Bug 858231: Update NSS to NSS 3.15 Beta 4. r=wtc.
authorWan-Teh Chang <wtc@google.com>
Fri, 10 May 2013 17:19:38 -0700
changeset 142572 06e3d7e19a09e4d5ac0dfe923603e47a1674e190
parent 142571 7a6b5a9da506ac2f916b6f5ebaa20b48d62b9b18
child 142573 244595f01a567e3718efd04ec8cf29e9fc351941
push id2579
push userakeybl@mozilla.com
push dateMon, 24 Jun 2013 18:52:47 +0000
treeherdermozilla-beta@b69b7de8a05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswtc
bugs858231
milestone23.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 858231: Update NSS to NSS 3.15 Beta 4. r=wtc.
security/nss/TAG-INFO
security/nss/cmd/.cvsignore
security/nss/cmd/Makefile
security/nss/cmd/addbuiltin/addbuiltin.c
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/certcgi/certcgi.c
security/nss/cmd/certutil/certext.c
security/nss/cmd/certutil/certutil.c
security/nss/cmd/certutil/keystuff.c
security/nss/cmd/checkcert/checkcert.c
security/nss/cmd/crlutil/crlgen.c
security/nss/cmd/crlutil/crlutil.c
security/nss/cmd/crmf-cgi/crmfcgi.c
security/nss/cmd/crmftest/testcrmf.c
security/nss/cmd/dbck/dbck.c
security/nss/cmd/dbck/dbrecover.c
security/nss/cmd/derdump/derdump.c
security/nss/cmd/ecperf/ecperf.c
security/nss/cmd/fipstest/fipstest.c
security/nss/cmd/lib/berparse.c
security/nss/cmd/lib/pppolicy.c
security/nss/cmd/lib/secutil.c
security/nss/cmd/makepqg/makepqg.c
security/nss/cmd/manifest.mn
security/nss/cmd/ocspclnt/ocspclnt.c
security/nss/cmd/ocspresp/ocspresp.c
security/nss/cmd/pk12util/pk12util.c
security/nss/cmd/pk1sign/pk1sign.c
security/nss/cmd/platlibs.mk
security/nss/cmd/selfserv/selfserv.c
security/nss/cmd/signver/pk7print.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/cmd/vfychain/vfychain.c
security/nss/coreconf/config.mk
security/nss/coreconf/coreconf.dep
security/nss/doc/.hgignore
security/nss/doc/Makefile
security/nss/doc/html/.hgignore
security/nss/lib/Makefile
security/nss/lib/base/arena.c
security/nss/lib/certdb/.cvsignore
security/nss/lib/certdb/alg1485.c
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/certi.h
security/nss/lib/certdb/certv3.c
security/nss/lib/certdb/certxutl.c
security/nss/lib/certdb/crl.c
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/genname.h
security/nss/lib/certdb/polcyxtn.c
security/nss/lib/certdb/secname.c
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/certdb/xauthkid.c
security/nss/lib/certdb/xbsconst.c
security/nss/lib/certdb/xconst.c
security/nss/lib/certdb/xconst.h
security/nss/lib/certhigh/certhigh.c
security/nss/lib/certhigh/certreq.c
security/nss/lib/certhigh/certvfy.c
security/nss/lib/certhigh/certvfypkix.c
security/nss/lib/certhigh/crlv2.c
security/nss/lib/certhigh/ocsp.c
security/nss/lib/certhigh/ocsp.h
security/nss/lib/certhigh/ocspi.h
security/nss/lib/certhigh/ocspti.h
security/nss/lib/crmf/asn1cmn.c
security/nss/lib/crmf/challcli.c
security/nss/lib/crmf/cmmfasn1.c
security/nss/lib/crmf/cmmfchal.c
security/nss/lib/crmf/cmmfi.h
security/nss/lib/crmf/cmmfit.h
security/nss/lib/crmf/cmmfrec.c
security/nss/lib/crmf/cmmfresp.c
security/nss/lib/crmf/crmfcont.c
security/nss/lib/crmf/crmfdec.c
security/nss/lib/crmf/crmfget.c
security/nss/lib/crmf/crmfi.h
security/nss/lib/crmf/crmfit.h
security/nss/lib/crmf/crmfpop.c
security/nss/lib/crmf/crmfreq.c
security/nss/lib/crmf/respcli.c
security/nss/lib/crmf/respcmn.c
security/nss/lib/crmf/servget.c
security/nss/lib/cryptohi/seckey.c
security/nss/lib/cryptohi/secsign.c
security/nss/lib/cryptohi/secvfy.c
security/nss/lib/dbm/include/mcom_db.h
security/nss/lib/freebl/arcfour.c
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/dh.c
security/nss/lib/freebl/dsa.c
security/nss/lib/freebl/ec.c
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/loader.h
security/nss/lib/freebl/md5.c
security/nss/lib/freebl/mpi/mpmontg.c
security/nss/lib/freebl/pqg.c
security/nss/lib/freebl/rsa.c
security/nss/lib/freebl/sha512.c
security/nss/lib/freebl/sha_fast.c
security/nss/lib/freebl/stubs.c
security/nss/lib/freebl/unix_rand.c
security/nss/lib/jar/jar.h
security/nss/lib/jar/jzlib.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h
security/nss/lib/manifest.mn
security/nss/lib/nss/nss.def
security/nss/lib/nss/utilwrap.c
security/nss/lib/pk11wrap/pk11akey.c
security/nss/lib/pk11wrap/pk11auth.c
security/nss/lib/pk11wrap/pk11mech.c
security/nss/lib/pk11wrap/pk11merge.c
security/nss/lib/pk11wrap/pk11nobj.c
security/nss/lib/pk11wrap/pk11obj.c
security/nss/lib/pk11wrap/pk11pars.c
security/nss/lib/pk11wrap/pk11pbe.c
security/nss/lib/pk11wrap/pk11pk12.c
security/nss/lib/pk11wrap/pk11pqg.c
security/nss/lib/pk11wrap/pk11slot.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/pk11wrap/secmodi.h
security/nss/lib/pk11wrap/secmodti.h
security/nss/lib/pkcs12/p12creat.c
security/nss/lib/pkcs12/p12d.c
security/nss/lib/pkcs12/p12e.c
security/nss/lib/pkcs12/p12exp.c
security/nss/lib/pkcs12/p12local.c
security/nss/lib/pkcs12/p12local.h
security/nss/lib/pkcs7/certread.c
security/nss/lib/pkcs7/p7common.c
security/nss/lib/pkcs7/p7create.c
security/nss/lib/pkcs7/p7decode.c
security/nss/lib/pkcs7/p7encode.c
security/nss/lib/pkcs7/p7local.c
security/nss/lib/pkcs7/p7local.h
security/nss/lib/pkcs7/secmime.c
security/nss/lib/pki/pki3hack.c
security/nss/lib/smime/cmsarray.c
security/nss/lib/smime/cmsattr.c
security/nss/lib/smime/cmscipher.c
security/nss/lib/smime/cmsdecode.c
security/nss/lib/smime/cmslocal.h
security/nss/lib/smime/cmsrecinfo.c
security/nss/lib/smime/cmssigdata.c
security/nss/lib/smime/cmssiginfo.c
security/nss/lib/smime/cmsudf.c
security/nss/lib/smime/cmsutil.c
security/nss/lib/smime/smimeutil.c
security/nss/lib/softoken/ecdecode.c
security/nss/lib/softoken/legacydb/lgcreate.c
security/nss/lib/softoken/legacydb/lowcert.c
security/nss/lib/softoken/legacydb/lowkey.c
security/nss/lib/softoken/legacydb/lowkeyi.h
security/nss/lib/softoken/legacydb/pcert.h
security/nss/lib/softoken/legacydb/pcertdb.c
security/nss/lib/softoken/legacydb/pcertt.h
security/nss/lib/softoken/lgglue.c
security/nss/lib/softoken/lgglue.h
security/nss/lib/softoken/lowpbe.c
security/nss/lib/softoken/lowpbe.h
security/nss/lib/softoken/padbuf.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/sftkdb.c
security/nss/lib/softoken/softoken.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3ecc.c
security/nss/lib/ssl/ssl3ext.c
security/nss/lib/ssl/ssl3gthr.c
security/nss/lib/ssl/ssl3prot.h
security/nss/lib/ssl/sslauth.c
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslinfo.c
security/nss/lib/ssl/sslsnce.c
security/nss/lib/ssl/sslsock.c
security/nss/lib/util/derenc.c
security/nss/lib/util/dersubr.c
security/nss/lib/util/dertime.c
security/nss/lib/util/nssb64d.c
security/nss/lib/util/nssb64e.c
security/nss/lib/util/quickder.c
security/nss/lib/util/secalgid.c
security/nss/lib/util/secasn1d.c
security/nss/lib/util/secasn1e.c
security/nss/lib/util/secder.h
security/nss/lib/util/secdig.c
security/nss/lib/util/secitem.c
security/nss/lib/util/sectime.c
security/nss/lib/util/utilpars.c
security/nss/lib/util/utilpars.h
security/nss/tests/cipher/cipher.sh
security/nss/tests/common/init.sh
security/patches/README
security/patches/bug-832272.patch
security/patches/bug-835919.patch
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_15_BETA3
+NSS_3_15_BETA4
deleted file mode 100644
--- a/security/nss/cmd/.cvsignore
+++ /dev/null
@@ -1,1 +0,0 @@
-.gdbinit
--- a/security/nss/cmd/Makefile
+++ b/security/nss/cmd/Makefile
@@ -10,21 +10,23 @@ DEPTH = ..
 include manifest.mn
 include $(CORE_DEPTH)/coreconf/config.mk
 
 ifdef BUILD_LIBPKIX_TESTS
 DIRS += libpkix
 endif
 
 ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
-BLTEST_SRCDIR=
-FIPSTEST_SRCDIR=
+BLTEST_SRCDIR =
+FIPSTEST_SRCDIR =
+SHLIBSIGN_SRCDIR =
 else
-BLTEST_SRCDIR      = bltest
-FIPSTEST_SRCDIR    = fipstest
+BLTEST_SRCDIR = bltest
+FIPSTEST_SRCDIR = fipstest
+SHLIBSIGN_SRCDIR = shlibsign
 endif
 
 LOWHASHTEST_SRCDIR=
 ifeq ($(FREEBL_LOWHASH),1)
 LOWHASHTEST_SRCDIR = lowhashtest  # Add the lowhashtest directory to DIRS.
 endif
 
 INCLUDES += \
--- a/security/nss/cmd/addbuiltin/addbuiltin.c
+++ b/security/nss/cmd/addbuiltin/addbuiltin.c
@@ -69,17 +69,17 @@ void print_crl_info(CERTName *name, SECI
 
     SECU_EnableWrap(saveWrapeState);
 }
 
 static SECStatus
 ConvertCRLEntry(SECItem *sdder, PRInt32 crlentry, char *nickname)
 {
     int rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedCrl *newCrl = NULL;
     CERTCrlEntry *entry;
     
     CERTName *name = NULL;
     SECItem *derName = NULL;
     SECItem *serial = NULL;
     
     rv = SEC_ERROR_NO_MEMORY;
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -20,17 +20,17 @@
 #include "secport.h"
 #include "secoid.h"
 #include "nssutil.h"
 
 #ifdef NSS_ENABLE_ECC
 #include "ecl-curve.h"
 SECStatus EC_DecodeParams(const SECItem *encodedParams, 
 	ECParams **ecparams);
-SECStatus EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
+SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
 	      const ECParams *srcParams);
 #endif
 
 /* Temporary - add debugging output on windows for RSA to track QA failure */
 #ifdef _WIN32
 #define TRACK_BLTEST_BUG
     char __bltDBG[] = "BLTEST DEBUG";
 #endif
@@ -202,17 +202,17 @@ static void Usage()
     exit(1);
 }
 
 /*  Helper functions for ascii<-->binary conversion/reading/writing */
 
 /* XXX argh */
 struct item_with_arena {
     SECItem	*item;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 };
 
 static PRInt32
 get_binary(void *arg, const unsigned char *ibuf, PRInt32 size)
 {
     struct item_with_arena *it = arg;
     SECItem *binary = it->item;
     SECItem *tmp;
@@ -226,17 +226,17 @@ get_binary(void *arg, const unsigned cha
 	SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
 	index = binary->len;
     }
     PORT_Memcpy(&binary->data[index], ibuf, size);
     return binary->len;
 }
 
 static SECStatus
-atob(SECItem *ascii, SECItem *binary, PRArenaPool *arena)
+atob(SECItem *ascii, SECItem *binary, PLArenaPool *arena)
 {
     SECStatus status;
     NSSBase64Decoder *cx;
     struct item_with_arena it;
     int len;
     binary->data = NULL;
     binary->len = 0;
     it.item = binary;
@@ -330,17 +330,17 @@ serialize_key(SECItem *it, int ni, PRFil
 	status = NSSBase64Encoder_Update(cx, len, 4);
 	status = NSSBase64Encoder_Update(cx, it->data, it->len);
     }
     status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
     status = PR_Write(file, "\r\n", 2);
 }
 
 void
-key_from_filedata(PRArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
+key_from_filedata(PLArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
 {
     int fpos = 0;
     int i, len;
     unsigned char *buf = filedata->data;
     for (i=0; i<ni; i++) {
 	len  = (buf[fpos++] & 0xff) << 24;
 	len |= (buf[fpos++] & 0xff) << 16;
 	len |= (buf[fpos++] & 0xff) <<  8;
@@ -359,54 +359,54 @@ key_from_filedata(PRArenaPool *arena, SE
 	fpos += len;
     }
 }
 
 static RSAPrivateKey *
 rsakey_from_filedata(SECItem *filedata)
 {
     RSAPrivateKey *key;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
     key->arena = arena;
     key_from_filedata(arena, &key->version, 0, 9, filedata);
     return key;
 }
 
 static PQGParams *
 pqg_from_filedata(SECItem *filedata)
 {
     PQGParams *pqg;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
     pqg->arena = arena;
     key_from_filedata(arena, &pqg->prime, 0, 3, filedata);
     return pqg;
 }
 
 static DSAPrivateKey *
 dsakey_from_filedata(SECItem *filedata)
 {
     DSAPrivateKey *key;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
     key->params.arena = arena;
     key_from_filedata(arena, &key->params.prime, 0, 5, filedata);
     return key;
 }
 
 #ifdef NSS_ENABLE_ECC
 static ECPrivateKey *
 eckey_from_filedata(SECItem *filedata)
 {
     ECPrivateKey *key;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv;
     ECParams *tmpECParams = NULL;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
     /* read and convert params */
     key->ecParams.arena = arena;
     key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata);
     rv = SECOID_Init();
@@ -622,17 +622,17 @@ typedef SECStatus (* bltestSymmCipherFn)
 					 unsigned int inputLen);
 
 typedef SECStatus (* bltestPubKeyCipherFn)(void *key,
 					   SECItem *output,
 					   const SECItem *input);
 
 typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest,
 					 const unsigned char *src,
-					 uint32 src_length);
+					 PRUint32 src_length);
 
 typedef enum {
     bltestINVALID = -1,
     bltestDES_ECB,	  /* Symmetric Key Ciphers */
     bltestDES_CBC,	  /* .			   */
     bltestDES_EDE_ECB,	  /* .			   */
     bltestDES_EDE_CBC,	  /* .			   */
     bltestRC2_ECB,	  /* .			   */
@@ -771,17 +771,17 @@ typedef union
     bltestECDSAParams	ecdsa;
 #endif
     bltestHashParams	hash;
 } bltestParams;
 
 typedef struct bltestCipherInfoStr bltestCipherInfo;
 
 struct  bltestCipherInfoStr {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     /* link to next in multithreaded test */
     bltestCipherInfo *next;
     PRThread         *cipherThread;
 
     /* MonteCarlo test flag*/
     PRBool mCarlo;
     /* cipher context */
     void *cx;
@@ -882,17 +882,17 @@ cipher_requires_IV(bltestCipherMode mode
 	mode == bltestCAMELLIA_CBC || mode == bltestSEED_CBC)
 	return PR_TRUE;
     return PR_FALSE;
 }
 
 SECStatus finishIO(bltestIO *output, PRFileDesc *file);
 
 SECStatus
-setupIO(PRArenaPool *arena, bltestIO *input, PRFileDesc *file,
+setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file,
 	char *str, int numBytes)
 {
     SECStatus rv = SECSuccess;
     SECItem fileData;
     SECItem *in;
     unsigned char *tok;
     unsigned int i, j;
 
@@ -1011,29 +1011,29 @@ finishIO(bltestIO *output, PRFileDesc *f
 	}
 	PR_Write(file, "\n", 1);
 	break;
     }
     return rv;
 }
 
 void
-bltestCopyIO(PRArenaPool *arena, bltestIO *dest, bltestIO *src)
+bltestCopyIO(PLArenaPool *arena, bltestIO *dest, bltestIO *src)
 {
     SECITEM_CopyItem(arena, &dest->buf, &src->buf);
     if (src->pBuf.len > 0) {
 	dest->pBuf.len = src->pBuf.len;
 	dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data);
     }
     dest->mode = src->mode;
     dest->file = src->file;
 }
 
 void
-misalignBuffer(PRArenaPool *arena, bltestIO *io, int off)
+misalignBuffer(PLArenaPool *arena, bltestIO *io, int off)
 {
     ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE;
     int length = io->buf.len;
     if (offset != off) {
 	SECITEM_ReallocItem(arena, &io->buf, length, length + 2*WORDSIZE);
 	io->buf.len = length + 2*WORDSIZE; /* why doesn't realloc do this? */
 	/* offset may have changed? */
 	offset = (ptrdiff_t)io->buf.data % WORDSIZE;
@@ -1676,30 +1676,30 @@ bltest_ecdsa_init(bltestCipherInfo *ciph
 	cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
     }
     return SECSuccess;
 }
 #endif
 
 /* XXX unfortunately, this is not defined in blapi.h */
 SECStatus
-md2_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+md2_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     unsigned int len;
     MD2Context *cx = MD2_NewContext();
     if (cx == NULL) return SECFailure;
     MD2_Begin(cx);
     MD2_Update(cx, src, src_length);
     MD2_End(cx, dest, &len, MD2_LENGTH);
     MD2_DestroyContext(cx, PR_TRUE);
     return SECSuccess;
 }
 
 SECStatus
-md2_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+md2_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     MD2Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     SECStatus rv = SECSuccess;
     cx = MD2_NewContext();
     MD2_Begin(cx);
@@ -1727,17 +1727,17 @@ md2_restart(unsigned char *dest, const u
     }
     MD2_End(cx, dest, &len, MD2_LENGTH);
 finish:
     MD2_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-md5_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+md5_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     MD5Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = MD5_NewContext();
     MD5_Begin(cx);
@@ -1766,17 +1766,17 @@ md5_restart(unsigned char *dest, const u
     }
     MD5_End(cx, dest, &len, MD5_LENGTH);
 finish:
     MD5_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-sha1_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+sha1_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA1Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA1_NewContext();
     SHA1_Begin(cx);
@@ -1805,17 +1805,17 @@ sha1_restart(unsigned char *dest, const 
     }
     SHA1_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA1_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA224_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA224Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA224_NewContext();
     SHA224_Begin(cx);
@@ -1845,17 +1845,17 @@ SHA224_restart(unsigned char *dest, cons
     }
     SHA224_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA224_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA256_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA256Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA256_NewContext();
     SHA256_Begin(cx);
@@ -1884,17 +1884,17 @@ SHA256_restart(unsigned char *dest, cons
     }
     SHA256_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA256_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA384_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA384_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA384Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA384_NewContext();
     SHA384_Begin(cx);
@@ -1923,17 +1923,17 @@ SHA384_restart(unsigned char *dest, cons
     }
     SHA384_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA384_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA512_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA512_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA512Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA512_NewContext();
     SHA512_Begin(cx);
@@ -2863,31 +2863,31 @@ get_mode(const char *modestring)
     for (mode=0; mode<nummodes; mode++)
 	if (PL_strcmp(modestring, mode_strings[mode]) == 0)
 	    return mode;
     fprintf(stderr, "%s: invalid mode: %s\n", progName, modestring);
     return bltestINVALID;
 }
 
 void
-load_file_data(PRArenaPool *arena, bltestIO *data,
+load_file_data(PLArenaPool *arena, bltestIO *data,
 	       char *fn, bltestIOMode ioMode)
 {
     PRFileDesc *file;
     data->mode = ioMode;
     data->file = NULL; /* don't use -- not saving anything */
     data->pBuf.data = NULL;
     data->pBuf.len = 0;
     file = PR_Open(fn, PR_RDONLY, 00660);
     if (file)
 	setupIO(arena, data, file, NULL, 0);
 }
 
 void
-get_params(PRArenaPool *arena, bltestParams *params, 
+get_params(PLArenaPool *arena, bltestParams *params,
 	   bltestCipherMode mode, int j)
 {
     char filename[256];
     char *modestr = mode_strings[mode];
 #ifdef NSS_SOFTOKEN_DOES_RC5
     FILE *file;
     char *mark, *param, *val;
     int index = 0;
@@ -3047,17 +3047,17 @@ blapi_selftest(bltestCipherMode *modes, 
     bltestCipherInfo cipherInfo;
     bltestIO pt, ct;
     bltestCipherMode mode;
     bltestParams *params;
     int i, j, nummodes, numtests;
     char *modestr;
     char filename[256];
     PRFileDesc *file;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECItem item;
     PRBool finished;
     SECStatus rv = SECSuccess, srv;
 
     PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo));
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     cipherInfo.arena = arena;
 
@@ -3224,17 +3224,17 @@ blapi_selftest(bltestCipherMode *modes, 
     }
     return rv;
 }
 
 SECStatus
 dump_file(bltestCipherMode mode, char *filename)
 {
     bltestIO keydata;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     if (mode == bltestRSA) {
 	RSAPrivateKey *key;
 	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
 	key = rsakey_from_filedata(&keydata.buf);
 	dump_rsakey(key);
     } else if (mode == bltestDSA) {
 #if 0
@@ -3837,17 +3837,17 @@ int main(int argc, char **argv)
         cipherInfo->mCarlo = PR_FALSE;
     }
 
     for (curThrdNum = 0;curThrdNum < threads;curThrdNum++) {
         int            keysize = 0;
         PRFileDesc     *file = NULL, *infile;
         bltestParams   *params;
         char           *instr = NULL;
-        PRArenaPool    *arena;
+        PLArenaPool    *arena;
 
         if (curThrdNum > 0) {
             bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo);
             if (!newCInfo) {
                 fprintf(stderr, "%s: Can not allocate  memory.\n", progName);
                 goto exit_point;
             }
             newCInfo->mode = cipherInfo->mode;
--- a/security/nss/cmd/certcgi/certcgi.c
+++ b/security/nss/cmd/certcgi/certcgi.c
@@ -638,21 +638,21 @@ get_serial_number(Pair  *data)
 	}
     }
     return serial;
 }
 	
 
 
 typedef SECStatus (* EXTEN_VALUE_ENCODER)
-		(PRArenaPool *extHandle, void *value, SECItem *encodedValue);
+		(PLArenaPool *extHandle, void *value, SECItem *encodedValue);
 
 static SECStatus 
 EncodeAndAddExtensionValue(
-	PRArenaPool          *arena, 
+	PLArenaPool          *arena,
 	void                 *extHandle, 
 	void                 *value, 
 	PRBool 		     criticality,
 	int 		     extenType, 
 	EXTEN_VALUE_ENCODER  EncodeValueFn)
 {
     SECItem                  encodedValue;
     SECStatus                rv;
@@ -708,20 +708,20 @@ AddKeyUsage (void  *extHandle,
 	     (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
 
 }
 
 static CERTOidSequence *
 CreateOidSequence(void)
 {
   CERTOidSequence *rv = (CERTOidSequence *)NULL;
-  PRArenaPool *arena = (PRArenaPool *)NULL;
+  PLArenaPool *arena = (PLArenaPool *)NULL;
 
   arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-  if( (PRArenaPool *)NULL == arena ) {
+  if( (PLArenaPool *)NULL == arena ) {
     goto loser;
   }
 
   rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
   if( (CERTOidSequence *)NULL == rv ) {
     goto loser;
   }
 
@@ -729,17 +729,17 @@ CreateOidSequence(void)
   if( (SECItem **)NULL == rv->oids ) {
     goto loser;
   }
 
   rv->arena = arena;
   return rv;
 
  loser:
-  if( (PRArenaPool *)NULL != arena ) {
+  if( (PLArenaPool *)NULL != arena ) {
     PORT_FreeArena(arena, PR_FALSE);
   }
 
   return (CERTOidSequence *)NULL;
 }
 
 static SECStatus
 AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
@@ -936,17 +936,17 @@ AddSubKeyID(void             *extHandle,
 
 static SECStatus 
 AddAuthKeyID (void              *extHandle,
 	      Pair              *data, 
 	      char              *issuerNameStr, 
 	      CERTCertDBHandle  *handle)
 {
     CERTAuthKeyID               *authKeyID = NULL;    
-    PRArenaPool                 *arena = NULL;
+    PLArenaPool                 *arena = NULL;
     SECStatus                   rv = SECSuccess;
     CERTCertificate             *issuerCert = NULL;
     CERTGeneralName             *genNames;
     CERTName                    *directoryName = NULL;
 
 
     issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1008,17 +1008,17 @@ AddAuthKeyID (void              *extHand
 
 static SECStatus 
 AddPrivKeyUsagePeriod(void             *extHandle, 
 		      Pair             *data, 
 		      CERTCertificate  *cert)
 {
     char *notBeforeStr;
     char *notAfterStr;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     CERTPrivKeyUsagePeriod *pkup;
 
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	error_allocate();
     }
@@ -1434,24 +1434,24 @@ string_to_binary(char  *string)
     }
     rv->len = 0;
     while (*string != '\0') {
 	if (isxdigit(*string)) {
 	    if (*string >= '0' && *string <= '9') {
 		high_digit = *string - '0';
 	    } else {
 		*string = toupper(*string);
-		high_digit = *string - 'A';
+		high_digit = *string - 'A' + 10;
 	    }
 	    string++;
 	    if (*string >= '0' && *string <= '9') {
 		low_digit = *string - '0';
 	    } else {
 		*string = toupper(*string);
-		low_digit = *string = 'A';
+		low_digit = *string - 'A' + 10;
 	    }
 	    (rv->len)++;
 	} else {
 	    if (*string == ':') {
 		string++;
 	    } else {
 		if (*string == ' ') {
 		    while (*string == ' ') {
@@ -1466,17 +1466,17 @@ string_to_binary(char  *string)
     }
 
     return rv;
 }
 
 static SECStatus
 MakeGeneralName(char             *name, 
 		CERTGeneralName  *genName,
-		PRArenaPool      *arena)
+		PLArenaPool      *arena)
 {
     SECItem                      *oid;
     SECOidData                   *oidData;
     SECItem                      *ipaddress;
     SECItem                      *temp = NULL;
     int                          i;
     int                          nameType;
     PRBool                       binary = PR_FALSE;
@@ -1606,17 +1606,17 @@ MakeGeneralName(char             *name,
     genName->l.prev = &(genName->l);
     return rv;
 }
 
 
 static CERTGeneralName *
 MakeAltName(Pair             *data, 
 	    char             *which, 
-	    PRArenaPool      *arena)
+	    PLArenaPool      *arena)
 {
     CERTGeneralName          *SubAltName;
     CERTGeneralName          *current;
     CERTGeneralName          *newname;
     char                     *name = NULL;
     SECStatus                rv = SECSuccess;
     int                      len;
     
@@ -1667,17 +1667,17 @@ MakeAltName(Pair             *data,
     if (rv == SECFailure) {
 	return NULL;
     }
     return SubAltName;
 }
 
 static CERTNameConstraints *
 MakeNameConstraints(Pair             *data, 
-		    PRArenaPool      *arena)
+		    PLArenaPool      *arena)
 {
     CERTNameConstraints      *NameConstraints;
     CERTNameConstraint       *current = NULL;
     CERTNameConstraint       *last_permited = NULL;
     CERTNameConstraint       *last_excluded = NULL;
     char                     *constraint = NULL;
     char                     *which;
     SECStatus                rv = SECSuccess;
@@ -1789,17 +1789,17 @@ MakeNameConstraints(Pair             *da
 static SECStatus
 AddAltName(void              *extHandle,
 	   Pair              *data,
 	   char              *issuerNameStr, 
 	   CERTCertDBHandle  *handle,
 	   int               type)
 {
     PRBool             autoIssuer = PR_FALSE;
-    PRArenaPool        *arena = NULL;
+    PLArenaPool        *arena = NULL;
     CERTGeneralName    *genName = NULL;
     char               *which = NULL;
     char               *name = NULL;
     SECStatus          rv = SECSuccess;
     SECItem            *issuersAltName = NULL;
     CERTCertificate    *issuerCert = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1859,17 +1859,17 @@ AddAltName(void              *extHandle,
     return rv;
 }
 
 
 static SECStatus
 AddNameConstraints(void  *extHandle,
 		   Pair  *data)
 {
-    PRArenaPool         *arena = NULL;
+    PLArenaPool         *arena = NULL;
     CERTNameConstraints *constraints = NULL;
     SECStatus           rv = SECSuccess;
 
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	error_allocate();
     }
@@ -2106,17 +2106,17 @@ SignCert(CERTCertificate   *cert,
 	 char              *issuerNameStr,
 	 Pair              *data,
 	 CERTCertDBHandle  *handle,
          int               which_key)
 {
     SECItem                der;
     SECKEYPrivateKey       *caPrivateKey = NULL;
     SECStatus              rv;
-    PRArenaPool            *arena;
+    PLArenaPool            *arena;
     SECOidTag              algID;
 
     if (which_key == 0) {
 	caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); 
     } else {
 	caPrivateKey = privkeys[which_key - 1];
     }
     if (caPrivateKey == NULL) {
--- a/security/nss/cmd/certutil/certext.c
+++ b/security/nss/cmd/certutil/certext.c
@@ -73,17 +73,17 @@ PrintChoicesAndGetAnswer(char* str, char
     if (Gets_s(rBuff, rSize) == NULL) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
     return SECSuccess;
 }
 
 static CERTGeneralName *
-GetGeneralName(PRArenaPool *arena, CERTGeneralName *useExistingName, PRBool onlyOne)
+GetGeneralName(PLArenaPool *arena, CERTGeneralName *useExistingName, PRBool onlyOne)
 {
     CERTGeneralName *namesList = NULL;
     CERTGeneralName *current;
     CERTGeneralName *tail = NULL;
     SECStatus rv = SECSuccess;
     int intValue;
     char buffer[512];
     void *mark;
@@ -209,23 +209,23 @@ GetGeneralName(PRArenaPool *arena, CERTG
     if (rv != SECSuccess) {
         PORT_ArenaRelease (arena, mark);
         namesList = NULL;
     }
     return (namesList);
 }
 
 static CERTGeneralName *
-CreateGeneralName(PRArenaPool *arena)
+CreateGeneralName(PLArenaPool *arena)
 {
   return GetGeneralName(arena, NULL, PR_FALSE);
 }
 
 static SECStatus 
-GetString(PRArenaPool *arena, char *prompt, SECItem *value)
+GetString(PLArenaPool *arena, char *prompt, SECItem *value)
 {
     char buffer[251];
     char *buffPrt;
 
     buffer[0] = '\0';
     value->data = NULL;
     value->len = 0;
     
@@ -373,20 +373,20 @@ AddKeyUsage (void *extHandle, const char
 
 }
 
 
 static CERTOidSequence *
 CreateOidSequence(void)
 {
     CERTOidSequence *rv = (CERTOidSequence *)NULL;
-    PRArenaPool *arena = (PRArenaPool *)NULL;
+    PLArenaPool *arena = (PLArenaPool *)NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if( (PRArenaPool *)NULL == arena ) {
+    if( (PLArenaPool *)NULL == arena ) {
         goto loser;
     }
 
     rv = (CERTOidSequence *)PORT_ArenaZNew(arena, CERTOidSequence);
     if( (CERTOidSequence *)NULL == rv ) {
         goto loser;
     }
 
@@ -394,17 +394,17 @@ CreateOidSequence(void)
     if( (SECItem **)NULL == rv->oids ) {
         goto loser;
     }
 
     rv->arena = arena;
     return rv;
 
 loser:
-    if( (PRArenaPool *)NULL != arena ) {
+    if( (PLArenaPool *)NULL != arena ) {
         PORT_FreeArena(arena, PR_FALSE);
     }
 
     return (CERTOidSequence *)NULL;
 }
 
 static void
 DestroyOidSequence(CERTOidSequence *os)
@@ -661,17 +661,17 @@ AddNscpCertType (void *extHandle, const 
 
     return (CERT_EncodeAndAddBitStrExtension
             (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
              isCriticalExt));
 
 }
 
 static SECStatus 
-AddSubjectAltNames(PRArenaPool *arena, CERTGeneralName **existingListp,
+AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
                    const char *names, CERTGeneralNameType type)
 {
     CERTGeneralName *nameList = NULL;
     CERTGeneralName *current = NULL;
     PRCList *prev = NULL;
     const char *cp;
     char *tbuf;
     SECStatus rv = SECSuccess;
@@ -730,25 +730,25 @@ AddSubjectAltNames(PRArenaPool *arena, C
             current->l.next = &(nameList->l);
             *existingListp = nameList;
         }
     }
     return rv;
 }
 
 static SECStatus 
-AddEmailSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp,
+AddEmailSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
                    const char *emailAddrs)
 {
     return AddSubjectAltNames(arena, existingListp, emailAddrs, 
                               certRFC822Name);
 }
 
 static SECStatus 
-AddDNSSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp,
+AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
                  const char *dnsNames)
 {
     return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName);
 }
 
 
 static SECStatus 
 AddBasicConstraint(void *extHandle)
@@ -779,17 +779,17 @@ AddBasicConstraint(void *extHandle)
     } while (0);
 
     return (rv);
 }
 
 static SECStatus 
 AddNameConstraints(void *extHandle)
 {
-    PRArenaPool              *arena = NULL;
+    PLArenaPool              *arena = NULL;
     CERTNameConstraints      *constraints = NULL;
 
     CERTNameConstraint       *current = NULL;
     CERTNameConstraint       *last_permited = NULL;
     CERTNameConstraint       *last_excluded = NULL;
     SECStatus                rv = SECSuccess;
 
     char buffer[512];
@@ -874,17 +874,17 @@ AddNameConstraints(void *extHandle)
         PORT_FreeArena(arena, PR_FALSE);
     return (rv);
 }
 
 static SECStatus 
 AddAuthKeyID (void *extHandle)
 {
     CERTAuthKeyID *authKeyID = NULL;    
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     PRBool yesNoAns;
 
     do {
         arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
         if ( !arena ) {
             SECU_PrintError(progName, "out of memory");
             GEN_BREAK (SECFailure);
@@ -927,17 +927,17 @@ AddAuthKeyID (void *extHandle)
         PORT_FreeArena (arena, PR_FALSE);
     return (rv);
 }   
     
 static SECStatus 
 AddSubjKeyID (void *extHandle)
 {
     SECItem keyID;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     PRBool yesNoAns;
 
     do {
         arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
         if ( !arena ) {
             SECU_PrintError(progName, "out of memory");
             GEN_BREAK (SECFailure);
@@ -963,17 +963,17 @@ AddSubjKeyID (void *extHandle)
     if (arena)
         PORT_FreeArena (arena, PR_FALSE);
     return (rv);
 }   
 
 static SECStatus 
 AddCrlDistPoint(void *extHandle)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTCrlDistributionPoints *crlDistPoints = NULL;
     CRLDistributionPoint *current;
     SECStatus rv = SECSuccess;
     int count = 0, intValue;
     char buffer[512];
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena )
@@ -1104,17 +1104,17 @@ AddCrlDistPoint(void *extHandle)
 }
 
 
 
 static SECStatus 
 AddPolicyConstraints(void *extHandle)
 {
     CERTCertificatePolicyConstraints *policyConstr;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     SECItem *item, *dummy;
     char buffer[512];
     int value;
     PRBool yesNoAns;
     PRBool skipExt = PR_TRUE;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1188,17 +1188,17 @@ loser:
     return (rv);
 }
 
 
 static SECStatus 
 AddInhibitAnyPolicy(void *extHandle)
 {
     CERTCertificateInhibitAny certInhibitAny;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     SECItem *item, *dummy;
     char buffer[10];
     int value;
     PRBool yesNoAns;
     
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1237,17 +1237,17 @@ loser:
 }
 
 
 static SECStatus 
 AddPolicyMappings(void *extHandle)
 {
     CERTPolicyMap **policyMapArr = NULL;
     CERTPolicyMap *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
         SECU_PrintError(progName, "out of memory");
         return SECFailure;
@@ -1329,17 +1329,17 @@ AddPolicyMappings(void *extHandle)
 
 enum PoliciQualifierEnum {
     cpsPointer = 1,
     userNotice = 2
 };
 
 
 static CERTPolicyQualifier **
-RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
+RequestPolicyQualifiers(PLArenaPool *arena, SECItem *policyID)
 {
     CERTPolicyQualifier **policyQualifArr = NULL;
     CERTPolicyQualifier *current;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
     void *mark;
     SECOidData *oid = NULL;
@@ -1524,17 +1524,17 @@ RequestPolicyQualifiers(PRArenaPool *are
     return (policyQualifArr);
 }
 
 static SECStatus 
 AddCertPolicies(void *extHandle)
 {
     CERTPolicyInfo **certPoliciesArr = NULL;
     CERTPolicyInfo *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
         SECU_PrintError(progName, "out of memory");
         return SECFailure;
@@ -1621,17 +1621,17 @@ enum SubjInfoAccessTypesEnum {
 };
     
 /* Encode and add an AIA or SIA extension */
 static SECStatus 
 AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
 {
     CERTAuthInfoAccess **infoAccArr = NULL;
     CERTAuthInfoAccess *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
     SECOidData *oid = NULL;
     int intValue = 0;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
@@ -1860,17 +1860,17 @@ AddExtensions(void *extHandle, const cha
             rv = AddInhibitAnyPolicy(extHandle);
             if (rv) {
 		errstring = "InhibitAnyPolicy";
                 break;
 	    }
         }
 
         if (emailAddrs || dnsNames) {
-            PRArenaPool *arena;
+            PLArenaPool *arena;
             CERTGeneralName *namelist = NULL;
             SECItem item = { 0, NULL, 0 };
             
             arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
             if (arena == NULL) {
                 rv = SECFailure;
                 break;
             }
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -46,17 +46,17 @@
 
 char *progName;
 
 static CERTCertificateRequest *
 GetCertRequest(const SECItem *reqDER)
 {
     CERTCertificateRequest *certReq = NULL;
     CERTSignedData signedData;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
 
     do {
 	arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
 	if (arena == NULL) {
 	    GEN_BREAK (SECFailure);
 	}
 	
@@ -185,17 +185,17 @@ CertReq(SECKEYPrivateKey *privk, SECKEYP
         certutilExtnList extnList,
         /*out*/ SECItem *result)
 {
     CERTSubjectPublicKeyInfo *spki;
     CERTCertificateRequest *cr;
     SECItem *encoding;
     SECOidTag signAlgTag;
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     void *extHandle;
     SECItem signedReq = { siBuffer, NULL, 0 };
 
     /* Create info about public key */
     spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
     if (!spki) {
 	SECU_PrintError(progName, "unable to create subject public key");
 	return SECFailure;
@@ -596,17 +596,17 @@ DeleteCert(CERTCertDBHandle *handle, cha
 
 static SECStatus
 ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
              char *certUsage, PRBool checkSig, PRBool logit,
              PRBool ascii, secuPWData *pwdata)
 {
     SECStatus rv;
     CERTCertificate *cert = NULL;
-    int64 timeBoundary;
+    PRTime timeBoundary;
     SECCertificateUsage usage;
     CERTVerifyLog reallog;
     CERTVerifyLog *log = NULL;
 
     if (!certUsage) {
 	    PORT_SetError (SEC_ERROR_INVALID_ARGS);
 	    return (SECFailure);
     }
@@ -1715,17 +1715,17 @@ MakeV1Cert(	CERTCertDBHandle *	handle,
 static SECStatus
 SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, 
          SECOidTag hashAlgTag,
          SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg)
 {
     SECItem der;
     SECKEYPrivateKey *caPrivateKey = NULL;    
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECOidTag algID;
     void *dummy;
 
     if( !selfsign ) {
       CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
       if( (CERTCertificate *)NULL == issuer ) {
         SECU_PrintError(progName, "unable to find issuer with nickname %s", 
 	                issuerNickName);
--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -200,17 +200,17 @@ static const SECKEYPQGParams default_pqg
     { 0, (unsigned char *)G, sizeof(G) }
 };
 
 static SECKEYPQGParams *
 decode_pqg_params(const char *str)
 {
     char *buf;
     unsigned int len;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECKEYPQGParams *params;
     SECStatus status;
  
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
         return NULL;
  
     params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
--- a/security/nss/cmd/checkcert/checkcert.c
+++ b/security/nss/cmd/checkcert/checkcert.c
@@ -196,17 +196,17 @@ OurVerifySignedData(CERTSignedData *sd, 
 }
 
 
 
 
 static
 CERTCertificate *createEmptyCertificate(void)
 {
-    PRArenaPool *arena = 0;
+    PLArenaPool *arena = 0;
     CERTCertificate *c = 0;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	return 0;
     }
 
 
@@ -227,17 +227,17 @@ CERTCertificate *createEmptyCertificate(
 
 int main(int argc, char **argv)
 {
     int rv, verbose=0, force=0;
     int ascii=0, issuerAscii=0;
     char *progName=0;
     PRFileDesc *inFile=0, *issuerCertFile=0;
     SECItem derCert, derIssuerCert;
-    PRArenaPool *arena=0;
+    PLArenaPool *arena=0;
     CERTSignedData *signedData=0;
     CERTCertificate *cert=0, *issuerCert=0;
     SECKEYPublicKey *rsapubkey=0;
     SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
     SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
     SECItem spk;
     int selfSigned=0;
     int invalid=0;
--- a/security/nss/cmd/crlutil/crlgen.c
+++ b/security/nss/cmd/crlutil/crlgen.c
@@ -143,17 +143,17 @@ crlgen_CommitEntryData(PLHashEntry *he, 
     }
     return HT_ENUMERATE_NEXT;
 }
 
 
 
 /* Copy char * datainto allocated in arena SECItem */
 static SECStatus 
-crlgen_SetString(PRArenaPool *arena, const char *dataIn, SECItem *value)
+crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value)
 {
     SECItem item;
 
     PORT_Assert(arena && dataIn);
     if (!arena || !dataIn) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -161,17 +161,17 @@ crlgen_SetString(PRArenaPool *arena, con
     item.data = (void*)dataIn;
     item.len = PORT_Strlen(dataIn);
 
     return SECITEM_CopyItem(arena, value, &item);
 }
 
 /* Creates CERTGeneralName from parsed data for the Authority Key Extension */
 static CERTGeneralName *
-crlgen_GetGeneralName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData,
+crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
                        const char *data)
 {
     CERTGeneralName *namesList = NULL;
     CERTGeneralName *current;
     CERTGeneralName *tail = NULL;
     SECStatus rv = SECSuccess;
     const char *nextChunk = NULL;
     const char *currData = NULL;
@@ -309,17 +309,17 @@ crlgen_GetGeneralName (PRArenaPool *aren
         PORT_ArenaRelease (arena, mark);
         namesList = NULL;
     }
     return (namesList);
 }
 
 /* Creates CERTGeneralName from parsed data for the Authority Key Extension */
 static CERTGeneralName *
-crlgen_DistinguishedName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData,
+crlgen_DistinguishedName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
                           const char *data)
 {
     CERTName *directoryName = NULL;
     CERTGeneralName *current;
     SECStatus rv = SECFailure;
     void *mark;
 
     if (!data)
@@ -360,17 +360,17 @@ crlgen_DistinguishedName (PRArenaPool *a
 
 /* Adding Authority Key ID extension to extension handle. */
 static SECStatus 
 crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData,
                      const char **dataArr)
 {
     void *extHandle = NULL;
     CERTAuthKeyID *authKeyID = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
 
     PORT_Assert(dataArr && crlGenData);
     if (!crlGenData || !dataArr) {
         return SECFailure;
     }
 
     extHandle = crlGenData->crlExtHandle;
@@ -424,17 +424,17 @@ crlgen_AddAuthKeyID (CRLGENGeneratorData
 } 
 
 /* Creates and add Subject Alternative Names extension */
 static SECStatus 
 crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData,
                           const char **dataArr)
 {
     CERTGeneralName *nameList = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     void *extHandle = NULL;
     SECStatus rv = SECSuccess;
 
 
     PORT_Assert(dataArr && crlGenData);
     if (!crlGenData || !dataArr) {
         return SECFailure;
     }
@@ -484,17 +484,17 @@ crlgen_AddIssuerAltNames(CRLGENGenerator
 }
 
 /* Creates and adds CRLNumber extension to extension handle.
  * Since, this is CRL extension, extension handle is the one 
  * related to CRL extensions */
 static SECStatus
 crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECItem encodedItem;
     void *extHandle = crlGenData->crlExtHandle;
     void *dummy;
     SECStatus rv = SECFailure;
     int code = 0;
 
     PORT_Assert(dataArr && crlGenData);
     if (!crlGenData || !dataArr) {
@@ -535,17 +535,17 @@ crlgen_AddCrlNumber(CRLGENGeneratorData 
     return rv;
 
 }
 
 
 /* Creates Cert Revocation Reason code extension. Encodes it and
  * returns as SECItem structure */
 static SECItem*
-crlgen_CreateReasonCode(PRArenaPool *arena, const char **dataArr,
+crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
                         int *extCode)
 {
     SECItem *encodedItem;
     void *dummy;
     void *mark;
     int code = 0;
 
     PORT_Assert(arena && dataArr);
@@ -585,17 +585,17 @@ crlgen_CreateReasonCode(PRArenaPool *are
   loser:
     PORT_ArenaRelease (arena, mark);
     return NULL;
 }
 
 /* Creates Cert Invalidity Date extension. Encodes it and
  * returns as SECItem structure */
 static SECItem*
-crlgen_CreateInvalidityDate(PRArenaPool *arena, const char **dataArr,
+crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
                        int *extCode)
 {
     SECItem *encodedItem;
     int length = 0;
     void *mark;
 
     PORT_Assert(arena && dataArr);
     if (!arena || !dataArr) {
@@ -629,26 +629,26 @@ crlgen_CreateInvalidityDate(PRArenaPool 
 }
 
 /* Creates(by calling extCreator function) and adds extension to a set
  * of already added certs. Uses values of rangeFrom and rangeTo from
  * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */
 static SECStatus
 crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
                          const char **dataArr, char *extName,
-                         SECItem* (*extCreator)(PRArenaPool *arena,
+                         SECItem* (*extCreator)(PLArenaPool *arena,
                                                 const char **dataArr,
                                                 int *extCode))
 {
     PRUint64 i = 0;
     SECStatus rv = SECFailure;
     int extCode = 0;
     PRUint64 lastRange ;
     SECItem *ext = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
 
     PORT_Assert(crlGenData &&  dataArr);
     if (!crlGenData || !dataArr) {
         goto loser;
     } 
     
     if (!dataArr[0] || !dataArr[1]) {
@@ -714,17 +714,17 @@ crlgen_AddEntryExtension(CRLGENGenerator
 
 
 /* Commits all added entries and their's extensions into CRL. */
 SECStatus
 CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData)
 {
     int size = 0;
     CERTCrl *crl;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv = SECSuccess;
     void *mark;
 
     PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena);
     if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -893,17 +893,17 @@ crlgen_SetIssuerField(CRLGENGeneratorDat
 }
 
 /* Encode and sets CRL thisUpdate and nextUpdate time fields*/
 static SECStatus
 crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value,
                     PRBool setThisUpdate)
 {
     CERTSignedCrl *signCrl;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCrl *crl;
     int length = 0;
     SECItem *timeDest = NULL;
 
     PORT_Assert(crlGenData && crlGenData->signCrl &&
                 crlGenData->signCrl->arena);
     if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -982,17 +982,17 @@ crlgen_AddExtension(CRLGENGeneratorData 
  * adds it to entryDataHashTable. certId can be a single cert serial
  * number or an inclusive rage of certs */
 static SECStatus
 crlgen_AddCert(CRLGENGeneratorData *crlGenData,
         char *certId, char *revocationDate)
 {
     CERTSignedCrl *signCrl;
     SECItem *certIdItem;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     PRUint64 rangeFrom = 0, rangeTo = 0, i = 0;
     int timeValLength = -1;
     SECStatus rv = SECFailure;
     void *mark;
 
 
     PORT_Assert(crlGenData && crlGenData->signCrl &&
                 crlGenData->signCrl->arena);
@@ -1074,17 +1074,17 @@ crlgen_AddCert(CRLGENGeneratorData *crlG
 
 
 /* Removes certs from entryDataHashTable which have certId serial number.
  * certId can have value of a range of certs */
 static SECStatus
 crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId)
 {
     PRUint64 i = 0;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 
     PORT_Assert(crlGenData && certId);
     if (!crlGenData || !certId) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     arena = crlGenData->signCrl->arena;
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -33,17 +33,17 @@ static CERTSignedCrl *FindCRL
     SECItem derName;
 
     derName.data = NULL;
     derName.len = 0;
 
     cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, name);
     if (!cert) {
         CERTName *certName = NULL;
-        PRArenaPool *arena = NULL;
+        PLArenaPool *arena = NULL;
     
         certName = CERT_AsciiToName(name);
         if (certName) {
             arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
             if (arena) {
                 SECItem *nameItem = 
                     SEC_ASN1EncodeItem (arena, NULL, (void *)certName,
                                         SEC_ASN1_GET(CERT_NameTemplate));
@@ -88,17 +88,17 @@ static SECStatus DisplayCRL (CERTCertDBH
     return SECFailure;
 }
 
 static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls)
 {
     CERTCrlHeadNode *crlList = NULL;
     CERTCrlNode *crlNode = NULL;
     CERTName *name = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
 
     do {
 	arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
 	if (arena == NULL) {
 	    fprintf(stderr, "%s: fail to allocate memory\n", progName);
 	    break;
 	}
@@ -279,17 +279,17 @@ SECStatus ImportCRL (CERTCertDBHandle *c
         PK11_FreeSlot(slot);
     }
     return (rv);
 }
 
 SECStatus DumpCRL(PRFileDesc *inFile)
 {
     int rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedCrl *newCrl = NULL;
     
     SECItem crlDER;
     crlDER.data = NULL;
 
     /* Read in the entire file specified with the -f argument */
     rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
     if (rv != SECSuccess) {
@@ -357,25 +357,25 @@ FindSigningCert(CERTCertDBHandle *certHa
     if (certTemp)
         CERT_DestroyCertificate(certTemp);
     if (cert && rv != SECSuccess)
         CERT_DestroyCertificate(cert);
     return cert;
 }
 
 static CERTSignedCrl*
-CreateModifiedCRLCopy(PRArenaPool *arena, CERTCertDBHandle *certHandle,
+CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
                 CERTCertificate **cert, char *certNickName,
                 PRFileDesc *inFile, PRInt32 decodeOptions,
                 PRInt32 importOptions)
 {
     SECItem crlDER = {0, NULL, 0};
     CERTSignedCrl *signCrl = NULL;
     CERTSignedCrl *modCrl = NULL;
-    PRArenaPool *modArena = NULL;
+    PLArenaPool *modArena = NULL;
     SECStatus rv = SECSuccess;
 
     if (!arena || !certHandle || !certNickName) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         SECU_PrintError(progName, "CreateModifiedCRLCopy: invalid args\n");
         return NULL;
     }
 
@@ -459,17 +459,17 @@ CreateModifiedCRLCopy(PRArenaPool *arena
         SEC_DestroyCrl(signCrl);
         signCrl = NULL;
     }
     return signCrl;
 }
 
 
 static CERTSignedCrl*
-CreateNewCrl(PRArenaPool *arena, CERTCertDBHandle *certHandle,
+CreateNewCrl(PLArenaPool *arena, CERTCertDBHandle *certHandle,
              CERTCertificate *cert)
 { 
     CERTSignedCrl *signCrl = NULL;
     void *dummy = NULL;
     SECStatus rv;
     void* mark = NULL;
 
     /* if the CERTSignedCrl structure changes, this function will need to be
@@ -668,17 +668,17 @@ GenerateCRL (CERTCertDBHandle *certHandl
 	     PRFileDesc *inCrlInitFile,  PRFileDesc *inFile,
 	     char *outFileName, int ascii, char *slotName,
 	     PRInt32 importOptions, char *alg, PRBool quiet,
              PRInt32 decodeOptions, char *url, secuPWData *pwdata,
              int modifyFlag)
 {
     CERTCertificate *cert = NULL;
     CERTSignedCrl *signCrl = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
 
     if (alg) {
         hashAlgTag = SECU_StringToSignatureAlgTag(alg);
         if (hashAlgTag == SEC_OID_UNKNOWN) {
             SECU_PrintError(progName, "%s -Z:  %s is not a recognized type.\n",
                             progName, alg);
--- a/security/nss/cmd/crmf-cgi/crmfcgi.c
+++ b/security/nss/cmd/crmf-cgi/crmfcgi.c
@@ -275,17 +275,17 @@ dumpErrorMessage(ErrorCode errNum)
   }
   printf ("<i>More useful information here in the future.</i></body></html>");
 }
 
 ErrorCode
 initOldCertReq(CERTCertificateRequest *oldCertReq,
 	       CERTName *subject, CERTSubjectPublicKeyInfo *spki)
 {
-  PRArenaPool *poolp;
+  PLArenaPool *poolp;
 
   poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   SEC_ASN1EncodeInteger(poolp, &oldCertReq->version, 
 			SEC_CERTIFICATE_VERSION_3);
   CERT_CopyName(poolp, &oldCertReq->subject, subject);
   SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo,
 				  spki);
   oldCertReq->attributes = NULL;
@@ -489,17 +489,17 @@ createCMMFResponse(CertResponseInfo *iss
 		   CERTCertificate *issuerCert, char **base64der)
 {
  CMMFCertRepContent *certRepContent=NULL;
   ErrorCode rv = NO_ERROR;
   CMMFCertResponse **responses, *currResponse;
   CERTCertList *caList;
   int i;
   SECStatus srv;
-  PRArenaPool *poolp;
+  PLArenaPool *poolp;
   SECItem *der;
 
   certRepContent = CMMF_CreateCertRepContent();
   if (certRepContent == NULL) {
     rv = ERROR_CREATING_CERT_REP_CONTENT;
     goto loser;
   }
   responses = PORT_NewArray(CMMFCertResponse*, numCerts);
@@ -778,17 +778,17 @@ ErrorCode
 issueChallenge(CertResponseInfo *issuedCerts, int numCerts, 
 	       ChallengeCreationInfo *challInfo, int numChalls,
 	       CERTCertificate *issuer, CGIVarTable *varTable)
 {
   ErrorCode rv = NO_ERROR;
   CMMFPOPODecKeyChallContent *chalContent = NULL;
   int i;
   SECStatus srv;
-  PRArenaPool *poolp;
+  PLArenaPool *poolp;
   CERTGeneralName *genName;
   SECItem *challDER = NULL;
   char *chall64, *certRepContentDER;
 
   rv = createCMMFResponse(issuedCerts, numCerts, issuer, 
 			  &certRepContentDER);
   if (rv != NO_ERROR) {
     goto loser;
--- a/security/nss/cmd/crmftest/testcrmf.c
+++ b/security/nss/cmd/crmftest/testcrmf.c
@@ -1189,17 +1189,17 @@ DoKeyRecovery( SECKEYPrivateKey *privKey
 int
 DoChallengeResponse(SECKEYPrivateKey *privKey,
 		    SECKEYPublicKey *pubKey)
 {
     CMMFPOPODecKeyChallContent *chalContent = NULL;
     CMMFPOPODecKeyRespContent  *respContent = NULL;
     CERTCertificate            *myCert      = NULL;
     CERTGeneralName            *myGenName   = NULL;
-    PRArenaPool                *poolp       = NULL;
+    PLArenaPool                *poolp       = NULL;
     PRFileDesc                 *fileDesc;
     SECItem                    *publicValue;
     SECItem                    *keyID;
     SECKEYPrivateKey           *foundPrivKey;
     long                       *randomNums;
     int                         numChallengesFound   = 0;
     int                         numChallengesSet     = 1;
     int                         i;
--- a/security/nss/cmd/dbck/dbck.c
+++ b/security/nss/cmd/dbck/dbck.c
@@ -95,30 +95,30 @@ typedef struct certDBEntryListNodeStr  c
  * A list node for a cert db entry.  The index is a unique identifier
  * to use for creating generic maps of a db.  This struct handles
  * the cert, nickname, and smime db entry types, as all three have a
  * single handle to a subject entry.
  * This structure is pointed to by certDBEntryListNode->appData.
  */
 typedef struct 
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int index;
     certDBEntryListNode *pSubject;
 } certDBEntryMap;
 
 /*
  * Subject entry is special case, it has bidirectional handles.  One
  * subject entry can point to several certs (using the same DN), and
  * a nickname and/or smime entry.
  * This structure is pointed to by certDBEntryListNode->appData.
  */
 typedef struct
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int index;
     int numCerts;
     certDBEntryListNode **pCerts;
     certDBEntryListNode *pNickname;
     certDBEntryListNode *pSMime;
 } certDBSubjectEntryMap;
 
 /*
@@ -251,17 +251,17 @@ dumpCertificate(CERTCertificate *cert, i
     PR_fprintf(outfile, "----------------\n");
     if (userCert)
 	PR_fprintf(outfile, "(User Cert)\n");
     PR_fprintf(outfile, "## SUBJECT:  %s\n", cert->subjectName);
     PR_fprintf(outfile, "## ISSUER:  %s\n", cert->issuerName);
     PR_fprintf(outfile, "## SERIAL NUMBER:  ");
     printHexString(outfile, &cert->serialNumber);
     {  /*  XXX should be separate function.  */
-	int64 timeBefore, timeAfter;
+	PRTime timeBefore, timeAfter;
 	PRExplodedTime beforePrintable, afterPrintable;
 	char *beforestr, *afterstr;
 	DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
 	DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
 	PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
 	PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
 	beforestr = PORT_Alloc(100);
 	afterstr = PORT_Alloc(100);
@@ -355,17 +355,17 @@ dumpSMimeEntry(certDBEntrySMime *entry, 
 SECStatus
 mapCertEntries(certDBArray *dbArray)
 {
     certDBEntryCert *certEntry;
     certDBEntrySubject *subjectEntry;
     certDBEntryListNode *certNode, *subjNode;
     certDBSubjectEntryMap *smap;
     certDBEntryMap *map;
-    PRArenaPool *tmparena;
+    PLArenaPool *tmparena;
     SECItem derSubject;
     SECItem certKey;
     PRCList *cElem, *sElem;
 
     /* Arena for decoded entries */
     tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (tmparena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -919,17 +919,17 @@ SEC_GetCertDBEntryList(SECItem *dbdata, 
 int
 fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, 
                  certDBEntryListNode *list)
 {
     PRCList *elem;
     certDBEntryListNode *node;
     certDBEntryMap *mnode;
     certDBSubjectEntryMap *smnode;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int count = 0;
 
     /* Initialize a dummy entry in the list.  The list head will be the
      * next element, so this element is skipped by for loops.
      */
     PR_INIT_CLIST((PRCList *)list);
     /* Collect all of the cert db entries for this type into a list. */
     nsslowcert_TraverseDBEntries(handle, type, SEC_GetCertDBEntryList, list);
--- a/security/nss/cmd/dbck/dbrecover.c
+++ b/security/nss/cmd/dbck/dbrecover.c
@@ -169,17 +169,17 @@ getCertsToDelete(char *numlist, int len,
     }
 }
 
 PRBool
 userSaysDeleteCert(CERTCertificate **certs, int nCerts,
                    int errtype, dbRestoreInfo *info, int *certNums)
 {
     char response[32];
-    int32 nb;
+    PRInt32 nb;
     int i;
     /*  User wants to remove cert without prompting.  */
     if (info->promptUser[errtype] == PR_FALSE)
 	return (info->removeType[errtype]);
     switch (errtype) {
     case dbInvalidCert:
 	PR_fprintf(PR_STDOUT, "********  Expired ********\n");
 	PR_fprintf(PR_STDOUT, "Cert has expired.\n\n");
--- a/security/nss/cmd/derdump/derdump.c
+++ b/security/nss/cmd/derdump/derdump.c
@@ -29,17 +29,17 @@ static void Usage(char *progName)
 
 int main(int argc, char **argv)
 {
     char *progName;
     FILE *outFile;
     PRFileDesc *inFile;
     SECItem der;
     SECStatus rv;
-    int16 xp_error;
+    PRInt16 xp_error;
     PRBool raw = PR_FALSE;
     PLOptState *optstate;
     PLOptStatus status;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
 
     /* Parse command line arguments */
--- a/security/nss/cmd/ecperf/ecperf.c
+++ b/security/nss/cmd/ecperf/ecperf.c
@@ -299,17 +299,17 @@ M_TimeOperation(void (*threadFunc)(void 
 
 /*
  * Initializes a SECItem from a hexadecimal string
  *
  * Warning: This function ignores leading 00's, so any leading 00's
  * in the hexadecimal string must be optional.
  */
 static SECItem *
-hexString2SECItem(PRArenaPool *arena, SECItem *item, const char *str)
+hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
 {
     int i = 0;
     int byteval = 0;
     int tmp = PORT_Strlen(str);
 
     if ((tmp % 2) != 0) return NULL;
     
     /* skip leading 00's unless the hex string is "00" */
--- a/security/nss/cmd/fipstest/fipstest.c
+++ b/security/nss/cmd/fipstest/fipstest.c
@@ -21,17 +21,17 @@
 #if 0
 #include "../../lib/freebl/mpi/mpi.h"
 #endif
 
 #ifdef NSS_ENABLE_ECC
 extern SECStatus
 EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
 extern SECStatus
-EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
               const ECParams *srcParams);
 #endif
 
 #define ENCRYPT 1
 #define DECRYPT 0
 #define BYTE unsigned char
 #define DEFAULT_RSA_PUBLIC_EXPONENT   0x10001
 #define RSA_MAX_TEST_MODULUS_BITS     4096
@@ -3306,29 +3306,29 @@ fips_hashOid(HASH_HashType type)
 
 HASH_HashType
 sha_get_hashType(int hashbits)
 {
     HASH_HashType hashType = HASH_AlgNULL;
 
     switch (hashbits) {
     case 1:
-    case (SHA1_LENGTH*BITS_PER_BYTE): 
+    case (SHA1_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA1;
 	break;
-    case (SHA224_LENGTH*BITS_PER_BYTE): 
+    case (SHA224_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA224;
 	break;
-    case (SHA256_LENGTH*BITS_PER_BYTE): 
+    case (SHA256_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA256;
 	break;
-    case (SHA384_LENGTH*BITS_PER_BYTE): 
+    case (SHA384_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA384;
 	break;
-    case (SHA512_LENGTH*BITS_PER_BYTE): 
+    case (SHA512_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA512;
 	break;
     default:
 	break;
     }
     return hashType;
 }
 
@@ -3337,17 +3337,17 @@ sha_get_hashType(int hashbits)
  *
  * MD = Message digest 
  * MDLen = length of Message Digest and SHA_Type
  * msg = message to digest 
  * msgLen = length of message to digest
  */
 SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen) 
 {    
-    HASH_HashType  hashType = sha_get_hashType(MDLen*BITS_PER_BYTE);
+    HASH_HashType  hashType = sha_get_hashType(MDLen*PR_BITS_PER_BYTE);
 
     return fips_hashBuf(hashType, MD, msg, msgLen);
 }
 
 /*
  * Perform the SHA Monte Carlo Test
  *
  * MDLen = length of Message Digest and SHA_Type
@@ -3656,17 +3656,17 @@ void hmac_test(char *reqfn)
         if (buf[0] == '[') {
             if (strncmp(&buf[1], "L ", 1) == 0) {
                 i = 2;
                 while (isspace(buf[i]) || buf[i] == '=') {
                     i++;
                 }
                 /* HMACLen will get reused for Tlen */
                 HMACLen = atoi(&buf[i]);
-		hash_alg = sha_get_hashType(HMACLen*BITS_PER_BYTE);
+		hash_alg = sha_get_hashType(HMACLen*PR_BITS_PER_BYTE);
 		if (hash_alg == HASH_AlgNULL) {
 		    goto loser;
 		}
                 fputs(buf, resp);
                 continue;
             }
         }
         /* Count = test iteration number*/
--- a/security/nss/cmd/lib/berparse.c
+++ b/security/nss/cmd/lib/berparse.c
@@ -13,18 +13,18 @@ typedef unsigned char Byte;
 typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len);
 typedef struct {
     SECArb arb;
     int pos;			/* length from global start to item start */
     SECArb *parent;
 } ParseStackElem;
 
 struct BERParseStr {
-    PRArenaPool *his;
-    PRArenaPool *mine;
+    PLArenaPool *his;
+    PLArenaPool *mine;
     ParseProc proc;
     int stackDepth;
     ParseStackElem *stackPtr;
     ParseStackElem *stack;
     int pending;		/* bytes remaining to complete this part */
     int pos;			/* running length of consumed characters */
     ParseState state;
     PRBool keepLeaves;
@@ -294,20 +294,20 @@ SECStatus BER_ParseSome(BERParse *h, uns
 		    h->stackPtr = parent;
 		}
 	    }
 
 	}
     }
     return PR_FALSE;
 }
-BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly)
+BERParse *BER_ParseInit(PLArenaPool *arena, PRBool derOnly)
 {
     BERParse *h;
-    PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (temp == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
     h = PORT_ArenaAlloc(temp, sizeof(BERParse));
     if (h == NULL) {
 	PORT_FreeArena(temp, PR_FALSE);
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -327,17 +327,17 @@ BERParse *BER_ParseInit(PRArenaPool *are
     h->after = NULL;
     h->filter = NULL;
     h->derOnly = derOnly;
     return h;
 }
 
 SECArb *BER_ParseFini(BERParse *h)
 {
-    PRArenaPool *myArena = h->mine;
+    PLArenaPool *myArena = h->mine;
     SECArb *arb;
 
     if (h->state != parseComplete) {
 	arb = NULL;
     } else {
 	arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
 	*arb = h->stackPtr->arb;
     }
--- a/security/nss/cmd/lib/pppolicy.c
+++ b/security/nss/cmd/lib/pppolicy.c
@@ -54,17 +54,17 @@ static const SEC_ASN1Template secu_Certi
 	  offsetof(CERTCertificatePolicies, policyInfos),
 	  secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies)  }
 };
 
 
 static CERTCertificatePolicies *
 secu_DecodeCertificatePoliciesExtension(SECItem *extnValue)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTCertificatePolicies *policies;
     CERTPolicyInfo **policyInfos, *policyInfo;
     CERTPolicyQualifier **policyQualifiers, *policyQualifier;
     SECItem newExtnValue;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -689,17 +689,17 @@ secu_PrintTime(FILE *out, const PRTime t
 /*
  * Format and print the UTC Time "t".  If the tag message "m" is not NULL,
  * do indent formatting based on "level" and add a newline afterward;
  * otherwise just print the formatted time string only.
  */
 void
 SECU_PrintUTCTime(FILE *out, const SECItem *t, const char *m, int level)
 {
-    int64 time;
+    PRTime time;
     SECStatus rv;
 
     rv = DER_UTCTimeToTime(&time, t);
     if (rv != SECSuccess)
 	return;
 
     secu_PrintTime(out, time, m, level);
 }
@@ -707,17 +707,17 @@ SECU_PrintUTCTime(FILE *out, const SECIt
 /*
  * Format and print the Generalized Time "t".  If the tag message "m"
  * is not NULL, * do indent formatting based on "level" and add a newline
  * afterward; otherwise just print the formatted time string only.
  */
 void
 SECU_PrintGeneralizedTime(FILE *out, const SECItem *t, const char *m, int level)
 {
-    int64 time;
+    PRTime time;
     SECStatus rv;
 
 
     rv = DER_GeneralizedTimeToTime(&time, t);
     if (rv != SECSuccess)
 	return;
 
     secu_PrintTime(out, time, m, level);
@@ -1127,17 +1127,17 @@ const SEC_ASN1Template secuPBEV2Params[]
     { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
         SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
     { 0 }
 };
 
 void
 secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     SECKEYRSAPSSParams param;
     SECAlgorithmID maskHashAlg;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
@@ -1191,17 +1191,17 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
 	fprintf(out, "Invalid RSA-PSS parameters\n");
     }
     PORT_FreeArena(pool, PR_FALSE);
 }
 
 void
 secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     secuPBEParams param;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
 
@@ -1221,17 +1221,17 @@ secu_PrintKDF2Params(FILE *out, SECItem 
 	SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF algorithm", level+1);
     }
     PORT_FreeArena(pool, PR_FALSE);
 }
 
 void
 secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     secuPBEParams param;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
 
@@ -1248,17 +1248,17 @@ secu_PrintPKCS5V2Params(FILE *out, SECIt
 	SECU_PrintAlgorithmID(out, &param.cipherAlg, "Cipher", level+1);
     }
     PORT_FreeArena(pool, PR_FALSE);
 }
 
 void
 secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     secuPBEParams param;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
 
@@ -1396,17 +1396,17 @@ SECU_PrintDSAPublicKey(FILE *out, SECKEY
     SECU_Indent(out, level); fprintf(out, "%s:\n", m);
     SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
     SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
     SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
     SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
 }
 
 static void
-secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
+secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
 		       CERTSubjectPublicKeyInfo *i,  char *msg, int level)
 {
     SECKEYPublicKey *pk;
 
     SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
     SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
 
     pk = SECKEY_ExtractPublicKey(i);
@@ -1446,17 +1446,17 @@ loser:
 	}
     }
 }
 
 int
 SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
                                  int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCertificate *c;
     int rv = SEC_ERROR_NO_MEMORY;
     char *derIssuerB64;
     char *derSerialB64;
     
     if (!arena)
         return rv;
 
@@ -1503,17 +1503,17 @@ loser:
     return rv;
 }
 
 static SECStatus
 secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
 {
     SECItem decodedValue;
     SECStatus rv;
-    int64 invalidTime;
+    PRTime invalidTime;
     char *formattedTime = NULL;
 
     decodedValue.data = NULL;
     rv = SEC_ASN1DecodeItem (NULL, &decodedValue, 
 			    SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
 			    value);
     if (rv == SECSuccess) {
 	rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
@@ -2187,17 +2187,17 @@ SECU_PrintCertNickname(CERTCertListNode 
 
     return (SECSuccess);
 }
 
 int
 SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
 {
     CERTCertExtension **extensions = NULL;
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     int rv = 0;
 
     if (!arena) 
 	return SEC_ERROR_NO_MEMORY;
 
     rv = SEC_QuickDERDecodeItem(arena, &extensions, 
 		   SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
     if (!rv)
@@ -2261,17 +2261,17 @@ SECU_PrintCertAttributes(FILE *out, CERT
     	attrs++;
     }
     return rv;
 }
 
 int  /* sometimes a PRErrorCode, other times a SECStatus.  Sigh. */
 SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCertificateRequest *cr;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena) 
 	return rv;
 
     /* Decode certificate request */
     cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
@@ -2295,17 +2295,17 @@ SECU_PrintCertificateRequest(FILE *out, 
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 int
 SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCertificate *c;
     int rv = SEC_ERROR_NO_MEMORY;
     int iv;
     
     if (!arena)
 	return rv;
 
     /* Decode certificate */
@@ -2341,17 +2341,17 @@ SECU_PrintCertificate(FILE *out, const S
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 int
 SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     int          rv    = SEC_ERROR_NO_MEMORY;
     CERTSubjectPublicKeyInfo spki;
 
     if (!arena)
 	return rv;
 
     PORT_Memset(&spki, 0, sizeof spki);
     rv = SEC_ASN1DecodeItem(arena, &spki, 
@@ -2368,17 +2368,17 @@ SECU_PrintSubjectPublicKeyInfo(FILE *out
     PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 #ifdef HAVE_EPV_TEMPLATE
 int
 SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECKEYEncryptedPrivateKeyInfo key;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
 	return rv;
 
     PORT_Memset(&key, 0, sizeof(key));
     rv = SEC_ASN1DecodeItem(arena, &key, 
@@ -2790,17 +2790,17 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *
     }  
 
     return 0;
 }
 
 int
 SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCrl *c = NULL;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
     	return rv;
     do {
 	/* Decode CRL */
 	c = PORT_ArenaZNew(arena, CERTCrl);
@@ -2983,17 +2983,17 @@ SECU_PrintTrustFlags(FILE *out, CERTCert
     SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
     printFlags(out, trust->emailFlags, level+2);
     SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
     printFlags(out, trust->objectSigningFlags, level+2);
 }
 
 int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTName *name;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
 	return rv;
 
     name = PORT_ArenaZNew(arena, CERTName);
     if (!name)
@@ -3014,17 +3014,17 @@ typedef enum  {
     withSignature = 1
 } SignatureOptionType;
 
 static int
 secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m,
 			   int level, SECU_PPFunc inner,
                            SignatureOptionType withSignature)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTSignedData *sd;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
 	return rv;
 
     /* Strip off the signature */
     sd = PORT_ArenaZNew(arena, CERTSignedData);
@@ -3277,17 +3277,17 @@ SECU_StoreCRL(PK11SlotInfo *slot, SECIte
 
 SECStatus
 SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
                       SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode)
 {
     SECItem der;
     SECKEYPrivateKey *caPrivateKey = NULL;    
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECOidTag algID;
     void *dummy;
 
     PORT_Assert(issuer != NULL && signCrl != NULL);
     if (!issuer || !signCrl) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -3355,17 +3355,17 @@ done:
         SECKEY_DestroyPrivateKey(caPrivateKey);
     }
     return rv;
 }
 
 
 
 SECStatus
-SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
+SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
 {
     void *dummy;
     SECStatus rv = SECSuccess;
     SECItem der;
 
     PORT_Assert(destArena && srcCrl && destCrl);
     if (!destArena || !srcCrl || !destCrl) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -3387,17 +3387,17 @@ SECU_CopyCRL(PRArenaPool *destArena, CER
     }
     
     destCrl->arena = destArena;
 
     return rv;
 }
 
 SECStatus
-SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
+SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
                     unsigned char *buf, int len, SECKEYPrivateKey *pk,
                     SECOidTag algID)
 {
     SECItem it;
     SECStatus rv;
 
     it.data = 0;
 
@@ -3425,17 +3425,17 @@ SECU_DerSignDataCRL(PRArenaPool *arena, 
     return rv;
 }
 
 #if 0
 
 /* we need access to the private function cert_FindExtension for this code to work */
 
 CERTAuthKeyID *
-SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *scrl)
+SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *scrl)
 {
     SECItem encodedExtenValue;
     SECStatus rv;
     CERTAuthKeyID *ret;
     CERTCrl* crl;
 
     if (!scrl) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -3503,17 +3503,17 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbh
         CERT_DestroyCertList(certList);
     }
     return(issuerCert);
 }
 
 
 /* Encodes and adds extensions to the CRL or CRL entries. */
 SECStatus 
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, 
+SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle, 
                                 void *value, PRBool criticality, int extenType, 
                                 EXTEN_EXT_VALUE_ENCODER EncodeValueFn)
 {
     SECItem encodedValue;
     SECStatus rv;
 
     encodedValue.data = NULL;
     encodedValue.len = 0;
--- a/security/nss/cmd/makepqg/makepqg.c
+++ b/security/nss/cmd/makepqg/makepqg.c
@@ -49,17 +49,17 @@ Usage(void)
     exit(-1);
 
 }
 
 SECStatus
 outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw,
                 FILE * outFile)
 {
-    PRArenaPool   * arena 		= NULL;
+    PLArenaPool   * arena 		= NULL;
     char          * PQG;
     SECItem       * pItem;
     int             cc;
     SECStatus       rv;
     SECItem         encodedParams;
 
     if (output_raw) {
     	SECItem item;
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -42,17 +42,17 @@ DIRS = lib  \
  pkix-errcodes \
  pp  \
  pwdecrypt \
  rsaperf \
  sdrtest \
  selfserv  \
  signtool \
  signver \
- shlibsign \
+ $(SHLIBSIGN_SRCDIR) \
  smimetools  \
  ssltap  \
  strsclnt \
  symkeyutil \
  tests \
  tstclnt  \
  vfychain \
  vfyserv \
--- a/security/nss/cmd/ocspclnt/ocspclnt.c
+++ b/security/nss/cmd/ocspclnt/ocspclnt.c
@@ -249,17 +249,17 @@ loser:
  */
 static SECStatus
 create_request (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
 		PRBool add_service_locator, PRBool add_acceptable_responses)
 {
     CERTCertList *certs = NULL;
     CERTCertificate *myCert = NULL;
     CERTOCSPRequest *request = NULL;
-    int64 now = PR_Now();
+    PRTime now = PR_Now();
     SECItem *encoding = NULL;
     SECStatus rv = SECFailure;
 
     if (handle == NULL || cert == NULL)
 	return rv;
 
     myCert = CERT_DupCertificate(cert);
     if (myCert == NULL)
@@ -324,17 +324,17 @@ loser:
  */
 static SECStatus
 dump_response (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
 	       const char *responder_url)
 {
     CERTCertList *certs = NULL;
     CERTCertificate *myCert = NULL;
     char *loc = NULL;
-    int64 now = PR_Now();
+    PRTime now = PR_Now();
     SECItem *response = NULL;
     SECStatus rv = SECFailure;
     PRBool includeServiceLocator;
 
     if (handle == NULL || cert == NULL)
 	return rv;
 
     myCert = CERT_DupCertificate(cert);
@@ -395,17 +395,17 @@ loser:
 
 /*
  * Get the status for the specified certificate (whose nickname is "cert_name").
  * Directly use the OCSP function rather than doing a full verification.
  */
 static SECStatus
 get_cert_status (FILE *out_file, CERTCertDBHandle *handle,
 		 CERTCertificate *cert, const char *cert_name,
-                 int64 verify_time)
+		 PRTime verify_time)
 {
     SECStatus rv = SECFailure;
 
     if (handle == NULL || cert == NULL)
 	goto loser;
 
     rv = CERT_CheckOCSPStatus (handle, cert, verify_time, NULL);
 
@@ -431,17 +431,17 @@ loser:
 
 /*
  * Verify the specified certificate (whose nickname is "cert_name").
  * OCSP is already turned on, so we just need to call the standard
  * certificate verification API and let it do all the work.
  */
 static SECStatus
 verify_cert (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
-	     const char *cert_name, SECCertUsage cert_usage, int64 verify_time)
+	     const char *cert_name, SECCertUsage cert_usage, PRTime verify_time)
 {
     SECStatus rv = SECFailure;
 
     if (handle == NULL || cert == NULL)
 	return rv;
 
     rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time,
 			  NULL, NULL);
@@ -960,17 +960,17 @@ main (int argc, char **argv)
     const char	*db_dir, *date_str, *cert_usage_str, *name;
     const char	*responder_name, *responder_url, *signer_name;
     PRBool	 add_acceptable_responses, add_service_locator;
     SECItem	*data = NULL;
     PLOptState	*optstate;
     SECStatus	 rv;
     CERTCertDBHandle *handle = NULL;
     SECCertUsage cert_usage;
-    int64	 verify_time;
+    PRTime	 verify_time;
     CERTCertificate *cert = NULL;
     PRBool ascii = PR_FALSE;
 
     retval = -1;		/* what we return/exit with on error */
 
     program_name = PL_strrchr(argv[0], '/');
     program_name = program_name ? (program_name + 1) : argv[0];
 
--- a/security/nss/cmd/ocspresp/ocspresp.c
+++ b/security/nss/cmd/ocspresp/ocspresp.c
@@ -31,17 +31,17 @@ getCaAndSubjectCert(CERTCertDBHandle *ce
                     CERTCertificate **outCA, CERTCertificate **outCert)
 {
     *outCA = CERT_FindCertByNickname(certHandle, caNick);
     *outCert = CERT_FindCertByNickname(certHandle, eeNick);
     return *outCA && *outCert;
 }
 
 static SECItem *
-encode(PRArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
+encode(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
 {
     SECItem *response;
     PRTime now = PR_Now();
     PRTime nextUpdate;
     CERTOCSPSingleResponse **responses;
     CERTOCSPSingleResponse *sr;
 
     if (!arena)
@@ -61,17 +61,17 @@ encode(PRArenaPool *arena, CERTOCSPCertI
     
     response = CERT_CreateEncodedOCSPSuccessResponse(
         arena, ca, ocspResponderID_byName, now, responses, &pwdata);
 
     return response;
 }
 
 static SECItem *
-encodeRevoked(PRArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
+encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
 {
     SECItem *response;
     PRTime now = PR_Now();
     PRTime revocationTime;
     CERTOCSPSingleResponse **responses;
     CERTOCSPSingleResponse *sr;
 
     if (!arena)
@@ -119,17 +119,17 @@ int Usage(void)
 int
 main(int argc, char **argv)
 {
     SECStatus rv;
     int retval = -1;
     CERTCertDBHandle *certHandle = NULL;
     CERTCertificate *caCert = NULL, *cert = NULL;
     CERTOCSPCertID *cid = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     PRTime now = PR_Now();
     
     SECItem *encoded = NULL;
     CERTOCSPResponse *decoded = NULL;
     SECStatus statusDecoded;
 
     SECItem *encodedRev = NULL;
     CERTOCSPResponse *decodedRev = NULL;
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -239,17 +239,17 @@ p12u_ucs2_ascii_conversion_function(PRBo
 	}
 	printf("\n");
     }
 #endif
     return ret;
 }
 
 SECStatus
-P12U_UnicodeConversion(PRArenaPool *arena, SECItem *dest, SECItem *src,
+P12U_UnicodeConversion(PLArenaPool *arena, SECItem *dest, SECItem *src,
 		       PRBool toUnicode, PRBool swapBytes)
 {
     unsigned int allocLen;
     if(!dest || !src) {
 	return SECFailure;
     }
     allocLen = ((toUnicode) ? (src->len << 2) : src->len);
     if(arena) {
@@ -553,17 +553,17 @@ p12u_WriteToExportFile(void *arg, const 
     }
 
     if(p12cxt->file == NULL) {
 	p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
 	p12cxt->error = PR_TRUE;
 	return;
     }
 
-    writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (int32)len);
+    writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (PRInt32)len);
 
     if(writeLen != (int)len) {
 	PR_Close(p12cxt->file);
 	PL_strfree(p12cxt->filename);
 	p12cxt->filename = NULL;
 	p12cxt->file = NULL;
 	p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
 	p12cxt->error = PR_TRUE;
--- a/security/nss/cmd/pk1sign/pk1sign.c
+++ b/security/nss/cmd/pk1sign/pk1sign.c
@@ -103,17 +103,17 @@ ExportPublicKey(FILE *outFile, CERTCerti
 static int
 SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert)
 {
     SECItem data2sign;
     SECStatus rv;
     char *data;
     SECKEYPrivateKey *privKey;
     SECOidTag algID;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     SECItem *result;
 
     if (outFile == NULL || inFile == NULL || cert == NULL)
         return -1;
 
     /* suck the file in */
     if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE) != SECSuccess)
--- a/security/nss/cmd/platlibs.mk
+++ b/security/nss/cmd/platlibs.mk
@@ -31,21 +31,23 @@ DBMLIB = $(NULL)
 else
 DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) 
 endif
 
 ifdef USE_STATIC_LIBS
 
 DEFINES += -DNSS_USE_STATIC_LIBS
 # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-ifndef USE_SYSTEM_FREEBL
+ifndef NSS_USE_SYSTEM_FREEBL
 CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
 SOFTOKENLIB=$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
 else
-# Use the system freebl and softoken libraries
+# Use the system installed freebl static library and set softoken one to empty.
+# Some tools need to link statically with freebl but none with softoken. Only
+# the softoken shared library, not the static one, is installed in the system.
 CRYPTOLIB=$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
 SOFTOKENLIB=
 EXTRA_SHARED_LIBS += \
 	-L$(SOFTOKEN_LIB_DIR) \
 	-lsoftokn3 \
 	$(NULL)
 endif
 
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -1061,17 +1061,17 @@ reload_crl(PRFileDesc *crlFile)
 void stop_server()
 {
     stopping = 1;
     PR_Interrupt(acceptorThread);
     PZ_TraceFlush();
 }
 
 SECItemArray *
-makeTryLaterOCSPResponse(PRArenaPool *arena)
+makeTryLaterOCSPResponse(PLArenaPool *arena)
 {
     SECItemArray *result = NULL;
     SECItem *ocspResponse = NULL;
 
     ocspResponse = CERT_CreateEncodedOCSPErrorResponse(arena,
 					SEC_ERROR_OCSP_TRY_SERVER_LATER);
     if (!ocspResponse)
 	errExit("cannot created ocspResponse");
@@ -1082,17 +1082,17 @@ makeTryLaterOCSPResponse(PRArenaPool *ar
 
     result->items[0].data = ocspResponse->data;
     result->items[0].len = ocspResponse->len;
 
     return result;
 }
 
 SECItemArray *
-makeCorruptedOCSPResponse(PRArenaPool *arena)
+makeCorruptedOCSPResponse(PLArenaPool *arena)
 {
     SECItemArray *result = NULL;
     SECItem *ocspResponse = NULL;
 
     ocspResponse = SECITEM_AllocItem(arena, NULL, 1);
     if (!ocspResponse)
 	errExit("cannot created ocspResponse");
 
@@ -1102,17 +1102,17 @@ makeCorruptedOCSPResponse(PRArenaPool *a
 
     result->items[0].data = ocspResponse->data;
     result->items[0].len = ocspResponse->len;
 
     return result;
 }
 
 SECItemArray *
-makeSignedOCSPResponse(PRArenaPool *arena, ocspStaplingModeType osm,
+makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
 		       PRFileDesc *model_sock, CERTCertificate *cert)
 {
     SECItemArray *result = NULL;
     SECItem *ocspResponse = NULL;
     CERTOCSPSingleResponse **singleResponses;
     CERTOCSPSingleResponse *sr;
     CERTOCSPCertID *cid = NULL;
     CERTCertificate *ca;
@@ -1211,17 +1211,17 @@ handle_connection(
     int                numIOVs;
     PRSocketOptionData opt;
     PRIOVec            iovs[16];
     char               msgBuf[160];
     char               buf[10240];
     char               fileName[513];
     char               proto[128];
     PRDescIdentity     aboveLayer = PR_INVALID_IO_LAYER;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     ocspStaplingModeType osm;
 
     pBuf   = buf;
     bufRem = sizeof buf;
 
     VLOG(("selfserv: handle_connection: starting"));
     opt.option             = PR_SockOpt_Nonblocking;
     opt.value.non_blocking = PR_FALSE;
--- a/security/nss/cmd/signver/pk7print.c
+++ b/security/nss/cmd/signver/pk7print.c
@@ -72,17 +72,17 @@ sv_PrintInteger(FILE *out, SECItem *i, c
     }
 }
 
 
 int
 sv_PrintTime(FILE *out, SECItem *t, char *m)
 {
     PRExplodedTime printableTime; 
-    int64 time;
+    PRTime time;
     char *timeString;
     int rv;
 
     rv = DER_DecodeTimeChoice(&time, t);
     if (rv) return rv;
 
     /* Convert to local time */
     PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime);
@@ -309,17 +309,17 @@ sv_PrintDSAPublicKey(FILE *out, SECKEYPu
     sv_PrintInteger(out, &pk->u.dsa.params.subPrime, "subprime=");
     fprintf(out, "%s", m);
     sv_PrintInteger(out, &pk->u.dsa.params.base, "base=");
     fprintf(out, "%s", m);
     sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue=");
 }
 
 int
-sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
+sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
                              CERTSubjectPublicKeyInfo *i,  char *msg)
 {
     SECKEYPublicKey *pk;
     int rv;
     char mm[200];
 
     sprintf(mm, "%s.publicKeyAlgorithm=", msg);
     sv_PrintAlgorithmID(out, &i->algorithm, mm);
@@ -353,17 +353,17 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, 
     return 0;
 }
 
 SECStatus
 sv_PrintInvalidDateExten  (FILE *out, SECItem *value, char *msg)
 {
     SECItem decodedValue;
     SECStatus rv;
-    int64 invalidTime;
+    PRTime invalidTime;
     char *formattedTime = NULL;
 
     decodedValue.data = NULL;
     rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
                              SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
                              value);
     if (rv == SECSuccess) {
         rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
@@ -449,17 +449,17 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl,
     sprintf(om, "%ssignedCRLEntriesExtensions.", m); 
     sv_PrintExtensions(out, crl->extensions, om);
 }
 
 
 int
 sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTCertificate *c;
     int rv;
     int iv;
     char mm[200];
     
     /* Decode certificate */
     c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate));
     if (!c) return PORT_GetError();
@@ -498,17 +498,17 @@ sv_PrintCertificate(FILE *out, SECItem *
     
     PORT_FreeArena(arena, PR_FALSE);
     return 0;
 }
 
 int
 sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedData *sd;
     int rv;
 
     /* Strip off the signature */
     sd = (CERTSignedData*) PORT_ZAlloc(sizeof(CERTSignedData));
     if (!sd) return PORT_GetError();
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -1249,21 +1249,16 @@ int main(int argc, char **argv)
 		}
 		FPRINTF(stderr,
 		        "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
 			progName, pollset[SSOCK_FD].out_flags);
 		if (filesReady == 0) {	/* shouldn't happen! */
 		    FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
 		    return 1;
 		}
-		/* Must milliPause between PR_Poll and PR_GetConnectStatus,
-		 * Or else winsock gets mighty confused.
-		 * Sleep(0);
-		 */
-		milliPause(1);
 		status = PR_GetConnectStatus(pollset);
 		if (status == PR_SUCCESS) {
 		    break;
 		}
 		if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
 		    SECU_PrintError(progName, "unable to connect (poll)");
 		    return 1;
 		}
--- a/security/nss/cmd/vfychain/vfychain.c
+++ b/security/nss/cmd/vfychain/vfychain.c
@@ -227,33 +227,33 @@ getCert(const char *name, PRBool isAscii
 #define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
 #define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR     "ignoreDefaultSrc"
 #define REVCONFIG_METHOD_REQUIREINFO_STR          "requireInfo"
 #define REVCONFIG_METHOD_FAILIFNOINFO_STR         "failIfNoInfo" 
 
 #define REV_METHOD_INDEX_MAX  4
 
 typedef struct RevMethodsStruct {
-    uint testType;
+    unsigned int testType;
     char *testTypeStr;
-    uint testFlags;
+    unsigned int testFlags;
     char *testFlagsStr;
-    uint methodType;
+    unsigned int methodType;
     char *methodTypeStr;
-    uint methodFlags;
+    unsigned int methodFlags;
     char *methodFlagsStr;
 } RevMethods;
 
 RevMethods revMethodsData[REV_METHOD_INDEX_MAX];
 
 SECStatus
 parseRevMethodsAndFlags()
 {
     int i;
-    uint testType = 0;
+    unsigned int testType = 0;
 
     for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
         /* testType */
         if (revMethodsData[i].testTypeStr) {
             char *typeStr = revMethodsData[i].testTypeStr;
 
             testType = 0;
             if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_LEAF_STR)) {
@@ -264,30 +264,30 @@ parseRevMethodsAndFlags()
         }
         if (!testType) {
             return SECFailure;
         }
         revMethodsData[i].testType = testType;
         /* testFlags */
         if (revMethodsData[i].testFlagsStr) {
             char *flagStr = revMethodsData[i].testFlagsStr;
-            uint testFlags = 0;
+            unsigned int testFlags = 0;
 
             if (PORT_Strstr(flagStr, REVCONFIG_TEST_TESTLOCALINFOFIRST_STR)) {
                 testFlags |= CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
             } 
             if (PORT_Strstr(flagStr, REVCONFIG_TEST_REQUIREFRESHINFO_STR)) {
                 testFlags |= CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
             }
             revMethodsData[i].testFlags = testFlags;
         }
         /* method type */
         if (revMethodsData[i].methodTypeStr) {
             char *methodStr = revMethodsData[i].methodTypeStr;
-            uint methodType = 0;
+            unsigned int methodType = 0;
             
             if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_CRL_STR)) {
                 methodType = REVCONFIG_METHOD_CRL;
             } else if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_OCSP_STR)) {
                 methodType = REVCONFIG_METHOD_OCSP;
             }
             if (!methodType) {
                 return SECFailure;
@@ -296,17 +296,17 @@ parseRevMethodsAndFlags()
         }
         if (!revMethodsData[i].methodType) {
             revMethodsData[i].testType = REVCONFIG_TEST_UNDEFINED;
             continue;
         }
         /* method flags */
         if (revMethodsData[i].methodFlagsStr) {
             char *flagStr = revMethodsData[i].methodFlagsStr;
-            uint methodFlags = 0;
+            unsigned int methodFlags = 0;
 
             if (!PORT_Strstr(flagStr, REVCONFIG_METHOD_DONOTUSEMETHOD_STR)) {
                 methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
             } 
             if (PORT_Strstr(flagStr,
                             REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR)) {
                 methodFlags |= CERT_REV_M_FORBID_NETWORK_FETCHING;
             }
@@ -326,17 +326,17 @@ parseRevMethodsAndFlags()
     }
     return SECSuccess;
 }
 
 SECStatus
 configureRevocationParams(CERTRevocationFlags *flags)
 {
    int i;
-   uint testType = REVCONFIG_TEST_UNDEFINED;
+   unsigned int testType = REVCONFIG_TEST_UNDEFINED;
    static CERTRevocationTests *revTests = NULL;
    PRUint64 *revFlags;
 
    for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
        if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
            continue;
        }
        if (revMethodsData[i].testType != testType) {
@@ -606,17 +606,17 @@ breakout:
                 static CERTValInParam cvin[7];
                 SECOidTag oidTag;
                 int inParamIndex = 0;
                 static PRUint64 revFlagsLeaf[2];
                 static PRUint64 revFlagsChain[2];
                 static CERTRevocationFlags rev;
                 
                 if (oidStr) {
-                    PRArenaPool *arena;
+                    PLArenaPool *arena;
                     SECOidData od;
                     memset(&od, 0, sizeof od);
                     od.offset = SEC_OID_UNKNOWN;
                     od.desc = "User Defined Policy OID";
                     od.mechanism = CKM_INVALID_MECHANISM;
                     od.supportedExtension = INVALID_CERT_EXTENSION;
 
                     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -174,8 +174,10 @@ endif
 endif
 
 # This allows all library and tools code to use the util function
 # implementations directly from libnssutil3, rather than the wrappers
 # in libnss3 which are present for binary compatibility only
 DEFINES += -DUSE_UTIL_DIRECTLY
 USE_UTIL_DIRECTLY = 1
 
+# Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
+DEFINES += -DNO_NSPR_10_SUPPORT
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
new file mode 100644
--- /dev/null
+++ b/security/nss/doc/.hgignore
@@ -0,0 +1,3 @@
+date.xml
+version.xml
+
--- a/security/nss/doc/Makefile
+++ b/security/nss/doc/Makefile
@@ -19,16 +19,17 @@ date = `date +"%Y%m%d"`
 all: prepare all-man all-html
 
 prepare: date-and-version
 	mkdir -p html
 	mkdir -p nroff
 	
 clean:
 	rm -f date.xml version.xml *.tar.bz2
+	rm -f html/*.proc
 	rm -fr $(name) ascii
 
 date-and-version: date.xml version.xml
 
 date.xml:
 	date +"%e %B %Y" | tr -d '\n' > $@
 
 version.xml:
new file mode 100644
--- /dev/null
+++ b/security/nss/doc/html/.hgignore
@@ -0,0 +1,1 @@
+*.proc
--- a/security/nss/lib/Makefile
+++ b/security/nss/lib/Makefile
@@ -59,17 +59,17 @@ include $(CORE_DEPTH)/coreconf/rules.mk
 
 
 #######################################################################
 # (7) Execute "local" rules. (OPTIONAL).                              #
 #######################################################################
 
 ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
 # Not included when building nss without softoken
-UTIL_SRCDIR=
-FREEBL_SRCDIR=
-SOFTOKEN_SRCDIR=
+UTIL_SRCDIR =
+FREEBL_SRCDIR =
+SOFTOKEN_SRCDIR =
 else
 # default is to include all
 UTIL_SRCDIR = util
 FREEBL_SRCDIR = freebl
 SOFTOKEN_SRCDIR = softoken
 endif
--- a/security/nss/lib/base/arena.c
+++ b/security/nss/lib/base/arena.c
@@ -699,17 +699,17 @@ nss_arena_unmark_release
       arenaMark->prev_destructor->next = (struct arena_destructor_node *)NULL;
     }
     arena->last_destructor = arenaMark->prev_destructor;
 
     /* Note that the arena is locked at this time */
     nss_arena_call_destructor_chain(arenaMark->next_destructor);
 #endif /* ARENA_DESTRUCTOR_LIST */
 
-    PR_ARENA_RELEASE(&arena->pool, inner_mark);
+    PL_ARENA_RELEASE(&arena->pool, inner_mark);
     /* No error return */
   }
 
   PR_Unlock(arena->lock);
   return PR_SUCCESS;
 }
 
 /*
@@ -792,17 +792,17 @@ nss_zalloc_arena_locked
   NSSArena *arena,
   PRUint32 size
 )
 {
   void *p;
   void *rv;
   struct pointer_header *h;
   PRUint32 my_size = size + sizeof(struct pointer_header);
-  PR_ARENA_ALLOCATE(p, &arena->pool, my_size);
+  PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
   if( (void *)NULL == p ) {
     nss_SetError(NSS_ERROR_NO_MEMORY);
     return (void *)NULL;
   }
   /* 
    * Do this before we unlock.  This way if the user is using
    * an arena in one thread while destroying it in another, he'll
    * fault/FMR in his code, not ours.
@@ -1174,17 +1174,17 @@ nss_ZRealloc
        * way a thrash big/small/big/small doesn't burn up the arena.
        */
       char *extra = &((char *)pointer)[ newSize ];
       (void)nsslibc_memset(extra, 0, (h->size - newSize));
       PR_Unlock(arena->lock);
       return pointer;
     }
 
-    PR_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
+    PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
     if( (void *)NULL == p ) {
       PR_Unlock(arena->lock);
       nss_SetError(NSS_ERROR_NO_MEMORY);
       return (void *)NULL;
     }
 
     new_h = (struct pointer_header *)p;
     new_h->arena = arena;
deleted file mode 100644
--- a/security/nss/lib/certdb/.cvsignore
+++ /dev/null
@@ -1,1 +0,0 @@
-nscertinit.c
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -358,17 +358,17 @@ loser:
 /* Parses one AVA, starting at *pbp.  Stops at endptr.
  * Advances *pbp past parsed AVA and trailing separator (if present).
  * On any error, returns NULL and *pbp is undefined.
  * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was 
  * the last character parsed.  *pbp is either equal to endptr or 
  * points to first character after separator.
  */
 static CERTAVA *
-ParseRFC1485AVA(PRArenaPool *arena, const char **pbp, const char *endptr)
+ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr)
 {
     CERTAVA *a;
     const NameToKind *n2k;
     const char *bp;
     int       vt = -1;
     int       valLen;
     SECOidTag kind  = SEC_OID_UNKNOWN;
     SECStatus rv    = SECFailure;
@@ -1132,17 +1132,17 @@ CERT_NameToAscii(CERTName *name)
 /*
  * Return the string representation of a DER encoded distinguished name
  * "dername" - The DER encoded name to convert
  */
 char *
 CERT_DerNameToAscii(SECItem *dername)
 {
     int rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTName name;
     char *retstr = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( arena == NULL) {
 	goto loser;
     }
@@ -1159,17 +1159,17 @@ loser:
     if ( arena != NULL ) {
 	PORT_FreeArena(arena, PR_FALSE);
     }
     
     return(retstr);
 }
 
 static char *
-avaToString(PRArenaPool *arena, CERTAVA *ava)
+avaToString(PLArenaPool *arena, CERTAVA *ava)
 {
     char *    buf       = NULL;
     SECItem*  avaValue;
     int       valueLen;
 
     avaValue = CERT_DecodeAVAValue(&ava->value);
     if(!avaValue) {
 	return buf;
@@ -1193,17 +1193,17 @@ avaToString(PRArenaPool *arena, CERTAVA 
     SECITEM_FreeItem(avaValue, PR_TRUE);
     return buf;
 }
 
 /* RDNs are sorted from most general to most specific.
  * This code returns the FIRST one found, the most general one found.
  */
 static char *
-CERT_GetNameElement(PRArenaPool *arena, const CERTName *name, int wantedTag)
+CERT_GetNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag)
 {
     CERTRDN** rdns = name->rdns;
     CERTRDN*  rdn;
     CERTAVA*  ava  = NULL;
 
     while (rdns && (rdn = *rdns++) != 0) {
 	CERTAVA** avas = rdn->avas;
 	while (avas && (ava = *avas++) != 0) {
@@ -1217,17 +1217,17 @@ CERT_GetNameElement(PRArenaPool *arena, 
     return ava ? avaToString(arena, ava) : NULL;
 }
 
 /* RDNs are sorted from most general to most specific.
  * This code returns the LAST one found, the most specific one found.
  * This is particularly appropriate for Common Name.  See RFC 2818.
  */
 static char *
-CERT_GetLastNameElement(PRArenaPool *arena, const CERTName *name, int wantedTag)
+CERT_GetLastNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag)
 {
     CERTRDN** rdns    = name->rdns;
     CERTRDN*  rdn;
     CERTAVA*  lastAva = NULL;
     
     while (rdns && (rdn = *rdns++) != 0) {
 	CERTAVA** avas = rdn->avas;
 	CERTAVA*  ava;
@@ -1244,17 +1244,17 @@ CERT_GetLastNameElement(PRArenaPool *are
 char *
 CERT_GetCertificateEmailAddress(CERTCertificate *cert)
 {
     char *rawEmailAddr = NULL;
     SECItem subAltName;
     SECStatus rv;
     CERTGeneralName *nameList = NULL;
     CERTGeneralName *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     int i;
     
     subAltName.data = NULL;
 
     rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject),
 						 SEC_OID_PKCS9_EMAIL_ADDRESS);
     if ( rawEmailAddr == NULL ) {
 	rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject), 
@@ -1376,17 +1376,17 @@ appendItemToBuf(char *dest, SECItem *src
 ** This function is intended to be internal to NSS.
 */
 char *
 cert_GetCertificateEmailAddresses(CERTCertificate *cert)
 {
     char *           rawEmailAddr = NULL;
     char *           addrBuf      = NULL;
     char *           pBuf         = NULL;
-    PRArenaPool *    tmpArena     = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *    tmpArena     = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     PRUint32         maxLen       = 0;
     PRInt32          finalLen     = 0;
     SECStatus        rv;
     SECItem          subAltName;
     
     if (!tmpArena) 
     	return addrBuf;
 
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -204,17 +204,17 @@ const SEC_ASN1Template CERT_CertKeyTempl
 };
 
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_TimeChoiceTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SignedCertificateTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SequenceOfCertExtensionTemplate)
 
 SECStatus
-CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn,
+CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer, SECItem *sn,
 			SECItem *key)
 {
     key->len = sn->len + issuer->len;
 
     if ((sn->data == NULL) || (issuer->data == NULL)) {
 	goto loser;
     }
     
@@ -238,17 +238,17 @@ loser:
 
 /*
  * Extract the subject name from a DER certificate
  */
 SECStatus
 CERT_NameFromDERCert(SECItem *derCert, SECItem *derName)
 {
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     void *tmpptr;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
     }
@@ -282,17 +282,17 @@ loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(SECFailure);
 }
 
 SECStatus
 CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName)
 {
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     void *tmpptr;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
     }
@@ -326,17 +326,17 @@ loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(SECFailure);
 }
 
 SECStatus
 CERT_SerialNumberFromDERCert(SECItem *derCert, SECItem *derName)
 {
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     void *tmpptr;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
     }
@@ -371,17 +371,17 @@ loser:
     return(SECFailure);
 }
 
 /*
  * Generate a database key, based on serial number and issuer, from a
  * DER certificate.
  */
 SECStatus
-CERT_KeyFromDERCert(PRArenaPool *reqArena, SECItem *derCert, SECItem *key)
+CERT_KeyFromDERCert(PLArenaPool *reqArena, SECItem *derCert, SECItem *key)
 {
     int rv;
     CERTSignedData sd;
     CERTCertKey certkey;
 
     if (!reqArena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
@@ -739,17 +739,17 @@ cert_IsRootCert(CERTCertificate *cert)
 /*
  * take a DER certificate and decode it into a certificate structure
  */
 CERTCertificate *
 CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
 			 char *nickname)
 {
     CERTCertificate *cert;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     void *data;
     int rv;
     int len;
     char *tmpname;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
@@ -869,21 +869,21 @@ CERTCertificate *
 __CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
 			 char *nickname)
 {
     return CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname);
 }
 
 
 CERTValidity *
-CERT_CreateValidity(int64 notBefore, int64 notAfter)
+CERT_CreateValidity(PRTime notBefore, PRTime notAfter)
 {
     CERTValidity *v;
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 
     if (notBefore > notAfter) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
     }
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
@@ -901,17 +901,17 @@ CERT_CreateValidity(int64 notBefore, int
     return v;
 
   loser:
     CERT_DestroyValidity(v);
     return 0;
 }
 
 SECStatus
-CERT_CopyValidity(PRArenaPool *arena, CERTValidity *to, CERTValidity *from)
+CERT_CopyValidity(PLArenaPool *arena, CERTValidity *to, CERTValidity *from)
 {
     SECStatus rv;
 
     CERT_DestroyValidity(to);
     to->arena = arena;
     
     rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore);
     if (rv) return rv;
@@ -1412,17 +1412,17 @@ cert_TestHostName(char * cn, const char 
     PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
     return SECFailure;
 }
 
 
 SECStatus
 cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
 {
-    PRArenaPool *     arena          = NULL;
+    PLArenaPool *     arena          = NULL;
     CERTGeneralName * nameList       = NULL;
     CERTGeneralName * current;
     char *            cn;
     int               cnBufLen;
     unsigned int      hnLen;
     int               DNSextCount    = 0;
     int               IPextCount     = 0;
     PRBool            isIPaddr       = PR_FALSE;
@@ -1547,17 +1547,17 @@ finish:
 /*
  * If found:
  *   - subAltName contains the extension (caller must free)
  *   - return value is the decoded namelist (allocated off arena)
  * if not found, or if failure to decode:
  *   - return value is NULL
  */
 CERTGeneralName *
-cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena)
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena)
 {
     CERTGeneralName * nameList       = NULL;
     SECStatus         rv             = SECFailure;
     SECItem           subAltName;
 
     if (!cert || !arena)
       return NULL;
 
@@ -1686,17 +1686,17 @@ cert_GetDNSPatternsFromGeneralNames(CERT
  * but this saves us from dealing with two arenas.
  * The caller may free all data by freeing CERTCertNicknames->arena.
  */
 CERTCertNicknames *
 CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert)
 {
     CERTGeneralName *generalNames;
     CERTCertNicknames *nickNames;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     char *singleName;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena) {
         return NULL;
     }
     
     nickNames = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
@@ -1911,17 +1911,17 @@ CERT_CompareCertsForRedirection(CERTCert
 }
 
 
 /* CERT_CertChainFromCert and CERT_DestroyCertificateList moved
    to certhigh.c */
 
 
 CERTIssuerAndSN *
-CERT_GetCertIssuerAndSN(PRArenaPool *arena, CERTCertificate *cert)
+CERT_GetCertIssuerAndSN(PLArenaPool *arena, CERTCertificate *cert)
 {
     CERTIssuerAndSN *result;
     SECStatus rv;
 
     if ( arena == NULL ) {
 	arena = cert->arena;
     }
     
@@ -2507,17 +2507,17 @@ CERT_ImportCerts(CERTCertDBHandle *certd
 
 /*
  * a real list of certificates - need to convert CERTCertificateList
  * stuff and ASN 1 encoder/decoder over to using this...
  */
 CERTCertList *
 CERT_NewCertList(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTCertList *ret = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	goto loser;
     }
     
     ret = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
--- a/security/nss/lib/certdb/certi.h
+++ b/security/nss/lib/certdb/certi.h
@@ -38,17 +38,17 @@ struct OpaqueCRLFieldsStr {
 
 typedef struct PreAllocatorStr PreAllocator;
 
 struct PreAllocatorStr
 {
     PRSize len;
     void* data;
     PRSize used;
-    PRArenaPool* arena;
+    PLArenaPool* arena;
     PRSize extra;
 };
 
 /*  CRL entry cache.
     This is the same as an entry plus the next/prev pointers for the hash table
 */
 
 struct CRLEntryCacheStr {
@@ -227,29 +227,29 @@ cert_DestroySubjectKeyIDHashTable(void);
 
 SECItem*
 cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID);
 
 /* return maximum length of AVA value based on its type OID tag. */
 extern int cert_AVAOidTagToMaxLen(SECOidTag tag);
 
 /* Make an AVA, allocated from pool, from OID and DER encoded value */
-extern CERTAVA * CERT_CreateAVAFromRaw(PRArenaPool *pool, 
+extern CERTAVA * CERT_CreateAVAFromRaw(PLArenaPool *pool, 
                                const SECItem * OID, const SECItem * value);
 
 /* Make an AVA from binary input specified by SECItem */
-extern CERTAVA * CERT_CreateAVAFromSECItem(PRArenaPool *arena, SECOidTag kind, 
+extern CERTAVA * CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, 
                                            int valueType, SECItem *value);
 
 /*
  * get a DPCache object for the given issuer subject and dp
  * Automatically creates the cache object if it doesn't exist yet.
  */
 SECStatus AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
-                         const SECItem* dp, int64 t, void* wincx,
+                         const SECItem* dp, PRTime t, void* wincx,
                          CRLDPCache** dpcache, PRBool* writeLocked);
 
 /* check if a particular SN is in the CRL cache and return its entry */
 dpcacheStatus DPCache_Lookup(CRLDPCache* cache, const SECItem* sn,
                              CERTCrlEntry** returned);
 
 /* release a DPCache object that was previously acquired */
 void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);
@@ -352,17 +352,17 @@ SECStatus cert_AcquireNamedCRLCache(Name
 SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc,
                                     const SECItem* canonicalizedName,
                                     NamedCRLCacheEntry** retEntry);
 
 SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc);
 
 /* This is private for now.  Maybe shoule be public. */
 CERTGeneralName *
-cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena);
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena);
 
 /* Count DNS names and IP addresses in a list of GeneralNames */
 PRUint32
 cert_CountDNSPatterns(CERTGeneralName *firstName);
 
 /*
  * returns the trust status of the leaf certificate based on usage.
  * If the leaf is explicitly untrusted, this function will fail and 
--- a/security/nss/lib/certdb/certv3.c
+++ b/security/nss/lib/certdb/certv3.c
@@ -67,17 +67,17 @@ CERT_FindIssuerCertExtension(CERTCertifi
 char *
 CERT_FindCertURLExtension(CERTCertificate *cert, int tag, int catag)
 {
     SECStatus rv;
     SECItem urlitem = {siBuffer,0};
     SECItem baseitem = {siBuffer,0};
     SECItem urlstringitem = {siBuffer,0};
     SECItem basestringitem = {siBuffer,0};
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     PRBool hasbase;
     char *urlstring;
     char *str;
     int len;
     unsigned int i;
     
     urlstring = NULL;
 
@@ -194,17 +194,17 @@ CERT_FindNSCertTypeExtension(CERTCertifi
 /*
  * get the value of a string type extension
  */
 char *
 CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
 {
     SECItem wrapperItem, tmpItem = {siBuffer,0};
     SECStatus rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     char *retstring = NULL;
     
     wrapperItem.data = NULL;
     tmpItem.data = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
@@ -307,17 +307,17 @@ CERT_FindBasicConstraintExten(CERTCertif
     /* free the raw extension data */
     PORT_Free(encodedExtenValue.data);
     encodedExtenValue.data = NULL;
     
     return(rv);
 }
 
 CERTAuthKeyID *
-CERT_FindAuthKeyIDExten (PRArenaPool *arena, CERTCertificate *cert)
+CERT_FindAuthKeyIDExten (PLArenaPool *arena, CERTCertificate *cert)
 {
     SECItem encodedExtenValue;
     SECStatus rv;
     CERTAuthKeyID *ret;
     
     encodedExtenValue.data = NULL;
     encodedExtenValue.len = 0;
 
--- a/security/nss/lib/certdb/certxutl.c
+++ b/security/nss/lib/certdb/certxutl.c
@@ -106,33 +106,33 @@ cert_FindExtension(CERTCertExtension **e
 typedef struct _extNode {
     struct _extNode *next;
     CERTCertExtension *ext;
 } extNode;
 
 typedef struct {
     void (*setExts)(void *object, CERTCertExtension **exts);
     void *object;
-    PRArenaPool *ownerArena;
-    PRArenaPool *arena;
+    PLArenaPool *ownerArena;
+    PLArenaPool *arena;
     extNode *head;
     int count;
 }extRec;
 
 /*
  * cert_StartExtensions
  *
  * NOTE: This interface changed significantly to remove knowledge
  *   about callers data structures (owner objects)
  */
 void *
-cert_StartExtensions(void *owner, PRArenaPool *ownerArena,
+cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
    void (*setExts)(void *object, CERTCertExtension **exts))
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     extRec *handle;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	return(0);
     }
 
     handle = (extRec *)PORT_ArenaAlloc(arena, sizeof(extRec));
@@ -392,17 +392,17 @@ CERT_MergeExtensions(void *exthandle, CE
  * get the value of the Netscape Certificate Type Extension
  */
 SECStatus
 CERT_FindBitStringExtension (CERTCertExtension **extensions, int tag,
 			     SECItem *retItem)
 {
     SECItem wrapperItem, tmpItem = {siBuffer,0};
     SECStatus rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     
     wrapperItem.data = NULL;
     tmpItem.data = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -299,22 +299,22 @@ SECStatus cert_check_crl_version (CERTCr
     return (SECSuccess);
 }
 
 /*
  * Generate a database key, based on the issuer name from a
  * DER crl.
  */
 SECStatus
-CERT_KeyFromDERCrl(PRArenaPool *arena, SECItem *derCrl, SECItem *key)
+CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl, SECItem *key)
 {
     SECStatus rv;
     CERTSignedData sd;
     CERTCrlKey crlkey;
-    PRArenaPool* myArena;
+    PLArenaPool* myArena;
 
     if (!arena) {
         /* arena needed for QuickDER */
         myArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     } else {
         myArena = arena;
     }
     PORT_Memset (&sd, 0, sizeof (sd));
@@ -387,20 +387,20 @@ SECStatus CERT_CompleteCRLDecodeEntries(
     return rv;
 }
 
 /*
  * take a DER CRL and decode it into a CRL structure
  * allow reusing the input DER without making a copy
  */
 CERTSignedCrl *
-CERT_DecodeDERCrlWithFlags(PRArenaPool *narena, SECItem *derSignedCrl,
+CERT_DecodeDERCrlWithFlags(PLArenaPool *narena, SECItem *derSignedCrl,
                           int type, PRInt32 options)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedCrl *crl;
     SECStatus rv;
     OpaqueCRLFields* extended = NULL;
     const SEC_ASN1Template* crlTemplate = CERT_SignedCrlTemplate;
     PRInt32 testOptions = options;
 
     PORT_Assert(derSignedCrl);
     if (!derSignedCrl) {
@@ -527,17 +527,17 @@ loser:
     
     return(0);
 }
 
 /*
  * take a DER CRL and decode it into a CRL structure
  */
 CERTSignedCrl *
-CERT_DecodeDERCrl(PRArenaPool *narena, SECItem *derSignedCrl, int type)
+CERT_DecodeDERCrl(PLArenaPool *narena, SECItem *derSignedCrl, int type)
 {
     return CERT_DecodeDERCrlWithFlags(narena, derSignedCrl, type,
                                       CRL_DECODE_DEFAULT_OPTIONS);
 }
 
 /*
  * Lookup a CRL in the databases. We mirror the same fast caching data base
  *  caching stuff used by certificates....?
@@ -715,17 +715,17 @@ SEC_NewCrl(CERTCertDBHandle *handle, cha
     PK11_FreeSlot(slot);
 
     return retCrl;
 }
     
 CERTSignedCrl *
 SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECItem crlKey;
     SECStatus rv;
     CERTSignedCrl *crl = NULL;
     
     /* create a scratch arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return(NULL);
@@ -776,17 +776,17 @@ SEC_DestroyCrl(CERTSignedCrl *crl)
         return SECFailure;
     }
 }
 
 SECStatus
 SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type)
 {
     CERTCrlHeadNode *head;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
 
     *nodes = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return SECFailure;
     }
@@ -954,17 +954,17 @@ void PreAllocator_Destroy(PreAllocator* 
     {
         PORT_FreeArena(PreAllocator->arena, PR_TRUE);
     }
 }
 
 /* constructor for PreAllocator object */
 PreAllocator* PreAllocator_Create(PRSize size)
 {
-    PRArenaPool* arena = NULL;
+    PLArenaPool* arena = NULL;
     PreAllocator* prebuffer = NULL;
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
     {
         return NULL;
     }
     prebuffer = (PreAllocator*)PORT_ArenaZAlloc(arena,
                                                 sizeof(PreAllocator));
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -151,17 +151,17 @@ CERT_NewGeneralName(PLArenaPool *arena, 
     return name;
 }
 
 /* Copy content of one General Name to another.
 ** Caller has allocated destination general name.
 ** This function does not change the destinate's GeneralName's list linkage.
 */
 SECStatus
-cert_CopyOneGeneralName(PRArenaPool      *arena, 
+cert_CopyOneGeneralName(PLArenaPool      *arena,
 		        CERTGeneralName  *dest, 
 		        CERTGeneralName  *src)
 {
     SECStatus rv;
     void *mark = NULL;
 
     PORT_Assert(dest != NULL);
     dest->type = src->type;
@@ -216,17 +216,17 @@ CERT_DestroyGeneralNameList(CERTGeneralN
 	    PZ_Unlock(lock);
 	}
     }
     return;
 }
 
 CERTGeneralNameList *
 CERT_CreateGeneralNameList(CERTGeneralName *name) {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTGeneralNameList *list = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	goto done;
     }
     list = PORT_ArenaZNew(arena, CERTGeneralNameList);
     if (!list)
@@ -283,17 +283,17 @@ CERTNameConstraint *
 CERT_GetPrevNameConstraint(CERTNameConstraint *current)
 {
     PRCList *prev;
     prev = current->l.prev;
     return (CERTNameConstraint *) (((char *) prev) - offsetof(CERTNameConstraint, l));
 }
 
 SECItem *
-CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PRArenaPool *arena)
+CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PLArenaPool *arena)
 {
 
     const SEC_ASN1Template * template;
 
     PORT_Assert(arena);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
@@ -340,17 +340,17 @@ CERT_EncodeGeneralName(CERTGeneralName *
     /* TODO: unmark arena */
     return dest;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 SECItem **
-cert_EncodeGeneralNames(PRArenaPool *arena, CERTGeneralName *names)
+cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names)
 {
     CERTGeneralName  *current_name;
     SECItem          **items = NULL;
     int              count = 0;
     int              i;
     PRCList          *head;
 
     PORT_Assert(arena);
@@ -380,17 +380,17 @@ cert_EncodeGeneralNames(PRArenaPool *are
     /* TODO: unmark arena */
     return items;
 loser:
     /* TODO: release arena to mark */
     return NULL;
 }
 
 CERTGeneralName *
-CERT_DecodeGeneralName(PRArenaPool      *reqArena,
+CERT_DecodeGeneralName(PLArenaPool      *reqArena,
 		       SECItem          *encodedName,
 		       CERTGeneralName  *genName)
 {
     const SEC_ASN1Template *         template;
     CERTGeneralNameType              genNameType;
     SECStatus                        rv = SECSuccess;
     SECItem* newEncodedName;
 
@@ -442,17 +442,17 @@ CERT_DecodeGeneralName(PRArenaPool      
     /* TODO: unmark arena */
     return genName;
 loser:
     /* TODO: release arena to mark */
     return NULL;
 }
 
 CERTGeneralName *
-cert_DecodeGeneralNames (PRArenaPool  *arena,
+cert_DecodeGeneralNames (PLArenaPool  *arena,
 			 SECItem      **encodedGenName)
 {
     PRCList                           *head = NULL;
     PRCList                           *tail = NULL;
     CERTGeneralName                   *currentName = NULL;
 
     PORT_Assert(arena);
     if (!encodedGenName || !arena) {
@@ -501,17 +501,17 @@ cert_DestroyGeneralNames(CERTGeneralName
 	name = next;
     } while (name != first);
     return SECSuccess;
 }
 
 static SECItem *
 cert_EncodeNameConstraint(CERTNameConstraint  *constraint, 
 			 SECItem             *dest,
-			 PRArenaPool         *arena)
+			 PLArenaPool         *arena)
 {
     PORT_Assert(arena);
     if (dest == NULL) {
 	dest = PORT_ArenaZNew(arena, SECItem);
 	if (dest == NULL) {
 	    return NULL;
 	}
     }
@@ -519,17 +519,17 @@ cert_EncodeNameConstraint(CERTNameConstr
     
     dest = SEC_ASN1EncodeItem (arena, dest, constraint,
 			       CERTNameConstraintTemplate);
     return dest;
 } 
 
 SECStatus 
 cert_EncodeNameConstraintSubTree(CERTNameConstraint  *constraints,
-			         PRArenaPool         *arena,
+			         PLArenaPool         *arena,
 				 SECItem             ***dest,
 				 PRBool              permited)
 {
     CERTNameConstraint  *current_constraint = constraints;
     SECItem             **items = NULL;
     int                 count = 0;
     int                 i;
     PRCList             *head;
@@ -565,17 +565,17 @@ cert_EncodeNameConstraintSubTree(CERTNam
     return SECSuccess;
 loser:
     /* TODO: release arena to mark */
     return SECFailure;
 }
 
 SECStatus 
 cert_EncodeNameConstraints(CERTNameConstraints  *constraints,
-			   PRArenaPool          *arena,
+			   PLArenaPool          *arena,
 			   SECItem              *dest)
 {
     SECStatus    rv = SECSuccess;
 
     PORT_Assert(arena);
     /* TODO: mark arena */
     if (constraints->permited != NULL) {
 	rv = cert_EncodeNameConstraintSubTree(constraints->permited, arena,
@@ -602,17 +602,17 @@ cert_EncodeNameConstraints(CERTNameConst
     return SECSuccess;
 loser:
     /* TODO: release arena to mark */
     return SECFailure;
 }
 
 
 CERTNameConstraint *
-cert_DecodeNameConstraint(PRArenaPool       *reqArena,
+cert_DecodeNameConstraint(PLArenaPool       *reqArena,
 			  SECItem           *encodedConstraint)
 {
     CERTNameConstraint     *constraint;
     SECStatus              rv = SECSuccess;
     CERTGeneralName        *temp;
     SECItem*               newEncodedConstraint;
 
     if (!reqArena) {
@@ -647,17 +647,17 @@ cert_DecodeNameConstraint(PRArenaPool   
     /* TODO: unmark arena */
     return constraint;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 CERTNameConstraint *
-cert_DecodeNameConstraintSubTree(PRArenaPool   *arena,
+cert_DecodeNameConstraintSubTree(PLArenaPool   *arena,
 				 SECItem       **subTree,
 				 PRBool        permited)
 {
     CERTNameConstraint   *current = NULL;
     CERTNameConstraint   *first = NULL;
     CERTNameConstraint   *last = NULL;
     int                  i = 0;
 
@@ -680,17 +680,17 @@ cert_DecodeNameConstraintSubTree(PRArena
     /* TODO: unmark arena */
     return first;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 CERTNameConstraints *
-cert_DecodeNameConstraints(PRArenaPool   *reqArena,
+cert_DecodeNameConstraints(PLArenaPool   *reqArena,
 			   const SECItem *encodedConstraints)
 {
     CERTNameConstraints   *constraints;
     SECStatus             rv;
     SECItem*              newEncodedConstraints;
 
     if (!reqArena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -746,17 +746,17 @@ loser:
 ** the first copy from the arena and links them into the destination list.  
 ** If the destination struct is part of a list with more than one member,
 ** then this function traverses both the source and destination lists,
 ** copying each source struct to the corresponding dest struct.
 ** In that case, the destination list MUST contain at least as many 
 ** structs as the source list or some dest entries will be overwritten.
 */
 SECStatus
-CERT_CopyGeneralName(PRArenaPool      *arena, 
+CERT_CopyGeneralName(PLArenaPool      *arena,
 		     CERTGeneralName  *dest, 
 		     CERTGeneralName  *src)
 {
     SECStatus rv;
     CERTGeneralName *destHead = dest;
     CERTGeneralName *srcHead = src;
 
     PORT_Assert(dest != NULL);
@@ -803,17 +803,17 @@ CERT_DupGeneralNameList(CERTGeneralNameL
 	list->refCount++;
 	PZ_Unlock(list->lock);
     }
     return list;
 }
 
 /* Allocate space and copy CERTNameConstraint from src to dest */
 CERTNameConstraint *
-CERT_CopyNameConstraint(PRArenaPool         *arena, 
+CERT_CopyNameConstraint(PLArenaPool         *arena,
 			CERTNameConstraint  *dest, 
 			CERTNameConstraint  *src)
 {
     SECStatus  rv;
     
     /* TODO: mark arena */
     if (dest == NULL) {
 	dest = PORT_ArenaZNew(arena, CERTNameConstraint);
@@ -910,17 +910,17 @@ CERT_AddNameConstraint(CERTNameConstrain
     return list;
 }
 
 
 SECStatus
 CERT_GetNameConstraintByType (CERTNameConstraint *constraints,
 			      CERTGeneralNameType type, 
 			      CERTNameConstraint **returnList,
-			      PRArenaPool *arena)
+			      PLArenaPool *arena)
 {
     CERTNameConstraint *current = NULL;
     void               *mark = NULL;
 
     *returnList = NULL;
     if (!constraints)
 	return SECSuccess;
 
@@ -1050,27 +1050,27 @@ loser:
     /* TODO: release arena back to mark */
     return SECFailure;
 }
 
 /* Extract all names except Subject Common Name from a cert 
 ** in preparation for a name constraints test.
 */
 CERTGeneralName *
-CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena)
+CERT_GetCertificateNames(CERTCertificate *cert, PLArenaPool *arena)
 {
     return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE);
 }
 
 /* This function is called by CERT_VerifyCertChain to extract all
 ** names from a cert in preparation for a name constraints test.
 */
 CERTGeneralName *
 CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
-                                    PRArenaPool *arena,
+                                    PLArenaPool *arena,
                                     PRBool includeSubjectCommonName)
 {
     CERTGeneralName  *DN;
     CERTGeneralName  *SAN;
     PRUint32         numDNSNames = 0;
     SECStatus        rv;
 
     if (!arena) {
@@ -1520,17 +1520,17 @@ done:
     } else {
         PORT_ArenaUnmark(arena, mark);
     }
     return rv;
 }
 
 /* Extract the name constraints extension from the CA cert. */
 SECStatus
-CERT_FindNameConstraintsExten(PRArenaPool      *arena,
+CERT_FindNameConstraintsExten(PLArenaPool      *arena,
                               CERTCertificate  *cert,
                               CERTNameConstraints **constraints)
 {
     SECStatus            rv = SECSuccess;
     SECItem              constraintsExtension;
     void                *mark = NULL;
     
     *constraints = NULL;
@@ -1560,17 +1560,17 @@ CERT_FindNameConstraintsExten(PRArenaPoo
 
     return rv;
 }
 
 /* Verify name against all the constraints relevant to that type of
 ** the name.
 */
 SECStatus
-CERT_CheckNameSpace(PRArenaPool          *arena,
+CERT_CheckNameSpace(PLArenaPool          *arena,
                     const CERTNameConstraints *constraints,
                     const CERTGeneralName     *currentName)
 {
     CERTNameConstraint  *matchingConstraints;
     SECStatus            rv = SECSuccess;
     
     if (constraints->excluded != NULL) {
         rv = CERT_GetNameConstraintByType(constraints->excluded, 
@@ -1609,17 +1609,17 @@ CERT_CheckNameSpace(PRArenaPool         
 ** Returns NULL in pBadCert for success, if all names are acceptable.
 ** If some name is not acceptable, returns a pointer to the cert that
 ** contained that name.
 */
 SECStatus
 CERT_CompareNameSpace(CERTCertificate  *cert,
 		      CERTGeneralName  *namesList,
  		      CERTCertificate **certsList,
- 		      PRArenaPool      *reqArena,
+ 		      PLArenaPool      *reqArena,
  		      CERTCertificate **pBadCert)
 {
     SECStatus            rv = SECSuccess;
     CERTNameConstraints  *constraints;
     CERTGeneralName      *currentName;
     int                  count = 0;
     CERTCertificate      *badCert = NULL;
 
@@ -1750,17 +1750,17 @@ CERT_CompareGeneralNameLists(CERTGeneral
 #if 0
 /* This function is not exported from NSS shared libraries, and is not
 ** used inside of NSS.
 ** XXX it doesn't check for failed allocations. :-(
 */
 void *
 CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
 				  CERTGeneralNameType type,
-				  PRArenaPool *arena)
+				  PLArenaPool *arena)
 {
     CERTName *name = NULL; 
     SECItem *item = NULL;
     OtherName *other = NULL;
     OtherName *tmpOther = NULL;
     void *data;
 
     PZ_Lock(list->lock);
--- a/security/nss/lib/certdb/genname.h
+++ b/security/nss/lib/certdb/genname.h
@@ -13,30 +13,30 @@
 #include "certt.h"
 
 /************************************************************************/
 SEC_BEGIN_PROTOS
 
 extern const SEC_ASN1Template CERT_GeneralNamesTemplate[];
 
 extern SECItem **
-cert_EncodeGeneralNames(PRArenaPool *arena, CERTGeneralName *names);
+cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names);
 
 extern CERTGeneralName *
-cert_DecodeGeneralNames(PRArenaPool *arena, SECItem **encodedGenName);
+cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName);
 
 extern SECStatus
 cert_DestroyGeneralNames(CERTGeneralName *name);
 
 extern SECStatus 
-cert_EncodeNameConstraints(CERTNameConstraints *constraints, PRArenaPool *arena,
+cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
 			   SECItem *dest);
 
 extern CERTNameConstraints *
-cert_DecodeNameConstraints(PRArenaPool *arena, const SECItem *encodedConstraints);
+cert_DecodeNameConstraints(PLArenaPool *arena, const SECItem *encodedConstraints);
 
 extern CERTGeneralName *
 cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2);
 
 extern CERTNameConstraint *
 cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2);
 
 /*********************************************************************/
@@ -46,17 +46,17 @@ cert_CombineConstraintsLists(CERTNameCon
 /* Destroy a Single CERTGeneralName */
 void
 CERT_DestroyGeneralName(CERTGeneralName *name);
 
 SECStatus
 CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
 
 SECStatus
-CERT_CopyGeneralName(PRArenaPool      *arena, 
+CERT_CopyGeneralName(PLArenaPool      *arena,
 		     CERTGeneralName  *dest, 
 		     CERTGeneralName  *src);
 
 /* General Name Lists are a thread safe, reference counting layer to 
  * general names */
 
 /* Destroys a CERTGeneralNameList */
 void
@@ -69,17 +69,17 @@ CERT_CreateGeneralNameList(CERTGeneralNa
 /* Compares two CERTGeneralNameList */
 SECStatus
 CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b);
 
 /* returns a copy of the first name of the type requested */
 void *
 CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
 				  CERTGeneralNameType type,
-				  PRArenaPool *arena);
+				  PLArenaPool *arena);
 
 /* Adds a name to the tail of the list */
 void
 CERT_AddGeneralNameToList(CERTGeneralNameList *list, 
 			  CERTGeneralNameType type,
 			  void *data, SECItem *oid);
 
 /* returns a duplicate of the CERTGeneralNameList */
@@ -93,14 +93,14 @@ extern int
 CERT_GetNamesLength(CERTGeneralName *names);
 
 /************************************************************************/
 
 SECStatus
 CERT_CompareNameSpace(CERTCertificate  *cert,
 		      CERTGeneralName  *namesList,
  		      CERTCertificate **certsList,
- 		      PRArenaPool      *reqArena,
+ 		      PLArenaPool      *reqArena,
  		      CERTCertificate **pBadCert);
 
 SEC_END_PROTOS
 
 #endif
--- a/security/nss/lib/certdb/polcyxtn.c
+++ b/security/nss/lib/certdb/polcyxtn.c
@@ -143,17 +143,17 @@ breakLines(char *string)
     }
     
     return;
 }
 
 CERTCertificatePolicies *
 CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTCertificatePolicies *policies;
     CERTPolicyInfo **policyInfos, *policyInfo;
     CERTPolicyQualifier **policyQualifiers, *policyQualifier;
     SECItem newExtnValue;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -219,17 +219,17 @@ CERT_DestroyCertificatePoliciesExtension
 	PORT_FreeArena(policies->arena, PR_FALSE);
     }
     return;
 }
 
 CERTCertificatePolicyMappings *
 CERT_DecodePolicyMappingsExtension(SECItem *extnValue)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTCertificatePolicyMappings *mappings;
     SECItem newExtnValue;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
         goto loser;
@@ -277,17 +277,17 @@ CERT_DestroyPolicyMappingsExtension(CERT
 }
 
 SECStatus
 CERT_DecodePolicyConstraintsExtension
                              (CERTCertificatePolicyConstraints *decodedValue,
                               const SECItem *encodedValue)
 {
     CERTCertificatePolicyConstraints decodeContext;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
 
     /* initialize so we can tell when an optional component is omitted */
     PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
 
     /* make a new arena */
     arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
     if (!arena) {
@@ -333,17 +333,17 @@ CERT_DecodePolicyConstraintsExtension
     PORT_FreeArena(arena, PR_FALSE);
     return(rv);
 }
 
 SECStatus CERT_DecodeInhibitAnyExtension
         (CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue)
 {
     CERTCertificateInhibitAny decodeContext;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
 
     /* make a new arena */
     arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
     if ( !arena ) {
         return SECFailure;
     }
 
@@ -365,17 +365,17 @@ SECStatus CERT_DecodeInhibitAnyExtension
 
     PORT_FreeArena(arena, PR_FALSE);
     return(rv);
 }
 
 CERTUserNotice *
 CERT_DecodeUserNotice(SECItem *noticeItem)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTUserNotice *userNotice;
     SECItem newNoticeItem;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
@@ -599,17 +599,17 @@ const SEC_ASN1Template CERT_OidSeqTempla
     { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
 	  offsetof(CERTOidSequence, oids),
 	  SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
 };
 
 CERTOidSequence *
 CERT_DecodeOidSequence(const SECItem *seqItem)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTOidSequence *oidSeq;
     SECItem newSeqItem;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
@@ -703,17 +703,17 @@ done:
     if (extItem.data != NULL) {
 	PORT_Free(extItem.data);
     }
     return(ret);
 }
 
 
 SECStatus
-CERT_EncodePolicyConstraintsExtension(PRArenaPool *arena,
+CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
                                       CERTCertificatePolicyConstraints *constr,
                                       SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(constr != NULL && dest != NULL);
     if (constr == NULL || dest == NULL) {
 	return SECFailure;
@@ -722,17 +722,17 @@ CERT_EncodePolicyConstraintsExtension(PR
     if (SEC_ASN1EncodeItem (arena, dest, constr,
                             CERT_PolicyConstraintsTemplate) == NULL) {
 	rv = SECFailure;
     }
     return(rv);
 }
 
 SECStatus
-CERT_EncodePolicyMappingExtension(PRArenaPool *arena,
+CERT_EncodePolicyMappingExtension(PLArenaPool *arena,
                                   CERTCertificatePolicyMappings *mapping,
                                   SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(mapping != NULL && dest != NULL);
     if (mapping == NULL || dest == NULL) {
 	return SECFailure;
@@ -743,17 +743,17 @@ CERT_EncodePolicyMappingExtension(PRAren
 	rv = SECFailure;
     }
     return(rv);
 }
 
 
 
 SECStatus
-CERT_EncodeCertPoliciesExtension(PRArenaPool *arena,
+CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
                                  CERTPolicyInfo **info,
                                  SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(info != NULL && dest != NULL);
     if (info == NULL || dest == NULL) {
 	return SECFailure;
@@ -762,17 +762,17 @@ CERT_EncodeCertPoliciesExtension(PRArena
     if (SEC_ASN1EncodeItem (arena, dest, info,
                             CERT_CertificatePoliciesTemplate) == NULL) {
 	rv = SECFailure;
     }
     return(rv);
 }
 
 SECStatus
-CERT_EncodeUserNotice(PRArenaPool *arena,
+CERT_EncodeUserNotice(PLArenaPool *arena,
                       CERTUserNotice *notice,
                       SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(notice != NULL && dest != NULL);
     if (notice == NULL || dest == NULL) {
 	return SECFailure;
@@ -782,17 +782,17 @@ CERT_EncodeUserNotice(PRArenaPool *arena
                            notice, CERT_UserNoticeTemplate) == NULL) {
 	rv = SECFailure;
     }
 
     return(rv);
 }
 
 SECStatus
-CERT_EncodeNoticeReference(PRArenaPool *arena,
+CERT_EncodeNoticeReference(PLArenaPool *arena,
                            CERTNoticeReference *reference,
                            SECItem *dest)
 {
     SECStatus rv = SECSuccess;
     
     PORT_Assert(reference != NULL && dest != NULL);
     if (reference == NULL || dest == NULL) {
 	return SECFailure;
@@ -802,17 +802,17 @@ CERT_EncodeNoticeReference(PRArenaPool *
                             CERT_NoticeReferenceTemplate) == NULL) {
 	rv = SECFailure;
     }
 
     return(rv);
 }
 
 SECStatus
-CERT_EncodeInhibitAnyExtension(PRArenaPool *arena,
+CERT_EncodeInhibitAnyExtension(PLArenaPool *arena,
                                CERTCertificateInhibitAny *certInhibitAny,
                                SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(certInhibitAny != NULL && dest != NULL);
     if (certInhibitAny == NULL || dest == NULL) {
 	return SECFailure;
--- a/security/nss/lib/certdb/secname.c
+++ b/security/nss/lib/certdb/secname.c
@@ -35,17 +35,17 @@ CountArray(void **array)
 	while (*array++) {
 	    count++;
 	}
     }
     return count;
 }
 
 static void **
-AddToArray(PRArenaPool *arena, void **array, void *element)
+AddToArray(PLArenaPool *arena, void **array, void *element)
 {
     unsigned count;
     void **ap;
 
     /* Count up number of slots already in use in the array */
     count = 0;
     ap = array;
     if (ap) {
@@ -79,17 +79,17 @@ CERT_GetAVATag(CERTAVA *ava)
     
     if ( oid ) {
 	return(oid->offset);
     }
     return (SECOidTag)-1;
 }
 
 static SECStatus
-SetupAVAType(PRArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
+SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
 {
     unsigned char *oid;
     unsigned oidLen;
     unsigned char *cp;
     int      maxLen;
     SECOidData *oidrec;
 
     oidrec = SECOID_FindOIDByTag(type);
@@ -111,17 +111,17 @@ SetupAVAType(PRArenaPool *arena, SECOidT
     }
     it->len = oidLen;
     PORT_Memcpy(cp, oid, oidLen);
     *maxLenp = (unsigned)maxLen;
     return SECSuccess;
 }
 
 static SECStatus
-SetupAVAValue(PRArenaPool *arena, int valueType, const SECItem *in, 
+SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
               SECItem *out, unsigned maxLen)
 {
     PRUint8 *value, *cp, *ucs4Val;
     unsigned valueLen, valueLenLen, total;
     unsigned ucs4Len = 0, ucs4MaxLen;
 
     value    = in->data;
     valueLen = in->len;
@@ -162,17 +162,17 @@ SetupAVAValue(PRArenaPool *arena, int va
     out->data = cp;
     out->len  = total;
     cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen);
     PORT_Memcpy(cp, value, valueLen);
     return SECSuccess;
 }
 
 CERTAVA *
-CERT_CreateAVAFromRaw(PRArenaPool *pool, const SECItem * OID, 
+CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem * OID,
                       const SECItem * value)
 {
     CERTAVA *ava;
     int rv;
 
     ava = PORT_ArenaZNew(pool, CERTAVA);
     if (ava) {
 	rv = SECITEM_CopyItem(pool, &ava->type, OID);
@@ -182,17 +182,17 @@ CERT_CreateAVAFromRaw(PRArenaPool *pool,
 	rv = SECITEM_CopyItem(pool, &ava->value, value);
 	if (rv) 
 	    return NULL;
     }
     return ava;
 }
 
 CERTAVA *
-CERT_CreateAVAFromSECItem(PRArenaPool *arena, SECOidTag kind, int valueType, 
+CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType,
                           SECItem *value)
 {
     CERTAVA *ava;
     int rv;
     unsigned maxLen;
 
     ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
     if (ava) {
@@ -206,28 +206,28 @@ CERT_CreateAVAFromSECItem(PRArenaPool *a
 	    /* Illegal value type */
 	    return NULL;
 	}
     }
     return ava;
 }
 
 CERTAVA *
-CERT_CreateAVA(PRArenaPool *arena, SECOidTag kind, int valueType, char *value)
+CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind, int valueType, char *value)
 {
     SECItem item = { siBuffer, NULL, 0 };
 
     item.data = (PRUint8 *)value;
     item.len  = PORT_Strlen(value);
 
     return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item);
 }
 
 CERTAVA *
-CERT_CopyAVA(PRArenaPool *arena, CERTAVA *from)
+CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
 {
     CERTAVA *ava;
     int rv;
 
     ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
     if (ava) {
 	rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
 	if (rv) goto loser;
@@ -244,17 +244,17 @@ CERT_CopyAVA(PRArenaPool *arena, CERTAVA
 /* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
 static const SEC_ASN1Template cert_RDNTemplate[] = {
     { SEC_ASN1_SET_OF,
 	  offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
 };
 
 
 CERTRDN *
-CERT_CreateRDN(PRArenaPool *arena, CERTAVA *ava0, ...)
+CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
 {
     CERTAVA *ava;
     CERTRDN *rdn;
     va_list ap;
     unsigned count;
     CERTAVA **avap;
 
     rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
@@ -285,24 +285,24 @@ CERT_CreateRDN(PRArenaPool *arena, CERTA
 	    va_end(ap);
 	}
 	*avap++ = 0;
     }
     return rdn;
 }
 
 SECStatus
-CERT_AddAVA(PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
+CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
 {
     rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
     return rdn->avas ? SECSuccess : SECFailure;
 }
 
 SECStatus
-CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from)
+CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from)
 {
     CERTAVA **avas, *fava, *tava;
     SECStatus rv = SECSuccess;
 
     /* Copy each ava from from */
     avas = from->avas;
     if (avas) {
 	if (avas[0] == NULL) {
@@ -335,17 +335,17 @@ SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemp
 CERTName *
 CERT_CreateName(CERTRDN *rdn0, ...)
 {
     CERTRDN *rdn;
     CERTName *name;
     va_list ap;
     unsigned count;
     CERTRDN **rdnp;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	return(0);
     }
     
     name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
     if (name) {
@@ -390,32 +390,32 @@ loser:
     return(0);
 }
 
 void
 CERT_DestroyName(CERTName *name)
 {
     if (name)
     {
-        PRArenaPool *arena = name->arena;
+        PLArenaPool *arena = name->arena;
         name->rdns = NULL;
 	name->arena = NULL;
 	if (arena) PORT_FreeArena(arena, PR_FALSE);
     }
 }
 
 SECStatus
 CERT_AddRDN(CERTName *name, CERTRDN *rdn)
 {
     name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
     return name->rdns ? SECSuccess : SECFailure;
 }
 
 SECStatus
-CERT_CopyName(PRArenaPool *arena, CERTName *to, const CERTName *from)
+CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from)
 {
     CERTRDN **rdns, *frdn, *trdn;
     SECStatus rv = SECSuccess;
 
     if (!to || !from) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -688,17 +688,17 @@ CERT_FindCertByNicknameOrEmailAddrForUsa
 {
   return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, 
                                                       PR_FALSE, 
                                                       lookingForUsage);
 }
 
 static void 
 add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
-                    PRBool validOnly, int64 sorttime)
+                    PRBool validOnly, PRTime sorttime)
 {
     SECStatus secrv;
     if (!validOnly ||
 	CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) 
 	 == secCertTimeValid) {
 	    secrv = CERT_AddCertToListSorted(certList, cert, 
 	                                     CERT_SortCBValidity, 
 	                                     (void *)&sorttime);
@@ -805,18 +805,18 @@ CERT_GetDBContentVersion(CERTCertDBHandl
     /* should read the DB content version from the pkcs #11 device */
     return 0;
 }
 
 SECStatus
 certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, 
 				SECItem *emailProfile, SECItem *profileTime)
 {
-    int64 oldtime;
-    int64 newtime;
+    PRTime oldtime;
+    PRTime newtime;
     SECStatus rv = SECFailure;
     PRBool saveit;
     SECItem oldprof, oldproftime;
     SECItem *oldProfile = NULL;
     SECItem *oldProfileTime = NULL;
     PK11SlotInfo *slot = NULL;
     NSSCertificate *c;
     NSSCryptoContext *cc;
--- a/security/nss/lib/certdb/xauthkid.c
+++ b/security/nss/lib/certdb/xauthkid.c
@@ -30,17 +30,17 @@ const SEC_ASN1Template CERTAuthKeyIDTemp
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
 	  offsetof(CERTAuthKeyID,authCertSerialNumber),
           SEC_ASN1_SUB(SEC_IntegerTemplate) },
     { 0 }
 };
 
 
 
-SECStatus CERT_EncodeAuthKeyID (PRArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
+SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
 {
     SECStatus rv = SECFailure;
  
     PORT_Assert (value);
     PORT_Assert (arena);
     PORT_Assert (value->DERAuthCertIssuer == NULL);
     PORT_Assert (encodedValue);
 
@@ -73,17 +73,17 @@ SECStatus CERT_EncodeAuthKeyID (PRArenaP
 	    break;
 	rv = SECSuccess;
 
     } while (0);
      return(rv);
 }
 
 CERTAuthKeyID *
-CERT_DecodeAuthKeyID (PRArenaPool *arena, const SECItem *encodedValue)
+CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue)
 {
     CERTAuthKeyID * value = NULL;
     SECStatus       rv    = SECFailure;
     void *          mark;
     SECItem         newEncodedValue;
 
     PORT_Assert (arena);
    
--- a/security/nss/lib/certdb/xbsconst.c
+++ b/security/nss/lib/certdb/xbsconst.c
@@ -17,17 +17,17 @@
 #include "secder.h"
 #include "prprf.h"
 #include "secerr.h"
 
 typedef struct EncodedContext{
     SECItem isCA;
     SECItem pathLenConstraint;
     SECItem encodedValue;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 }EncodedContext;
 
 static const SEC_ASN1Template CERTBasicConstraintsTemplate[] = {
     { SEC_ASN1_SEQUENCE,
 	  0, NULL, sizeof(EncodedContext) },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,		/* XXX DER_DEFAULT */
 	  offsetof(EncodedContext,isCA)},
     { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
@@ -36,20 +36,20 @@ static const SEC_ASN1Template CERTBasicC
 };
 
 static unsigned char hexTrue = 0xff;
 static unsigned char hexFalse = 0x00;
 
 #define GEN_BREAK(status) rv = status; break;
 
 SECStatus CERT_EncodeBasicConstraintValue
-   (PRArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
+   (PLArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
 {
     EncodedContext encodeContext;
-    PRArenaPool *our_pool = NULL;   
+    PLArenaPool *our_pool = NULL;
     SECStatus rv = SECSuccess;
 
     do {
 	PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
 	if (!value->isCA && value->pathLenConstraint >= 0) {
 	    PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
 	    GEN_BREAK (SECFailure);
 	}
@@ -86,17 +86,17 @@ SECStatus CERT_EncodeBasicConstraintValu
     return(rv);
 
 }
 
 SECStatus CERT_DecodeBasicConstraintValue
    (CERTBasicConstraints *value, const SECItem *encodedValue)
 {
     EncodedContext decodeContext;
-    PRArenaPool *our_pool;
+    PLArenaPool *our_pool;
     SECStatus rv = SECSuccess;
 
     do {
 	PORT_Memset (&decodeContext, 0, sizeof (decodeContext));
 	/* initialize the value just in case we got "0x30 00", or when the
 	   pathLenConstraint is omitted.
          */
 	decodeContext.isCA.data =&hexFalse;
--- a/security/nss/lib/certdb/xconst.c
+++ b/security/nss/lib/certdb/xconst.c
@@ -61,17 +61,17 @@ const SEC_ASN1Template CERTAuthInfoAcces
 };
 
 const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
 };
 
 
 SECStatus 
-CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString,
+CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem* srcString,
                         SECItem *encodedValue)
 {
     SECStatus rv = SECSuccess;
 
     if (!srcString) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -80,17 +80,17 @@ CERT_EncodeSubjectKeyID(PRArenaPool *are
 	rv = SECFailure;
     }
     
     return(rv);
 }
 
 
 SECStatus
-CERT_EncodePrivateKeyUsagePeriod(PRArenaPool *arena, 
+CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
                                 CERTPrivKeyUsagePeriod *pkup, 
 				SECItem *encodedValue)
 {
     SECStatus rv = SECSuccess;
 
     if (SEC_ASN1EncodeItem (arena, encodedValue, pkup,
 			    CERTPrivateKeyUsagePeriodTemplate) == NULL) {
 	rv = SECFailure;
@@ -129,17 +129,17 @@ CERT_DecodePrivKeyUsagePeriodExtension(P
     return pPeriod;
     
 loser:
     return NULL;
 }
 
 
 SECStatus 
-CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, SECItem *encodedValue)
+CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value, SECItem *encodedValue)
 {
     SECItem encodeContext;
     SECStatus rv = SECSuccess;
 
 
     PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
     
     if (value != NULL) {
@@ -150,32 +150,32 @@ CERT_EncodeIA5TypeExtension(PRArenaPool 
 			    CERTIA5TypeTemplate) == NULL) {
 	rv = SECFailure;
     }
     
     return(rv);
 }
 
 SECStatus
-CERT_EncodeAltNameExtension(PRArenaPool *arena,  CERTGeneralName  *value, SECItem *encodedValue)
+CERT_EncodeAltNameExtension(PLArenaPool *arena,  CERTGeneralName  *value, SECItem *encodedValue)
 {
     SECItem                **encodedGenName;
     SECStatus              rv = SECSuccess;
 
     encodedGenName = cert_EncodeGeneralNames(arena, value);
     if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
 			    CERT_GeneralNamesTemplate) == NULL) {
 	rv = SECFailure;
     }
 
     return rv;
 }
 
 CERTGeneralName *
-CERT_DecodeAltNameExtension(PRArenaPool *reqArena, SECItem *EncodedAltName)
+CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName)
 {
     SECStatus                  rv = SECSuccess;
     CERTAltNameEncodedContext  encodedContext;
     SECItem*                   newEncodedAltName;
 
     if (!reqArena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
@@ -200,37 +200,37 @@ CERT_DecodeAltNameExtension(PRArenaPool 
     /* Treat as extension not found */
     PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
 loser:
     return NULL;
 }
 
 
 SECStatus
-CERT_EncodeNameConstraintsExtension(PRArenaPool          *arena, 
+CERT_EncodeNameConstraintsExtension(PLArenaPool          *arena, 
 				    CERTNameConstraints  *value,
 				    SECItem              *encodedValue)
 {
     SECStatus     rv = SECSuccess;
     
     rv = cert_EncodeNameConstraints(value, arena, encodedValue);
     return rv;
 }
 
 
 CERTNameConstraints *
-CERT_DecodeNameConstraintsExtension(PRArenaPool          *arena,
+CERT_DecodeNameConstraintsExtension(PLArenaPool          *arena,
 				    const SECItem        *encodedConstraints)
 {
     return cert_DecodeNameConstraints(arena, encodedConstraints);
 }
 
 
 CERTAuthInfoAccess **
-CERT_DecodeAuthInfoAccessExtension(PRArenaPool *reqArena,
+CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
 				   SECItem     *encodedExtension)
 {
     CERTAuthInfoAccess **info = NULL;
     SECStatus rv;
     int i;
     SECItem* newEncodedExtension;
 
     if (!reqArena) {
@@ -253,17 +253,17 @@ CERT_DecodeAuthInfoAccessExtension(PRAre
 	info[i]->location = CERT_DecodeGeneralName(reqArena,
 						   &(info[i]->derLocation),
 						   NULL);
     }
     return info;
 }
 
 SECStatus
-CERT_EncodeInfoAccessExtension(PRArenaPool *arena,
+CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
 				   CERTAuthInfoAccess **info,
 				   SECItem *dest)
 {
     SECItem *dummy;
     int i;
 
     PORT_Assert(info != NULL);
     PORT_Assert(dest != NULL);
--- a/security/nss/lib/certdb/xconst.h
+++ b/security/nss/lib/certdb/xconst.h
@@ -10,27 +10,27 @@ typedef struct CERTAltNameEncodedContext
     SECItem **encodedGenName;
 } CERTAltNameEncodedContext;
 
 
 
 SEC_BEGIN_PROTOS
 
 extern SECStatus
-CERT_EncodePrivateKeyUsagePeriod(PRArenaPool *arena, 
+CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
                                 CERTPrivKeyUsagePeriod *pkup,
 				SECItem *encodedValue);
 
 extern SECStatus
-CERT_EncodeNameConstraintsExtension(PRArenaPool *arena, 
+CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
                                     CERTNameConstraints  *value,
 			            SECItem *encodedValue);
 
 extern SECStatus 
-CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, 
+CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
                             SECItem *encodedValue);
 
 SECStatus
-cert_EncodeAuthInfoAccessExtension(PRArenaPool *arena,
+cert_EncodeAuthInfoAccessExtension(PLArenaPool *arena,
 				   CERTAuthInfoAccess **info,
 				   SECItem *dest);
 SEC_END_PROTOS
 #endif
--- a/security/nss/lib/certhigh/certhigh.c
+++ b/security/nss/lib/certhigh/certhigh.c
@@ -75,17 +75,17 @@ CERT_FindUserCertsByUsage(CERTCertDBHand
 			  void *proto_win)
 {
     CERTCertNicknames *nicknames = NULL;
     char **nnptr;
     int nn;
     CERTCertificate *cert = NULL;
     CERTCertList *certList = NULL;
     SECStatus rv;
-    int64 time;
+    PRTime time;
     CERTCertListNode *node = NULL;
     CERTCertListNode *freenode = NULL;
     int n;
     
     time = PR_Now();
     
     nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
 				      proto_win);
@@ -223,17 +223,17 @@ CERT_FindUserCertByUsage(CERTCertDBHandl
 			 const char *nickname,
 			 SECCertUsage usage,
 			 PRBool validOnly,
 			 void *proto_win)
 {
     CERTCertificate *cert = NULL;
     CERTCertList *certList = NULL;
     SECStatus rv;
-    int64 time;
+    PRTime time;
     
     time = PR_Now();
     
     /* use the pk11 call so that we pick up any certs on tokens,
      * which may require login
      */
     /* XXX - why is this restricted? */
     if ( proto_win != NULL ) {
@@ -453,17 +453,17 @@ CollectNicknames( NSSCertificate *c, voi
     
     if (nickname) PORT_Free(nickname);
     return(PR_SUCCESS);
 }
 
 CERTCertNicknames *
 CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCertNicknames *names;
     int i;
     stringNode *node;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return(NULL);
@@ -583,17 +583,17 @@ CollectDistNames( CERTCertificate *cert,
 }
 
 /*
  * Return all of the CAs that are "trusted" for SSL.
  */
 CERTDistNames *
 CERT_DupDistNames(CERTDistNames *orig)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTDistNames *names;
     int i;
     SECStatus rv;
     
     /* allocate an arena to use */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -631,17 +631,17 @@ CERT_DupDistNames(CERTDistNames *orig)
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(NULL);
 }
 
 CERTDistNames *
 CERT_GetSSLCACerts(CERTCertDBHandle *handle)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTDistNames *names;
     int i;
     SECStatus rv;
     dnameNode *node;
     
     /* allocate an arena to use */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
@@ -693,17 +693,17 @@ loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(NULL);
 }
 
 CERTDistNames *
 CERT_DistNamesFromCertList(CERTCertList *certList)
 {
     CERTDistNames *   dnames = NULL;
-    PRArenaPool *     arena;
+    PLArenaPool *     arena;
     CERTCertListNode *node = NULL;
     SECItem *         names = NULL;
     int               listLen = 0, i = 0;
 
     if (certList == NULL) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
@@ -741,17 +741,17 @@ loser:
     return NULL;
 }
 
 CERTDistNames *
 CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames,
 			   int nnames)
 {
     CERTDistNames *dnames = NULL;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int i, rv;
     SECItem *names = NULL;
     CERTCertificate *cert = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) goto loser;
     dnames = PORT_ArenaZNew(arena, CERTDistNames);
     if (dnames == NULL) goto loser;
@@ -783,17 +783,17 @@ loser:
  * Lookup a certificate in the database by name
  */
 CERTCertificate *
 CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr)
 {
     CERTName *name;
     SECItem *nameItem;
     CERTCertificate *cert = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( arena == NULL ) {
 	goto loser;
     }
     
     name = CERT_AsciiToName(nameStr);
@@ -1019,17 +1019,17 @@ typedef struct certNode {
 
 CERTCertificateList *
 CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
 		       PRBool includeRoot)
 {
     CERTCertificateList *chain = NULL;
     NSSCertificate **stanChain;
     NSSCertificate *stanCert;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     NSSUsage nssUsage;
     int i, len;
     NSSTrustDomain *td   = STAN_GetDefaultTrustDomain();
     NSSCryptoContext *cc = STAN_GetDefaultCryptoContext();
 
     stanCert = STAN_GetNSSCertificate(cert);
     if (!stanCert) {
         /* error code is set */
@@ -1111,17 +1111,17 @@ loser:
 /* Builds a CERTCertificateList holding just one DER-encoded cert, namely
 ** the one for the cert passed as an argument.
 */
 CERTCertificateList *
 CERT_CertListFromCert(CERTCertificate *cert)
 {
     CERTCertificateList *chain = NULL;
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 
     /* arena for SecCertificateList */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) goto no_memory;
 
     /* build the CERTCertificateList */
     chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
     if (chain == NULL) goto no_memory;
@@ -1142,17 +1142,17 @@ loser:
     }
     return NULL;
 }
 
 CERTCertificateList *
 CERT_DupCertList(const CERTCertificateList * oldList)
 {
     CERTCertificateList *newList = NULL;
-    PRArenaPool         *arena   = NULL;
+    PLArenaPool         *arena   = NULL;
     SECItem             *newItem;
     SECItem             *oldItem;
     int                 len      = oldList->len;
     int                 rv;
 
     /* arena for SecCertificateList */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) 
--- a/security/nss/lib/certhigh/certreq.c
+++ b/security/nss/lib/certhigh/certreq.c
@@ -47,17 +47,17 @@ SEC_ASN1_CHOOSER_IMPLEMENT(CERT_Certific
 CERTCertificate *
 CERT_CreateCertificate(unsigned long serialNumber,
 		      CERTName *issuer,
 		      CERTValidity *validity,
 		      CERTCertificateRequest *req)
 {
     CERTCertificate *c;
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
 	return(0);
     }
 
     c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
@@ -119,17 +119,17 @@ CERT_CreateCertificate(unsigned long ser
  */
 
 CERTCertificateRequest *
 CERT_CreateCertificateRequest(CERTName *subject,
 			     CERTSubjectPublicKeyInfo *spki,
 			     SECItem **attributes)
 {
     CERTCertificateRequest *certreq;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTAttribute * attribute;
     SECOidData * oidData;
     SECStatus rv;
     int i = 0;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return NULL;
@@ -235,17 +235,17 @@ setCRExt(void *o, CERTCertExtension **ex
     ((CERTCertificateRequest *)o)->attributes = (struct CERTAttributeStr **)exts;
 }
 
 /*
 ** Set up to start gathering cert extensions for a cert request.
 ** The list is created as CertExtensions and converted to an
 ** attribute list by CERT_FinishCRAttributes().
  */
-extern void *cert_StartExtensions(void *owner, PRArenaPool *ownerArena,
+extern void *cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
                        void (*setExts)(void *object, CERTCertExtension **exts));
 void *
 CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req)
 {
     return (cert_StartExtensions ((void *)req, req->arena, setCRExt));
 }
 
 /*
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -91,17 +91,17 @@ CERT_VerifySignedDataWithPublicKeyInfo(C
     return rv;
 }
 
 /*
  * verify the signature of a signed data object with the given certificate
  */
 SECStatus
 CERT_VerifySignedData(CERTSignedData *sd, CERTCertificate *cert,
-		      int64 t, void *wincx)
+		      PRTime t, void *wincx)
 {
     SECKEYPublicKey *pubKey = 0;
     SECStatus        rv     = SECFailure;
     SECCertTimeValidity validity;
 
     /* check the certificate's validity */
     validity = CERT_CheckCertValidTimes(cert, t, PR_FALSE);
     if ( validity != secCertTimeValid ) {
@@ -115,26 +115,26 @@ CERT_VerifySignedData(CERTSignedData *sd
 	SECKEY_DestroyPublicKey(pubKey);
     }
     return rv;
 }
 
 
 SECStatus
 SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
-	     CERTCertificate *caCert, int64 t, void * wincx)
+	     CERTCertificate *caCert, PRTime t, void * wincx)
 {
     return CERT_CheckCRL(cert, caCert, NULL, t, wincx);
 }
 
 /*
  * Find the issuer of a cert.  Use the authorityKeyID if it exists.
  */
 CERTCertificate *
-CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage)
+CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime, SECCertUsage usage)
 {
     NSSCertificate *me;
     NSSTime *nssTime;
     NSSTrustDomain *td;
     NSSCryptoContext *cc;
     NSSCertificate *chain[3];
     NSSUsage nssUsage;
     PRStatus status;
@@ -300,34 +300,34 @@ cert_AddToVerifyLog(CERTVerifyLog *log, 
     if ( log != NULL ) { \
 	cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
 			    (void *)(PRWord)arg); \
     }
 
 static SECStatus
 cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
 		     PRBool checkSig, PRBool* sigerror,
-                     SECCertUsage certUsage, int64 t, void *wincx,
+                     SECCertUsage certUsage, PRTime t, void *wincx,
                      CERTVerifyLog *log, PRBool* revoked)
 {
     SECTrustType trustType;
     CERTBasicConstraints basicConstraint;
     CERTCertificate *issuerCert = NULL;
     CERTCertificate *subjectCert = NULL;
     CERTCertificate *badCert = NULL;
     PRBool isca;
     SECStatus rv;
     SECStatus rvFinal = SECSuccess;
     int count;
     int currentPathLen = 0;
     int pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
     unsigned int caCertType;
     unsigned int requiredCAKeyUsage;
     unsigned int requiredFlags;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTGeneralName *namesList = NULL;
     CERTCertificate **certsList      = NULL;
     int certsListLen = 16;
     int namesCount = 0;
     PRBool subjectCertIsSelfIssued;
     CERTCertTrust issuerTrust;
 
     if (revoked) {
@@ -686,42 +686,42 @@ done:
 	PORT_FreeArena(arena, PR_FALSE);
     }
     return rv;
 }
 
 SECStatus
 cert_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
                      PRBool checkSig, PRBool* sigerror,
-                     SECCertUsage certUsage, int64 t, void *wincx,
+                     SECCertUsage certUsage, PRTime t, void *wincx,
                      CERTVerifyLog *log, PRBool* revoked)
 {
     if (CERT_GetUsePKIXForValidation()) {
         return cert_VerifyCertChainPkix(cert, checkSig, certUsage, t,
                                         wincx, log, sigerror, revoked);
     }
     return cert_VerifyCertChainOld(handle, cert, checkSig, sigerror,
                                    certUsage, t, wincx, log, revoked);
 }
 
 SECStatus
 CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
-		     PRBool checkSig, SECCertUsage certUsage, int64 t,
+		     PRBool checkSig, SECCertUsage certUsage, PRTime t,
 		     void *wincx, CERTVerifyLog *log)
 {
     return cert_VerifyCertChain(handle, cert, checkSig, NULL, certUsage, t,
 			 wincx, log, NULL);
 }
 
 /*
  * verify that a CA can sign a certificate with the requested usage.
  */
 SECStatus
 CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
-		PRBool checkSig, SECCertUsage certUsage, int64 t,
+		PRBool checkSig, SECCertUsage certUsage, PRTime t,
 		void *wincx, CERTVerifyLog *log)
 {
     SECTrustType trustType;
     CERTBasicConstraints basicConstraint;
     PRBool isca;
     PRBool validCAOverride = PR_FALSE;
     SECStatus rv;
     SECStatus rvFinal = SECSuccess;
@@ -1062,17 +1062,17 @@ cert_CheckLeafTrust(CERTCertificate *cer
  *
  * a bitfield of cert usages is returned in *returnedUsages
  * if requiredUsages is non-zero, the returned bitmap is only
  * for those required usages, otherwise it is for all usages
  *
  */
 SECStatus
 CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
-		PRBool checkSig, SECCertificateUsage requiredUsages, int64 t,
+		PRBool checkSig, SECCertificateUsage requiredUsages, PRTime t,
 		void *wincx, CERTVerifyLog *log, SECCertificateUsage* returnedUsages)
 {
     SECStatus rv;
     SECStatus valid;
     unsigned int requiredKeyUsage;
     unsigned int requiredCertType;
     unsigned int flags;
     unsigned int certType;
@@ -1227,17 +1227,17 @@ CERT_VerifyCertificate(CERTCertDBHandle 
     }
     
 loser:
     return(valid);
 }
 
 SECStatus
 CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
-		PRBool checkSig, SECCertUsage certUsage, int64 t,
+		PRBool checkSig, SECCertUsage certUsage, PRTime t,
 		void *wincx, CERTVerifyLog *log)
 {
     SECStatus rv;
     unsigned int requiredKeyUsage;
     unsigned int requiredCertType;
     unsigned int flags;
     unsigned int certType;
     PRBool       trusted;
@@ -1381,17 +1381,17 @@ CERT_VerifyCertNow(CERTCertDBHandle *han
  *	certUsageEmailSigner
  *	certUsageEmailRecipient
  *	certUsageObjectSigner
  */
 
 CERTCertificate *
 CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
 		      CERTCertOwner owner, SECCertUsage usage,
-		      PRBool preferTrusted, int64 validTime, PRBool validOnly)
+		      PRBool preferTrusted, PRTime validTime, PRBool validOnly)
 {
     CERTCertList *certList = NULL;
     CERTCertificate *cert = NULL;
     CERTCertTrust certTrust;
     unsigned int requiredTrustFlags;
     SECTrustType requiredTrustType;
     unsigned int flags;
     
@@ -1499,17 +1499,17 @@ CERT_FilterCertListByCANames(CERTCertLis
 {
     CERTCertificate *issuerCert = NULL;
     CERTCertificate *subjectCert;
     CERTCertListNode *node, *freenode;
     CERTCertificate *cert;
     int n;
     char **names;
     PRBool found;
-    int64 time;
+    PRTime time;
     
     if ( nCANames <= 0 ) {
 	return(SECSuccess);
     }
 
     time = PR_Now();
     
     node = CERT_LIST_HEAD(certList);
@@ -1575,17 +1575,17 @@ CERT_FilterCertListByCANames(CERTCertLis
  *	is used.
  * "cert" - the cert to get nickname from
  * "expiredString" - the string to append to the nickname if the cert is
  *		expired.
  * "notYetGoodString" - the string to append to the nickname if the cert is
  *		not yet good.
  */
 char *
-CERT_GetCertNicknameWithValidity(PRArenaPool *arena, CERTCertificate *cert,
+CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
 				 char *expiredString, char *notYetGoodString)
 {
     SECCertTimeValidity validity;
     char *nickname = NULL, *tmpstr = NULL;
     
     validity = CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE);
 
     /* if the cert is good, then just use the nickname directly */
@@ -1647,17 +1647,17 @@ loser:
  * "notYetGoodString" - the string to append to the nickname of any cert
  *		that is not yet valid
  */
 CERTCertNicknames *
 CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
 				 char *notYetGoodString)
 {
     CERTCertNicknames *names;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCertListNode *node;
     char **nn;
     
     /* allocate an arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return(NULL);
     }
@@ -1782,17 +1782,17 @@ CERT_ExtractNicknameString(char *namestr
 done:
     return(retstr);
 
 loser:
     return(NULL);
 }
 
 CERTCertList *
-CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage)
+CERT_GetCertChainFromCert(CERTCertificate *cert, PRTime time, SECCertUsage usage)
 {
     CERTCertList *chain = NULL;
     int count = 0;
 
     if (NULL == cert) {
         return NULL;
     }
     
--- a/security/nss/lib/certhigh/certvfypkix.c
+++ b/security/nss/lib/certhigh/certvfypkix.c
@@ -645,17 +645,17 @@ cleanup:
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 static PKIX_Error*
 cert_PkixToNssCertsChain(
     PKIX_List *pkixCertChain, 
     CERTCertList **pvalidChain, 
     void *plContext)
 {
-    PRArenaPool     *arena = NULL;
+    PLArenaPool     *arena = NULL;
     CERTCertificate *nssCert = NULL;
     CERTCertList    *validChain = NULL;
     PKIX_PL_Object  *certItem = NULL;
     PKIX_UInt32      length = 0;
     PKIX_UInt32      i = 0;
 
     PKIX_ENTER(CERTVFYPKIX, "cert_PkixToNssCertsChain");
     PKIX_NULLCHECK_ONE(pvalidChain);
--- a/security/nss/lib/certhigh/crlv2.c
+++ b/security/nss/lib/certhigh/crlv2.c
@@ -53,17 +53,17 @@ SetCrlEntryExts(void *object, CERTCertEx
 }
 
 void *
 CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
 {
     return (cert_StartExtensions (entry, crl->arena, SetCrlEntryExts));
 }
 
-SECStatus CERT_FindCRLNumberExten (PRArenaPool *arena, CERTCrl *crl,
+SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
                                    SECItem *value)
 {
     SECItem encodedExtenValue;
     SECItem *tmpItem = NULL;
     SECStatus rv;
     void *mark = NULL;
 
     encodedExtenValue.data = NULL;
@@ -95,17 +95,17 @@ SECStatus CERT_FindCRLNumberExten (PRAre
 }
 
 SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
                                         CERTCRLEntryReasonCode *value)
 {
     SECItem wrapperItem = {siBuffer,0};
     SECItem tmpItem = {siBuffer,0};
     SECStatus rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);   
     if ( ! arena ) {
 	return(SECFailure);
     }
     
     rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE, 
                             &wrapperItem);
@@ -130,17 +130,17 @@ loser:
     
     if ( wrapperItem.data ) {
 	PORT_Free(wrapperItem.data);
     }
 
     return (rv);
 }
 
-SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, int64 *value)
+SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value)
 {
     SECItem encodedExtenValue;
     SECItem decodedExtenValue = {siBuffer,0};
     SECStatus rv;
 
     encodedExtenValue.data = decodedExtenValue.data = NULL;
     encodedExtenValue.len = decodedExtenValue.len = 0;
 
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -52,17 +52,17 @@ struct OCSPCacheItemStr {
     /* key */
     CERTOCSPCertID *certID;
     /* CertID's arena also used to allocate "this" cache item */
 
     /* cache control information */
     PRTime nextFetchAttemptTime;
 
     /* Cached contents. Use a separate arena, because lifetime is different */
-    PRArenaPool *certStatusArena; /* NULL means: no cert status cached */
+    PLArenaPool *certStatusArena; /* NULL means: no cert status cached */
     ocspCertStatus certStatus;
 
     /* This may contain an error code when no OCSP response is available. */
     SECErrorCodes missingResponseError;
 
     PRPackedBool haveThisUpdate;
     PRPackedBool haveNextUpdate;
     PRTime thisUpdate;
@@ -96,52 +96,52 @@ static struct OCSPGlobalStruct {
                   ocspMode_FailureIsVerificationFailure,
                   NULL
                 };
 
 
 
 /* Forward declarations */
 static SECItem *
-ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena, 
                                        CERTOCSPRequest *request,
-                                       const char *location, int64 time,
+                                       const char *location, PRTime time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest);
 static SECStatus
 ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, 
                               CERTOCSPCertID *certID, 
                               CERTCertificate *cert, 
-                              int64 time, 
+                              PRTime time, 
                               void *pwArg,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp);
 
 static SECStatus
 ocsp_CacheEncodedOCSPResponse(CERTCertDBHandle *handle,
 			      CERTOCSPCertID *certID,
 			      CERTCertificate *cert,
-			      int64 time,
+			      PRTime time,
 			      void *pwArg,
 			      const SECItem *encodedResponse,
 			      PRBool cacheInvalid,
 			      PRBool *certIDWasConsumed,
 			      SECStatus *rv_ocsp);
 
 static SECStatus
 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, 
                                         CERTOCSPResponse *response, 
                                         CERTOCSPCertID   *certID,
                                         CERTCertificate  *signerCert,
-                                        int64             time,
+                                        PRTime            time,
                                         CERTOCSPSingleResponse **pSingleResponse);
 
 static SECStatus
-ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time);
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time);
 
 static CERTOCSPCertID *
 cert_DupOCSPCertID(CERTOCSPCertID *src);
 
 #ifndef DEBUG
 #define OCSP_TRACE(msg)
 #define OCSP_TRACE_TIME(msg, time)
 #define OCSP_TRACE_CERT(cert)
@@ -184,17 +184,17 @@ ocsp_Trace(const char *format, ...)
         return;
     va_start(args, format);
     PR_vsnprintf(buf, sizeof(buf), format, args);
     va_end(args);
     PR_LogPrint("%s", buf);
 }
 
 static void
-ocsp_dumpStringWithTime(const char *str, int64 time)
+ocsp_dumpStringWithTime(const char *str, PRTime time)
 {
     PRExplodedTime timePrintable;
     char timestr[256];
 
     if (!wantOcspTrace())
         return;
     PR_ExplodeTime(time, PR_GMTParameters, &timePrintable);
     if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) {
@@ -225,17 +225,17 @@ static void
 dumpCertificate(CERTCertificate *cert)
 {
     if (!wantOcspTrace())
         return;
 
     ocsp_Trace("OCSP ----------------\n");
     ocsp_Trace("OCSP ## SUBJECT:  %s\n", cert->subjectName);
     {
-        int64 timeBefore, timeAfter;
+        PRTime timeBefore, timeAfter;
         PRExplodedTime beforePrintable, afterPrintable;
         char beforestr[256], afterstr[256];
         PRStatus rv1, rv2;
         DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
         DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
         PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
         PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
         rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y", 
@@ -330,17 +330,17 @@ ocsp_CacheKeyCompareFunction(const void 
                                             &cid2->issuerNameHash)
             && SECEqual == SECITEM_CompareItem(&cid1->issuerKeyHash, 
                                                &cid2->issuerKeyHash)
             && SECEqual == SECITEM_CompareItem(&cid1->serialNumber, 
                                                &cid2->serialNumber));
 }
 
 static SECStatus
-ocsp_CopyRevokedInfo(PRArenaPool *arena, ocspCertStatus *dest, 
+ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest,
                      ocspRevokedInfo *src)
 {
     SECStatus rv = SECFailure;
     void *mark;
   
     mark = PORT_ArenaMark(arena);
   
     dest->certStatusInfo.revokedInfo = 
@@ -370,17 +370,17 @@ ocsp_CopyRevokedInfo(PRArenaPool *arena,
     return SECSuccess;
 
 loser:
     PORT_ArenaRelease(arena, mark);
     return SECFailure;
 }
 
 static SECStatus
-ocsp_CopyCertStatus(PRArenaPool *arena, ocspCertStatus *dest, 
+ocsp_CopyCertStatus(PLArenaPool *arena, ocspCertStatus *dest,
                     ocspCertStatus*src)
 {
     SECStatus rv = SECFailure;
     dest->certStatusType = src->certStatusType;
   
     switch (src->certStatusType) {
     case ocspCertStatus_good:
         dest->certStatusInfo.goodInfo = 
@@ -605,17 +605,17 @@ CERT_ClearOCSPCache(void)
     return SECSuccess;
 }
 
 static SECStatus
 ocsp_CreateCacheItemAndConsumeCertID(OCSPCacheData *cache,
                                      CERTOCSPCertID *certID, 
                                      OCSPCacheItem **pCacheItem)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     void *mark;
     PLHashEntry *new_hash_entry;
     OCSPCacheItem *item;
   
     PORT_Assert(pCacheItem != NULL);
     *pCacheItem = NULL;
 
     PR_EnterMonitor(OCSP_Global.monitor);
@@ -1437,31 +1437,31 @@ static const SEC_ASN1Template ocsp_Servi
  * REQUEST SUPPORT FUNCTIONS (encode/create/decode/destroy):
  */
 
 /* 
  * FUNCTION: CERT_EncodeOCSPRequest
  *   DER encodes an OCSP Request, possibly adding a signature as well.
  *   XXX Signing is not yet supported, however; see comments in code.
  * INPUTS: 
- *   PRArenaPool *arena
+ *   PLArenaPool *arena
  *     The return value is allocated from here.
  *     If a NULL is passed in, allocation is done from the heap instead.
  *   CERTOCSPRequest *request
  *     The request to be encoded.
  *   void *pwArg
  *     Pointer to argument for password prompting, if needed.  (Definitely
  *     not needed if not signing.)
  * RETURN:
  *   Returns a NULL on error and a pointer to the SECItem with the
  *   encoded value otherwise.  Any error is likely to be low-level
  *   (e.g. no memory).
  */
 SECItem *
-CERT_EncodeOCSPRequest(PRArenaPool *arena, CERTOCSPRequest *request, 
+CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
 		       void *pwArg)
 {
     ocspTBSRequest *tbsRequest;
     SECStatus rv;
 
     /* XXX All of these should generate errors if they fail. */
     PORT_Assert(request);
     PORT_Assert(request->tbsRequest);
@@ -1498,17 +1498,17 @@ CERT_EncodeOCSPRequest(PRArenaPool *aren
  * RETURN:
  *   Returns a pointer to a CERTOCSPRequest containing the decoded request.
  *   On error, returns NULL.  Most likely error is trouble decoding
  *   (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
  */
 CERTOCSPRequest *
 CERT_DecodeOCSPRequest(const SECItem *src)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECFailure;
     CERTOCSPRequest *dest = NULL;
     int i;
     SECItem newSrc;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	goto loser;
@@ -1566,17 +1566,17 @@ CERT_DestroyOCSPCertID(CERTOCSPCertID* c
  * Digest data using the specified algorithm.
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */
 
 SECItem *
-ocsp_DigestValue(PRArenaPool *arena, SECOidTag digestAlg, 
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg, 
                  SECItem *fill, const SECItem *src)
 {
     const SECHashObject *digestObject;
     SECItem *result = NULL;
     void *mark = NULL;
     void *digestBuff = NULL;
 
     if ( arena != NULL ) {
@@ -1630,17 +1630,17 @@ loser:
 /*
  * Digest the cert's subject public key using the specified algorithm.
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */
 SECItem *
-CERT_GetSPKIDigest(PRArenaPool *arena, const CERTCertificate *cert,
+CERT_GetSPKIDigest(PLArenaPool *arena, const CERTCertificate *cert,
                            SECOidTag digestAlg, SECItem *fill)
 {
     SECItem spk;
 
     /*
      * Copy just the length and data pointer (nothing needs to be freed)
      * of the subject public key so we can convert the length from bits
      * to bytes, which is what the digest function expects.
@@ -1650,17 +1650,17 @@ CERT_GetSPKIDigest(PRArenaPool *arena, c
 
     return ocsp_DigestValue(arena, digestAlg, fill, &spk);
 }
 
 /*
  * Digest the cert's subject name using the specified algorithm.
  */
 static SECItem *
-cert_GetSubjectNameDigest(PRArenaPool *arena, const CERTCertificate *cert,
+cert_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
                            SECOidTag digestAlg, SECItem *fill)
 {
     SECItem name;
 
     /*
      * Copy just the length and data pointer (nothing needs to be freed)
      * of the subject name
      */
@@ -1675,17 +1675,17 @@ cert_GetSubjectNameDigest(PRArenaPool *a
  * Someday it might need to be more flexible about hash algorithm, but
  * for now we have no intention/need to create anything else.
  *
  * Error causes a null to be returned; most likely cause is trouble
  * finding the certificate issuer (SEC_ERROR_UNKNOWN_ISSUER).
  * Other errors are low-level problems (no memory, bad database, etc.).
  */
 static CERTOCSPCertID *
-ocsp_CreateCertID(PRArenaPool *arena, CERTCertificate *cert, int64 time)
+ocsp_CreateCertID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
 {
     CERTOCSPCertID *certID;
     CERTCertificate *issuerCert = NULL;
     void *mark = PORT_ArenaMark(arena);
     SECStatus rv;
 
     PORT_Assert(arena != NULL);
 
@@ -1755,19 +1755,19 @@ loser:
     if (issuerCert != NULL) {
 	CERT_DestroyCertificate(issuerCert);
     }
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 CERTOCSPCertID*
-CERT_CreateOCSPCertID(CERTCertificate *cert, int64 time)
+CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTOCSPCertID *certID;
     PORT_Assert(arena != NULL);
     if (!arena)
 	return NULL;
     
     certID = ocsp_CreateCertID(arena, cert, time);
     if (!certID) {
 	PORT_FreeArena(arena, PR_FALSE);
@@ -1776,17 +1776,17 @@ CERT_CreateOCSPCertID(CERTCertificate *c
     certID->poolp = arena;
     return certID;
 }
 
 static CERTOCSPCertID *
 cert_DupOCSPCertID(CERTOCSPCertID *src)
 {
     CERTOCSPCertID *dest;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
     if (!src) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
@@ -1915,18 +1915,18 @@ loser:
  * order than preserve it, but since the requirement is not obvious,
  * it deserves to be mentioned.
  *
  * Any problem causes a null return and error set:
  *      SEC_ERROR_UNKNOWN_ISSUER
  * Other errors are low-level problems (no memory, bad database, etc.).
  */
 static ocspSingleRequest **
-ocsp_CreateSingleRequestList(PRArenaPool *arena, CERTCertList *certList,
-                             int64 time, PRBool includeLocator)
+ocsp_CreateSingleRequestList(PLArenaPool *arena, CERTCertList *certList,
+                             PRTime time, PRBool includeLocator)
 {
     ocspSingleRequest **requestList = NULL;
     CERTCertListNode *node = NULL;
     int i, count;
     void *mark = PORT_ArenaMark(arena);
  
     node = CERT_LIST_HEAD(certList);
     for (count = 0; !CERT_LIST_END(node, certList); count++) {
@@ -1970,20 +1970,20 @@ ocsp_CreateSingleRequestList(PRArenaPool
     return requestList;
 
 loser:
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 static ocspSingleRequest **
-ocsp_CreateRequestFromCert(PRArenaPool *arena, 
+ocsp_CreateRequestFromCert(PLArenaPool *arena,
                            CERTOCSPCertID *certID, 
                            CERTCertificate *singleCert,
-                           int64 time, 
+                           PRTime time,
                            PRBool includeLocator)
 {
     ocspSingleRequest **requestList = NULL;
     void *mark = PORT_ArenaMark(arena);
     PORT_Assert(certID != NULL && singleCert != NULL);
 
     /* meaning of value 2: one entry + one end marker */
     requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, 2);
@@ -2010,17 +2010,17 @@ ocsp_CreateRequestFromCert(PRArenaPool *
 loser:
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 static CERTOCSPRequest *
 ocsp_prepareEmptyOCSPRequest(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTOCSPRequest *request = NULL;
     ocspTBSRequest *tbsRequest = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
         goto loser;
     }
     request = PORT_ArenaZNew(arena, CERTOCSPRequest);
@@ -2042,17 +2042,17 @@ loser:
         PORT_FreeArena(arena, PR_FALSE);
     }
     return NULL;
 }
 
 CERTOCSPRequest *
 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, 
                                  CERTCertificate *singleCert, 
-                                 int64 time, 
+                                 PRTime time,
                                  PRBool addServiceLocator,
                                  CERTCertificate *signerCert)
 {
     CERTOCSPRequest *request;
     OCSP_TRACE(("OCSP cert_CreateSingleCertOCSPRequest %s\n", singleCert->subjectName));
 
     /* XXX Support for signerCert may be implemented later,
      * see also the comment in CERT_CreateOCSPRequest.
@@ -2090,17 +2090,17 @@ cert_CreateSingleCertOCSPRequest(CERTOCS
  *   CERTCertList *certList
  *     A list of certs for which status will be requested.
  *     Note that all of these certificates should have the same issuer,
  *     or it's expected the response will be signed by a trusted responder.
  *     If the certs need to be broken up into multiple requests, that
  *     must be handled by the caller (and thus by having multiple calls
  *     to this routine), who knows about where the request(s) are being
  *     sent and whether there are any trusted responders in place.
- *   int64 time
+ *   PRTime time
  *     Indicates the time for which the certificate status is to be 
  *     determined -- this may be used in the search for the cert's issuer
  *     but has no effect on the request itself.
  *   PRBool addServiceLocator
  *     If true, the Service Locator extension should be added to the
  *     single request(s) for each cert.
  *   CERTCertificate *signerCert
  *     If non-NULL, means sign the request using this cert.  Otherwise,
@@ -2109,17 +2109,17 @@ cert_CreateSingleCertOCSPRequest(CERTOCS
  * RETURN:
  *   A pointer to a CERTOCSPRequest structure containing an OCSP request
  *   for the cert list.  On error, null is returned, with an error set
  *   indicating the reason.  This is likely SEC_ERROR_UNKNOWN_ISSUER.
  *   (The issuer is needed to create a request for the certificate.)
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 CERTOCSPRequest *
-CERT_CreateOCSPRequest(CERTCertList *certList, int64 time, 
+CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
 		       PRBool addServiceLocator,
 		       CERTCertificate *signerCert)
 {
     CERTOCSPRequest *request = NULL;
 
     if (!certList) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
@@ -2379,17 +2379,17 @@ ocsp_CertStatusTypeByTag(int derTag)
 /*
  * Helper function for decoding SingleResponses -- they each contain
  * a status which is encoded as CHOICE, which needs to be decoded "by hand".
  *
  * Note -- on error, this routine does not release the memory it may
  * have allocated; it expects its caller to do that.
  */
 static SECStatus
-ocsp_FinishDecodingSingleResponses(PRArenaPool *reqArena,
+ocsp_FinishDecodingSingleResponses(PLArenaPool *reqArena,
 				   CERTOCSPSingleResponse **responses)
 {
     ocspCertStatus *certStatus;
     ocspCertStatusType certStatusType;
     const SEC_ASN1Template *certStatusTemplate;
     int derTag;
     int i;
     SECStatus rv = SECFailure;
@@ -2463,17 +2463,17 @@ ocsp_ResponderIDTypeByTag(int derTag)
 
     return responderIDType;
 }
 
 /*
  * Decode "src" as a BasicOCSPResponse, returning the result.
  */
 static ocspBasicOCSPResponse *
-ocsp_DecodeBasicOCSPResponse(PRArenaPool *arena, SECItem *src)
+ocsp_DecodeBasicOCSPResponse(PLArenaPool *arena, SECItem *src)
 {
     void *mark;
     ocspBasicOCSPResponse *basicResponse;
     ocspResponseData *responseData;
     ocspResponderID *responderID;
     CERTOCSPResponderIDType responderIDType;
     const SEC_ASN1Template *responderIDTemplate;
     int derTag;
@@ -2553,17 +2553,17 @@ loser:
 }
 
 
 /*
  * Decode the responseBytes based on the responseType found in "rbytes",
  * leaving the resulting translated/decoded information in there as well.
  */
 static SECStatus
-ocsp_DecodeResponseBytes(PRArenaPool *arena, ocspResponseBytes *rbytes)
+ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes)
 {
     PORT_Assert(rbytes != NULL);		/* internal error, really */
     if (rbytes == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);	/* XXX set better error? */
 	return SECFailure;
     }
 
     rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType);
@@ -2605,17 +2605,17 @@ ocsp_DecodeResponseBytes(PRArenaPool *ar
  *   the caller is responsible for destroying it.  Or NULL if error (either
  *   response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
  *   it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
  *   or a low-level or internal error occurred).
  */
 CERTOCSPResponse *
 CERT_DecodeOCSPResponse(const SECItem *src)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTOCSPResponse *response = NULL;
     SECStatus rv = SECFailure;
     ocspResponseStatus sv;
     SECItem newSrc;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	goto loser;
@@ -2976,17 +2976,17 @@ loser:
  * Sends an encoded OCSP request to the server identified by "location",
  * and returns the socket on which it was sent (so can listen for the reply).
  * "location" is expected to be a valid URL -- an error parsing it produces
  * SEC_ERROR_CERT_BAD_ACCESS_LOCATION.  Other errors are likely problems
  * connecting to it, or writing to it, or allocating memory, and the low-level
  * errors appropriate to the problem will be set.
  */
 static PRFileDesc *
-ocsp_SendEncodedRequest(const char *location, SECItem *encodedRequest)
+ocsp_SendEncodedRequest(const char *location, const SECItem *encodedRequest)
 {
     char *hostname = NULL;
     char *path = NULL;
     PRUint16 port;
     SECStatus rv;
     PRFileDesc *sock = NULL;
     PRFileDesc *returnSock = NULL;
     char *header = NULL;
@@ -3096,17 +3096,17 @@ ocsp_read(PRFileDesc *fd, char *buf, int
  * Reads on the given socket and returns an encoded response when received.
  * Properly formatted HTTP/1.0 response headers are expected to be read
  * from the socket, preceding a binary-encoded OCSP response.  Problems
  * with parsing cause the error SEC_ERROR_OCSP_BAD_HTTP_RESPONSE to be
  * set; any other problems are likely low-level i/o or memory allocation
  * errors.
  */
 static SECItem *
-ocsp_GetEncodedResponse(PRArenaPool *arena, PRFileDesc *sock)
+ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
 {
     /* first read HTTP status line and headers */
 
     char* inBuffer = NULL;
     PRInt32 offset = 0;
     PRInt32 inBufsize = 0;
     const PRInt32 bufSizeIncrement = OCSP_BUFSIZE; /* 1 KB at a time */
     const PRInt32 maxBufSize = 8 * bufSizeIncrement ; /* 8 KB max */
@@ -3333,20 +3333,20 @@ CERT_ParseURL(const char *url, char **pH
 }
 
 /*
  * Limit the size of http responses we are willing to accept.
  */
 #define MAX_WANTED_OCSP_RESPONSE_LEN 64*1024
 
 static SECItem *
-fetchOcspHttpClientV1(PRArenaPool *arena, 
+fetchOcspHttpClientV1(PLArenaPool *arena, 
                       const SEC_HttpClientFcnV1 *hcv1, 
                       const char *location, 
-                      SECItem *encodedRequest)
+                      const SECItem *encodedRequest)
 {
     char *hostname = NULL;
     char *path = NULL;
     PRUint16 port;
     SECItem *encodedResponse = NULL;
     SEC_HTTP_SERVER_SESSION pServerSession = NULL;
     SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
     PRUint16 myHttpResponseCode;
@@ -3442,31 +3442,31 @@ loser:
     return encodedResponse;
 }
 
 /*
  * FUNCTION: CERT_GetEncodedOCSPResponse
  *   Creates and sends a request to an OCSP responder, then reads and
  *   returns the (encoded) response.
  * INPUTS:
- *   PRArenaPool *arena
+ *   PLArenaPool *arena
  *     Pointer to arena from which return value will be allocated.
  *     If NULL, result will be allocated from the heap (and thus should
  *     be freed via SECITEM_FreeItem).
  *   CERTCertList *certList
  *     A list of certs for which status will be requested.
  *     Note that all of these certificates should have the same issuer,
  *     or it's expected the response will be signed by a trusted responder.
  *     If the certs need to be broken up into multiple requests, that
  *     must be handled by the caller (and thus by having multiple calls
  *     to this routine), who knows about where the request(s) are being
  *     sent and whether there are any trusted responders in place.
  *   const char *location
  *     The location of the OCSP responder (a URL).
- *   int64 time
+ *   PRTime time
  *     Indicates the time for which the certificate status is to be 
  *     determined -- this may be used in the search for the cert's issuer
  *     but has no other bearing on the operation.
  *   PRBool addServiceLocator
  *     If true, the Service Locator extension should be added to the
  *     single request(s) for each cert.
  *   CERTCertificate *signerCert
  *     If non-NULL, means sign the request using this cert.  Otherwise,
@@ -3484,97 +3484,101 @@ loser:
  *   Returns a pointer to the SECItem holding the response.
  *   On error, returns null with error set describing the reason:
  *	SEC_ERROR_UNKNOWN_ISSUER
  *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
  *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 SECItem *
-CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
-			    const char *location, int64 time,
+CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
+			    const char *location, PRTime time,
 			    PRBool addServiceLocator,
 			    CERTCertificate *signerCert, void *pwArg,
 			    CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
                                      signerCert);
     if (!request)
         return NULL;
     return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location, 
                                                   time, addServiceLocator, 
                                                   pwArg, pRequest);
 }
 
 static SECItem *
-ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
                                        CERTOCSPRequest *request,
-                                       const char *location, int64 time,
+                                       const char *location, PRTime time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest)
 {
     SECItem *encodedRequest = NULL;
     SECItem *encodedResponse = NULL;
-    PRFileDesc *sock = NULL;
     SECStatus rv;
-    const SEC_HttpClientFcn *registeredHttpClient = NULL;
 
     rv = CERT_AddOCSPAcceptableResponses(request,
 					 SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
     if (rv != SECSuccess)
 	goto loser;
 
     encodedRequest = CERT_EncodeOCSPRequest(NULL, request, pwArg);
     if (encodedRequest == NULL)
 	goto loser;
 
-    registeredHttpClient = SEC_GetRegisteredHttpClient();
-
-    if (registeredHttpClient
-            &&
-            registeredHttpClient->version == 1) {
-        encodedResponse = fetchOcspHttpClientV1(
-                              arena,
-                              &registeredHttpClient->fcnTable.ftable1,
-                              location,
-                              encodedRequest);
-    }
-    else {
-      /* use internal http client */
-    
-      sock = ocsp_SendEncodedRequest(location, encodedRequest);
-      if (sock == NULL)
-	  goto loser;
-
-      encodedResponse = ocsp_GetEncodedResponse(arena, sock);
-    }
+    encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest);
 
     if (encodedResponse != NULL && pRequest != NULL) {
 	*pRequest = request;
 	request = NULL;			/* avoid destroying below */
     }
 
 loser:
     if (request != NULL)
 	CERT_DestroyOCSPRequest(request);
     if (encodedRequest != NULL)
 	SECITEM_FreeItem(encodedRequest, PR_TRUE);
-    if (sock != NULL)
-	PR_Close(sock);
+
+    return encodedResponse;
+}
+
+SECItem *
+CERT_PostOCSPRequest(PLArenaPool *arena,  const char *location, 
+                     const SECItem *encodedRequest)
+{
+    const SEC_HttpClientFcn *registeredHttpClient;
+    SECItem *encodedResponse = NULL;
+
+    registeredHttpClient = SEC_GetRegisteredHttpClient();
+
+    if (registeredHttpClient && registeredHttpClient->version == 1) {
+        encodedResponse = fetchOcspHttpClientV1(
+                              arena,
+                              &registeredHttpClient->fcnTable.ftable1,
+                              location,
+                              encodedRequest);
+    } else {
+        /* use internal http client */
+        PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest);
+        if (sock) {
+            encodedResponse = ocsp_GetEncodedResponse(arena, sock);
+            PR_Close(sock);
+        }
+    }
 
     return encodedResponse;
 }
 
 static SECItem *
-ocsp_GetEncodedOCSPResponseForSingleCert(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseForSingleCert(PLArenaPool *arena, 
                                          CERTOCSPCertID *certID, 
                                          CERTCertificate *singleCert, 
-                                         const char *location, int64 time,
+                                         const char *location, PRTime time,
                                          PRBool addServiceLocator,
                                          void *pwArg,
                                          CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time, 
                                                addServiceLocator, NULL);
     if (!request)
@@ -3873,17 +3877,17 @@ SECStatus
 CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,	
 				 CERTCertDBHandle *handle, void *pwArg,
 				 CERTCertificate **pSignerCert,
 				 CERTCertificate *issuer)
 {
     SECItem *tbsResponseDataDER;
     CERTCertificate *signerCert = NULL;
     SECStatus rv = SECFailure;
-    int64 producedAt;
+    PRTime producedAt;
 
     /* ocsp_DecodeBasicOCSPResponse will fail if asn1 decoder is unable
      * to properly decode tbsData (see the function and
      * ocsp_BasicOCSPResponseTemplate). Thus, tbsData can not be
      * equal to null */
     ocspResponseData *tbsData = ocsp_GetResponseData(response,
                                                      &tbsResponseDataDER);
     ocspSignature *signature = ocsp_GetResponseSignature(response);
@@ -4201,17 +4205,17 @@ ocsp_CertIsOCSPDefaultResponder(CERTCert
  *  3.  A "CA designated responder", aka an "authorized responder" -- it
  *      must be represented by a special cert issued by the CA who issued
  *      the certificate in question.
  */
 static PRBool
 ocsp_AuthorizedResponderForCertID(CERTCertDBHandle *handle,
 				  CERTCertificate *signerCert,
 				  CERTOCSPCertID *certID,
-				  int64 thisUpdate)
+				  PRTime thisUpdate)
 {
     CERTCertificate *issuerCert = NULL, *defRespCert;
     SECItem *keyHash = NULL;
     SECItem *nameHash = NULL;
     SECOidTag hashAlg;
     PRBool keyHashEQ = PR_FALSE, nameHashEQ = PR_FALSE;
 
     /*
@@ -4323,20 +4327,20 @@ ocsp_AuthorizedResponderForCertID(CERTCe
  * different usages could specify exactly what constitutes "sufficiently
  * recent".  But that is not going to happen right away.  For now, we
  * want something from within the last 24 hours.  This macro defines that
  * number in seconds.
  */
 #define OCSP_ALLOWABLE_LAPSE_SECONDS	(24L * 60L * 60L)
 
 static PRBool
-ocsp_TimeIsRecent(int64 checkTime)
+ocsp_TimeIsRecent(PRTime checkTime)
 {
-    int64 now = PR_Now();
-    int64 lapse, tmp;
+    PRTime now = PR_Now();
+    PRTime lapse, tmp;
 
     LL_I2L(lapse, OCSP_ALLOWABLE_LAPSE_SECONDS);
     LL_I2L(tmp, PR_USEC_PER_SEC);
     LL_MUL(lapse, lapse, tmp);		/* allowable lapse in microseconds */
 
     LL_ADD(checkTime, checkTime, lapse);
     if (LL_CMP(now, >, checkTime))
 	return PR_FALSE;
@@ -4398,20 +4402,20 @@ ocsp_HandleOldSingleResponse(CERTOCSPSin
  *	SEC_ERROR_OCSP_OLD_RESPONSE
  *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
  * Other errors are low-level problems (no memory, bad database, etc.).
  */ 
 static SECStatus
 ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
 			  CERTCertDBHandle *handle,
 			  CERTCertificate *signerCert,
-			  int64 producedAt)
+			  PRTime producedAt)
 {
     CERTOCSPCertID *certID = single->certID;
-    int64 now, thisUpdate, nextUpdate, tmstamp, tmp;
+    PRTime now, thisUpdate, nextUpdate, tmstamp, tmp;
     SECStatus rv;
 
     OCSP_TRACE(("OCSP ocsp_VerifySingleResponse, nextUpdate: %d\n", 
                ((single->nextUpdate) != 0)));
     /*
      * If all the responder said was that the given cert was unknown to it,
      * that is a valid response.  Not very interesting to us, of course,
      * but all this function is concerned with is validity of the response,
@@ -4480,24 +4484,24 @@ ocsp_VerifySingleResponse(CERTOCSPSingle
  *     A copy of the URI for the OCSP method, if found.  If either the
  *     extension is not present or it does not contain an entry for OCSP,
  *     SEC_ERROR_CERT_BAD_ACCESS_LOCATION will be set and a NULL returned.
  *     Any other error will also result in a NULL being returned.
  *     
  *     This result should be freed (via PORT_Free) when no longer in use.
  */
 char *
-CERT_GetOCSPAuthorityInfoAccessLocation(CERTCertificate *cert)
+CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert)
 {
     CERTGeneralName *locname = NULL;
     SECItem *location = NULL;
     SECItem *encodedAuthInfoAccess = NULL;
     CERTAuthInfoAccess **authInfoAccess = NULL;
     char *locURI = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     int i;
 
     /*
      * Allocate this one from the heap because it will get filled in
      * by CERT_FindCertExtension which will also allocate from the heap,
      * and we can free the entire thing on our way out.
      */
@@ -4641,19 +4645,19 @@ ocsp_GetResponderLocation(CERTCertDBHand
     return ocspUrl;
 }
 
 /*
  * Return SECSuccess if the cert was revoked *after* "time",
  * SECFailure otherwise.
  */
 static SECStatus
-ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time)
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time)
 {
-    int64 revokedTime;
+    PRTime revokedTime;
     SECStatus rv;
 
     rv = DER_GeneralizedTimeToTime(&revokedTime, &revokedInfo->revocationTime);
     if (rv != SECSuccess)
 	return rv;
 
     /*
      * Set the error even if we will return success; someone might care.
@@ -4666,17 +4670,17 @@ ocsp_CertRevokedAfter(ocspRevokedInfo *r
     return SECFailure;
 }
 
 /*
  * See if the cert represented in the single response had a good status
  * at the specified time.
  */
 static SECStatus
-ocsp_CertHasGoodStatus(ocspCertStatus *status, int64 time)
+ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time)
 {
     SECStatus rv;
     switch (status->certStatusType) {
     case ocspCertStatus_good:
         rv = SECSuccess;
         break;
     case ocspCertStatus_revoked:
         rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
@@ -4692,33 +4696,33 @@ ocsp_CertHasGoodStatus(ocspCertStatus *s
         rv = SECFailure;
         break;
     }
     return rv;
 }
 
 static SECStatus
 ocsp_SingleResponseCertHasGoodStatus(CERTOCSPSingleResponse *single, 
-                                     int64 time)
+                                     PRTime time)
 {
     return ocsp_CertHasGoodStatus(single->certStatus, time);
 }
 
 /* Return value SECFailure means: not found or not fresh.
  * On SECSuccess, the out parameters contain the OCSP status.
  * rvOcsp contains the overall result of the OCSP operation.
  * Depending on input parameter ignoreGlobalOcspFailureSetting,
  * a soft failure might be converted into *rvOcsp=SECSuccess.
  * If the cached attempt to obtain OCSP information had resulted
  * in a failure, missingResponseError shows the error code of
  * that failure.
  */
 SECStatus
 ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID, 
-                                        int64 time, 
+                                        PRTime time,
                                         PRBool ignoreGlobalOcspFailureSetting,
                                         SECStatus *rvOcsp,
                                         SECErrorCodes *missingResponseError)
 {
     OCSPCacheItem *cacheItem = NULL;
     SECStatus rv = SECFailure;
   
     if (!certID || !missingResponseError || !rvOcsp) {
@@ -4780,17 +4784,17 @@ ocsp_FetchingFailureIsVerificationFailur
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTCertificate *cert
  *     the certificate being checked
  *   XXX in the long term also need a boolean parameter that specifies
  *	whether to check the cert chain, as well; for now we check only
  *	the leaf (the specified certificate)
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   void *pwArg
  *     argument for password prompting, if needed
  * RETURN:
  *   Returns SECSuccess if an approved OCSP responder "knows" the cert
  *   *and* returns a non-revoked status for it; SECFailure otherwise,
  *   with an error set describing the reason:
  *
@@ -4817,17 +4821,17 @@ ocsp_FetchingFailureIsVerificationFailur
  *
  *   Other errors are any of the many possible failures in cert verification
  *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
  *   verifying the signer's cert, or low-level problems (error allocating
  *   memory, error performing ASN.1 decoding, etc.).
  */    
 SECStatus 
 CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
-		     int64 time, void *pwArg)
+		     PRTime time, void *pwArg)
 {
     CERTOCSPCertID *certID;
     PRBool certIDWasConsumed = PR_FALSE;
     SECStatus rv = SECFailure;
     SECStatus rvOcsp;
     SECErrorCodes dummy_error_code; /* we ignore this */
   
     OCSP_TRACE_CERT(cert);
@@ -4871,30 +4875,30 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *h
  *   This function is intended for use when OCSP responses are provided via a
  *   side-channel, i.e. TLS OCSP stapling (a.k.a. the status_request extension).
  *
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTCertificate *cert
  *     the certificate being checked
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   SECItem *encodedResponse
  *     the DER encoded bytes of the OCSP response
  *   void *pwArg
  *     argument for password prompting, if needed
  * RETURN:
  *   SECSuccess if the cert was found in the cache, or if the OCSP response was
  *   found to be valid and inserted into the cache. SECFailure otherwise.
  */
 SECStatus
 CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
 				      CERTCertificate *cert,
-				      int64 time,
+				      PRTime time,
 				      const SECItem *encodedResponse,
 				      void *pwArg)
 {
     CERTOCSPCertID *certID = NULL;
     PRBool certIDWasConsumed = PR_FALSE;
     SECStatus rv = SECFailure;
     SECStatus rvOcsp;
     SECErrorCodes dummy_error_code; /* we ignore this */
@@ -4971,17 +4975,17 @@ CERT_CacheOCSPResponseFromSideChannel(CE
 /*
  * Status in *certIDWasConsumed will always be correct, regardless of 
  * return value.
  */
 static SECStatus
 ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, 
                               CERTOCSPCertID *certID, 
                               CERTCertificate *cert, 
-                              int64 time, 
+                              PRTime time,
                               void *pwArg,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp)
 {
     char *location = NULL;
     PRBool locationIsDefault;
     SECItem *encodedResponse = NULL;
     CERTOCSPRequest *request = NULL;
@@ -5077,17 +5081,17 @@ loser:
  *
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTOCSPCertID *certID
  *     the cert ID corresponding to |cert|
  *   CERTCertificate *cert
  *     the certificate being checked
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   void *pwArg
  *     the opaque argument to the password prompting function.
  *   SECItem *encodedResponse
  *     the DER encoded bytes of the OCSP response
  *   PRBool cacheInvalid
  *     If true then invalid responses will cause a negative cache entry to be
  *     created. (Invalid means bad syntax, bad signature etc)
@@ -5099,17 +5103,17 @@ loser:
  *     definition of 'good' above).
  * RETURN:
  *   SECSuccess iff the response is valid.
  */
 static SECStatus
 ocsp_CacheEncodedOCSPResponse(CERTCertDBHandle *handle,
 			      CERTOCSPCertID *certID,
 			      CERTCertificate *cert,
-			      int64 time,
+			      PRTime time,
 			      void *pwArg,
 			      const SECItem *encodedResponse,
                               PRBool cacheInvalid,
 			      PRBool *certIDWasConsumed,
 			      SECStatus *rv_ocsp)
 {
     CERTOCSPResponse *response = NULL;
     CERTCertificate *signerCert = NULL;
@@ -5190,23 +5194,23 @@ loser:
     return rv;
 }
 
 static SECStatus
 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, 
                                         CERTOCSPResponse *response, 
                                         CERTOCSPCertID   *certID,
                                         CERTCertificate  *signerCert,
-                                        int64             time,
+                                        PRTime            time,
                                         CERTOCSPSingleResponse 
                                             **pSingleResponse)
 {
     SECStatus rv;
     ocspResponseData *responseData;
-    int64 producedAt;
+    PRTime producedAt;
     CERTOCSPSingleResponse *single;
 
     /*
      * The ResponseData part is the real guts of the response.
      */
     responseData = ocsp_GetResponseData(response, NULL);
     if (responseData == NULL) {
         rv = SECFailure;
@@ -5239,17 +5243,17 @@ loser:
     return rv;
 }
 
 SECStatus
 CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle, 
                             CERTOCSPResponse *response, 
                             CERTOCSPCertID   *certID,
                             CERTCertificate  *signerCert,
-                            int64             time)
+                            PRTime            time)
 {
     /*
      * We do not update the cache, because:
      *
      * CERT_GetOCSPStatusForCertID is an old exported API that was introduced
      * before the OCSP cache got implemented.
      *
      * The implementation of helper function cert_ProcessOCSPResponse
@@ -5273,17 +5277,17 @@ CERT_GetOCSPStatusForCertID(CERTCertDBHa
 /*
  * The first 5 parameters match the definition of CERT_GetOCSPStatusForCertID.
  */
 SECStatus
 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, 
                          CERTOCSPResponse *response, 
                          CERTOCSPCertID   *certID,
                          CERTCertificate  *signerCert,
-                         int64             time,
+                         PRTime            time,
                          PRBool           *certIDWasConsumed,
                          SECStatus        *cacheUpdateStatus)
 {
     SECStatus rv;
     SECStatus rv_cache = SECSuccess;
     CERTOCSPSingleResponse *single = NULL;
 
     rv = ocsp_GetVerifiedSingleResponseForCertID(handle, response, certID, 
--- a/security/nss/lib/certhigh/ocsp.h
+++ b/security/nss/lib/certhigh/ocsp.h
@@ -415,17 +415,17 @@ CERT_VerifyOCSPResponseSignature(CERTOCS
  *     A copy of the URI for the OCSP method, if found.  If either the
  *     extension is not present or it does not contain an entry for OCSP,
  *     SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned.
  *     Any other error will also result in a NULL being returned.
  *     
  *     This result should be freed (via PORT_Free) when no longer in use.
  */
 extern char *
-CERT_GetOCSPAuthorityInfoAccessLocation(CERTCertificate *cert);
+CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert);
 
 /*
  * FUNCTION: CERT_RegisterAlternateOCSPAIAInfoCallBack
  *   This function serves two purposes.  
  *   1) It registers the address of a callback function that will be 
  *   called for certs that have no OCSP AIA extension, to see if the 
  *   callback wishes to supply an alternative URL for such an OCSP inquiry.
  *   2) It outputs the previously registered function's address to the 
@@ -692,12 +692,26 @@ CERT_CreateEncodedOCSPSuccessResponse(
  *   Returns a pointer to the SECItem holding the response.
  *   On error, returns null with error set describing the reason:
  *	SEC_ERROR_INVALID_ARGS
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 extern SECItem*
 CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error);
 
+/* Sends an OCSP request using the HTTP POST method to the location addressed
+ * by the URL in |location| parameter. The request body will be
+ * |encodedRequest|, which must be a valid encoded OCSP request. On success,
+ * the server's response is returned and the caller must free it using
+ * SECITEM_FreeItem. On failure, NULL is returned. No parsing or validation of
+ * the HTTP response is done.
+ *
+ * If a default HTTP client has been registered with
+ * SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an
+ * internal HTTP client is used.
+ */
+SECItem* CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
+                              const SECItem *encodedRequest);
+
 /************************************************************************/
 SEC_END_PROTOS
 
 #endif /* _OCSP_H_ */
--- a/security/nss/lib/certhigh/ocspi.h
+++ b/security/nss/lib/certhigh/ocspi.h
@@ -13,17 +13,17 @@ SECStatus OCSP_ShutdownGlobal(void);
 
 ocspResponseData *
 ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER);
 
 ocspSignature *
 ocsp_GetResponseSignature(CERTOCSPResponse *response);
 
 SECItem *
-ocsp_DigestValue(PRArenaPool *arena, SECOidTag digestAlg,
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
                  SECItem *fill, const SECItem *src);
 
 PRBool
 ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert);
 
 CERTCertificate *
 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
                           ocspSignature *signature, CERTCertificate *issuer);
@@ -32,23 +32,23 @@ SECStatus
 ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
                              ocspSignature *signature,
                              SECItem *tbsResponseDataDER,
                              void *pwArg);
 
 CERTOCSPRequest *
 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, 
                                  CERTCertificate *singleCert, 
-                                 int64 time, 
+                                 PRTime time,
                                  PRBool addServiceLocator,
                                  CERTCertificate *signerCert);
 
 SECStatus
 ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID, 
-                                        int64 time, 
+                                        PRTime time,
                                         PRBool ignoreOcspFailureMode,
                                         SECStatus *rvOcsp,
                                         SECErrorCodes *missingResponseError);
 
 /*
  * FUNCTION: cert_ProcessOCSPResponse
  *  Same behavior and basic parameters as CERT_GetOCSPStatusForCertID.
  *  In addition it can update the OCSP cache (using information
@@ -58,17 +58,17 @@ ocsp_GetCachedOCSPResponseStatusIfFresh(
  *    certificate DB of the cert that is being checked
  *  CERTOCSPResponse *response
  *    the OCSP response we want to retrieve status from.
  *  CERTOCSPCertID *certID
  *    the ID we want to look for from the response.
  *  CERTCertificate *signerCert
  *    the certificate that was used to sign the OCSP response.
  *    must be obtained via a call to CERT_VerifyOCSPResponseSignature.
- *  int64 time
+ *  PRTime time
  *    The time at which we're checking the status for.
  *  PRBool *certIDWasConsumed
  *    In and Out parameter.
  *    If certIDWasConsumed is NULL on input,
  *    this function might produce a deep copy of cert ID
  *    for storing it in the cache.
  *    If out value is true, ownership of parameter certID was
  *    transferred to the OCSP cache.
@@ -80,17 +80,17 @@ ocsp_GetCachedOCSPResponseStatusIfFresh(
  *    it matches the documentation for CERT_CheckOCSPStatus
  */
 
 SECStatus
 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, 
                          CERTOCSPResponse *response, 
                          CERTOCSPCertID   *certID,
                          CERTCertificate  *signerCert,
-                         int64             time,
+                         PRTime            time,
                          PRBool           *certIDWasConsumed,
                          SECStatus        *cacheUpdateStatus);
 
 /*
  * FUNCTION: cert_RememberOCSPProcessingFailure
  *  If an application notices a failure during OCSP processing,
  *  it should finally call this function. The failure will be recorded
  *  in the OCSP cache in order to avoid repetitive failures.
--- a/security/nss/lib/certhigh/ocspti.h
+++ b/security/nss/lib/certhigh/ocspti.h
@@ -67,17 +67,17 @@ typedef struct ocspSingleRequestStr ocsp
 typedef struct ocspSingleResponseStr ocspSingleResponse;
 typedef struct ocspTBSRequestStr ocspTBSRequest;
 
 
 /*
  * An OCSPRequest; this is what is sent (encoded) to an OCSP responder.
  */
 struct CERTOCSPRequestStr {
-    PRArenaPool *arena;			/* local; not part of encoding */
+    PLArenaPool *arena;			/* local; not part of encoding */
     ocspTBSRequest *tbsRequest;
     ocspSignature *optionalSignature;
 };
 
 /*
  * A TBSRequest; when an OCSPRequest is signed, the encoding of this
  * is what the signature is actually applied to.  ("TBS" == To Be Signed)
  * Whether signed or not, however, this structure will be present, and
@@ -139,17 +139,17 @@ struct ocspSignatureStr {
  * Note that in the OCSP specification this is just called "Request",
  * but since that seemed confusing (vs. an OCSPRequest) and to be more
  * consistent with the parallel type "SingleResponse", I called it a
  * "SingleRequest".
  * 
  * XXX figure out how to get rid of that arena -- there must be a way
  */
 struct ocspSingleRequestStr {
-    PRArenaPool *arena;			/* just a copy of the response arena,
+    PLArenaPool *arena;			/* just a copy of the response arena,
 					 * needed here for extension handling
 					 * routines, on creation only */
     CERTOCSPCertID *reqCert;
     CERTCertExtension **singleRequestExtensions;
 };
 
 /*
  * A CertID is the means of identifying a certificate, used both in requests
@@ -164,17 +164,17 @@ struct CERTOCSPCertIDStr {
     SECItem issuerKeyHash;		/* an OCTET STRING */
     SECItem serialNumber;		/* an INTEGER */
     SECItem issuerSHA1NameHash;		/* keep other hashes around when */
     SECItem issuerMD5NameHash;              /* we have them */
     SECItem issuerMD2NameHash;
     SECItem issuerSHA1KeyHash;		/* keep other hashes around when */
     SECItem issuerMD5KeyHash;              /* we have them */
     SECItem issuerMD2KeyHash;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 };
 
 /*
  * This describes the value of the responseStatus field in an OCSPResponse.
  * The corresponding ASN.1 definition is:
  *
  * OCSPResponseStatus	::=	ENUMERATED {
  *	successful		(0),	--Response has valid confirmations
@@ -204,17 +204,17 @@ typedef enum {
 /*
  * An OCSPResponse is what is sent (encoded) by an OCSP responder.
  *
  * The field "responseStatus" is the ASN.1 encoded value; the field
  * "statusValue" is simply that same value translated into our local
  * type ocspResponseStatus.
  */
 struct CERTOCSPResponseStr {
-    PRArenaPool *arena;			/* local; not part of encoding */
+    PLArenaPool *arena;			/* local; not part of encoding */
     SECItem responseStatus;		/* an ENUMERATED, see above */
     ocspResponseStatus statusValue;	/* local; not part of encoding */
     ocspResponseBytes *responseBytes;	/* only when status is successful */
 };
 
 /*
  * A ResponseBytes (despite appearances) is what contains the meat
  * of a successful response -- but still in encoded form.  The type
@@ -279,17 +279,17 @@ struct ocspResponderIDStr {
 
 /*
  * The ResponseData in a BasicOCSPResponse contains a SEQUENCE OF
  * SingleResponse -- one for each certificate whose status is being supplied.
  * 
  * XXX figure out how to get rid of that arena -- there must be a way
  */
 struct CERTOCSPSingleResponseStr {
-    PRArenaPool *arena;			/* just a copy of the response arena,
+    PLArenaPool *arena;			/* just a copy of the response arena,
 					 * needed here for extension handling
 					 * routines, on creation only */
     CERTOCSPCertID *certID;
     SECItem derCertStatus;
     ocspCertStatus *certStatus;		/* local; not part of encoding */
     SECItem thisUpdate;			/* a GeneralizedTime */
     SECItem *nextUpdate;		/* a GeneralizedTime */
     CERTCertExtension **singleExtensions;
--- a/security/nss/lib/crmf/asn1cmn.c
+++ b/security/nss/lib/crmf/asn1cmn.c
@@ -110,17 +110,17 @@ static const SEC_ASN1Template CMMFChalle
 
 const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF,offsetof(CMMFPOPODecKeyChallContent, challenges),
       CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
     { 0 }
 };
 
 SECStatus
-cmmf_decode_process_cert_response(PRArenaPool      *poolp, 
+cmmf_decode_process_cert_response(PLArenaPool      *poolp,
 				  CERTCertDBHandle *db,
 				  CMMFCertResponse *inCertResp)
 {
     SECStatus rv = SECSuccess;
   
     if (inCertResp->certifiedKeyPair != NULL) {
         rv = cmmf_decode_process_certified_key_pair(poolp, 
 						    db,
@@ -153,17 +153,17 @@ cmmf_get_certorenccertchoice_from_der(SE
     default:
         retChoice = cmmfNoCertOrEncCert;
 	break;
     }
     return retChoice;
 }
 
 static SECStatus
-cmmf_decode_process_certorenccert(PRArenaPool       *poolp,
+cmmf_decode_process_certorenccert(PLArenaPool       *poolp,
 				  CERTCertDBHandle  *db,
 				  CMMFCertOrEncCert *inCertOrEncCert)
 {
     SECStatus rv = SECSuccess;
 
     inCertOrEncCert->choice = 
         cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);
 
@@ -203,17 +203,17 @@ cmmf_decode_process_certorenccert(PRAren
 	break;
     default:
         rv = SECFailure;
     }
     return rv;
 }
 
 SECStatus 
-cmmf_decode_process_certified_key_pair(PRArenaPool          *poolp,
+cmmf_decode_process_certified_key_pair(PLArenaPool          *poolp,
 				       CERTCertDBHandle     *db,
 				       CMMFCertifiedKeyPair *inCertKeyPair)
 {
     return cmmf_decode_process_certorenccert (poolp,
 					      db,
 					      &inCertKeyPair->certOrEncCert);
 }
 
--- a/security/nss/lib/crmf/challcli.c
+++ b/security/nss/lib/crmf/challcli.c
@@ -8,17 +8,17 @@
 #include "secitem.h"
 #include "pk11func.h"
 #include "secder.h"
 #include "sechash.h"
 
 CMMFPOPODecKeyChallContent*
 CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len)
 {
-    PRArenaPool                *poolp;
+    PLArenaPool                *poolp;
     CMMFPOPODecKeyChallContent *challContent;
     SECStatus                   rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
@@ -85,17 +85,17 @@ cmmf_get_owf(CMMFPOPODecKeyChallContent 
 
 SECStatus 
 CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
 					 int                         inIndex,
 					 SECKEYPrivateKey           *inPrivKey)
 {
     CMMFChallenge  *challenge;
     SECItem        *decryptedRand=NULL;
-    PRArenaPool    *poolp  = NULL;
+    PLArenaPool    *poolp  = NULL;
     SECAlgorithmID *owf;
     SECStatus       rv     = SECFailure;
     SECOidTag       tag;
     CMMFRand        randStr;
     SECItem         hashItem;
     unsigned char   hash[HASH_LENGTH_MAX]; 
 
     PORT_Assert(inChalCont != NULL && inPrivKey != NULL);
@@ -199,17 +199,17 @@ CMMF_POPODecKeyChallContentGetRandomNumb
 }
 
 SECStatus 
 CMMF_EncodePOPODecKeyRespContent(long                     *inDecodedRand,
 				 int                       inNumRand,
 				 CRMFEncoderOutputCallback inCallback,
 				 void                     *inArg)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     CMMFPOPODecKeyRespContent *response;
     SECItem *currItem;
     SECStatus rv=SECFailure;
     int i;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return SECFailure;
--- a/security/nss/lib/crmf/cmmfasn1.c
+++ b/security/nss/lib/crmf/cmmfasn1.c
@@ -47,17 +47,17 @@ CMMF_EncodePOPODecKeyChallContent(CMMFPO
 {
     return cmmf_user_encode(inDecKeyChall, inCallback, inArg,
 			    CMMFPOPODecKeyChallContentTemplate);
 }
 
 CMMFPOPODecKeyRespContent*
 CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
 {
-    PRArenaPool               *poolp;
+    PLArenaPool               *poolp;
     CMMFPOPODecKeyRespContent *decKeyResp;
     SECStatus                  rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     decKeyResp = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent);
@@ -87,17 +87,17 @@ CMMF_EncodeKeyRecRepContent(CMMFKeyRecRe
     return cmmf_user_encode(inKeyRecRep, inCallback, inArg,
 			    CMMFKeyRecRepContentTemplate);
 }
 
 CMMFKeyRecRepContent* 
 CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf, 
 				   long len)
 {
-    PRArenaPool          *poolp;
+    PLArenaPool          *poolp;
     CMMFKeyRecRepContent *keyRecContent;
     SECStatus             rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
--- a/security/nss/lib/crmf/cmmfchal.c
+++ b/security/nss/lib/crmf/cmmfchal.c
@@ -9,17 +9,17 @@
 #include "genname.h"
 #include "pk11func.h"
 #include "cert.h"
 #include "secitem.h"
 #include "secmod.h"
 #include "keyhi.h"
 
 static int
-cmmf_create_witness_and_challenge(PRArenaPool     *poolp,
+cmmf_create_witness_and_challenge(PLArenaPool     *poolp,
 				  CMMFChallenge   *challenge,
 				  long             inRandom,
 				  SECItem         *senderDER,
 				  SECKEYPublicKey *inPubKey,
 				  void            *passwdArg)
 {
     SECItem       *encodedRandNum;
     SECItem        encodedRandStr = {siBuffer, NULL, 0};
@@ -121,17 +121,17 @@ cmmf_create_first_challenge(CMMFPOPODecK
 			    long                        inRandom, 
 			    SECItem                    *senderDER, 
 			    SECKEYPublicKey            *inPubKey,
 			    void                       *passwdArg)
 {
     SECOidData     *oidData;
     CMMFChallenge  *challenge;
     SECAlgorithmID *algId;
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     SECStatus       rv;
 
     oidData = SECOID_FindOIDByTag(SEC_OID_SHA1);
     if (oidData == NULL) {
         return SECFailure;
     }
     poolp = challContent->poolp;
     challenge = PORT_ArenaZNew(poolp, CMMFChallenge);
@@ -151,17 +151,17 @@ cmmf_create_first_challenge(CMMFPOPODecK
     challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL;
     challContent->numChallenges++;
     return rv ;
 }
 
 CMMFPOPODecKeyChallContent*
 CMMF_CreatePOPODecKeyChallContent (void)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     CMMFPOPODecKeyChallContent *challContent;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
     if (challContent == NULL) {
@@ -176,17 +176,17 @@ SECStatus
 CMMF_POPODecKeyChallContentSetNextChallenge
                                     (CMMFPOPODecKeyChallContent *inDecKeyChall,
 				     long                        inRandom,
 				     CERTGeneralName            *inSender,
 				     SECKEYPublicKey            *inPubKey,
 				     void                       *passwdArg)
 {
     CMMFChallenge               *curChallenge;
-    PRArenaPool                 *genNamePool = NULL, *poolp;
+    PLArenaPool                 *genNamePool = NULL, *poolp;
     SECStatus                    rv;
     SECItem                     *genNameDER;
     void                        *mark;
 
     PORT_Assert (inDecKeyChall != NULL &&
 		 inSender      != NULL &&
 		 inPubKey      != NULL);
 
--- a/security/nss/lib/crmf/cmmfi.h
+++ b/security/nss/lib/crmf/cmmfi.h
@@ -28,71 +28,71 @@ extern const SEC_ASN1Template CMMFPKISta
 extern const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[];
 
 
 /*
  * Some utility functions that are shared by multiple files in this 
  * implementation.
  */
 
-extern SECStatus cmmf_CopyCertResponse (PRArenaPool      *poolp, 
+extern SECStatus cmmf_CopyCertResponse (PLArenaPool      *poolp,
 					CMMFCertResponse *dest, 
 					CMMFCertResponse *src);
 
-extern SECStatus cmmf_CopyPKIStatusInfo (PRArenaPool       *poolp, 
+extern SECStatus cmmf_CopyPKIStatusInfo (PLArenaPool       *poolp,
 					 CMMFPKIStatusInfo *dest,
 					 CMMFPKIStatusInfo *src);
 
-extern SECStatus cmmf_CopyCertifiedKeyPair(PRArenaPool          *poolp, 
+extern SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool          *poolp,
 					   CMMFCertifiedKeyPair *dest,
 					   CMMFCertifiedKeyPair *src);
 
 extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, 
 					   PRBool freeit);
 
 extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, 
 					   PRBool freeit);
 
 extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo    *statusInfo,
-					     PRArenaPool          *poolp,
+					     PLArenaPool          *poolp,
 					     CMMFPKIStatus         inStatus);
 
 extern SECStatus cmmf_ExtractCertsFromList(CERTCertList      *inCertList,
-					   PRArenaPool       *poolp,
+					   PLArenaPool       *poolp,
 					   CERTCertificate ***certArray);
 
 extern SECStatus 
        cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
-					PRArenaPool       *poolp,
+					PLArenaPool       *poolp,
 					CERTCertificate   *inCert);
 
 extern CMMFPKIStatus 
        cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus);
 
 extern CERTCertList*
        cmmf_MakeCertList(CERTCertificate **inCerts);
 
 extern CERTCertificate*
 cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
                                  CERTCertDBHandle  *certdb);
 
 extern SECStatus
-cmmf_decode_process_cert_response(PRArenaPool      *poolp, 
+cmmf_decode_process_cert_response(PLArenaPool      *poolp,
 				  CERTCertDBHandle *db,
 				  CMMFCertResponse *inCertResp);
 
 extern SECStatus
-cmmf_decode_process_certified_key_pair(PRArenaPool          *poolp,
+cmmf_decode_process_certified_key_pair(PLArenaPool          *poolp,
 				       CERTCertDBHandle     *db,
 				       CMMFCertifiedKeyPair *inCertKeyPair);
 
 extern SECStatus
 cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
 		 const SEC_ASN1Template *inTemplate);
 
 extern SECStatus
-cmmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src);
+cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src);
 #endif /*_CMMFI_H_*/
 
 
 
 
 
--- a/security/nss/lib/crmf/cmmfit.h
+++ b/security/nss/lib/crmf/cmmfit.h
@@ -65,17 +65,17 @@ struct CMMFCertResponseStr {
     SECItem               certReqId;
     CMMFPKIStatusInfo     status; /*PKIStatusInfo*/
     CMMFCertifiedKeyPair *certifiedKeyPair;
 };
 
 struct CMMFCertRepContentStr {
     CERTCertificate  **caPubs;
     CMMFCertResponse **response;
-    PRArenaPool       *poolp;
+    PLArenaPool       *poolp;
     PRBool             isDecoded;
 };
 
 struct CMMFChallengeStr {
     SECAlgorithmID  *owf;
     SECItem          witness;
     SECItem          senderDER;
     SECItem          key;
@@ -86,31 +86,31 @@ struct CMMFChallengeStr {
 struct CMMFRandStr {
     SECItem          integer;
     SECItem          senderHash;
     CERTGeneralName *sender;
 };
 
 struct CMMFPOPODecKeyChallContentStr {
     CMMFChallenge **challenges;
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     int             numChallenges;
     int             numAllocated;
 };
 
 struct CMMFPOPODecKeyRespContentStr {
     SECItem     **responses;
-    PRArenaPool  *poolp;
+    PLArenaPool  *poolp;
 };
 
 struct CMMFKeyRecRepContentStr {
     CMMFPKIStatusInfo      status; /* PKIStatusInfo */
     CERTCertificate       *newSigCert;
     CERTCertificate      **caCerts;
     CMMFCertifiedKeyPair **keyPairHist;
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     int                    numKeyPairs;
     int                    allocKeyPairs;
     PRBool                 isDecoded;
 };
 
 #endif /* _CMMFIT_H_ */
 
--- a/security/nss/lib/crmf/cmmfrec.c
+++ b/security/nss/lib/crmf/cmmfrec.c
@@ -11,17 +11,17 @@
 #include "cmmf.h"
 #include "cmmfi.h"
 #include "secitem.h"
 #include "keyhi.h"
 
 CMMFKeyRecRepContent*
 CMMF_CreateKeyRecRepContent(void)
 {
-    PRArenaPool          *poolp;
+    PLArenaPool          *poolp;
     CMMFKeyRecRepContent *keyRecContent;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
     if (keyRecContent == NULL) {
@@ -117,17 +117,17 @@ CMMF_KeyRecRepContentSetCACerts(CMMFKeyR
 SECStatus
 CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
 					 CERTCertificate      *inCert,
 					 SECKEYPrivateKey     *inPrivKey,
 					 SECKEYPublicKey      *inPubKey)
 {
     CMMFCertifiedKeyPair *keyPair;
     CRMFEncryptedValue   *dummy;
-    PRArenaPool          *poolp;
+    PLArenaPool          *poolp;
     void                 *mark;
     SECStatus             rv;
 
     PORT_Assert (inKeyRecRep != NULL &&
 		 inCert      != NULL &&
 		 inPrivKey   != NULL &&
 		 inPubKey    != NULL);
     if (inKeyRecRep == NULL ||
--- a/security/nss/lib/crmf/cmmfresp.c
+++ b/security/nss/lib/crmf/cmmfresp.c
@@ -14,17 +14,17 @@
 #include "crmfi.h"
 #include "secitem.h"
 #include "secder.h"
 
 CMMFCertRepContent*
 CMMF_CreateCertRepContent(void)
 {
     CMMFCertRepContent *retCertRep;
-    PRArenaPool        *poolp;
+    PLArenaPool        *poolp;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     retCertRep = PORT_ArenaZNew(poolp, CMMFCertRepContent);
     if (retCertRep == NULL) {
         goto loser;
@@ -35,17 +35,17 @@ CMMF_CreateCertRepContent(void)
     if (poolp != NULL) {
         PORT_FreeArena(poolp, PR_FALSE);
     }
     return NULL;
 }
 
 SECStatus 
 cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
-				 PRArenaPool       *poolp,
+				 PLArenaPool       *poolp,
 				 CERTCertificate   *inCert)
 {
     SECItem               *derDest = NULL;
     SECStatus             rv = SECFailure;
 
     if (inCert->derCert.data == NULL) {
         derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert, 
 				     CMMFCertOrEncCertCertificateTemplate);
@@ -75,17 +75,17 @@ cmmf_CertOrEncCertSetCertificate(CMMFCer
     if (derDest != NULL) {
         SECITEM_FreeItem(derDest, PR_TRUE);
     }
     return rv;
 }
 
 SECStatus
 cmmf_ExtractCertsFromList(CERTCertList      *inCertList,
-			  PRArenaPool       *poolp,
+			  PLArenaPool       *poolp,
 			  CERTCertificate ***certArray)
 {
     CERTCertificate  **arrayLocalCopy;
     CERTCertListNode  *node;
     int                numNodes = 0, i;
 
     for (node = CERT_LIST_HEAD(inCertList); !CERT_LIST_END(node, inCertList);
 	 node = CERT_LIST_NEXT(node)) {
@@ -119,17 +119,17 @@ cmmf_ExtractCertsFromList(CERTCertList  
     return SECSuccess;
 }
 
 SECStatus
 CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
 				    CMMFCertResponse  **inCertResponses,
 				    int                 inNumResponses)
 {
-    PRArenaPool       *poolp;
+    PLArenaPool       *poolp;
     CMMFCertResponse **respArr, *newResp;
     void              *mark;
     SECStatus          rv;
     int                i;
 
     PORT_Assert (inCertRepContent != NULL &&
 		 inCertResponses  != NULL &&
 		 inNumResponses    > 0);
@@ -238,17 +238,17 @@ CMMF_CertResponseSetCertificate (CMMFCer
     return rv;
 }
 
 
 SECStatus
 CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
 			     CERTCertList       *inCAPubs)
 {
-    PRArenaPool      *poolp;
+    PLArenaPool      *poolp;
     void             *mark;
     SECStatus         rv;
 
     PORT_Assert(inCertRepContent != NULL &&
 		inCAPubs         != NULL &&
 		inCertRepContent->caPubs == NULL);
     
     if (inCertRepContent == NULL ||
--- a/security/nss/lib/crmf/crmfcont.c
+++ b/security/nss/lib/crmf/crmfcont.c
@@ -26,17 +26,17 @@ crmf_modify_control_array (CRMFCertReque
 }
 
 static SECStatus
 crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
 		     CRMFControl **destControl)
 {
     SECOidData  *oidData;
     SECStatus    rv;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     int          numControls = 0;
     CRMFControl *newControl;
     CRMFControl **controls;
     void        *mark;
 
     poolp = inCertReq->poolp;
     if (poolp == NULL) {
         return SECFailure;
@@ -147,17 +147,17 @@ crmf_destroy_encrypted_value(CRMFEncrypt
 
 SECStatus
 CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue)
 {
     return crmf_destroy_encrypted_value(inEncrValue, PR_TRUE);
 }
 
 SECStatus
-crmf_copy_encryptedvalue_secalg(PRArenaPool     *poolp,
+crmf_copy_encryptedvalue_secalg(PLArenaPool     *poolp,
 				SECAlgorithmID  *srcAlgId,
 				SECAlgorithmID **destAlgId)
 {
     SECAlgorithmID *newAlgId;
     SECStatus rv;
 
     newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) :
                                  PORT_ZNew(SECAlgorithmID);
@@ -173,17 +173,17 @@ crmf_copy_encryptedvalue_secalg(PRArenaP
         return rv;
     }
     *destAlgId = newAlgId;
     
     return rv;
 }
 
 SECStatus
-crmf_copy_encryptedvalue(PRArenaPool        *poolp,
+crmf_copy_encryptedvalue(PLArenaPool        *poolp,
 			 CRMFEncryptedValue *srcValue,
 			 CRMFEncryptedValue *destValue)
 {
     SECStatus           rv;
 
     if (srcValue->intendedAlg != NULL) {
         rv = crmf_copy_encryptedvalue_secalg(poolp,
 					     srcValue->intendedAlg,
@@ -236,17 +236,17 @@ crmf_copy_encryptedvalue(PRArenaPool    
  loser:
     if (poolp == NULL && destValue != NULL) {
         crmf_destroy_encrypted_value(destValue, PR_FALSE);
     }
     return SECFailure;
 }
 
 SECStatus 
-crmf_copy_encryptedkey(PRArenaPool       *poolp,
+crmf_copy_encryptedkey(PLArenaPool       *poolp,
 		       CRMFEncryptedKey  *srcEncrKey,
 		       CRMFEncryptedKey  *destEncrKey)
 {
     SECStatus          rv;
     void              *mark = NULL;
 
     if (poolp != NULL) {
         mark = PORT_ArenaMark(poolp);
@@ -600,17 +600,17 @@ crmf_get_public_value(SECKEYPublicKey *p
     return dest;
 }
 
 static SECItem*
 crmf_decode_params(SECItem *inParams)
 {
     SECItem     *params;
     SECStatus    rv      = SECFailure;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     
     params = PORT_ArenaZNew(poolp, SECItem);
     if (params) {
@@ -636,17 +636,17 @@ crmf_get_key_size_from_mech(CK_MECHANISM
 	return 16;
     case CKM_DES3_KEY_GEN:
 	return 24;
     }
     return 0;
 }
 
 SECStatus
-crmf_encrypted_value_unwrap_priv_key(PRArenaPool        *poolp,
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool        *poolp,
 				     CRMFEncryptedValue *encValue,
 				     SECKEYPrivateKey   *privKey,
 				     SECKEYPublicKey    *newPubKey,
 				     SECItem            *nickname,
 				     PK11SlotInfo       *slot,
 				     unsigned char       keyUsage,
 				     SECKEYPrivateKey  **unWrappedKey,
 				     void               *wincx)
@@ -895,17 +895,17 @@ CRMF_CreateEncryptedKeyWithEncryptedValu
 
 SECStatus
 CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey)
 {
     return crmf_destroy_encrypted_key(inEncrKey, PR_TRUE);
 }
 
 SECStatus
-crmf_copy_pkiarchiveoptions(PRArenaPool           *poolp,
+crmf_copy_pkiarchiveoptions(PLArenaPool           *poolp,
 			    CRMFPKIArchiveOptions *destOpt,
 			    CRMFPKIArchiveOptions *srcOpt)
 {
     SECStatus rv;
     destOpt->archOption = srcOpt->archOption;
     switch (srcOpt->archOption) {
     case crmfEncryptedPrivateKey:
         rv = crmf_copy_encryptedkey(poolp,
@@ -1004,17 +1004,17 @@ crmf_get_pkiarchiveoptions_subtemplate(C
 	break;
     default:
         retTemplate = NULL;
     }
     return retTemplate;
 }
 
 static SECStatus
-crmf_encode_pkiarchiveoptions(PRArenaPool *poolp, CRMFControl *inControl)
+crmf_encode_pkiarchiveoptions(PLArenaPool *poolp, CRMFControl *inControl)
 {
     const SEC_ASN1Template *asn1Template;
 
     asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
     /* We've got a union, so passing a pointer to one element of the 
      * union, is the same as passing a pointer to any of the other
      * members of the union.
      */
@@ -1029,17 +1029,17 @@ crmf_encode_pkiarchiveoptions(PRArenaPoo
     return SECFailure;
 }
 
 SECStatus
 CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest       *inCertReq,
 				     CRMFPKIArchiveOptions *inOptions)
 {
     CRMFControl *newControl;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     SECStatus    rv;
     void        *mark;
     
     PORT_Assert(inCertReq != NULL && inOptions != NULL);
     if (inCertReq == NULL || inOptions == NULL) {
         return SECFailure;
     }
     poolp = inCertReq->poolp;
--- a/security/nss/lib/crmf/crmfdec.c
+++ b/security/nss/lib/crmf/crmfdec.c
@@ -158,17 +158,17 @@ crmf_decode_process_keyencipherment(CRMF
     }
     return SECSuccess;
 }
 
 static SECStatus
 crmf_decode_process_pop(CRMFCertReqMsg *inCertReqMsg)
 {
      SECItem               *derPOP;
-     PRArenaPool           *poolp;
+     PLArenaPool           *poolp;
      CRMFProofOfPossession *pop;
      void                  *mark;
      SECStatus              rv;
 
      derPOP = &inCertReqMsg->derPOP;
      poolp  = inCertReqMsg->poolp;
      if (derPOP->data == NULL) {
          /* There is no Proof of Possession field in this message. */
@@ -212,17 +212,17 @@ crmf_decode_process_pop(CRMFCertReqMsg *
  loser:
      PORT_ArenaRelease(poolp, mark);
      inCertReqMsg->pop = NULL;
      return SECFailure;
      
 }
 
 static SECStatus
-crmf_decode_process_single_control(PRArenaPool *poolp, 
+crmf_decode_process_single_control(PLArenaPool *poolp,
 				   CRMFControl *inControl)
 {
     const SEC_ASN1Template *asn1Template = NULL;
 
     inControl->tag = SECOID_FindOIDTag(&inControl->derTag);
     asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
 
     PORT_Assert (asn1Template != NULL);
@@ -240,17 +240,17 @@ crmf_decode_process_single_control(PRAre
 			  inControl->derValue.len);
 }
 
 static SECStatus 
 crmf_decode_process_controls(CRMFCertReqMsg *inCertReqMsg)
 {
     int           i, numControls;
     SECStatus     rv;
-    PRArenaPool  *poolp;
+    PLArenaPool  *poolp;
     CRMFControl **controls;
     
     numControls = CRMF_CertRequestGetNumControls(inCertReqMsg->certReq);
     controls = inCertReqMsg->certReq->controls;
     poolp    = inCertReqMsg->poolp;
     for (i=0; i < numControls; i++) {
         rv = crmf_decode_process_single_control(poolp, controls[i]);
 	if (rv != SECSuccess) {
@@ -280,17 +280,17 @@ crmf_decode_process_single_reqmsg(CRMFCe
     rv = SECSuccess;
  loser:
     return rv;
 }
 
 CRMFCertReqMsg*
 CRMF_CreateCertReqMsgFromDER (const char * buf, long len)
 {
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     CRMFCertReqMsg *certReqMsg;
     SECStatus       rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     certReqMsg = PORT_ArenaZNew (poolp, CRMFCertReqMsg);
@@ -317,17 +317,17 @@ CRMF_CreateCertReqMsgFromDER (const char
 }
 
 CRMFCertReqMessages*
 CRMF_CreateCertReqMessagesFromDER(const char *buf, long len)
 {
     long                 arenaSize;
     int                  i;
     SECStatus            rv;
-    PRArenaPool         *poolp;
+    PLArenaPool         *poolp;
     CRMFCertReqMessages *certReqMsgs;
 
     PORT_Assert (buf != NULL);
     /* Wanna make sure the arena is big enough to store all of the requests
      * coming in.  We'll guestimate according to the length of the buffer.
      */
     arenaSize = len + len/2;
     poolp = PORT_NewArena(arenaSize);
--- a/security/nss/lib/crmf/crmfget.c
+++ b/security/nss/lib/crmf/crmfget.c
@@ -32,17 +32,17 @@ crmf_destroy_validity(CRMFOptionalValidi
 	if (freeit) {
 	    PORT_Free(inValidity);
 	}
     }
     return SECSuccess;
 }
 
 static SECStatus 
-crmf_copy_cert_request_validity(PRArenaPool           *poolp,
+crmf_copy_cert_request_validity(PLArenaPool           *poolp,
 				CRMFOptionalValidity **destValidity,
 				CRMFOptionalValidity  *srcValidity)
 {
     CRMFOptionalValidity *myValidity = NULL;
     SECStatus             rv;
 
     *destValidity = myValidity = (poolp == NULL) ?
                                   PORT_ZNew(CRMFOptionalValidity) :
@@ -68,17 +68,17 @@ crmf_copy_cert_request_validity(PRArenaP
  loser:
     if (myValidity != NULL && poolp == NULL) {
         crmf_destroy_validity(myValidity, PR_TRUE);
     }
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_extensions(PRArenaPool        *poolp, 
+crmf_copy_extensions(PLArenaPool        *poolp,
 		     CRMFCertTemplate   *destTemplate,
 		     CRMFCertExtension **srcExt)
 {
     int       numExt = 0, i;
     CRMFCertExtension **myExtArray = NULL;
 
     while (srcExt[numExt] != NULL) {
         numExt++;
@@ -114,17 +114,17 @@ crmf_copy_extensions(PRArenaPool        
 	PORT_Free(myExtArray);
     }
     destTemplate->extensions = NULL;
     destTemplate->numExtensions = 0;
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_cert_request_template(PRArenaPool      *poolp, 
+crmf_copy_cert_request_template(PLArenaPool      *poolp,
 				CRMFCertTemplate *destTemplate,
 				CRMFCertTemplate *srcTemplate)
 {
     SECStatus rv;
 
     if (srcTemplate->version.data != NULL) {
         rv = SECITEM_CopyItem(poolp, &destTemplate->version, 
 			      &srcTemplate->version);
@@ -196,17 +196,17 @@ crmf_copy_cert_request_template(PRArenaP
 	}
     }
     return SECSuccess;
  loser:
     return SECFailure;
 }
 
 static CRMFControl*
-crmf_copy_control(PRArenaPool *poolp, CRMFControl *srcControl)
+crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
 {
     CRMFControl *newControl;
     SECStatus    rv;
 
     newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) :
                                    PORT_ArenaZNew(poolp, CRMFControl);
     if (newControl == NULL) {
         goto loser;
@@ -241,17 +241,17 @@ crmf_copy_control(PRArenaPool *poolp, CR
  loser:
     if (poolp == NULL && newControl != NULL) {
         CRMF_DestroyControl(newControl);
     }
     return NULL;
 }
 
 static SECStatus
-crmf_copy_cert_request_controls(PRArenaPool     *poolp, 
+crmf_copy_cert_request_controls(PLArenaPool     *poolp,
 				CRMFCertRequest *destReq, 
 				CRMFCertRequest *srcReq)
 {
     int           numControls, i;
     CRMFControl **myControls = NULL;
 
     numControls = CRMF_CertRequestGetNumControls(srcReq);
     if (numControls == 0) {
@@ -280,17 +280,17 @@ crmf_copy_cert_request_controls(PRArenaP
 	}
 	PORT_Free(myControls);
     }
     return SECFailure;
 }
 
 
 CRMFCertRequest*
-crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq)
+crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
 {
     CRMFCertRequest *newReq = NULL;
     SECStatus        rv;
 
     if (srcReq == NULL) {
         return NULL;
     }
     newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) :
@@ -333,17 +333,17 @@ CRMF_DestroyGetValidity(CRMFGetValidity 
 	    PORT_Free(inValidity->notBefore);
 	    inValidity->notBefore = NULL;
 	}
     }
     return SECSuccess;
 }
 
 SECStatus
-crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, SECItem *src)
+crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, SECItem *src)
 {
     int origLenBits;
     int bytesToCopy;
     SECStatus rv;
 
     origLenBits = src->len;
     bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
     src->len = bytesToCopy;         
--- a/security/nss/lib/crmf/crmfi.h
+++ b/security/nss/lib/crmf/crmfi.h
@@ -103,84 +103,84 @@ extern const SEC_ASN1Template CRMFEncryp
 /*
  * Use these two values for encoding Boolean values.
  */
 extern const unsigned char hexTrue;
 extern const unsigned char hexFalse;
 /*
  * Prototypes for helper routines used internally by multiple files.
  */
-extern SECStatus crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, 
+extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
 				     long value);
-extern SECStatus crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, 
+extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
 					  SECItem *src);
 
-extern SECStatus crmf_copy_pkiarchiveoptions(PRArenaPool           *poolp, 
+extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool           *poolp,
 					     CRMFPKIArchiveOptions *destOpt,
 					     CRMFPKIArchiveOptions *srcOpt);
 extern SECStatus  
        crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
 				      PRBool                 freeit);
 extern const SEC_ASN1Template*
        crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
 
-extern SECStatus crmf_copy_encryptedkey(PRArenaPool       *poolp,
+extern SECStatus crmf_copy_encryptedkey(PLArenaPool       *poolp,
 					CRMFEncryptedKey  *srcEncrKey,
 					CRMFEncryptedKey  *destEncrKey);
 extern SECStatus
-crmf_copy_encryptedvalue(PRArenaPool        *poolp,
+crmf_copy_encryptedvalue(PLArenaPool        *poolp,
 			 CRMFEncryptedValue *srcValue,
 			 CRMFEncryptedValue *destValue);
 
 extern SECStatus
-crmf_copy_encryptedvalue_secalg(PRArenaPool     *poolp,
+crmf_copy_encryptedvalue_secalg(PLArenaPool     *poolp,
 				SECAlgorithmID  *srcAlgId,
 				SECAlgorithmID **destAlgId);
 
-extern SECStatus crmf_template_copy_secalg(PRArenaPool *poolp, 
+extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
 					   SECAlgorithmID **dest,
 					   SECAlgorithmID *src);
 
-extern SECStatus crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest, 
+extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
 				     CERTName *src);
 
-extern SECStatus crmf_template_add_public_key(PRArenaPool               *poolp,
+extern SECStatus crmf_template_add_public_key(PLArenaPool               *poolp,
 					      CERTSubjectPublicKeyInfo **dest,
 					      CERTSubjectPublicKeyInfo  *pubKey);
 
-extern CRMFCertExtension* crmf_create_cert_extension(PRArenaPool *poolp, 
+extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp,
 						     SECOidTag    tag, 
 						     PRBool       isCritical,
 						     SECItem     *data);
 extern CRMFCertRequest*
-crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq);
+crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
 
 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, 
 					      PRBool freeit);
 
 extern CRMFEncryptedValue *
 crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey   *inPrivKey,
 					    SECKEYPublicKey    *inPubKey,
 					    CRMFEncryptedValue *destValue);
 
 extern CK_MECHANISM_TYPE 
        crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
 
 extern SECStatus
-crmf_encrypted_value_unwrap_priv_key(PRArenaPool        *poolp,
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool        *poolp,
 				     CRMFEncryptedValue *encValue,
 				     SECKEYPrivateKey   *privKey,
 				     SECKEYPublicKey    *newPubKey,
 				     SECItem            *nickname,
 				     PK11SlotInfo       *slot,
 				     unsigned char       keyUsage,
 				     SECKEYPrivateKey  **unWrappedKey,
 				     void               *wincx);
 
 extern SECItem*
 crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
 
 extern CRMFCertExtension*
-crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension);
+crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
 
 extern SECStatus
 crmf_create_prtime(SECItem *src, PRTime **dest);
 #endif /*_CRMFI_H_*/
--- a/security/nss/lib/crmf/crmfit.h
+++ b/security/nss/lib/crmf/crmfit.h
@@ -4,17 +4,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 
 #ifndef _CRMFIT_H_
 #define _CRMFIT_H_
 
 struct CRMFCertReqMessagesStr {
     CRMFCertReqMsg **messages;
-    PRArenaPool     *poolp;
+    PLArenaPool     *poolp;
 };
 
 struct CRMFCertExtensionStr {
     SECItem id;
     SECItem critical;
     SECItem value;
 };
 
@@ -102,17 +102,17 @@ struct CRMFControlStr {
 
 struct CRMFCertRequestStr {
     SECItem            certReqId;
     CRMFCertTemplate   certTemplate;
     CRMFControl      **controls;
     /* The following members are used by the internal implementation, but
      * are not part of the encoding.
      */
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     PRUint32     requestID; /* This is the value that will be encoded into
 			     * the certReqId field.
 			     */
 };                                   
 
 struct CRMFAttributeStr {
     SECItem derTag;
     SECItem derValue;
@@ -120,17 +120,17 @@ struct CRMFAttributeStr {
 
 struct CRMFCertReqMsgStr {
     CRMFCertRequest            *certReq;
     CRMFProofOfPossession      *pop;
     CRMFAttribute             **regInfo;
     SECItem                     derPOP;
     /* This arena will be used for allocating memory when decoding.
      */
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     PRBool       isDecoded;
 };
 
 struct CRMFPOPOSigningKeyInputStr {
     /* ASN1 must have only one of the next 2 options */
     union {
         SECItem          sender; /*General Name*/
         CRMFPKMACValue  *publicKeyMAC;
--- a/security/nss/lib/crmf/crmfpop.c
+++ b/security/nss/lib/crmf/crmfpop.c
@@ -30,17 +30,17 @@ crmf_init_encoder_callback_arg (struct c
 /* Caller should release or unmark the pool, instead of doing it here.
 ** But there are NO callers of this function at present...
 */
 SECStatus 
 CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
 {
     SECItem               *dummy;
     CRMFProofOfPossession *pop;
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     void                  *mark;
 
     PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
     poolp = inCertReqMsg->poolp;
     mark = PORT_ArenaMark(poolp);
     if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
         return SECFailure;
     }
@@ -68,17 +68,17 @@ crmf_get_key_sign_tag(SECKEYPublicKey *i
      * implementations */
     if (inPubKey->keyType == rsaKey) {
         return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
     }
     return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
 }
 
 static SECAlgorithmID*
-crmf_create_poposignkey_algid(PRArenaPool      *poolp,
+crmf_create_poposignkey_algid(PLArenaPool      *poolp,
 			      SECKEYPublicKey  *inPubKey)
 {
     SECAlgorithmID *algID;
     SECOidTag       tag;
     SECStatus       rv;
     void           *mark;
 
     mark = PORT_ArenaMark(poolp);
@@ -97,17 +97,17 @@ crmf_create_poposignkey_algid(PRArenaPoo
     PORT_ArenaUnmark(poolp, mark);
     return algID;
  loser:
     PORT_ArenaRelease(poolp, mark);
     return NULL;
 }
 
 static CRMFPOPOSigningKeyInput*
-crmf_create_poposigningkeyinput(PRArenaPool *poolp, CERTCertificate *inCert,
+crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert,
 				CRMFMACPasswordCallback fn, void *arg)
 {
   /* PSM isn't going to do this, so we'll fail here for now.*/
      return NULL;
 }
 
 void
 crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
@@ -142,17 +142,17 @@ crmf_encode_certreq(CRMFCertRequest *inC
     if (rv != SECSuccess) {
         return SECFailure;
     }
     return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, 
 			  crmf_generic_encoder_callback, &encoderArg);
 }
 
 static SECStatus
-crmf_sign_certreq(PRArenaPool        *poolp, 
+crmf_sign_certreq(PLArenaPool        *poolp,
 		  CRMFPOPOSigningKey *crmfSignKey, 
 		  CRMFCertRequest    *certReq,
 		  SECKEYPrivateKey   *inKey,
 		  SECAlgorithmID     *inAlgId)
 {
     SECItem                      derCertReq = { siBuffer, NULL, 0 };
     SECItem                      certReqSig = { siBuffer, NULL, 0 };
     SECStatus                    rv = SECSuccess;
@@ -178,17 +178,17 @@ crmf_sign_certreq(PRArenaPool        *po
     }
     if (certReqSig.data != NULL) {
         PORT_Free(certReqSig.data);
     }
     return rv;
 }
 
 static SECStatus
-crmf_create_poposignkey(PRArenaPool             *poolp, 
+crmf_create_poposignkey(PLArenaPool             *poolp,
 			CRMFCertReqMsg          *inCertReqMsg, 
 			CRMFPOPOSigningKeyInput *signKeyInput, 
 			SECKEYPrivateKey        *inPrivKey,
 			SECAlgorithmID          *inAlgID,
 			CRMFPOPOSigningKey      *signKey) 
 {
     CRMFCertRequest    *certReq;
     void               *mark;
@@ -223,17 +223,17 @@ SECStatus
 CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg   *inCertReqMsg,
 			       SECKEYPrivateKey *inPrivKey,
 			       SECKEYPublicKey  *inPubKey,
 			       CERTCertificate  *inCertForInput,
 			       CRMFMACPasswordCallback  fn,
 			       void                    *arg)
 {
     SECAlgorithmID  *algID;
-    PRArenaPool     *poolp;
+    PLArenaPool     *poolp;
     SECItem          derTemp = {siBuffer, NULL, 0};
     void            *mark;
     SECStatus        rv;
     CRMFPOPOSigningKeyInput *signKeyInput = NULL;
     CRMFCertRequest         *certReq;
     CRMFProofOfPossession   *pop;
     struct crmfEncoderArg    encoderArg;
 
@@ -315,17 +315,17 @@ crmf_get_popoprivkey_subtemplate(CRMFPOP
 	break;
     default:
         retTemplate = NULL;
     }
     return retTemplate;
 }
 
 static SECStatus
-crmf_encode_popoprivkey(PRArenaPool            *poolp, 
+crmf_encode_popoprivkey(PLArenaPool            *poolp,
 			CRMFCertReqMsg         *inCertReqMsg,
 			CRMFPOPOPrivKey        *popoPrivKey,
 			const SEC_ASN1Template *privKeyTemplate)
 {
     struct crmfEncoderArg   encoderArg;
     SECItem                 derTemp = { siBuffer, NULL, 0 };
     SECStatus               rv;
     void                   *mark;
@@ -389,17 +389,17 @@ crmf_get_template_for_privkey(CRMFPOPCho
     }
     return NULL;
 }
 
 static SECStatus
 crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
 			     CRMFPOPChoice inChoice)
 {
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     void                  *mark;
     CRMFPOPOPrivKey       *popoPrivKey;
     CRMFProofOfPossession *pop;
     SECStatus              rv;
 
     PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
     poolp = inCertReqMsg->poolp;
     mark = PORT_ArenaMark(poolp);
@@ -436,17 +436,17 @@ crmf_add_privkey_thismessage(CRMFCertReq
     PORT_ArenaRelease(poolp, mark);
     return SECFailure;
 }
 
 static SECStatus
 crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
                              CRMFPOPChoice inChoice)
 {
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     void                  *mark;
     CRMFPOPOPrivKey       *popoPrivKey;
     CRMFProofOfPossession *pop;
     SECStatus              rv;
 
     PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
     poolp = inCertReqMsg->poolp;
     mark = PORT_ArenaMark(poolp);
@@ -479,17 +479,17 @@ crmf_add_privkey_dhmac(CRMFCertReqMsg *i
 }
 
 static SECStatus
 crmf_add_privkey_subseqmessage(CRMFCertReqMsg        *inCertReqMsg,
 			       CRMFSubseqMessOptions  subsequentMessage,
 			       CRMFPOPChoice          inChoice)
 {
     void                  *mark;
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     CRMFProofOfPossession *pop;
     CRMFPOPOPrivKey       *popoPrivKey;
     SECStatus              rv;
     const SEC_ASN1Template *privKeyTemplate;
 
     if (subsequentMessage == crmfNoSubseqMess) {
         return SECFailure;
     }
--- a/security/nss/lib/crmf/crmfreq.c
+++ b/security/nss/lib/crmf/crmfreq.c
@@ -14,44 +14,44 @@
  */
 #define IS_NOT_NULL(ptr) ((ptr) == NULL) ? PR_FALSE : PR_TRUE
 
 const unsigned char hexTrue  = 0xff;
 const unsigned char hexFalse = 0x00;
 
 
 SECStatus
-crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, long value) 
+crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, long value)
 {
     SECItem *dummy;
 
     dummy = SEC_ASN1EncodeInteger(poolp, dest, value);
     PORT_Assert (dummy == dest);
     if (dummy == NULL) {
         return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
-crmf_encode_unsigned_integer(PRArenaPool *poolp, SECItem *dest, 
+crmf_encode_unsigned_integer(PLArenaPool *poolp, SECItem *dest,
                              unsigned long value) 
 {
     SECItem *dummy;
 
     dummy = SEC_ASN1EncodeUnsignedInteger(poolp, dest, value);
     PORT_Assert (dummy == dest);
     if (dummy != dest) {
         return SECFailure;
     }
     return SECSuccess;
 }
 
 static SECStatus
-crmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src)
+crmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src)
 {
     return  SECITEM_CopyItem (poolp, dest, src); 
 }
 
 PRBool
 CRMF_DoesRequestHaveField (CRMFCertRequest       *inCertReq, 
 			   CRMFCertTemplateField  inField)
 {
@@ -83,17 +83,17 @@ CRMF_DoesRequestHaveField (CRMFCertReque
         return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0;
     }
     return PR_FALSE;
 }
 
 CRMFCertRequest *
 CRMF_CreateCertRequest (PRUint32 inRequestID)
 {
-    PRArenaPool     *poolp;
+    PLArenaPool     *poolp;
     CRMFCertRequest *certReq;
     SECStatus        rv;
     
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     
@@ -137,29 +137,29 @@ CRMF_DestroyCertRequest(CRMFCertRequest 
 	if (inCertReq->poolp) {
 	    PORT_FreeArena(inCertReq->poolp, PR_TRUE);
 	}
     }
     return SECSuccess;
 }
 
 static SECStatus
-crmf_template_add_version(PRArenaPool *poolp, SECItem *dest, long version)
+crmf_template_add_version(PLArenaPool *poolp, SECItem *dest, long version)
 {
     return (crmf_encode_integer(poolp, dest, version));
 }
 
 static SECStatus
-crmf_template_add_serialnumber(PRArenaPool *poolp, SECItem *dest, long serial)
+crmf_template_add_serialnumber(PLArenaPool *poolp, SECItem *dest, long serial)
 {
     return (crmf_encode_integer(poolp, dest, serial));
 }
 
 SECStatus
-crmf_template_copy_secalg (PRArenaPool *poolp, SECAlgorithmID **dest, 
+crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest,
 			   SECAlgorithmID* src)
 {
     SECStatus         rv;
     void             *mark = NULL;
     SECAlgorithmID   *mySecAlg;
 
     if (!poolp) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -184,17 +184,17 @@ crmf_template_copy_secalg (PRArenaPool *
     *dest = NULL;
     if (mark) {
         PORT_ArenaRelease(poolp, mark);
     }
     return SECFailure;
 }
 
 SECStatus
-crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest, 
+crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
 		    CERTName *src)
 {
     CERTName *newName;
     SECStatus rv;
     void     *mark;
 
     mark = PORT_ArenaMark(poolp);
     *dest = newName = PORT_ArenaZNew(poolp, CERTName);
@@ -210,25 +210,25 @@ crmf_copy_cert_name(PRArenaPool *poolp, 
     return SECSuccess;
  loser:
     PORT_ArenaRelease(poolp, mark);
     *dest = NULL;
     return SECFailure;
 }
 
 static SECStatus
-crmf_template_add_issuer (PRArenaPool *poolp, CERTName **dest, 
+crmf_template_add_issuer (PLArenaPool *poolp, CERTName **dest,
 			  CERTName* issuerName)
 {
     return crmf_copy_cert_name(poolp, dest, issuerName);
 }
 
 
 static SECStatus
-crmf_template_add_validity (PRArenaPool *poolp, CRMFOptionalValidity **dest,
+crmf_template_add_validity (PLArenaPool *poolp, CRMFOptionalValidity **dest,
 			    CRMFValidityCreationInfo *info)
 {
     SECStatus             rv;
     void                 *mark; 
     CRMFOptionalValidity *myValidity;
 
     /*First off, let's make sure at least one of the two fields is present*/
     if (!info  || (!info->notBefore && !info->notAfter)) {
@@ -258,24 +258,24 @@ crmf_template_add_validity (PRArenaPool 
     return SECSuccess;
  loser:
     PORT_ArenaRelease(poolp, mark);
     *dest = NULL;
     return SECFailure;
 }
 
 static SECStatus
-crmf_template_add_subject (PRArenaPool *poolp, CERTName **dest,
+crmf_template_add_subject (PLArenaPool *poolp, CERTName **dest,
 			   CERTName *subject)
 {
     return crmf_copy_cert_name(poolp, dest, subject);
 }
 
 SECStatus
-crmf_template_add_public_key(PRArenaPool *poolp, 
+crmf_template_add_public_key(PLArenaPool *poolp,
 			     CERTSubjectPublicKeyInfo **dest,
 			     CERTSubjectPublicKeyInfo  *pubKey)
 {
     CERTSubjectPublicKeyInfo *spki;
     SECStatus rv;
 
     *dest = spki = (poolp == NULL) ?
                               PORT_ZNew(CERTSubjectPublicKeyInfo) :
@@ -292,37 +292,37 @@ crmf_template_add_public_key(PRArenaPool
     if (poolp == NULL && spki != NULL) {
         SECKEY_DestroySubjectPublicKeyInfo(spki);
     }
     *dest = NULL;
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_bitstring (PRArenaPool *poolp, SECItem *dest, const SECItem *src)
+crmf_copy_bitstring (PLArenaPool *poolp, SECItem *dest, const SECItem *src)
 {
     SECStatus rv;
     SECItem  byteSrc;
     
     byteSrc = *src;
     byteSrc.len = CRMF_BITS_TO_BYTES(byteSrc.len);
     rv = crmf_copy_secitem(poolp, dest, &byteSrc);
     dest->len = src->len;
     return rv;
 }
 
 static SECStatus
-crmf_template_add_issuer_uid(PRArenaPool *poolp, SECItem *dest,
+crmf_template_add_issuer_uid(PLArenaPool *poolp, SECItem *dest,
 			     const SECItem *issuerUID)
 {
     return crmf_copy_bitstring (poolp, dest, issuerUID);
 }
 
 static SECStatus
-crmf_template_add_subject_uid(PRArenaPool *poolp, SECItem *dest, 
+crmf_template_add_subject_uid(PLArenaPool *poolp, SECItem *dest,
 			      const SECItem *subjectUID)
 {
     return crmf_copy_bitstring (poolp, dest, subjectUID);
 }
 
 static void
 crmf_zeroize_new_extensions (CRMFCertExtension **extensions,
 			     int numToZeroize) 
@@ -336,17 +336,17 @@ crmf_zeroize_new_extensions (CRMFCertExt
  * of this API to set extensions more than just once.  So we will
  * need the ability grow the array of extensions.  Since arenas don't
  * give us the realloc function, we'll use the generic PORT_* functions
  * to allocate the array of pointers *ONLY*.  Then we will allocate each
  * individual extension from the arena that comes along with the certReq
  * structure that owns this template.
  */
 static SECStatus
-crmf_template_add_extensions(PRArenaPool *poolp, CRMFCertTemplate *inTemplate,
+crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate,
 			     CRMFCertExtCreationInfo *extensions)
 {
     void               *mark;
     int                 newSize, oldSize, i;
     SECStatus           rv;
     CRMFCertExtension **extArray;
     CRMFCertExtension  *newExt, *currExt;
 
@@ -399,17 +399,17 @@ crmf_template_add_extensions(PRArenaPool
 }
 
 SECStatus
 CRMF_CertRequestSetTemplateField(CRMFCertRequest       *inCertReq, 
 				 CRMFCertTemplateField  inTemplateField,
 				 void                  *data)
 {
     CRMFCertTemplate *certTemplate;
-    PRArenaPool      *poolp;
+    PLArenaPool      *poolp;
     SECStatus         rv = SECFailure;
     void             *mark;
     
 
     if (inCertReq == NULL) {
         return SECFailure;
     }
 
@@ -479,17 +479,17 @@ CRMF_CertReqMsgSetCertRequest (CRMFCertR
     inCertReqMsg->certReq = crmf_copy_cert_request(inCertReqMsg->poolp,
 						   inCertReq);
     return (inCertReqMsg->certReq == NULL) ? SECFailure : SECSuccess;
 }
 
 CRMFCertReqMsg*
 CRMF_CreateCertReqMsg(void)
 {
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     CRMFCertReqMsg *reqMsg;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     reqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
     if (reqMsg == NULL) {
@@ -517,17 +517,17 @@ CRMF_DestroyCertReqMsg(CRMFCertReqMsg *i
 	    PORT_Free(inCertReqMsg->certReq->controls);
 	}
     }
     PORT_FreeArena(inCertReqMsg->poolp, PR_TRUE);
     return SECSuccess;
 }
 
 CRMFCertExtension*
-crmf_create_cert_extension(PRArenaPool *poolp, 
+crmf_create_cert_extension(PLArenaPool *poolp,
 			   SECOidTag    id,
 			   PRBool       isCritical,
 			   SECItem     *data)
 {
     CRMFCertExtension *newExt;
     SECOidData        *oidData;
     SECStatus          rv;
 
--- a/security/nss/lib/crmf/respcli.c
+++ b/security/nss/lib/crmf/respcli.c
@@ -17,17 +17,17 @@
 #include "secitem.h"
 #include "secder.h"
 #include "secasn1.h"
 
 CMMFCertRepContent*
 CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf, 
 				 long len)
 {
-    PRArenaPool        *poolp;
+    PLArenaPool        *poolp;
     CMMFCertRepContent *certRepContent;
     SECStatus           rv;
     int                 i;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
--- a/security/nss/lib/crmf/respcmn.c
+++ b/security/nss/lib/crmf/respcmn.c
@@ -94,17 +94,17 @@ CMMF_DestroyPOPODecKeyChallContent(CMMFP
 SECStatus
 crmf_create_prtime(SECItem *src, PRTime **dest)
 {
    *dest = PORT_ZNew(PRTime);
     return DER_DecodeTimeChoice(*dest, src);
 }
 
 CRMFCertExtension*
-crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension)
+crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension)
 {
     PRBool             isCritical;
     SECOidTag          id;
     SECItem           *data;
     CRMFCertExtension *newExt;
 
     PORT_Assert(inExtension != NULL);
     if (inExtension == NULL) {
@@ -209,17 +209,17 @@ cmmf_DestroyCertOrEncCert(CMMFCertOrEncC
     }
     if (freeit) {
         PORT_Free(certOrEncCert);
     }
     return SECSuccess;
 }
 
 SECStatus
-cmmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src)
+cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src)
 {
     SECStatus rv;
 
     if (src->data != NULL) {
         rv = SECITEM_CopyItem(poolp, dest, src);
     } else {
         dest->data = NULL;
 	dest->len  = 0;
@@ -241,17 +241,17 @@ CMMF_DestroyCertifiedKeyPair(CMMFCertifi
             PORT_Free(inCertKeyPair->derPublicationInfo.data);
         }
         PORT_Free(inCertKeyPair);
     }
     return SECSuccess;
 }
 
 SECStatus
-cmmf_CopyCertResponse(PRArenaPool      *poolp, 
+cmmf_CopyCertResponse(PLArenaPool      *poolp,
 		      CMMFCertResponse *dest,
 		      CMMFCertResponse *src)
 {
     SECStatus rv;
 
     if (src->certReqId.data != NULL) {
         rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId);
 	if (rv != SECSuccess) {
@@ -279,17 +279,17 @@ cmmf_CopyCertResponse(PRArenaPool      *
 	    return rv;
 	}
 	dest->certifiedKeyPair = destKeyPair;
     }
     return SECSuccess;
 }
 
 static SECStatus
-cmmf_CopyCertOrEncCert(PRArenaPool *poolp, CMMFCertOrEncCert *dest,
+cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
 		       CMMFCertOrEncCert *src)
 {
     SECStatus           rv = SECSuccess;
     CRMFEncryptedValue *encVal;
 
     dest->choice = src->choice;
     rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
     switch (src->choice) {
@@ -313,17 +313,17 @@ cmmf_CopyCertOrEncCert(PRArenaPool *pool
 	break;
     default:
         rv = SECFailure;
     }
     return rv;
 }
 
 SECStatus
-cmmf_CopyCertifiedKeyPair(PRArenaPool *poolp, CMMFCertifiedKeyPair *dest,
+cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
 			  CMMFCertifiedKeyPair *src)
 {
     SECStatus rv;
 
     rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert, 
 				&src->certOrEncCert);
     if (rv != SECSuccess) {
         return rv;
@@ -348,17 +348,17 @@ cmmf_CopyCertifiedKeyPair(PRArenaPool *p
 	dest->privateKey = encVal;
     }
     rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo, 
 			   &src->derPublicationInfo);
     return rv;
 }
 
 SECStatus
-cmmf_CopyPKIStatusInfo(PRArenaPool *poolp, CMMFPKIStatusInfo *dest,
+cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, CMMFPKIStatusInfo *dest,
 		       CMMFPKIStatusInfo *src)
 {
     SECStatus rv;
 
     rv = cmmf_copy_secitem (poolp, &dest->status, &src->status);
     if (rv != SECSuccess) {
         return rv;
     }
@@ -380,17 +380,17 @@ cmmf_CertOrEncCertGetCertificate(CMMFCer
     }
     return CERT_NewTempCertificate(certdb,
 				   &certOrEncCert->cert.certificate->derCert,
 				   NULL, PR_FALSE, PR_TRUE);
 }
 
 SECStatus 
 cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo    *statusInfo,
-			    PRArenaPool          *poolp,
+			    PLArenaPool          *poolp,
 			    CMMFPKIStatus         inStatus)
 {
     SECItem *dummy;
     
     if (inStatus <cmmfGranted || inStatus >= cmmfNumPKIStatus) {
         return SECFailure;
     }
 
--- a/security/nss/lib/crmf/servget.c
+++ b/security/nss/lib/crmf/servget.c
@@ -339,17 +339,17 @@ CRMF_POPOSigningKeyGetSignature(CRMFPOPO
  loser:
     if (newSig != NULL) {
         SECITEM_FreeItem(newSig, PR_TRUE);
     }
     return NULL;
 }
 
 static SECStatus 
-crmf_copy_poposigningkey(PRArenaPool        *poolp, 
+crmf_copy_poposigningkey(PLArenaPool        *poolp,
 			 CRMFPOPOSigningKey *inPopoSignKey,
 			 CRMFPOPOSigningKey *destPopoSignKey)
 {
     SECStatus rv;
 
     /* We don't support use of the POPOSigningKeyInput, so we'll only 
      * store away the DER encoding.
      */
@@ -379,17 +379,17 @@ crmf_copy_poposigningkey(PRArenaPool    
  loser:
     if (poolp == NULL) {
         CRMF_DestroyPOPOSigningKey(destPopoSignKey);
     }
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_popoprivkey(PRArenaPool     *poolp,
+crmf_copy_popoprivkey(PLArenaPool     *poolp,
 		      CRMFPOPOPrivKey *srcPrivKey,
 		      CRMFPOPOPrivKey *destPrivKey)
 {
     SECStatus        rv;
 
     destPrivKey->messageChoice = srcPrivKey->messageChoice;
     switch (destPrivKey->messageChoice) {
     case crmfThisMessage:
@@ -410,17 +410,17 @@ crmf_copy_popoprivkey(PRArenaPool     *p
 
     if (rv != SECSuccess && poolp == NULL) {
         CRMF_DestroyPOPOPrivKey(destPrivKey);
     }
     return rv;
 }
 
 static CRMFProofOfPossession*
-crmf_copy_pop(PRArenaPool *poolp, CRMFProofOfPossession *srcPOP)
+crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
 {
     CRMFProofOfPossession *newPOP;
     SECStatus              rv;
 
     /* 
      * Proof Of Possession structures are always part of the Request
      * message, so there will always be an arena for allocating memory.
      */
@@ -463,17 +463,17 @@ crmf_copy_pop(PRArenaPool *poolp, CRMFPr
  loser:
     return NULL;
 }
 
 static CRMFCertReqMsg*
 crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
 {
     CRMFCertReqMsg *newReqMsg;
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
     if (newReqMsg == NULL) {
         PORT_FreeArena(poolp, PR_TRUE);
@@ -531,17 +531,17 @@ CRMF_CertReqMessagesGetNumMessages(CRMFC
         numMessages++;
     }
     return numMessages;
 }
 
 CRMFCertRequest*
 CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
 {
-    PRArenaPool     *poolp      = NULL;
+    PLArenaPool     *poolp      = NULL;
     CRMFCertRequest *newCertReq = NULL;
 
     PORT_Assert(inCertReqMsg != NULL);
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
@@ -623,17 +623,17 @@ CRMF_CertReqMsgGetPOPOSigningKey(CRMFCer
         return SECFailure;
     }
     return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
 }
 
 static SECStatus
 crmf_copy_name(CERTName *destName, CERTName *srcName)
 {
-  PRArenaPool *poolp = NULL;
+  PLArenaPool *poolp = NULL;
   SECStatus rv;
 
   if (destName->arena != NULL) {
     poolp = destName->arena;
   } else {
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
   }
   if (poolp == NULL) {
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -261,17 +261,17 @@ SECKEY_DestroyPublicKey(SECKEYPublicKey 
 	}
     	if (pubk->arena) {
 	    PORT_FreeArena(pubk->arena, PR_FALSE);
 	}
     }
 }
 
 SECStatus
-SECKEY_CopySubjectPublicKeyInfo(PRArenaPool *arena,
+SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
 			     CERTSubjectPublicKeyInfo *to,
 			     CERTSubjectPublicKeyInfo *from)
 {
     SECStatus rv;
     SECItem spk;
 
     rv = SECOID_CopyAlgorithmID(arena, &to->algorithm, &from->algorithm);
     if (rv == SECSuccess) {
@@ -440,17 +440,17 @@ SECKEY_UpdateCertPQG(CERTCertificate * s
    
 
 /* Decode the DSA PQG parameters.  The params could be stored in two
  * possible formats, the old fortezza-only wrapped format or
  * the normal standard format.  Store the decoded parameters in
  * a V3 certificate data structure.  */ 
 
 SECStatus
-SECKEY_DSADecodePQG(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
+SECKEY_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
     SECStatus rv;
     SECItem newparams;
 
     if (params == NULL) return SECFailure; 
     
     if (params->data == NULL) return SECFailure;
 
     PORT_Assert(arena);
@@ -545,17 +545,17 @@ CERT_GetCertKeyType (CERTSubjectPublicKe
 }
 
 static SECKEYPublicKey *
 seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
 {
     SECKEYPublicKey *pubk;
     SECItem os, newOs, newParms;
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECOidTag tag;
 
     arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
 	return NULL;
 
     pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
     if (pubk == NULL) {
@@ -1021,17 +1021,17 @@ SECKEY_SignatureLen(const SECKEYPublicKe
     PORT_SetError(SEC_ERROR_INVALID_KEY);
     return 0;
 }
 
 SECKEYPrivateKey *
 SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privk)
 {
     SECKEYPrivateKey *copyk;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     
     if (!privk || !privk->pkcs11Slot) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
     }
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
@@ -1067,17 +1067,17 @@ fail:
     PORT_FreeArena (arena, PR_FALSE);
     return NULL;
 }
 
 SECKEYPublicKey *
 SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk)
 {
     SECKEYPublicKey *copyk;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv = SECSuccess;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError (SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
 
@@ -1152,17 +1152,17 @@ SECKEY_CopyPublicKey(const SECKEYPublicK
     return NULL;
 }
 
 
 SECKEYPublicKey *
 SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
 {
     SECKEYPublicKey *pubk;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCertificate *cert;
     SECStatus rv;
 
     /*
      * First try to look up the cert.
      */
     cert = PK11_GetCertFromPrivateKey(privk);
     if (cert) {
@@ -1211,17 +1211,17 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
     PORT_FreeArena (arena, PR_FALSE);
     return NULL;
 }
 
 CERTSubjectPublicKeyInfo *
 SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
 {
     CERTSubjectPublicKeyInfo *spki;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECItem params = { siBuffer, NULL, 0 };
 
     if (!pubk) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1341,17 +1341,17 @@ SECKEY_DestroySubjectPublicKeyInfo(CERTS
 
 /*
  * this only works for RSA keys... need to do something
  * similiar to CERT_ExtractPublicKey for other key times.
  */
 SECKEYPublicKey *
 SECKEY_DecodeDERPublicKey(SECItem *pubkder)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECKEYPublicKey *pubk;
     SECStatus rv;
     SECItem newPubkder;
 
     arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError (SEC_ERROR_NO_MEMORY);
 	return NULL;
@@ -1422,17 +1422,17 @@ SECKEY_EncodeDERSubjectPublicKeyInfo(SEC
 finish:
     return spkiDER;
 }
 
 
 CERTSubjectPublicKeyInfo *
 SECKEY_DecodeDERSubjectPublicKeyInfo(SECItem *spkider)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSubjectPublicKeyInfo *spki;
     SECStatus rv;
     SECItem newSpkider;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
@@ -1487,17 +1487,17 @@ SECKEY_ConvertAndDecodeSubjectPublicKeyI
 CERTSubjectPublicKeyInfo *
 SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
 								void *wincx)
 {
     CERTSubjectPublicKeyInfo *spki = NULL;
     CERTPublicKeyAndChallenge pkac;
     SECStatus rv;
     SECItem signedItem;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedData sd;
     SECItem sig;
     SECKEYPublicKey *pubKey = NULL;
     unsigned int len;
     
     signedItem.data = NULL;
     
     /* convert the base64 encoded data to binary */
@@ -1582,17 +1582,17 @@ done:
     
     return spki;
 }
 
 void
 SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
 			     PRBool freeit)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 
     if(pvk != NULL) {
 	if(pvk->arena) {
 	    poolp = pvk->arena;
 	    /* zero structure since PORT_FreeArena does not support
 	     * this yet.
 	     */
 	    PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len);
@@ -1613,17 +1613,17 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPriva
 	}
     }
 }
 
 void
 SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
 				      PRBool freeit)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 
     if(epki != NULL) {
 	if(epki->arena) {
 	    poolp = epki->arena;
 	    /* zero structure since PORT_FreeArena does not support
 	     * this yet.
 	     */
 	    PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len);
@@ -1640,17 +1640,17 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SE
 	    if(freeit == PR_TRUE) {
 		PORT_Free(epki);
 	    }
 	}
     }
 }
 
 SECStatus
-SECKEY_CopyPrivateKeyInfo(PRArenaPool *poolp,
+SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
 			  SECKEYPrivateKeyInfo *to,
 			  SECKEYPrivateKeyInfo *from)
 {
     SECStatus rv = SECFailure;
 
     if((to == NULL) || (from == NULL)) {
 	return SECFailure;
     }
@@ -1664,17 +1664,17 @@ SECKEY_CopyPrivateKeyInfo(PRArenaPool *p
 	return SECFailure;
     }
     rv = SECITEM_CopyItem(poolp, &to->version, &from->version);
 
     return rv;
 }
 
 SECStatus
-SECKEY_CopyEncryptedPrivateKeyInfo(PRArenaPool *poolp, 
+SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
 				   SECKEYEncryptedPrivateKeyInfo *to,
 				   SECKEYEncryptedPrivateKeyInfo *from)
 {
     SECStatus rv = SECFailure;
 
     if((to == NULL) || (from == NULL)) {
 	return SECFailure;
     }
@@ -1701,17 +1701,17 @@ SECKEY_GetPublicKeyType(SECKEYPublicKey 
 }
 
 SECKEYPublicKey*
 SECKEY_ImportDERPublicKey(SECItem *derKey, CK_KEY_TYPE type)
 {
     SECKEYPublicKey *pubk = NULL;
     SECStatus rv = SECFailure;
     SECItem newDerKey;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
     if (!derKey) {
         return NULL;
     } 
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -1761,17 +1761,17 @@ finish:
         pubk = NULL;
     }
     return pubk;
 }
 
 SECKEYPrivateKeyList*
 SECKEY_NewPrivateKeyList(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECKEYPrivateKeyList *ret = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
         goto loser;
     }
 
     ret = (SECKEYPrivateKeyList *)PORT_ArenaZAlloc(arena,
@@ -1838,17 +1838,17 @@ SECKEY_AddPrivateKeyToListTail( SECKEYPr
 loser:
     return(SECFailure);
 }
 
 
 SECKEYPublicKeyList*
 SECKEY_NewPublicKeyList(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECKEYPublicKeyList *ret = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
         goto loser;
     }
 
     ret = (SECKEYPublicKeyList *)PORT_ArenaZAlloc(arena,
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -137,17 +137,17 @@ static DERTemplate SGNDigestInfoTemplate
 SECStatus
 SGN_End(SGNContext *cx, SECItem *result)
 {
     unsigned char digest[HASH_LENGTH_MAX];
     unsigned part1;
     int signatureLen;
     SECStatus rv;
     SECItem digder, sigitem;
-    PRArenaPool *arena = 0;
+    PLArenaPool *arena = 0;
     SECKEYPrivateKey *privKey = cx->key;
     SGNDigestInfo *di = 0;
 
     result->data = 0;
     digder.data = 0;
 
     /* Finish up digest function */
     if (cx->hashcx == NULL) {
@@ -293,17 +293,17 @@ const SEC_ASN1Template CERT_SignedDataTe
 	  offsetof(CERTSignedData,signature), },
     { 0, }
 };
 
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate)
 
 
 SECStatus
-SEC_DerSignData(PRArenaPool *arena, SECItem *result, 
+SEC_DerSignData(PLArenaPool *arena, SECItem *result,
 	const unsigned char *buf, int len, SECKEYPrivateKey *pk,
 	SECOidTag algID)
 {
     SECItem it;
     CERTSignedData sd;
     SECStatus rv;
 
     it.data = 0;
@@ -364,17 +364,17 @@ SEC_DerSignData(PRArenaPool *arena, SECI
 
 SECStatus
 SGN_Digest(SECKEYPrivateKey *privKey,
 		SECOidTag algtag, SECItem *result, SECItem *digest)
 {
     int modulusLen;
     SECStatus rv;
     SECItem digder;
-    PRArenaPool *arena = 0;
+    PLArenaPool *arena = 0;
     SGNDigestInfo *di = 0;
 
 
     result->data = 0;
 
     if (privKey->keyType == rsaKey) {
 
 	arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/lib/cryptohi/secvfy.c
+++ b/security/nss/lib/cryptohi/secvfy.c
@@ -177,17 +177,17 @@ const SEC_ASN1Template hashParameterTemp
  * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the
  *	algorithm was not found or was not a signing algorithm.
  */
 SECStatus
 sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, 
              const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg)
 {
     int len;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv;
     SECItem oid;
 
     PR_ASSERT(hashalg!=NULL);
     PR_ASSERT(encalg!=NULL);
 
     switch (sigAlg) {
       /* We probably shouldn't be generating MD2 signatures either */
--- a/security/nss/lib/dbm/include/mcom_db.h
+++ b/security/nss/lib/dbm/include/mcom_db.h
@@ -35,16 +35,24 @@
 #ifndef _DB_H_
 #define	_DB_H_
 
 #ifndef macintosh
 #include <sys/types.h>
 #endif
 #include "prtypes.h"
 
+#if !defined(XP_BEOS) && !defined(XP_OS2) && !defined(XP_UNIX) || defined(NTO)
+typedef PRUintn uint;
+#endif
+typedef PRUint8 uint8;
+typedef PRUint16 uint16;
+typedef PRInt32 int32;
+typedef PRUint32 uint32;
+
 #include <limits.h>
 
 #ifdef __DBINTERFACE_PRIVATE
 
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #else
 #include "cdefs.h"
--- a/security/nss/lib/freebl/arcfour.c
+++ b/security/nss/lib/freebl/arcfour.c
@@ -367,17 +367,16 @@ rc4_wordconv(RC4Context *cx, unsigned ch
 	register WORD streamWord;
 	register const WORD *pInWord;
 	register WORD *pOutWord;
 	register WORD inWord, nextInWord;
 	PRUint8 t;
 	register Stype tmpSi, tmpSj;
 	register PRUint8 tmpi = cx->i;
 	register PRUint8 tmpj = cx->j;
-	unsigned int byteCount;
 	unsigned int bufShift, invBufShift;
 	unsigned int i;
 	const unsigned char *finalIn;
 	unsigned char *finalOut;
 
 	PORT_Assert(maxOutputLen >= inputLen);
 	if (maxOutputLen < inputLen) {
 		PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -385,33 +384,33 @@ rc4_wordconv(RC4Context *cx, unsigned ch
 	}
 	if (inputLen < 2*WORDSIZE) {
 		/* Ignore word conversion, do byte-at-a-time */
 		return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen);
 	}
 	*outputLen = inputLen;
 	pInWord = (const WORD *)(input - inOffset);
 	pOutWord = (WORD *)(output - outOffset);
-	if (inOffset < outOffset) {
+	if (inOffset <= outOffset) {
 		bufShift = 8*(outOffset - inOffset);
 		invBufShift = 8*WORDSIZE - bufShift;
 	} else {
 		invBufShift = 8*(inOffset - outOffset);
 		bufShift = 8*WORDSIZE - invBufShift;
 	}
 	/*****************************************************************/
 	/* Step 1:                                                       */
 	/* If the first output word is partial, consume the bytes in the */
 	/* first partial output word by loading one or two words of      */
 	/* input and shifting them accordingly.  Otherwise, just load    */
 	/* in the first word of input.  At the end of this block, at     */
 	/* least one partial word of input should ALWAYS be loaded.      */
 	/*****************************************************************/
 	if (outOffset) {
-		byteCount = WORDSIZE - outOffset; 
+		unsigned int byteCount = WORDSIZE - outOffset; 
 		for (i = 0; i < byteCount; i++) {
 			ARCFOUR_NEXT_BYTE();
 			output[i] = cx->S[t] ^ input[i];
 		}
 		/* Consumed byteCount bytes of input */
 		inputLen -= byteCount;
 		pInWord++;
 
@@ -461,43 +460,44 @@ rc4_wordconv(RC4Context *cx, unsigned ch
 		} else {
 			/* Input is word-aligned.  The first word load of input 
 			 * will produce a full word of input bytes, so nothing
 			 * needs to be loaded here.
 			 */
 			inWord = 0;
 		}
 	}
-	/* Output buffer is aligned, inOffset is now measured relative to
-	 * outOffset (and not a word boundary).
-	 */
-	inOffset = (inOffset + WORDSIZE - outOffset) % WORDSIZE;
 	/*****************************************************************/
 	/* Step 2: main loop                                             */
 	/* At this point the output buffer is word-aligned.  Any unused  */
 	/* bytes from above will be in inWord (shifted correctly).  If   */
 	/* the input buffer is unaligned relative to the output buffer,  */
 	/* shifting has to be done.                                      */
 	/*****************************************************************/
-	if (inOffset) {
-		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
+	if (bufShift) {
+		/* preloadedByteCount is the number of input bytes pre-loaded
+		 * in inWord.
+		 */
+		unsigned int preloadedByteCount = bufShift/8;
+		for (; inputLen >= preloadedByteCount + WORDSIZE;
+		     inputLen -= WORDSIZE) {
 			nextInWord = *pInWord++;
 			inWord |= nextInWord RSH bufShift;
 			nextInWord = nextInWord LSH invBufShift;
 			ARCFOUR_NEXT_WORD();
 			*pOutWord++ = inWord ^ streamWord;
 			inWord = nextInWord;
 		}
 		if (inputLen == 0) {
 			/* Nothing left to do. */
 			cx->i = tmpi;
 			cx->j = tmpj;
 			return SECSuccess;
 		}
-		finalIn = (const unsigned char *)pInWord - WORDSIZE + inOffset;
+		finalIn = (const unsigned char *)pInWord - preloadedByteCount;
 	} else {
 		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
 			inWord = *pInWord++;
 			ARCFOUR_NEXT_WORD();
 			*pOutWord++ = inWord ^ streamWord;
 		}
 		if (inputLen == 0) {
 			/* Nothing left to do. */
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -828,17 +828,17 @@ Camellia_Decrypt(CamelliaContext *cx, un
 ** Hash a null terminated string "src" into "dest" using MD5
 */
 extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
 
 /*
 ** Hash a non-null terminated string "src" into "dest" using MD5
 */
 extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
-			     uint32 src_length);
+			     PRUint32 src_length);
 
 /*
 ** Create a new MD5 context
 */
 extern MD5Context *MD5_NewContext(void);
 
 
 /*
@@ -996,17 +996,17 @@ extern void MD2_Clone(MD2Context *dest, 
 ** Hash a null terminated string "src" into "dest" using SHA-1
 */
 extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
 
 /*
 ** Hash a non-null terminated string "src" into "dest" using SHA-1
 */
 extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			      PRUint32 src_length);
 
 /*
 ** Create a new SHA-1 context
 */
 extern SHA1Context *SHA1_NewContext(void);
 
 
 /*
@@ -1098,17 +1098,17 @@ extern void SHA224_End(SHA224Context *cx
 **	"digest" where the 28 bytes of digest data are stored
 **	"digestLen" where the digest length (28) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
 extern void SHA224_TraceState(SHA224Context *cx);
 extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
 extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
 extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
 
 /******************************************/
@@ -1127,17 +1127,17 @@ extern void SHA256_End(SHA256Context *cx
 **	"digest" where the 32 bytes of digest data are stored
 **	"digestLen" where the digest length (32) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
 extern void SHA256_TraceState(SHA256Context *cx);
 extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
 extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
 extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
 extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
 
 /******************************************/
@@ -1156,17 +1156,17 @@ extern void SHA512_Update(SHA512Context 
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
 extern void SHA512_TraceState(SHA512Context *cx);
 extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
 extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
 extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
 extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
 
 /******************************************/
@@ -1185,17 +1185,17 @@ extern void SHA384_End(SHA384Context *cx
 **	"digest" where the 48 bytes of digest data are stored
 **	"digestLen" where the digest length (48) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
 extern void SHA384_TraceState(SHA384Context *cx);
 extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
 extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
 extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
 extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
 
 /****************************************
--- a/security/nss/lib/freebl/dh.c
+++ b/security/nss/lib/freebl/dh.c
@@ -39,17 +39,17 @@ dh_GetSecretKeyLen(unsigned int primeLen
         return 28;  /* 224 bits */
     }
     return 20;  /* 160 bits */
 }
 
 SECStatus 
 DH_GenParam(int primeLen, DHParams **params)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     DHParams *dhparams;
     unsigned char *pb = NULL;
     unsigned char *ab = NULL;
     unsigned long counter = 0;
     mp_int p, q, a, h, psub1, test;
     mp_err err = MP_OKAY;
     SECStatus rv = SECSuccess;
     if (!params || primeLen < 0) {
@@ -130,17 +130,17 @@ cleanup:
     if (rv)
 	PORT_FreeArena(arena, PR_TRUE);
     return rv;
 }
 
 SECStatus 
 DH_NewKey(DHParams *params, DHPrivateKey **privKey)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     DHPrivateKey *key;
     mp_int g, xa, p, Ya;
     mp_err   err = MP_OKAY;
     SECStatus rv = SECSuccess;
     if (!params || !privKey) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
--- a/security/nss/lib/freebl/dsa.c
+++ b/security/nss/lib/freebl/dsa.c
@@ -153,17 +153,17 @@ static void translate_mpi_error(mp_err e
 
 static SECStatus 
 dsa_NewKeyExtended(const PQGParams *params, const SECItem * seed,
                    DSAPrivateKey **privKey)
 {
     mp_int p, g;
     mp_int x, y;
     mp_err err;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     DSAPrivateKey *key;
     /* Check args. */
     if (!params || !privKey || !seed || !seed->data) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
     /* Initialize an arena for the DSA key. */
     arena = PORT_NewArena(NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE);
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -199,17 +199,17 @@ cleanup:
  * point multiplication of that value with the curve's base point.
  */
 SECStatus 
 ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, 
     const unsigned char *privKeyBytes, int privKeyLen)
 {
     SECStatus rv = SECFailure;
 #ifdef NSS_ENABLE_ECC
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     ECPrivateKey *key;
     mp_int k;
     mp_err err = MP_OKAY;
     int len;
 
 #if EC_DEBUG
     printf("ec_NewKey called\n");
 #endif
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -552,17 +552,17 @@ SECStatus
 MD5_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_MD5_Hash)(dest, src);
 }
 
 SECStatus 
-MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_MD5_HashBuf)(dest, src, src_length);
 }
 
 MD5Context *
 MD5_NewContext(void)
@@ -715,17 +715,17 @@ SECStatus
 SHA1_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA1_Hash)(dest, src);
 }
 
 SECStatus 
-SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA1_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA1_HashBuf)(dest, src, src_length);
 }
 
 SHA1Context *
 SHA1_NewContext(void)
@@ -913,17 +913,17 @@ SECStatus
 SHA256_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA256_Hash)(dest, src);
 }
 
 SECStatus 
-SHA256_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA256_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA256_HashBuf)(dest, src, src_length);
 }
 
 SHA256Context *
 SHA256_NewContext(void)
@@ -1003,17 +1003,17 @@ SECStatus
 SHA512_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA512_Hash)(dest, src);
 }
 
 SECStatus 
-SHA512_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA512_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA512_HashBuf)(dest, src, src_length);
 }
 
 SHA512Context *
 SHA512_NewContext(void)
@@ -1094,17 +1094,17 @@ SECStatus
 SHA384_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA384_Hash)(dest, src);
 }
 
 SECStatus 
-SHA384_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA384_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA384_HashBuf)(dest, src, src_length);
 }
 
 SHA384Context *
 SHA384_NewContext(void)
@@ -1739,17 +1739,17 @@ SECStatus
 SHA224_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA224_Hash)(dest, src);
 }
 
 SECStatus
-SHA224_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA224_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA224_HashBuf)(dest, src, src_length);
 }
 
 SHA224Context *
 SHA224_NewContext(void)
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -134,17 +134,17 @@ struct FREEBLVectorStr {
 
  SECStatus (* p_AES_Decrypt)(AESContext *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 
  SECStatus (* p_MD5_Hash)(unsigned char *dest, const char *src);
 
  SECStatus (* p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src,
-			     uint32 src_length);
+			     PRUint32 src_length);
 
  MD5Context *(* p_MD5_NewContext)(void);
 
  void (* p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit);
 
  void (* p_MD5_Begin)(MD5Context *cx);
 
  void (* p_MD5_Update)(MD5Context *cx,
@@ -179,17 +179,17 @@ struct FREEBLVectorStr {
 
  SECStatus (* p_MD2_Flatten)(MD2Context *cx,unsigned char *space);
 
  MD2Context * (* p_MD2_Resurrect)(unsigned char *space, void *arg);
 
  SECStatus (* p_SHA1_Hash)(unsigned char *dest, const char *src);
 
  SECStatus (* p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			      PRUint32 src_length);
 
  SHA1Context *(* p_SHA1_NewContext)(void);
 
  void (* p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit);
 
  void (* p_SHA1_Begin)(SHA1Context *cx);
 
  void (* p_SHA1_Update)(SHA1Context *cx, const unsigned char *input,
@@ -238,47 +238,47 @@ struct FREEBLVectorStr {
  SHA256Context *(* p_SHA256_NewContext)(void);
  void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
  void (* p_SHA256_Begin)(SHA256Context *cx);
  void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
  SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src);
  void (* p_SHA256_TraceState)(SHA256Context *cx);
  unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx);
  SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space);
  SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg);
 
  SHA512Context *(* p_SHA512_NewContext)(void);
  void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
  void (* p_SHA512_Begin)(SHA512Context *cx);
  void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
  SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src);
  void (* p_SHA512_TraceState)(SHA512Context *cx);
  unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx);
  SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space);
  SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg);
 
  SHA384Context *(* p_SHA384_NewContext)(void);
  void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
  void (* p_SHA384_Begin)(SHA384Context *cx);
  void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
  SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src);
  void (* p_SHA384_TraceState)(SHA384Context *cx);
  unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx);
  SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space);
  SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg);
 
   /* Version 3.003 came to here */
 
@@ -546,17 +546,17 @@ struct FREEBLVectorStr {
  SHA224Context *(*p_SHA224_NewContext)(void);
  void (* p_SHA224_DestroyContext)(SHA224Context *cx, PRBool freeit);
  void (* p_SHA224_Begin)(SHA224Context *cx);
  void (* p_SHA224_Update)(SHA224Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA224_End)(SHA224Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (*p_SHA224_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			       PRUint32 src_length);
  SECStatus (*p_SHA224_Hash)(unsigned char *dest, const char *src);
  void (*p_SHA224_TraceState)(SHA224Context *cx);
  unsigned int (* p_SHA224_FlattenSize)(SHA224Context *cx);
  SECStatus (* p_SHA224_Flatten)(SHA224Context *cx,unsigned char *space);
  SHA224Context * (* p_SHA224_Resurrect)(unsigned char *space, void *arg);
  void (* p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);
  PRBool (*p_BLAPI_SHVerifyFile)(const char *name);
 
--- a/security/nss/lib/freebl/md5.c
+++ b/security/nss/lib/freebl/md5.c
@@ -193,17 +193,17 @@ struct MD5ContextStr {
 
 SECStatus 
 MD5_Hash(unsigned char *dest, const char *src)
 {
 	return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
 }
 
 SECStatus 
-MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
 	unsigned int len;
 	MD5Context cx;
 
 	MD5_Begin(&cx);
 	MD5_Update(&cx, src, src_length);
 	MD5_End(&cx, dest, &len, MD5_HASH_LEN);
 	memset(&cx, 0, sizeof cx);
--- a/security/nss/lib/freebl/mpi/mpmontg.c
+++ b/security/nss/lib/freebl/mpi/mpmontg.c
@@ -621,19 +621,19 @@ typedef unsigned int mp_weave_word;
  * of 4 bytes still requires a single read-modify-write operation.
  *
  * This function is takes the identical parameters as the function above, 
  * however it lays out the final array differently. Where the previous function
  * treats the mpi_int as an byte array, this function treats it as an array of
  * mp_digits where each digit is stored in big endian order.
  * 
  * since we need to interleave on a byte by byte basis, we need to collect 
- * several mpi structures together into a single uint32 before we write. We
- * also need to make sure the uint32 is arranged so that the first value of 
- * the first array winds up in b[0]. This means construction of that uint32
+ * several mpi structures together into a single PRUint32 before we write. We
+ * also need to make sure the PRUint32 is arranged so that the first value of
+ * the first array winds up in b[0]. This means construction of that PRUint32
  * is endian specific (even though the layout of the mp_digits in the array 
  * is always big endian).
  *
  * The final data is stored as follows :
  *
  * Our same logical array p array, m is sizeof(mp_digit),
  * N is still count and n is now b_size. If we define p[i].digit[j]0 as the 
  * most significant byte of the word p[i].digit[j], p[i].digit[j]1 as 
--- a/security/nss/lib/freebl/pqg.c
+++ b/security/nss/lib/freebl/pqg.c
@@ -223,18 +223,18 @@ PQG_Check(const PQGParams *params)
     unsigned int L,N;
     SECStatus rv = SECSuccess;
 
     if (params == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
 
-    L = PQG_GetLength(&params->prime)*BITS_PER_BYTE;
-    N = PQG_GetLength(&params->subPrime)*BITS_PER_BYTE;
+    L = PQG_GetLength(&params->prime)*PR_BITS_PER_BYTE;
+    N = PQG_GetLength(&params->subPrime)*PR_BITS_PER_BYTE;
 
     if (L < 1024) {
 	int j;
 
 	/* handle DSA1 pqg parameters with less thatn 1024 bits*/
 	if ( N != DSA1_Q_BITS ) {
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    return SECFailure;
@@ -256,27 +256,27 @@ PQG_GetHashType(const PQGParams *params)
 {
     unsigned int L,N;
 
     if (params == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return HASH_AlgNULL;
     }
 
-    L = PQG_GetLength(&params->prime)*BITS_PER_BYTE;
-    N = PQG_GetLength(&params->subPrime)*BITS_PER_BYTE;
+    L = PQG_GetLength(&params->prime)*PR_BITS_PER_BYTE;
+    N = PQG_GetLength(&params->subPrime)*PR_BITS_PER_BYTE;
     return getFirstHash(L, N);
 }
 
 /* Get a seed for generating P and Q.  If in testing mode, copy in the
 ** seed from FIPS 186-1 appendix 5.  Otherwise, obtain bytes from the
 ** global random number generator.
 */
 static SECStatus
-getPQseed(SECItem *seed, PRArenaPool* arena)
+getPQseed(SECItem *seed, PLArenaPool* arena)
 {
     SECStatus rv;
 
     if (!seed->data) {
         seed->data = (unsigned char*)PORT_ArenaZAlloc(arena, seed->len);
     }
     if (!seed->data) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -438,17 +438,17 @@ makeQ2fromSeed(
       HASH_HashType hashtype,	/* selected Hashing algorithm */
       unsigned int  N,          /* input.  Length of q in bits. */
 const SECItem   *   seed,       /* input.  */
       mp_int    *   Q)          /* output. */
 {
     unsigned char U[HASH_LENGTH_MAX];
     SECStatus rv  = SECSuccess;
     mp_err    err = MP_OKAY;
-    int N_bytes = N/BITS_PER_