Merge mozilla-central to autoland. a=merge on a CLOSED TREE
authorDaniel Varga <dvarga@mozilla.com>
Thu, 22 Nov 2018 23:53:13 +0200
changeset 504191 45a6e295e8bf27d638079bf5a6ef38e6629fc40a
parent 504190 3e6a10079e5c6b60a885cfb2bdeb6fef1c730acf (current diff)
parent 504177 8b245cc1086f912f84b54a6af13f015404af8e14 (diff)
child 504192 89caaea53d18aaf2d4b90b98a2f989a8cdc7062b
push id10290
push userffxbld-merge
push dateMon, 03 Dec 2018 16:23:23 +0000
treeherdermozilla-beta@700bed2445e6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmerge
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Merge mozilla-central to autoland. a=merge on a CLOSED TREE
--- a/devtools/client/debugger/new/src/utils/prefs.js
+++ b/devtools/client/debugger/new/src/utils/prefs.js
@@ -49,17 +49,17 @@ if (isDevelopment()) {
   pref("devtools.debugger.features.shortcuts", true);
   pref("devtools.debugger.features.root", true);
   pref("devtools.debugger.features.map-scopes", true);
   pref("devtools.debugger.features.remove-command-bar-options", true);
   pref("devtools.debugger.features.code-coverage", false);
   pref("devtools.debugger.features.event-listeners", false);
   pref("devtools.debugger.features.code-folding", false);
   pref("devtools.debugger.features.outline", true);
-  pref("devtools.debugger.features.column-breakpoints", true);
+  pref("devtools.debugger.features.column-breakpoints", false);
   pref("devtools.debugger.features.pause-points", true);
   pref("devtools.debugger.features.skip-pausing", true);
   pref("devtools.debugger.features.component-pane", false);
   pref("devtools.debugger.features.autocomplete-expressions", false);
   pref("devtools.debugger.features.map-expression-bindings", true);
   pref("devtools.debugger.features.map-await-expression", true);
   pref("devtools.debugger.features.xhr-breakpoints", true);
 }
--- a/devtools/client/preferences/debugger.js
+++ b/devtools/client/preferences/debugger.js
@@ -46,17 +46,17 @@ pref("devtools.debugger.file-search-case
 pref("devtools.debugger.file-search-whole-word", false);
 pref("devtools.debugger.file-search-regex-match", false);
 pref("devtools.debugger.project-directory-root", "");
 pref("devtools.debugger.skip-pausing", false);
 
 pref("devtools.debugger.features.wasm", true);
 pref("devtools.debugger.features.shortcuts", true);
 pref("devtools.debugger.features.root", true);
-pref("devtools.debugger.features.column-breakpoints", true);
+pref("devtools.debugger.features.column-breakpoints", false);
 pref("devtools.debugger.features.chrome-scopes", false);
 pref("devtools.debugger.features.map-scopes", true);
 pref("devtools.debugger.features.remove-command-bar-options", false);
 pref("devtools.debugger.features.workers", true);
 pref("devtools.debugger.features.code-coverage", false);
 pref("devtools.debugger.features.event-listeners", false);
 pref("devtools.debugger.features.code-folding", false);
 pref("devtools.debugger.features.outline", true);
--- a/devtools/client/responsive.html/index.css
+++ b/devtools/client/responsive.html/index.css
@@ -147,35 +147,17 @@ body,
 }
 
 #screenshot-button:disabled {
   filter: var(--theme-icon-checked-filter);
   opacity: 1 !important;
 }
 
 #device-selector {
-  align-self: center;
-  background-position: right 4px center;
   margin-inline-start: 4px;
-  padding-left: 0;
-  width: 8em;
-}
-
-#device-selector .title {
-  width: 85%;
-}
-
-#device-pixel-ratio-menu {
-  width: 6em;
-  /* `max-width` is here to keep the UI compact if the device pixel ratio changes to a
-     repeating decimal value.  This can happen if you zoom the UI (Cmd + Plus / Minus on
-     macOS for example). */
-  max-width: 8em;
-  background-position: right 4px center;
-  padding-left: 0;
 }
 
 #viewports-container {
   display: flex;
   overflow: auto;
   height: 100%;
   width: 100%;
 }
--- a/devtools/client/themes/toolbars.css
+++ b/devtools/client/themes/toolbars.css
@@ -209,18 +209,21 @@
 splitter.devtools-horizontal-splitter,
 .devtools-side-splitter {
   background-color: var(--theme-splitter-color);
 }
 
 /* Dropdown Menu Button */
 .devtools-dropdown-button {
   background-image: url("chrome://devtools/skin/images/select-arrow.svg") !important;
+  background-position: right center !important;
   background-repeat: no-repeat !important;
   overflow: hidden;
+  padding-inline-start: 2px !important;
+  padding-inline-end: 10px !important;
   fill: var(--theme-toolbar-photon-icon-color);
   -moz-context-properties: fill;
 }
 
 .devtools-dropdown-button:not(:hover) {
   background-color: transparent;
 }
 
@@ -228,20 +231,8 @@ splitter.devtools-horizontal-splitter,
 .devtools-dropdown-button .title {
   display: inline-block;
   overflow: hidden;
   padding-top: 0.15em;
   text-align: center;
   text-overflow: ellipsis;
   white-space: nowrap;
 }
-
-/*
- * Style for the Network throttling menu button. This is shared between the Responsive
- * Design Mode and Network Monitor.
- */
-
-#network-throttling-menu {
-  padding-left: 2px;
-  padding-right: 10px;
-  background-position: right center;
-}
-
--- a/devtools/client/webconsole/components/ConsoleOutput.js
+++ b/devtools/client/webconsole/components/ConsoleOutput.js
@@ -31,17 +31,18 @@ const {
 function getPausedMessage(visibleMessages, messages, executionPoint) {
   if (!executionPoint || !visibleMessages) {
     return null;
   }
 
   let pausedMessage = messages.get(visibleMessages[0]);
   for (const messageId of visibleMessages) {
     const message = messages.get(messageId);
-    if (executionPoint.progress >= message.executionPoint.progress &&
+    if (message.executionPoint &&
+        executionPoint.progress >= message.executionPoint.progress &&
         message.executionPoint.progress > pausedMessage.executionPoint.progress) {
       pausedMessage = message;
     }
   }
 
   return pausedMessage;
 }
 
--- a/devtools/client/webconsole/components/Message.js
+++ b/devtools/client/webconsole/components/Message.js
@@ -122,17 +122,17 @@ class Message extends Component {
     e.preventDefault();
   }
 
   renderIcon() {
     const { level, messageId, executionPoint, serviceContainer } = this.props;
 
     return MessageIcon({
       level,
-      onRewindClick: serviceContainer.canRewind()
+      onRewindClick: (serviceContainer.canRewind() && executionPoint)
         ? () => serviceContainer.jumpToExecutionPoint(executionPoint, messageId)
         : null,
     });
   }
 
   render() {
     const {
       open,
--- a/devtools/server/actors/replay/debugger.js
+++ b/devtools/server/actors/replay/debugger.js
@@ -397,16 +397,23 @@ ReplayDebugger.prototype = {
   _breakpointKindSetter(kind, handler, callback) {
     if (handler) {
       this._setBreakpoint(callback, { kind }, handler);
     } else {
       this._clearMatchingBreakpoints(({position}) => position.kind == kind);
     }
   },
 
+  // Clear OnStep and OnPop hooks for all frames.
+  replayClearSteppingHooks() {
+    this._clearMatchingBreakpoints(
+      ({position}) => position.kind == "OnStep" || position.kind == "OnPop"
+    );
+  },
+
   /////////////////////////////////////////////////////////
   // Script methods
   /////////////////////////////////////////////////////////
 
   _getScript(id) {
     if (!id) {
       return null;
     }
@@ -760,31 +767,21 @@ ReplayDebuggerFrame.prototype = {
 
   get onStep() {
     return this._dbg._searchBreakpoints(({position, data}) => {
       return this._positionMatches(position, "OnStep") ? data : null;
     });
   },
 
   set onStep(handler) {
-    if (handler) {
-      // Use setReplayingOnStep instead.
-      NotAllowed();
-    }
-    this._clearOnStepBreakpoints();
-  },
-
-  _clearOnStepBreakpoints() {
-    this._dbg._clearMatchingBreakpoints(
-      ({position}) => this._positionMatches(position, "OnStep")
-    );
+    // Use setReplayingOnStep or replayClearSteppingHooks instead.
+    NotAllowed();
   },
 
   setReplayingOnStep(handler, offsets) {
-    this._clearOnStepBreakpoints();
     offsets.forEach(offset => {
       this._dbg._setBreakpoint(
         () => { handler.call(this._dbg.getNewestFrame()); },
         { kind: "OnStep",
           script: this._data.script,
           offset,
           frameIndex: this._data.index },
         handler);
@@ -802,19 +799,18 @@ ReplayDebuggerFrame.prototype = {
       this._dbg._setBreakpoint(() => {
           const result = this._dbg._sendRequest({ type: "popFrameResult" });
           handler.call(this._dbg.getNewestFrame(),
                        this._dbg._convertCompletionValue(result));
         },
         { kind: "OnPop", script: this._data.script, frameIndex: this._data.index },
         handler);
     } else {
-      this._dbg._clearMatchingBreakpoints(
-        ({position}) => this._positionMatches(position, "OnPop")
-      );
+      // Use replayClearSteppingHooks instead.
+      NotAllowed();
     }
   },
 
   get older() {
     if (this._data.index == 0) {
       // This is the oldest frame.
       return null;
     }
--- a/devtools/server/actors/replay/replay.js
+++ b/devtools/server/actors/replay/replay.js
@@ -682,22 +682,27 @@ const gRequestHandlers = {
   },
 
   getEnvironmentNames(request) {
     if (!RecordReplayControl.maybeDivergeFromRecording()) {
       return [{name: "Unknown names",
                value: "Recording divergence in getEnvironmentNames" }];
     }
 
-    const env = gPausedObjects.getObject(request.id);
-    const names = env.names();
+    try {
+      const env = gPausedObjects.getObject(request.id);
+      const names = env.names();
 
-    return names.map(name => {
-      return { name, value: convertValue(env.getVariable(name)) };
-    });
+      return names.map(name => {
+        return { name, value: convertValue(env.getVariable(name)) };
+      });
+    } catch (e) {
+      return [{name: "Unknown names",
+               value: "Exception thrown in getEnvironmentNames" }];
+    }
   },
 
   getFrame(request) {
     if (request.index == -1 /* NewestFrameIndex */) {
       const numFrames = countScriptFrames();
       if (!numFrames) {
         // Return an empty object when there are no frames.
         return {};
--- a/devtools/server/actors/thread.js
+++ b/devtools/server/actors/thread.js
@@ -854,28 +854,29 @@ const ThreadActor = ActorClassWithSpec(t
           break;
       }
     }
 
     return true;
   },
 
   /**
-   * Clear the onStep and onPop hooks from the given frame and all of the frames
-   * below it.
-   *
-   * @param Debugger.Frame aFrame
-   *        The frame we want to clear the stepping hooks from.
+   * Clear the onStep and onPop hooks for all frames on the stack.
    */
-  _clearSteppingHooks: function(frame) {
-    if (frame && frame.live) {
-      while (frame) {
-        frame.onStep = undefined;
-        frame.onPop = undefined;
-        frame = frame.older;
+  _clearSteppingHooks: function() {
+    if (this.dbg.replaying) {
+      this.dbg.replayClearSteppingHooks();
+    } else {
+      let frame = this.youngestFrame;
+      if (frame && frame.live) {
+        while (frame) {
+          frame.onStep = undefined;
+          frame.onPop = undefined;
+          frame = frame.older;
+        }
       }
     }
   },
 
   /**
    * Listen to the debuggee's DOM events if we received a request to do so.
    *
    * @param Object request
@@ -935,17 +936,17 @@ const ThreadActor = ActorClassWithSpec(t
         message: "Can't rewind a debuggee that is not replaying.",
       };
     }
 
     let resumeLimitHandled;
     if (request && request.resumeLimit) {
       resumeLimitHandled = this._handleResumeLimit(request);
     } else {
-      this._clearSteppingHooks(this.youngestFrame);
+      this._clearSteppingHooks();
       resumeLimitHandled = Promise.resolve(true);
     }
 
     return resumeLimitHandled.then(() => {
       if (request) {
         this._options.pauseOnExceptions = request.pauseOnExceptions;
         this._options.ignoreCaughtExceptions = request.ignoreCaughtExceptions;
         this.maybePauseOnExceptions();
@@ -1457,20 +1458,17 @@ const ThreadActor = ActorClassWithSpec(t
     if (this.state === "paused") {
       return undefined;
     }
 
     // Clear stepping hooks.
     this.dbg.onEnterFrame = undefined;
     this.dbg.replayingOnPopFrame = undefined;
     this.dbg.onExceptionUnwind = undefined;
-    if (frame) {
-      frame.onStep = undefined;
-      frame.onPop = undefined;
-    }
+    this._clearSteppingHooks();
 
     // Clear DOM event breakpoints.
     // XPCShell tests don't use actual DOM windows for globals and cause
     // removeListenerForAllEvents to throw.
     if (!isWorker &&
         this.global &&
         !this.dbg.replaying &&
         !this.global.toString().includes("Sandbox")) {
--- a/gfx/layers/ipc/PWebRenderBridge.ipdl
+++ b/gfx/layers/ipc/PWebRenderBridge.ipdl
@@ -49,17 +49,17 @@ parent:
                        WebRenderScrollData aScrollData,
                        OpUpdateResource[] aResourceUpdates, RefCountedShmem[] aSmallShmems, Shmem[] aLargeShmems,
                        IdNamespace aIdNamespace, bool containsSVGGroup, TimeStamp refreshStartTime, TimeStamp txnStartTime, nsCString txnURL, TimeStamp fwdTime);
   async EmptyTransaction(FocusTarget focusTarget, ScrollUpdatesMap scrollUpdates, uint32_t aPaintSequenceNumber,
                          WebRenderParentCommand[] commands, OpDestroy[] toDestroy, uint64_t fwdTransactionId, TransactionId transactionId,
                          OpUpdateResource[] aResourceUpdates, RefCountedShmem[] aSmallShmems, Shmem[] aLargeShmems,
                          IdNamespace aIdNamespace, TimeStamp refreshStartTime, TimeStamp txnStartTime, nsCString txnURL, TimeStamp fwdTime);
   async SetFocusTarget(FocusTarget focusTarget);
-  async UpdateResources(OpUpdateResource[] aResourceUpdates, RefCountedShmem[] aSmallShmems, Shmem[] aLargeShmems, bool scheduleComposite);
+  async UpdateResources(OpUpdateResource[] aResourceUpdates, RefCountedShmem[] aSmallShmems, Shmem[] aLargeShmems);
   async ParentCommands(WebRenderParentCommand[] commands);
   sync GetSnapshot(PTexture texture);
   async SetLayersObserverEpoch(LayersObserverEpoch childEpoch);
   async ClearCachedResources();
   // Schedule a composite if one isn't already scheduled.
   async ScheduleComposite();
   // Save the frame capture to disk
   async Capture();
--- a/gfx/layers/wr/WebRenderBridgeChild.cpp
+++ b/gfx/layers/wr/WebRenderBridgeChild.cpp
@@ -91,35 +91,34 @@ WebRenderBridgeChild::BeginTransaction()
 {
   MOZ_ASSERT(!mDestroyed);
 
   UpdateFwdTransactionId();
   mIsInTransaction = true;
 }
 
 void
-WebRenderBridgeChild::UpdateResources(wr::IpcResourceUpdateQueue& aResources,
-                                      bool aScheduleComposite /* = false */)
+WebRenderBridgeChild::UpdateResources(wr::IpcResourceUpdateQueue& aResources)
 {
   if (!IPCOpen()) {
     aResources.Clear();
     return;
   }
 
   if (aResources.IsEmpty()) {
     return;
   }
 
   nsTArray<OpUpdateResource> resourceUpdates;
   nsTArray<RefCountedShmem> smallShmems;
   nsTArray<ipc::Shmem> largeShmems;
   aResources.Flush(resourceUpdates, smallShmems, largeShmems);
 
   this->SendUpdateResources(resourceUpdates, smallShmems,
-                            largeShmems, aScheduleComposite);
+                            largeShmems);
 }
 
 void
 WebRenderBridgeChild::EndTransaction(const wr::LayoutSize& aContentSize,
                                      wr::BuiltDisplayList& aDL,
                                      wr::IpcResourceUpdateQueue& aResources,
                                      const gfx::IntSize& aSize,
                                      TransactionId aTransactionId,
--- a/gfx/layers/wr/WebRenderBridgeChild.h
+++ b/gfx/layers/wr/WebRenderBridgeChild.h
@@ -61,18 +61,17 @@ class WebRenderBridgeChild final : publi
 {
   NS_INLINE_DECL_THREADSAFE_REFCOUNTING(WebRenderBridgeChild, override)
 
 public:
   explicit WebRenderBridgeChild(const wr::PipelineId& aPipelineId);
 
   void AddWebRenderParentCommand(const WebRenderParentCommand& aCmd);
 
-  void UpdateResources(wr::IpcResourceUpdateQueue& aResources,
-                       bool aScheduleComposite = false);
+  void UpdateResources(wr::IpcResourceUpdateQueue& aResources);
   void BeginTransaction();
   void EndTransaction(const wr::LayoutSize& aContentSize,
                       wr::BuiltDisplayList& dl,
                       wr::IpcResourceUpdateQueue& aResources,
                       const gfx::IntSize& aSize,
                       TransactionId aTransactionId,
                       const WebRenderScrollData& aScrollData,
                       bool aContainsSVGroup,
--- a/gfx/layers/wr/WebRenderBridgeParent.cpp
+++ b/gfx/layers/wr/WebRenderBridgeParent.cpp
@@ -744,18 +744,17 @@ WebRenderBridgeParent::ObserveSharedSurf
   for (const auto& pair : aPairs) {
     SharedSurfacesParent::Release(pair.id);
   }
 }
 
 mozilla::ipc::IPCResult
 WebRenderBridgeParent::RecvUpdateResources(nsTArray<OpUpdateResource>&& aResourceUpdates,
                                            nsTArray<RefCountedShmem>&& aSmallShmems,
-                                           nsTArray<ipc::Shmem>&& aLargeShmems,
-                                           const bool& aScheduleComposite)
+                                           nsTArray<ipc::Shmem>&& aLargeShmems)
 {
   if (mDestroyed) {
     wr::IpcResourceUpdateQueue::ReleaseShmems(this, aSmallShmems);
     wr::IpcResourceUpdateQueue::ReleaseShmems(this, aLargeShmems);
     return IPC_OK();
   }
 
   wr::TransactionBuilder txn;
@@ -765,21 +764,16 @@ WebRenderBridgeParent::RecvUpdateResourc
     UpdateResources(aResourceUpdates, aSmallShmems, aLargeShmems, txn);
   wr::IpcResourceUpdateQueue::ReleaseShmems(this, aSmallShmems);
   wr::IpcResourceUpdateQueue::ReleaseShmems(this, aLargeShmems);
 
   if (!success) {
     return IPC_FAIL(this, "Invalid WebRender resource data shmem or address.");
   }
 
-  if (aScheduleComposite) {
-    txn.InvalidateRenderedFrame();
-    ScheduleGenerateFrame();
-  }
-
   mApi->SendTransaction(txn);
 
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult
 WebRenderBridgeParent::RecvDeleteCompositorAnimations(InfallibleTArray<uint64_t>&& aIds)
 {
--- a/gfx/layers/wr/WebRenderBridgeParent.h
+++ b/gfx/layers/wr/WebRenderBridgeParent.h
@@ -75,18 +75,17 @@ public:
                                               const TextureInfo& aInfo) override;
   mozilla::ipc::IPCResult RecvReleaseCompositable(const CompositableHandle& aHandle) override;
 
   mozilla::ipc::IPCResult RecvShutdown() override;
   mozilla::ipc::IPCResult RecvShutdownSync() override;
   mozilla::ipc::IPCResult RecvDeleteCompositorAnimations(InfallibleTArray<uint64_t>&& aIds) override;
   mozilla::ipc::IPCResult RecvUpdateResources(nsTArray<OpUpdateResource>&& aUpdates,
                                               nsTArray<RefCountedShmem>&& aSmallShmems,
-                                              nsTArray<ipc::Shmem>&& aLargeShmems,
-                                              const bool& aScheduleComposite) override;
+                                              nsTArray<ipc::Shmem>&& aLargeShmems) override;
   mozilla::ipc::IPCResult RecvSetDisplayList(const gfx::IntSize& aSize,
                                              InfallibleTArray<WebRenderParentCommand>&& aCommands,
                                              InfallibleTArray<OpDestroy>&& aToDestroy,
                                              const uint64_t& aFwdTransactionId,
                                              const TransactionId& aTransactionId,
                                              const wr::LayoutSize& aContentSize,
                                              ipc::ByteBuf&& dl,
                                              const wr::BuiltDisplayListDescriptor& dlDesc,
--- a/gfx/layers/wr/WebRenderLayerManager.cpp
+++ b/gfx/layers/wr/WebRenderLayerManager.cpp
@@ -359,18 +359,17 @@ WebRenderLayerManager::EndTransactionWit
 
   if (mAsyncResourceUpdates) {
     if (resourceUpdates.IsEmpty()) {
       resourceUpdates = std::move(mAsyncResourceUpdates.ref());
     } else {
       // If we can't just swap the queue, we need to take the slow path and
       // send the update as a separate message. We don't need to schedule a
       // composite however because that will happen with EndTransaction.
-      WrBridge()->UpdateResources(mAsyncResourceUpdates.ref(),
-                                  /* aScheduleComposite */ false);
+      WrBridge()->UpdateResources(mAsyncResourceUpdates.ref());
     }
     mAsyncResourceUpdates.reset();
   }
 
   for (const auto& key : mImageKeysToDelete) {
     resourceUpdates.DeleteImage(key);
   }
   mImageKeysToDelete.Clear();
@@ -756,18 +755,17 @@ WebRenderLayerManager::FlushAsyncResourc
 {
   MOZ_ASSERT(NS_IsMainThread());
 
   if (!mAsyncResourceUpdates) {
     return;
   }
 
   if (!IsDestroyed() && WrBridge()) {
-    WrBridge()->UpdateResources(mAsyncResourceUpdates.ref(),
-                                /* aScheduleComposite */ true);
+    WrBridge()->UpdateResources(mAsyncResourceUpdates.ref());
   }
 
   mAsyncResourceUpdates.reset();
 }
 
 void
 WebRenderLayerManager::RegisterAsyncAnimation(const wr::ImageKey& aKey,
                                               SharedSurfacesAnimation* aAnimation)
--- a/layout/reftests/css-gradients/reftest.list
+++ b/layout/reftests/css-gradients/reftest.list
@@ -68,17 +68,17 @@ fuzzy-if(d2d,0-127,0-2612) == repeating-
 fuzzy-if(skiaContent,0-18,0-600) == twostops-1a.html twostops-1-ref.html
 fuzzy-if(skiaContent,0-18,0-600) == twostops-1b.html twostops-1-ref.html
 fuzzy-if(skiaContent,0-226,0-600) == twostops-1c.html twostops-1-ref.html
 fuzzy-if(skiaContent,0-141,0-300) == twostops-1d.html twostops-1-ref.html
 fuzzy-if(skiaContent,0-73,0-900) == twostops-1e.html twostops-1-ref.html
 
 # from http://www.xanthir.com/:4bhipd by way of http://a-ja.net/newgrad.html
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-3,0-20000) fuzzy-if(azureSkiaGL||skiaContent&&layersGPUAccelerated,0-8,0-20000) == aja-linear-1a.html aja-linear-1-ref.html
-fails-if(!d2d&&!skiaContent) fuzzy-if(skiaContent,0-1,0-20000) fuzzy-if(webrender&&winWidget&&isDebugBuild,1-2,11550-11789) == aja-linear-1b.html aja-linear-1-ref.html # bug 526694
+fails-if(!d2d&&!skiaContent) fuzzy-if(skiaContent,0-1,0-20000) fuzzy-if(webrender&&winWidget,1-2,11550-11789) == aja-linear-1b.html aja-linear-1-ref.html # bug 526694
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-3,0-20000) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-1c.html aja-linear-1-ref.html 
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-3,0-20000) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-1d.html aja-linear-1-ref.html 
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-3,0-20000) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-1e.html aja-linear-1-ref.html 
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-3,0-20000) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-1f.html aja-linear-1-ref.html 
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-2,0-20000) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-2.html aja-linear-2-ref.html
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-2,0-19999) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-3a.html aja-linear-3-ref.html 
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-2,0-19999) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-3b.html aja-linear-3-ref.html 
 fuzzy-if(!contentSameGfxBackendAsCanvas,0-4,0-20000) fuzzy-if(azureSkiaGL||skiaContent,0-8,0-20000) == aja-linear-4a.html aja-linear-4-ref.html 
--- a/layout/tools/reftest/reftest.jsm
+++ b/layout/tools/reftest/reftest.jsm
@@ -358,16 +358,18 @@ function ReadTests() {
          * with python harness.
         */
         let manifests = prefs.getStringPref("reftest.manifests", null);
         let dumpTests = prefs.getStringPref("reftest.manifests.dumpTests", null);
         let testList = prefs.getStringPref("reftest.tests", null);
 
         if ((testList && manifests) || !(testList || manifests)) {
             logger.error("Exactly one of reftest.manifests or reftest.tests must be specified.");
+            logger.debug("reftest.manifests is: " + manifests);
+            logger.error("reftest.tests is: " + testList);
             DoneTests();
         }
 
         if (testList) {
             logger.debug("Reading test objects from: " + testList);
             let promise = OS.File.read(testList).then(function onSuccess(array) {
                 let decoder = new TextDecoder();
                 g.urls = JSON.parse(decoder.decode(array)).map(CreateUrls);
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-59ef418bf925
+4b9cf6e61a48
--- a/security/nss/cmd/modutil/error.h
+++ b/security/nss/cmd/modutil/error.h
@@ -126,16 +126,17 @@ typedef enum {
     BAD_PW_MSG,
     PW_MATCH_MSG,
     DONE_MSG,
     ENABLE_SUCCESS_MSG,
     DEFAULT_SUCCESS_MSG,
     UNDEFAULT_SUCCESS_MSG,
     BROWSER_RUNNING_MSG,
     ABORTING_MSG,
+    P11_KIT_ENABLED_MSG,
 
     LAST_MSG /* must be last */
 } Message;
 
 /* defined in modutil.c */
 extern char *msgStrings[];
 
 #endif /* MODUTIL_ERROR_H */
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -133,17 +133,21 @@ char* msgStrings[] = {
     "done.\n",
     "Slot \"%s\" %s.\n",
     "Successfully changed defaults.\n",
     "Successfully changed defaults.\n",
     "\nWARNING: Performing this operation while the browser is running could cause"
     "\ncorruption of your security databases. If the browser is currently running,"
     "\nyou should exit browser before continuing this operation. Type "
     "\n'q <enter>' to abort, or <enter> to continue: ",
-    "\nAborting...\n"
+    "\nAborting...\n",
+    "\nWARNING: Manually adding a module while p11-kit is enabled could cause"
+    "\nduplicate module registration in your security database. It is suggested "
+    "\nto configure the module through p11-kit configuration file instead.\n"
+    "\nType 'q <enter>' to abort, or <enter> to continue: "
 };
 
 /* Increment i if doing so would have i still be less than j.  If you
    are able to do this, return 0.  Otherwise return 1. */
 #define TRY_INC(i, j) (((i + 1) < j) ? (++i, 0) : 1)
 
 /********************************************************************
  *
@@ -851,16 +855,38 @@ main(int argc, char* argv[])
         goto loser;
     }
 
     errcode = LoadMechanismList();
     if (errcode != SUCCESS) {
         goto loser;
     }
 
+    /* Warn if we are adding a module while p11-kit is enabled in the
+     * database. */
+    if ((command == ADD_COMMAND || command == RAW_ADD_COMMAND) &&
+        IsP11KitEnabled()) {
+        char* response;
+
+        PR_fprintf(PR_STDOUT, msgStrings[P11_KIT_ENABLED_MSG]);
+        if (!PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
+            PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
+            errcode = STDIN_READ_ERR;
+            goto loser;
+        }
+        if ((response = strtok(stdinbuf, " \r\n\t"))) {
+            if (!PL_strcasecmp(response, "q")) {
+                PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
+                errcode = SUCCESS;
+                goto loser;
+            }
+        }
+        PR_fprintf(PR_STDOUT, "\n");
+    }
+
     /* Execute the command */
     switch (command) {
         case ADD_COMMAND:
             errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
             break;
         case CHANGEPW_COMMAND:
             errcode = ChangePW(tokenName, pwFile, newpwFile);
             break;
--- a/security/nss/cmd/modutil/modutil.h
+++ b/security/nss/cmd/modutil/modutil.h
@@ -31,11 +31,12 @@ Error ListModule(char *moduleName);
 Error ListModules();
 Error InitPW(void);
 Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
 Error EnableModule(char *moduleName, char *slotName, PRBool enable);
 Error RawAddModule(char *dbmodulespec, char *modulespec);
 Error RawListModule(char *modulespec);
 Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
 Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
+PRBool IsP11KitEnabled(void);
 void out_of_memory(void);
 
 #endif /*MODUTIL_H*/
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -254,16 +254,65 @@ getStringFromFlags(unsigned long flags, 
                 strcat(buf, ":");
             }
             strcat(buf, array[i].name);
         }
     }
     return buf;
 }
 
+static PRBool
+IsP11KitProxyModule(SECMODModule *module)
+{
+    CK_INFO modinfo;
+    static const char p11KitManufacturerID[33] =
+        "PKCS#11 Kit                     ";
+    static const char p11KitLibraryDescription[33] =
+        "PKCS#11 Kit Proxy Module        ";
+
+    if (PK11_GetModInfo(module, &modinfo) == SECSuccess &&
+        PORT_Memcmp(modinfo.manufacturerID,
+                    p11KitManufacturerID,
+                    sizeof(modinfo.manufacturerID)) == 0 &&
+        PORT_Memcmp(modinfo.libraryDescription,
+                    p11KitLibraryDescription,
+                    sizeof(modinfo.libraryDescription)) == 0) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+PRBool
+IsP11KitEnabled(void)
+{
+    SECMODListLock *lock;
+    SECMODModuleList *mlp;
+    PRBool found = PR_FALSE;
+
+    lock = SECMOD_GetDefaultModuleListLock();
+    if (!lock) {
+        PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
+        return found;
+    }
+
+    SECMOD_GetReadLock(lock);
+
+    mlp = SECMOD_GetDefaultModuleList();
+    for (; mlp != NULL; mlp = mlp->next) {
+        if (IsP11KitProxyModule(mlp->module)) {
+            found = PR_TRUE;
+            break;
+        }
+    }
+
+    SECMOD_ReleaseReadLock(lock);
+    return found;
+}
+
 /**********************************************************************
  *
  * A d d M o d u l e
  *
  * Add the named module, with the given library file, ciphers, and
  * default mechanism flags
  */
 Error
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/doc/certutil.xml
+++ b/security/nss/doc/certutil.xml
@@ -253,17 +253,18 @@ Add one or multiple extensions that cert
       <varlistentry>
         <term>-g keysize</term>
         <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.</para></listitem>
       </varlistentry>
 
 
       <varlistentry>
         <term>-h tokenname</term>
-        <listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para></listitem>
+        <listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para>
+	<para>The name can also be a PKCS #11 URI. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB". For details about the format, see RFC 7512.</para></listitem>
       </varlistentry>
 
      <varlistentry>
         <term>-i input_file</term>
         <listitem><para>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -287,17 +288,18 @@ Add one or multiple extensions that cert
 
       <varlistentry>
         <term>-m serial-number</term>
         <listitem><para>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-n nickname</term>
-        <listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para></listitem>
+        <listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para>
+	<para>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-o output-file</term>
         <listitem><para>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -1012,19 +1014,21 @@ certutil: Checking token "NSS Certificat
 	<para><command>Listing Security Modules</command></para>
 	<para>
 		The devices that can be used to store certificates -- both internal databases and external devices like smart cards -- are recognized and used by loading security modules. The <option>-U</option> command option lists all of the security modules listed in the <filename>secmod.db</filename> database. The path to the directory (<option>-d</option>) is required.
 	</para>
 <programlisting>$ certutil -U -d sql:/home/my/sharednssdb
 
     slot: NSS User Private Key and Certificate Services                  
    token: NSS Certificate DB
+     uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 
     slot: NSS Internal Cryptographic Services                            
-   token: NSS Generic Crypto Services</programlisting>
+   token: NSS Generic Crypto Services
+     uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203</programlisting>
 
 	<para><command>Adding Certificates to the Database</command></para>
 	<para>
 		Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere. This uses the <option>-A</option> command option.
 	</para>
 <programlisting>certutil -A -n certname -t trustargs -d [sql:]directory [-a] [-i input-file]</programlisting>
 	<para>
 		For example:
--- a/security/nss/doc/html/certutil.html
+++ b/security/nss/doc/html/certutil.html
@@ -1,31 +1,31 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm45522631704896"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm46274732654912"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Database Tool, <span class="command"><strong>certutil</strong></span>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</p><p>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <span class="command"><strong>modutil</strong></span> manpage.</p></div><div class="refsection"><a name="options"></a><h2>Command Options and Arguments</h2><p>Running <span class="command"><strong>certutil</strong></span> always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <code class="option">-H</code> will list all the command options and their relevant arguments.</p><p><span class="command"><strong>Command Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A </span></dt><dd><p>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</p></dd><dt><span class="term">-B</span></dt><dd><p>Run a series of commands from the specified batch file. This requires the <code class="option">-i</code> argument.</p></dd><dt><span class="term">-C </span></dt><dd><p>Create a new binary certificate file from a binary certificate request file. Use the <code class="option">-i</code> argument to specify the certificate request file. If this argument is not used, <span class="command"><strong>certutil</strong></span> prompts for a filename. </p></dd><dt><span class="term">-D </span></dt><dd><p>Delete a certificate from the certificate database.</p></dd><dt><span class="term">--rename </span></dt><dd><p>Change the database nickname of a certificate.</p></dd><dt><span class="term">-E </span></dt><dd><p>Add an email certificate to the certificate database.</p></dd><dt><span class="term">-F</span></dt><dd><p>Delete a private key and the associated certificate from a database. Specify the key to delete with the -n argument or the -k argument. Specify the database from which to delete the key with the
 <code class="option">-d</code> argument.
 </p><p>
 Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair.</p></dd><dt><span class="term">-G </span></dt><dd><p>Generate a new public and private key pair within a key database. The key database should already exist; if one is not present, this command option will initialize one by default. Some smart cards can store only one key pair. If you create a new key pair for such a card, the previous pair is overwritten.</p></dd><dt><span class="term">-H </span></dt><dd><p>Display a list of the command options and arguments.</p></dd><dt><span class="term">-K </span></dt><dd><p>List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).</p></dd><dt><span class="term">-L </span></dt><dd><p>List all the certificates, or display information about a named certificate, in a certificate database.
 Use the -h tokenname argument to specify the certificate database on a particular hardware or software token.</p></dd><dt><span class="term">-M </span></dt><dd><p>Modify a certificate's trust attributes using the values of the -t argument.</p></dd><dt><span class="term">-N</span></dt><dd><p>Create new certificate and key databases.</p></dd><dt><span class="term">-O </span></dt><dd><p>Print the certificate chain.</p></dd><dt><span class="term">-R</span></dt><dd><p>Create a certificate request file that can be submitted to a Certificate Authority (CA) for processing into a finished certificate. Output defaults to standard out unless you use -o output-file argument.
 
 Use the -a argument to specify ASCII output.</p></dd><dt><span class="term">-S </span></dt><dd><p>Create an individual certificate and add it to a certificate database.</p></dd><dt><span class="term">-T </span></dt><dd><p>Reset the key database or token.</p></dd><dt><span class="term">-U </span></dt><dd><p>List all available modules or print a single named module.</p></dd><dt><span class="term">-V </span></dt><dd><p>Check the validity of a certificate and its attributes.</p></dd><dt><span class="term">-W </span></dt><dd><p>Change the password to a key database.</p></dd><dt><span class="term">--merge</span></dt><dd><p>Merge two databases into one.</p></dd><dt><span class="term">--upgrade-merge</span></dt><dd><p>Upgrade an old database and merge it into a new database. This is used to migrate legacy NSS databases (<code class="filename">cert8.db</code> and <code class="filename">key3.db</code>) into the newer SQLite databases (<code class="filename">cert9.db</code> and <code class="filename">key4.db</code>).</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Arguments modify a command option and are usually lower case, numbers, or symbols.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-a</span></dt><dd><p>Use ASCII format or allow the use of ASCII format for input or output. This formatting follows RFC 1113. 
 For certificate requests, ASCII output defaults to standard output unless redirected.</p></dd><dt><span class="term">-b validity-time</span></dt><dd><p>Specify a time at which a certificate is required to be valid. Use when checking certificate validity with the <code class="option">-V</code> option. The format of the <span class="emphasis"><em>validity-time</em></span> argument is <span class="emphasis"><em>YYMMDDHHMMSS[+HHMM|-HHMM|Z]</em></span>, which allows offsets to be set relative to the validity end time. Specifying seconds (<span class="emphasis"><em>SS</em></span>) is optional. When specifying an explicit time, use a Z at the end of the term, <span class="emphasis"><em>YYMMDDHHMMSSZ</em></span>, to close it. When specifying an offset time, use <span class="emphasis"><em>YYMMDDHHMMSS+HHMM</em></span> or <span class="emphasis"><em>YYMMDDHHMMSS-HHMM</em></span> for adding or subtracting time, respectively.
 </p><p>
 If this option is not used, the validity check defaults to the current system time.</p></dd><dt><span class="term">-c issuer</span></dt><dd><p>Identify the certificate of the CA from which a new certificate will derive its authenticity. 
  Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string 
  with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql:</strong></span> requests the newer database</p></li><li class="listitem"><p><span class="command"><strong>dbm:</strong></span> requests the legacy database</p></li></ul></div><p>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <span class="command"><strong>dbm:</strong></span> is the default.</p></dd><dt><span class="term">--dump-ext-val OID </span></dt><dd><p>For single cert, print binary DER encoding of extension OID.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]... </span></dt><dd><p>
 Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.
            </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>OID (example): 1.2.3.4</p></li><li class="listitem"><p>critical-flag: critical or not-critical</p></li><li class="listitem"><p>filename: full path to a file containing an encoded extension</p></li></ul></div></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate 
  or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent 
- unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p>
+ unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p><p>The name can also be a PKCS #11 URI. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB". For details about the format, see RFC 7512.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p>
            The valid key type options are rsa, dsa, ec, or all. The default 
            value is rsa. Specifying the type of key can avoid mistakes caused by
            duplicate nicknames. Giving a key type generates a new key pair; 
            giving the ID of an existing key reuses that key pair (which is 
            required to renew certificates).
-          </p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>
+          </p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p><p>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>
            If a token is available that supports more curves, the foolowing curves are supported as well:
            sect163k1, nistk163, sect163r1, sect163r2,
            nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
            sect233r1, nistb233, sect239k1, sect283k1, nistk283,
            sect283r1, nistb283, sect409k1, nistk409, sect409r1,
            nistb409,  sect571k1, nistk571, sect571r1, nistb571,
            secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
            nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
@@ -272,19 +272,21 @@ certutil: Checking token "NSS Certificat
 	</p></li><li class="listitem"><p>
 		If there are multiple key types available, then the <code class="option">-k</code> <span class="emphasis"><em>key-type</em></span> argument can search a specific type of key, like RSA, DSA, or ECC. 
 	</p></li></ul></div><p><span class="command"><strong>Listing Security Modules</strong></span></p><p>
 		The devices that can be used to store certificates -- both internal databases and external devices like smart cards -- are recognized and used by loading security modules. The <code class="option">-U</code> command option lists all of the security modules listed in the <code class="filename">secmod.db</code> database. The path to the directory (<code class="option">-d</code>) is required.
 	</p><pre class="programlisting">$ certutil -U -d sql:/home/my/sharednssdb
 
     slot: NSS User Private Key and Certificate Services                  
    token: NSS Certificate DB
+     uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 
     slot: NSS Internal Cryptographic Services                            
-   token: NSS Generic Crypto Services</pre><p><span class="command"><strong>Adding Certificates to the Database</strong></span></p><p>
+   token: NSS Generic Crypto Services
+     uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203</pre><p><span class="command"><strong>Adding Certificates to the Database</strong></span></p><p>
 		Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere. This uses the <code class="option">-A</code> command option.
 	</p><pre class="programlisting">certutil -A -n certname -t trustargs -d [sql:]directory [-a] [-i input-file]</pre><p>
 		For example:
 	</p><pre class="programlisting">$ certutil -A -n "CN=My SSL Certificate" -t ",," -d sql:/home/my/sharednssdb -i /home/example-certs/cert.cer</pre><p>
 		A related command option, <code class="option">-E</code>, is used specifically to add email certificates to the certificate database. The <code class="option">-E</code> command has the same arguments as the <code class="option">-A</code> command. The trust arguments for certificates have the format <span class="emphasis"><em>SSL,S/MIME,Code-signing</em></span>, so the middle trust settings relate most to email certificates (though the others can be set). For example:
 	</p><pre class="programlisting">$ certutil -E -n "CN=John Smith Email Cert" -t ",P," -d sql:/home/my/sharednssdb -i /home/example-certs/email.cer</pre><p><span class="command"><strong>Deleting Certificates to the Database</strong></span></p><p>
 		Certificates can be deleted from a database using the <code class="option">-D</code> option. The only required options are to give the security database directory and to identify the certificate nickname.
 	</p><pre class="programlisting">certutil -D -d [sql:]directory -n "nickname"</pre><p>
--- a/security/nss/doc/html/modutil.html
+++ b/security/nss/doc/html/modutil.html
@@ -1,9 +1,9 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>MODUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="MODUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">MODUTIL</th></tr></table><hr></div><div class="refentry"><a name="modutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>modutil — Manage PKCS #11 module information within the security module database.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">modutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233245929376"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>MODUTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="MODUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">MODUTIL</th></tr></table><hr></div><div class="refentry"><a name="modutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>modutil — Manage PKCS #11 module information within the security module database.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">modutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm45295675968160"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Security Module Database Tool, <span class="command"><strong>modutil</strong></span>, is a command-line utility for managing PKCS #11 module information both within <code class="filename">secmod.db</code> files and within hardware tokens. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><p>
 		Running <span class="command"><strong>modutil</strong></span> always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments.
 	</p><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-add modulename</span></dt><dd><p>Add the named PKCS #11 module to the database. Use this option with the <code class="option">-libfile</code>, <code class="option">-ciphers</code>, and <code class="option">-mechanisms</code> arguments.</p></dd><dt><span class="term">-changepw tokenname</span></dt><dd><p>Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the <code class="option">-pwfile</code> and <code class="option">-newpwfile</code> arguments. A <span class="emphasis"><em>password</em></span> is equivalent to a personal identification number (PIN).</p></dd><dt><span class="term">-chkfips</span></dt><dd><p>Verify whether the module is in the given FIPS mode. <span class="command"><strong>true</strong></span> means to verify that the module is in FIPS mode, while <span class="command"><strong>false</strong></span> means to verify that the module is not in FIPS mode.</p></dd><dt><span class="term">-create</span></dt><dd><p>Create new certificate, key, and module databases. Use the <code class="option">-dbdir</code> directory argument to specify a directory. If any of these databases already exist in a specified directory, <span class="command"><strong>modutil</strong></span> returns an error message.</p></dd><dt><span class="term">-default modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd><dt><span class="term">-delete modulename</span></dt><dd><p>Delete the named module. The default NSS PKCS #11 module cannot be deleted.</p></dd><dt><span class="term">-disable modulename</span></dt><dd><p>Disable all slots on the named module. Use the <code class="option">-slot</code> argument to disable a specific slot.</p><p>The internal NSS PKCS #11 module cannot be disabled.</p></dd><dt><span class="term">-enable modulename</span></dt><dd><p>Enable all slots on the named module. Use the <code class="option">-slot</code> argument to enable a specific slot.</p></dd><dt><span class="term">-fips [true | false]</span></dt><dd><p>Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.</p></dd><dt><span class="term">-force</span></dt><dd><p>Disable <span class="command"><strong>modutil</strong></span>'s interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.</p></dd><dt><span class="term">-jar JAR-file</span></dt><dd><p>Add a new PKCS #11 module to the database using the named JAR file. Use this command with the <code class="option">-installdir</code> and <code class="option">-tempdir</code> arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with <span class="command"><strong>modutil</strong></span>. </p></dd><dt><span class="term">-list [modulename]</span></dt><dd><p>Display basic information about the contents of the <code class="filename">secmod.db</code> file. Specifying a <span class="emphasis"><em>modulename</em></span> displays detailed information about a particular module and its slots and tokens.</p></dd><dt><span class="term">-rawadd</span></dt><dd><p>Add the module spec string to the <code class="filename">secmod.db</code> database.</p></dd><dt><span class="term">-rawlist</span></dt><dd><p>Display the module specs for a specified module or for all loadable modules.</p></dd><dt><span class="term">-undefault modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">MODULE</span></dt><dd><p>Give the security module to access.</p></dd><dt><span class="term">MODULESPEC</span></dt><dd><p>Give the security module spec to load into the security database.</p></dd><dt><span class="term">-ciphers cipher-enable-list</span></dt><dd><p>Enable specific ciphers in a module that is being added to the database. The <span class="emphasis"><em>cipher-enable-list</em></span> is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.</p></dd><dt><span class="term">-dbdir [sql:]directory</span></dt><dd><p>Specify the database directory in which to access or create security module database files.</p><p><span class="command"><strong>modutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">--dbprefix prefix</span></dt><dd><p>Specify the prefix used on the database files, such as <code class="filename">my_</code> for <code class="filename">my_cert8.db</code>. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-installdir root-installation-directory</span></dt><dd><p>Specify the root installation directory relative to which files will be installed by the <code class="option">-jar</code> option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.</p></dd><dt><span class="term">-libfile library-file</span></dt><dd><p>Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.</p></dd><dt><span class="term">-mechanisms mechanism-list</span></dt><dd><p>Specify the security mechanisms for which a particular module will be flagged as a default provider. The <span class="emphasis"><em>mechanism-list</em></span> is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.</p><p>The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.</p><p><span class="command"><strong>modutil</strong></span> supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).</p></dd><dt><span class="term">-newpwfile new-password-file</span></dt><dd><p>Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the <code class="option">-changepw</code> option.</p></dd><dt><span class="term">-nocertdb</span></dt><dd><p>Do not open the certificate or key databases. This has several effects:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>With the <code class="option">-create</code> command, only a module security file is created; certificate and key databases are not created.</p></li><li class="listitem"><p>With the <code class="option">-jar</code> command, signatures on the JAR file are not checked.</p></li><li class="listitem"><p>With the <code class="option">-changepw</code> command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.</p></li></ul></div></dd><dt><span class="term">-pwfile old-password-file</span></dt><dd><p>Specify a text file containing a token's existing password so that a password can be entered automatically when the <code class="option">-changepw</code> option is used to change passwords.</p></dd><dt><span class="term">-secmod secmodname</span></dt><dd><p>Give the name of the security module database (like <code class="filename">secmod.db</code>) to load.</p></dd><dt><span class="term">-slot slotname</span></dt><dd><p>Specify a particular slot to be enabled or disabled with the <code class="option">-enable</code> or <code class="option">-disable</code> options.</p></dd><dt><span class="term">-string CONFIG_STRING</span></dt><dd><p>Pass a configuration string for the module being added to the database.</p></dd><dt><span class="term">-tempdir temporary-directory</span></dt><dd><p>Give a directory location where temporary files are created during the installation by the <code class="option">-jar</code> option. If no temporary directory is specified, the current directory is used.</p></dd></dl></div></div><div class="refsection"><a name="usage-and-examples"></a><h2>Usage and Examples</h2><p><span class="command"><strong>Creating Database Files</strong></span></p><p>Before any operations can be performed, there must be a set of security databases available. <span class="command"><strong>modutil</strong></span> can be used to create these files. The only required argument is the database that where the databases will be located.</p><pre class="programlisting">modutil -create -dbdir [sql:]directory</pre><p><span class="command"><strong>Adding a Cryptographic Module</strong></span></p><p>Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through <span class="command"><strong>modutil</strong></span> directly or by running a JAR file and install script. For the most basic case, simply upload the library:</p><pre class="programlisting">modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] </pre><p>For example:
 </p><pre class="programlisting">modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
 
 Using database directory ... 
 Module "Example PKCS #11 Module" added to database.</pre><p>
         </p><p><span class="command"><strong>Installing a Cryptographic Module from a JAR File</strong></span></p><p>PKCS #11 modules can also be loaded using a JAR file, which contains all of the required libraries and an installation script that describes how to install the module. The JAR install script is described in more detail in <a class="xref" href="index.html#jar-install-file" title="JAR Installation File Format">the section called “JAR Installation File Format”</a>.</p><p>The JAR installation script defines the setup information for each platform that the module can be installed on. For example:</p><pre class="programlisting">Platforms { 
@@ -58,19 +58,21 @@ Installation completed successfully </pr
 Listing of PKCS #11 Modules
 -----------------------------------------------------------
   1. NSS Internal PKCS #11 Module
          slots: 2 slots attached
         status: loaded
 
          slot: NSS Internal Cryptographic Services                            
         token: NSS Generic Crypto Services
+	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 
          slot: NSS User Private Key and Certificate Services                  
         token: NSS Certificate DB
+	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 -----------------------------------------------------------</pre><p>Passing a specific module name with the <code class="option">-list</code> returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example:</p><pre class="programlisting"> modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/home/my/sharednssdb
 
 -----------------------------------------------------------
 Name: NSS Internal PKCS #11 Module
 Library file: **Internal ONLY module**
 Manufacturer: Mozilla Foundation              
 Description: NSS Internal Crypto Services    
 PKCS #11 Version 2.20
--- a/security/nss/doc/html/pk12util.html
+++ b/security/nss/doc/html/pk12util.html
@@ -1,10 +1,10 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code>  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsection"><a name="idm139975398059856"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
-    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS #12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS #12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS #12 file.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the certiticate encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len  keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len  certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code>  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsection"><a name="idm45659476549872"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS #12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS #12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS #12 file.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the certiticate encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len  keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len  certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p><p>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
           Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS #12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token).
     </p><p>
     pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
     </p><p>For example:</p><p> </p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
 
 Enter a password which will be used to encrypt your keys.
 The password should be at least 8 characters long,
 and should contain at least one non-alphabetic character.
--- a/security/nss/doc/modutil.xml
+++ b/security/nss/doc/modutil.xml
@@ -317,19 +317,21 @@ Installation completed successfully </pr
 Listing of PKCS #11 Modules
 -----------------------------------------------------------
   1. NSS Internal PKCS #11 Module
          slots: 2 slots attached
         status: loaded
 
          slot: NSS Internal Cryptographic Services                            
         token: NSS Generic Crypto Services
+	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 
          slot: NSS User Private Key and Certificate Services                  
         token: NSS Certificate DB
+	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 -----------------------------------------------------------</programlisting>
 	<para>Passing a specific module name with the <option>-list</option> returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example:</para>
 <programlisting> modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/home/my/sharednssdb
 
 -----------------------------------------------------------
 Name: NSS Internal PKCS #11 Module
 Library file: **Internal ONLY module**
 Manufacturer: Mozilla Foundation              
--- a/security/nss/doc/nroff/certutil.1
+++ b/security/nss/doc/nroff/certutil.1
@@ -312,16 +312,18 @@ Specify a file that will automatically s
 \-g keysize
 .RS 4
 Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 2048 bits\&. Any size between the minimum and maximum is allowed\&.
 .RE
 .PP
 \-h tokenname
 .RS 4
 Specify the name of a token to use or act on\&. If not specified the default token is the internal database slot\&.
+.sp
+The name can also be a PKCS #11 URI\&. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB"\&. For details about the format, see RFC 7512\&.
 .RE
 .PP
 \-i input_file
 .RS 4
 Pass an input file to the command\&. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands\&.
 .RE
 .PP
 \-k key\-type\-or\-id
@@ -339,16 +341,18 @@ Display detailed information when valida
 \-m serial\-number
 .RS 4
 Assign a unique serial number to a certificate being created\&. This operation should be performed by a CA\&. If no serial number is provided a default serial number is made from the current time\&. Serial numbers are limited to integers
 .RE
 .PP
 \-n nickname
 .RS 4
 Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate\&. Bracket the nickname string with quotation marks if it contains spaces\&.
+.sp
+The nickname can also be a PKCS #11 URI\&. For example, if you have a certificate named "my\-server\-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my\-server\-cert"\&. For details about the format, see RFC 7512\&.
 .RE
 .PP
 \-o output\-file
 .RS 4
 Specify the output file name for new certificates or binary certificate requests\&. Bracket the output\-file string with quotation marks if it contains spaces\&. If this argument is not used the output destination defaults to standard output\&.
 .RE
 .PP
 \-P dbPrefix
@@ -1570,19 +1574,21 @@ database\&. The path to the directory (\
 .if n \{\
 .RS 4
 .\}
 .nf
 $ certutil \-U \-d sql:/home/my/sharednssdb
 
     slot: NSS User Private Key and Certificate Services                  
    token: NSS Certificate DB
+     uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 
     slot: NSS Internal Cryptographic Services                            
    token: NSS Generic Crypto Services
+     uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 .fi
 .if n \{\
 .RE
 .\}
 .PP
 \fBAdding Certificates to the Database\fR
 .PP
 Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere\&. This uses the
--- a/security/nss/doc/nroff/modutil.1
+++ b/security/nss/doc/nroff/modutil.1
@@ -1,18 +1,18 @@
 '\" t
 .\"     Title: MODUTIL
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date:  5 June 2014
+.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
+.\"      Date:  5 October 2017
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "MODUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.TH "MODUTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .\" http://bugs.debian.org/507673
 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .ie \n(.g .ds Aq \(aq
@@ -510,19 +510,21 @@ modutil \-list \-dbdir sql:/home/my/shar
 Listing of PKCS #11 Modules
 \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
   1\&. NSS Internal PKCS #11 Module
          slots: 2 slots attached
         status: loaded
 
          slot: NSS Internal Cryptographic Services                            
         token: NSS Generic Crypto Services
+	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 
          slot: NSS User Private Key and Certificate Services                  
         token: NSS Certificate DB
+	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
 \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 .fi
 .if n \{\
 .RE
 .\}
 .PP
 Passing a specific module name with the
 \fB\-list\fR
--- a/security/nss/doc/nroff/pk12util.1
+++ b/security/nss/doc/nroff/pk12util.1
@@ -1,18 +1,18 @@
 '\" t
 .\"     Title: PK12UTIL
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 27 October 2017
+.\"      Date:  5 October 2017
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "PK12UTIL" "1" "27 October 2017" "nss-tools" "NSS Security Tools"
+.TH "PK12UTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .\" http://bugs.debian.org/507673
 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .ie \n(.g .ds Aq \(aq
@@ -108,16 +108,18 @@ Specify the desired length of the symmet
 \-n | \-\-cert\-key\-len certKeyLength
 .RS 4
 Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&.
 .RE
 .PP
 \-n certname
 .RS 4
 Specify the nickname of the cert and private key to export\&.
+.sp
+The nickname can also be a PKCS #11 URI\&. For example, if you have a certificate named "my\-server\-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my\-server\-cert"\&. For details about the format, see RFC 7512\&.
 .RE
 .PP
 \-P prefix
 .RS 4
 Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
 .RE
 .PP
 \-r
--- a/security/nss/doc/pk12util.xml
+++ b/security/nss/doc/pk12util.xml
@@ -109,17 +109,18 @@
 
       <varlistentry>
         <term>-n | --cert-key-len  certKeyLength</term>
         <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-n certname</term>
-        <listitem><para>Specify the nickname of the cert and private key to export.</para></listitem>
+        <listitem><para>Specify the nickname of the cert and private key to export.</para>
+	<para>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-P prefix</term>
         <listitem><para>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
           Changing the names of the certificate and key databases is not recommended.</para></listitem>
       </varlistentry>
 
--- a/security/nss/gtests/nss_bogo_shim/config.json
+++ b/security/nss/gtests/nss_bogo_shim/config.json
@@ -59,17 +59,18 @@
         "ECDSAKeyUsage-TLS1*":"Bug 1338194",
         "PointFormat-Client-MissingUncompressed":"We ignore ec_point_formats extensions sent by servers.",
         "SkipEarlyData-SecondClientHelloEarlyData":"Boring doesn't reject early_data in the 2nd CH but fails later with bad_record_mac.",
         "SkipEarlyData-*TooMuchData":"Bug 1339373",
         "UnsolicitedServerNameAck-TLS1*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.",
         "RequireAnyClientCertificate-TLS1*":"Bug 1339387",
         "SendExtensionOnClientCertificate-TLS13":"Bug 1339392",
         "ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear",
-        "P224-Server":"NSS doesn't support P-224"
+        "P224-Server":"NSS doesn't support P-224",
+        "ClientAuth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty."
     },
     "ErrorMap" : {
         ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
         ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
         ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_RX_MALFORMED_SERVER_HELLO",
         ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP",
         ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE"
     }
--- a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -381,35 +381,30 @@ class TlsZeroCertificateRequestSigAlgsFi
     // Write certificate authorities.
     idx = output->Write(idx, cas.len(), 2);
     idx = output->Write(idx, cas);
 
     return CHANGE;
   }
 };
 
-// Check that we fall back to SHA-1 when the server doesn't provide any
+// Check that we send an alert when the server doesn't provide any
 // supported_signature_algorithms in the CertificateRequest message.
-TEST_P(TlsConnectTls12, ClientAuthNoSigAlgsFallback) {
+TEST_P(TlsConnectTls12, ClientAuthNoSigAlgs) {
   EnsureTlsSetup();
   MakeTlsFilter<TlsZeroCertificateRequestSigAlgsFilter>(server_);
   auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>(
       client_, kTlsHandshakeCertificateVerify);
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
 
-  ConnectExpectAlert(server_, kTlsAlertDecryptError);
+  ConnectExpectAlert(client_, kTlsAlertHandshakeFailure);
 
-  // We're expecting a bad signature here because we tampered with a handshake
-  // message (CertReq). Previously, without the SHA-1 fallback, we would've
-  // seen a malformed record alert.
-  server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
-  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
-
-  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pkcs1_sha1, 1024);
+  server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
+  client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
 }
 
 static const SSLSignatureScheme kSignatureSchemeEcdsaSha384[] = {
     ssl_sig_ecdsa_secp384r1_sha384};
 static const SSLSignatureScheme kSignatureSchemeEcdsaSha256[] = {
     ssl_sig_ecdsa_secp256r1_sha256};
 static const SSLSignatureScheme kSignatureSchemeRsaSha384[] = {
     ssl_sig_rsa_pkcs1_sha384};
--- a/security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
@@ -713,16 +713,96 @@ TEST_F(TlsConnectStreamTls13, RetryState
   // disagree about the transcript.
   client_->ExpectSendAlert(kTlsAlertBadRecordMac);
   server_->ExpectSendAlert(kTlsAlertBadRecordMac);
   Handshake();
   server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
   client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
 }
 
+// Stream because SSL_SendSessionTicket only supports that.
+TEST_F(TlsConnectStreamTls13, SecondClientHelloSendSameTicket) {
+  // This simulates the scenario described at:
+  // https://bugzilla.mozilla.org/show_bug.cgi?id=1481271#c7
+  //
+  // Here two connections are interleaved.  Tickets are issued on one
+  // connection.  A HelloRetryRequest is triggered on the second connection,
+  // meaning that there are two ClientHellos.  We need to check that both
+  // ClientHellos have the same ticket, even if a new ticket is issued on the
+  // other connection in the meantime.
+  //
+  // Connection 1: <handshake>
+  // Connection 1: S->C: NST=X
+  // Connection 2: C->S: CH [PSK_ID=X]
+  // Connection 1: S->C: NST=Y
+  // Connection 2: S->C: HRR
+  // Connection 2: C->S: CH [PSK_ID=Y]
+
+  // Connection 1, send a ticket after handshake is complete.
+  ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
+
+  Connect();
+
+  // Set this token so that RetryHelloWithToken() will check that this
+  // is the token that it receives in the HelloRetryRequest callback.
+  EXPECT_EQ(SECSuccess,
+            SSL_SendSessionTicket(server_->ssl_fd(), kApplicationToken,
+                                  sizeof(kApplicationToken)));
+  SendReceive(50);
+
+  // Connection 2, trigger HRR.
+  auto client2 =
+      std::make_shared<TlsAgent>(client_->name(), TlsAgent::CLIENT, variant_);
+  auto server2 =
+      std::make_shared<TlsAgent>(server_->name(), TlsAgent::SERVER, variant_);
+
+  client2->SetPeer(server2);
+  server2->SetPeer(client2);
+
+  client_.swap(client2);
+  server_.swap(server2);
+
+  ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
+
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+
+  client_->StartConnect();
+  server_->StartConnect();
+
+  size_t cb_called = 0;
+  EXPECT_EQ(SECSuccess,
+            SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+                                          RetryHelloWithToken, &cb_called));
+  client_->Handshake();  // Send ClientHello.
+  server_->Handshake();  // Process ClientHello, send HelloRetryRequest.
+
+  EXPECT_EQ(1U, cb_called) << "callback should be called once here";
+
+  // Connection 1, send another ticket.
+  client_.swap(client2);
+  server_.swap(server2);
+
+  // If the client uses this token, RetryHelloWithToken() will fail the test.
+  const uint8_t kAnotherApplicationToken[] = {0x92, 0x44, 0x01};
+  EXPECT_EQ(SECSuccess,
+            SSL_SendSessionTicket(server_->ssl_fd(), kAnotherApplicationToken,
+                                  sizeof(kAnotherApplicationToken)));
+  SendReceive(60);
+
+  // Connection 2, continue the handshake.
+  // The client should use kApplicationToken, not kAnotherApplicationToken.
+  client_.swap(client2);
+  server_.swap(server2);
+
+  client_->Handshake();
+  server_->Handshake();
+
+  EXPECT_EQ(2U, cb_called) << "callback should be called twice here";
+}
+
 // Read the cipher suite from the HRR and disable it on the identified agent.
 static void DisableSuiteFromHrr(
     std::shared_ptr<TlsAgent>& agent,
     std::shared_ptr<TlsHandshakeRecorder>& capture_hrr) {
   uint32_t tmp;
   size_t offset = 2 + 32;  // skip version + server_random
   ASSERT_TRUE(
       capture_hrr->buffer().Read(offset, 1, &tmp));  // session_id length
--- a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
@@ -1267,9 +1267,39 @@ TEST_P(TlsConnectGenericResumption, Conn
     ExpectResumption(RESUME_NONE);
   } else {
     ExpectResumption(RESUME_TICKET);
   }
   Connect();
   SendReceive();
 }
 
+TEST_F(TlsConnectStreamTls13, ExternalTokenAfterHrr) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+  ExpectResumption(RESUME_TICKET);
+
+  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
+                                                    ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups);
+
+  StartConnect();
+  ASSERT_TRUE(client_->MaybeSetResumptionToken());
+
+  client_->Handshake();  // Send ClientHello.
+  server_->Handshake();  // Process ClientHello, send HelloRetryRequest.
+
+  auto& token = client_->GetResumptionToken();
+  SECStatus rv =
+      SSL_SetResumptionToken(client_->ssl_fd(), token.data(), token.size());
+  ASSERT_EQ(SECFailure, rv);
+  ASSERT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+  Handshake();
+  CheckConnected();
+  SendReceive();
+}
+
 }  // namespace nss_test
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -20,17 +20,17 @@
 #include "nss.h"
 #endif /* NSS_DISABLE_LIBPKIX */
 
 #include "nsspki.h"
 #include "pkitm.h"
 #include "pkim.h"
 #include "pki3hack.h"
 #include "base.h"
-#include "keyhi.h"
+#include "keyi.h"
 
 /*
  * Check the validity times of a certificate
  */
 SECStatus
 CERT_CertTimesValid(CERTCertificate *c)
 {
     SECCertTimeValidity valid = CERT_CheckCertValidTimes(c, PR_Now(), PR_TRUE);
@@ -68,22 +68,48 @@ checkKeyParams(const SECAlgorithmID *sig
                 } else {
                     return SECSuccess;
                 }
             } else {
                 PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
                 return SECFailure;
             }
             return SECSuccess;
+
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: {
+            PORTCheapArenaPool tmpArena;
+            SECOidTag hashAlg;
+            SECOidTag maskHashAlg;
+
+            PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+            rv = sec_DecodeRSAPSSParams(&tmpArena.arena,
+                                        &sigAlgorithm->parameters,
+                                        &hashAlg, &maskHashAlg, NULL);
+            PORT_DestroyCheapArena(&tmpArena);
+            if (rv != SECSuccess) {
+                return SECFailure;
+            }
+
+            if (NSS_GetAlgorithmPolicy(hashAlg, &policyFlags) == SECSuccess &&
+                !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+                PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+                return SECFailure;
+            }
+            if (NSS_GetAlgorithmPolicy(maskHashAlg, &policyFlags) == SECSuccess &&
+                !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+                PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+                return SECFailure;
+            }
+        }
+        /* fall through to RSA key checking */
         case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
         case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
         case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
             if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
                 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
                 return SECFailure;
             }
 
             len = 8 * key->u.rsa.modulus.len;
--- a/security/nss/lib/cryptohi/keyi.h
+++ b/security/nss/lib/cryptohi/keyi.h
@@ -12,14 +12,27 @@ SEC_BEGIN_PROTOS
 KeyType seckey_GetKeyType(SECOidTag pubKeyOid);
 
 /* extract the 'encryption' (could be signing) and hash oids from and
  * algorithm, key and parameters (parameters is the parameters field
  * of a algorithm ID structure (SECAlgorithmID)*/
 SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
                            const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg);
 
-SECStatus sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
-                                      const SECKEYRSAPSSParams *params);
+/* extract the RSA-PSS hash algorithms and salt length from
+ * parameters, taking into account of the default implications.
+ *
+ * (parameters is the parameters field of a algorithm ID structure
+ * (SECAlgorithmID)*/
+SECStatus sec_DecodeRSAPSSParams(PLArenaPool *arena,
+                                 const SECItem *params,
+                                 SECOidTag *hashAlg,
+                                 SECOidTag *maskHashAlg,
+                                 unsigned long *saltLength);
+
+/* convert the encoded RSA-PSS parameters into PKCS #11 mechanism parameters */
+SECStatus sec_DecodeRSAPSSParamsToMechanism(PLArenaPool *arena,
+                                            const SECItem *params,
+                                            CK_RSA_PKCS_PSS_PARAMS *mech);
 
 SEC_END_PROTOS
 
 #endif /* _KEYHI_H_ */
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -2010,81 +2010,119 @@ sec_GetMgfTypeByOidTag(SECOidTag tag)
             return CKG_MGF1_SHA1;
         default:
             PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
             return 0;
     }
 }
 
 SECStatus
-sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
-                            const SECKEYRSAPSSParams *params)
+sec_DecodeRSAPSSParams(PLArenaPool *arena,
+                       const SECItem *params,
+                       SECOidTag *retHashAlg, SECOidTag *retMaskHashAlg,
+                       unsigned long *retSaltLength)
 {
-    SECStatus rv = SECSuccess;
-    SECOidTag hashAlgTag;
+    SECKEYRSAPSSParams pssParams;
+    SECOidTag hashAlg;
+    SECOidTag maskHashAlg;
     unsigned long saltLength;
     unsigned long trailerField;
-
-    PORT_Memset(mech, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
+    SECStatus rv;
 
-    if (params->hashAlg) {
-        hashAlgTag = SECOID_GetAlgorithmTag(params->hashAlg);
-    } else {
-        hashAlgTag = SEC_OID_SHA1; /* default, SHA-1 */
-    }
-    mech->hashAlg = sec_GetHashMechanismByOidTag(hashAlgTag);
-    if (mech->hashAlg == CKM_INVALID_MECHANISM) {
-        return SECFailure;
+    PORT_Memset(&pssParams, 0, sizeof(pssParams));
+    rv = SEC_QuickDERDecodeItem(arena, &pssParams,
+                                SECKEY_RSAPSSParamsTemplate,
+                                params);
+    if (rv != SECSuccess) {
+        return rv;
     }
 
-    if (params->maskAlg) {
-        SECAlgorithmID maskHashAlg;
-        SECOidTag maskHashAlgTag;
-        PORTCheapArenaPool tmpArena;
+    if (pssParams.hashAlg) {
+        hashAlg = SECOID_GetAlgorithmTag(pssParams.hashAlg);
+    } else {
+        hashAlg = SEC_OID_SHA1; /* default, SHA-1 */
+    }
 
-        if (SECOID_GetAlgorithmTag(params->maskAlg) != SEC_OID_PKCS1_MGF1) {
+    if (pssParams.maskAlg) {
+        SECAlgorithmID algId;
+
+        if (SECOID_GetAlgorithmTag(pssParams.maskAlg) != SEC_OID_PKCS1_MGF1) {
             /* only MGF1 is known to PKCS#11 */
             PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
             return SECFailure;
         }
 
-        PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
-        rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &maskHashAlg,
+        rv = SEC_QuickDERDecodeItem(arena, &algId,
                                     SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
-                                    &params->maskAlg->parameters);
-        PORT_DestroyCheapArena(&tmpArena);
+                                    &pssParams.maskAlg->parameters);
         if (rv != SECSuccess) {
             return rv;
         }
-        maskHashAlgTag = SECOID_GetAlgorithmTag(&maskHashAlg);
-        mech->mgf = sec_GetMgfTypeByOidTag(maskHashAlgTag);
-        if (mech->mgf == 0) {
-            return SECFailure;
-        }
+        maskHashAlg = SECOID_GetAlgorithmTag(&algId);
     } else {
-        mech->mgf = CKG_MGF1_SHA1; /* default, MGF1 with SHA-1 */
+        maskHashAlg = SEC_OID_SHA1; /* default, MGF1 with SHA-1 */
     }
 
-    if (params->saltLength.data) {
-        rv = SEC_ASN1DecodeInteger((SECItem *)&params->saltLength, &saltLength);
+    if (pssParams.saltLength.data) {
+        rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.saltLength, &saltLength);
         if (rv != SECSuccess) {
             return rv;
         }
     } else {
         saltLength = 20; /* default, 20 */
     }
-    mech->sLen = saltLength;
 
-    if (params->trailerField.data) {
-        rv = SEC_ASN1DecodeInteger((SECItem *)&params->trailerField, &trailerField);
+    if (pssParams.trailerField.data) {
+        rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.trailerField, &trailerField);
         if (rv != SECSuccess) {
             return rv;
         }
         if (trailerField != 1) {
             /* the value must be 1, which represents the trailer field
              * with hexadecimal value 0xBC */
             PORT_SetError(SEC_ERROR_INVALID_ARGS);
             return SECFailure;
         }
     }
 
-    return rv;
+    if (retHashAlg) {
+        *retHashAlg = hashAlg;
+    }
+    if (retMaskHashAlg) {
+        *retMaskHashAlg = maskHashAlg;
+    }
+    if (retSaltLength) {
+        *retSaltLength = saltLength;
+    }
+
+    return SECSuccess;
 }
+
+SECStatus
+sec_DecodeRSAPSSParamsToMechanism(PLArenaPool *arena,
+                                  const SECItem *params,
+                                  CK_RSA_PKCS_PSS_PARAMS *mech)
+{
+    SECOidTag hashAlg;
+    SECOidTag maskHashAlg;
+    unsigned long saltLength;
+    SECStatus rv;
+
+    rv = sec_DecodeRSAPSSParams(arena, params,
+                                &hashAlg, &maskHashAlg, &saltLength);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    mech->hashAlg = sec_GetHashMechanismByOidTag(hashAlg);
+    if (mech->hashAlg == CKM_INVALID_MECHANISM) {
+        return SECFailure;
+    }
+
+    mech->mgf = sec_GetMgfTypeByOidTag(maskHashAlg);
+    if (mech->mgf == 0) {
+        return SECFailure;
+    }
+
+    mech->sLen = saltLength;
+
+    return SECSuccess;
+}
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -220,32 +220,23 @@ SGN_End(SGNContext *cx, SECItem *result)
 
     if (cx->signalg == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
         CK_RSA_PKCS_PSS_PARAMS mech;
         SECItem mechItem = { siBuffer, (unsigned char *)&mech, sizeof(mech) };
 
         PORT_Memset(&mech, 0, sizeof(mech));
 
         if (cx->params && cx->params->data) {
-            SECKEYRSAPSSParams params;
-
             arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
             if (!arena) {
                 rv = SECFailure;
                 goto loser;
             }
 
-            PORT_Memset(&params, 0, sizeof(params));
-            rv = SEC_QuickDERDecodeItem(arena, &params,
-                                        SECKEY_RSAPSSParamsTemplate,
-                                        cx->params);
-            if (rv != SECSuccess) {
-                goto loser;
-            }
-            rv = sec_RSAPSSParamsToMechanism(&mech, &params);
+            rv = sec_DecodeRSAPSSParamsToMechanism(arena, cx->params, &mech);
             if (rv != SECSuccess) {
                 goto loser;
             }
         } else {
             mech.hashAlg = CKM_SHA_1;
             mech.mgf = CKG_MGF1_SHA1;
             mech.sLen = digder.len;
         }
--- a/security/nss/lib/cryptohi/secvfy.c
+++ b/security/nss/lib/cryptohi/secvfy.c
@@ -252,35 +252,23 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
         case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
             *hashalg = SEC_OID_SHA1;
             break;
         case SEC_OID_PKCS1_RSA_ENCRYPTION:
             *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
             break;
         case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
             if (param && param->data) {
-                SECKEYRSAPSSParams pssParam;
-                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-                if (arena == NULL) {
-                    return SECFailure;
-                }
-                PORT_Memset(&pssParam, 0, sizeof pssParam);
-                rv = SEC_QuickDERDecodeItem(arena, &pssParam,
-                                            SECKEY_RSAPSSParamsTemplate,
-                                            param);
-                if (rv != SECSuccess) {
-                    PORT_FreeArena(arena, PR_FALSE);
-                    return rv;
-                }
-                if (pssParam.hashAlg) {
-                    *hashalg = SECOID_GetAlgorithmTag(pssParam.hashAlg);
-                } else {
-                    *hashalg = SEC_OID_SHA1; /* default, SHA-1 */
-                }
-                PORT_FreeArena(arena, PR_FALSE);
+                PORTCheapArenaPool tmpArena;
+
+                PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+                rv = sec_DecodeRSAPSSParams(&tmpArena.arena, param,
+                                            hashalg, NULL, NULL);
+                PORT_DestroyCheapArena(&tmpArena);
+
                 /* only accept hash algorithms */
                 if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) {
                     /* error set by HASH_GetHashTypeByOidTag */
                     return SECFailure;
                 }
             } else {
                 *hashalg = SEC_OID_SHA1; /* default, SHA-1 */
             }
@@ -653,37 +641,27 @@ VFY_EndWithSignature(VFYContext *cx, SEC
                 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
                 return SECFailure;
             }
             break;
         case rsaKey:
             if (cx->encAlg == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
                 CK_RSA_PKCS_PSS_PARAMS mech;
                 SECItem mechItem = { siBuffer, (unsigned char *)&mech, sizeof(mech) };
-                SECKEYRSAPSSParams params;
-                PLArenaPool *arena;
+                PORTCheapArenaPool tmpArena;
 
-                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-                if (arena == NULL) {
+                PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+                rv = sec_DecodeRSAPSSParamsToMechanism(&tmpArena.arena,
+                                                       cx->params,
+                                                       &mech);
+                PORT_DestroyCheapArena(&tmpArena);
+                if (rv != SECSuccess) {
                     return SECFailure;
                 }
 
-                PORT_Memset(&params, 0, sizeof(params));
-                rv = SEC_QuickDERDecodeItem(arena, &params,
-                                            SECKEY_RSAPSSParamsTemplate,
-                                            cx->params);
-                if (rv != SECSuccess) {
-                    PORT_FreeArena(arena, PR_FALSE);
-                    return SECFailure;
-                }
-                rv = sec_RSAPSSParamsToMechanism(&mech, &params);
-                PORT_FreeArena(arena, PR_FALSE);
-                if (rv != SECSuccess) {
-                    return SECFailure;
-                }
                 rsasig.data = cx->u.buffer;
                 rsasig.len = SECKEY_SignatureLen(cx->key);
                 if (rsasig.len == 0) {
                     return SECFailure;
                 }
                 if (sig) {
                     if (sig->len != rsasig.len) {
                         PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -4769,16 +4769,20 @@ ssl3_SendClientHello(sslSocket *ss, sslC
     /* Check if we have a ss->sec.ci.sid.
      * Check that it's not expired.
      * If we have an sid and it comes from an external cache, we use it. */
     if (ss->sec.ci.sid && ss->sec.ci.sid->cached == in_external_cache) {
         PORT_Assert(!ss->sec.isServer);
         sid = ssl_ReferenceSID(ss->sec.ci.sid);
         SSL_TRC(3, ("%d: SSL3[%d]: using external resumption token in ClientHello",
                     SSL_GETPID(), ss->fd));
+    } else if (ss->sec.ci.sid && ss->statelessResume && type == client_hello_retry) {
+        /* If we are sending a second ClientHello, reuse the same SID
+         * as the original one. */
+        sid = ssl_ReferenceSID(ss->sec.ci.sid);
     } else if (!ss->opt.noCache) {
         /* We ignore ss->sec.ci.sid here, and use ssl_Lookup because Lookup
          * handles expired entries and other details.
          * XXX If we've been called from ssl_BeginClientHandshake, then
          * this lookup is duplicative and wasteful.
          */
         sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, ss->url);
     } else {
@@ -6162,25 +6166,21 @@ ssl_PickClientSignatureScheme(sslSocket 
 {
     SECKEYPrivateKey *privKey = ss->ssl3.clientPrivateKey;
     SECStatus rv;
     PRBool isTLS13 = (PRBool)ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
     SECKEYPublicKey *pubKey = CERT_ExtractPublicKey(ss->ssl3.clientCertificate);
 
     PORT_Assert(pubKey);
 
-    if (!isTLS13 && numSchemes == 0) {
-        /* If the server didn't provide any signature algorithms
-         * then let's assume they support SHA-1. */
-        rv = ssl_PickFallbackSignatureScheme(ss, pubKey);
-        SECKEY_DestroyPublicKey(pubKey);
-        return rv;
-    }
-
-    PORT_Assert(schemes && numSchemes > 0);
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+        /* We should have already checked that a signature scheme was
+         * listed in the request. */
+        PORT_Assert(schemes && numSchemes > 0);
+    }
 
     if (!isTLS13 &&
         (SECKEY_GetPublicKeyType(pubKey) == rsaKey ||
          SECKEY_GetPublicKeyType(pubKey) == dsaKey) &&
         SECKEY_PublicKeyStrengthInBits(pubKey) <= 1024) {
         /* If the key is a 1024-bit RSA or DSA key, assume conservatively that
          * it may be unable to sign SHA-256 hashes. This is the case for older
          * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
@@ -7322,16 +7322,21 @@ ssl3_HandleCertificateRequest(sslSocket 
         rv = ssl_ParseSignatureSchemes(ss, arena,
                                        &signatureSchemes,
                                        &signatureSchemeCount,
                                        &b, &length);
         if (rv != SECSuccess) {
             PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_REQUEST);
             goto loser; /* malformed, alert has been sent */
         }
+        if (signatureSchemeCount == 0) {
+            errCode = SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM;
+            desc = handshake_failure;
+            goto alert_loser;
+        }
     }
 
     rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, &ca_list);
     if (rv != SECSuccess)
         goto done; /* alert sent in ssl3_ParseCertificateRequestCAs */
 
     if (length != 0)
         goto alert_loser; /* malformed */
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@@ -2556,16 +2556,53 @@ cert_test_orphan_key_reuse()
   ${BINDIR}/pp -t certificate-request -i ${SERVERDIR}/orphan.req
   RET=$?
   if [ "$RET" -ne 0 ]; then
     html_failed "Listing cert request for orphan key ($RET)"
     cert_log "ERROR: Listing cert request for orphan key failed $RET"
   fi
 }
 
+cert_test_rsapss_policy()
+{
+  CERTSERIAL=`expr $CERTSERIAL + 1`
+
+  CERTNAME="TestUser-rsa-pss-policy"
+
+  # Subject certificate: RSA-PSS
+  # Issuer certificate: RSA
+  # Signature: RSA-PSS (explicit, with --pss-sign and -Z SHA1)
+  CU_ACTION="Generate Cert Request for $CERTNAME"
+  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
+
+  CU_ACTION="Sign ${CERTNAME}'s Request"
+  certu -C -c "TestCA" --pss-sign -Z SHA1 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
+        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
+
+  CU_ACTION="Import $CERTNAME's Cert"
+  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+        -i "${CERTNAME}.cert" 2>&1
+
+  CU_ACTION="Verify $CERTNAME's Cert"
+  certu -V -n "TestUser-rsa-pss-policy" -u V -V -e -d "${PROFILEDIR}" -f "${R_PWFILE}"
+
+  CU_ACTION="Verify $CERTNAME's Cert with Policy"
+  cp ${PROFILEDIR}/pkcs11.txt pkcs11.txt.orig
+  cat >> ${PROFILEDIR}/pkcs11.txt << ++EOF++
+library=
+name=Policy
+config="disallow=SHA1"
+++EOF++
+  RETEXPECTED=255
+  certu -V -n "TestUser-rsa-pss-policy" -u V -V -e -d "${PROFILEDIR}" -f "${R_PWFILE}"
+  RETEXPECTED=0
+  cp pkcs11.txt.orig ${PROFILEDIR}/pkcs11.txt
+}
+
 ############################## cert_cleanup ############################
 # local shell function to finish this script (no exit since it might be
 # sourced)
 ########################################################################
 cert_cleanup()
 {
   cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
   html "</TABLE><BR>"
@@ -2591,16 +2628,19 @@ else
 fi
 cert_eccurves
 cert_extensions
 cert_san_and_generic_extensions
 cert_test_password
 cert_test_distrust
 cert_test_ocspresp
 cert_test_rsapss
+if [ "${TEST_MODE}" = "SHARED_DB" ] ; then
+  cert_test_rsapss_policy
+fi
 cert_test_token_uri
 
 if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
     cert_crl_ssl
 else
     echo "$SCRIPTNAME: Skipping CRL Tests"
 fi
 
--- a/testing/mozharness/scripts/desktop_unittest.py
+++ b/testing/mozharness/scripts/desktop_unittest.py
@@ -394,17 +394,21 @@ class DesktopUnittest(TestingMixin, Merc
                 if suite_category in SUITE_DEFAULT_E10S and not c['e10s']:
                     base_cmd.append('--disable-e10s')
                 elif suite_category not in SUITE_DEFAULT_E10S and c['e10s']:
                     base_cmd.append('--e10s')
 
             # Ignore chunking if we have user specified test paths
             if not (self.verify_enabled or self.per_test_coverage):
                 if os.environ.get('MOZHARNESS_TEST_PATHS'):
-                    base_cmd.extend(os.environ['MOZHARNESS_TEST_PATHS'].split(':'))
+                    test_paths = os.environ['MOZHARNESS_TEST_PATHS'].split(':')
+                    if suite_category == 'reftest':
+                        test_paths = [os.path.join(dirs['abs_reftest_dir'], 'tests', p)
+                                      for p in test_paths]
+                    base_cmd.extend(test_paths)
                 elif c.get('total_chunks') and c.get('this_chunk'):
                     base_cmd.extend(['--total-chunks', c['total_chunks'],
                                      '--this-chunk', c['this_chunk']])
 
             if c['no_random']:
                 if suite_category == "mochitest":
                     base_cmd.append('--bisect-chunk=default')
                 else:
@@ -790,17 +794,19 @@ class DesktopUnittest(TestingMixin, Merc
                     'abs_res_dir': abs_res_dir,
                 }
                 options_list = []
                 env = {
                     'TEST_SUITE': suite
                 }
                 if isinstance(suites[suite], dict):
                     options_list = suites[suite].get('options', [])
-                    if self.verify_enabled or self.per_test_coverage:
+                    if (self.verify_enabled or self.per_test_coverage or
+                        os.environ.get('MOZHARNESS_TEST_PATHS')):
+                        # Ignore tests list in modes where we are running specific tests.
                         tests_list = []
                     else:
                         tests_list = suites[suite].get('tests', [])
                     env = copy.deepcopy(suites[suite].get('env', {}))
                 else:
                     options_list = suites[suite]
                     tests_list = []
 
--- a/toolkit/recordreplay/ProcessRedirectDarwin.cpp
+++ b/toolkit/recordreplay/ProcessRedirectDarwin.cpp
@@ -71,17 +71,17 @@ namespace recordreplay {
   MACRO(socket, RR_SaveRvalHadErrorNegative)                     \
   MACRO(kqueue, RR_SaveRvalHadErrorNegative)                     \
   MACRO(pipe, RR_SaveRvalHadErrorNegative<RR_WriteBufferFixedSize<0, 2 * sizeof(int)>>, \
         nullptr, nullptr, Preamble_SetError)                     \
   MACRO(close, RR_SaveRvalHadErrorNegative, nullptr, nullptr, Preamble_Veto<0>) \
   MACRO(__close_nocancel, RR_SaveRvalHadErrorNegative)           \
   MACRO(mkdir, RR_SaveRvalHadErrorNegative)                      \
   MACRO(dup, RR_SaveRvalHadErrorNegative)                        \
-  MACRO(access, RR_SaveRvalHadErrorNegative)                     \
+  MACRO(access, RR_SaveRvalHadErrorNegative, nullptr, nullptr, Preamble_SetError<EACCES>) \
   MACRO(lseek, RR_SaveRvalHadErrorNegative)                      \
   MACRO(socketpair, RR_SaveRvalHadErrorNegative<RR_WriteBufferFixedSize<3, 2 * sizeof(int)>>) \
   MACRO(fileport_makeport,                                       \
         RR_SaveRvalHadErrorNegative<RR_WriteBufferFixedSize<1, sizeof(size_t)>>) \
   MACRO(getsockopt, RR_SaveRvalHadErrorNegative<RR_getsockopt>)  \
   MACRO(gettimeofday, RR_SaveRvalHadErrorNegative<RR_Compose<    \
                         RR_WriteOptionalBufferFixedSize<0, sizeof(struct timeval)>, \
                         RR_WriteOptionalBufferFixedSize<1, sizeof(struct timezone)>>>, \
@@ -173,28 +173,30 @@ namespace recordreplay {
   MACRO(dlsym, nullptr, Preamble_PassThrough)                    \
   MACRO(fclose, RR_SaveRvalHadErrorNegative)                     \
   MACRO(fopen, RR_SaveRvalHadErrorZero)                          \
   MACRO(fread, RR_Compose<RR_ScalarRval, RR_fread>)              \
   MACRO(fseek, RR_SaveRvalHadErrorNegative)                      \
   MACRO(ftell, RR_SaveRvalHadErrorNegative)                      \
   MACRO(fwrite, RR_ScalarRval)                                   \
   MACRO(getenv, RR_CStringRval, Preamble_getenv, nullptr, Preamble_Veto<0>) \
-  MACRO(localtime_r, RR_SaveRvalHadErrorZero<RR_Compose<         \
-                       RR_WriteBufferFixedSize<1, sizeof(struct tm)>, \
-                       RR_RvalIsArgument<1>>>)                   \
-  MACRO(gmtime_r, RR_SaveRvalHadErrorZero<RR_Compose<            \
-                    RR_WriteBufferFixedSize<1, sizeof(struct tm)>, \
-                    RR_RvalIsArgument<1>>>)                      \
-  MACRO(localtime, nullptr, Preamble_localtime)                  \
-  MACRO(gmtime, nullptr, Preamble_gmtime)                        \
+  MACRO(localtime_r,                                             \
+        RR_SaveRvalHadErrorZero<RR_Compose<RR_WriteBufferFixedSize<1, sizeof(struct tm)>, \
+                                RR_RvalIsArgument<1>>>,          \
+        nullptr, nullptr, Preamble_PassThrough)                  \
+  MACRO(gmtime_r,                                                \
+        RR_SaveRvalHadErrorZero<RR_Compose<RR_WriteBufferFixedSize<1, sizeof(struct tm)>, \
+                                RR_RvalIsArgument<1>>>,          \
+        nullptr, nullptr, Preamble_PassThrough)                  \
+  MACRO(localtime, nullptr, Preamble_localtime, nullptr, Preamble_PassThrough) \
+  MACRO(gmtime, nullptr, Preamble_gmtime, nullptr, Preamble_PassThrough) \
   MACRO(mktime, RR_Compose<RR_ScalarRval, RR_WriteBufferFixedSize<0, sizeof(struct tm)>>) \
   MACRO(setlocale, RR_CStringRval)                               \
   MACRO(strftime, RR_Compose<RR_ScalarRval, RR_WriteBufferViaRval<0, 1, 1>>) \
-  MACRO(arc4random, RR_ScalarRval)                               \
+  MACRO(arc4random, RR_ScalarRval, nullptr, nullptr, Preamble_PassThrough) \
   MACRO(mach_absolute_time, RR_ScalarRval, Preamble_mach_absolute_time, \
         nullptr, Preamble_PassThrough)                           \
   MACRO(mach_msg, RR_Compose<RR_ScalarRval, RR_WriteBuffer<0, 3>>, \
         nullptr, nullptr, Preamble_WaitForever)                  \
   MACRO(mach_timebase_info,                                      \
         RR_Compose<RR_ScalarRval, RR_WriteBufferFixedSize<0, sizeof(mach_timebase_info_data_t)>>) \
   MACRO(mach_vm_allocate, nullptr, Preamble_mach_vm_allocate)    \
   MACRO(mach_vm_deallocate, nullptr, Preamble_mach_vm_deallocate) \
@@ -352,17 +354,17 @@ namespace recordreplay {
   MACRO(CGBitmapContextGetBytesPerRow, RR_ScalarRval)            \
   MACRO(CGBitmapContextGetHeight, RR_ScalarRval)                 \
   MACRO(CGBitmapContextGetWidth, RR_ScalarRval)                  \
   MACRO(CGColorRelease, RR_ScalarRval)                           \
   MACRO(CGColorSpaceCopyICCProfile, RR_ScalarRval)               \
   MACRO(CGColorSpaceCreateDeviceGray, RR_ScalarRval, nullptr, Middleman_CreateCFTypeRval) \
   MACRO(CGColorSpaceCreateDeviceRGB, RR_ScalarRval, nullptr, Middleman_CreateCFTypeRval) \
   MACRO(CGColorSpaceCreatePattern, RR_ScalarRval)                \
-  MACRO(CGColorSpaceRelease, RR_ScalarRval)                      \
+  MACRO(CGColorSpaceRelease, RR_ScalarRval, nullptr, nullptr, Preamble_Veto<0>) \
   MACRO(CGContextBeginTransparencyLayerWithRect)                 \
   MACRO(CGContextClipToRects, RR_ScalarRval, nullptr,            \
         Middleman_Compose<Middleman_CFTypeArg<0>, Middleman_Buffer<1, 2, CGRect>>) \
   MACRO(CGContextConcatCTM, nullptr, nullptr,                    \
         Middleman_Compose<Middleman_CFTypeArg<0>,                \
                           Middleman_StackArgumentData<sizeof(CGAffineTransform)>>) \
   MACRO(CGContextDrawImage, RR_FlushCGContext<0>)                \
   MACRO(CGContextEndTransparencyLayer)                           \
@@ -407,17 +409,20 @@ namespace recordreplay {
   MACRO(CGDisplayIOServicePort, RR_ScalarRval)                   \
   MACRO(CGEventSourceCounterForEventType, RR_ScalarRval)         \
   MACRO(CGFontCopyTableForTag, RR_ScalarRval, nullptr,           \
         Middleman_Compose<Middleman_CFTypeArg<0>, Middleman_CreateCFTypeRval>) \
   MACRO(CGFontCopyTableTags, RR_ScalarRval, nullptr,             \
         Middleman_Compose<Middleman_CFTypeArg<0>, Middleman_CreateCFTypeRval>) \
   MACRO(CGFontCopyVariations, RR_ScalarRval, nullptr,            \
         Middleman_Compose<Middleman_CFTypeArg<0>, Middleman_CreateCFTypeRval>) \
-  MACRO(CGFontCreateCopyWithVariations, RR_ScalarRval)           \
+  MACRO(CGFontCreateCopyWithVariations, RR_ScalarRval, nullptr,  \
+        Middleman_Compose<Middleman_CFTypeArg<0>,                \
+                          Middleman_CFTypeArg<1>,                \
+                          Middleman_CreateCFTypeRval>)           \
   MACRO(CGFontCreateWithDataProvider, RR_ScalarRval, nullptr,    \
         Middleman_Compose<Middleman_CFTypeArg<0>, Middleman_CreateCFTypeRval>) \
   MACRO(CGFontCreateWithFontName, RR_ScalarRval, nullptr,        \
         Middleman_Compose<Middleman_CFTypeArg<0>, Middleman_CreateCFTypeRval>) \
   MACRO(CGFontCreateWithPlatformFont, RR_ScalarRval)             \
   MACRO(CGFontGetAscent, RR_ScalarRval, nullptr, Middleman_CFTypeArg<0>) \
   MACRO(CGFontGetCapHeight, RR_ScalarRval, nullptr, Middleman_CFTypeArg<0>) \
   MACRO(CGFontGetDescent, RR_ScalarRval, nullptr, Middleman_CFTypeArg<0>) \
--- a/toolkit/themes/windows/global/menulist.css
+++ b/toolkit/themes/windows/global/menulist.css
@@ -16,34 +16,31 @@ menulist {
   margin: 2px 4px;
   color: -moz-FieldText;
   text-shadow: none;
 }
 
 .menulist-label-box {
   -moz-box-align: center;
   -moz-box-pack: center;
-  border: 1px solid transparent;
-  background-color: transparent;
-  color: inherit;
 }
 
 .menulist-label {
   margin: 0 3px !important;
 }
 
 /* ..... focused state ..... */
 
 menulist:focus:not([open="true"]) > .menulist-label-box {
   background-color: Highlight;
   color: HighlightText;
 }
 
 menulist:-moz-focusring:not([open="true"]) > .menulist-label-box {
-  border: 1px dotted ThreeDDarkShadow;
+  outline: 1px dotted;
 }
 
 /* ..... disabled state ..... */
 
 menulist[disabled="true"] {
   background-color: -moz-Dialog;
   color: GrayText;
 }