) ||
            (!isDebug && opts.builds.includes("o"));
   }
 }
 
 export function initFilter() {
   let comment = process.env.TC_COMMENT || "";
 
--- a/security/nss/automation/taskcluster/scripts/build_gyp.sh
+++ b/security/nss/automation/taskcluster/scripts/build_gyp.sh
@@ -1,18 +1,18 @@
 #!/usr/bin/env bash
 
 source $(dirname $0)/tools.sh
 
 if [[ $(id -u) -eq 0 ]]; then
     # Drop privileges by re-running this script.
-    exec su worker $0
+    exec su worker -c "$0 $*"
 fi
 
 # Clone NSPR if needed.
 hg_clone https://hg.mozilla.org/projects/nspr nspr default
 
 # Build.
-nss/build.sh -g -v
+nss/build.sh ${*--g -v}
 
 # Package.
 mkdir artifacts
 tar cvfjh artifacts/dist.tar.bz2 dist
--- a/security/nss/automation/taskcluster/scripts/run_clang_format.sh
+++ b/security/nss/automation/taskcluster/scripts/run_clang_format.sh
@@ -14,35 +14,42 @@ fi
 # Includes a default set of directories.
 
 if [ $# -gt 0 ]; then
     dirs=("$@")
 else
     top=$(dirname $0)/../../..
     dirs=( \
          "$top/cmd" \
+         "$top/fuzz" \
          "$top/lib/base" \
          "$top/lib/certdb" \
          "$top/lib/certhigh" \
          "$top/lib/ckfw" \
          "$top/lib/crmf" \
          "$top/lib/cryptohi" \
          "$top/lib/dbm" \
          "$top/lib/dev" \
          "$top/lib/freebl" \
+         "$top/lib/jar" \
          "$top/lib/nss" \
+         "$top/lib/pk11wrap" \
+         "$top/lib/pkcs7" \
+         "$top/lib/pkcs12" \
+         "$top/lib/pki" \
+         "$top/lib/smime" \
          "$top/lib/softoken" \
          "$top/lib/ssl" \
+         "$top/lib/sysinit" \
          "$top/lib/util" \
-         "$top/lib/sysinit" \
-         "$top/external_tests/common" \
-         "$top/external_tests/der_gtest" \
-         "$top/external_tests/pk11_gtest" \
-         "$top/external_tests/ssl_gtest" \
-         "$top/external_tests/util_gtest" \
+         "$top/gtests/common" \
+         "$top/gtests/der_gtest" \
+         "$top/gtests/pk11_gtest" \
+         "$top/gtests/ssl_gtest" \
+         "$top/gtests/util_gtest" \
     )
 fi
 
 for dir in "${dirs[@]}"; do
     find "$dir" -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
 done
 
 TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX)
--- a/security/nss/automation/taskcluster/scripts/run_scan_build.sh
+++ b/security/nss/automation/taskcluster/scripts/run_scan_build.sh
@@ -18,18 +18,23 @@ make nss_build_all
 
 # What we want to scan.
 # key: directory to scan
 # value: number of errors expected in that directory
 declare -A scan=( \
         [lib/base]=0 \
         [lib/certdb]=0 \
         [lib/certhigh]=0 \
+        [lib/ckfw]=0 \
+        [lib/crmf]=0 \
+        [lib/cryptohi]=0 \
+        [lib/dev]=0 \
+        [lib/freebl]=0 \
+        [lib/nss]=0 \
         [lib/ssl]=0 \
-        [lib/freebl]=0 \
         [lib/util]=0 \
     )
 
 # remove .OBJ directories to force a rebuild of just the select few
 for i in "${!scan[@]}"; do
    find "$i" -name "*.OBJ" -exec rm -rf {} \+
 done
 
deleted file mode 100755
--- a/security/nss/automation/travis/validate-formatting.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# Apply clang-format 3.8 on the provided folder and verify that this doesn't change any file.
-# If any file differs after formatting, the script eventually exits with 1.
-# Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
-
-STATUS=0
-for i in $(find $1 -type f -name '*.[ch]' -print); do
-  if ! clang-format-3.8 $i | diff $i -; then
-    echo "Sorry, $i is not formatted properly. Please use clang-format 3.8 on your patch before landing."
-    STATUS=1
-  fi
-done
-exit $STATUS
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -1,72 +1,131 @@
 #!/bin/bash
 # This script builds NSS with gyp and ninja.
 #
 # This build system is still under development.  It does not yet support all
 # the features or platforms that NSS supports.
-#
-# -c = clean before build
-# -g = force a rebuild of gyp (and NSPR, because why not)
-# -v = verbose build
-# --test = ignore map files and export everything we have
 
 set -e
 
-CWD=$(cd $(dirname $0); pwd -P)
-OBJ_DIR=$(make -s -C "$CWD" platform)
-DIST_DIR="$CWD/../dist/$OBJ_DIR"
+# Usage info
+show_help() {
+cat << EOF
+
+Usage: ${0##*/} [-hcgv] [-j <n>] [--test] [--fuzz] [--scan-build[=output]]
+                [-m32] [--opt|-o]
+
+This script builds NSS with gyp and ninja.
+
+This build system is still under development.  It does not yet support all
+the features or platforms that NSS supports.
+
+NSS build tool options:
+
+    -h            display this help and exit
+    -c            clean before build
+    -g            force a rebuild of gyp (and NSPR, because why not)
+    -j <n>        run at most <n> concurrent jobs
+    -v            verbose build
+    -m32          do a 32-bit build on a 64-bit system
+    --test        ignore map files and export everything we have
+    --fuzz        enable fuzzing mode. this always enables test builds
+    --scan-build  run the build with scan-build (scan-build has to be in the path)
+                  --scan-build=/out/path sets the output path for scan-build
+    --opt|-o      do an opt build
+EOF
+}
 
 if [ -n "$CCC" ] && [ -z "$CXX" ]; then
     export CXX="$CCC"
 fi
 
+opt_build=0
+build_64=0
+clean=0
+rebuild_gyp=0
+target=Debug
+
+# try to guess sensible defaults
+arch=$(uname -m)
+if [ "$arch" = "x86_64" -o "$arch" = "aarch64" ]; then
+    build_64=1
+fi
+
+gyp_params=()
+ninja_params=()
+scanbuild=()
+nspr_env=()
+
+# parse command line arguments
 while [ $# -gt 0 ]; do
     case $1 in
-        -c) CLEAN=1 ;;
-        -g) REBUILD_GYP=1 ;;
-        -v) VERBOSE=1 ;;
-        --test) GYP_PARAMS="$GYP_PARAMS -Dtest_build=1" ;;
+        -c) clean=1 ;;
+        -g) rebuild_gyp=1 ;;
+        -j) ninja_params+=(-j "$2"); shift ;;
+        -v) ninja_params+=(-v) ;;
+        --test) gyp_params+=(-Dtest_build=1) ;;
+        --fuzz) gyp_params+=(-Dtest_build=1 -Dfuzz=1) ;;
+        --scan-build) scanbuild=(scan-build) ;;
+        --scan-build=?*) scanbuild=(scan-build -o "${1#*=}") ;;
+        --opt|-o) opt_build=1; nspr_env+=(BUILD_OPT=1) ;;
+        -m32|--m32) build_64=0 ;;
+        *) show_help; exit ;;
     esac
     shift
 done
 
+# set paths
+cwd=$(cd $(dirname $0); pwd -P)
+obj_dir=$(USE_64=$build_64 make -s -C "$cwd" platform)
+dist_dir="$cwd/../dist/$obj_dir"
+
 # -c = clean first
-if [ "$CLEAN" = 1 ]; then
-    rm -rf "$CWD/out"
+if [ "$clean" = 1 ]; then
+    rm -rf "$cwd/out"
+    rm -rf "$cwd/../nspr/$obj_dir"
 fi
 
-if [ "$BUILD_OPT" = "1" ]; then
-    TARGET=Release
+if [ "$opt_build" = "1" ]; then
+    target=Release
 else
-    TARGET=Debug
+    target=Debug
+fi
+if [ "$build_64" == "1" ]; then
+    target="${target}_x64"
+    nspr_env+=(USE_64=1)
+else
+    gyp_params+=(-Dtarget_arch=ia32)
 fi
-if [ "$USE_64" == "1" ]; then
-    TARGET="${TARGET}_x64"
-else
-    GYP_PARAMS="$GYP_PARAMS -Dtarget_arch=ia32"
-fi
-TARGET_DIR="$CWD/out/$TARGET"
+target_dir="$cwd/out/$target"
+
+# figure out the scan-build string
+if [ "${#scanbuild[@]}" -gt 0 ]; then
+    if [ -n "$CC" ]; then
+       scanbuild+=(--use-cc="$CC")
+    fi
+    if [ -n "$CCC" ]; then
+       scanbuild+=(--use-c++="$CCC")
+    fi
+ fi
 
 # These steps can take a while, so don't overdo them.
 # Force a redo with -g.
-if [ "$REBUILD_GYP" = 1 -o ! -d "$TARGET_DIR" ]; then
+if [ "$rebuild_gyp" = 1 -o ! -d "$target_dir" ]; then
     # Build NSPR.
-    make -C "$CWD" NSS_GYP=1 install_nspr
+    make "${nspr_env[@]}" -C "$cwd" NSS_GYP=1 install_nspr
 
     # Run gyp.
-    PKG_CONFIG_PATH="$CWD/../nspr/$OBJ_DIR/config" $SCANBUILD \
-        gyp -f ninja $GYP_PARAMS --depth="$CWD" --generator-output="." "$CWD/nss.gyp"
+    PKG_CONFIG_PATH="$cwd/../nspr/$obj_dir/config" \
+        "${scanbuild[@]}" gyp -f ninja "${gyp_params[@]}" --depth="$cwd" \
+          --generator-output="." "$cwd/nss.gyp"
 fi
 
 # Run ninja.
 if which ninja >/dev/null 2>&1; then
-    NINJA=ninja
+    ninja=(ninja)
 elif which ninja-build >/dev/null 2>&1; then
-    NINJA=ninja-build
+    ninja=(ninja-build)
 else
     echo "Please install ninja" 1>&2
     exit 1
 fi
-if [ "$VERBOSE" = 1 ]; then
-    NINJA="$NINJA -v"
-fi
-$NINJA -C "$TARGET_DIR"
+"${scanbuild[@]}" $ninja -C "$target_dir" "${ninja_params[@]}"
--- a/security/nss/cmd/lib/basicutil.c
+++ b/security/nss/cmd/lib/basicutil.c
@@ -787,16 +787,17 @@ parseGroupList(const char *arg, SSLNamed
         return SECFailure;
     }
     p = strtok(str, ",");
     while (p) {
         ++numValues;
         p = strtok(NULL, ",");
     }
     PORT_Free(str);
+    str = NULL;
     groups = PORT_ZNewArray(SSLNamedGroup, numValues);
     if (!groups) {
         goto done;
     }
 
     /* Get group names. */
     str = PORT_Strdup(arg);
     if (!str) {
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -1466,17 +1466,17 @@ main(int argc, char **argv)
             goto done;
         }
     }
 
     /* require the use of fixed finite-field DH groups */
     if (requireDHNamedGroups) {
         rv = SSL_OptionSet(s, SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
         if (rv != SECSuccess) {
-            SECU_PrintError(progName, "error enabling extended master secret");
+            SECU_PrintError(progName, "error in requiring the use of fixed finite-field DH groups");
             error = 1;
             goto done;
         }
     }
 
     /* enable Signed Certificate Timestamps. */
     rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
                        enableSignedCertTimestamps);
--- a/security/nss/coreconf/config.gypi
+++ b/security/nss/coreconf/config.gypi
@@ -47,16 +47,21 @@
         }],
         ['OS=="linux" or OS=="android"', {
           'zlib_libs%': ['<!@(<(python) <(DEPTH)/coreconf/pkg_config.py raw --libs zlib)'],
           'moz_debug_flags%': '-gdwarf-2',
           'optimize_flags%': '-O2',
           'dll_prefix': 'lib',
           'dll_suffix': 'so',
         }],
+        ['OS=="linux"', {
+          'freebl_name': 'freeblpriv3',
+        }, {
+          'freebl_name': 'freebl3',
+        }],
         ['OS=="mac"', {
           'zlib_libs%': ['-lz'],
           'use_system_sqlite%': 1,
           'moz_debug_flags%': '-gdwarf-2 -gfull',
           'optimize_flags%': '-O2',
           'dll_prefix': 'lib',
           'dll_suffix': 'dylib',
         }, {
@@ -80,29 +85,31 @@
     'nspr_lib_dir%': '<(nspr_lib_dir)',
     'nspr_include_dir%': '<(nspr_include_dir)',
     'nss_dist_obj_dir%': '<(nss_dist_obj_dir)',
     'nss_dist_dir%': '<(nss_dist_dir)',
     'use_system_sqlite%': '<(use_system_sqlite)',
     'sqlite_libs%': ['-lsqlite3'],
     'dll_prefix': '<(dll_prefix)',
     'dll_suffix': '<(dll_suffix)',
+    'freebl_name': '<(freebl_name)',
     'cc_is_clang%': '<(cc_is_clang)',
     # Some defaults
     'disable_tests%': 0,
     'disable_chachapoly%': 0,
     'disable_dbm%': 0,
     'disable_libpkix%': 0,
     'disable_werror%': 0,
     'mozilla_client%': 0,
     'moz_fold_libs%': 0,
     'moz_folded_library_name%': '',
     'ssl_enable_zlib%': 1,
     'use_asan%': 0,
     'test_build%': 0,
+    'fuzz%': 0,
   },
   'target_defaults': {
     # Settings specific to targets should go here.
     # This is mostly for linking to libraries.
     'variables': {
       'mapfile%': '',
       'test_build%': 0,
     },
@@ -274,16 +281,19 @@
               }],
             ],
           }],
           [ 'disable_werror==0 and (OS=="linux" or OS=="mac")', {
             'cflags': [
               '<!@(<(python) <(DEPTH)/coreconf/werror.py)',
             ],
           }],
+          [ 'fuzz==1', {
+            'cflags': ['-Wno-unused-function']
+          }],
           [ 'OS=="android" and mozilla_client==0', {
             'defines': [
               'NO_SYSINFO',
               'NO_FORK_CHECK',
               'ANDROID',
             ],
           }],
           [ 'OS=="mac"', {
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
deleted file mode 100644
--- a/security/nss/external_tests/common/common.gyp
+++ /dev/null
@@ -1,36 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    'gtest.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'gtests',
-      'type': 'executable',
-      'sources': [
-        'gtests.cc'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/nss/nss.gyp:nss3',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/lib/smime/smime.gyp:smime3',
-        '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
-        '<(DEPTH)/external_tests/google_test/google_test.gyp:gtest',
-        '<(DEPTH)/cmd/lib/lib.gyp:sectool'
-      ]
-    }
-  ],
-  'target_defaults': {
-    'include_dirs': [
-      '../../external_tests/google_test/gtest/include',
-      '../../external_tests/common'
-    ],
-  },
-  'variables': {
-    'module': 'nss'
-  }
-}
deleted file mode 100644
--- a/security/nss/external_tests/common/gtest.gypi
+++ /dev/null
@@ -1,30 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi'
-  ],
-  'target_defaults': {
-    'conditions': [
-      ['OS=="win"', {
-        'libraries': [
-          '-lws2_32',
-        ],
-      }],
-      ['OS=="android"', {
-        'libraries': [
-          '-lstdc++',
-        ],
-      }],
-    ],
-    'msvs_settings': {
-      'VCCLCompilerTool': {
-        'ExceptionHandling': 1,
-        'PreprocessorDefinitions': [
-          'NOMINMAX',
-        ],
-      },
-    },
-  },
-}
deleted file mode 100644
--- a/security/nss/external_tests/common/manifest.mn
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-DEPTH      = ../..
-MODULE = nss
-
-CPPSRCS = \
-      gtests.cc \
-      $(NULL)
-
-INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
-            -I$(CORE_DEPTH)/external_tests/common
-
-REQUIRES = gtest
-
-EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
-
-# NOTE: this is not actually used but required to build gtests.o
-PROGRAM = gtests
\ No newline at end of file
deleted file mode 100644
--- a/security/nss/external_tests/der_gtest/der_gtest.gyp
+++ /dev/null
@@ -1,37 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    '../common/gtest.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'der_gtest',
-      'type': 'executable',
-      'sources': [
-        'der_getint_unittest.cc',
-        '<(DEPTH)/external_tests/common/gtests.cc'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/nss/nss.gyp:nss3',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/lib/smime/smime.gyp:smime3',
-        '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
-        '<(DEPTH)/external_tests/google_test/google_test.gyp:gtest',
-        '<(DEPTH)/cmd/lib/lib.gyp:sectool'
-      ]
-    }
-  ],
-  'target_defaults': {
-    'include_dirs': [
-      '../../external_tests/google_test/gtest/include',
-      '../../external_tests/common'
-    ]
-  },
-  'variables': {
-    'module': 'nss'
-  }
-}
deleted file mode 100644
--- a/security/nss/external_tests/der_gtest/manifest.mn
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-DEPTH      = ../..
-MODULE = nss
-
-CPPSRCS = \
-      der_getint_unittest.cc \
-      der_private_key_import_unittest.cc \
-      $(NULL)
-
-INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
-            -I$(CORE_DEPTH)/external_tests/common
-
-REQUIRES = nspr nss libdbm gtest
-
-PROGRAM = der_gtest
-
-EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
-             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
deleted file mode 100644
deleted file mode 100644
--- a/security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.gyp
+++ /dev/null
@@ -1,79 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi'
-  ],
-  'targets': [
-    {
-      'target_name': 'nss_bogo_shim',
-      'type': 'executable',
-      'sources': [
-        'config.cc',
-        'nss_bogo_shim.cc',
-        'nsskeys.cc'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
-        '<(DEPTH)/external_tests/google_test/google_test.gyp:gtest',
-        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
-        '<(DEPTH)/lib/smime/smime.gyp:smime',
-        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
-        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
-        '<(DEPTH)/cmd/lib/lib.gyp:sectool',
-        '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
-        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
-        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
-        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
-        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
-        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
-        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
-        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
-        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
-        '<(DEPTH)/lib/base/base.gyp:nssb',
-        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
-        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
-        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
-        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
-        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
-      ],
-      'conditions': [
-        [ 'disable_dbm==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
-          ],
-        }],
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-          ],
-        }],
-      ],
-    }
-  ],
-  'target_defaults': {
-    'defines': [
-      'NSS_USE_STATIC_LIBS'
-    ],
-    'include_dirs': [
-      '../../lib/ssl'
-    ],
-  },
-  'variables': {
-    'module': 'nss',
-    'use_static_libs': 1
-  }
-}
deleted file mode 100644
--- a/security/nss/external_tests/pk11_gtest/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-#! gmake
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../common/gtest.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
deleted file mode 100644
--- a/security/nss/external_tests/pk11_gtest/manifest.mn
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-DEPTH      = ../..
-MODULE = nss
-
-CPPSRCS = \
-      pk11_aeskeywrap_unittest.cc \
-      pk11_chacha20poly1305_unittest.cc \
-      pk11_export_unittest.cc \
-      pk11_pbkdf2_unittest.cc \
-      pk11_prf_unittest.cc \
-      pk11_rsapss_unittest.cc \
-      $(NULL)
-
-INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
-            -I$(CORE_DEPTH)/external_tests/common
-
-REQUIRES = nspr nss libdbm gtest
-
-PROGRAM = pk11_gtest
-
-EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
-             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
-
deleted file mode 100644
--- a/security/nss/external_tests/pk11_gtest/pk11_gtest.gyp
+++ /dev/null
@@ -1,41 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    '../common/gtest.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'pk11_gtest',
-      'type': 'executable',
-      'sources': [
-        'pk11_aeskeywrap_unittest.cc',
-        'pk11_chacha20poly1305_unittest.cc',
-        'pk11_pbkdf2_unittest.cc',
-        'pk11_prf_unittest.cc',
-        'pk11_rsapss_unittest.cc',
-        '<(DEPTH)/external_tests/common/gtests.cc'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/nss/nss.gyp:nss3',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/lib/smime/smime.gyp:smime3',
-        '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
-        '<(DEPTH)/external_tests/google_test/google_test.gyp:gtest',
-        '<(DEPTH)/cmd/lib/lib.gyp:sectool'
-      ]
-    }
-  ],
-  'target_defaults': {
-    'include_dirs': [
-      '../../external_tests/google_test/gtest/include',
-      '../../external_tests/common'
-    ]
-  },
-  'variables': {
-    'module': 'nss'
-  }
-}
deleted file mode 100644
--- a/security/nss/external_tests/ssl_gtest/manifest.mn
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-DEPTH      = ../..
-MODULE = nss
-
-# These sources have access to libssl internals
-CSRCS = \
-      libssl_internals.c \
-      $(NULL)
-
-CPPSRCS = \
-      ssl_0rtt_unittest.cc \
-      ssl_agent_unittest.cc \
-      ssl_auth_unittest.cc \
-      ssl_cert_ext_unittest.cc \
-      ssl_ciphersuite_unittest.cc \
-      ssl_damage_unittest.cc \
-      ssl_dhe_unittest.cc \
-      ssl_drop_unittest.cc \
-      ssl_ecdh_unittest.cc \
-      ssl_ems_unittest.cc \
-      ssl_extension_unittest.cc \
-      ssl_gtest.cc \
-      ssl_hrr_unittest.cc \
-      ssl_loopback_unittest.cc \
-      ssl_record_unittest.cc \
-      ssl_resumption_unittest.cc \
-      ssl_skip_unittest.cc \
-      ssl_staticrsa_unittest.cc \
-      ssl_v2_client_hello_unittest.cc \
-      ssl_version_unittest.cc \
-      test_io.cc \
-      tls_agent.cc \
-      tls_connect.cc \
-      tls_hkdf_unittest.cc \
-      tls_filter.cc \
-      tls_parser.cc \
-      $(NULL)
-
-INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
-            -I$(CORE_DEPTH)/external_tests/common
-
-REQUIRES = nspr nss libdbm gtest
-
-PROGRAM = ssl_gtest
-EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
-             $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
-
-USE_STATIC_LIBS = 1
deleted file mode 100644
--- a/security/nss/external_tests/ssl_gtest/ssl_gtest.gyp
+++ /dev/null
@@ -1,106 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    '../common/gtest.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'ssl_gtest',
-      'type': 'executable',
-      'sources': [
-        'libssl_internals.c',
-        'ssl_0rtt_unittest.cc',
-        'ssl_agent_unittest.cc',
-        'ssl_auth_unittest.cc',
-        'ssl_cert_ext_unittest.cc',
-        'ssl_ciphersuite_unittest.cc',
-        'ssl_damage_unittest.cc',
-        'ssl_dhe_unittest.cc',
-        'ssl_drop_unittest.cc',
-        'ssl_ecdh_unittest.cc',
-        'ssl_ems_unittest.cc',
-        'ssl_extension_unittest.cc',
-        'ssl_gtest.cc',
-        'ssl_hrr_unittest.cc',
-        'ssl_loopback_unittest.cc',
-        'ssl_record_unittest.cc',
-        'ssl_resumption_unittest.cc',
-        'ssl_skip_unittest.cc',
-        'ssl_staticrsa_unittest.cc',
-        'ssl_v2_client_hello_unittest.cc',
-        'ssl_version_unittest.cc',
-        'test_io.cc',
-        'tls_agent.cc',
-        'tls_connect.cc',
-        'tls_filter.cc',
-        'tls_hkdf_unittest.cc',
-        'tls_parser.cc'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
-        '<(DEPTH)/external_tests/google_test/google_test.gyp:gtest',
-        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
-        '<(DEPTH)/lib/smime/smime.gyp:smime',
-        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
-        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
-        '<(DEPTH)/cmd/lib/lib.gyp:sectool',
-        '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
-        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
-        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
-        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
-        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
-        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
-        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
-        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
-        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
-        '<(DEPTH)/lib/base/base.gyp:nssb',
-        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
-        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
-        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
-        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
-        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
-      ],
-      'conditions': [
-        [ 'disable_dbm==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
-          ],
-        }],
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-          ],
-        }],
-      ],
-    }
-  ],
-  'target_defaults': {
-    'include_dirs': [
-      '../../external_tests/google_test/gtest/include',
-      '../../external_tests/common',
-      '../../lib/ssl'
-    ],
-    'defines': [
-      'NSS_USE_STATIC_LIBS'
-    ]
-  },
-  'variables': {
-    'module': 'nss',
-    'use_static_libs': 1
-  }
-}
deleted file mode 100644
--- a/security/nss/external_tests/util_gtest/manifest.mn
+++ /dev/null
@@ -1,26 +0,0 @@
-# -*- makefile -*-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-DEPTH      = ../..
-MODULE = nss
-
-CPPSRCS = \
-	util_utf8_unittest.cc \
-	$(NULL)
-
-INCLUDES += \
-	-I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
-	-I$(CORE_DEPTH)/external_tests/common \
-	$(NULL)
-
-REQUIRES = nspr gtest
-
-PROGRAM = util_gtest
-
-EXTRA_LIBS = \
-	$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
-	../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) \
-	$(NULL)
deleted file mode 100644
--- a/security/nss/external_tests/util_gtest/util_gtest.gyp
+++ /dev/null
@@ -1,39 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    '../common/gtest.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'util_gtest',
-      'type': 'executable',
-      'sources': [
-        'util_utf8_unittest.cc',
-        '<(DEPTH)/external_tests/common/gtests.cc'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/nss/nss.gyp:nss3',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/lib/smime/smime.gyp:smime3',
-        '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
-        '<(DEPTH)/external_tests/google_test/google_test.gyp:gtest',
-        '<(DEPTH)/lib/util/util.gyp:nssutil',
-        '<(DEPTH)/cmd/lib/lib.gyp:sectool'
-      ]
-    }
-  ],
-  'target_defaults': {
-    'include_dirs': [
-      '../../external_tests/google_test/gtest/include',
-      '../../external_tests/common',
-      '../../lib/util'
-    ]
-  },
-  'variables': {
-    'module': 'nss'
-  }
-}
--- a/security/nss/fuzz/nssfuzz/registry.h
+++ b/security/nss/fuzz/nssfuzz/registry.h
@@ -3,23 +3,23 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef registry_h__
 #define registry_h__
 
 #include <map>
+#include "FuzzerInternal.h"
 #include "nss.h"
-#include "FuzzerInternal.h"
 
 class Registry {
  public:
-  static void Add(std::string name, fuzzer::UserCallback func,
-                  uint16_t max_len, std::string desc) {
+  static void Add(std::string name, fuzzer::UserCallback func, uint16_t max_len,
+                  std::string desc) {
     assert(!Has(name));
     GetInstance().targets_[name] = TargetData(func, max_len, desc);
   }
 
   static bool Has(std::string name) {
     return GetInstance().targets_.count(name) > 0;
   }
 
@@ -35,17 +35,17 @@ class Registry {
 
   static std::string& Desc(std::string name) {
     assert(Has(name));
     return std::get<2>(Get(name));
   }
 
   static std::vector<std::string> Names() {
     std::vector<std::string> names;
-    for (auto &it : GetInstance().targets_) {
+    for (auto& it : GetInstance().targets_) {
       names.push_back(it.first);
     }
     return names;
   }
 
  private:
   typedef std::tuple<fuzzer::UserCallback, uint16_t, std::string> TargetData;
 
@@ -58,14 +58,14 @@ class Registry {
     return GetInstance().targets_[name];
   }
 
   Registry() {}
 
   std::map<std::string, TargetData> targets_;
 };
 
-#define REGISTER_FUZZING_TARGET(name, func, max_len, desc)            \
-  static void __attribute__ ((constructor)) RegisterFuzzingTarget() { \
-    Registry::Add(name, func, max_len, desc);                         \
+#define REGISTER_FUZZING_TARGET(name, func, max_len, desc)           \
+  static void __attribute__((constructor)) RegisterFuzzingTarget() { \
+    Registry::Add(name, func, max_len, desc);                        \
   }
 
-#endif // registry_h__
+#endif  // registry_h__
--- a/security/nss/fuzz/nssfuzz/shared.h
+++ b/security/nss/fuzz/nssfuzz/shared.h
@@ -10,9 +10,9 @@
 #include "nss.h"
 
 class NSSDatabase {
  public:
   NSSDatabase() { NSS_NoDB_Init(nullptr); }
   ~NSSDatabase() { NSS_Shutdown(); }
 };
 
-#endif // shared_h__
+#endif  // shared_h__
new file mode 100644
--- /dev/null
+++ b/security/nss/fuzz/warning.txt
@@ -0,0 +1,15 @@
+
+##############################################
+##                                          ##
+##  WARNING: You're building with -Dfuzz=1  ##
+##                                          ##
+##  This means:                             ##
+##                                          ##
+##   * Your PRNG is DETERMINISTIC.          ##
+##   * TLS transcripts are PLAINTEXT.       ##
+##   * TLS signature checks are DISABLED.   ##
+##                                          ##
+##  Thank you for fuzzing!                  ##
+##                                          ##
+##############################################
+
rename from security/nss/external_tests/.clang-format
rename to security/nss/gtests/.clang-format
rename from security/nss/external_tests/Makefile
rename to security/nss/gtests/Makefile
rename from security/nss/external_tests/README
rename to security/nss/gtests/README
rename from security/nss/external_tests/common/Makefile
rename to security/nss/gtests/common/Makefile
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/common/common.gyp
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    'gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'gtests',
+      'type': 'executable',
+      'sources': [
+        'gtests.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/nss/nss.gyp:nss3',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/lib/smime/smime.gyp:smime3',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/cmd/lib/lib.gyp:sectool'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../gtests/google_test/gtest/include',
+      '../../gtests/common'
+    ],
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/common/gtest.gypi
@@ -0,0 +1,35 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'target_defaults': {
+    'conditions': [
+      ['OS=="win"', {
+        'libraries': [
+          '-lws2_32',
+        ],
+      }],
+      ['OS=="android"', {
+        'libraries': [
+          '-lstdc++',
+        ],
+      }],
+      [ 'fuzz==1', {
+        'defines': [
+          'UNSAFE_FUZZER_MODE',
+        ],
+      }],
+    ],
+    'msvs_settings': {
+      'VCCLCompilerTool': {
+        'ExceptionHandling': 1,
+        'PreprocessorDefinitions': [
+          'NOMINMAX',
+        ],
+      },
+    },
+  },
+}
rename from security/nss/external_tests/common/gtest.mk
rename to security/nss/gtests/common/gtest.mk
rename from security/nss/external_tests/common/gtests.cc
rename to security/nss/gtests/common/gtests.cc
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/common/manifest.mn
@@ -0,0 +1,21 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      gtests.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common
+
+REQUIRES = gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
+
+# NOTE: this is not actually used but required to build gtests.o
+PROGRAM = gtests
rename from security/nss/external_tests/common/scoped_ptrs.h
rename to security/nss/gtests/common/scoped_ptrs.h
rename from security/nss/external_tests/der_gtest/Makefile
rename to security/nss/gtests/der_gtest/Makefile
rename from security/nss/external_tests/der_gtest/der_getint_unittest.cc
rename to security/nss/gtests/der_gtest/der_getint_unittest.cc
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/der_gtest/der_gtest.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'der_gtest',
+      'type': 'executable',
+      'sources': [
+        'der_getint_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../gtests/google_test/gtest/include',
+      '../../gtests/common'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
rename from security/nss/external_tests/der_gtest/der_private_key_import_unittest.cc
rename to security/nss/gtests/der_gtest/der_private_key_import_unittest.cc
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/der_gtest/manifest.mn
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      der_getint_unittest.cc \
+      der_private_key_import_unittest.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = der_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
rename from security/nss/external_tests/google_test/Makefile
rename to security/nss/gtests/google_test/Makefile
rename from security/nss/external_tests/google_test/google_test.gyp
rename to security/nss/gtests/google_test/google_test.gyp
rename from security/nss/external_tests/google_test/gtest/CHANGES
rename to security/nss/gtests/google_test/gtest/CHANGES
rename from security/nss/external_tests/google_test/gtest/CMakeLists.txt
rename to security/nss/gtests/google_test/gtest/CMakeLists.txt
rename from security/nss/external_tests/google_test/gtest/CONTRIBUTORS
rename to security/nss/gtests/google_test/gtest/CONTRIBUTORS
rename from security/nss/external_tests/google_test/gtest/LICENSE
rename to security/nss/gtests/google_test/gtest/LICENSE
rename from security/nss/external_tests/google_test/gtest/Makefile.am
rename to security/nss/gtests/google_test/gtest/Makefile.am
rename from security/nss/external_tests/google_test/gtest/README
rename to security/nss/gtests/google_test/gtest/README
new file mode 100644
rename from security/nss/external_tests/google_test/gtest/cmake/internal_utils.cmake
rename to security/nss/gtests/google_test/gtest/cmake/internal_utils.cmake
rename from security/nss/external_tests/google_test/gtest/codegear/gtest.cbproj
rename to security/nss/gtests/google_test/gtest/codegear/gtest.cbproj
rename from security/nss/external_tests/google_test/gtest/codegear/gtest.groupproj
rename to security/nss/gtests/google_test/gtest/codegear/gtest.groupproj
rename from security/nss/external_tests/google_test/gtest/codegear/gtest_all.cc
rename to security/nss/gtests/google_test/gtest/codegear/gtest_all.cc
rename from security/nss/external_tests/google_test/gtest/codegear/gtest_link.cc
rename to security/nss/gtests/google_test/gtest/codegear/gtest_link.cc
rename from security/nss/external_tests/google_test/gtest/codegear/gtest_main.cbproj
rename to security/nss/gtests/google_test/gtest/codegear/gtest_main.cbproj
rename from security/nss/external_tests/google_test/gtest/codegear/gtest_unittest.cbproj
rename to security/nss/gtests/google_test/gtest/codegear/gtest_unittest.cbproj
rename from security/nss/external_tests/google_test/gtest/configure.ac
rename to security/nss/gtests/google_test/gtest/configure.ac
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-death-test.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-death-test.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-message.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-message.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h.pump
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h.pump
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-printers.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-printers.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-spi.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-spi.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-test-part.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-test-part.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest-typed-test.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest-typed-test.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest_pred_impl.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest_pred_impl.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/gtest_prod.h
rename to security/nss/gtests/google_test/gtest/include/gtest/gtest_prod.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-filepath.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-filepath.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-internal.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-port.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-port.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-string.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-string.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h
rename from security/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
rename to security/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
rename from security/nss/external_tests/google_test/gtest/m4/acx_pthread.m4
rename to security/nss/gtests/google_test/gtest/m4/acx_pthread.m4
rename from security/nss/external_tests/google_test/gtest/m4/gtest.m4
rename to security/nss/gtests/google_test/gtest/m4/gtest.m4
rename from security/nss/external_tests/google_test/gtest/make/Makefile
rename to security/nss/gtests/google_test/gtest/make/Makefile
rename from security/nss/external_tests/google_test/gtest/msvc/gtest-md.sln
rename to security/nss/gtests/google_test/gtest/msvc/gtest-md.sln
rename from security/nss/external_tests/google_test/gtest/msvc/gtest-md.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest-md.vcproj
rename from security/nss/external_tests/google_test/gtest/msvc/gtest.sln
rename to security/nss/gtests/google_test/gtest/msvc/gtest.sln
rename from security/nss/external_tests/google_test/gtest/msvc/gtest.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest.vcproj
rename from security/nss/external_tests/google_test/gtest/msvc/gtest_main-md.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest_main-md.vcproj
rename from security/nss/external_tests/google_test/gtest/msvc/gtest_main.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest_main.vcproj
rename from security/nss/external_tests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
rename from security/nss/external_tests/google_test/gtest/msvc/gtest_prod_test.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest_prod_test.vcproj
rename from security/nss/external_tests/google_test/gtest/msvc/gtest_unittest-md.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest_unittest-md.vcproj
rename from security/nss/external_tests/google_test/gtest/msvc/gtest_unittest.vcproj
rename to security/nss/gtests/google_test/gtest/msvc/gtest_unittest.vcproj
rename from security/nss/external_tests/google_test/gtest/samples/prime_tables.h
rename to security/nss/gtests/google_test/gtest/samples/prime_tables.h
rename from security/nss/external_tests/google_test/gtest/samples/sample1.cc
rename to security/nss/gtests/google_test/gtest/samples/sample1.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample1.h
rename to security/nss/gtests/google_test/gtest/samples/sample1.h
rename from security/nss/external_tests/google_test/gtest/samples/sample10_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample10_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample1_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample1_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample2.cc
rename to security/nss/gtests/google_test/gtest/samples/sample2.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample2.h
rename to security/nss/gtests/google_test/gtest/samples/sample2.h
rename from security/nss/external_tests/google_test/gtest/samples/sample2_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample2_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample3-inl.h
rename to security/nss/gtests/google_test/gtest/samples/sample3-inl.h
rename from security/nss/external_tests/google_test/gtest/samples/sample3_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample3_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample4.cc
rename to security/nss/gtests/google_test/gtest/samples/sample4.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample4.h
rename to security/nss/gtests/google_test/gtest/samples/sample4.h
rename from security/nss/external_tests/google_test/gtest/samples/sample4_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample4_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample5_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample5_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample6_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample6_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample7_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample7_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample8_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample8_unittest.cc
rename from security/nss/external_tests/google_test/gtest/samples/sample9_unittest.cc
rename to security/nss/gtests/google_test/gtest/samples/sample9_unittest.cc
rename from security/nss/external_tests/google_test/gtest/scripts/common.py
rename to security/nss/gtests/google_test/gtest/scripts/common.py
rename from security/nss/external_tests/google_test/gtest/scripts/fuse_gtest_files.py
rename to security/nss/gtests/google_test/gtest/scripts/fuse_gtest_files.py
rename from security/nss/external_tests/google_test/gtest/scripts/gen_gtest_pred_impl.py
rename to security/nss/gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py
rename from security/nss/external_tests/google_test/gtest/scripts/gtest-config.in
rename to security/nss/gtests/google_test/gtest/scripts/gtest-config.in
rename from security/nss/external_tests/google_test/gtest/scripts/pump.py
rename to security/nss/gtests/google_test/gtest/scripts/pump.py
rename from security/nss/external_tests/google_test/gtest/scripts/release_docs.py
rename to security/nss/gtests/google_test/gtest/scripts/release_docs.py
rename from security/nss/external_tests/google_test/gtest/scripts/test/Makefile
rename to security/nss/gtests/google_test/gtest/scripts/test/Makefile
rename from security/nss/external_tests/google_test/gtest/scripts/upload.py
rename to security/nss/gtests/google_test/gtest/scripts/upload.py
rename from security/nss/external_tests/google_test/gtest/scripts/upload_gtest.py
rename to security/nss/gtests/google_test/gtest/scripts/upload_gtest.py
rename from security/nss/external_tests/google_test/gtest/src/gtest-all.cc
rename to security/nss/gtests/google_test/gtest/src/gtest-all.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest-death-test.cc
rename to security/nss/gtests/google_test/gtest/src/gtest-death-test.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest-filepath.cc
rename to security/nss/gtests/google_test/gtest/src/gtest-filepath.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest-internal-inl.h
rename to security/nss/gtests/google_test/gtest/src/gtest-internal-inl.h
rename from security/nss/external_tests/google_test/gtest/src/gtest-port.cc
rename to security/nss/gtests/google_test/gtest/src/gtest-port.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest-printers.cc
rename to security/nss/gtests/google_test/gtest/src/gtest-printers.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest-test-part.cc
rename to security/nss/gtests/google_test/gtest/src/gtest-test-part.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest-typed-test.cc
rename to security/nss/gtests/google_test/gtest/src/gtest-typed-test.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest.cc
rename to security/nss/gtests/google_test/gtest/src/gtest.cc
rename from security/nss/external_tests/google_test/gtest/src/gtest_main.cc
rename to security/nss/gtests/google_test/gtest/src/gtest_main.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-death-test_ex_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-death-test_ex_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-death-test_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-death-test_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-filepath_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-filepath_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-linked_ptr_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-linked_ptr_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-listener_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-listener_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-message_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-message_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-options_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-options_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-param-test2_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-param-test2_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-param-test_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-param-test_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-param-test_test.h
rename to security/nss/gtests/google_test/gtest/test/gtest-param-test_test.h
rename from security/nss/external_tests/google_test/gtest/test/gtest-port_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-port_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-printers_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-printers_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-test-part_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-test-part_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-tuple_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-tuple_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-typed-test2_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-typed-test2_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-typed-test_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.h
rename to security/nss/gtests/google_test/gtest/test/gtest-typed-test_test.h
rename from security/nss/external_tests/google_test/gtest/test/gtest-unittest-api_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest-unittest-api_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_all_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_all_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest.py
rename to security/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_color_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_color_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_color_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_color_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_env_var_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_env_var_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_env_var_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_env_var_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_environment_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_environment_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_filter_unittest.py
rename to security/nss/gtests/google_test/gtest/test/gtest_filter_unittest.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_filter_unittest_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_filter_unittest_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_help_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_help_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_help_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_help_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest.py
rename to security/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_main_unittest.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_main_unittest.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_no_test_unittest.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_no_test_unittest.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_output_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_output_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_output_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_output_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_output_test_golden_lin.txt
rename to security/nss/gtests/google_test/gtest/test/gtest_output_test_golden_lin.txt
rename from security/nss/external_tests/google_test/gtest/test/gtest_pred_impl_unittest.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_premature_exit_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_premature_exit_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_prod_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_prod_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_repeat_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_repeat_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_shuffle_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_shuffle_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_shuffle_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_shuffle_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_sole_header_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_sole_header_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_stress_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_stress_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_test_utils.py
rename to security/nss/gtests/google_test/gtest/test/gtest_test_utils.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_uninitialized_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_uninitialized_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_unittest.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_unittest.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_xml_outfiles_test.py
rename to security/nss/gtests/google_test/gtest/test/gtest_xml_outfiles_test.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest.py
rename to security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py
rename from security/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest_.cc
rename to security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc
rename from security/nss/external_tests/google_test/gtest/test/gtest_xml_test_utils.py
rename to security/nss/gtests/google_test/gtest/test/gtest_xml_test_utils.py
rename from security/nss/external_tests/google_test/gtest/test/production.cc
rename to security/nss/gtests/google_test/gtest/test/production.cc
rename from security/nss/external_tests/google_test/gtest/test/production.h
rename to security/nss/gtests/google_test/gtest/test/production.h
rename from security/nss/external_tests/google_test/gtest/xcode/Config/DebugProject.xcconfig
rename to security/nss/gtests/google_test/gtest/xcode/Config/DebugProject.xcconfig
rename from security/nss/external_tests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
rename to security/nss/gtests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
rename from security/nss/external_tests/google_test/gtest/xcode/Config/General.xcconfig
rename to security/nss/gtests/google_test/gtest/xcode/Config/General.xcconfig
rename from security/nss/external_tests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
rename to security/nss/gtests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
rename from security/nss/external_tests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
rename to security/nss/gtests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
rename from security/nss/external_tests/google_test/gtest/xcode/Config/TestTarget.xcconfig
rename to security/nss/gtests/google_test/gtest/xcode/Config/TestTarget.xcconfig
rename from security/nss/external_tests/google_test/gtest/xcode/Resources/Info.plist
rename to security/nss/gtests/google_test/gtest/xcode/Resources/Info.plist
rename from security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
rename to security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
rename from security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
rename to security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
rename from security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
rename to security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
rename from security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
rename to security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
rename from security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
rename to security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
rename from security/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
rename to security/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
rename from security/nss/external_tests/google_test/gtest/xcode/Scripts/runtests.sh
rename to security/nss/gtests/google_test/gtest/xcode/Scripts/runtests.sh
rename from security/nss/external_tests/google_test/gtest/xcode/Scripts/versiongenerate.py
rename to security/nss/gtests/google_test/gtest/xcode/Scripts/versiongenerate.py
rename from security/nss/external_tests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
rename to security/nss/gtests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
rename from security/nss/external_tests/google_test/manifest.mn
rename to security/nss/gtests/google_test/manifest.mn
rename from security/nss/external_tests/manifest.mn
rename to security/nss/gtests/manifest.mn
rename from security/nss/external_tests/nss_bogo_shim/Makefile
rename to security/nss/gtests/nss_bogo_shim/Makefile
rename from security/nss/external_tests/nss_bogo_shim/config.cc
rename to security/nss/gtests/nss_bogo_shim/config.cc
rename from security/nss/external_tests/nss_bogo_shim/config.h
rename to security/nss/gtests/nss_bogo_shim/config.h
rename from security/nss/external_tests/nss_bogo_shim/config.json
rename to security/nss/gtests/nss_bogo_shim/config.json
rename from security/nss/external_tests/nss_bogo_shim/manifest.mn
rename to security/nss/gtests/nss_bogo_shim/manifest.mn
rename from security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
rename to security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
@@ -0,0 +1,79 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nss_bogo_shim',
+      'type': 'executable',
+      'sources': [
+        'config.cc',
+        'nss_bogo_shim.cc',
+        'nsskeys.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+        '<(DEPTH)/lib/smime/smime.gyp:smime',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/cmd/lib/lib.gyp:sectool',
+        '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
+        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+      ],
+      'conditions': [
+        [ 'disable_dbm==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
+          ],
+        }],
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
+            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
+            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
+            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
+            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
+            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
+            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
+            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
+          ],
+        }],
+      ],
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ],
+    'include_dirs': [
+      '../../lib/ssl'
+    ],
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
rename from security/nss/external_tests/nss_bogo_shim/nsskeys.cc
rename to security/nss/gtests/nss_bogo_shim/nsskeys.cc
rename from security/nss/external_tests/nss_bogo_shim/nsskeys.h
rename to security/nss/gtests/nss_bogo_shim/nsskeys.h
copy from security/nss/external_tests/der_gtest/Makefile
copy to security/nss/gtests/pk11_gtest/Makefile
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/manifest.mn
@@ -0,0 +1,28 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      pk11_aeskeywrap_unittest.cc \
+      pk11_chacha20poly1305_unittest.cc \
+      pk11_export_unittest.cc \
+      pk11_pbkdf2_unittest.cc \
+      pk11_prf_unittest.cc \
+      pk11_prng_unittest.cc \
+      pk11_rsapss_unittest.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = pk11_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
+
rename from security/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
rename to security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
rename from security/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
rename to security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
rename from security/nss/external_tests/pk11_gtest/pk11_export_unittest.cc
rename to security/nss/gtests/pk11_gtest/pk11_export_unittest.cc
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -0,0 +1,38 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'pk11_gtest',
+      'type': 'executable',
+      'sources': [
+        'pk11_aeskeywrap_unittest.cc',
+        'pk11_chacha20poly1305_unittest.cc',
+        'pk11_pbkdf2_unittest.cc',
+        'pk11_prf_unittest.cc',
+        'pk11_prng_unittest.cc',
+        'pk11_rsapss_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+      ],
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../gtests/google_test/gtest/include',
+      '../../gtests/common'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
rename from security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
rename to security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
rename from security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
rename to security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_prng_unittest.cc
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "blapi.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+class PK11PrngTest : public ::testing::Test {};
+
+#ifdef UNSAFE_FUZZER_MODE
+
+// Test that two consecutive calls to the RNG return two distinct values.
+TEST_F(PK11PrngTest, Fuzz_DetPRNG) {
+  std::vector<uint8_t> rnd1(2048, 0);
+  std::vector<uint8_t> rnd2(2048, 0);
+
+  SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  rv = PK11_GenerateRandom(rnd2.data(), rnd2.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  EXPECT_NE(rnd1, rnd2);
+}
+
+// Test that two consecutive calls to the RNG return two equal values
+// when the RNG's internal state is reset before each call.
+TEST_F(PK11PrngTest, Fuzz_DetPRNG_Reset) {
+  std::vector<uint8_t> rnd1(2048, 0);
+  std::vector<uint8_t> rnd2(2048, 0);
+
+  RNG_ResetForFuzzing();
+
+  SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  RNG_ResetForFuzzing();
+
+  rv = PK11_GenerateRandom(rnd2.data(), rnd2.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  EXPECT_EQ(rnd1, rnd2);
+}
+
+// Test that the RNG's internal state progresses in a consistent manner.
+TEST_F(PK11PrngTest, Fuzz_DetPRNG_StatefulReset) {
+  std::vector<uint8_t> rnd1(2048, 0);
+  std::vector<uint8_t> rnd2(2048, 0);
+
+  RNG_ResetForFuzzing();
+
+  SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  rv = PK11_GenerateRandom(rnd1.data() + 1024, rnd1.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  RNG_ResetForFuzzing();
+
+  rv = PK11_GenerateRandom(rnd2.data(), rnd2.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  rv = PK11_GenerateRandom(rnd2.data() + 1024, rnd2.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  EXPECT_EQ(rnd1, rnd2);
+}
+
+#endif
+
+}  // namespace nss_test
rename from security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
rename to security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
rename from security/nss/external_tests/ssl_gtest/Makefile
rename to security/nss/gtests/ssl_gtest/Makefile
rename from security/nss/external_tests/ssl_gtest/databuffer.h
rename to security/nss/gtests/ssl_gtest/databuffer.h
rename from security/nss/external_tests/ssl_gtest/gtest_utils.h
rename to security/nss/gtests/ssl_gtest/gtest_utils.h
rename from security/nss/external_tests/ssl_gtest/libssl_internals.c
rename to security/nss/gtests/ssl_gtest/libssl_internals.c
rename from security/nss/external_tests/ssl_gtest/libssl_internals.h
rename to security/nss/gtests/ssl_gtest/libssl_internals.h
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/manifest.mn
@@ -0,0 +1,52 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+# These sources have access to libssl internals
+CSRCS = \
+      libssl_internals.c \
+      $(NULL)
+
+CPPSRCS = \
+      ssl_0rtt_unittest.cc \
+      ssl_agent_unittest.cc \
+      ssl_auth_unittest.cc \
+      ssl_cert_ext_unittest.cc \
+      ssl_ciphersuite_unittest.cc \
+      ssl_damage_unittest.cc \
+      ssl_dhe_unittest.cc \
+      ssl_drop_unittest.cc \
+      ssl_ecdh_unittest.cc \
+      ssl_ems_unittest.cc \
+      ssl_extension_unittest.cc \
+      ssl_gtest.cc \
+      ssl_hrr_unittest.cc \
+      ssl_loopback_unittest.cc \
+      ssl_record_unittest.cc \
+      ssl_resumption_unittest.cc \
+      ssl_skip_unittest.cc \
+      ssl_staticrsa_unittest.cc \
+      ssl_v2_client_hello_unittest.cc \
+      ssl_version_unittest.cc \
+      test_io.cc \
+      tls_agent.cc \
+      tls_connect.cc \
+      tls_hkdf_unittest.cc \
+      tls_filter.cc \
+      tls_parser.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = ssl_gtest
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+             $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
+
+USE_STATIC_LIBS = 1
rename from security/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_damage_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_drop_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_ems_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_ems_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_gtest.cc
rename to security/nss/gtests/ssl_gtest/ssl_gtest.cc
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
@@ -0,0 +1,106 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'ssl_gtest',
+      'type': 'executable',
+      'sources': [
+        'libssl_internals.c',
+        'ssl_0rtt_unittest.cc',
+        'ssl_agent_unittest.cc',
+        'ssl_auth_unittest.cc',
+        'ssl_cert_ext_unittest.cc',
+        'ssl_ciphersuite_unittest.cc',
+        'ssl_damage_unittest.cc',
+        'ssl_dhe_unittest.cc',
+        'ssl_drop_unittest.cc',
+        'ssl_ecdh_unittest.cc',
+        'ssl_ems_unittest.cc',
+        'ssl_extension_unittest.cc',
+        'ssl_gtest.cc',
+        'ssl_hrr_unittest.cc',
+        'ssl_loopback_unittest.cc',
+        'ssl_record_unittest.cc',
+        'ssl_resumption_unittest.cc',
+        'ssl_skip_unittest.cc',
+        'ssl_staticrsa_unittest.cc',
+        'ssl_v2_client_hello_unittest.cc',
+        'ssl_version_unittest.cc',
+        'test_io.cc',
+        'tls_agent.cc',
+        'tls_connect.cc',
+        'tls_filter.cc',
+        'tls_hkdf_unittest.cc',
+        'tls_parser.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+        '<(DEPTH)/lib/smime/smime.gyp:smime',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/cmd/lib/lib.gyp:sectool',
+        '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
+        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+      ],
+      'conditions': [
+        [ 'disable_dbm==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
+          ],
+        }],
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
+            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
+            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
+            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
+            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
+            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
+            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
+            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
+          ],
+        }],
+      ],
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../gtests/google_test/gtest/include',
+      '../../gtests/common',
+      '../../lib/ssl'
+    ],
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
rename from security/nss/external_tests/ssl_gtest/ssl_hrr_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_record_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
rename from security/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
rename to security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
rename from security/nss/external_tests/ssl_gtest/test_io.cc
rename to security/nss/gtests/ssl_gtest/test_io.cc
rename from security/nss/external_tests/ssl_gtest/test_io.h
rename to security/nss/gtests/ssl_gtest/test_io.h
rename from security/nss/external_tests/ssl_gtest/tls_agent.cc
rename to security/nss/gtests/ssl_gtest/tls_agent.cc
rename from security/nss/external_tests/ssl_gtest/tls_agent.h
rename to security/nss/gtests/ssl_gtest/tls_agent.h
rename from security/nss/external_tests/ssl_gtest/tls_connect.cc
rename to security/nss/gtests/ssl_gtest/tls_connect.cc
rename from security/nss/external_tests/ssl_gtest/tls_connect.h
rename to security/nss/gtests/ssl_gtest/tls_connect.h
rename from security/nss/external_tests/ssl_gtest/tls_filter.cc
rename to security/nss/gtests/ssl_gtest/tls_filter.cc
rename from security/nss/external_tests/ssl_gtest/tls_filter.h
rename to security/nss/gtests/ssl_gtest/tls_filter.h
rename from security/nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc
rename to security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
rename from security/nss/external_tests/ssl_gtest/tls_parser.cc
rename to security/nss/gtests/ssl_gtest/tls_parser.cc
rename from security/nss/external_tests/ssl_gtest/tls_parser.h
rename to security/nss/gtests/ssl_gtest/tls_parser.h
rename from security/nss/external_tests/util_gtest/Makefile
rename to security/nss/gtests/util_gtest/Makefile
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/util_gtest/manifest.mn
@@ -0,0 +1,26 @@
+# -*- makefile -*-
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+	util_utf8_unittest.cc \
+	$(NULL)
+
+INCLUDES += \
+	-I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+	-I$(CORE_DEPTH)/gtests/common \
+	$(NULL)
+
+REQUIRES = nspr gtest
+
+PROGRAM = util_gtest
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
+	../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) \
+	$(NULL)
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/util_gtest/util_gtest.gyp
@@ -0,0 +1,34 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'util_gtest',
+      'type': 'executable',
+      'sources': [
+        'util_utf8_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/util/util.gyp:nssutil',
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../gtests/google_test/gtest/include',
+      '../../gtests/common',
+      '../../lib/util'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
rename from security/nss/external_tests/util_gtest/util_utf8_unittest.cc
rename to security/nss/gtests/util_gtest/util_utf8_unittest.cc
--- a/security/nss/lib/ckfw/mechanism.c
+++ b/security/nss/lib/ckfw/mechanism.c
@@ -94,17 +94,17 @@ nssCKFWMechanism_Create(
  *
  */
 NSS_IMPLEMENT void
 nssCKFWMechanism_Destroy(
     NSSCKFWMechanism *fwMechanism)
 {
     /* destroy any fw resources held by nssCKFWMechanism (currently none) */
 
-    if (!fwMechanism->mdMechanism->Destroy) {
+    if (fwMechanism->mdMechanism->Destroy) {
         /* destroys it's parent as well */
         fwMechanism->mdMechanism->Destroy(
             fwMechanism->mdMechanism,
             fwMechanism,
             fwMechanism->mdInstance,
             fwMechanism->fwInstance);
     }
     /* if the Destroy function wasn't supplied, then the mechanism is 'static',
--- a/security/nss/lib/crmf/cmmfchal.c
+++ b/security/nss/lib/crmf/cmmfchal.c
@@ -29,17 +29,19 @@ cmmf_create_witness_and_challenge(PLAren
     SECStatus rv = SECFailure;
     CMMFRand randStr = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } };
     PK11SlotInfo *slot;
     PK11SymKey *symKey = NULL;
     CERTSubjectPublicKeyInfo *spki = NULL;
 
     encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber,
                                            inRandom);
-    encodedRandNum = &challenge->randomNumber;
+    if (!encodedRandNum) {
+        goto loser;
+    }
     randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
     senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
     if (randHash == NULL) {
         goto loser;
     }
     rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data,
                       (PRUint32)encodedRandNum->len);
     if (rv != SECSuccess) {
--- a/security/nss/lib/crmf/crmfpop.c
+++ b/security/nss/lib/crmf/crmfpop.c
@@ -120,17 +120,19 @@ crmf_generic_encoder_callback(void *arg,
             /* I really want to return an error code here */
             PORT_Assert(0);
             return;
         }
         encoderArg->buffer->data = dummy;
         encoderArg->allocatedLen = newSize;
     }
     cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
-    PORT_Memcpy(cursor, buf, len);
+    if (len) {
+        PORT_Memcpy(cursor, buf, len);
+    }
     encoderArg->buffer->len += len;
 }
 
 static SECStatus
 crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest)
 {
     struct crmfEncoderArg encoderArg;
     SECStatus rv;
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -310,18 +310,16 @@ seckey_UpdateCertPQGChain(CERTCertificat
 {
     SECStatus rv;
     SECOidData *oid = NULL;
     int tag;
     CERTSubjectPublicKeyInfo *subjectSpki = NULL;
     CERTSubjectPublicKeyInfo *issuerSpki = NULL;
     CERTCertificate *issuerCert = NULL;
 
-    rv = SECSuccess;
-
     /* increment cert chain length counter*/
     count++;
 
     /* check if cert chain length exceeds the maximum length*/
     if (count > CERT_MAX_CERT_CHAIN) {
         return SECFailure;
     }
 
@@ -644,17 +642,16 @@ seckey_ExtractPublicKey(const CERTSubjec
                 rv = seckey_SetPointEncoding(arena, pubk);
                 if (rv == SECSuccess) {
                     return pubk;
                 }
                 break;
 
             default:
                 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-                rv = SECFailure;
                 break;
         }
 
     SECKEY_DestroyPublicKey(pubk);
     return NULL;
 }
 
 /* required for JSS */
--- a/security/nss/lib/freebl/alg2268.c
+++ b/security/nss/lib/freebl/alg2268.c
@@ -359,51 +359,51 @@ rc2_Decrypt1Block(RC2Context *cx, RC2Blo
 
     /* output results */
     output->s[0] = R0;
     output->s[1] = R1;
     output->s[2] = R2;
     output->s[3] = R3;
 }
 
-static SECStatus
+static SECStatus NO_SANITIZE_ALIGNMENT
 rc2_EncryptECB(RC2Context *cx, unsigned char *output,
                const unsigned char *input, unsigned int inputLen)
 {
     RC2Block iBlock;
 
     while (inputLen > 0) {
         LOAD(iBlock.s)
         rc2_Encrypt1Block(cx, &iBlock, &iBlock);
         STORE(iBlock.s)
         output += RC2_BLOCK_SIZE;
         input += RC2_BLOCK_SIZE;
         inputLen -= RC2_BLOCK_SIZE;
     }
     return SECSuccess;
 }
 
-static SECStatus
+static SECStatus NO_SANITIZE_ALIGNMENT
 rc2_DecryptECB(RC2Context *cx, unsigned char *output,
                const unsigned char *input, unsigned int inputLen)
 {
     RC2Block iBlock;
 
     while (inputLen > 0) {
         LOAD(iBlock.s)
         rc2_Decrypt1Block(cx, &iBlock, &iBlock);
         STORE(iBlock.s)
         output += RC2_BLOCK_SIZE;
         input += RC2_BLOCK_SIZE;
         inputLen -= RC2_BLOCK_SIZE;
     }
     return SECSuccess;
 }
 
-static SECStatus
+static SECStatus NO_SANITIZE_ALIGNMENT
 rc2_EncryptCBC(RC2Context *cx, unsigned char *output,
                const unsigned char *input, unsigned int inputLen)
 {
     RC2Block iBlock;
 
     while (inputLen > 0) {
 
         LOAD(iBlock.s)
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1424,16 +1424,18 @@ extern SECStatus RNG_RNGInit(void);
 extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
 
 /*
 ** Generate some random bytes, using the global random number generator
 ** object.
 */
 extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
 
+extern SECStatus RNG_ResetForFuzzing(void);
+
 /* Destroy the global RNG context.  After a call to RNG_RNGShutdown()
 ** a call to RNG_RNGInit() is required in order to use the generator again,
 ** along with seed data (see the comment above RNG_RNGInit()).
 */
 extern void RNG_RNGShutdown(void);
 
 extern void RNG_SystemInfoForRNG(void);
 
--- a/security/nss/lib/freebl/camellia.c
+++ b/security/nss/lib/freebl/camellia.c
@@ -1073,17 +1073,17 @@ camellia_setup192(const unsigned char *k
     camellia_setup256(kk, subkey);
     return;
 }
 
 /**
  * Stuff related to camellia encryption/decryption
  *
  */
-SECStatus
+SECStatus NO_SANITIZE_ALIGNMENT
 camellia_encrypt128(const PRUint32 *subkey,
                     unsigned char *output,
                     const unsigned char *input)
 {
     PRUint32 il, ir, t0, t1;
     PRUint32 io[4];
 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
     PRUint32 tmp;
@@ -1180,17 +1180,17 @@ camellia_encrypt128(const PRUint32 *subk
     PUTU32(output, io[0]);
     PUTU32(output + 4, io[1]);
     PUTU32(output + 8, io[2]);
     PUTU32(output + 12, io[3]);
 
     return SECSuccess;
 }
 
-SECStatus
+SECStatus NO_SANITIZE_ALIGNMENT
 camellia_decrypt128(const PRUint32 *subkey,
                     unsigned char *output,
                     const unsigned char *input)
 {
     PRUint32 il, ir, t0, t1; /* temporary valiables */
     PRUint32 io[4];
 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
     PRUint32 tmp;
@@ -1290,17 +1290,17 @@ camellia_decrypt128(const PRUint32 *subk
     PUTU32(output + 12, io[3]);
 
     return SECSuccess;
 }
 
 /**
  * stuff for 192 and 256bit encryption/decryption
  */
-SECStatus
+SECStatus NO_SANITIZE_ALIGNMENT
 camellia_encrypt256(const PRUint32 *subkey,
                     unsigned char *output,
                     const unsigned char *input)
 {
     PRUint32 il, ir, t0, t1; /* temporary valiables */
     PRUint32 io[4];
 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
     PRUint32 tmp;
@@ -1421,17 +1421,17 @@ camellia_encrypt256(const PRUint32 *subk
     PUTU32(output, io[0]);
     PUTU32(output + 4, io[1]);
     PUTU32(output + 8, io[2]);
     PUTU32(output + 12, io[3]);
 
     return SECSuccess;
 }
 
-SECStatus
+SECStatus NO_SANITIZE_ALIGNMENT
 camellia_decrypt256(const PRUint32 *subkey,
                     unsigned char *output,
                     const unsigned char *input)
 {
     PRUint32 il, ir, t0, t1; /* temporary valiables */
     PRUint32 io[4];
 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
     PRUint32 tmp;
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/det_rng.c
@@ -0,0 +1,67 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "blapi.h"
+#include "blapit.h"
+#include "chacha20.h"
+#include "nssilock.h"
+#include "seccomon.h"
+#include "secerr.h"
+
+static unsigned long globalNumCalls = 0;
+
+SECStatus
+prng_ResetForFuzzing(PZLock *rng_lock)
+{
+    /* Check for a valid RNG lock. */
+    PORT_Assert(rng_lock != NULL);
+    if (rng_lock == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* --- LOCKED --- */
+    PZ_Lock(rng_lock);
+    globalNumCalls = 0;
+    PZ_Unlock(rng_lock);
+    /* --- UNLOCKED --- */
+
+    return SECSuccess;
+}
+
+SECStatus
+prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest, size_t len)
+{
+    static const uint8_t key[32];
+    uint8_t nonce[12] = { 0 };
+
+    /* Check for a valid RNG lock. */
+    PORT_Assert(rng_lock != NULL);
+    if (rng_lock == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* --- LOCKED --- */
+    PZ_Lock(rng_lock);
+
+    memcpy(nonce, &globalNumCalls, sizeof(globalNumCalls));
+    globalNumCalls++;
+
+    ChaCha20Poly1305Context *cx =
+        ChaCha20Poly1305_CreateContext(key, sizeof(key), 16);
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PZ_Unlock(rng_lock);
+        return SECFailure;
+    }
+
+    memset(dest, 0, len);
+    ChaCha20XOR(dest, dest, len, key, nonce, 0);
+    ChaCha20Poly1305_DestroyContext(cx, PR_TRUE);
+
+    PZ_Unlock(rng_lock);
+    /* --- UNLOCKED --- */
+    return SECSuccess;
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/det_rng.h
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __det_rng_h_
+#define __det_rng_h_
+
+SECStatus prng_ResetForFuzzing(PZLock *rng_lock);
+SECStatus prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest,
+                                                size_t len);
+
+#endif /* __det_rng_h_ */
--- a/security/nss/lib/freebl/drbg.c
+++ b/security/nss/lib/freebl/drbg.c
@@ -15,16 +15,20 @@
 #include "blapii.h"
 #include "nssilock.h"
 #include "secitem.h"
 #include "sha_fast.h"
 #include "sha256.h"
 #include "secrng.h" /* for RNG_SystemRNG() */
 #include "secmpi.h"
 
+#ifdef UNSAFE_FUZZER_MODE
+#include "det_rng.h"
+#endif
+
 /* PRNG_SEEDLEN defined in NIST SP 800-90 section 10.1
  * for SHA-1, SHA-224, and SHA-256 it's 440 bits.
  * for SHA-384 and SHA-512 it's 888 bits */
 #define PRNG_SEEDLEN (440 / PR_BITS_PER_BYTE)
 #define PRNG_MAX_ADDITIONAL_BYTES PR_INT64(0x100000000)
 /* 2^35 bits or 2^32 bytes */
 #define PRNG_MAX_REQUEST_SIZE 0x10000             /* 2^19 bits or 2^16 bytes */
 #define PRNG_ADDITONAL_DATA_CACHE_SIZE (8 * 1024) /* must be less than          \
@@ -645,17 +649,31 @@ prng_GenerateGlobalRandomBytes(RNGContex
 
 /*
 ** Generate some random bytes, using the global random number generator
 ** object.
 */
 SECStatus
 RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
 {
+#ifdef UNSAFE_FUZZER_MODE
+    return prng_GenerateDeterministicRandomBytes(globalrng->lock, dest, len);
+#else
     return prng_GenerateGlobalRandomBytes(globalrng, dest, len);
+#endif
+}
+
+SECStatus
+RNG_ResetForFuzzing(void)
+{
+#ifdef UNSAFE_FUZZER_MODE
+    return prng_ResetForFuzzing(globalrng->lock);
+#else
+    return SECFailure;
+#endif
 }
 
 void
 RNG_RNGShutdown(void)
 {
     /* check for a valid global RNG context */
     PORT_Assert(globalrng != NULL);
     if (globalrng == NULL) {
--- a/security/nss/lib/freebl/freebl.gyp
+++ b/security/nss/lib/freebl/freebl.gyp
@@ -42,16 +42,17 @@
         'arcfive.c',
         'arcfour.c',
         'camellia.c',
         'chacha20poly1305.c',
         'ctr.c',
         'cts.c',
         'des.c',
         'desblapi.c',
+        'det_rng.c',
         'dh.c',
         'drbg.c',
         'dsa.c',
         'ec.c',
         'ecdecode.c',
         'ecl/ec_naf.c',
         'ecl/ecl.c',
         'ecl/ecl_curve.c',
@@ -208,16 +209,21 @@
               # not x64
               'sources': [
                 'chacha20.c',
                 'poly1305.c',
               ],
             }],
           ],
         }],
+        [ 'fuzz==1', {
+          'defines': [
+            'UNSAFE_FUZZER_MODE',
+          ],
+        }],
         [ 'OS=="mac"', {
           'conditions': [
             [ 'target_arch=="ia32"', {
               'sources': [
                 'mpi/mpi_sse2.s',
               ],
               'defines': [
                 'MP_USE_UINT_DIGIT',
@@ -250,17 +256,16 @@
     [ 'OS=="linux"', {
       # stub build
       'targets': [
         {
           'target_name': 'freebl3',
           'type': 'shared_library',
           'defines': [
             'FREEBL_NO_DEPEND',
-            'FREEBL_LOWHASH',
           ],
           'sources': [
             'lowhash_vector.c'
           ],
           'dependencies': [
             '<(DEPTH)/exports.gyp:nss_exports'
           ],
           'variables': {
@@ -343,21 +348,23 @@
             'defines': [
               'NSS_X86_OR_X64',
               'NSS_X86',
             ],
           }],
         ],
       }],
       [ 'OS=="linux"', {
+        'defines': [
+          'FREEBL_LOWHASH',
+        ],
         'conditions': [
           [ 'test_build==0', {
             'defines': [
               'FREEBL_NO_DEPEND',
-              'FREEBL_LOWHASH',
             ],
           }],
           [ 'target_arch=="x64"', {
             'defines': [
               'MP_IS_LITTLE_ENDIAN',
               'NSS_BEVAND_ARCFOUR',
               'MPI_AMD64',
               'MP_ASSEMBLY_MULTIPLY',
@@ -388,17 +395,10 @@
       [ 'OS=="mac"', {
       }],
       [ 'OS=="win"', {
       }],
     ],
   },
   'variables': {
     'module': 'nss',
-    'conditions': [
-      [ 'OS=="linux"', {
-        'freebl_name': 'freeblpriv3',
-      }, {
-        'freebl_name': 'freebl3',
-      }],
-    ],
   }
 }
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -809,17 +809,17 @@ BL_Unload(void)
 {
     /* This function is not thread-safe, but doesn't need to be, because it is
      * only called from functions that are also defined as not thread-safe,
      * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
      * from NSS_Shutdown. */
     char *disableUnload = NULL;
     vector = NULL;
     disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
-    if (!disableUnload) {
+    if (blLib && !disableUnload) {
 #ifdef DEBUG
         PRStatus status = PR_UnloadLibrary(blLib);
         PORT_Assert(PR_SUCCESS == status);
 #else
         PR_UnloadLibrary(blLib);
 #endif
     }
     blLib = NULL;
--- a/security/nss/lib/freebl/mpi/mpi.c
+++ b/security/nss/lib/freebl/mpi/mpi.c
@@ -14,20 +14,16 @@
 
 #if defined(__arm__) && \
     ((defined(__thumb__) && !defined(__thumb2__)) || defined(__ARM_ARCH_3__))
 /* 16-bit thumb or ARM v3 doesn't work inlined assember version */
 #undef MP_ASSEMBLY_MULTIPLY
 #undef MP_ASSEMBLY_SQUARE
 #endif
 
-#if defined(_MSC_VER) && _MSC_VER < 1900
-#define inline __inline
-#endif
-
 #if MP_LOGTAB
 /*
   A table of the logs of 2 for various bases (the 0 and 1 entries of
   this table are meaningless and should not be referenced).
 
   This table is used to compute output lengths for the mp_toradix()
   function.  Since a number n in radix r takes up about log_r(n)
   digits, we estimate the output size by taking the least integer
@@ -2756,17 +2752,17 @@ s_mp_pad(mp_int *mp, mp_size min)
 
 } /* end s_mp_pad() */
 
 /* }}} */
 
 /* {{{ s_mp_setz(dp, count) */
 
 /* Set 'count' digits pointed to by dp to be zeroes                       */
-inline void
+void
 s_mp_setz(mp_digit *dp, mp_size count)
 {
 #if MP_MEMSET == 0
     int ix;
 
     for (ix = 0; ix < count; ix++)
         dp[ix] = 0;
 #else
@@ -2775,17 +2771,17 @@ s_mp_setz(mp_digit *dp, mp_size count)
 
 } /* end s_mp_setz() */
 
 /* }}} */
 
 /* {{{ s_mp_copy(sp, dp, count) */
 
 /* Copy 'count' digits from sp to dp                                      */
-inline void
+void
 s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
 {
 #if MP_MEMCPY == 0
     int ix;
 
     for (ix = 0; ix < count; ix++)
         dp[ix] = sp[ix];
 #else
@@ -2793,42 +2789,42 @@ s_mp_copy(const mp_digit *sp, mp_digit *
 #endif
 } /* end s_mp_copy() */
 
 /* }}} */
 
 /* {{{ s_mp_alloc(nb, ni) */
 
 /* Allocate ni records of nb bytes each, and return a pointer to that     */
-inline void *
+void *
 s_mp_alloc(size_t nb, size_t ni)
 {
     return calloc(nb, ni);
 
 } /* end s_mp_alloc() */
 
 /* }}} */
 
 /* {{{ s_mp_free(ptr) */
 
 /* Free the memory pointed to by ptr                                      */
-inline void
+void
 s_mp_free(void *ptr)
 {
     if (ptr) {
         free(ptr);
     }
 } /* end s_mp_free() */
 
 /* }}} */
 
 /* {{{ s_mp_clamp(mp) */
 
 /* Remove leading zeroes from the given value                             */
-inline void
+void
 s_mp_clamp(mp_int *mp)
 {
     mp_size used = MP_USED(mp);
     while (used > 1 && DIGIT(mp, used - 1) == 0)
         --used;
     MP_USED(mp) = used;
 } /* end s_mp_clamp() */
 
--- a/security/nss/lib/freebl/sha_fast.c
+++ b/security/nss/lib/freebl/sha_fast.c
@@ -135,17 +135,17 @@ SHA1_Update(SHA1Context *ctx, const unsi
     if (len) {
         memcpy(ctx->B, dataIn, len);
     }
 }
 
 /*
  *  SHA: Generate hash value from context
  */
-void
+void NO_SANITIZE_ALIGNMENT
 SHA1_End(SHA1Context *ctx, unsigned char *hashout,
          unsigned int *pDigestLen, unsigned int maxDigestLen)
 {
     register PRUint64 size;
     register PRUint32 lenB;
 
     static const unsigned char bulk_pad[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                                                 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
--- a/security/nss/lib/jar/jarfile.c
+++ b/security/nss/lib/jar/jarfile.c
@@ -652,17 +652,17 @@ jar_gen_index(JAR *jar, jarArch format, 
  *  List the physical contents of a Phil Katz
  *  style .ZIP file into the JAR linked list.
  *
  */
 static int
 jar_listzip(JAR *jar, JAR_FILE fp)
 {
     ZZLink *ent;
-    JAR_Item *it;
+    JAR_Item *it = NULL;
     JAR_Physical *phy = NULL;
     struct ZipLocal *Local = PORT_ZNew(struct ZipLocal);
     struct ZipCentral *Central = PORT_ZNew(struct ZipCentral);
     struct ZipEnd *End = PORT_ZNew(struct ZipEnd);
 
     int err = 0;
     long pos = 0L;
     unsigned int compression;
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@@ -93,17 +93,16 @@ nss_makeFlags(PRBool readOnly, PRBool no
             PORT_Strcat(flags, ",");
         PORT_Strcat(flags, "passwordRequired");
         first = PR_FALSE;
     }
     if (optimizeSpace) {
         if (!first)
             PORT_Strcat(flags, ",");
         PORT_Strcat(flags, "optimizeSpace");
-        first = PR_FALSE;
     }
     return flags;
 }
 
 /*
  * build config string from individual internationalized strings
  */
 char *
@@ -658,16 +657,31 @@ nss_Init(const char *configdir, const ch
                                                initParams->minPWLen);
             if (configStrings == NULL) {
                 PORT_SetError(SEC_ERROR_NO_MEMORY);
                 goto loser;
             }
             configName = initParams->libraryDescription;
             passwordRequired = initParams->passwordRequired;
         }
+
+        /* If we're NSS_ContextInit, we're probably a library. It could be
+         * possible that the application initialized NSS then forked(). The
+         * library would have no knowledge of that. If we call 
+         * SECMOD_RestartModules() here, we will be able to continue on with
+         * NSS as normal. SECMOD_RestartModules() does have the side affect
+         * of losing all our PKCS #11 objects in the new process, but only if
+         * the module needs to be reinited. If it needs to be reinit those
+         * objects are inaccessible anyway, it's always save to call
+         * SECMOD_RestartModules(PR_FALSE).
+         */
+        /* NOTE: We could call SECMOD_Init() here, but if we aren't already
+         * inited, then there's no modules to restart, so SECMOD_RestartModules
+         * will return immediately */
+        SECMOD_RestartModules(PR_FALSE);
     } else {
         configStrings = pk11_config_strings;
         configName = pk11_config_name;
         passwordRequired = pk11_password_required;
     }
 
     /* Skip the module init if we are already initted and we are trying
      * to init with noCertDB and noModDB */
--- a/security/nss/lib/pk11wrap/debug_module.c
+++ b/security/nss/lib/pk11wrap/debug_module.c
@@ -1,756 +1,778 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "prlog.h"
 #include <stdio.h>
-#include "cert.h"  /* for CERT_DerNameToAscii & CERT_Hexify */
+#include "cert.h" /* for CERT_DerNameToAscii & CERT_Hexify */
 
 static PRLogModuleInfo *modlog = NULL;
 
 static CK_FUNCTION_LIST_PTR module_functions;
 
 static CK_FUNCTION_LIST debug_functions;
 
 static void print_final_statistics(void);
 
-#define STRING static const char 
+#define STRING static const char
 
-STRING fmt_flags[]                = "  flags = 0x%x";
-STRING fmt_hKey[]                 = "  hKey = 0x%x";
-STRING fmt_hObject[]              = "  hObject = 0x%x";
-STRING fmt_hSession[]             = "  hSession = 0x%x";
-STRING fmt_manufacturerID[]       = "  manufacturerID = \"%.32s\"";
-STRING fmt_pData[]                = "  pData = 0x%p";
-STRING fmt_pDigest[]              = "  pDigest = 0x%p";
-STRING fmt_pEncryptedData[]       = "  pEncryptedData = 0x%p";
-STRING fmt_pEncryptedPart[]       = "  pEncryptedPart = 0x%p";
-STRING fmt_pInfo[]                = "  pInfo = 0x%p";
-STRING fmt_pMechanism[]           = "  pMechanism = 0x%p";
-STRING fmt_pOperationState[]      = "  pOperationState = 0x%p";
-STRING fmt_pPart[]                = "  pPart = 0x%p";
-STRING fmt_pPin[]                 = "  pPin = 0x%p";
-STRING fmt_pSignature[]           = "  pSignature = 0x%p";
-STRING fmt_pTemplate[]            = "  pTemplate = 0x%p";
-STRING fmt_pWrappedKey[]          = "  pWrappedKey = 0x%p";
-STRING fmt_phKey[]                = "  phKey = 0x%p";
-STRING fmt_phObject[]             = "  phObject = 0x%p";
-STRING fmt_pulCount[]             = "  pulCount = 0x%p";
-STRING fmt_pulDataLen[]           = "  pulDataLen = 0x%p";
-STRING fmt_pulDigestLen[]         = "  pulDigestLen = 0x%p";
-STRING fmt_pulEncryptedPartLen[]  = "  pulEncryptedPartLen = 0x%p";
-STRING fmt_pulPartLen[]           = "  pulPartLen = 0x%p";
-STRING fmt_pulSignatureLen[]      = "  pulSignatureLen = 0x%p";
-STRING fmt_slotID[]               = "  slotID = 0x%x";
-STRING fmt_sphKey[]               = "  *phKey = 0x%x";
-STRING fmt_spulCount[]            = "  *pulCount = 0x%x";
-STRING fmt_spulDataLen[]          = "  *pulDataLen = 0x%x";
-STRING fmt_spulDigestLen[]        = "  *pulDigestLen = 0x%x";
+STRING fmt_flags[] = "  flags = 0x%x";
+STRING fmt_hKey[] = "  hKey = 0x%x";
+STRING fmt_hObject[] = "  hObject = 0x%x";
+STRING fmt_hSession[] = "  hSession = 0x%x";
+STRING fmt_manufacturerID[] = "  manufacturerID = \"%.32s\"";
+STRING fmt_pData[] = "  pData = 0x%p";
+STRING fmt_pDigest[] = "  pDigest = 0x%p";
+STRING fmt_pEncryptedData[] = "  pEncryptedData = 0x%p";
+STRING fmt_pEncryptedPart[] = "  pEncryptedPart = 0x%p";
+STRING fmt_pInfo[] = "  pInfo = 0x%p";
+STRING fmt_pMechanism[] = "  pMechanism = 0x%p";
+STRING fmt_pOperationState[] = "  pOperationState = 0x%p";
+STRING fmt_pPart[] = "  pPart = 0x%p";
+STRING fmt_pPin[] = "  pPin = 0x%p";
+STRING fmt_pSignature[] = "  pSignature = 0x%p";
+STRING fmt_pTemplate[] = "  pTemplate = 0x%p";
+STRING fmt_pWrappedKey[] = "  pWrappedKey = 0x%p";
+STRING fmt_phKey[] = "  phKey = 0x%p";
+STRING fmt_phObject[] = "  phObject = 0x%p";
+STRING fmt_pulCount[] = "  pulCount = 0x%p";
+STRING fmt_pulDataLen[] = "  pulDataLen = 0x%p";
+STRING fmt_pulDigestLen[] = "  pulDigestLen = 0x%p";
+STRING fmt_pulEncryptedPartLen[] = "  pulEncryptedPartLen = 0x%p";
+STRING fmt_pulPartLen[] = "  pulPartLen = 0x%p";
+STRING fmt_pulSignatureLen[] = "  pulSignatureLen = 0x%p";
+STRING fmt_slotID[] = "  slotID = 0x%x";
+STRING fmt_sphKey[] = "  *phKey = 0x%x";
+STRING fmt_spulCount[] = "  *pulCount = 0x%x";
+STRING fmt_spulDataLen[] = "  *pulDataLen = 0x%x";
+STRING fmt_spulDigestLen[] = "  *pulDigestLen = 0x%x";
 STRING fmt_spulEncryptedPartLen[] = "  *pulEncryptedPartLen = 0x%x";
-STRING fmt_spulPartLen[]          = "  *pulPartLen = 0x%x";
-STRING fmt_spulSignatureLen[]     = "  *pulSignatureLen = 0x%x";
-STRING fmt_ulAttributeCount[]     = "  ulAttributeCount = %d";
-STRING fmt_ulCount[]              = "  ulCount = %d";
-STRING fmt_ulDataLen[]            = "  ulDataLen = %d";
-STRING fmt_ulEncryptedPartLen[]   = "  ulEncryptedPartLen = %d";
-STRING fmt_ulPartLen[]            = "  ulPartLen = %d";
-STRING fmt_ulPinLen[]             = "  ulPinLen = %d";
-STRING fmt_ulSignatureLen[]       = "  ulSignatureLen = %d";
+STRING fmt_spulPartLen[] = "  *pulPartLen = 0x%x";
+STRING fmt_spulSignatureLen[] = "  *pulSignatureLen = 0x%x";
+STRING fmt_ulAttributeCount[] = "  ulAttributeCount = %d";
+STRING fmt_ulCount[] = "  ulCount = %d";
+STRING fmt_ulDataLen[] = "  ulDataLen = %d";
+STRING fmt_ulEncryptedPartLen[] = "  ulEncryptedPartLen = %d";
+STRING fmt_ulPartLen[] = "  ulPartLen = %d";
+STRING fmt_ulPinLen[] = "  ulPinLen = %d";
+STRING fmt_ulSignatureLen[] = "  ulSignatureLen = %d";
 
-STRING fmt_fwVersion[]            = "  firmware version: %d.%d";
-STRING fmt_hwVersion[]            = "  hardware version: %d.%d";
-STRING fmt_s_qsq_d[]              = "    %s = \"%s\" [%d]";
-STRING fmt_s_s_d[]                = "    %s = %s [%d]";
-STRING fmt_s_lu[]                 = "    %s = %lu";
-STRING fmt_invalid_handle[]       = " (CK_INVALID_HANDLE)";
+STRING fmt_fwVersion[] = "  firmware version: %d.%d";
+STRING fmt_hwVersion[] = "  hardware version: %d.%d";
+STRING fmt_s_qsq_d[] = "    %s = \"%s\" [%d]";
+STRING fmt_s_s_d[] = "    %s = %s [%d]";
+STRING fmt_s_lu[] = "    %s = %lu";
+STRING fmt_invalid_handle[] = " (CK_INVALID_HANDLE)";
 
-
-static void get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len)
+static void
+get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len)
 {
-#define CASE(attr) case attr: a = #attr ; break
+#define CASE(attr) \
+    case attr:     \
+        a = #attr; \
+        break
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (atype) {
-    CASE(CKA_CLASS);
-    CASE(CKA_TOKEN);
-    CASE(CKA_PRIVATE);
-    CASE(CKA_LABEL);
-    CASE(CKA_APPLICATION);
-    CASE(CKA_VALUE);
-    CASE(CKA_OBJECT_ID);
-    CASE(CKA_CERTIFICATE_TYPE);
-    CASE(CKA_CERTIFICATE_CATEGORY);
-    CASE(CKA_ISSUER);
-    CASE(CKA_SERIAL_NUMBER);
-    CASE(CKA_AC_ISSUER);
-    CASE(CKA_OWNER);
-    CASE(CKA_ATTR_TYPES);
-    CASE(CKA_TRUSTED);
-    CASE(CKA_KEY_TYPE);
-    CASE(CKA_SUBJECT);
-    CASE(CKA_ID);
-    CASE(CKA_SENSITIVE);
-    CASE(CKA_ENCRYPT);
-    CASE(CKA_DECRYPT);
-    CASE(CKA_WRAP);
-    CASE(CKA_UNWRAP);
-    CASE(CKA_SIGN);
-    CASE(CKA_SIGN_RECOVER);
-    CASE(CKA_VERIFY);
-    CASE(CKA_VERIFY_RECOVER);
-    CASE(CKA_DERIVE);
-    CASE(CKA_START_DATE);
-    CASE(CKA_END_DATE);
-    CASE(CKA_MODULUS);
-    CASE(CKA_MODULUS_BITS);
-    CASE(CKA_PUBLIC_EXPONENT);
-    CASE(CKA_PRIVATE_EXPONENT);
-    CASE(CKA_PRIME_1);
-    CASE(CKA_PRIME_2);
-    CASE(CKA_EXPONENT_1);
-    CASE(CKA_EXPONENT_2);
-    CASE(CKA_COEFFICIENT);
-    CASE(CKA_PRIME);
-    CASE(CKA_SUBPRIME);
-    CASE(CKA_BASE);
-    CASE(CKA_PRIME_BITS);
-    CASE(CKA_SUBPRIME_BITS);
-    CASE(CKA_VALUE_BITS);
-    CASE(CKA_VALUE_LEN);
-    CASE(CKA_EXTRACTABLE);
-    CASE(CKA_LOCAL);
-    CASE(CKA_NEVER_EXTRACTABLE);
-    CASE(CKA_ALWAYS_SENSITIVE);
-    CASE(CKA_KEY_GEN_MECHANISM);
-    CASE(CKA_MODIFIABLE);
-    CASE(CKA_ECDSA_PARAMS);
-    CASE(CKA_EC_POINT);
-    CASE(CKA_SECONDARY_AUTH);
-    CASE(CKA_AUTH_PIN_FLAGS);
-    CASE(CKA_HW_FEATURE_TYPE);
-    CASE(CKA_RESET_ON_INIT);
-    CASE(CKA_HAS_RESET);
-    CASE(CKA_VENDOR_DEFINED);
-    CASE(CKA_NSS_URL);
-    CASE(CKA_NSS_EMAIL);
-    CASE(CKA_NSS_SMIME_INFO);
-    CASE(CKA_NSS_SMIME_TIMESTAMP);
-    CASE(CKA_NSS_PKCS8_SALT);
-    CASE(CKA_NSS_PASSWORD_CHECK);
-    CASE(CKA_NSS_EXPIRES);
-    CASE(CKA_NSS_KRL);
-    CASE(CKA_NSS_PQG_COUNTER);
-    CASE(CKA_NSS_PQG_SEED);
-    CASE(CKA_NSS_PQG_H);
-    CASE(CKA_NSS_PQG_SEED_BITS);
-    CASE(CKA_TRUST);
-    CASE(CKA_TRUST_DIGITAL_SIGNATURE);
-    CASE(CKA_TRUST_NON_REPUDIATION);
-    CASE(CKA_TRUST_KEY_ENCIPHERMENT);
-    CASE(CKA_TRUST_DATA_ENCIPHERMENT);
-    CASE(CKA_TRUST_KEY_AGREEMENT);
-    CASE(CKA_TRUST_KEY_CERT_SIGN);
-    CASE(CKA_TRUST_CRL_SIGN);
-    CASE(CKA_TRUST_SERVER_AUTH);
-    CASE(CKA_TRUST_CLIENT_AUTH);
-    CASE(CKA_TRUST_CODE_SIGNING);
-    CASE(CKA_TRUST_EMAIL_PROTECTION);
-    CASE(CKA_TRUST_IPSEC_END_SYSTEM);
-    CASE(CKA_TRUST_IPSEC_TUNNEL);
-    CASE(CKA_TRUST_IPSEC_USER);
-    CASE(CKA_TRUST_TIME_STAMPING);
-    CASE(CKA_CERT_SHA1_HASH);
-    CASE(CKA_CERT_MD5_HASH);
-    CASE(CKA_NETSCAPE_DB);
-    CASE(CKA_NETSCAPE_TRUST);
-    default: break;
+        CASE(CKA_CLASS);
+        CASE(CKA_TOKEN);
+        CASE(CKA_PRIVATE);
+        CASE(CKA_LABEL);
+        CASE(CKA_APPLICATION);
+        CASE(CKA_VALUE);
+        CASE(CKA_OBJECT_ID);
+        CASE(CKA_CERTIFICATE_TYPE);
+        CASE(CKA_CERTIFICATE_CATEGORY);
+        CASE(CKA_ISSUER);
+        CASE(CKA_SERIAL_NUMBER);
+        CASE(CKA_AC_ISSUER);
+        CASE(CKA_OWNER);
+        CASE(CKA_ATTR_TYPES);
+        CASE(CKA_TRUSTED);
+        CASE(CKA_KEY_TYPE);
+        CASE(CKA_SUBJECT);
+        CASE(CKA_ID);
+        CASE(CKA_SENSITIVE);
+        CASE(CKA_ENCRYPT);
+        CASE(CKA_DECRYPT);
+        CASE(CKA_WRAP);
+        CASE(CKA_UNWRAP);
+        CASE(CKA_SIGN);
+        CASE(CKA_SIGN_RECOVER);
+        CASE(CKA_VERIFY);
+        CASE(CKA_VERIFY_RECOVER);
+        CASE(CKA_DERIVE);
+        CASE(CKA_START_DATE);
+        CASE(CKA_END_DATE);
+        CASE(CKA_MODULUS);
+        CASE(CKA_MODULUS_BITS);
+        CASE(CKA_PUBLIC_EXPONENT);
+        CASE(CKA_PRIVATE_EXPONENT);
+        CASE(CKA_PRIME_1);
+        CASE(CKA_PRIME_2);
+        CASE(CKA_EXPONENT_1);
+        CASE(CKA_EXPONENT_2);
+        CASE(CKA_COEFFICIENT);
+        CASE(CKA_PRIME);
+        CASE(CKA_SUBPRIME);
+        CASE(CKA_BASE);
+        CASE(CKA_PRIME_BITS);
+        CASE(CKA_SUBPRIME_BITS);
+        CASE(CKA_VALUE_BITS);
+        CASE(CKA_VALUE_LEN);
+        CASE(CKA_EXTRACTABLE);
+        CASE(CKA_LOCAL);
+        CASE(CKA_NEVER_EXTRACTABLE);
+        CASE(CKA_ALWAYS_SENSITIVE);
+        CASE(CKA_KEY_GEN_MECHANISM);
+        CASE(CKA_MODIFIABLE);
+        CASE(CKA_ECDSA_PARAMS);
+        CASE(CKA_EC_POINT);
+        CASE(CKA_SECONDARY_AUTH);
+        CASE(CKA_AUTH_PIN_FLAGS);
+        CASE(CKA_HW_FEATURE_TYPE);
+        CASE(CKA_RESET_ON_INIT);
+        CASE(CKA_HAS_RESET);
+        CASE(CKA_VENDOR_DEFINED);
+        CASE(CKA_NSS_URL);
+        CASE(CKA_NSS_EMAIL);
+        CASE(CKA_NSS_SMIME_INFO);
+        CASE(CKA_NSS_SMIME_TIMESTAMP);
+        CASE(CKA_NSS_PKCS8_SALT);
+        CASE(CKA_NSS_PASSWORD_CHECK);
+        CASE(CKA_NSS_EXPIRES);
+        CASE(CKA_NSS_KRL);
+        CASE(CKA_NSS_PQG_COUNTER);
+        CASE(CKA_NSS_PQG_SEED);
+        CASE(CKA_NSS_PQG_H);
+        CASE(CKA_NSS_PQG_SEED_BITS);
+        CASE(CKA_TRUST);
+        CASE(CKA_TRUST_DIGITAL_SIGNATURE);
+        CASE(CKA_TRUST_NON_REPUDIATION);
+        CASE(CKA_TRUST_KEY_ENCIPHERMENT);
+        CASE(CKA_TRUST_DATA_ENCIPHERMENT);
+        CASE(CKA_TRUST_KEY_AGREEMENT);
+        CASE(CKA_TRUST_KEY_CERT_SIGN);
+        CASE(CKA_TRUST_CRL_SIGN);
+        CASE(CKA_TRUST_SERVER_AUTH);
+        CASE(CKA_TRUST_CLIENT_AUTH);
+        CASE(CKA_TRUST_CODE_SIGNING);
+        CASE(CKA_TRUST_EMAIL_PROTECTION);
+        CASE(CKA_TRUST_IPSEC_END_SYSTEM);
+        CASE(CKA_TRUST_IPSEC_TUNNEL);
+        CASE(CKA_TRUST_IPSEC_USER);
+        CASE(CKA_TRUST_TIME_STAMPING);
+        CASE(CKA_CERT_SHA1_HASH);
+        CASE(CKA_CERT_MD5_HASH);
+        CASE(CKA_NETSCAPE_DB);
+        CASE(CKA_NETSCAPE_TRUST);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", atype);
+        PR_snprintf(str, len, "0x%p", atype);
 }
 
-static void get_obj_class(CK_OBJECT_CLASS objClass, char *str, int len)
+static void
+get_obj_class(CK_OBJECT_CLASS objClass, char *str, int len)
 {
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (objClass) {
-    CASE(CKO_DATA);
-    CASE(CKO_CERTIFICATE);
-    CASE(CKO_PUBLIC_KEY);
-    CASE(CKO_PRIVATE_KEY);
-    CASE(CKO_SECRET_KEY);
-    CASE(CKO_HW_FEATURE);
-    CASE(CKO_DOMAIN_PARAMETERS);
-    CASE(CKO_NSS_CRL);
-    CASE(CKO_NSS_SMIME);
-    CASE(CKO_NSS_TRUST);
-    CASE(CKO_NSS_BUILTIN_ROOT_LIST);
-    default: break;
+        CASE(CKO_DATA);
+        CASE(CKO_CERTIFICATE);
+        CASE(CKO_PUBLIC_KEY);
+        CASE(CKO_PRIVATE_KEY);
+        CASE(CKO_SECRET_KEY);
+        CASE(CKO_HW_FEATURE);
+        CASE(CKO_DOMAIN_PARAMETERS);
+        CASE(CKO_NSS_CRL);
+        CASE(CKO_NSS_SMIME);
+        CASE(CKO_NSS_TRUST);
+        CASE(CKO_NSS_BUILTIN_ROOT_LIST);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", objClass);
+        PR_snprintf(str, len, "0x%p", objClass);
 }
 
-static void get_trust_val(CK_TRUST trust, char *str, int len)
+static void
+get_trust_val(CK_TRUST trust, char *str, int len)
 {
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (trust) {
-    CASE(CKT_NSS_TRUSTED);
-    CASE(CKT_NSS_TRUSTED_DELEGATOR);
-    CASE(CKT_NSS_NOT_TRUSTED);
-    CASE(CKT_NSS_MUST_VERIFY_TRUST);
-    CASE(CKT_NSS_TRUST_UNKNOWN);
-    CASE(CKT_NSS_VALID_DELEGATOR);
-    default: break;
+        CASE(CKT_NSS_TRUSTED);
+        CASE(CKT_NSS_TRUSTED_DELEGATOR);
+        CASE(CKT_NSS_NOT_TRUSTED);
+        CASE(CKT_NSS_MUST_VERIFY_TRUST);
+        CASE(CKT_NSS_TRUST_UNKNOWN);
+        CASE(CKT_NSS_VALID_DELEGATOR);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", trust);
+        PR_snprintf(str, len, "0x%p", trust);
 }
 
-static void log_rv(CK_RV rv)
+static void
+log_rv(CK_RV rv)
 {
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (rv) {
-    CASE(CKR_OK);
-    CASE(CKR_CANCEL);
-    CASE(CKR_HOST_MEMORY);
-    CASE(CKR_SLOT_ID_INVALID);
-    CASE(CKR_GENERAL_ERROR);
-    CASE(CKR_FUNCTION_FAILED);
-    CASE(CKR_ARGUMENTS_BAD);
-    CASE(CKR_NO_EVENT);
-    CASE(CKR_NEED_TO_CREATE_THREADS);
-    CASE(CKR_CANT_LOCK);
-    CASE(CKR_ATTRIBUTE_READ_ONLY);
-    CASE(CKR_ATTRIBUTE_SENSITIVE);
-    CASE(CKR_ATTRIBUTE_TYPE_INVALID);
-    CASE(CKR_ATTRIBUTE_VALUE_INVALID);
-    CASE(CKR_DATA_INVALID);
-    CASE(CKR_DATA_LEN_RANGE);
-    CASE(CKR_DEVICE_ERROR);
-    CASE(CKR_DEVICE_MEMORY);
-    CASE(CKR_DEVICE_REMOVED);
-    CASE(CKR_ENCRYPTED_DATA_INVALID);
-    CASE(CKR_ENCRYPTED_DATA_LEN_RANGE);
-    CASE(CKR_FUNCTION_CANCELED);
-    CASE(CKR_FUNCTION_NOT_PARALLEL);
-    CASE(CKR_FUNCTION_NOT_SUPPORTED);
-    CASE(CKR_KEY_HANDLE_INVALID);
-    CASE(CKR_KEY_SIZE_RANGE);
-    CASE(CKR_KEY_TYPE_INCONSISTENT);
-    CASE(CKR_KEY_NOT_NEEDED);
-    CASE(CKR_KEY_CHANGED);
-    CASE(CKR_KEY_NEEDED);
-    CASE(CKR_KEY_INDIGESTIBLE);
-    CASE(CKR_KEY_FUNCTION_NOT_PERMITTED);
-    CASE(CKR_KEY_NOT_WRAPPABLE);
-    CASE(CKR_KEY_UNEXTRACTABLE);
-    CASE(CKR_MECHANISM_INVALID);
-    CASE(CKR_MECHANISM_PARAM_INVALID);
-    CASE(CKR_OBJECT_HANDLE_INVALID);
-    CASE(CKR_OPERATION_ACTIVE);
-    CASE(CKR_OPERATION_NOT_INITIALIZED);
-    CASE(CKR_PIN_INCORRECT);
-    CASE(CKR_PIN_INVALID);
-    CASE(CKR_PIN_LEN_RANGE);
-    CASE(CKR_PIN_EXPIRED);
-    CASE(CKR_PIN_LOCKED);
-    CASE(CKR_SESSION_CLOSED);
-    CASE(CKR_SESSION_COUNT);
-    CASE(CKR_SESSION_HANDLE_INVALID);
-    CASE(CKR_SESSION_PARALLEL_NOT_SUPPORTED);
-    CASE(CKR_SESSION_READ_ONLY);
-    CASE(CKR_SESSION_EXISTS);
-    CASE(CKR_SESSION_READ_ONLY_EXISTS);
-    CASE(CKR_SESSION_READ_WRITE_SO_EXISTS);
-    CASE(CKR_SIGNATURE_INVALID);
-    CASE(CKR_SIGNATURE_LEN_RANGE);
-    CASE(CKR_TEMPLATE_INCOMPLETE);
-    CASE(CKR_TEMPLATE_INCONSISTENT);
-    CASE(CKR_TOKEN_NOT_PRESENT);
-    CASE(CKR_TOKEN_NOT_RECOGNIZED);
-    CASE(CKR_TOKEN_WRITE_PROTECTED);
-    CASE(CKR_UNWRAPPING_KEY_HANDLE_INVALID);
-    CASE(CKR_UNWRAPPING_KEY_SIZE_RANGE);
-    CASE(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT);
-    CASE(CKR_USER_ALREADY_LOGGED_IN);
-    CASE(CKR_USER_NOT_LOGGED_IN);
-    CASE(CKR_USER_PIN_NOT_INITIALIZED);
-    CASE(CKR_USER_TYPE_INVALID);
-    CASE(CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
-    CASE(CKR_USER_TOO_MANY_TYPES);
-    CASE(CKR_WRAPPED_KEY_INVALID);
-    CASE(CKR_WRAPPED_KEY_LEN_RANGE);
-    CASE(CKR_WRAPPING_KEY_HANDLE_INVALID);
-    CASE(CKR_WRAPPING_KEY_SIZE_RANGE);
-    CASE(CKR_WRAPPING_KEY_TYPE_INCONSISTENT);
-    CASE(CKR_RANDOM_SEED_NOT_SUPPORTED);
-    CASE(CKR_RANDOM_NO_RNG);
-    CASE(CKR_DOMAIN_PARAMS_INVALID);
-    CASE(CKR_BUFFER_TOO_SMALL);
-    CASE(CKR_SAVED_STATE_INVALID);
-    CASE(CKR_INFORMATION_SENSITIVE);
-    CASE(CKR_STATE_UNSAVEABLE);
-    CASE(CKR_CRYPTOKI_NOT_INITIALIZED);
-    CASE(CKR_CRYPTOKI_ALREADY_INITIALIZED);
-    CASE(CKR_MUTEX_BAD);
-    CASE(CKR_MUTEX_NOT_LOCKED);
-    CASE(CKR_FUNCTION_REJECTED);
-    CASE(CKR_KEY_PARAMS_INVALID);
-    default: break;
+        CASE(CKR_OK);
+        CASE(CKR_CANCEL);
+        CASE(CKR_HOST_MEMORY);
+        CASE(CKR_SLOT_ID_INVALID);
+        CASE(CKR_GENERAL_ERROR);
+        CASE(CKR_FUNCTION_FAILED);
+        CASE(CKR_ARGUMENTS_BAD);
+        CASE(CKR_NO_EVENT);
+        CASE(CKR_NEED_TO_CREATE_THREADS);
+        CASE(CKR_CANT_LOCK);
+        CASE(CKR_ATTRIBUTE_READ_ONLY);
+        CASE(CKR_ATTRIBUTE_SENSITIVE);
+        CASE(CKR_ATTRIBUTE_TYPE_INVALID);
+        CASE(CKR_ATTRIBUTE_VALUE_INVALID);
+        CASE(CKR_DATA_INVALID);
+        CASE(CKR_DATA_LEN_RANGE);
+        CASE(CKR_DEVICE_ERROR);
+        CASE(CKR_DEVICE_MEMORY);
+        CASE(CKR_DEVICE_REMOVED);
+        CASE(CKR_ENCRYPTED_DATA_INVALID);
+        CASE(CKR_ENCRYPTED_DATA_LEN_RANGE);
+        CASE(CKR_FUNCTION_CANCELED);
+        CASE(CKR_FUNCTION_NOT_PARALLEL);
+        CASE(CKR_FUNCTION_NOT_SUPPORTED);
+        CASE(CKR_KEY_HANDLE_INVALID);
+        CASE(CKR_KEY_SIZE_RANGE);
+        CASE(CKR_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_KEY_NOT_NEEDED);
+        CASE(CKR_KEY_CHANGED);
+        CASE(CKR_KEY_NEEDED);
+        CASE(CKR_KEY_INDIGESTIBLE);
+        CASE(CKR_KEY_FUNCTION_NOT_PERMITTED);
+        CASE(CKR_KEY_NOT_WRAPPABLE);
+        CASE(CKR_KEY_UNEXTRACTABLE);
+        CASE(CKR_MECHANISM_INVALID);
+        CASE(CKR_MECHANISM_PARAM_INVALID);
+        CASE(CKR_OBJECT_HANDLE_INVALID);
+        CASE(CKR_OPERATION_ACTIVE);
+        CASE(CKR_OPERATION_NOT_INITIALIZED);
+        CASE(CKR_PIN_INCORRECT);
+        CASE(CKR_PIN_INVALID);
+        CASE(CKR_PIN_LEN_RANGE);
+        CASE(CKR_PIN_EXPIRED);
+        CASE(CKR_PIN_LOCKED);
+        CASE(CKR_SESSION_CLOSED);
+        CASE(CKR_SESSION_COUNT);
+        CASE(CKR_SESSION_HANDLE_INVALID);
+        CASE(CKR_SESSION_PARALLEL_NOT_SUPPORTED);
+        CASE(CKR_SESSION_READ_ONLY);
+        CASE(CKR_SESSION_EXISTS);
+        CASE(CKR_SESSION_READ_ONLY_EXISTS);
+        CASE(CKR_SESSION_READ_WRITE_SO_EXISTS);
+        CASE(CKR_SIGNATURE_INVALID);
+        CASE(CKR_SIGNATURE_LEN_RANGE);
+        CASE(CKR_TEMPLATE_INCOMPLETE);
+        CASE(CKR_TEMPLATE_INCONSISTENT);
+        CASE(CKR_TOKEN_NOT_PRESENT);
+        CASE(CKR_TOKEN_NOT_RECOGNIZED);
+        CASE(CKR_TOKEN_WRITE_PROTECTED);
+        CASE(CKR_UNWRAPPING_KEY_HANDLE_INVALID);
+        CASE(CKR_UNWRAPPING_KEY_SIZE_RANGE);
+        CASE(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_USER_ALREADY_LOGGED_IN);
+        CASE(CKR_USER_NOT_LOGGED_IN);
+        CASE(CKR_USER_PIN_NOT_INITIALIZED);
+        CASE(CKR_USER_TYPE_INVALID);
+        CASE(CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
+        CASE(CKR_USER_TOO_MANY_TYPES);
+        CASE(CKR_WRAPPED_KEY_INVALID);
+        CASE(CKR_WRAPPED_KEY_LEN_RANGE);
+        CASE(CKR_WRAPPING_KEY_HANDLE_INVALID);
+        CASE(CKR_WRAPPING_KEY_SIZE_RANGE);
+        CASE(CKR_WRAPPING_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_RANDOM_SEED_NOT_SUPPORTED);
+        CASE(CKR_RANDOM_NO_RNG);
+        CASE(CKR_DOMAIN_PARAMS_INVALID);
+        CASE(CKR_BUFFER_TOO_SMALL);
+        CASE(CKR_SAVED_STATE_INVALID);
+        CASE(CKR_INFORMATION_SENSITIVE);
+        CASE(CKR_STATE_UNSAVEABLE);
+        CASE(CKR_CRYPTOKI_NOT_INITIALIZED);
+        CASE(CKR_CRYPTOKI_ALREADY_INITIALIZED);
+        CASE(CKR_MUTEX_BAD);
+        CASE(CKR_MUTEX_NOT_LOCKED);
+        CASE(CKR_FUNCTION_REJECTED);
+        CASE(CKR_KEY_PARAMS_INVALID);
+        default:
+            break;
     }
     if (a)
-	PR_LOG(modlog, 1, ("  rv = %s\n", a));
+        PR_LOG(modlog, 1, ("  rv = %s\n", a));
     else
-	PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
+        PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
 }
 
-static void log_state(CK_STATE state)
+static void
+log_state(CK_STATE state)
 {
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (state) {
-    CASE(CKS_RO_PUBLIC_SESSION);
-    CASE(CKS_RO_USER_FUNCTIONS);
-    CASE(CKS_RW_PUBLIC_SESSION);
-    CASE(CKS_RW_USER_FUNCTIONS);
-    CASE(CKS_RW_SO_FUNCTIONS);
-    default: break;
+        CASE(CKS_RO_PUBLIC_SESSION);
+        CASE(CKS_RO_USER_FUNCTIONS);
+        CASE(CKS_RW_PUBLIC_SESSION);
+        CASE(CKS_RW_USER_FUNCTIONS);
+        CASE(CKS_RW_SO_FUNCTIONS);
+        default:
+            break;
     }
     if (a)
-	PR_LOG(modlog, 1, ("  state = %s\n", a));
+        PR_LOG(modlog, 1, ("  state = %s\n", a));
     else
-	PR_LOG(modlog, 1, ("  state = 0x%x\n", state));
+        PR_LOG(modlog, 1, ("  state = 0x%x\n", state));
 }
 
-static void log_handle(int level, const char * format, CK_ULONG handle)
+static void
+log_handle(int level, const char *format, CK_ULONG handle)
 {
     char fmtBuf[80];
     if (handle)
-	PR_LOG(modlog, level, (format, handle));
+        PR_LOG(modlog, level, (format, handle));
     else {
-	PL_strncpyz(fmtBuf, format, sizeof fmtBuf);
-	PL_strcatn(fmtBuf, sizeof fmtBuf, fmt_invalid_handle);
-	PR_LOG(modlog, level, (fmtBuf, handle));
+        PL_strncpyz(fmtBuf, format, sizeof fmtBuf);
+        PL_strcatn(fmtBuf, sizeof fmtBuf, fmt_invalid_handle);
+        PR_LOG(modlog, level, (fmtBuf, handle));
     }
 }
 
-static void print_mechanism(CK_MECHANISM_PTR m)
+static void
+print_mechanism(CK_MECHANISM_PTR m)
 {
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (m->mechanism) {
-    CASE(CKM_AES_CBC);
-    CASE(CKM_AES_CBC_ENCRYPT_DATA);
-    CASE(CKM_AES_CBC_PAD);
-    CASE(CKM_AES_CCM);
-    CASE(CKM_AES_CTR);
-    CASE(CKM_AES_CTS);
-    CASE(CKM_AES_GCM);
-    CASE(CKM_AES_ECB);
-    CASE(CKM_AES_ECB_ENCRYPT_DATA);
-    CASE(CKM_AES_KEY_GEN);
-    CASE(CKM_AES_MAC);
-    CASE(CKM_AES_MAC_GENERAL);
-    CASE(CKM_CAMELLIA_CBC);
-    CASE(CKM_CAMELLIA_CBC_ENCRYPT_DATA);
-    CASE(CKM_CAMELLIA_CBC_PAD);
-    CASE(CKM_CAMELLIA_ECB);
-    CASE(CKM_CAMELLIA_ECB_ENCRYPT_DATA);
-    CASE(CKM_CAMELLIA_KEY_GEN);
-    CASE(CKM_CAMELLIA_MAC);
-    CASE(CKM_CAMELLIA_MAC_GENERAL);
-    CASE(CKM_CDMF_CBC);
-    CASE(CKM_CDMF_CBC_PAD);
-    CASE(CKM_CDMF_ECB);
-    CASE(CKM_CDMF_KEY_GEN);
-    CASE(CKM_CDMF_MAC);
-    CASE(CKM_CDMF_MAC_GENERAL);
-    CASE(CKM_CMS_SIG);
-    CASE(CKM_CONCATENATE_BASE_AND_DATA);
-    CASE(CKM_CONCATENATE_BASE_AND_KEY);
-    CASE(CKM_CONCATENATE_DATA_AND_BASE);
-    CASE(CKM_DES2_KEY_GEN);
-    CASE(CKM_DES3_CBC);
-    CASE(CKM_DES3_CBC_ENCRYPT_DATA);
-    CASE(CKM_DES3_CBC_PAD);
-    CASE(CKM_DES3_ECB);
-    CASE(CKM_DES3_ECB_ENCRYPT_DATA);
-    CASE(CKM_DES3_KEY_GEN);
-    CASE(CKM_DES3_MAC);
-    CASE(CKM_DES3_MAC_GENERAL);
-    CASE(CKM_DES_CBC);
-    CASE(CKM_DES_CBC_ENCRYPT_DATA);
-    CASE(CKM_DES_CBC_PAD);
-    CASE(CKM_DES_CFB64);
-    CASE(CKM_DES_CFB8);
-    CASE(CKM_DES_ECB);
-    CASE(CKM_DES_ECB_ENCRYPT_DATA);
-    CASE(CKM_DES_KEY_GEN);
-    CASE(CKM_DES_MAC);
-    CASE(CKM_DES_MAC_GENERAL);
-    CASE(CKM_DES_OFB64);
-    CASE(CKM_DES_OFB8);
-    CASE(CKM_DH_PKCS_DERIVE);
-    CASE(CKM_DH_PKCS_KEY_PAIR_GEN);
-    CASE(CKM_DH_PKCS_PARAMETER_GEN);
-    CASE(CKM_DSA);
-    CASE(CKM_DSA_KEY_PAIR_GEN);
-    CASE(CKM_DSA_PARAMETER_GEN);
-    CASE(CKM_DSA_SHA1);
-    CASE(CKM_ECDH1_COFACTOR_DERIVE);
-    CASE(CKM_ECDH1_DERIVE);
-    CASE(CKM_ECDSA);
-    CASE(CKM_ECDSA_SHA1);
-    CASE(CKM_ECMQV_DERIVE);
-    CASE(CKM_EC_KEY_PAIR_GEN);	     /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */
-    CASE(CKM_EXTRACT_KEY_FROM_KEY);
-    CASE(CKM_FASTHASH);
-    CASE(CKM_FORTEZZA_TIMESTAMP);
-    CASE(CKM_GENERIC_SECRET_KEY_GEN);
-    CASE(CKM_IDEA_CBC);
-    CASE(CKM_IDEA_CBC_PAD);
-    CASE(CKM_IDEA_ECB);
-    CASE(CKM_IDEA_KEY_GEN);
-    CASE(CKM_IDEA_MAC);
-    CASE(CKM_IDEA_MAC_GENERAL);
-    CASE(CKM_KEA_KEY_DERIVE);
-    CASE(CKM_KEA_KEY_PAIR_GEN);
-    CASE(CKM_KEY_WRAP_LYNKS);
-    CASE(CKM_KEY_WRAP_SET_OAEP);
-    CASE(CKM_MD2);
-    CASE(CKM_MD2_HMAC);
-    CASE(CKM_MD2_HMAC_GENERAL);
-    CASE(CKM_MD2_KEY_DERIVATION);
-    CASE(CKM_MD2_RSA_PKCS);
-    CASE(CKM_MD5);
-    CASE(CKM_MD5_HMAC);
-    CASE(CKM_MD5_HMAC_GENERAL);
-    CASE(CKM_MD5_KEY_DERIVATION);
-    CASE(CKM_MD5_RSA_PKCS);
-    CASE(CKM_PBA_SHA1_WITH_SHA1_HMAC);
-    CASE(CKM_PBE_MD2_DES_CBC);
-    CASE(CKM_PBE_MD5_DES_CBC);
-    CASE(CKM_PBE_SHA1_DES2_EDE_CBC);
-    CASE(CKM_PBE_SHA1_DES3_EDE_CBC);
-    CASE(CKM_PBE_SHA1_RC2_128_CBC);
-    CASE(CKM_PBE_SHA1_RC2_40_CBC);
-    CASE(CKM_PBE_SHA1_RC4_128);
-    CASE(CKM_PBE_SHA1_RC4_40);
-    CASE(CKM_PKCS5_PBKD2);
-    CASE(CKM_RC2_CBC);
-    CASE(CKM_RC2_CBC_PAD);
-    CASE(CKM_RC2_ECB);
-    CASE(CKM_RC2_KEY_GEN);
-    CASE(CKM_RC2_MAC);
-    CASE(CKM_RC2_MAC_GENERAL);
-    CASE(CKM_RC4);
-    CASE(CKM_RC4_KEY_GEN);
-    CASE(CKM_RC5_CBC);
-    CASE(CKM_RC5_CBC_PAD);
-    CASE(CKM_RC5_ECB);
-    CASE(CKM_RC5_KEY_GEN);
-    CASE(CKM_RC5_MAC);
-    CASE(CKM_RC5_MAC_GENERAL);
-    CASE(CKM_RIPEMD128);
-    CASE(CKM_RIPEMD128_HMAC);
-    CASE(CKM_RIPEMD128_HMAC_GENERAL);
-    CASE(CKM_RIPEMD128_RSA_PKCS);
-    CASE(CKM_RIPEMD160);
-    CASE(CKM_RIPEMD160_HMAC);
-    CASE(CKM_RIPEMD160_HMAC_GENERAL);
-    CASE(CKM_RIPEMD160_RSA_PKCS);
-    CASE(CKM_RSA_9796);
-    CASE(CKM_RSA_PKCS);
-    CASE(CKM_RSA_PKCS_KEY_PAIR_GEN);
-    CASE(CKM_RSA_PKCS_OAEP);
-    CASE(CKM_RSA_PKCS_PSS);
-    CASE(CKM_RSA_X9_31);
-    CASE(CKM_RSA_X9_31_KEY_PAIR_GEN);
-    CASE(CKM_RSA_X_509);
-    CASE(CKM_SHA1_KEY_DERIVATION);
-    CASE(CKM_SHA1_RSA_PKCS);
-    CASE(CKM_SHA1_RSA_PKCS_PSS);
-    CASE(CKM_SHA1_RSA_X9_31);
-    CASE(CKM_SHA224);
-    CASE(CKM_SHA224_HMAC);
-    CASE(CKM_SHA224_HMAC_GENERAL);
-    CASE(CKM_SHA224_KEY_DERIVATION);
-    CASE(CKM_SHA224_RSA_PKCS);
-    CASE(CKM_SHA224_RSA_PKCS_PSS);
-    CASE(CKM_SHA256);
-    CASE(CKM_SHA256_HMAC);
-    CASE(CKM_SHA256_HMAC_GENERAL);
-    CASE(CKM_SHA256_KEY_DERIVATION);
-    CASE(CKM_SHA256_RSA_PKCS);
-    CASE(CKM_SHA256_RSA_PKCS_PSS);
-    CASE(CKM_SHA384);
-    CASE(CKM_SHA384_HMAC);
-    CASE(CKM_SHA384_HMAC_GENERAL);
-    CASE(CKM_SHA384_KEY_DERIVATION);
-    CASE(CKM_SHA384_RSA_PKCS);
-    CASE(CKM_SHA384_RSA_PKCS_PSS);
-    CASE(CKM_SHA512);
-    CASE(CKM_SHA512_HMAC);
-    CASE(CKM_SHA512_HMAC_GENERAL);
-    CASE(CKM_SHA512_KEY_DERIVATION);
-    CASE(CKM_SHA512_RSA_PKCS);
-    CASE(CKM_SHA512_RSA_PKCS_PSS);
-    CASE(CKM_SHA_1);
-    CASE(CKM_SHA_1_HMAC);
-    CASE(CKM_SHA_1_HMAC_GENERAL);
-    CASE(CKM_SKIPJACK_CBC64);
-    CASE(CKM_SKIPJACK_CFB16);
-    CASE(CKM_SKIPJACK_CFB32);
-    CASE(CKM_SKIPJACK_CFB64);
-    CASE(CKM_SKIPJACK_CFB8);
-    CASE(CKM_SKIPJACK_ECB64);
-    CASE(CKM_SKIPJACK_KEY_GEN);
-    CASE(CKM_SKIPJACK_OFB64);
-    CASE(CKM_SKIPJACK_PRIVATE_WRAP);
-    CASE(CKM_SKIPJACK_RELAYX);
-    CASE(CKM_SKIPJACK_WRAP);
-    CASE(CKM_SSL3_KEY_AND_MAC_DERIVE);
-    CASE(CKM_SSL3_MASTER_KEY_DERIVE);
-    CASE(CKM_SSL3_MASTER_KEY_DERIVE_DH);
-    CASE(CKM_SSL3_MD5_MAC);
-    CASE(CKM_SSL3_PRE_MASTER_KEY_GEN);
-    CASE(CKM_SSL3_SHA1_MAC);
-    CASE(CKM_TLS_KEY_AND_MAC_DERIVE);
-    CASE(CKM_TLS_MASTER_KEY_DERIVE);
-    CASE(CKM_TLS_MASTER_KEY_DERIVE_DH);
-    CASE(CKM_TLS_PRE_MASTER_KEY_GEN);
-    CASE(CKM_TLS_PRF);
-    CASE(CKM_TWOFISH_CBC);
-    CASE(CKM_TWOFISH_KEY_GEN);
-    CASE(CKM_X9_42_DH_DERIVE);
-    CASE(CKM_X9_42_DH_HYBRID_DERIVE);
-    CASE(CKM_X9_42_DH_KEY_PAIR_GEN);
-    CASE(CKM_X9_42_DH_PARAMETER_GEN);
-    CASE(CKM_X9_42_MQV_DERIVE);
-    CASE(CKM_XOR_BASE_AND_DATA);
-    default: break;
+        CASE(CKM_AES_CBC);
+        CASE(CKM_AES_CBC_ENCRYPT_DATA);
+        CASE(CKM_AES_CBC_PAD);
+        CASE(CKM_AES_CCM);
+        CASE(CKM_AES_CTR);
+        CASE(CKM_AES_CTS);
+        CASE(CKM_AES_GCM);
+        CASE(CKM_AES_ECB);
+        CASE(CKM_AES_ECB_ENCRYPT_DATA);
+        CASE(CKM_AES_KEY_GEN);
+        CASE(CKM_AES_MAC);
+        CASE(CKM_AES_MAC_GENERAL);
+        CASE(CKM_CAMELLIA_CBC);
+        CASE(CKM_CAMELLIA_CBC_ENCRYPT_DATA);
+        CASE(CKM_CAMELLIA_CBC_PAD);
+        CASE(CKM_CAMELLIA_ECB);
+        CASE(CKM_CAMELLIA_ECB_ENCRYPT_DATA);
+        CASE(CKM_CAMELLIA_KEY_GEN);
+        CASE(CKM_CAMELLIA_MAC);
+        CASE(CKM_CAMELLIA_MAC_GENERAL);
+        CASE(CKM_CDMF_CBC);
+        CASE(CKM_CDMF_CBC_PAD);
+        CASE(CKM_CDMF_ECB);
+        CASE(CKM_CDMF_KEY_GEN);
+        CASE(CKM_CDMF_MAC);
+        CASE(CKM_CDMF_MAC_GENERAL);
+        CASE(CKM_CMS_SIG);
+        CASE(CKM_CONCATENATE_BASE_AND_DATA);
+        CASE(CKM_CONCATENATE_BASE_AND_KEY);
+        CASE(CKM_CONCATENATE_DATA_AND_BASE);
+        CASE(CKM_DES2_KEY_GEN);
+        CASE(CKM_DES3_CBC);
+        CASE(CKM_DES3_CBC_ENCRYPT_DATA);
+        CASE(CKM_DES3_CBC_PAD);
+        CASE(CKM_DES3_ECB);
+        CASE(CKM_DES3_ECB_ENCRYPT_DATA);
+        CASE(CKM_DES3_KEY_GEN);
+        CASE(CKM_DES3_MAC);
+        CASE(CKM_DES3_MAC_GENERAL);
+        CASE(CKM_DES_CBC);
+        CASE(CKM_DES_CBC_ENCRYPT_DATA);
+        CASE(CKM_DES_CBC_PAD);
+        CASE(CKM_DES_CFB64);
+        CASE(CKM_DES_CFB8);
+        CASE(CKM_DES_ECB);
+        CASE(CKM_DES_ECB_ENCRYPT_DATA);
+        CASE(CKM_DES_KEY_GEN);
+        CASE(CKM_DES_MAC);
+        CASE(CKM_DES_MAC_GENERAL);
+        CASE(CKM_DES_OFB64);
+        CASE(CKM_DES_OFB8);
+        CASE(CKM_DH_PKCS_DERIVE);
+        CASE(CKM_DH_PKCS_KEY_PAIR_GEN);
+        CASE(CKM_DH_PKCS_PARAMETER_GEN);
+        CASE(CKM_DSA);
+        CASE(CKM_DSA_KEY_PAIR_GEN);
+        CASE(CKM_DSA_PARAMETER_GEN);
+        CASE(CKM_DSA_SHA1);
+        CASE(CKM_ECDH1_COFACTOR_DERIVE);
+        CASE(CKM_ECDH1_DERIVE);
+        CASE(CKM_ECDSA);
+        CASE(CKM_ECDSA_SHA1);
+        CASE(CKM_ECMQV_DERIVE);
+        CASE(CKM_EC_KEY_PAIR_GEN); /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */
+        CASE(CKM_EXTRACT_KEY_FROM_KEY);
+        CASE(CKM_FASTHASH);
+        CASE(CKM_FORTEZZA_TIMESTAMP);
+        CASE(CKM_GENERIC_SECRET_KEY_GEN);
+        CASE(CKM_IDEA_CBC);
+        CASE(CKM_IDEA_CBC_PAD);
+        CASE(CKM_IDEA_ECB);
+        CASE(CKM_IDEA_KEY_GEN);
+        CASE(CKM_IDEA_MAC);
+        CASE(CKM_IDEA_MAC_GENERAL);
+        CASE(CKM_KEA_KEY_DERIVE);
+        CASE(CKM_KEA_KEY_PAIR_GEN);
+        CASE(CKM_KEY_WRAP_LYNKS);
+        CASE(CKM_KEY_WRAP_SET_OAEP);
+        CASE(CKM_MD2);
+        CASE(CKM_MD2_HMAC);
+        CASE(CKM_MD2_HMAC_GENERAL);
+        CASE(CKM_MD2_KEY_DERIVATION);
+        CASE(CKM_MD2_RSA_PKCS);
+        CASE(CKM_MD5);
+        CASE(CKM_MD5_HMAC);
+        CASE(CKM_MD5_HMAC_GENERAL);
+        CASE(CKM_MD5_KEY_DERIVATION);
+        CASE(CKM_MD5_RSA_PKCS);
+        CASE(CKM_PBA_SHA1_WITH_SHA1_HMAC);
+        CASE(CKM_PBE_MD2_DES_CBC);
+        CASE(CKM_PBE_MD5_DES_CBC);
+        CASE(CKM_PBE_SHA1_DES2_EDE_CBC);
+        CASE(CKM_PBE_SHA1_DES3_EDE_CBC);
+        CASE(CKM_PBE_SHA1_RC2_128_CBC);
+        CASE(CKM_PBE_SHA1_RC2_40_CBC);
+        CASE(CKM_PBE_SHA1_RC4_128);
+        CASE(CKM_PBE_SHA1_RC4_40);
+        CASE(CKM_PKCS5_PBKD2);
+        CASE(CKM_RC2_CBC);
+        CASE(CKM_RC2_CBC_PAD);
+        CASE(CKM_RC2_ECB);
+        CASE(CKM_RC2_KEY_GEN);
+        CASE(CKM_RC2_MAC);
+        CASE(CKM_RC2_MAC_GENERAL);
+        CASE(CKM_RC4);
+        CASE(CKM_RC4_KEY_GEN);
+        CASE(CKM_RC5_CBC);
+        CASE(CKM_RC5_CBC_PAD);
+        CASE(CKM_RC5_ECB);
+        CASE(CKM_RC5_KEY_GEN);
+        CASE(CKM_RC5_MAC);
+        CASE(CKM_RC5_MAC_GENERAL);
+        CASE(CKM_RIPEMD128);
+        CASE(CKM_RIPEMD128_HMAC);
+        CASE(CKM_RIPEMD128_HMAC_GENERAL);
+        CASE(CKM_RIPEMD128_RSA_PKCS);
+        CASE(CKM_RIPEMD160);
+        CASE(CKM_RIPEMD160_HMAC);
+        CASE(CKM_RIPEMD160_HMAC_GENERAL);
+        CASE(CKM_RIPEMD160_RSA_PKCS);
+        CASE(CKM_RSA_9796);
+        CASE(CKM_RSA_PKCS);
+        CASE(CKM_RSA_PKCS_KEY_PAIR_GEN);
+        CASE(CKM_RSA_PKCS_OAEP);
+        CASE(CKM_RSA_PKCS_PSS);
+        CASE(CKM_RSA_X9_31);
+        CASE(CKM_RSA_X9_31_KEY_PAIR_GEN);
+        CASE(CKM_RSA_X_509);
+        CASE(CKM_SHA1_KEY_DERIVATION);
+        CASE(CKM_SHA1_RSA_PKCS);
+        CASE(CKM_SHA1_RSA_PKCS_PSS);
+        CASE(CKM_SHA1_RSA_X9_31);
+        CASE(CKM_SHA224);
+        CASE(CKM_SHA224_HMAC);
+        CASE(CKM_SHA224_HMAC_GENERAL);
+        CASE(CKM_SHA224_KEY_DERIVATION);
+        CASE(CKM_SHA224_RSA_PKCS);
+        CASE(CKM_SHA224_RSA_PKCS_PSS);
+        CASE(CKM_SHA256);
+        CASE(CKM_SHA256_HMAC);
+        CASE(CKM_SHA256_HMAC_GENERAL);
+        CASE(CKM_SHA256_KEY_DERIVATION);
+        CASE(CKM_SHA256_RSA_PKCS);
+        CASE(CKM_SHA256_RSA_PKCS_PSS);
+        CASE(CKM_SHA384);
+        CASE(CKM_SHA384_HMAC);
+        CASE(CKM_SHA384_HMAC_GENERAL);
+        CASE(CKM_SHA384_KEY_DERIVATION);
+        CASE(CKM_SHA384_RSA_PKCS);
+        CASE(CKM_SHA384_RSA_PKCS_PSS);
+        CASE(CKM_SHA512);
+        CASE(CKM_SHA512_HMAC);
+        CASE(CKM_SHA512_HMAC_GENERAL);
+        CASE(CKM_SHA512_KEY_DERIVATION);
+        CASE(CKM_SHA512_RSA_PKCS);
+        CASE(CKM_SHA512_RSA_PKCS_PSS);
+        CASE(CKM_SHA_1);
+        CASE(CKM_SHA_1_HMAC);
+        CASE(CKM_SHA_1_HMAC_GENERAL);
+        CASE(CKM_SKIPJACK_CBC64);
+        CASE(CKM_SKIPJACK_CFB16);
+        CASE(CKM_SKIPJACK_CFB32);
+        CASE(CKM_SKIPJACK_CFB64);
+        CASE(CKM_SKIPJACK_CFB8);
+        CASE(CKM_SKIPJACK_ECB64);
+        CASE(CKM_SKIPJACK_KEY_GEN);
+        CASE(CKM_SKIPJACK_OFB64);
+        CASE(CKM_SKIPJACK_PRIVATE_WRAP);
+        CASE(CKM_SKIPJACK_RELAYX);
+        CASE(CKM_SKIPJACK_WRAP);
+        CASE(CKM_SSL3_KEY_AND_MAC_DERIVE);
+        CASE(CKM_SSL3_MASTER_KEY_DERIVE);
+        CASE(CKM_SSL3_MASTER_KEY_DERIVE_DH);
+        CASE(CKM_SSL3_MD5_MAC);
+        CASE(CKM_SSL3_PRE_MASTER_KEY_GEN);
+        CASE(CKM_SSL3_SHA1_MAC);
+        CASE(CKM_TLS_KEY_AND_MAC_DERIVE);
+        CASE(CKM_TLS_MASTER_KEY_DERIVE);
+        CASE(CKM_TLS_MASTER_KEY_DERIVE_DH);
+        CASE(CKM_TLS_PRE_MASTER_KEY_GEN);
+        CASE(CKM_TLS_PRF);
+        CASE(CKM_TWOFISH_CBC);
+        CASE(CKM_TWOFISH_KEY_GEN);
+        CASE(CKM_X9_42_DH_DERIVE);
+        CASE(CKM_X9_42_DH_HYBRID_DERIVE);
+        CASE(CKM_X9_42_DH_KEY_PAIR_GEN);
+        CASE(CKM_X9_42_DH_PARAMETER_GEN);
+        CASE(CKM_X9_42_MQV_DERIVE);
+        CASE(CKM_XOR_BASE_AND_DATA);
+        default:
+            break;
     }
     if (a)
-	PR_LOG(modlog, 4, ("      mechanism = %s", a));
+        PR_LOG(modlog, 4, ("      mechanism = %s", a));
     else
-	PR_LOG(modlog, 4, ("      mechanism = 0x%p", m->mechanism));
+        PR_LOG(modlog, 4, ("      mechanism = 0x%p", m->mechanism));
 }
 
-static void get_key_type(CK_KEY_TYPE keyType, char *str, int len)
+static void
+get_key_type(CK_KEY_TYPE keyType, char *str, int len)
 {
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (keyType) {
-    CASE(CKK_AES);
-    CASE(CKK_CAMELLIA);
-    CASE(CKK_CDMF);
-    CASE(CKK_DES);
-    CASE(CKK_DES2);
-    CASE(CKK_DES3);
-    CASE(CKK_DH);
-    CASE(CKK_DSA);
-    CASE(CKK_EC);		/* also CASE(CKK_ECDSA); */
-    CASE(CKK_GENERIC_SECRET);
-    CASE(CKK_IDEA);
-    CASE(CKK_INVALID_KEY_TYPE);
-    CASE(CKK_KEA);
-    CASE(CKK_RC2);
-    CASE(CKK_RC4);
-    CASE(CKK_RC5);
-    CASE(CKK_RSA);
-    CASE(CKK_SKIPJACK);
-    CASE(CKK_TWOFISH);
-    CASE(CKK_X9_42_DH);
-    default: break;
+        CASE(CKK_AES);
+        CASE(CKK_CAMELLIA);
+        CASE(CKK_CDMF);
+        CASE(CKK_DES);
+        CASE(CKK_DES2);
+        CASE(CKK_DES3);
+        CASE(CKK_DH);
+        CASE(CKK_DSA);
+        CASE(CKK_EC); /* also CASE(CKK_ECDSA); */
+        CASE(CKK_GENERIC_SECRET);
+        CASE(CKK_IDEA);
+        CASE(CKK_INVALID_KEY_TYPE);
+        CASE(CKK_KEA);
+        CASE(CKK_RC2);
+        CASE(CKK_RC4);
+        CASE(CKK_RC5);
+        CASE(CKK_RSA);
+        CASE(CKK_SKIPJACK);
+        CASE(CKK_TWOFISH);
+        CASE(CKK_X9_42_DH);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", keyType);
+        PR_snprintf(str, len, "0x%p", keyType);
 }
 
-static void print_attr_value(CK_ATTRIBUTE_PTR attr)
+static void
+print_attr_value(CK_ATTRIBUTE_PTR attr)
 {
     char atype[48];
     char valstr[49];
     int len;
 
     get_attr_type_str(attr->type, atype, sizeof atype);
     switch (attr->type) {
-    case CKA_ALWAYS_SENSITIVE:
-    case CKA_DECRYPT:
-    case CKA_DERIVE:
-    case CKA_ENCRYPT:
-    case CKA_EXTRACTABLE:
-    case CKA_LOCAL:
-    case CKA_MODIFIABLE:
-    case CKA_NEVER_EXTRACTABLE:
-    case CKA_PRIVATE:
-    case CKA_SENSITIVE:
-    case CKA_SIGN:
-    case CKA_SIGN_RECOVER:
-    case CKA_TOKEN:
-    case CKA_UNWRAP:
-    case CKA_VERIFY:
-    case CKA_VERIFY_RECOVER:
-    case CKA_WRAP:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_BBOOL tf = *((CK_BBOOL *)attr->pValue);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, tf ? "CK_TRUE" : "CK_FALSE", attr->ulValueLen));
-	    break;
-	}
-    case CKA_CLASS:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_OBJECT_CLASS objClass = *((CK_OBJECT_CLASS *)attr->pValue);
-	    get_obj_class(objClass, valstr, sizeof valstr);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_TRUST_CLIENT_AUTH:
-    case CKA_TRUST_CODE_SIGNING:
-    case CKA_TRUST_EMAIL_PROTECTION:
-    case CKA_TRUST_SERVER_AUTH:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_TRUST trust = *((CK_TRUST *)attr->pValue);
-	    get_trust_val(trust, valstr, sizeof valstr);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_KEY_TYPE:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_KEY_TYPE keyType = *((CK_KEY_TYPE *)attr->pValue);
-	    get_key_type(keyType, valstr, sizeof valstr);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_PIXEL_X:
-    case CKA_PIXEL_Y:
-    case CKA_RESOLUTION:
-    case CKA_CHAR_ROWS:
-    case CKA_CHAR_COLUMNS:
-    case CKA_BITS_PER_PIXEL:
-    case CKA_CERTIFICATE_CATEGORY:  /* should print as enum/string */
-    case CKA_JAVA_MIDP_SECURITY_DOMAIN:  /* should print as enum/string */
-    case CKA_MODULUS_BITS:
-    case CKA_PRIME_BITS:
-    case CKA_SUBPRIME_BITS:
-    case CKA_VALUE_BITS:
-    case CKA_VALUE_LEN:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_ULONG valueLen = *((CK_ULONG *)attr->pValue);
-	    /* XXX check for the special value CK_UNAVAILABLE_INFORMATION */
-	    PR_LOG(modlog, 4, (fmt_s_lu, atype, (PRUint32)valueLen));
-	    break;
-	}
-    case CKA_LABEL:
-    case CKA_NSS_EMAIL:
-    case CKA_NSS_URL:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
-	    PR_snprintf(valstr, len, "%s", attr->pValue);
-	    PR_LOG(modlog, 4, (fmt_s_qsq_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_ISSUER:
-    case CKA_SUBJECT:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    char * asciiName;
-	    SECItem derName;
-	    derName.type = siDERNameBuffer;
-	    derName.data = attr->pValue;
-	    derName.len  = attr->ulValueLen;
-	    asciiName = CERT_DerNameToAscii(&derName);
-	    if (asciiName) {
-		PR_LOG(modlog, 4, (fmt_s_s_d, 
-		       atype, asciiName, attr->ulValueLen));
-	    	PORT_Free(asciiName);
-		break;
-	    }
-	    /* else treat like a binary buffer */
-	    goto binary_buffer;
-	}
-    case CKA_ID:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    unsigned char * pV = attr->pValue;
-	    for (len = (int)attr->ulValueLen; len > 0; --len) {
-		unsigned int ch = *pV++;
-		if (ch >= 0x20 && ch < 0x7f) 
-		    continue;
-		if (!ch && len == 1)  /* will ignore NUL if last character */
-		    continue;
-		break;
-	    }
-	    if (!len) {	/* entire string is printable */
-		len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
-		PR_snprintf(valstr, len, "%s", attr->pValue);
-		PR_LOG(modlog, 4, (fmt_s_qsq_d, 
-		       atype, valstr, attr->ulValueLen));
-		break;
-	    }
-	    /* else fall through and treat like a binary buffer */
-	}
-binary_buffer:
-    case CKA_SERIAL_NUMBER:
-    default:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    char * hexBuf;
-	    SECItem attrBuf;
-	    attrBuf.type = siDERNameBuffer;
-	    attrBuf.data = attr->pValue;
-	    attrBuf.len  = PR_MIN(attr->ulValueLen, (sizeof valstr)/2);
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_DECRYPT:
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_EXTRACTABLE:
+        case CKA_LOCAL:
+        case CKA_MODIFIABLE:
+        case CKA_NEVER_EXTRACTABLE:
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_SIGN:
+        case CKA_SIGN_RECOVER:
+        case CKA_TOKEN:
+        case CKA_UNWRAP:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_BBOOL tf = *((CK_BBOOL *)attr->pValue);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, tf ? "CK_TRUE" : "CK_FALSE", attr->ulValueLen));
+                break;
+            }
+        case CKA_CLASS:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_OBJECT_CLASS objClass = *((CK_OBJECT_CLASS *)attr->pValue);