Bug 858231: Update NSS to NSS 3.15 Beta 4. r=wtc.
authorWan-Teh Chang <wtc@google.com>
Fri, 10 May 2013 17:19:38 -0700
changeset 131623 06e3d7e19a09e4d5ac0dfe923603e47a1674e190
parent 131622 7a6b5a9da506ac2f916b6f5ebaa20b48d62b9b18
child 131624 244595f01a567e3718efd04ec8cf29e9fc351941
push id2579
push userakeybl@mozilla.com
push dateMon, 24 Jun 2013 18:52:47 +0000
treeherdermozilla-esr52@d7ce90899997 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswtc
bugs858231
milestone23.0a1
Bug 858231: Update NSS to NSS 3.15 Beta 4. r=wtc.
security/nss/TAG-INFO
security/nss/cmd/.cvsignore
security/nss/cmd/Makefile
security/nss/cmd/addbuiltin/addbuiltin.c
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/certcgi/certcgi.c
security/nss/cmd/certutil/certext.c
security/nss/cmd/certutil/certutil.c
security/nss/cmd/certutil/keystuff.c
security/nss/cmd/checkcert/checkcert.c
security/nss/cmd/crlutil/crlgen.c
security/nss/cmd/crlutil/crlutil.c
security/nss/cmd/crmf-cgi/crmfcgi.c
security/nss/cmd/crmftest/testcrmf.c
security/nss/cmd/dbck/dbck.c
security/nss/cmd/dbck/dbrecover.c
security/nss/cmd/derdump/derdump.c
security/nss/cmd/ecperf/ecperf.c
security/nss/cmd/fipstest/fipstest.c
security/nss/cmd/lib/berparse.c
security/nss/cmd/lib/pppolicy.c
security/nss/cmd/lib/secutil.c
security/nss/cmd/makepqg/makepqg.c
security/nss/cmd/manifest.mn
security/nss/cmd/ocspclnt/ocspclnt.c
security/nss/cmd/ocspresp/ocspresp.c
security/nss/cmd/pk12util/pk12util.c
security/nss/cmd/pk1sign/pk1sign.c
security/nss/cmd/platlibs.mk
security/nss/cmd/selfserv/selfserv.c
security/nss/cmd/signver/pk7print.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/cmd/vfychain/vfychain.c
security/nss/coreconf/config.mk
security/nss/coreconf/coreconf.dep
security/nss/doc/.hgignore
security/nss/doc/Makefile
security/nss/doc/html/.hgignore
security/nss/lib/Makefile
security/nss/lib/base/arena.c
security/nss/lib/certdb/.cvsignore
security/nss/lib/certdb/alg1485.c
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/certi.h
security/nss/lib/certdb/certv3.c
security/nss/lib/certdb/certxutl.c
security/nss/lib/certdb/crl.c
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/genname.h
security/nss/lib/certdb/polcyxtn.c
security/nss/lib/certdb/secname.c
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/certdb/xauthkid.c
security/nss/lib/certdb/xbsconst.c
security/nss/lib/certdb/xconst.c
security/nss/lib/certdb/xconst.h
security/nss/lib/certhigh/certhigh.c
security/nss/lib/certhigh/certreq.c
security/nss/lib/certhigh/certvfy.c
security/nss/lib/certhigh/certvfypkix.c
security/nss/lib/certhigh/crlv2.c
security/nss/lib/certhigh/ocsp.c
security/nss/lib/certhigh/ocsp.h
security/nss/lib/certhigh/ocspi.h
security/nss/lib/certhigh/ocspti.h
security/nss/lib/crmf/asn1cmn.c
security/nss/lib/crmf/challcli.c
security/nss/lib/crmf/cmmfasn1.c
security/nss/lib/crmf/cmmfchal.c
security/nss/lib/crmf/cmmfi.h
security/nss/lib/crmf/cmmfit.h
security/nss/lib/crmf/cmmfrec.c
security/nss/lib/crmf/cmmfresp.c
security/nss/lib/crmf/crmfcont.c
security/nss/lib/crmf/crmfdec.c
security/nss/lib/crmf/crmfget.c
security/nss/lib/crmf/crmfi.h
security/nss/lib/crmf/crmfit.h
security/nss/lib/crmf/crmfpop.c
security/nss/lib/crmf/crmfreq.c
security/nss/lib/crmf/respcli.c
security/nss/lib/crmf/respcmn.c
security/nss/lib/crmf/servget.c
security/nss/lib/cryptohi/seckey.c
security/nss/lib/cryptohi/secsign.c
security/nss/lib/cryptohi/secvfy.c
security/nss/lib/dbm/include/mcom_db.h
security/nss/lib/freebl/arcfour.c
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/dh.c
security/nss/lib/freebl/dsa.c
security/nss/lib/freebl/ec.c
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/loader.h
security/nss/lib/freebl/md5.c
security/nss/lib/freebl/mpi/mpmontg.c
security/nss/lib/freebl/pqg.c
security/nss/lib/freebl/rsa.c
security/nss/lib/freebl/sha512.c
security/nss/lib/freebl/sha_fast.c
security/nss/lib/freebl/stubs.c
security/nss/lib/freebl/unix_rand.c
security/nss/lib/jar/jar.h
security/nss/lib/jar/jzlib.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h
security/nss/lib/manifest.mn
security/nss/lib/nss/nss.def
security/nss/lib/nss/utilwrap.c
security/nss/lib/pk11wrap/pk11akey.c
security/nss/lib/pk11wrap/pk11auth.c
security/nss/lib/pk11wrap/pk11mech.c
security/nss/lib/pk11wrap/pk11merge.c
security/nss/lib/pk11wrap/pk11nobj.c
security/nss/lib/pk11wrap/pk11obj.c
security/nss/lib/pk11wrap/pk11pars.c
security/nss/lib/pk11wrap/pk11pbe.c
security/nss/lib/pk11wrap/pk11pk12.c
security/nss/lib/pk11wrap/pk11pqg.c
security/nss/lib/pk11wrap/pk11slot.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/pk11wrap/secmodi.h
security/nss/lib/pk11wrap/secmodti.h
security/nss/lib/pkcs12/p12creat.c
security/nss/lib/pkcs12/p12d.c
security/nss/lib/pkcs12/p12e.c
security/nss/lib/pkcs12/p12exp.c
security/nss/lib/pkcs12/p12local.c
security/nss/lib/pkcs12/p12local.h
security/nss/lib/pkcs7/certread.c
security/nss/lib/pkcs7/p7common.c
security/nss/lib/pkcs7/p7create.c
security/nss/lib/pkcs7/p7decode.c
security/nss/lib/pkcs7/p7encode.c
security/nss/lib/pkcs7/p7local.c
security/nss/lib/pkcs7/p7local.h
security/nss/lib/pkcs7/secmime.c
security/nss/lib/pki/pki3hack.c
security/nss/lib/smime/cmsarray.c
security/nss/lib/smime/cmsattr.c
security/nss/lib/smime/cmscipher.c
security/nss/lib/smime/cmsdecode.c
security/nss/lib/smime/cmslocal.h
security/nss/lib/smime/cmsrecinfo.c
security/nss/lib/smime/cmssigdata.c
security/nss/lib/smime/cmssiginfo.c
security/nss/lib/smime/cmsudf.c
security/nss/lib/smime/cmsutil.c
security/nss/lib/smime/smimeutil.c
security/nss/lib/softoken/ecdecode.c
security/nss/lib/softoken/legacydb/lgcreate.c
security/nss/lib/softoken/legacydb/lowcert.c
security/nss/lib/softoken/legacydb/lowkey.c
security/nss/lib/softoken/legacydb/lowkeyi.h
security/nss/lib/softoken/legacydb/pcert.h
security/nss/lib/softoken/legacydb/pcertdb.c
security/nss/lib/softoken/legacydb/pcertt.h
security/nss/lib/softoken/lgglue.c
security/nss/lib/softoken/lgglue.h
security/nss/lib/softoken/lowpbe.c
security/nss/lib/softoken/lowpbe.h
security/nss/lib/softoken/padbuf.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/sftkdb.c
security/nss/lib/softoken/softoken.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3ecc.c
security/nss/lib/ssl/ssl3ext.c
security/nss/lib/ssl/ssl3gthr.c
security/nss/lib/ssl/ssl3prot.h
security/nss/lib/ssl/sslauth.c
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslinfo.c
security/nss/lib/ssl/sslsnce.c
security/nss/lib/ssl/sslsock.c
security/nss/lib/util/derenc.c
security/nss/lib/util/dersubr.c
security/nss/lib/util/dertime.c
security/nss/lib/util/nssb64d.c
security/nss/lib/util/nssb64e.c
security/nss/lib/util/quickder.c
security/nss/lib/util/secalgid.c
security/nss/lib/util/secasn1d.c
security/nss/lib/util/secasn1e.c
security/nss/lib/util/secder.h
security/nss/lib/util/secdig.c
security/nss/lib/util/secitem.c
security/nss/lib/util/sectime.c
security/nss/lib/util/utilpars.c
security/nss/lib/util/utilpars.h
security/nss/tests/cipher/cipher.sh
security/nss/tests/common/init.sh
security/patches/README
security/patches/bug-832272.patch
security/patches/bug-835919.patch
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_15_BETA3
+NSS_3_15_BETA4
deleted file mode 100644
--- a/security/nss/cmd/.cvsignore
+++ /dev/null
@@ -1,1 +0,0 @@
-.gdbinit
--- a/security/nss/cmd/Makefile
+++ b/security/nss/cmd/Makefile
@@ -10,21 +10,23 @@ DEPTH = ..
 include manifest.mn
 include $(CORE_DEPTH)/coreconf/config.mk
 
 ifdef BUILD_LIBPKIX_TESTS
 DIRS += libpkix
 endif
 
 ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
-BLTEST_SRCDIR=
-FIPSTEST_SRCDIR=
+BLTEST_SRCDIR =
+FIPSTEST_SRCDIR =
+SHLIBSIGN_SRCDIR =
 else
-BLTEST_SRCDIR      = bltest
-FIPSTEST_SRCDIR    = fipstest
+BLTEST_SRCDIR = bltest
+FIPSTEST_SRCDIR = fipstest
+SHLIBSIGN_SRCDIR = shlibsign
 endif
 
 LOWHASHTEST_SRCDIR=
 ifeq ($(FREEBL_LOWHASH),1)
 LOWHASHTEST_SRCDIR = lowhashtest  # Add the lowhashtest directory to DIRS.
 endif
 
 INCLUDES += \
--- a/security/nss/cmd/addbuiltin/addbuiltin.c
+++ b/security/nss/cmd/addbuiltin/addbuiltin.c
@@ -69,17 +69,17 @@ void print_crl_info(CERTName *name, SECI
 
     SECU_EnableWrap(saveWrapeState);
 }
 
 static SECStatus
 ConvertCRLEntry(SECItem *sdder, PRInt32 crlentry, char *nickname)
 {
     int rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedCrl *newCrl = NULL;
     CERTCrlEntry *entry;
     
     CERTName *name = NULL;
     SECItem *derName = NULL;
     SECItem *serial = NULL;
     
     rv = SEC_ERROR_NO_MEMORY;
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -20,17 +20,17 @@
 #include "secport.h"
 #include "secoid.h"
 #include "nssutil.h"
 
 #ifdef NSS_ENABLE_ECC
 #include "ecl-curve.h"
 SECStatus EC_DecodeParams(const SECItem *encodedParams, 
 	ECParams **ecparams);
-SECStatus EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
+SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
 	      const ECParams *srcParams);
 #endif
 
 /* Temporary - add debugging output on windows for RSA to track QA failure */
 #ifdef _WIN32
 #define TRACK_BLTEST_BUG
     char __bltDBG[] = "BLTEST DEBUG";
 #endif
@@ -202,17 +202,17 @@ static void Usage()
     exit(1);
 }
 
 /*  Helper functions for ascii<-->binary conversion/reading/writing */
 
 /* XXX argh */
 struct item_with_arena {
     SECItem	*item;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 };
 
 static PRInt32
 get_binary(void *arg, const unsigned char *ibuf, PRInt32 size)
 {
     struct item_with_arena *it = arg;
     SECItem *binary = it->item;
     SECItem *tmp;
@@ -226,17 +226,17 @@ get_binary(void *arg, const unsigned cha
 	SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
 	index = binary->len;
     }
     PORT_Memcpy(&binary->data[index], ibuf, size);
     return binary->len;
 }
 
 static SECStatus
-atob(SECItem *ascii, SECItem *binary, PRArenaPool *arena)
+atob(SECItem *ascii, SECItem *binary, PLArenaPool *arena)
 {
     SECStatus status;
     NSSBase64Decoder *cx;
     struct item_with_arena it;
     int len;
     binary->data = NULL;
     binary->len = 0;
     it.item = binary;
@@ -330,17 +330,17 @@ serialize_key(SECItem *it, int ni, PRFil
 	status = NSSBase64Encoder_Update(cx, len, 4);
 	status = NSSBase64Encoder_Update(cx, it->data, it->len);
     }
     status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
     status = PR_Write(file, "\r\n", 2);
 }
 
 void
-key_from_filedata(PRArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
+key_from_filedata(PLArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
 {
     int fpos = 0;
     int i, len;
     unsigned char *buf = filedata->data;
     for (i=0; i<ni; i++) {
 	len  = (buf[fpos++] & 0xff) << 24;
 	len |= (buf[fpos++] & 0xff) << 16;
 	len |= (buf[fpos++] & 0xff) <<  8;
@@ -359,54 +359,54 @@ key_from_filedata(PRArenaPool *arena, SE
 	fpos += len;
     }
 }
 
 static RSAPrivateKey *
 rsakey_from_filedata(SECItem *filedata)
 {
     RSAPrivateKey *key;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
     key->arena = arena;
     key_from_filedata(arena, &key->version, 0, 9, filedata);
     return key;
 }
 
 static PQGParams *
 pqg_from_filedata(SECItem *filedata)
 {
     PQGParams *pqg;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
     pqg->arena = arena;
     key_from_filedata(arena, &pqg->prime, 0, 3, filedata);
     return pqg;
 }
 
 static DSAPrivateKey *
 dsakey_from_filedata(SECItem *filedata)
 {
     DSAPrivateKey *key;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
     key->params.arena = arena;
     key_from_filedata(arena, &key->params.prime, 0, 5, filedata);
     return key;
 }
 
 #ifdef NSS_ENABLE_ECC
 static ECPrivateKey *
 eckey_from_filedata(SECItem *filedata)
 {
     ECPrivateKey *key;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv;
     ECParams *tmpECParams = NULL;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
     /* read and convert params */
     key->ecParams.arena = arena;
     key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata);
     rv = SECOID_Init();
@@ -622,17 +622,17 @@ typedef SECStatus (* bltestSymmCipherFn)
 					 unsigned int inputLen);
 
 typedef SECStatus (* bltestPubKeyCipherFn)(void *key,
 					   SECItem *output,
 					   const SECItem *input);
 
 typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest,
 					 const unsigned char *src,
-					 uint32 src_length);
+					 PRUint32 src_length);
 
 typedef enum {
     bltestINVALID = -1,
     bltestDES_ECB,	  /* Symmetric Key Ciphers */
     bltestDES_CBC,	  /* .			   */
     bltestDES_EDE_ECB,	  /* .			   */
     bltestDES_EDE_CBC,	  /* .			   */
     bltestRC2_ECB,	  /* .			   */
@@ -771,17 +771,17 @@ typedef union
     bltestECDSAParams	ecdsa;
 #endif
     bltestHashParams	hash;
 } bltestParams;
 
 typedef struct bltestCipherInfoStr bltestCipherInfo;
 
 struct  bltestCipherInfoStr {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     /* link to next in multithreaded test */
     bltestCipherInfo *next;
     PRThread         *cipherThread;
 
     /* MonteCarlo test flag*/
     PRBool mCarlo;
     /* cipher context */
     void *cx;
@@ -882,17 +882,17 @@ cipher_requires_IV(bltestCipherMode mode
 	mode == bltestCAMELLIA_CBC || mode == bltestSEED_CBC)
 	return PR_TRUE;
     return PR_FALSE;
 }
 
 SECStatus finishIO(bltestIO *output, PRFileDesc *file);
 
 SECStatus
-setupIO(PRArenaPool *arena, bltestIO *input, PRFileDesc *file,
+setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file,
 	char *str, int numBytes)
 {
     SECStatus rv = SECSuccess;
     SECItem fileData;
     SECItem *in;
     unsigned char *tok;
     unsigned int i, j;
 
@@ -1011,29 +1011,29 @@ finishIO(bltestIO *output, PRFileDesc *f
 	}
 	PR_Write(file, "\n", 1);
 	break;
     }
     return rv;
 }
 
 void
-bltestCopyIO(PRArenaPool *arena, bltestIO *dest, bltestIO *src)
+bltestCopyIO(PLArenaPool *arena, bltestIO *dest, bltestIO *src)
 {
     SECITEM_CopyItem(arena, &dest->buf, &src->buf);
     if (src->pBuf.len > 0) {
 	dest->pBuf.len = src->pBuf.len;
 	dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data);
     }
     dest->mode = src->mode;
     dest->file = src->file;
 }
 
 void
-misalignBuffer(PRArenaPool *arena, bltestIO *io, int off)
+misalignBuffer(PLArenaPool *arena, bltestIO *io, int off)
 {
     ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE;
     int length = io->buf.len;
     if (offset != off) {
 	SECITEM_ReallocItem(arena, &io->buf, length, length + 2*WORDSIZE);
 	io->buf.len = length + 2*WORDSIZE; /* why doesn't realloc do this? */
 	/* offset may have changed? */
 	offset = (ptrdiff_t)io->buf.data % WORDSIZE;
@@ -1676,30 +1676,30 @@ bltest_ecdsa_init(bltestCipherInfo *ciph
 	cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
     }
     return SECSuccess;
 }
 #endif
 
 /* XXX unfortunately, this is not defined in blapi.h */
 SECStatus
-md2_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+md2_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     unsigned int len;
     MD2Context *cx = MD2_NewContext();
     if (cx == NULL) return SECFailure;
     MD2_Begin(cx);
     MD2_Update(cx, src, src_length);
     MD2_End(cx, dest, &len, MD2_LENGTH);
     MD2_DestroyContext(cx, PR_TRUE);
     return SECSuccess;
 }
 
 SECStatus
-md2_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+md2_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     MD2Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     SECStatus rv = SECSuccess;
     cx = MD2_NewContext();
     MD2_Begin(cx);
@@ -1727,17 +1727,17 @@ md2_restart(unsigned char *dest, const u
     }
     MD2_End(cx, dest, &len, MD2_LENGTH);
 finish:
     MD2_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-md5_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+md5_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     MD5Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = MD5_NewContext();
     MD5_Begin(cx);
@@ -1766,17 +1766,17 @@ md5_restart(unsigned char *dest, const u
     }
     MD5_End(cx, dest, &len, MD5_LENGTH);
 finish:
     MD5_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-sha1_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+sha1_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA1Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA1_NewContext();
     SHA1_Begin(cx);
@@ -1805,17 +1805,17 @@ sha1_restart(unsigned char *dest, const 
     }
     SHA1_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA1_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA224_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA224Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA224_NewContext();
     SHA224_Begin(cx);
@@ -1845,17 +1845,17 @@ SHA224_restart(unsigned char *dest, cons
     }
     SHA224_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA224_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA256_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA256Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA256_NewContext();
     SHA256_Begin(cx);
@@ -1884,17 +1884,17 @@ SHA256_restart(unsigned char *dest, cons
     }
     SHA256_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA256_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA384_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA384_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA384Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA384_NewContext();
     SHA384_Begin(cx);
@@ -1923,17 +1923,17 @@ SHA384_restart(unsigned char *dest, cons
     }
     SHA384_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA384_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
-SHA512_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA512_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     SECStatus rv = SECSuccess;
     SHA512Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA512_NewContext();
     SHA512_Begin(cx);
@@ -2863,31 +2863,31 @@ get_mode(const char *modestring)
     for (mode=0; mode<nummodes; mode++)
 	if (PL_strcmp(modestring, mode_strings[mode]) == 0)
 	    return mode;
     fprintf(stderr, "%s: invalid mode: %s\n", progName, modestring);
     return bltestINVALID;
 }
 
 void
-load_file_data(PRArenaPool *arena, bltestIO *data,
+load_file_data(PLArenaPool *arena, bltestIO *data,
 	       char *fn, bltestIOMode ioMode)
 {
     PRFileDesc *file;
     data->mode = ioMode;
     data->file = NULL; /* don't use -- not saving anything */
     data->pBuf.data = NULL;
     data->pBuf.len = 0;
     file = PR_Open(fn, PR_RDONLY, 00660);
     if (file)
 	setupIO(arena, data, file, NULL, 0);
 }
 
 void
-get_params(PRArenaPool *arena, bltestParams *params, 
+get_params(PLArenaPool *arena, bltestParams *params,
 	   bltestCipherMode mode, int j)
 {
     char filename[256];
     char *modestr = mode_strings[mode];
 #ifdef NSS_SOFTOKEN_DOES_RC5
     FILE *file;
     char *mark, *param, *val;
     int index = 0;
@@ -3047,17 +3047,17 @@ blapi_selftest(bltestCipherMode *modes, 
     bltestCipherInfo cipherInfo;
     bltestIO pt, ct;
     bltestCipherMode mode;
     bltestParams *params;
     int i, j, nummodes, numtests;
     char *modestr;
     char filename[256];
     PRFileDesc *file;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECItem item;
     PRBool finished;
     SECStatus rv = SECSuccess, srv;
 
     PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo));
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     cipherInfo.arena = arena;
 
@@ -3224,17 +3224,17 @@ blapi_selftest(bltestCipherMode *modes, 
     }
     return rv;
 }
 
 SECStatus
 dump_file(bltestCipherMode mode, char *filename)
 {
     bltestIO keydata;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     if (mode == bltestRSA) {
 	RSAPrivateKey *key;
 	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
 	key = rsakey_from_filedata(&keydata.buf);
 	dump_rsakey(key);
     } else if (mode == bltestDSA) {
 #if 0
@@ -3837,17 +3837,17 @@ int main(int argc, char **argv)
         cipherInfo->mCarlo = PR_FALSE;
     }
 
     for (curThrdNum = 0;curThrdNum < threads;curThrdNum++) {
         int            keysize = 0;
         PRFileDesc     *file = NULL, *infile;
         bltestParams   *params;
         char           *instr = NULL;
-        PRArenaPool    *arena;
+        PLArenaPool    *arena;
 
         if (curThrdNum > 0) {
             bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo);
             if (!newCInfo) {
                 fprintf(stderr, "%s: Can not allocate  memory.\n", progName);
                 goto exit_point;
             }
             newCInfo->mode = cipherInfo->mode;
--- a/security/nss/cmd/certcgi/certcgi.c
+++ b/security/nss/cmd/certcgi/certcgi.c
@@ -638,21 +638,21 @@ get_serial_number(Pair  *data)
 	}
     }
     return serial;
 }
 	
 
 
 typedef SECStatus (* EXTEN_VALUE_ENCODER)
-		(PRArenaPool *extHandle, void *value, SECItem *encodedValue);
+		(PLArenaPool *extHandle, void *value, SECItem *encodedValue);
 
 static SECStatus 
 EncodeAndAddExtensionValue(
-	PRArenaPool          *arena, 
+	PLArenaPool          *arena,
 	void                 *extHandle, 
 	void                 *value, 
 	PRBool 		     criticality,
 	int 		     extenType, 
 	EXTEN_VALUE_ENCODER  EncodeValueFn)
 {
     SECItem                  encodedValue;
     SECStatus                rv;
@@ -708,20 +708,20 @@ AddKeyUsage (void  *extHandle,
 	     (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
 
 }
 
 static CERTOidSequence *
 CreateOidSequence(void)
 {
   CERTOidSequence *rv = (CERTOidSequence *)NULL;
-  PRArenaPool *arena = (PRArenaPool *)NULL;
+  PLArenaPool *arena = (PLArenaPool *)NULL;
 
   arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-  if( (PRArenaPool *)NULL == arena ) {
+  if( (PLArenaPool *)NULL == arena ) {
     goto loser;
   }
 
   rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
   if( (CERTOidSequence *)NULL == rv ) {
     goto loser;
   }
 
@@ -729,17 +729,17 @@ CreateOidSequence(void)
   if( (SECItem **)NULL == rv->oids ) {
     goto loser;
   }
 
   rv->arena = arena;
   return rv;
 
  loser:
-  if( (PRArenaPool *)NULL != arena ) {
+  if( (PLArenaPool *)NULL != arena ) {
     PORT_FreeArena(arena, PR_FALSE);
   }
 
   return (CERTOidSequence *)NULL;
 }
 
 static SECStatus
 AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
@@ -936,17 +936,17 @@ AddSubKeyID(void             *extHandle,
 
 static SECStatus 
 AddAuthKeyID (void              *extHandle,
 	      Pair              *data, 
 	      char              *issuerNameStr, 
 	      CERTCertDBHandle  *handle)
 {
     CERTAuthKeyID               *authKeyID = NULL;    
-    PRArenaPool                 *arena = NULL;
+    PLArenaPool                 *arena = NULL;
     SECStatus                   rv = SECSuccess;
     CERTCertificate             *issuerCert = NULL;
     CERTGeneralName             *genNames;
     CERTName                    *directoryName = NULL;
 
 
     issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1008,17 +1008,17 @@ AddAuthKeyID (void              *extHand
 
 static SECStatus 
 AddPrivKeyUsagePeriod(void             *extHandle, 
 		      Pair             *data, 
 		      CERTCertificate  *cert)
 {
     char *notBeforeStr;
     char *notAfterStr;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     CERTPrivKeyUsagePeriod *pkup;
 
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	error_allocate();
     }
@@ -1434,24 +1434,24 @@ string_to_binary(char  *string)
     }
     rv->len = 0;
     while (*string != '\0') {
 	if (isxdigit(*string)) {
 	    if (*string >= '0' && *string <= '9') {
 		high_digit = *string - '0';
 	    } else {
 		*string = toupper(*string);
-		high_digit = *string - 'A';
+		high_digit = *string - 'A' + 10;
 	    }
 	    string++;
 	    if (*string >= '0' && *string <= '9') {
 		low_digit = *string - '0';
 	    } else {
 		*string = toupper(*string);
-		low_digit = *string = 'A';
+		low_digit = *string - 'A' + 10;
 	    }
 	    (rv->len)++;
 	} else {
 	    if (*string == ':') {
 		string++;
 	    } else {
 		if (*string == ' ') {
 		    while (*string == ' ') {
@@ -1466,17 +1466,17 @@ string_to_binary(char  *string)
     }
 
     return rv;
 }
 
 static SECStatus
 MakeGeneralName(char             *name, 
 		CERTGeneralName  *genName,
-		PRArenaPool      *arena)
+		PLArenaPool      *arena)
 {
     SECItem                      *oid;
     SECOidData                   *oidData;
     SECItem                      *ipaddress;
     SECItem                      *temp = NULL;
     int                          i;
     int                          nameType;
     PRBool                       binary = PR_FALSE;
@@ -1606,17 +1606,17 @@ MakeGeneralName(char             *name,
     genName->l.prev = &(genName->l);
     return rv;
 }
 
 
 static CERTGeneralName *
 MakeAltName(Pair             *data, 
 	    char             *which, 
-	    PRArenaPool      *arena)
+	    PLArenaPool      *arena)
 {
     CERTGeneralName          *SubAltName;
     CERTGeneralName          *current;
     CERTGeneralName          *newname;
     char                     *name = NULL;
     SECStatus                rv = SECSuccess;
     int                      len;
     
@@ -1667,17 +1667,17 @@ MakeAltName(Pair             *data,
     if (rv == SECFailure) {
 	return NULL;
     }
     return SubAltName;
 }
 
 static CERTNameConstraints *
 MakeNameConstraints(Pair             *data, 
-		    PRArenaPool      *arena)
+		    PLArenaPool      *arena)
 {
     CERTNameConstraints      *NameConstraints;
     CERTNameConstraint       *current = NULL;
     CERTNameConstraint       *last_permited = NULL;
     CERTNameConstraint       *last_excluded = NULL;
     char                     *constraint = NULL;
     char                     *which;
     SECStatus                rv = SECSuccess;
@@ -1789,17 +1789,17 @@ MakeNameConstraints(Pair             *da
 static SECStatus
 AddAltName(void              *extHandle,
 	   Pair              *data,
 	   char              *issuerNameStr, 
 	   CERTCertDBHandle  *handle,
 	   int               type)
 {
     PRBool             autoIssuer = PR_FALSE;
-    PRArenaPool        *arena = NULL;
+    PLArenaPool        *arena = NULL;
     CERTGeneralName    *genName = NULL;
     char               *which = NULL;
     char               *name = NULL;
     SECStatus          rv = SECSuccess;
     SECItem            *issuersAltName = NULL;
     CERTCertificate    *issuerCert = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1859,17 +1859,17 @@ AddAltName(void              *extHandle,
     return rv;
 }
 
 
 static SECStatus
 AddNameConstraints(void  *extHandle,
 		   Pair  *data)
 {
-    PRArenaPool         *arena = NULL;
+    PLArenaPool         *arena = NULL;
     CERTNameConstraints *constraints = NULL;
     SECStatus           rv = SECSuccess;
 
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	error_allocate();
     }
@@ -2106,17 +2106,17 @@ SignCert(CERTCertificate   *cert,
 	 char              *issuerNameStr,
 	 Pair              *data,
 	 CERTCertDBHandle  *handle,
          int               which_key)
 {
     SECItem                der;
     SECKEYPrivateKey       *caPrivateKey = NULL;
     SECStatus              rv;
-    PRArenaPool            *arena;
+    PLArenaPool            *arena;
     SECOidTag              algID;
 
     if (which_key == 0) {
 	caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); 
     } else {
 	caPrivateKey = privkeys[which_key - 1];
     }
     if (caPrivateKey == NULL) {
--- a/security/nss/cmd/certutil/certext.c
+++ b/security/nss/cmd/certutil/certext.c
@@ -73,17 +73,17 @@ PrintChoicesAndGetAnswer(char* str, char
     if (Gets_s(rBuff, rSize) == NULL) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
     return SECSuccess;
 }
 
 static CERTGeneralName *
-GetGeneralName(PRArenaPool *arena, CERTGeneralName *useExistingName, PRBool onlyOne)
+GetGeneralName(PLArenaPool *arena, CERTGeneralName *useExistingName, PRBool onlyOne)
 {
     CERTGeneralName *namesList = NULL;
     CERTGeneralName *current;
     CERTGeneralName *tail = NULL;
     SECStatus rv = SECSuccess;
     int intValue;
     char buffer[512];
     void *mark;
@@ -209,23 +209,23 @@ GetGeneralName(PRArenaPool *arena, CERTG
     if (rv != SECSuccess) {
         PORT_ArenaRelease (arena, mark);
         namesList = NULL;
     }
     return (namesList);
 }
 
 static CERTGeneralName *
-CreateGeneralName(PRArenaPool *arena)
+CreateGeneralName(PLArenaPool *arena)
 {
   return GetGeneralName(arena, NULL, PR_FALSE);
 }
 
 static SECStatus 
-GetString(PRArenaPool *arena, char *prompt, SECItem *value)
+GetString(PLArenaPool *arena, char *prompt, SECItem *value)
 {
     char buffer[251];
     char *buffPrt;
 
     buffer[0] = '\0';
     value->data = NULL;
     value->len = 0;
     
@@ -373,20 +373,20 @@ AddKeyUsage (void *extHandle, const char
 
 }
 
 
 static CERTOidSequence *
 CreateOidSequence(void)
 {
     CERTOidSequence *rv = (CERTOidSequence *)NULL;
-    PRArenaPool *arena = (PRArenaPool *)NULL;
+    PLArenaPool *arena = (PLArenaPool *)NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if( (PRArenaPool *)NULL == arena ) {
+    if( (PLArenaPool *)NULL == arena ) {
         goto loser;
     }
 
     rv = (CERTOidSequence *)PORT_ArenaZNew(arena, CERTOidSequence);
     if( (CERTOidSequence *)NULL == rv ) {
         goto loser;
     }
 
@@ -394,17 +394,17 @@ CreateOidSequence(void)
     if( (SECItem **)NULL == rv->oids ) {
         goto loser;
     }
 
     rv->arena = arena;
     return rv;
 
 loser:
-    if( (PRArenaPool *)NULL != arena ) {
+    if( (PLArenaPool *)NULL != arena ) {
         PORT_FreeArena(arena, PR_FALSE);
     }
 
     return (CERTOidSequence *)NULL;
 }
 
 static void
 DestroyOidSequence(CERTOidSequence *os)
@@ -661,17 +661,17 @@ AddNscpCertType (void *extHandle, const 
 
     return (CERT_EncodeAndAddBitStrExtension
             (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
              isCriticalExt));
 
 }
 
 static SECStatus 
-AddSubjectAltNames(PRArenaPool *arena, CERTGeneralName **existingListp,
+AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
                    const char *names, CERTGeneralNameType type)
 {
     CERTGeneralName *nameList = NULL;
     CERTGeneralName *current = NULL;
     PRCList *prev = NULL;
     const char *cp;
     char *tbuf;
     SECStatus rv = SECSuccess;
@@ -730,25 +730,25 @@ AddSubjectAltNames(PRArenaPool *arena, C
             current->l.next = &(nameList->l);
             *existingListp = nameList;
         }
     }
     return rv;
 }
 
 static SECStatus 
-AddEmailSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp,
+AddEmailSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
                    const char *emailAddrs)
 {
     return AddSubjectAltNames(arena, existingListp, emailAddrs, 
                               certRFC822Name);
 }
 
 static SECStatus 
-AddDNSSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp,
+AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
                  const char *dnsNames)
 {
     return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName);
 }
 
 
 static SECStatus 
 AddBasicConstraint(void *extHandle)
@@ -779,17 +779,17 @@ AddBasicConstraint(void *extHandle)
     } while (0);
 
     return (rv);
 }
 
 static SECStatus 
 AddNameConstraints(void *extHandle)
 {
-    PRArenaPool              *arena = NULL;
+    PLArenaPool              *arena = NULL;
     CERTNameConstraints      *constraints = NULL;
 
     CERTNameConstraint       *current = NULL;
     CERTNameConstraint       *last_permited = NULL;
     CERTNameConstraint       *last_excluded = NULL;
     SECStatus                rv = SECSuccess;
 
     char buffer[512];
@@ -874,17 +874,17 @@ AddNameConstraints(void *extHandle)
         PORT_FreeArena(arena, PR_FALSE);
     return (rv);
 }
 
 static SECStatus 
 AddAuthKeyID (void *extHandle)
 {
     CERTAuthKeyID *authKeyID = NULL;    
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     PRBool yesNoAns;
 
     do {
         arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
         if ( !arena ) {
             SECU_PrintError(progName, "out of memory");
             GEN_BREAK (SECFailure);
@@ -927,17 +927,17 @@ AddAuthKeyID (void *extHandle)
         PORT_FreeArena (arena, PR_FALSE);
     return (rv);
 }   
     
 static SECStatus 
 AddSubjKeyID (void *extHandle)
 {
     SECItem keyID;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     PRBool yesNoAns;
 
     do {
         arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
         if ( !arena ) {
             SECU_PrintError(progName, "out of memory");
             GEN_BREAK (SECFailure);
@@ -963,17 +963,17 @@ AddSubjKeyID (void *extHandle)
     if (arena)
         PORT_FreeArena (arena, PR_FALSE);
     return (rv);
 }   
 
 static SECStatus 
 AddCrlDistPoint(void *extHandle)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTCrlDistributionPoints *crlDistPoints = NULL;
     CRLDistributionPoint *current;
     SECStatus rv = SECSuccess;
     int count = 0, intValue;
     char buffer[512];
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena )
@@ -1104,17 +1104,17 @@ AddCrlDistPoint(void *extHandle)
 }
 
 
 
 static SECStatus 
 AddPolicyConstraints(void *extHandle)
 {
     CERTCertificatePolicyConstraints *policyConstr;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     SECItem *item, *dummy;
     char buffer[512];
     int value;
     PRBool yesNoAns;
     PRBool skipExt = PR_TRUE;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1188,17 +1188,17 @@ loser:
     return (rv);
 }
 
 
 static SECStatus 
 AddInhibitAnyPolicy(void *extHandle)
 {
     CERTCertificateInhibitAny certInhibitAny;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     SECItem *item, *dummy;
     char buffer[10];
     int value;
     PRBool yesNoAns;
     
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1237,17 +1237,17 @@ loser:
 }
 
 
 static SECStatus 
 AddPolicyMappings(void *extHandle)
 {
     CERTPolicyMap **policyMapArr = NULL;
     CERTPolicyMap *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
         SECU_PrintError(progName, "out of memory");
         return SECFailure;
@@ -1329,17 +1329,17 @@ AddPolicyMappings(void *extHandle)
 
 enum PoliciQualifierEnum {
     cpsPointer = 1,
     userNotice = 2
 };
 
 
 static CERTPolicyQualifier **
-RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
+RequestPolicyQualifiers(PLArenaPool *arena, SECItem *policyID)
 {
     CERTPolicyQualifier **policyQualifArr = NULL;
     CERTPolicyQualifier *current;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
     void *mark;
     SECOidData *oid = NULL;
@@ -1524,17 +1524,17 @@ RequestPolicyQualifiers(PRArenaPool *are
     return (policyQualifArr);
 }
 
 static SECStatus 
 AddCertPolicies(void *extHandle)
 {
     CERTPolicyInfo **certPoliciesArr = NULL;
     CERTPolicyInfo *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
         SECU_PrintError(progName, "out of memory");
         return SECFailure;
@@ -1621,17 +1621,17 @@ enum SubjInfoAccessTypesEnum {
 };
     
 /* Encode and add an AIA or SIA extension */
 static SECStatus 
 AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
 {
     CERTAuthInfoAccess **infoAccArr = NULL;
     CERTAuthInfoAccess *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     int count = 0;
     char buffer[512];
     SECOidData *oid = NULL;
     int intValue = 0;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
@@ -1860,17 +1860,17 @@ AddExtensions(void *extHandle, const cha
             rv = AddInhibitAnyPolicy(extHandle);
             if (rv) {
 		errstring = "InhibitAnyPolicy";
                 break;
 	    }
         }
 
         if (emailAddrs || dnsNames) {
-            PRArenaPool *arena;
+            PLArenaPool *arena;
             CERTGeneralName *namelist = NULL;
             SECItem item = { 0, NULL, 0 };
             
             arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
             if (arena == NULL) {
                 rv = SECFailure;
                 break;
             }
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -46,17 +46,17 @@
 
 char *progName;
 
 static CERTCertificateRequest *
 GetCertRequest(const SECItem *reqDER)
 {
     CERTCertificateRequest *certReq = NULL;
     CERTSignedData signedData;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
 
     do {
 	arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
 	if (arena == NULL) {
 	    GEN_BREAK (SECFailure);
 	}
 	
@@ -185,17 +185,17 @@ CertReq(SECKEYPrivateKey *privk, SECKEYP
         certutilExtnList extnList,
         /*out*/ SECItem *result)
 {
     CERTSubjectPublicKeyInfo *spki;
     CERTCertificateRequest *cr;
     SECItem *encoding;
     SECOidTag signAlgTag;
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     void *extHandle;
     SECItem signedReq = { siBuffer, NULL, 0 };
 
     /* Create info about public key */
     spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
     if (!spki) {
 	SECU_PrintError(progName, "unable to create subject public key");
 	return SECFailure;
@@ -596,17 +596,17 @@ DeleteCert(CERTCertDBHandle *handle, cha
 
 static SECStatus
 ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
              char *certUsage, PRBool checkSig, PRBool logit,
              PRBool ascii, secuPWData *pwdata)
 {
     SECStatus rv;
     CERTCertificate *cert = NULL;
-    int64 timeBoundary;
+    PRTime timeBoundary;
     SECCertificateUsage usage;
     CERTVerifyLog reallog;
     CERTVerifyLog *log = NULL;
 
     if (!certUsage) {
 	    PORT_SetError (SEC_ERROR_INVALID_ARGS);
 	    return (SECFailure);
     }
@@ -1715,17 +1715,17 @@ MakeV1Cert(	CERTCertDBHandle *	handle,
 static SECStatus
 SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, 
          SECOidTag hashAlgTag,
          SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg)
 {
     SECItem der;
     SECKEYPrivateKey *caPrivateKey = NULL;    
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECOidTag algID;
     void *dummy;
 
     if( !selfsign ) {
       CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
       if( (CERTCertificate *)NULL == issuer ) {
         SECU_PrintError(progName, "unable to find issuer with nickname %s", 
 	                issuerNickName);
--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -200,17 +200,17 @@ static const SECKEYPQGParams default_pqg
     { 0, (unsigned char *)G, sizeof(G) }
 };
 
 static SECKEYPQGParams *
 decode_pqg_params(const char *str)
 {
     char *buf;
     unsigned int len;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECKEYPQGParams *params;
     SECStatus status;
  
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
         return NULL;
  
     params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
--- a/security/nss/cmd/checkcert/checkcert.c
+++ b/security/nss/cmd/checkcert/checkcert.c
@@ -196,17 +196,17 @@ OurVerifySignedData(CERTSignedData *sd, 
 }
 
 
 
 
 static
 CERTCertificate *createEmptyCertificate(void)
 {
-    PRArenaPool *arena = 0;
+    PLArenaPool *arena = 0;
     CERTCertificate *c = 0;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	return 0;
     }
 
 
@@ -227,17 +227,17 @@ CERTCertificate *createEmptyCertificate(
 
 int main(int argc, char **argv)
 {
     int rv, verbose=0, force=0;
     int ascii=0, issuerAscii=0;
     char *progName=0;
     PRFileDesc *inFile=0, *issuerCertFile=0;
     SECItem derCert, derIssuerCert;
-    PRArenaPool *arena=0;
+    PLArenaPool *arena=0;
     CERTSignedData *signedData=0;
     CERTCertificate *cert=0, *issuerCert=0;
     SECKEYPublicKey *rsapubkey=0;
     SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
     SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
     SECItem spk;
     int selfSigned=0;
     int invalid=0;
--- a/security/nss/cmd/crlutil/crlgen.c
+++ b/security/nss/cmd/crlutil/crlgen.c
@@ -143,17 +143,17 @@ crlgen_CommitEntryData(PLHashEntry *he, 
     }
     return HT_ENUMERATE_NEXT;
 }
 
 
 
 /* Copy char * datainto allocated in arena SECItem */
 static SECStatus 
-crlgen_SetString(PRArenaPool *arena, const char *dataIn, SECItem *value)
+crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value)
 {
     SECItem item;
 
     PORT_Assert(arena && dataIn);
     if (!arena || !dataIn) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -161,17 +161,17 @@ crlgen_SetString(PRArenaPool *arena, con
     item.data = (void*)dataIn;
     item.len = PORT_Strlen(dataIn);
 
     return SECITEM_CopyItem(arena, value, &item);
 }
 
 /* Creates CERTGeneralName from parsed data for the Authority Key Extension */
 static CERTGeneralName *
-crlgen_GetGeneralName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData,
+crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
                        const char *data)
 {
     CERTGeneralName *namesList = NULL;
     CERTGeneralName *current;
     CERTGeneralName *tail = NULL;
     SECStatus rv = SECSuccess;
     const char *nextChunk = NULL;
     const char *currData = NULL;
@@ -309,17 +309,17 @@ crlgen_GetGeneralName (PRArenaPool *aren
         PORT_ArenaRelease (arena, mark);
         namesList = NULL;
     }
     return (namesList);
 }
 
 /* Creates CERTGeneralName from parsed data for the Authority Key Extension */
 static CERTGeneralName *
-crlgen_DistinguishedName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData,
+crlgen_DistinguishedName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
                           const char *data)
 {
     CERTName *directoryName = NULL;
     CERTGeneralName *current;
     SECStatus rv = SECFailure;
     void *mark;
 
     if (!data)
@@ -360,17 +360,17 @@ crlgen_DistinguishedName (PRArenaPool *a
 
 /* Adding Authority Key ID extension to extension handle. */
 static SECStatus 
 crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData,
                      const char **dataArr)
 {
     void *extHandle = NULL;
     CERTAuthKeyID *authKeyID = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
 
     PORT_Assert(dataArr && crlGenData);
     if (!crlGenData || !dataArr) {
         return SECFailure;
     }
 
     extHandle = crlGenData->crlExtHandle;
@@ -424,17 +424,17 @@ crlgen_AddAuthKeyID (CRLGENGeneratorData
 } 
 
 /* Creates and add Subject Alternative Names extension */
 static SECStatus 
 crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData,
                           const char **dataArr)
 {
     CERTGeneralName *nameList = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     void *extHandle = NULL;
     SECStatus rv = SECSuccess;
 
 
     PORT_Assert(dataArr && crlGenData);
     if (!crlGenData || !dataArr) {
         return SECFailure;
     }
@@ -484,17 +484,17 @@ crlgen_AddIssuerAltNames(CRLGENGenerator
 }
 
 /* Creates and adds CRLNumber extension to extension handle.
  * Since, this is CRL extension, extension handle is the one 
  * related to CRL extensions */
 static SECStatus
 crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECItem encodedItem;
     void *extHandle = crlGenData->crlExtHandle;
     void *dummy;
     SECStatus rv = SECFailure;
     int code = 0;
 
     PORT_Assert(dataArr && crlGenData);
     if (!crlGenData || !dataArr) {
@@ -535,17 +535,17 @@ crlgen_AddCrlNumber(CRLGENGeneratorData 
     return rv;
 
 }
 
 
 /* Creates Cert Revocation Reason code extension. Encodes it and
  * returns as SECItem structure */
 static SECItem*
-crlgen_CreateReasonCode(PRArenaPool *arena, const char **dataArr,
+crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
                         int *extCode)
 {
     SECItem *encodedItem;
     void *dummy;
     void *mark;
     int code = 0;
 
     PORT_Assert(arena && dataArr);
@@ -585,17 +585,17 @@ crlgen_CreateReasonCode(PRArenaPool *are
   loser:
     PORT_ArenaRelease (arena, mark);
     return NULL;
 }
 
 /* Creates Cert Invalidity Date extension. Encodes it and
  * returns as SECItem structure */
 static SECItem*
-crlgen_CreateInvalidityDate(PRArenaPool *arena, const char **dataArr,
+crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
                        int *extCode)
 {
     SECItem *encodedItem;
     int length = 0;
     void *mark;
 
     PORT_Assert(arena && dataArr);
     if (!arena || !dataArr) {
@@ -629,26 +629,26 @@ crlgen_CreateInvalidityDate(PRArenaPool 
 }
 
 /* Creates(by calling extCreator function) and adds extension to a set
  * of already added certs. Uses values of rangeFrom and rangeTo from
  * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */
 static SECStatus
 crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
                          const char **dataArr, char *extName,
-                         SECItem* (*extCreator)(PRArenaPool *arena,
+                         SECItem* (*extCreator)(PLArenaPool *arena,
                                                 const char **dataArr,
                                                 int *extCode))
 {
     PRUint64 i = 0;
     SECStatus rv = SECFailure;
     int extCode = 0;
     PRUint64 lastRange ;
     SECItem *ext = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
 
     PORT_Assert(crlGenData &&  dataArr);
     if (!crlGenData || !dataArr) {
         goto loser;
     } 
     
     if (!dataArr[0] || !dataArr[1]) {
@@ -714,17 +714,17 @@ crlgen_AddEntryExtension(CRLGENGenerator
 
 
 /* Commits all added entries and their's extensions into CRL. */
 SECStatus
 CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData)
 {
     int size = 0;
     CERTCrl *crl;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv = SECSuccess;
     void *mark;
 
     PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena);
     if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -893,17 +893,17 @@ crlgen_SetIssuerField(CRLGENGeneratorDat
 }
 
 /* Encode and sets CRL thisUpdate and nextUpdate time fields*/
 static SECStatus
 crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value,
                     PRBool setThisUpdate)
 {
     CERTSignedCrl *signCrl;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCrl *crl;
     int length = 0;
     SECItem *timeDest = NULL;
 
     PORT_Assert(crlGenData && crlGenData->signCrl &&
                 crlGenData->signCrl->arena);
     if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -982,17 +982,17 @@ crlgen_AddExtension(CRLGENGeneratorData 
  * adds it to entryDataHashTable. certId can be a single cert serial
  * number or an inclusive rage of certs */
 static SECStatus
 crlgen_AddCert(CRLGENGeneratorData *crlGenData,
         char *certId, char *revocationDate)
 {
     CERTSignedCrl *signCrl;
     SECItem *certIdItem;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     PRUint64 rangeFrom = 0, rangeTo = 0, i = 0;
     int timeValLength = -1;
     SECStatus rv = SECFailure;
     void *mark;
 
 
     PORT_Assert(crlGenData && crlGenData->signCrl &&
                 crlGenData->signCrl->arena);
@@ -1074,17 +1074,17 @@ crlgen_AddCert(CRLGENGeneratorData *crlG
 
 
 /* Removes certs from entryDataHashTable which have certId serial number.
  * certId can have value of a range of certs */
 static SECStatus
 crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId)
 {
     PRUint64 i = 0;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 
     PORT_Assert(crlGenData && certId);
     if (!crlGenData || !certId) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     arena = crlGenData->signCrl->arena;
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -33,17 +33,17 @@ static CERTSignedCrl *FindCRL
     SECItem derName;
 
     derName.data = NULL;
     derName.len = 0;
 
     cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, name);
     if (!cert) {
         CERTName *certName = NULL;
-        PRArenaPool *arena = NULL;
+        PLArenaPool *arena = NULL;
     
         certName = CERT_AsciiToName(name);
         if (certName) {
             arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
             if (arena) {
                 SECItem *nameItem = 
                     SEC_ASN1EncodeItem (arena, NULL, (void *)certName,
                                         SEC_ASN1_GET(CERT_NameTemplate));
@@ -88,17 +88,17 @@ static SECStatus DisplayCRL (CERTCertDBH
     return SECFailure;
 }
 
 static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls)
 {
     CERTCrlHeadNode *crlList = NULL;
     CERTCrlNode *crlNode = NULL;
     CERTName *name = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
 
     do {
 	arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
 	if (arena == NULL) {
 	    fprintf(stderr, "%s: fail to allocate memory\n", progName);
 	    break;
 	}
@@ -279,17 +279,17 @@ SECStatus ImportCRL (CERTCertDBHandle *c
         PK11_FreeSlot(slot);
     }
     return (rv);
 }
 
 SECStatus DumpCRL(PRFileDesc *inFile)
 {
     int rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedCrl *newCrl = NULL;
     
     SECItem crlDER;
     crlDER.data = NULL;
 
     /* Read in the entire file specified with the -f argument */
     rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
     if (rv != SECSuccess) {
@@ -357,25 +357,25 @@ FindSigningCert(CERTCertDBHandle *certHa
     if (certTemp)
         CERT_DestroyCertificate(certTemp);
     if (cert && rv != SECSuccess)
         CERT_DestroyCertificate(cert);
     return cert;
 }
 
 static CERTSignedCrl*
-CreateModifiedCRLCopy(PRArenaPool *arena, CERTCertDBHandle *certHandle,
+CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
                 CERTCertificate **cert, char *certNickName,
                 PRFileDesc *inFile, PRInt32 decodeOptions,
                 PRInt32 importOptions)
 {
     SECItem crlDER = {0, NULL, 0};
     CERTSignedCrl *signCrl = NULL;
     CERTSignedCrl *modCrl = NULL;
-    PRArenaPool *modArena = NULL;
+    PLArenaPool *modArena = NULL;
     SECStatus rv = SECSuccess;
 
     if (!arena || !certHandle || !certNickName) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         SECU_PrintError(progName, "CreateModifiedCRLCopy: invalid args\n");
         return NULL;
     }
 
@@ -459,17 +459,17 @@ CreateModifiedCRLCopy(PRArenaPool *arena
         SEC_DestroyCrl(signCrl);
         signCrl = NULL;
     }
     return signCrl;
 }
 
 
 static CERTSignedCrl*
-CreateNewCrl(PRArenaPool *arena, CERTCertDBHandle *certHandle,
+CreateNewCrl(PLArenaPool *arena, CERTCertDBHandle *certHandle,
              CERTCertificate *cert)
 { 
     CERTSignedCrl *signCrl = NULL;
     void *dummy = NULL;
     SECStatus rv;
     void* mark = NULL;
 
     /* if the CERTSignedCrl structure changes, this function will need to be
@@ -668,17 +668,17 @@ GenerateCRL (CERTCertDBHandle *certHandl
 	     PRFileDesc *inCrlInitFile,  PRFileDesc *inFile,
 	     char *outFileName, int ascii, char *slotName,
 	     PRInt32 importOptions, char *alg, PRBool quiet,
              PRInt32 decodeOptions, char *url, secuPWData *pwdata,
              int modifyFlag)
 {
     CERTCertificate *cert = NULL;
     CERTSignedCrl *signCrl = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
 
     if (alg) {
         hashAlgTag = SECU_StringToSignatureAlgTag(alg);
         if (hashAlgTag == SEC_OID_UNKNOWN) {
             SECU_PrintError(progName, "%s -Z:  %s is not a recognized type.\n",
                             progName, alg);
--- a/security/nss/cmd/crmf-cgi/crmfcgi.c
+++ b/security/nss/cmd/crmf-cgi/crmfcgi.c
@@ -275,17 +275,17 @@ dumpErrorMessage(ErrorCode errNum)
   }
   printf ("<i>More useful information here in the future.</i></body></html>");
 }
 
 ErrorCode
 initOldCertReq(CERTCertificateRequest *oldCertReq,
 	       CERTName *subject, CERTSubjectPublicKeyInfo *spki)
 {
-  PRArenaPool *poolp;
+  PLArenaPool *poolp;
 
   poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   SEC_ASN1EncodeInteger(poolp, &oldCertReq->version, 
 			SEC_CERTIFICATE_VERSION_3);
   CERT_CopyName(poolp, &oldCertReq->subject, subject);
   SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo,
 				  spki);
   oldCertReq->attributes = NULL;
@@ -489,17 +489,17 @@ createCMMFResponse(CertResponseInfo *iss
 		   CERTCertificate *issuerCert, char **base64der)
 {
  CMMFCertRepContent *certRepContent=NULL;
   ErrorCode rv = NO_ERROR;
   CMMFCertResponse **responses, *currResponse;
   CERTCertList *caList;
   int i;
   SECStatus srv;
-  PRArenaPool *poolp;
+  PLArenaPool *poolp;
   SECItem *der;
 
   certRepContent = CMMF_CreateCertRepContent();
   if (certRepContent == NULL) {
     rv = ERROR_CREATING_CERT_REP_CONTENT;
     goto loser;
   }
   responses = PORT_NewArray(CMMFCertResponse*, numCerts);
@@ -778,17 +778,17 @@ ErrorCode
 issueChallenge(CertResponseInfo *issuedCerts, int numCerts, 
 	       ChallengeCreationInfo *challInfo, int numChalls,
 	       CERTCertificate *issuer, CGIVarTable *varTable)
 {
   ErrorCode rv = NO_ERROR;
   CMMFPOPODecKeyChallContent *chalContent = NULL;
   int i;
   SECStatus srv;
-  PRArenaPool *poolp;
+  PLArenaPool *poolp;
   CERTGeneralName *genName;
   SECItem *challDER = NULL;
   char *chall64, *certRepContentDER;
 
   rv = createCMMFResponse(issuedCerts, numCerts, issuer, 
 			  &certRepContentDER);
   if (rv != NO_ERROR) {
     goto loser;
--- a/security/nss/cmd/crmftest/testcrmf.c
+++ b/security/nss/cmd/crmftest/testcrmf.c
@@ -1189,17 +1189,17 @@ DoKeyRecovery( SECKEYPrivateKey *privKey
 int
 DoChallengeResponse(SECKEYPrivateKey *privKey,
 		    SECKEYPublicKey *pubKey)
 {
     CMMFPOPODecKeyChallContent *chalContent = NULL;
     CMMFPOPODecKeyRespContent  *respContent = NULL;
     CERTCertificate            *myCert      = NULL;
     CERTGeneralName            *myGenName   = NULL;
-    PRArenaPool                *poolp       = NULL;
+    PLArenaPool                *poolp       = NULL;
     PRFileDesc                 *fileDesc;
     SECItem                    *publicValue;
     SECItem                    *keyID;
     SECKEYPrivateKey           *foundPrivKey;
     long                       *randomNums;
     int                         numChallengesFound   = 0;
     int                         numChallengesSet     = 1;
     int                         i;
--- a/security/nss/cmd/dbck/dbck.c
+++ b/security/nss/cmd/dbck/dbck.c
@@ -95,30 +95,30 @@ typedef struct certDBEntryListNodeStr  c
  * A list node for a cert db entry.  The index is a unique identifier
  * to use for creating generic maps of a db.  This struct handles
  * the cert, nickname, and smime db entry types, as all three have a
  * single handle to a subject entry.
  * This structure is pointed to by certDBEntryListNode->appData.
  */
 typedef struct 
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int index;
     certDBEntryListNode *pSubject;
 } certDBEntryMap;
 
 /*
  * Subject entry is special case, it has bidirectional handles.  One
  * subject entry can point to several certs (using the same DN), and
  * a nickname and/or smime entry.
  * This structure is pointed to by certDBEntryListNode->appData.
  */
 typedef struct
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int index;
     int numCerts;
     certDBEntryListNode **pCerts;
     certDBEntryListNode *pNickname;
     certDBEntryListNode *pSMime;
 } certDBSubjectEntryMap;
 
 /*
@@ -251,17 +251,17 @@ dumpCertificate(CERTCertificate *cert, i
     PR_fprintf(outfile, "----------------\n");
     if (userCert)
 	PR_fprintf(outfile, "(User Cert)\n");
     PR_fprintf(outfile, "## SUBJECT:  %s\n", cert->subjectName);
     PR_fprintf(outfile, "## ISSUER:  %s\n", cert->issuerName);
     PR_fprintf(outfile, "## SERIAL NUMBER:  ");
     printHexString(outfile, &cert->serialNumber);
     {  /*  XXX should be separate function.  */
-	int64 timeBefore, timeAfter;
+	PRTime timeBefore, timeAfter;
 	PRExplodedTime beforePrintable, afterPrintable;
 	char *beforestr, *afterstr;
 	DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
 	DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
 	PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
 	PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
 	beforestr = PORT_Alloc(100);
 	afterstr = PORT_Alloc(100);
@@ -355,17 +355,17 @@ dumpSMimeEntry(certDBEntrySMime *entry, 
 SECStatus
 mapCertEntries(certDBArray *dbArray)
 {
     certDBEntryCert *certEntry;
     certDBEntrySubject *subjectEntry;
     certDBEntryListNode *certNode, *subjNode;
     certDBSubjectEntryMap *smap;
     certDBEntryMap *map;
-    PRArenaPool *tmparena;
+    PLArenaPool *tmparena;
     SECItem derSubject;
     SECItem certKey;
     PRCList *cElem, *sElem;
 
     /* Arena for decoded entries */
     tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (tmparena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -919,17 +919,17 @@ SEC_GetCertDBEntryList(SECItem *dbdata, 
 int
 fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, 
                  certDBEntryListNode *list)
 {
     PRCList *elem;
     certDBEntryListNode *node;
     certDBEntryMap *mnode;
     certDBSubjectEntryMap *smnode;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int count = 0;
 
     /* Initialize a dummy entry in the list.  The list head will be the
      * next element, so this element is skipped by for loops.
      */
     PR_INIT_CLIST((PRCList *)list);
     /* Collect all of the cert db entries for this type into a list. */
     nsslowcert_TraverseDBEntries(handle, type, SEC_GetCertDBEntryList, list);
--- a/security/nss/cmd/dbck/dbrecover.c
+++ b/security/nss/cmd/dbck/dbrecover.c
@@ -169,17 +169,17 @@ getCertsToDelete(char *numlist, int len,
     }
 }
 
 PRBool
 userSaysDeleteCert(CERTCertificate **certs, int nCerts,
                    int errtype, dbRestoreInfo *info, int *certNums)
 {
     char response[32];
-    int32 nb;
+    PRInt32 nb;
     int i;
     /*  User wants to remove cert without prompting.  */
     if (info->promptUser[errtype] == PR_FALSE)
 	return (info->removeType[errtype]);
     switch (errtype) {
     case dbInvalidCert:
 	PR_fprintf(PR_STDOUT, "********  Expired ********\n");
 	PR_fprintf(PR_STDOUT, "Cert has expired.\n\n");
--- a/security/nss/cmd/derdump/derdump.c
+++ b/security/nss/cmd/derdump/derdump.c
@@ -29,17 +29,17 @@ static void Usage(char *progName)
 
 int main(int argc, char **argv)
 {
     char *progName;
     FILE *outFile;
     PRFileDesc *inFile;
     SECItem der;
     SECStatus rv;
-    int16 xp_error;
+    PRInt16 xp_error;
     PRBool raw = PR_FALSE;
     PLOptState *optstate;
     PLOptStatus status;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
 
     /* Parse command line arguments */
--- a/security/nss/cmd/ecperf/ecperf.c
+++ b/security/nss/cmd/ecperf/ecperf.c
@@ -299,17 +299,17 @@ M_TimeOperation(void (*threadFunc)(void 
 
 /*
  * Initializes a SECItem from a hexadecimal string
  *
  * Warning: This function ignores leading 00's, so any leading 00's
  * in the hexadecimal string must be optional.
  */
 static SECItem *
-hexString2SECItem(PRArenaPool *arena, SECItem *item, const char *str)
+hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
 {
     int i = 0;
     int byteval = 0;
     int tmp = PORT_Strlen(str);
 
     if ((tmp % 2) != 0) return NULL;
     
     /* skip leading 00's unless the hex string is "00" */
--- a/security/nss/cmd/fipstest/fipstest.c
+++ b/security/nss/cmd/fipstest/fipstest.c
@@ -21,17 +21,17 @@
 #if 0
 #include "../../lib/freebl/mpi/mpi.h"
 #endif
 
 #ifdef NSS_ENABLE_ECC
 extern SECStatus
 EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
 extern SECStatus
-EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
               const ECParams *srcParams);
 #endif
 
 #define ENCRYPT 1
 #define DECRYPT 0
 #define BYTE unsigned char
 #define DEFAULT_RSA_PUBLIC_EXPONENT   0x10001
 #define RSA_MAX_TEST_MODULUS_BITS     4096
@@ -3306,29 +3306,29 @@ fips_hashOid(HASH_HashType type)
 
 HASH_HashType
 sha_get_hashType(int hashbits)
 {
     HASH_HashType hashType = HASH_AlgNULL;
 
     switch (hashbits) {
     case 1:
-    case (SHA1_LENGTH*BITS_PER_BYTE): 
+    case (SHA1_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA1;
 	break;
-    case (SHA224_LENGTH*BITS_PER_BYTE): 
+    case (SHA224_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA224;
 	break;
-    case (SHA256_LENGTH*BITS_PER_BYTE): 
+    case (SHA256_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA256;
 	break;
-    case (SHA384_LENGTH*BITS_PER_BYTE): 
+    case (SHA384_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA384;
 	break;
-    case (SHA512_LENGTH*BITS_PER_BYTE): 
+    case (SHA512_LENGTH*PR_BITS_PER_BYTE):
 	hashType = HASH_AlgSHA512;
 	break;
     default:
 	break;
     }
     return hashType;
 }
 
@@ -3337,17 +3337,17 @@ sha_get_hashType(int hashbits)
  *
  * MD = Message digest 
  * MDLen = length of Message Digest and SHA_Type
  * msg = message to digest 
  * msgLen = length of message to digest
  */
 SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen) 
 {    
-    HASH_HashType  hashType = sha_get_hashType(MDLen*BITS_PER_BYTE);
+    HASH_HashType  hashType = sha_get_hashType(MDLen*PR_BITS_PER_BYTE);
 
     return fips_hashBuf(hashType, MD, msg, msgLen);
 }
 
 /*
  * Perform the SHA Monte Carlo Test
  *
  * MDLen = length of Message Digest and SHA_Type
@@ -3656,17 +3656,17 @@ void hmac_test(char *reqfn)
         if (buf[0] == '[') {
             if (strncmp(&buf[1], "L ", 1) == 0) {
                 i = 2;
                 while (isspace(buf[i]) || buf[i] == '=') {
                     i++;
                 }
                 /* HMACLen will get reused for Tlen */
                 HMACLen = atoi(&buf[i]);
-		hash_alg = sha_get_hashType(HMACLen*BITS_PER_BYTE);
+		hash_alg = sha_get_hashType(HMACLen*PR_BITS_PER_BYTE);
 		if (hash_alg == HASH_AlgNULL) {
 		    goto loser;
 		}
                 fputs(buf, resp);
                 continue;
             }
         }
         /* Count = test iteration number*/
--- a/security/nss/cmd/lib/berparse.c
+++ b/security/nss/cmd/lib/berparse.c
@@ -13,18 +13,18 @@ typedef unsigned char Byte;
 typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len);
 typedef struct {
     SECArb arb;
     int pos;			/* length from global start to item start */
     SECArb *parent;
 } ParseStackElem;
 
 struct BERParseStr {
-    PRArenaPool *his;
-    PRArenaPool *mine;
+    PLArenaPool *his;
+    PLArenaPool *mine;
     ParseProc proc;
     int stackDepth;
     ParseStackElem *stackPtr;
     ParseStackElem *stack;
     int pending;		/* bytes remaining to complete this part */
     int pos;			/* running length of consumed characters */
     ParseState state;
     PRBool keepLeaves;
@@ -294,20 +294,20 @@ SECStatus BER_ParseSome(BERParse *h, uns
 		    h->stackPtr = parent;
 		}
 	    }
 
 	}
     }
     return PR_FALSE;
 }
-BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly)
+BERParse *BER_ParseInit(PLArenaPool *arena, PRBool derOnly)
 {
     BERParse *h;
-    PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (temp == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
     h = PORT_ArenaAlloc(temp, sizeof(BERParse));
     if (h == NULL) {
 	PORT_FreeArena(temp, PR_FALSE);
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -327,17 +327,17 @@ BERParse *BER_ParseInit(PRArenaPool *are
     h->after = NULL;
     h->filter = NULL;
     h->derOnly = derOnly;
     return h;
 }
 
 SECArb *BER_ParseFini(BERParse *h)
 {
-    PRArenaPool *myArena = h->mine;
+    PLArenaPool *myArena = h->mine;
     SECArb *arb;
 
     if (h->state != parseComplete) {
 	arb = NULL;
     } else {
 	arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
 	*arb = h->stackPtr->arb;
     }
--- a/security/nss/cmd/lib/pppolicy.c
+++ b/security/nss/cmd/lib/pppolicy.c
@@ -54,17 +54,17 @@ static const SEC_ASN1Template secu_Certi
 	  offsetof(CERTCertificatePolicies, policyInfos),
 	  secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies)  }
 };
 
 
 static CERTCertificatePolicies *
 secu_DecodeCertificatePoliciesExtension(SECItem *extnValue)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTCertificatePolicies *policies;
     CERTPolicyInfo **policyInfos, *policyInfo;
     CERTPolicyQualifier **policyQualifiers, *policyQualifier;
     SECItem newExtnValue;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -689,17 +689,17 @@ secu_PrintTime(FILE *out, const PRTime t
 /*
  * Format and print the UTC Time "t".  If the tag message "m" is not NULL,
  * do indent formatting based on "level" and add a newline afterward;
  * otherwise just print the formatted time string only.
  */
 void
 SECU_PrintUTCTime(FILE *out, const SECItem *t, const char *m, int level)
 {
-    int64 time;
+    PRTime time;
     SECStatus rv;
 
     rv = DER_UTCTimeToTime(&time, t);
     if (rv != SECSuccess)
 	return;
 
     secu_PrintTime(out, time, m, level);
 }
@@ -707,17 +707,17 @@ SECU_PrintUTCTime(FILE *out, const SECIt
 /*
  * Format and print the Generalized Time "t".  If the tag message "m"
  * is not NULL, * do indent formatting based on "level" and add a newline
  * afterward; otherwise just print the formatted time string only.
  */
 void
 SECU_PrintGeneralizedTime(FILE *out, const SECItem *t, const char *m, int level)
 {
-    int64 time;
+    PRTime time;
     SECStatus rv;
 
 
     rv = DER_GeneralizedTimeToTime(&time, t);
     if (rv != SECSuccess)
 	return;
 
     secu_PrintTime(out, time, m, level);
@@ -1127,17 +1127,17 @@ const SEC_ASN1Template secuPBEV2Params[]
     { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
         SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
     { 0 }
 };
 
 void
 secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     SECKEYRSAPSSParams param;
     SECAlgorithmID maskHashAlg;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
@@ -1191,17 +1191,17 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
 	fprintf(out, "Invalid RSA-PSS parameters\n");
     }
     PORT_FreeArena(pool, PR_FALSE);
 }
 
 void
 secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     secuPBEParams param;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
 
@@ -1221,17 +1221,17 @@ secu_PrintKDF2Params(FILE *out, SECItem 
 	SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF algorithm", level+1);
     }
     PORT_FreeArena(pool, PR_FALSE);
 }
 
 void
 secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     secuPBEParams param;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
 
@@ -1248,17 +1248,17 @@ secu_PrintPKCS5V2Params(FILE *out, SECIt
 	SECU_PrintAlgorithmID(out, &param.cipherAlg, "Cipher", level+1);
     }
     PORT_FreeArena(pool, PR_FALSE);
 }
 
 void
 secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
 {
-    PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECStatus rv;
     secuPBEParams param;
 
     if (m) {
 	SECU_Indent(out, level);
 	fprintf (out, "%s:\n", m);
     }
 
@@ -1396,17 +1396,17 @@ SECU_PrintDSAPublicKey(FILE *out, SECKEY
     SECU_Indent(out, level); fprintf(out, "%s:\n", m);
     SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
     SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
     SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
     SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
 }
 
 static void
-secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
+secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
 		       CERTSubjectPublicKeyInfo *i,  char *msg, int level)
 {
     SECKEYPublicKey *pk;
 
     SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
     SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
 
     pk = SECKEY_ExtractPublicKey(i);
@@ -1446,17 +1446,17 @@ loser:
 	}
     }
 }
 
 int
 SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
                                  int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCertificate *c;
     int rv = SEC_ERROR_NO_MEMORY;
     char *derIssuerB64;
     char *derSerialB64;
     
     if (!arena)
         return rv;
 
@@ -1503,17 +1503,17 @@ loser:
     return rv;
 }
 
 static SECStatus
 secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
 {
     SECItem decodedValue;
     SECStatus rv;
-    int64 invalidTime;
+    PRTime invalidTime;
     char *formattedTime = NULL;
 
     decodedValue.data = NULL;
     rv = SEC_ASN1DecodeItem (NULL, &decodedValue, 
 			    SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
 			    value);
     if (rv == SECSuccess) {
 	rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
@@ -2187,17 +2187,17 @@ SECU_PrintCertNickname(CERTCertListNode 
 
     return (SECSuccess);
 }
 
 int
 SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
 {
     CERTCertExtension **extensions = NULL;
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     int rv = 0;
 
     if (!arena) 
 	return SEC_ERROR_NO_MEMORY;
 
     rv = SEC_QuickDERDecodeItem(arena, &extensions, 
 		   SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
     if (!rv)
@@ -2261,17 +2261,17 @@ SECU_PrintCertAttributes(FILE *out, CERT
     	attrs++;
     }
     return rv;
 }
 
 int  /* sometimes a PRErrorCode, other times a SECStatus.  Sigh. */
 SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCertificateRequest *cr;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena) 
 	return rv;
 
     /* Decode certificate request */
     cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
@@ -2295,17 +2295,17 @@ SECU_PrintCertificateRequest(FILE *out, 
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 int
 SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCertificate *c;
     int rv = SEC_ERROR_NO_MEMORY;
     int iv;
     
     if (!arena)
 	return rv;
 
     /* Decode certificate */
@@ -2341,17 +2341,17 @@ SECU_PrintCertificate(FILE *out, const S
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 int
 SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     int          rv    = SEC_ERROR_NO_MEMORY;
     CERTSubjectPublicKeyInfo spki;
 
     if (!arena)
 	return rv;
 
     PORT_Memset(&spki, 0, sizeof spki);
     rv = SEC_ASN1DecodeItem(arena, &spki, 
@@ -2368,17 +2368,17 @@ SECU_PrintSubjectPublicKeyInfo(FILE *out
     PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 #ifdef HAVE_EPV_TEMPLATE
 int
 SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     SECKEYEncryptedPrivateKeyInfo key;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
 	return rv;
 
     PORT_Memset(&key, 0, sizeof(key));
     rv = SEC_ASN1DecodeItem(arena, &key, 
@@ -2790,17 +2790,17 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *
     }  
 
     return 0;
 }
 
 int
 SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCrl *c = NULL;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
     	return rv;
     do {
 	/* Decode CRL */
 	c = PORT_ArenaZNew(arena, CERTCrl);
@@ -2983,17 +2983,17 @@ SECU_PrintTrustFlags(FILE *out, CERTCert
     SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
     printFlags(out, trust->emailFlags, level+2);
     SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
     printFlags(out, trust->objectSigningFlags, level+2);
 }
 
 int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTName *name;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
 	return rv;
 
     name = PORT_ArenaZNew(arena, CERTName);
     if (!name)
@@ -3014,17 +3014,17 @@ typedef enum  {
     withSignature = 1
 } SignatureOptionType;
 
 static int
 secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m,
 			   int level, SECU_PPFunc inner,
                            SignatureOptionType withSignature)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTSignedData *sd;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena)
 	return rv;
 
     /* Strip off the signature */
     sd = PORT_ArenaZNew(arena, CERTSignedData);
@@ -3277,17 +3277,17 @@ SECU_StoreCRL(PK11SlotInfo *slot, SECIte
 
 SECStatus
 SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
                       SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode)
 {
     SECItem der;
     SECKEYPrivateKey *caPrivateKey = NULL;    
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECOidTag algID;
     void *dummy;
 
     PORT_Assert(issuer != NULL && signCrl != NULL);
     if (!issuer || !signCrl) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -3355,17 +3355,17 @@ done:
         SECKEY_DestroyPrivateKey(caPrivateKey);
     }
     return rv;
 }
 
 
 
 SECStatus
-SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
+SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
 {
     void *dummy;
     SECStatus rv = SECSuccess;
     SECItem der;
 
     PORT_Assert(destArena && srcCrl && destCrl);
     if (!destArena || !srcCrl || !destCrl) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -3387,17 +3387,17 @@ SECU_CopyCRL(PRArenaPool *destArena, CER
     }
     
     destCrl->arena = destArena;
 
     return rv;
 }
 
 SECStatus
-SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
+SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
                     unsigned char *buf, int len, SECKEYPrivateKey *pk,
                     SECOidTag algID)
 {
     SECItem it;
     SECStatus rv;
 
     it.data = 0;
 
@@ -3425,17 +3425,17 @@ SECU_DerSignDataCRL(PRArenaPool *arena, 
     return rv;
 }
 
 #if 0
 
 /* we need access to the private function cert_FindExtension for this code to work */
 
 CERTAuthKeyID *
-SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *scrl)
+SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *scrl)
 {
     SECItem encodedExtenValue;
     SECStatus rv;
     CERTAuthKeyID *ret;
     CERTCrl* crl;
 
     if (!scrl) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -3503,17 +3503,17 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbh
         CERT_DestroyCertList(certList);
     }
     return(issuerCert);
 }
 
 
 /* Encodes and adds extensions to the CRL or CRL entries. */
 SECStatus 
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, 
+SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle, 
                                 void *value, PRBool criticality, int extenType, 
                                 EXTEN_EXT_VALUE_ENCODER EncodeValueFn)
 {
     SECItem encodedValue;
     SECStatus rv;
 
     encodedValue.data = NULL;
     encodedValue.len = 0;
--- a/security/nss/cmd/makepqg/makepqg.c
+++ b/security/nss/cmd/makepqg/makepqg.c
@@ -49,17 +49,17 @@ Usage(void)
     exit(-1);
 
 }
 
 SECStatus
 outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw,
                 FILE * outFile)
 {
-    PRArenaPool   * arena 		= NULL;
+    PLArenaPool   * arena 		= NULL;
     char          * PQG;
     SECItem       * pItem;
     int             cc;
     SECStatus       rv;
     SECItem         encodedParams;
 
     if (output_raw) {
     	SECItem item;
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -42,17 +42,17 @@ DIRS = lib  \
  pkix-errcodes \
  pp  \
  pwdecrypt \
  rsaperf \
  sdrtest \
  selfserv  \
  signtool \
  signver \
- shlibsign \
+ $(SHLIBSIGN_SRCDIR) \
  smimetools  \
  ssltap  \
  strsclnt \
  symkeyutil \
  tests \
  tstclnt  \
  vfychain \
  vfyserv \
--- a/security/nss/cmd/ocspclnt/ocspclnt.c
+++ b/security/nss/cmd/ocspclnt/ocspclnt.c
@@ -249,17 +249,17 @@ loser:
  */
 static SECStatus
 create_request (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
 		PRBool add_service_locator, PRBool add_acceptable_responses)
 {
     CERTCertList *certs = NULL;
     CERTCertificate *myCert = NULL;
     CERTOCSPRequest *request = NULL;
-    int64 now = PR_Now();
+    PRTime now = PR_Now();
     SECItem *encoding = NULL;
     SECStatus rv = SECFailure;
 
     if (handle == NULL || cert == NULL)
 	return rv;
 
     myCert = CERT_DupCertificate(cert);
     if (myCert == NULL)
@@ -324,17 +324,17 @@ loser:
  */
 static SECStatus
 dump_response (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
 	       const char *responder_url)
 {
     CERTCertList *certs = NULL;
     CERTCertificate *myCert = NULL;
     char *loc = NULL;
-    int64 now = PR_Now();
+    PRTime now = PR_Now();
     SECItem *response = NULL;
     SECStatus rv = SECFailure;
     PRBool includeServiceLocator;
 
     if (handle == NULL || cert == NULL)
 	return rv;
 
     myCert = CERT_DupCertificate(cert);
@@ -395,17 +395,17 @@ loser:
 
 /*
  * Get the status for the specified certificate (whose nickname is "cert_name").
  * Directly use the OCSP function rather than doing a full verification.
  */
 static SECStatus
 get_cert_status (FILE *out_file, CERTCertDBHandle *handle,
 		 CERTCertificate *cert, const char *cert_name,
-                 int64 verify_time)
+		 PRTime verify_time)
 {
     SECStatus rv = SECFailure;
 
     if (handle == NULL || cert == NULL)
 	goto loser;
 
     rv = CERT_CheckOCSPStatus (handle, cert, verify_time, NULL);
 
@@ -431,17 +431,17 @@ loser:
 
 /*
  * Verify the specified certificate (whose nickname is "cert_name").
  * OCSP is already turned on, so we just need to call the standard
  * certificate verification API and let it do all the work.
  */
 static SECStatus
 verify_cert (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
-	     const char *cert_name, SECCertUsage cert_usage, int64 verify_time)
+	     const char *cert_name, SECCertUsage cert_usage, PRTime verify_time)
 {
     SECStatus rv = SECFailure;
 
     if (handle == NULL || cert == NULL)
 	return rv;
 
     rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time,
 			  NULL, NULL);
@@ -960,17 +960,17 @@ main (int argc, char **argv)
     const char	*db_dir, *date_str, *cert_usage_str, *name;
     const char	*responder_name, *responder_url, *signer_name;
     PRBool	 add_acceptable_responses, add_service_locator;
     SECItem	*data = NULL;
     PLOptState	*optstate;
     SECStatus	 rv;
     CERTCertDBHandle *handle = NULL;
     SECCertUsage cert_usage;
-    int64	 verify_time;
+    PRTime	 verify_time;
     CERTCertificate *cert = NULL;
     PRBool ascii = PR_FALSE;
 
     retval = -1;		/* what we return/exit with on error */
 
     program_name = PL_strrchr(argv[0], '/');
     program_name = program_name ? (program_name + 1) : argv[0];
 
--- a/security/nss/cmd/ocspresp/ocspresp.c
+++ b/security/nss/cmd/ocspresp/ocspresp.c
@@ -31,17 +31,17 @@ getCaAndSubjectCert(CERTCertDBHandle *ce
                     CERTCertificate **outCA, CERTCertificate **outCert)
 {
     *outCA = CERT_FindCertByNickname(certHandle, caNick);
     *outCert = CERT_FindCertByNickname(certHandle, eeNick);
     return *outCA && *outCert;
 }
 
 static SECItem *
-encode(PRArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
+encode(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
 {
     SECItem *response;
     PRTime now = PR_Now();
     PRTime nextUpdate;
     CERTOCSPSingleResponse **responses;
     CERTOCSPSingleResponse *sr;
 
     if (!arena)
@@ -61,17 +61,17 @@ encode(PRArenaPool *arena, CERTOCSPCertI
     
     response = CERT_CreateEncodedOCSPSuccessResponse(
         arena, ca, ocspResponderID_byName, now, responses, &pwdata);
 
     return response;
 }
 
 static SECItem *
-encodeRevoked(PRArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
+encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
 {
     SECItem *response;
     PRTime now = PR_Now();
     PRTime revocationTime;
     CERTOCSPSingleResponse **responses;
     CERTOCSPSingleResponse *sr;
 
     if (!arena)
@@ -119,17 +119,17 @@ int Usage(void)
 int
 main(int argc, char **argv)
 {
     SECStatus rv;
     int retval = -1;
     CERTCertDBHandle *certHandle = NULL;
     CERTCertificate *caCert = NULL, *cert = NULL;
     CERTOCSPCertID *cid = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     PRTime now = PR_Now();
     
     SECItem *encoded = NULL;
     CERTOCSPResponse *decoded = NULL;
     SECStatus statusDecoded;
 
     SECItem *encodedRev = NULL;
     CERTOCSPResponse *decodedRev = NULL;
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -239,17 +239,17 @@ p12u_ucs2_ascii_conversion_function(PRBo
 	}
 	printf("\n");
     }
 #endif
     return ret;
 }
 
 SECStatus
-P12U_UnicodeConversion(PRArenaPool *arena, SECItem *dest, SECItem *src,
+P12U_UnicodeConversion(PLArenaPool *arena, SECItem *dest, SECItem *src,
 		       PRBool toUnicode, PRBool swapBytes)
 {
     unsigned int allocLen;
     if(!dest || !src) {
 	return SECFailure;
     }
     allocLen = ((toUnicode) ? (src->len << 2) : src->len);
     if(arena) {
@@ -553,17 +553,17 @@ p12u_WriteToExportFile(void *arg, const 
     }
 
     if(p12cxt->file == NULL) {
 	p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
 	p12cxt->error = PR_TRUE;
 	return;
     }
 
-    writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (int32)len);
+    writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (PRInt32)len);
 
     if(writeLen != (int)len) {
 	PR_Close(p12cxt->file);
 	PL_strfree(p12cxt->filename);
 	p12cxt->filename = NULL;
 	p12cxt->file = NULL;
 	p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
 	p12cxt->error = PR_TRUE;
--- a/security/nss/cmd/pk1sign/pk1sign.c
+++ b/security/nss/cmd/pk1sign/pk1sign.c
@@ -103,17 +103,17 @@ ExportPublicKey(FILE *outFile, CERTCerti
 static int
 SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert)
 {
     SECItem data2sign;
     SECStatus rv;
     char *data;
     SECKEYPrivateKey *privKey;
     SECOidTag algID;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     SECItem *result;
 
     if (outFile == NULL || inFile == NULL || cert == NULL)
         return -1;
 
     /* suck the file in */
     if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE) != SECSuccess)
--- a/security/nss/cmd/platlibs.mk
+++ b/security/nss/cmd/platlibs.mk
@@ -31,21 +31,23 @@ DBMLIB = $(NULL)
 else
 DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) 
 endif
 
 ifdef USE_STATIC_LIBS
 
 DEFINES += -DNSS_USE_STATIC_LIBS
 # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-ifndef USE_SYSTEM_FREEBL
+ifndef NSS_USE_SYSTEM_FREEBL
 CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
 SOFTOKENLIB=$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
 else
-# Use the system freebl and softoken libraries
+# Use the system installed freebl static library and set softoken one to empty.
+# Some tools need to link statically with freebl but none with softoken. Only
+# the softoken shared library, not the static one, is installed in the system.
 CRYPTOLIB=$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
 SOFTOKENLIB=
 EXTRA_SHARED_LIBS += \
 	-L$(SOFTOKEN_LIB_DIR) \
 	-lsoftokn3 \
 	$(NULL)
 endif
 
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -1061,17 +1061,17 @@ reload_crl(PRFileDesc *crlFile)
 void stop_server()
 {
     stopping = 1;
     PR_Interrupt(acceptorThread);
     PZ_TraceFlush();
 }
 
 SECItemArray *
-makeTryLaterOCSPResponse(PRArenaPool *arena)
+makeTryLaterOCSPResponse(PLArenaPool *arena)
 {
     SECItemArray *result = NULL;
     SECItem *ocspResponse = NULL;
 
     ocspResponse = CERT_CreateEncodedOCSPErrorResponse(arena,
 					SEC_ERROR_OCSP_TRY_SERVER_LATER);
     if (!ocspResponse)
 	errExit("cannot created ocspResponse");
@@ -1082,17 +1082,17 @@ makeTryLaterOCSPResponse(PRArenaPool *ar
 
     result->items[0].data = ocspResponse->data;
     result->items[0].len = ocspResponse->len;
 
     return result;
 }
 
 SECItemArray *
-makeCorruptedOCSPResponse(PRArenaPool *arena)
+makeCorruptedOCSPResponse(PLArenaPool *arena)
 {
     SECItemArray *result = NULL;
     SECItem *ocspResponse = NULL;
 
     ocspResponse = SECITEM_AllocItem(arena, NULL, 1);
     if (!ocspResponse)
 	errExit("cannot created ocspResponse");
 
@@ -1102,17 +1102,17 @@ makeCorruptedOCSPResponse(PRArenaPool *a
 
     result->items[0].data = ocspResponse->data;
     result->items[0].len = ocspResponse->len;
 
     return result;
 }
 
 SECItemArray *
-makeSignedOCSPResponse(PRArenaPool *arena, ocspStaplingModeType osm,
+makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
 		       PRFileDesc *model_sock, CERTCertificate *cert)
 {
     SECItemArray *result = NULL;
     SECItem *ocspResponse = NULL;
     CERTOCSPSingleResponse **singleResponses;
     CERTOCSPSingleResponse *sr;
     CERTOCSPCertID *cid = NULL;
     CERTCertificate *ca;
@@ -1211,17 +1211,17 @@ handle_connection(
     int                numIOVs;
     PRSocketOptionData opt;
     PRIOVec            iovs[16];
     char               msgBuf[160];
     char               buf[10240];
     char               fileName[513];
     char               proto[128];
     PRDescIdentity     aboveLayer = PR_INVALID_IO_LAYER;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     ocspStaplingModeType osm;
 
     pBuf   = buf;
     bufRem = sizeof buf;
 
     VLOG(("selfserv: handle_connection: starting"));
     opt.option             = PR_SockOpt_Nonblocking;
     opt.value.non_blocking = PR_FALSE;
--- a/security/nss/cmd/signver/pk7print.c
+++ b/security/nss/cmd/signver/pk7print.c
@@ -72,17 +72,17 @@ sv_PrintInteger(FILE *out, SECItem *i, c
     }
 }
 
 
 int
 sv_PrintTime(FILE *out, SECItem *t, char *m)
 {
     PRExplodedTime printableTime; 
-    int64 time;
+    PRTime time;
     char *timeString;
     int rv;
 
     rv = DER_DecodeTimeChoice(&time, t);
     if (rv) return rv;
 
     /* Convert to local time */
     PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime);
@@ -309,17 +309,17 @@ sv_PrintDSAPublicKey(FILE *out, SECKEYPu
     sv_PrintInteger(out, &pk->u.dsa.params.subPrime, "subprime=");
     fprintf(out, "%s", m);
     sv_PrintInteger(out, &pk->u.dsa.params.base, "base=");
     fprintf(out, "%s", m);
     sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue=");
 }
 
 int
-sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
+sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
                              CERTSubjectPublicKeyInfo *i,  char *msg)
 {
     SECKEYPublicKey *pk;
     int rv;
     char mm[200];
 
     sprintf(mm, "%s.publicKeyAlgorithm=", msg);
     sv_PrintAlgorithmID(out, &i->algorithm, mm);
@@ -353,17 +353,17 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, 
     return 0;
 }
 
 SECStatus
 sv_PrintInvalidDateExten  (FILE *out, SECItem *value, char *msg)
 {
     SECItem decodedValue;
     SECStatus rv;
-    int64 invalidTime;
+    PRTime invalidTime;
     char *formattedTime = NULL;
 
     decodedValue.data = NULL;
     rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
                              SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
                              value);
     if (rv == SECSuccess) {
         rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
@@ -449,17 +449,17 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl,
     sprintf(om, "%ssignedCRLEntriesExtensions.", m); 
     sv_PrintExtensions(out, crl->extensions, om);
 }
 
 
 int
 sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTCertificate *c;
     int rv;
     int iv;
     char mm[200];
     
     /* Decode certificate */
     c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate));
     if (!c) return PORT_GetError();
@@ -498,17 +498,17 @@ sv_PrintCertificate(FILE *out, SECItem *
     
     PORT_FreeArena(arena, PR_FALSE);
     return 0;
 }
 
 int
 sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedData *sd;
     int rv;
 
     /* Strip off the signature */
     sd = (CERTSignedData*) PORT_ZAlloc(sizeof(CERTSignedData));
     if (!sd) return PORT_GetError();
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -1249,21 +1249,16 @@ int main(int argc, char **argv)
 		}
 		FPRINTF(stderr,
 		        "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
 			progName, pollset[SSOCK_FD].out_flags);
 		if (filesReady == 0) {	/* shouldn't happen! */
 		    FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
 		    return 1;
 		}
-		/* Must milliPause between PR_Poll and PR_GetConnectStatus,
-		 * Or else winsock gets mighty confused.
-		 * Sleep(0);
-		 */
-		milliPause(1);
 		status = PR_GetConnectStatus(pollset);
 		if (status == PR_SUCCESS) {
 		    break;
 		}
 		if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
 		    SECU_PrintError(progName, "unable to connect (poll)");
 		    return 1;
 		}
--- a/security/nss/cmd/vfychain/vfychain.c
+++ b/security/nss/cmd/vfychain/vfychain.c
@@ -227,33 +227,33 @@ getCert(const char *name, PRBool isAscii
 #define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
 #define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR     "ignoreDefaultSrc"
 #define REVCONFIG_METHOD_REQUIREINFO_STR          "requireInfo"
 #define REVCONFIG_METHOD_FAILIFNOINFO_STR         "failIfNoInfo" 
 
 #define REV_METHOD_INDEX_MAX  4
 
 typedef struct RevMethodsStruct {
-    uint testType;
+    unsigned int testType;
     char *testTypeStr;
-    uint testFlags;
+    unsigned int testFlags;
     char *testFlagsStr;
-    uint methodType;
+    unsigned int methodType;
     char *methodTypeStr;
-    uint methodFlags;
+    unsigned int methodFlags;
     char *methodFlagsStr;
 } RevMethods;
 
 RevMethods revMethodsData[REV_METHOD_INDEX_MAX];
 
 SECStatus
 parseRevMethodsAndFlags()
 {
     int i;
-    uint testType = 0;
+    unsigned int testType = 0;
 
     for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
         /* testType */
         if (revMethodsData[i].testTypeStr) {
             char *typeStr = revMethodsData[i].testTypeStr;
 
             testType = 0;
             if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_LEAF_STR)) {
@@ -264,30 +264,30 @@ parseRevMethodsAndFlags()
         }
         if (!testType) {
             return SECFailure;
         }
         revMethodsData[i].testType = testType;
         /* testFlags */
         if (revMethodsData[i].testFlagsStr) {
             char *flagStr = revMethodsData[i].testFlagsStr;
-            uint testFlags = 0;
+            unsigned int testFlags = 0;
 
             if (PORT_Strstr(flagStr, REVCONFIG_TEST_TESTLOCALINFOFIRST_STR)) {
                 testFlags |= CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
             } 
             if (PORT_Strstr(flagStr, REVCONFIG_TEST_REQUIREFRESHINFO_STR)) {
                 testFlags |= CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
             }
             revMethodsData[i].testFlags = testFlags;
         }
         /* method type */
         if (revMethodsData[i].methodTypeStr) {
             char *methodStr = revMethodsData[i].methodTypeStr;
-            uint methodType = 0;
+            unsigned int methodType = 0;
             
             if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_CRL_STR)) {
                 methodType = REVCONFIG_METHOD_CRL;
             } else if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_OCSP_STR)) {
                 methodType = REVCONFIG_METHOD_OCSP;
             }
             if (!methodType) {
                 return SECFailure;
@@ -296,17 +296,17 @@ parseRevMethodsAndFlags()
         }
         if (!revMethodsData[i].methodType) {
             revMethodsData[i].testType = REVCONFIG_TEST_UNDEFINED;
             continue;
         }
         /* method flags */
         if (revMethodsData[i].methodFlagsStr) {
             char *flagStr = revMethodsData[i].methodFlagsStr;
-            uint methodFlags = 0;
+            unsigned int methodFlags = 0;
 
             if (!PORT_Strstr(flagStr, REVCONFIG_METHOD_DONOTUSEMETHOD_STR)) {
                 methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
             } 
             if (PORT_Strstr(flagStr,
                             REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR)) {
                 methodFlags |= CERT_REV_M_FORBID_NETWORK_FETCHING;
             }
@@ -326,17 +326,17 @@ parseRevMethodsAndFlags()
     }
     return SECSuccess;
 }
 
 SECStatus
 configureRevocationParams(CERTRevocationFlags *flags)
 {
    int i;
-   uint testType = REVCONFIG_TEST_UNDEFINED;
+   unsigned int testType = REVCONFIG_TEST_UNDEFINED;
    static CERTRevocationTests *revTests = NULL;
    PRUint64 *revFlags;
 
    for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
        if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
            continue;
        }
        if (revMethodsData[i].testType != testType) {
@@ -606,17 +606,17 @@ breakout:
                 static CERTValInParam cvin[7];
                 SECOidTag oidTag;
                 int inParamIndex = 0;
                 static PRUint64 revFlagsLeaf[2];
                 static PRUint64 revFlagsChain[2];
                 static CERTRevocationFlags rev;
                 
                 if (oidStr) {
-                    PRArenaPool *arena;
+                    PLArenaPool *arena;
                     SECOidData od;
                     memset(&od, 0, sizeof od);
                     od.offset = SEC_OID_UNKNOWN;
                     od.desc = "User Defined Policy OID";
                     od.mechanism = CKM_INVALID_MECHANISM;
                     od.supportedExtension = INVALID_CERT_EXTENSION;
 
                     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -174,8 +174,10 @@ endif
 endif
 
 # This allows all library and tools code to use the util function
 # implementations directly from libnssutil3, rather than the wrappers
 # in libnss3 which are present for binary compatibility only
 DEFINES += -DUSE_UTIL_DIRECTLY
 USE_UTIL_DIRECTLY = 1
 
+# Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
+DEFINES += -DNO_NSPR_10_SUPPORT
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
new file mode 100644
--- /dev/null
+++ b/security/nss/doc/.hgignore
@@ -0,0 +1,3 @@
+date.xml
+version.xml
+
--- a/security/nss/doc/Makefile
+++ b/security/nss/doc/Makefile
@@ -19,16 +19,17 @@ date = `date +"%Y%m%d"`
 all: prepare all-man all-html
 
 prepare: date-and-version
 	mkdir -p html
 	mkdir -p nroff
 	
 clean:
 	rm -f date.xml version.xml *.tar.bz2
+	rm -f html/*.proc
 	rm -fr $(name) ascii
 
 date-and-version: date.xml version.xml
 
 date.xml:
 	date +"%e %B %Y" | tr -d '\n' > $@
 
 version.xml:
new file mode 100644
--- /dev/null
+++ b/security/nss/doc/html/.hgignore
@@ -0,0 +1,1 @@
+*.proc
--- a/security/nss/lib/Makefile
+++ b/security/nss/lib/Makefile
@@ -59,17 +59,17 @@ include $(CORE_DEPTH)/coreconf/rules.mk
 
 
 #######################################################################
 # (7) Execute "local" rules. (OPTIONAL).                              #
 #######################################################################
 
 ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
 # Not included when building nss without softoken
-UTIL_SRCDIR=
-FREEBL_SRCDIR=
-SOFTOKEN_SRCDIR=
+UTIL_SRCDIR =
+FREEBL_SRCDIR =
+SOFTOKEN_SRCDIR =
 else
 # default is to include all
 UTIL_SRCDIR = util
 FREEBL_SRCDIR = freebl
 SOFTOKEN_SRCDIR = softoken
 endif
--- a/security/nss/lib/base/arena.c
+++ b/security/nss/lib/base/arena.c
@@ -699,17 +699,17 @@ nss_arena_unmark_release
       arenaMark->prev_destructor->next = (struct arena_destructor_node *)NULL;
     }
     arena->last_destructor = arenaMark->prev_destructor;
 
     /* Note that the arena is locked at this time */
     nss_arena_call_destructor_chain(arenaMark->next_destructor);
 #endif /* ARENA_DESTRUCTOR_LIST */
 
-    PR_ARENA_RELEASE(&arena->pool, inner_mark);
+    PL_ARENA_RELEASE(&arena->pool, inner_mark);
     /* No error return */
   }
 
   PR_Unlock(arena->lock);
   return PR_SUCCESS;
 }
 
 /*
@@ -792,17 +792,17 @@ nss_zalloc_arena_locked
   NSSArena *arena,
   PRUint32 size
 )
 {
   void *p;
   void *rv;
   struct pointer_header *h;
   PRUint32 my_size = size + sizeof(struct pointer_header);
-  PR_ARENA_ALLOCATE(p, &arena->pool, my_size);
+  PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
   if( (void *)NULL == p ) {
     nss_SetError(NSS_ERROR_NO_MEMORY);
     return (void *)NULL;
   }
   /* 
    * Do this before we unlock.  This way if the user is using
    * an arena in one thread while destroying it in another, he'll
    * fault/FMR in his code, not ours.
@@ -1174,17 +1174,17 @@ nss_ZRealloc
        * way a thrash big/small/big/small doesn't burn up the arena.
        */
       char *extra = &((char *)pointer)[ newSize ];
       (void)nsslibc_memset(extra, 0, (h->size - newSize));
       PR_Unlock(arena->lock);
       return pointer;
     }
 
-    PR_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
+    PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
     if( (void *)NULL == p ) {
       PR_Unlock(arena->lock);
       nss_SetError(NSS_ERROR_NO_MEMORY);
       return (void *)NULL;
     }
 
     new_h = (struct pointer_header *)p;
     new_h->arena = arena;
deleted file mode 100644
--- a/security/nss/lib/certdb/.cvsignore
+++ /dev/null
@@ -1,1 +0,0 @@
-nscertinit.c
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -358,17 +358,17 @@ loser:
 /* Parses one AVA, starting at *pbp.  Stops at endptr.
  * Advances *pbp past parsed AVA and trailing separator (if present).
  * On any error, returns NULL and *pbp is undefined.
  * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was 
  * the last character parsed.  *pbp is either equal to endptr or 
  * points to first character after separator.
  */
 static CERTAVA *
-ParseRFC1485AVA(PRArenaPool *arena, const char **pbp, const char *endptr)
+ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr)
 {
     CERTAVA *a;
     const NameToKind *n2k;
     const char *bp;
     int       vt = -1;
     int       valLen;
     SECOidTag kind  = SEC_OID_UNKNOWN;
     SECStatus rv    = SECFailure;
@@ -1132,17 +1132,17 @@ CERT_NameToAscii(CERTName *name)
 /*
  * Return the string representation of a DER encoded distinguished name
  * "dername" - The DER encoded name to convert
  */
 char *
 CERT_DerNameToAscii(SECItem *dername)
 {
     int rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTName name;
     char *retstr = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( arena == NULL) {
 	goto loser;
     }
@@ -1159,17 +1159,17 @@ loser:
     if ( arena != NULL ) {
 	PORT_FreeArena(arena, PR_FALSE);
     }
     
     return(retstr);
 }
 
 static char *
-avaToString(PRArenaPool *arena, CERTAVA *ava)
+avaToString(PLArenaPool *arena, CERTAVA *ava)
 {
     char *    buf       = NULL;
     SECItem*  avaValue;
     int       valueLen;
 
     avaValue = CERT_DecodeAVAValue(&ava->value);
     if(!avaValue) {
 	return buf;
@@ -1193,17 +1193,17 @@ avaToString(PRArenaPool *arena, CERTAVA 
     SECITEM_FreeItem(avaValue, PR_TRUE);
     return buf;
 }
 
 /* RDNs are sorted from most general to most specific.
  * This code returns the FIRST one found, the most general one found.
  */
 static char *
-CERT_GetNameElement(PRArenaPool *arena, const CERTName *name, int wantedTag)
+CERT_GetNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag)
 {
     CERTRDN** rdns = name->rdns;
     CERTRDN*  rdn;
     CERTAVA*  ava  = NULL;
 
     while (rdns && (rdn = *rdns++) != 0) {
 	CERTAVA** avas = rdn->avas;
 	while (avas && (ava = *avas++) != 0) {
@@ -1217,17 +1217,17 @@ CERT_GetNameElement(PRArenaPool *arena, 
     return ava ? avaToString(arena, ava) : NULL;
 }
 
 /* RDNs are sorted from most general to most specific.
  * This code returns the LAST one found, the most specific one found.
  * This is particularly appropriate for Common Name.  See RFC 2818.
  */
 static char *
-CERT_GetLastNameElement(PRArenaPool *arena, const CERTName *name, int wantedTag)
+CERT_GetLastNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag)
 {
     CERTRDN** rdns    = name->rdns;
     CERTRDN*  rdn;
     CERTAVA*  lastAva = NULL;
     
     while (rdns && (rdn = *rdns++) != 0) {
 	CERTAVA** avas = rdn->avas;
 	CERTAVA*  ava;
@@ -1244,17 +1244,17 @@ CERT_GetLastNameElement(PRArenaPool *are
 char *
 CERT_GetCertificateEmailAddress(CERTCertificate *cert)
 {
     char *rawEmailAddr = NULL;
     SECItem subAltName;
     SECStatus rv;
     CERTGeneralName *nameList = NULL;
     CERTGeneralName *current;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     int i;
     
     subAltName.data = NULL;
 
     rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject),
 						 SEC_OID_PKCS9_EMAIL_ADDRESS);
     if ( rawEmailAddr == NULL ) {
 	rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject), 
@@ -1376,17 +1376,17 @@ appendItemToBuf(char *dest, SECItem *src
 ** This function is intended to be internal to NSS.
 */
 char *
 cert_GetCertificateEmailAddresses(CERTCertificate *cert)
 {
     char *           rawEmailAddr = NULL;
     char *           addrBuf      = NULL;
     char *           pBuf         = NULL;
-    PRArenaPool *    tmpArena     = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *    tmpArena     = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     PRUint32         maxLen       = 0;
     PRInt32          finalLen     = 0;
     SECStatus        rv;
     SECItem          subAltName;
     
     if (!tmpArena) 
     	return addrBuf;
 
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -204,17 +204,17 @@ const SEC_ASN1Template CERT_CertKeyTempl
 };
 
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_TimeChoiceTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SignedCertificateTemplate)
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SequenceOfCertExtensionTemplate)
 
 SECStatus
-CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn,
+CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer, SECItem *sn,
 			SECItem *key)
 {
     key->len = sn->len + issuer->len;
 
     if ((sn->data == NULL) || (issuer->data == NULL)) {
 	goto loser;
     }
     
@@ -238,17 +238,17 @@ loser:
 
 /*
  * Extract the subject name from a DER certificate
  */
 SECStatus
 CERT_NameFromDERCert(SECItem *derCert, SECItem *derName)
 {
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     void *tmpptr;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
     }
@@ -282,17 +282,17 @@ loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(SECFailure);
 }
 
 SECStatus
 CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName)
 {
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     void *tmpptr;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
     }
@@ -326,17 +326,17 @@ loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(SECFailure);
 }
 
 SECStatus
 CERT_SerialNumberFromDERCert(SECItem *derCert, SECItem *derName)
 {
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedData sd;
     void *tmpptr;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
     }
@@ -371,17 +371,17 @@ loser:
     return(SECFailure);
 }
 
 /*
  * Generate a database key, based on serial number and issuer, from a
  * DER certificate.
  */
 SECStatus
-CERT_KeyFromDERCert(PRArenaPool *reqArena, SECItem *derCert, SECItem *key)
+CERT_KeyFromDERCert(PLArenaPool *reqArena, SECItem *derCert, SECItem *key)
 {
     int rv;
     CERTSignedData sd;
     CERTCertKey certkey;
 
     if (!reqArena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
@@ -739,17 +739,17 @@ cert_IsRootCert(CERTCertificate *cert)
 /*
  * take a DER certificate and decode it into a certificate structure
  */
 CERTCertificate *
 CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
 			 char *nickname)
 {
     CERTCertificate *cert;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     void *data;
     int rv;
     int len;
     char *tmpname;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
@@ -869,21 +869,21 @@ CERTCertificate *
 __CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
 			 char *nickname)
 {
     return CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname);
 }
 
 
 CERTValidity *
-CERT_CreateValidity(int64 notBefore, int64 notAfter)
+CERT_CreateValidity(PRTime notBefore, PRTime notAfter)
 {
     CERTValidity *v;
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 
     if (notBefore > notAfter) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
     }
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
@@ -901,17 +901,17 @@ CERT_CreateValidity(int64 notBefore, int
     return v;
 
   loser:
     CERT_DestroyValidity(v);
     return 0;
 }
 
 SECStatus
-CERT_CopyValidity(PRArenaPool *arena, CERTValidity *to, CERTValidity *from)
+CERT_CopyValidity(PLArenaPool *arena, CERTValidity *to, CERTValidity *from)
 {
     SECStatus rv;
 
     CERT_DestroyValidity(to);
     to->arena = arena;
     
     rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore);
     if (rv) return rv;
@@ -1412,17 +1412,17 @@ cert_TestHostName(char * cn, const char 
     PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
     return SECFailure;
 }
 
 
 SECStatus
 cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
 {
-    PRArenaPool *     arena          = NULL;
+    PLArenaPool *     arena          = NULL;
     CERTGeneralName * nameList       = NULL;
     CERTGeneralName * current;
     char *            cn;
     int               cnBufLen;
     unsigned int      hnLen;
     int               DNSextCount    = 0;
     int               IPextCount     = 0;
     PRBool            isIPaddr       = PR_FALSE;
@@ -1547,17 +1547,17 @@ finish:
 /*
  * If found:
  *   - subAltName contains the extension (caller must free)
  *   - return value is the decoded namelist (allocated off arena)
  * if not found, or if failure to decode:
  *   - return value is NULL
  */
 CERTGeneralName *
-cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena)
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena)
 {
     CERTGeneralName * nameList       = NULL;
     SECStatus         rv             = SECFailure;
     SECItem           subAltName;
 
     if (!cert || !arena)
       return NULL;
 
@@ -1686,17 +1686,17 @@ cert_GetDNSPatternsFromGeneralNames(CERT
  * but this saves us from dealing with two arenas.
  * The caller may free all data by freeing CERTCertNicknames->arena.
  */
 CERTCertNicknames *
 CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert)
 {
     CERTGeneralName *generalNames;
     CERTCertNicknames *nickNames;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     char *singleName;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena) {
         return NULL;
     }
     
     nickNames = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
@@ -1911,17 +1911,17 @@ CERT_CompareCertsForRedirection(CERTCert
 }
 
 
 /* CERT_CertChainFromCert and CERT_DestroyCertificateList moved
    to certhigh.c */
 
 
 CERTIssuerAndSN *
-CERT_GetCertIssuerAndSN(PRArenaPool *arena, CERTCertificate *cert)
+CERT_GetCertIssuerAndSN(PLArenaPool *arena, CERTCertificate *cert)
 {
     CERTIssuerAndSN *result;
     SECStatus rv;
 
     if ( arena == NULL ) {
 	arena = cert->arena;
     }
     
@@ -2507,17 +2507,17 @@ CERT_ImportCerts(CERTCertDBHandle *certd
 
 /*
  * a real list of certificates - need to convert CERTCertificateList
  * stuff and ASN 1 encoder/decoder over to using this...
  */
 CERTCertList *
 CERT_NewCertList(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTCertList *ret = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	goto loser;
     }
     
     ret = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
--- a/security/nss/lib/certdb/certi.h
+++ b/security/nss/lib/certdb/certi.h
@@ -38,17 +38,17 @@ struct OpaqueCRLFieldsStr {
 
 typedef struct PreAllocatorStr PreAllocator;
 
 struct PreAllocatorStr
 {
     PRSize len;
     void* data;
     PRSize used;
-    PRArenaPool* arena;
+    PLArenaPool* arena;
     PRSize extra;
 };
 
 /*  CRL entry cache.
     This is the same as an entry plus the next/prev pointers for the hash table
 */
 
 struct CRLEntryCacheStr {
@@ -227,29 +227,29 @@ cert_DestroySubjectKeyIDHashTable(void);
 
 SECItem*
 cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID);
 
 /* return maximum length of AVA value based on its type OID tag. */
 extern int cert_AVAOidTagToMaxLen(SECOidTag tag);
 
 /* Make an AVA, allocated from pool, from OID and DER encoded value */
-extern CERTAVA * CERT_CreateAVAFromRaw(PRArenaPool *pool, 
+extern CERTAVA * CERT_CreateAVAFromRaw(PLArenaPool *pool, 
                                const SECItem * OID, const SECItem * value);
 
 /* Make an AVA from binary input specified by SECItem */
-extern CERTAVA * CERT_CreateAVAFromSECItem(PRArenaPool *arena, SECOidTag kind, 
+extern CERTAVA * CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, 
                                            int valueType, SECItem *value);
 
 /*
  * get a DPCache object for the given issuer subject and dp
  * Automatically creates the cache object if it doesn't exist yet.
  */
 SECStatus AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
-                         const SECItem* dp, int64 t, void* wincx,
+                         const SECItem* dp, PRTime t, void* wincx,
                          CRLDPCache** dpcache, PRBool* writeLocked);
 
 /* check if a particular SN is in the CRL cache and return its entry */
 dpcacheStatus DPCache_Lookup(CRLDPCache* cache, const SECItem* sn,
                              CERTCrlEntry** returned);
 
 /* release a DPCache object that was previously acquired */
 void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);
@@ -352,17 +352,17 @@ SECStatus cert_AcquireNamedCRLCache(Name
 SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc,
                                     const SECItem* canonicalizedName,
                                     NamedCRLCacheEntry** retEntry);
 
 SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc);
 
 /* This is private for now.  Maybe shoule be public. */
 CERTGeneralName *
-cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena);
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena);
 
 /* Count DNS names and IP addresses in a list of GeneralNames */
 PRUint32
 cert_CountDNSPatterns(CERTGeneralName *firstName);
 
 /*
  * returns the trust status of the leaf certificate based on usage.
  * If the leaf is explicitly untrusted, this function will fail and 
--- a/security/nss/lib/certdb/certv3.c
+++ b/security/nss/lib/certdb/certv3.c
@@ -67,17 +67,17 @@ CERT_FindIssuerCertExtension(CERTCertifi
 char *
 CERT_FindCertURLExtension(CERTCertificate *cert, int tag, int catag)
 {
     SECStatus rv;
     SECItem urlitem = {siBuffer,0};
     SECItem baseitem = {siBuffer,0};
     SECItem urlstringitem = {siBuffer,0};
     SECItem basestringitem = {siBuffer,0};
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     PRBool hasbase;
     char *urlstring;
     char *str;
     int len;
     unsigned int i;
     
     urlstring = NULL;
 
@@ -194,17 +194,17 @@ CERT_FindNSCertTypeExtension(CERTCertifi
 /*
  * get the value of a string type extension
  */
 char *
 CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
 {
     SECItem wrapperItem, tmpItem = {siBuffer,0};
     SECStatus rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     char *retstring = NULL;
     
     wrapperItem.data = NULL;
     tmpItem.data = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
@@ -307,17 +307,17 @@ CERT_FindBasicConstraintExten(CERTCertif
     /* free the raw extension data */
     PORT_Free(encodedExtenValue.data);
     encodedExtenValue.data = NULL;
     
     return(rv);
 }
 
 CERTAuthKeyID *
-CERT_FindAuthKeyIDExten (PRArenaPool *arena, CERTCertificate *cert)
+CERT_FindAuthKeyIDExten (PLArenaPool *arena, CERTCertificate *cert)
 {
     SECItem encodedExtenValue;
     SECStatus rv;
     CERTAuthKeyID *ret;
     
     encodedExtenValue.data = NULL;
     encodedExtenValue.len = 0;
 
--- a/security/nss/lib/certdb/certxutl.c
+++ b/security/nss/lib/certdb/certxutl.c
@@ -106,33 +106,33 @@ cert_FindExtension(CERTCertExtension **e
 typedef struct _extNode {
     struct _extNode *next;
     CERTCertExtension *ext;
 } extNode;
 
 typedef struct {
     void (*setExts)(void *object, CERTCertExtension **exts);
     void *object;
-    PRArenaPool *ownerArena;
-    PRArenaPool *arena;
+    PLArenaPool *ownerArena;
+    PLArenaPool *arena;
     extNode *head;
     int count;
 }extRec;
 
 /*
  * cert_StartExtensions
  *
  * NOTE: This interface changed significantly to remove knowledge
  *   about callers data structures (owner objects)
  */
 void *
-cert_StartExtensions(void *owner, PRArenaPool *ownerArena,
+cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
    void (*setExts)(void *object, CERTCertExtension **exts))
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     extRec *handle;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	return(0);
     }
 
     handle = (extRec *)PORT_ArenaAlloc(arena, sizeof(extRec));
@@ -392,17 +392,17 @@ CERT_MergeExtensions(void *exthandle, CE
  * get the value of the Netscape Certificate Type Extension
  */
 SECStatus
 CERT_FindBitStringExtension (CERTCertExtension **extensions, int tag,
 			     SECItem *retItem)
 {
     SECItem wrapperItem, tmpItem = {siBuffer,0};
     SECStatus rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     
     wrapperItem.data = NULL;
     tmpItem.data = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( ! arena ) {
 	return(SECFailure);
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -299,22 +299,22 @@ SECStatus cert_check_crl_version (CERTCr
     return (SECSuccess);
 }
 
 /*
  * Generate a database key, based on the issuer name from a
  * DER crl.
  */
 SECStatus
-CERT_KeyFromDERCrl(PRArenaPool *arena, SECItem *derCrl, SECItem *key)
+CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl, SECItem *key)
 {
     SECStatus rv;
     CERTSignedData sd;
     CERTCrlKey crlkey;
-    PRArenaPool* myArena;
+    PLArenaPool* myArena;
 
     if (!arena) {
         /* arena needed for QuickDER */
         myArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     } else {
         myArena = arena;
     }
     PORT_Memset (&sd, 0, sizeof (sd));
@@ -387,20 +387,20 @@ SECStatus CERT_CompleteCRLDecodeEntries(
     return rv;
 }
 
 /*
  * take a DER CRL and decode it into a CRL structure
  * allow reusing the input DER without making a copy
  */
 CERTSignedCrl *
-CERT_DecodeDERCrlWithFlags(PRArenaPool *narena, SECItem *derSignedCrl,
+CERT_DecodeDERCrlWithFlags(PLArenaPool *narena, SECItem *derSignedCrl,
                           int type, PRInt32 options)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSignedCrl *crl;
     SECStatus rv;
     OpaqueCRLFields* extended = NULL;
     const SEC_ASN1Template* crlTemplate = CERT_SignedCrlTemplate;
     PRInt32 testOptions = options;
 
     PORT_Assert(derSignedCrl);
     if (!derSignedCrl) {
@@ -527,17 +527,17 @@ loser:
     
     return(0);
 }
 
 /*
  * take a DER CRL and decode it into a CRL structure
  */
 CERTSignedCrl *
-CERT_DecodeDERCrl(PRArenaPool *narena, SECItem *derSignedCrl, int type)
+CERT_DecodeDERCrl(PLArenaPool *narena, SECItem *derSignedCrl, int type)
 {
     return CERT_DecodeDERCrlWithFlags(narena, derSignedCrl, type,
                                       CRL_DECODE_DEFAULT_OPTIONS);
 }
 
 /*
  * Lookup a CRL in the databases. We mirror the same fast caching data base
  *  caching stuff used by certificates....?
@@ -715,17 +715,17 @@ SEC_NewCrl(CERTCertDBHandle *handle, cha
     PK11_FreeSlot(slot);
 
     return retCrl;
 }
     
 CERTSignedCrl *
 SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECItem crlKey;
     SECStatus rv;
     CERTSignedCrl *crl = NULL;
     
     /* create a scratch arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return(NULL);
@@ -776,17 +776,17 @@ SEC_DestroyCrl(CERTSignedCrl *crl)
         return SECFailure;
     }
 }
 
 SECStatus
 SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type)
 {
     CERTCrlHeadNode *head;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
 
     *nodes = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return SECFailure;
     }
@@ -954,17 +954,17 @@ void PreAllocator_Destroy(PreAllocator* 
     {
         PORT_FreeArena(PreAllocator->arena, PR_TRUE);
     }
 }
 
 /* constructor for PreAllocator object */
 PreAllocator* PreAllocator_Create(PRSize size)
 {
-    PRArenaPool* arena = NULL;
+    PLArenaPool* arena = NULL;
     PreAllocator* prebuffer = NULL;
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
     {
         return NULL;
     }
     prebuffer = (PreAllocator*)PORT_ArenaZAlloc(arena,
                                                 sizeof(PreAllocator));
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -151,17 +151,17 @@ CERT_NewGeneralName(PLArenaPool *arena, 
     return name;
 }
 
 /* Copy content of one General Name to another.
 ** Caller has allocated destination general name.
 ** This function does not change the destinate's GeneralName's list linkage.
 */
 SECStatus
-cert_CopyOneGeneralName(PRArenaPool      *arena, 
+cert_CopyOneGeneralName(PLArenaPool      *arena,
 		        CERTGeneralName  *dest, 
 		        CERTGeneralName  *src)
 {
     SECStatus rv;
     void *mark = NULL;
 
     PORT_Assert(dest != NULL);
     dest->type = src->type;
@@ -216,17 +216,17 @@ CERT_DestroyGeneralNameList(CERTGeneralN
 	    PZ_Unlock(lock);
 	}
     }
     return;
 }
 
 CERTGeneralNameList *
 CERT_CreateGeneralNameList(CERTGeneralName *name) {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTGeneralNameList *list = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	goto done;
     }
     list = PORT_ArenaZNew(arena, CERTGeneralNameList);
     if (!list)
@@ -283,17 +283,17 @@ CERTNameConstraint *
 CERT_GetPrevNameConstraint(CERTNameConstraint *current)
 {
     PRCList *prev;
     prev = current->l.prev;
     return (CERTNameConstraint *) (((char *) prev) - offsetof(CERTNameConstraint, l));
 }
 
 SECItem *
-CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PRArenaPool *arena)
+CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PLArenaPool *arena)
 {
 
     const SEC_ASN1Template * template;
 
     PORT_Assert(arena);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
@@ -340,17 +340,17 @@ CERT_EncodeGeneralName(CERTGeneralName *
     /* TODO: unmark arena */
     return dest;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 SECItem **
-cert_EncodeGeneralNames(PRArenaPool *arena, CERTGeneralName *names)
+cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names)
 {
     CERTGeneralName  *current_name;
     SECItem          **items = NULL;
     int              count = 0;
     int              i;
     PRCList          *head;
 
     PORT_Assert(arena);
@@ -380,17 +380,17 @@ cert_EncodeGeneralNames(PRArenaPool *are
     /* TODO: unmark arena */
     return items;
 loser:
     /* TODO: release arena to mark */
     return NULL;
 }
 
 CERTGeneralName *
-CERT_DecodeGeneralName(PRArenaPool      *reqArena,
+CERT_DecodeGeneralName(PLArenaPool      *reqArena,
 		       SECItem          *encodedName,
 		       CERTGeneralName  *genName)
 {
     const SEC_ASN1Template *         template;
     CERTGeneralNameType              genNameType;
     SECStatus                        rv = SECSuccess;
     SECItem* newEncodedName;
 
@@ -442,17 +442,17 @@ CERT_DecodeGeneralName(PRArenaPool      
     /* TODO: unmark arena */
     return genName;
 loser:
     /* TODO: release arena to mark */
     return NULL;
 }
 
 CERTGeneralName *
-cert_DecodeGeneralNames (PRArenaPool  *arena,
+cert_DecodeGeneralNames (PLArenaPool  *arena,
 			 SECItem      **encodedGenName)
 {
     PRCList                           *head = NULL;
     PRCList                           *tail = NULL;
     CERTGeneralName                   *currentName = NULL;
 
     PORT_Assert(arena);
     if (!encodedGenName || !arena) {
@@ -501,17 +501,17 @@ cert_DestroyGeneralNames(CERTGeneralName
 	name = next;
     } while (name != first);
     return SECSuccess;
 }
 
 static SECItem *
 cert_EncodeNameConstraint(CERTNameConstraint  *constraint, 
 			 SECItem             *dest,
-			 PRArenaPool         *arena)
+			 PLArenaPool         *arena)
 {
     PORT_Assert(arena);
     if (dest == NULL) {
 	dest = PORT_ArenaZNew(arena, SECItem);
 	if (dest == NULL) {
 	    return NULL;
 	}
     }
@@ -519,17 +519,17 @@ cert_EncodeNameConstraint(CERTNameConstr
     
     dest = SEC_ASN1EncodeItem (arena, dest, constraint,
 			       CERTNameConstraintTemplate);
     return dest;
 } 
 
 SECStatus 
 cert_EncodeNameConstraintSubTree(CERTNameConstraint  *constraints,
-			         PRArenaPool         *arena,
+			         PLArenaPool         *arena,
 				 SECItem             ***dest,
 				 PRBool              permited)
 {
     CERTNameConstraint  *current_constraint = constraints;
     SECItem             **items = NULL;
     int                 count = 0;
     int                 i;
     PRCList             *head;
@@ -565,17 +565,17 @@ cert_EncodeNameConstraintSubTree(CERTNam
     return SECSuccess;
 loser:
     /* TODO: release arena to mark */
     return SECFailure;
 }
 
 SECStatus 
 cert_EncodeNameConstraints(CERTNameConstraints  *constraints,
-			   PRArenaPool          *arena,
+			   PLArenaPool          *arena,
 			   SECItem              *dest)
 {
     SECStatus    rv = SECSuccess;
 
     PORT_Assert(arena);
     /* TODO: mark arena */
     if (constraints->permited != NULL) {
 	rv = cert_EncodeNameConstraintSubTree(constraints->permited, arena,
@@ -602,17 +602,17 @@ cert_EncodeNameConstraints(CERTNameConst
     return SECSuccess;
 loser:
     /* TODO: release arena to mark */
     return SECFailure;
 }
 
 
 CERTNameConstraint *
-cert_DecodeNameConstraint(PRArenaPool       *reqArena,
+cert_DecodeNameConstraint(PLArenaPool       *reqArena,
 			  SECItem           *encodedConstraint)
 {
     CERTNameConstraint     *constraint;
     SECStatus              rv = SECSuccess;
     CERTGeneralName        *temp;
     SECItem*               newEncodedConstraint;
 
     if (!reqArena) {
@@ -647,17 +647,17 @@ cert_DecodeNameConstraint(PRArenaPool   
     /* TODO: unmark arena */
     return constraint;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 CERTNameConstraint *
-cert_DecodeNameConstraintSubTree(PRArenaPool   *arena,
+cert_DecodeNameConstraintSubTree(PLArenaPool   *arena,
 				 SECItem       **subTree,
 				 PRBool        permited)
 {
     CERTNameConstraint   *current = NULL;
     CERTNameConstraint   *first = NULL;
     CERTNameConstraint   *last = NULL;
     int                  i = 0;
 
@@ -680,17 +680,17 @@ cert_DecodeNameConstraintSubTree(PRArena
     /* TODO: unmark arena */
     return first;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 CERTNameConstraints *
-cert_DecodeNameConstraints(PRArenaPool   *reqArena,
+cert_DecodeNameConstraints(PLArenaPool   *reqArena,
 			   const SECItem *encodedConstraints)
 {
     CERTNameConstraints   *constraints;
     SECStatus             rv;
     SECItem*              newEncodedConstraints;
 
     if (!reqArena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -746,17 +746,17 @@ loser:
 ** the first copy from the arena and links them into the destination list.  
 ** If the destination struct is part of a list with more than one member,
 ** then this function traverses both the source and destination lists,
 ** copying each source struct to the corresponding dest struct.
 ** In that case, the destination list MUST contain at least as many 
 ** structs as the source list or some dest entries will be overwritten.
 */
 SECStatus
-CERT_CopyGeneralName(PRArenaPool      *arena, 
+CERT_CopyGeneralName(PLArenaPool      *arena,
 		     CERTGeneralName  *dest, 
 		     CERTGeneralName  *src)
 {
     SECStatus rv;
     CERTGeneralName *destHead = dest;
     CERTGeneralName *srcHead = src;
 
     PORT_Assert(dest != NULL);
@@ -803,17 +803,17 @@ CERT_DupGeneralNameList(CERTGeneralNameL
 	list->refCount++;
 	PZ_Unlock(list->lock);
     }
     return list;
 }
 
 /* Allocate space and copy CERTNameConstraint from src to dest */
 CERTNameConstraint *
-CERT_CopyNameConstraint(PRArenaPool         *arena, 
+CERT_CopyNameConstraint(PLArenaPool         *arena,
 			CERTNameConstraint  *dest, 
 			CERTNameConstraint  *src)
 {
     SECStatus  rv;
     
     /* TODO: mark arena */
     if (dest == NULL) {
 	dest = PORT_ArenaZNew(arena, CERTNameConstraint);
@@ -910,17 +910,17 @@ CERT_AddNameConstraint(CERTNameConstrain
     return list;
 }
 
 
 SECStatus
 CERT_GetNameConstraintByType (CERTNameConstraint *constraints,
 			      CERTGeneralNameType type, 
 			      CERTNameConstraint **returnList,
-			      PRArenaPool *arena)
+			      PLArenaPool *arena)
 {
     CERTNameConstraint *current = NULL;
     void               *mark = NULL;
 
     *returnList = NULL;
     if (!constraints)
 	return SECSuccess;
 
@@ -1050,27 +1050,27 @@ loser:
     /* TODO: release arena back to mark */
     return SECFailure;
 }
 
 /* Extract all names except Subject Common Name from a cert 
 ** in preparation for a name constraints test.
 */
 CERTGeneralName *
-CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena)
+CERT_GetCertificateNames(CERTCertificate *cert, PLArenaPool *arena)
 {
     return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE);
 }
 
 /* This function is called by CERT_VerifyCertChain to extract all
 ** names from a cert in preparation for a name constraints test.
 */
 CERTGeneralName *
 CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
-                                    PRArenaPool *arena,
+                                    PLArenaPool *arena,
                                     PRBool includeSubjectCommonName)
 {
     CERTGeneralName  *DN;
     CERTGeneralName  *SAN;
     PRUint32         numDNSNames = 0;
     SECStatus        rv;
 
     if (!arena) {
@@ -1520,17 +1520,17 @@ done:
     } else {
         PORT_ArenaUnmark(arena, mark);
     }
     return rv;
 }
 
 /* Extract the name constraints extension from the CA cert. */
 SECStatus
-CERT_FindNameConstraintsExten(PRArenaPool      *arena,
+CERT_FindNameConstraintsExten(PLArenaPool      *arena,
                               CERTCertificate  *cert,
                               CERTNameConstraints **constraints)
 {
     SECStatus            rv = SECSuccess;
     SECItem              constraintsExtension;
     void                *mark = NULL;
     
     *constraints = NULL;
@@ -1560,17 +1560,17 @@ CERT_FindNameConstraintsExten(PRArenaPoo
 
     return rv;
 }
 
 /* Verify name against all the constraints relevant to that type of
 ** the name.
 */
 SECStatus
-CERT_CheckNameSpace(PRArenaPool          *arena,
+CERT_CheckNameSpace(PLArenaPool          *arena,
                     const CERTNameConstraints *constraints,
                     const CERTGeneralName     *currentName)
 {
     CERTNameConstraint  *matchingConstraints;
     SECStatus            rv = SECSuccess;
     
     if (constraints->excluded != NULL) {
         rv = CERT_GetNameConstraintByType(constraints->excluded, 
@@ -1609,17 +1609,17 @@ CERT_CheckNameSpace(PRArenaPool         
 ** Returns NULL in pBadCert for success, if all names are acceptable.
 ** If some name is not acceptable, returns a pointer to the cert that
 ** contained that name.
 */
 SECStatus
 CERT_CompareNameSpace(CERTCertificate  *cert,
 		      CERTGeneralName  *namesList,
  		      CERTCertificate **certsList,
- 		      PRArenaPool      *reqArena,
+ 		      PLArenaPool      *reqArena,
  		      CERTCertificate **pBadCert)
 {
     SECStatus            rv = SECSuccess;
     CERTNameConstraints  *constraints;
     CERTGeneralName      *currentName;
     int                  count = 0;
     CERTCertificate      *badCert = NULL;
 
@@ -1750,17 +1750,17 @@ CERT_CompareGeneralNameLists(CERTGeneral
 #if 0
 /* This function is not exported from NSS shared libraries, and is not
 ** used inside of NSS.
 ** XXX it doesn't check for failed allocations. :-(
 */
 void *
 CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
 				  CERTGeneralNameType type,
-				  PRArenaPool *arena)
+				  PLArenaPool *arena)
 {
     CERTName *name = NULL; 
     SECItem *item = NULL;
     OtherName *other = NULL;
     OtherName *tmpOther = NULL;
     void *data;
 
     PZ_Lock(list->lock);
--- a/security/nss/lib/certdb/genname.h
+++ b/security/nss/lib/certdb/genname.h
@@ -13,30 +13,30 @@
 #include "certt.h"
 
 /************************************************************************/
 SEC_BEGIN_PROTOS
 
 extern const SEC_ASN1Template CERT_GeneralNamesTemplate[];
 
 extern SECItem **
-cert_EncodeGeneralNames(PRArenaPool *arena, CERTGeneralName *names);
+cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names);
 
 extern CERTGeneralName *
-cert_DecodeGeneralNames(PRArenaPool *arena, SECItem **encodedGenName);
+cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName);
 
 extern SECStatus
 cert_DestroyGeneralNames(CERTGeneralName *name);
 
 extern SECStatus 
-cert_EncodeNameConstraints(CERTNameConstraints *constraints, PRArenaPool *arena,
+cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
 			   SECItem *dest);
 
 extern CERTNameConstraints *
-cert_DecodeNameConstraints(PRArenaPool *arena, const SECItem *encodedConstraints);
+cert_DecodeNameConstraints(PLArenaPool *arena, const SECItem *encodedConstraints);
 
 extern CERTGeneralName *
 cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2);
 
 extern CERTNameConstraint *
 cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2);
 
 /*********************************************************************/
@@ -46,17 +46,17 @@ cert_CombineConstraintsLists(CERTNameCon
 /* Destroy a Single CERTGeneralName */
 void
 CERT_DestroyGeneralName(CERTGeneralName *name);
 
 SECStatus
 CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
 
 SECStatus
-CERT_CopyGeneralName(PRArenaPool      *arena, 
+CERT_CopyGeneralName(PLArenaPool      *arena,
 		     CERTGeneralName  *dest, 
 		     CERTGeneralName  *src);
 
 /* General Name Lists are a thread safe, reference counting layer to 
  * general names */
 
 /* Destroys a CERTGeneralNameList */
 void
@@ -69,17 +69,17 @@ CERT_CreateGeneralNameList(CERTGeneralNa
 /* Compares two CERTGeneralNameList */
 SECStatus
 CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b);
 
 /* returns a copy of the first name of the type requested */
 void *
 CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
 				  CERTGeneralNameType type,
-				  PRArenaPool *arena);
+				  PLArenaPool *arena);
 
 /* Adds a name to the tail of the list */
 void
 CERT_AddGeneralNameToList(CERTGeneralNameList *list, 
 			  CERTGeneralNameType type,
 			  void *data, SECItem *oid);
 
 /* returns a duplicate of the CERTGeneralNameList */
@@ -93,14 +93,14 @@ extern int
 CERT_GetNamesLength(CERTGeneralName *names);
 
 /************************************************************************/
 
 SECStatus
 CERT_CompareNameSpace(CERTCertificate  *cert,
 		      CERTGeneralName  *namesList,
  		      CERTCertificate **certsList,
- 		      PRArenaPool      *reqArena,
+ 		      PLArenaPool      *reqArena,
  		      CERTCertificate **pBadCert);
 
 SEC_END_PROTOS
 
 #endif
--- a/security/nss/lib/certdb/polcyxtn.c
+++ b/security/nss/lib/certdb/polcyxtn.c
@@ -143,17 +143,17 @@ breakLines(char *string)
     }
     
     return;
 }
 
 CERTCertificatePolicies *
 CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTCertificatePolicies *policies;
     CERTPolicyInfo **policyInfos, *policyInfo;
     CERTPolicyQualifier **policyQualifiers, *policyQualifier;
     SECItem newExtnValue;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -219,17 +219,17 @@ CERT_DestroyCertificatePoliciesExtension
 	PORT_FreeArena(policies->arena, PR_FALSE);
     }
     return;
 }
 
 CERTCertificatePolicyMappings *
 CERT_DecodePolicyMappingsExtension(SECItem *extnValue)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTCertificatePolicyMappings *mappings;
     SECItem newExtnValue;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
         goto loser;
@@ -277,17 +277,17 @@ CERT_DestroyPolicyMappingsExtension(CERT
 }
 
 SECStatus
 CERT_DecodePolicyConstraintsExtension
                              (CERTCertificatePolicyConstraints *decodedValue,
                               const SECItem *encodedValue)
 {
     CERTCertificatePolicyConstraints decodeContext;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
 
     /* initialize so we can tell when an optional component is omitted */
     PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
 
     /* make a new arena */
     arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
     if (!arena) {
@@ -333,17 +333,17 @@ CERT_DecodePolicyConstraintsExtension
     PORT_FreeArena(arena, PR_FALSE);
     return(rv);
 }
 
 SECStatus CERT_DecodeInhibitAnyExtension
         (CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue)
 {
     CERTCertificateInhibitAny decodeContext;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
 
     /* make a new arena */
     arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
     if ( !arena ) {
         return SECFailure;
     }
 
@@ -365,17 +365,17 @@ SECStatus CERT_DecodeInhibitAnyExtension
 
     PORT_FreeArena(arena, PR_FALSE);
     return(rv);
 }
 
 CERTUserNotice *
 CERT_DecodeUserNotice(SECItem *noticeItem)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTUserNotice *userNotice;
     SECItem newNoticeItem;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
@@ -599,17 +599,17 @@ const SEC_ASN1Template CERT_OidSeqTempla
     { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
 	  offsetof(CERTOidSequence, oids),
 	  SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
 };
 
 CERTOidSequence *
 CERT_DecodeOidSequence(const SECItem *seqItem)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     CERTOidSequence *oidSeq;
     SECItem newSeqItem;
     
     /* make a new arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
@@ -703,17 +703,17 @@ done:
     if (extItem.data != NULL) {
 	PORT_Free(extItem.data);
     }
     return(ret);
 }
 
 
 SECStatus
-CERT_EncodePolicyConstraintsExtension(PRArenaPool *arena,
+CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
                                       CERTCertificatePolicyConstraints *constr,
                                       SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(constr != NULL && dest != NULL);
     if (constr == NULL || dest == NULL) {
 	return SECFailure;
@@ -722,17 +722,17 @@ CERT_EncodePolicyConstraintsExtension(PR
     if (SEC_ASN1EncodeItem (arena, dest, constr,
                             CERT_PolicyConstraintsTemplate) == NULL) {
 	rv = SECFailure;
     }
     return(rv);
 }
 
 SECStatus
-CERT_EncodePolicyMappingExtension(PRArenaPool *arena,
+CERT_EncodePolicyMappingExtension(PLArenaPool *arena,
                                   CERTCertificatePolicyMappings *mapping,
                                   SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(mapping != NULL && dest != NULL);
     if (mapping == NULL || dest == NULL) {
 	return SECFailure;
@@ -743,17 +743,17 @@ CERT_EncodePolicyMappingExtension(PRAren
 	rv = SECFailure;
     }
     return(rv);
 }
 
 
 
 SECStatus
-CERT_EncodeCertPoliciesExtension(PRArenaPool *arena,
+CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
                                  CERTPolicyInfo **info,
                                  SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(info != NULL && dest != NULL);
     if (info == NULL || dest == NULL) {
 	return SECFailure;
@@ -762,17 +762,17 @@ CERT_EncodeCertPoliciesExtension(PRArena
     if (SEC_ASN1EncodeItem (arena, dest, info,
                             CERT_CertificatePoliciesTemplate) == NULL) {
 	rv = SECFailure;
     }
     return(rv);
 }
 
 SECStatus
-CERT_EncodeUserNotice(PRArenaPool *arena,
+CERT_EncodeUserNotice(PLArenaPool *arena,
                       CERTUserNotice *notice,
                       SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(notice != NULL && dest != NULL);
     if (notice == NULL || dest == NULL) {
 	return SECFailure;
@@ -782,17 +782,17 @@ CERT_EncodeUserNotice(PRArenaPool *arena
                            notice, CERT_UserNoticeTemplate) == NULL) {
 	rv = SECFailure;
     }
 
     return(rv);
 }
 
 SECStatus
-CERT_EncodeNoticeReference(PRArenaPool *arena,
+CERT_EncodeNoticeReference(PLArenaPool *arena,
                            CERTNoticeReference *reference,
                            SECItem *dest)
 {
     SECStatus rv = SECSuccess;
     
     PORT_Assert(reference != NULL && dest != NULL);
     if (reference == NULL || dest == NULL) {
 	return SECFailure;
@@ -802,17 +802,17 @@ CERT_EncodeNoticeReference(PRArenaPool *
                             CERT_NoticeReferenceTemplate) == NULL) {
 	rv = SECFailure;
     }
 
     return(rv);
 }
 
 SECStatus
-CERT_EncodeInhibitAnyExtension(PRArenaPool *arena,
+CERT_EncodeInhibitAnyExtension(PLArenaPool *arena,
                                CERTCertificateInhibitAny *certInhibitAny,
                                SECItem *dest)
 {
     SECStatus rv = SECSuccess;
 
     PORT_Assert(certInhibitAny != NULL && dest != NULL);
     if (certInhibitAny == NULL || dest == NULL) {
 	return SECFailure;
--- a/security/nss/lib/certdb/secname.c
+++ b/security/nss/lib/certdb/secname.c
@@ -35,17 +35,17 @@ CountArray(void **array)
 	while (*array++) {
 	    count++;
 	}
     }
     return count;
 }
 
 static void **
-AddToArray(PRArenaPool *arena, void **array, void *element)
+AddToArray(PLArenaPool *arena, void **array, void *element)
 {
     unsigned count;
     void **ap;
 
     /* Count up number of slots already in use in the array */
     count = 0;
     ap = array;
     if (ap) {
@@ -79,17 +79,17 @@ CERT_GetAVATag(CERTAVA *ava)
     
     if ( oid ) {
 	return(oid->offset);
     }
     return (SECOidTag)-1;
 }
 
 static SECStatus
-SetupAVAType(PRArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
+SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
 {
     unsigned char *oid;
     unsigned oidLen;
     unsigned char *cp;
     int      maxLen;
     SECOidData *oidrec;
 
     oidrec = SECOID_FindOIDByTag(type);
@@ -111,17 +111,17 @@ SetupAVAType(PRArenaPool *arena, SECOidT
     }
     it->len = oidLen;
     PORT_Memcpy(cp, oid, oidLen);
     *maxLenp = (unsigned)maxLen;
     return SECSuccess;
 }
 
 static SECStatus
-SetupAVAValue(PRArenaPool *arena, int valueType, const SECItem *in, 
+SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
               SECItem *out, unsigned maxLen)
 {
     PRUint8 *value, *cp, *ucs4Val;
     unsigned valueLen, valueLenLen, total;
     unsigned ucs4Len = 0, ucs4MaxLen;
 
     value    = in->data;
     valueLen = in->len;
@@ -162,17 +162,17 @@ SetupAVAValue(PRArenaPool *arena, int va
     out->data = cp;
     out->len  = total;
     cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen);
     PORT_Memcpy(cp, value, valueLen);
     return SECSuccess;
 }
 
 CERTAVA *
-CERT_CreateAVAFromRaw(PRArenaPool *pool, const SECItem * OID, 
+CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem * OID,
                       const SECItem * value)
 {
     CERTAVA *ava;
     int rv;
 
     ava = PORT_ArenaZNew(pool, CERTAVA);
     if (ava) {
 	rv = SECITEM_CopyItem(pool, &ava->type, OID);
@@ -182,17 +182,17 @@ CERT_CreateAVAFromRaw(PRArenaPool *pool,
 	rv = SECITEM_CopyItem(pool, &ava->value, value);
 	if (rv) 
 	    return NULL;
     }
     return ava;
 }
 
 CERTAVA *
-CERT_CreateAVAFromSECItem(PRArenaPool *arena, SECOidTag kind, int valueType, 
+CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType,
                           SECItem *value)
 {
     CERTAVA *ava;
     int rv;
     unsigned maxLen;
 
     ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
     if (ava) {
@@ -206,28 +206,28 @@ CERT_CreateAVAFromSECItem(PRArenaPool *a
 	    /* Illegal value type */
 	    return NULL;
 	}
     }
     return ava;
 }
 
 CERTAVA *
-CERT_CreateAVA(PRArenaPool *arena, SECOidTag kind, int valueType, char *value)
+CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind, int valueType, char *value)
 {
     SECItem item = { siBuffer, NULL, 0 };
 
     item.data = (PRUint8 *)value;
     item.len  = PORT_Strlen(value);
 
     return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item);
 }
 
 CERTAVA *
-CERT_CopyAVA(PRArenaPool *arena, CERTAVA *from)
+CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
 {
     CERTAVA *ava;
     int rv;
 
     ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
     if (ava) {
 	rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
 	if (rv) goto loser;
@@ -244,17 +244,17 @@ CERT_CopyAVA(PRArenaPool *arena, CERTAVA
 /* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
 static const SEC_ASN1Template cert_RDNTemplate[] = {
     { SEC_ASN1_SET_OF,
 	  offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
 };
 
 
 CERTRDN *
-CERT_CreateRDN(PRArenaPool *arena, CERTAVA *ava0, ...)
+CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
 {
     CERTAVA *ava;
     CERTRDN *rdn;
     va_list ap;
     unsigned count;
     CERTAVA **avap;
 
     rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
@@ -285,24 +285,24 @@ CERT_CreateRDN(PRArenaPool *arena, CERTA
 	    va_end(ap);
 	}
 	*avap++ = 0;
     }
     return rdn;
 }
 
 SECStatus
-CERT_AddAVA(PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
+CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
 {
     rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
     return rdn->avas ? SECSuccess : SECFailure;
 }
 
 SECStatus
-CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from)
+CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from)
 {
     CERTAVA **avas, *fava, *tava;
     SECStatus rv = SECSuccess;
 
     /* Copy each ava from from */
     avas = from->avas;
     if (avas) {
 	if (avas[0] == NULL) {
@@ -335,17 +335,17 @@ SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemp
 CERTName *
 CERT_CreateName(CERTRDN *rdn0, ...)
 {
     CERTRDN *rdn;
     CERTName *name;
     va_list ap;
     unsigned count;
     CERTRDN **rdnp;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( !arena ) {
 	return(0);
     }
     
     name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
     if (name) {
@@ -390,32 +390,32 @@ loser:
     return(0);
 }
 
 void
 CERT_DestroyName(CERTName *name)
 {
     if (name)
     {
-        PRArenaPool *arena = name->arena;
+        PLArenaPool *arena = name->arena;
         name->rdns = NULL;
 	name->arena = NULL;
 	if (arena) PORT_FreeArena(arena, PR_FALSE);
     }
 }
 
 SECStatus
 CERT_AddRDN(CERTName *name, CERTRDN *rdn)
 {
     name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
     return name->rdns ? SECSuccess : SECFailure;
 }
 
 SECStatus
-CERT_CopyName(PRArenaPool *arena, CERTName *to, const CERTName *from)
+CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from)
 {
     CERTRDN **rdns, *frdn, *trdn;
     SECStatus rv = SECSuccess;
 
     if (!to || !from) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -688,17 +688,17 @@ CERT_FindCertByNicknameOrEmailAddrForUsa
 {
   return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, 
                                                       PR_FALSE, 
                                                       lookingForUsage);
 }
 
 static void 
 add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
-                    PRBool validOnly, int64 sorttime)
+                    PRBool validOnly, PRTime sorttime)
 {
     SECStatus secrv;
     if (!validOnly ||
 	CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) 
 	 == secCertTimeValid) {
 	    secrv = CERT_AddCertToListSorted(certList, cert, 
 	                                     CERT_SortCBValidity, 
 	                                     (void *)&sorttime);
@@ -805,18 +805,18 @@ CERT_GetDBContentVersion(CERTCertDBHandl
     /* should read the DB content version from the pkcs #11 device */
     return 0;
 }
 
 SECStatus
 certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, 
 				SECItem *emailProfile, SECItem *profileTime)
 {
-    int64 oldtime;
-    int64 newtime;
+    PRTime oldtime;
+    PRTime newtime;
     SECStatus rv = SECFailure;
     PRBool saveit;
     SECItem oldprof, oldproftime;
     SECItem *oldProfile = NULL;
     SECItem *oldProfileTime = NULL;
     PK11SlotInfo *slot = NULL;
     NSSCertificate *c;
     NSSCryptoContext *cc;
--- a/security/nss/lib/certdb/xauthkid.c
+++ b/security/nss/lib/certdb/xauthkid.c
@@ -30,17 +30,17 @@ const SEC_ASN1Template CERTAuthKeyIDTemp
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
 	  offsetof(CERTAuthKeyID,authCertSerialNumber),
           SEC_ASN1_SUB(SEC_IntegerTemplate) },
     { 0 }
 };
 
 
 
-SECStatus CERT_EncodeAuthKeyID (PRArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
+SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
 {
     SECStatus rv = SECFailure;
  
     PORT_Assert (value);
     PORT_Assert (arena);
     PORT_Assert (value->DERAuthCertIssuer == NULL);
     PORT_Assert (encodedValue);
 
@@ -73,17 +73,17 @@ SECStatus CERT_EncodeAuthKeyID (PRArenaP
 	    break;
 	rv = SECSuccess;
 
     } while (0);
      return(rv);
 }
 
 CERTAuthKeyID *
-CERT_DecodeAuthKeyID (PRArenaPool *arena, const SECItem *encodedValue)
+CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue)
 {
     CERTAuthKeyID * value = NULL;
     SECStatus       rv    = SECFailure;
     void *          mark;
     SECItem         newEncodedValue;
 
     PORT_Assert (arena);
    
--- a/security/nss/lib/certdb/xbsconst.c
+++ b/security/nss/lib/certdb/xbsconst.c
@@ -17,17 +17,17 @@
 #include "secder.h"
 #include "prprf.h"
 #include "secerr.h"
 
 typedef struct EncodedContext{
     SECItem isCA;
     SECItem pathLenConstraint;
     SECItem encodedValue;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 }EncodedContext;
 
 static const SEC_ASN1Template CERTBasicConstraintsTemplate[] = {
     { SEC_ASN1_SEQUENCE,
 	  0, NULL, sizeof(EncodedContext) },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,		/* XXX DER_DEFAULT */
 	  offsetof(EncodedContext,isCA)},
     { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
@@ -36,20 +36,20 @@ static const SEC_ASN1Template CERTBasicC
 };
 
 static unsigned char hexTrue = 0xff;
 static unsigned char hexFalse = 0x00;
 
 #define GEN_BREAK(status) rv = status; break;
 
 SECStatus CERT_EncodeBasicConstraintValue
-   (PRArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
+   (PLArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
 {
     EncodedContext encodeContext;
-    PRArenaPool *our_pool = NULL;   
+    PLArenaPool *our_pool = NULL;
     SECStatus rv = SECSuccess;
 
     do {
 	PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
 	if (!value->isCA && value->pathLenConstraint >= 0) {
 	    PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
 	    GEN_BREAK (SECFailure);
 	}
@@ -86,17 +86,17 @@ SECStatus CERT_EncodeBasicConstraintValu
     return(rv);
 
 }
 
 SECStatus CERT_DecodeBasicConstraintValue
    (CERTBasicConstraints *value, const SECItem *encodedValue)
 {
     EncodedContext decodeContext;
-    PRArenaPool *our_pool;
+    PLArenaPool *our_pool;
     SECStatus rv = SECSuccess;
 
     do {
 	PORT_Memset (&decodeContext, 0, sizeof (decodeContext));
 	/* initialize the value just in case we got "0x30 00", or when the
 	   pathLenConstraint is omitted.
          */
 	decodeContext.isCA.data =&hexFalse;
--- a/security/nss/lib/certdb/xconst.c
+++ b/security/nss/lib/certdb/xconst.c
@@ -61,17 +61,17 @@ const SEC_ASN1Template CERTAuthInfoAcces
 };
 
 const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
 };
 
 
 SECStatus 
-CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString,
+CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem* srcString,
                         SECItem *encodedValue)
 {
     SECStatus rv = SECSuccess;
 
     if (!srcString) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -80,17 +80,17 @@ CERT_EncodeSubjectKeyID(PRArenaPool *are
 	rv = SECFailure;
     }
     
     return(rv);
 }
 
 
 SECStatus
-CERT_EncodePrivateKeyUsagePeriod(PRArenaPool *arena, 
+CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
                                 CERTPrivKeyUsagePeriod *pkup, 
 				SECItem *encodedValue)
 {
     SECStatus rv = SECSuccess;
 
     if (SEC_ASN1EncodeItem (arena, encodedValue, pkup,
 			    CERTPrivateKeyUsagePeriodTemplate) == NULL) {
 	rv = SECFailure;
@@ -129,17 +129,17 @@ CERT_DecodePrivKeyUsagePeriodExtension(P
     return pPeriod;
     
 loser:
     return NULL;
 }
 
 
 SECStatus 
-CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, SECItem *encodedValue)
+CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value, SECItem *encodedValue)
 {
     SECItem encodeContext;
     SECStatus rv = SECSuccess;
 
 
     PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
     
     if (value != NULL) {
@@ -150,32 +150,32 @@ CERT_EncodeIA5TypeExtension(PRArenaPool 
 			    CERTIA5TypeTemplate) == NULL) {
 	rv = SECFailure;
     }
     
     return(rv);
 }
 
 SECStatus
-CERT_EncodeAltNameExtension(PRArenaPool *arena,  CERTGeneralName  *value, SECItem *encodedValue)
+CERT_EncodeAltNameExtension(PLArenaPool *arena,  CERTGeneralName  *value, SECItem *encodedValue)
 {
     SECItem                **encodedGenName;
     SECStatus              rv = SECSuccess;
 
     encodedGenName = cert_EncodeGeneralNames(arena, value);
     if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
 			    CERT_GeneralNamesTemplate) == NULL) {
 	rv = SECFailure;
     }
 
     return rv;
 }
 
 CERTGeneralName *
-CERT_DecodeAltNameExtension(PRArenaPool *reqArena, SECItem *EncodedAltName)
+CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName)
 {
     SECStatus                  rv = SECSuccess;
     CERTAltNameEncodedContext  encodedContext;
     SECItem*                   newEncodedAltName;
 
     if (!reqArena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
@@ -200,37 +200,37 @@ CERT_DecodeAltNameExtension(PRArenaPool 
     /* Treat as extension not found */
     PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
 loser:
     return NULL;
 }
 
 
 SECStatus
-CERT_EncodeNameConstraintsExtension(PRArenaPool          *arena, 
+CERT_EncodeNameConstraintsExtension(PLArenaPool          *arena, 
 				    CERTNameConstraints  *value,
 				    SECItem              *encodedValue)
 {
     SECStatus     rv = SECSuccess;
     
     rv = cert_EncodeNameConstraints(value, arena, encodedValue);
     return rv;
 }
 
 
 CERTNameConstraints *
-CERT_DecodeNameConstraintsExtension(PRArenaPool          *arena,
+CERT_DecodeNameConstraintsExtension(PLArenaPool          *arena,
 				    const SECItem        *encodedConstraints)
 {
     return cert_DecodeNameConstraints(arena, encodedConstraints);
 }
 
 
 CERTAuthInfoAccess **
-CERT_DecodeAuthInfoAccessExtension(PRArenaPool *reqArena,
+CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
 				   SECItem     *encodedExtension)
 {
     CERTAuthInfoAccess **info = NULL;
     SECStatus rv;
     int i;
     SECItem* newEncodedExtension;
 
     if (!reqArena) {
@@ -253,17 +253,17 @@ CERT_DecodeAuthInfoAccessExtension(PRAre
 	info[i]->location = CERT_DecodeGeneralName(reqArena,
 						   &(info[i]->derLocation),
 						   NULL);
     }
     return info;
 }
 
 SECStatus
-CERT_EncodeInfoAccessExtension(PRArenaPool *arena,
+CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
 				   CERTAuthInfoAccess **info,
 				   SECItem *dest)
 {
     SECItem *dummy;
     int i;
 
     PORT_Assert(info != NULL);
     PORT_Assert(dest != NULL);
--- a/security/nss/lib/certdb/xconst.h
+++ b/security/nss/lib/certdb/xconst.h
@@ -10,27 +10,27 @@ typedef struct CERTAltNameEncodedContext
     SECItem **encodedGenName;
 } CERTAltNameEncodedContext;
 
 
 
 SEC_BEGIN_PROTOS
 
 extern SECStatus
-CERT_EncodePrivateKeyUsagePeriod(PRArenaPool *arena, 
+CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
                                 CERTPrivKeyUsagePeriod *pkup,
 				SECItem *encodedValue);
 
 extern SECStatus
-CERT_EncodeNameConstraintsExtension(PRArenaPool *arena, 
+CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
                                     CERTNameConstraints  *value,
 			            SECItem *encodedValue);
 
 extern SECStatus 
-CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, 
+CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
                             SECItem *encodedValue);
 
 SECStatus
-cert_EncodeAuthInfoAccessExtension(PRArenaPool *arena,
+cert_EncodeAuthInfoAccessExtension(PLArenaPool *arena,
 				   CERTAuthInfoAccess **info,
 				   SECItem *dest);
 SEC_END_PROTOS
 #endif
--- a/security/nss/lib/certhigh/certhigh.c
+++ b/security/nss/lib/certhigh/certhigh.c
@@ -75,17 +75,17 @@ CERT_FindUserCertsByUsage(CERTCertDBHand
 			  void *proto_win)
 {
     CERTCertNicknames *nicknames = NULL;
     char **nnptr;
     int nn;
     CERTCertificate *cert = NULL;
     CERTCertList *certList = NULL;
     SECStatus rv;
-    int64 time;
+    PRTime time;
     CERTCertListNode *node = NULL;
     CERTCertListNode *freenode = NULL;
     int n;
     
     time = PR_Now();
     
     nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
 				      proto_win);
@@ -223,17 +223,17 @@ CERT_FindUserCertByUsage(CERTCertDBHandl
 			 const char *nickname,
 			 SECCertUsage usage,
 			 PRBool validOnly,
 			 void *proto_win)
 {
     CERTCertificate *cert = NULL;
     CERTCertList *certList = NULL;
     SECStatus rv;
-    int64 time;
+    PRTime time;
     
     time = PR_Now();
     
     /* use the pk11 call so that we pick up any certs on tokens,
      * which may require login
      */
     /* XXX - why is this restricted? */
     if ( proto_win != NULL ) {
@@ -453,17 +453,17 @@ CollectNicknames( NSSCertificate *c, voi
     
     if (nickname) PORT_Free(nickname);
     return(PR_SUCCESS);
 }
 
 CERTCertNicknames *
 CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCertNicknames *names;
     int i;
     stringNode *node;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return(NULL);
@@ -583,17 +583,17 @@ CollectDistNames( CERTCertificate *cert,
 }
 
 /*
  * Return all of the CAs that are "trusted" for SSL.
  */
 CERTDistNames *
 CERT_DupDistNames(CERTDistNames *orig)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTDistNames *names;
     int i;
     SECStatus rv;
     
     /* allocate an arena to use */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -631,17 +631,17 @@ CERT_DupDistNames(CERTDistNames *orig)
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(NULL);
 }
 
 CERTDistNames *
 CERT_GetSSLCACerts(CERTCertDBHandle *handle)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTDistNames *names;
     int i;
     SECStatus rv;
     dnameNode *node;
     
     /* allocate an arena to use */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
@@ -693,17 +693,17 @@ loser:
     PORT_FreeArena(arena, PR_FALSE);
     return(NULL);
 }
 
 CERTDistNames *
 CERT_DistNamesFromCertList(CERTCertList *certList)
 {
     CERTDistNames *   dnames = NULL;
-    PRArenaPool *     arena;
+    PLArenaPool *     arena;
     CERTCertListNode *node = NULL;
     SECItem *         names = NULL;
     int               listLen = 0, i = 0;
 
     if (certList == NULL) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
@@ -741,17 +741,17 @@ loser:
     return NULL;
 }
 
 CERTDistNames *
 CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames,
 			   int nnames)
 {
     CERTDistNames *dnames = NULL;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     int i, rv;
     SECItem *names = NULL;
     CERTCertificate *cert = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) goto loser;
     dnames = PORT_ArenaZNew(arena, CERTDistNames);
     if (dnames == NULL) goto loser;
@@ -783,17 +783,17 @@ loser:
  * Lookup a certificate in the database by name
  */
 CERTCertificate *
 CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr)
 {
     CERTName *name;
     SECItem *nameItem;
     CERTCertificate *cert = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( arena == NULL ) {
 	goto loser;
     }
     
     name = CERT_AsciiToName(nameStr);
@@ -1019,17 +1019,17 @@ typedef struct certNode {
 
 CERTCertificateList *
 CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
 		       PRBool includeRoot)
 {
     CERTCertificateList *chain = NULL;
     NSSCertificate **stanChain;
     NSSCertificate *stanCert;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     NSSUsage nssUsage;
     int i, len;
     NSSTrustDomain *td   = STAN_GetDefaultTrustDomain();
     NSSCryptoContext *cc = STAN_GetDefaultCryptoContext();
 
     stanCert = STAN_GetNSSCertificate(cert);
     if (!stanCert) {
         /* error code is set */
@@ -1111,17 +1111,17 @@ loser:
 /* Builds a CERTCertificateList holding just one DER-encoded cert, namely
 ** the one for the cert passed as an argument.
 */
 CERTCertificateList *
 CERT_CertListFromCert(CERTCertificate *cert)
 {
     CERTCertificateList *chain = NULL;
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
 
     /* arena for SecCertificateList */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) goto no_memory;
 
     /* build the CERTCertificateList */
     chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
     if (chain == NULL) goto no_memory;
@@ -1142,17 +1142,17 @@ loser:
     }
     return NULL;
 }
 
 CERTCertificateList *
 CERT_DupCertList(const CERTCertificateList * oldList)
 {
     CERTCertificateList *newList = NULL;
-    PRArenaPool         *arena   = NULL;
+    PLArenaPool         *arena   = NULL;
     SECItem             *newItem;
     SECItem             *oldItem;
     int                 len      = oldList->len;
     int                 rv;
 
     /* arena for SecCertificateList */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) 
--- a/security/nss/lib/certhigh/certreq.c
+++ b/security/nss/lib/certhigh/certreq.c
@@ -47,17 +47,17 @@ SEC_ASN1_CHOOSER_IMPLEMENT(CERT_Certific
 CERTCertificate *
 CERT_CreateCertificate(unsigned long serialNumber,
 		      CERTName *issuer,
 		      CERTValidity *validity,
 		      CERTCertificateRequest *req)
 {
     CERTCertificate *c;
     int rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     
     if ( !arena ) {
 	return(0);
     }
 
     c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
@@ -119,17 +119,17 @@ CERT_CreateCertificate(unsigned long ser
  */
 
 CERTCertificateRequest *
 CERT_CreateCertificateRequest(CERTName *subject,
 			     CERTSubjectPublicKeyInfo *spki,
 			     SECItem **attributes)
 {
     CERTCertificateRequest *certreq;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTAttribute * attribute;
     SECOidData * oidData;
     SECStatus rv;
     int i = 0;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return NULL;
@@ -235,17 +235,17 @@ setCRExt(void *o, CERTCertExtension **ex
     ((CERTCertificateRequest *)o)->attributes = (struct CERTAttributeStr **)exts;
 }
 
 /*
 ** Set up to start gathering cert extensions for a cert request.
 ** The list is created as CertExtensions and converted to an
 ** attribute list by CERT_FinishCRAttributes().
  */
-extern void *cert_StartExtensions(void *owner, PRArenaPool *ownerArena,
+extern void *cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
                        void (*setExts)(void *object, CERTCertExtension **exts));
 void *
 CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req)
 {
     return (cert_StartExtensions ((void *)req, req->arena, setCRExt));
 }
 
 /*
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -91,17 +91,17 @@ CERT_VerifySignedDataWithPublicKeyInfo(C
     return rv;
 }
 
 /*
  * verify the signature of a signed data object with the given certificate
  */
 SECStatus
 CERT_VerifySignedData(CERTSignedData *sd, CERTCertificate *cert,
-		      int64 t, void *wincx)
+		      PRTime t, void *wincx)
 {
     SECKEYPublicKey *pubKey = 0;
     SECStatus        rv     = SECFailure;
     SECCertTimeValidity validity;
 
     /* check the certificate's validity */
     validity = CERT_CheckCertValidTimes(cert, t, PR_FALSE);
     if ( validity != secCertTimeValid ) {
@@ -115,26 +115,26 @@ CERT_VerifySignedData(CERTSignedData *sd
 	SECKEY_DestroyPublicKey(pubKey);
     }
     return rv;
 }
 
 
 SECStatus
 SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
-	     CERTCertificate *caCert, int64 t, void * wincx)
+	     CERTCertificate *caCert, PRTime t, void * wincx)
 {
     return CERT_CheckCRL(cert, caCert, NULL, t, wincx);
 }
 
 /*
  * Find the issuer of a cert.  Use the authorityKeyID if it exists.
  */
 CERTCertificate *
-CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage)
+CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime, SECCertUsage usage)
 {
     NSSCertificate *me;
     NSSTime *nssTime;
     NSSTrustDomain *td;
     NSSCryptoContext *cc;
     NSSCertificate *chain[3];
     NSSUsage nssUsage;
     PRStatus status;
@@ -300,34 +300,34 @@ cert_AddToVerifyLog(CERTVerifyLog *log, 
     if ( log != NULL ) { \
 	cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
 			    (void *)(PRWord)arg); \
     }
 
 static SECStatus
 cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
 		     PRBool checkSig, PRBool* sigerror,
-                     SECCertUsage certUsage, int64 t, void *wincx,
+                     SECCertUsage certUsage, PRTime t, void *wincx,
                      CERTVerifyLog *log, PRBool* revoked)
 {
     SECTrustType trustType;
     CERTBasicConstraints basicConstraint;
     CERTCertificate *issuerCert = NULL;
     CERTCertificate *subjectCert = NULL;
     CERTCertificate *badCert = NULL;
     PRBool isca;
     SECStatus rv;
     SECStatus rvFinal = SECSuccess;
     int count;
     int currentPathLen = 0;
     int pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
     unsigned int caCertType;
     unsigned int requiredCAKeyUsage;
     unsigned int requiredFlags;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTGeneralName *namesList = NULL;
     CERTCertificate **certsList      = NULL;
     int certsListLen = 16;
     int namesCount = 0;
     PRBool subjectCertIsSelfIssued;
     CERTCertTrust issuerTrust;
 
     if (revoked) {
@@ -686,42 +686,42 @@ done:
 	PORT_FreeArena(arena, PR_FALSE);
     }
     return rv;
 }
 
 SECStatus
 cert_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
                      PRBool checkSig, PRBool* sigerror,
-                     SECCertUsage certUsage, int64 t, void *wincx,
+                     SECCertUsage certUsage, PRTime t, void *wincx,
                      CERTVerifyLog *log, PRBool* revoked)
 {
     if (CERT_GetUsePKIXForValidation()) {
         return cert_VerifyCertChainPkix(cert, checkSig, certUsage, t,
                                         wincx, log, sigerror, revoked);
     }
     return cert_VerifyCertChainOld(handle, cert, checkSig, sigerror,
                                    certUsage, t, wincx, log, revoked);
 }
 
 SECStatus
 CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
-		     PRBool checkSig, SECCertUsage certUsage, int64 t,
+		     PRBool checkSig, SECCertUsage certUsage, PRTime t,
 		     void *wincx, CERTVerifyLog *log)
 {
     return cert_VerifyCertChain(handle, cert, checkSig, NULL, certUsage, t,
 			 wincx, log, NULL);
 }
 
 /*
  * verify that a CA can sign a certificate with the requested usage.
  */
 SECStatus
 CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
-		PRBool checkSig, SECCertUsage certUsage, int64 t,
+		PRBool checkSig, SECCertUsage certUsage, PRTime t,
 		void *wincx, CERTVerifyLog *log)
 {
     SECTrustType trustType;
     CERTBasicConstraints basicConstraint;
     PRBool isca;
     PRBool validCAOverride = PR_FALSE;
     SECStatus rv;
     SECStatus rvFinal = SECSuccess;
@@ -1062,17 +1062,17 @@ cert_CheckLeafTrust(CERTCertificate *cer
  *
  * a bitfield of cert usages is returned in *returnedUsages
  * if requiredUsages is non-zero, the returned bitmap is only
  * for those required usages, otherwise it is for all usages
  *
  */
 SECStatus
 CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
-		PRBool checkSig, SECCertificateUsage requiredUsages, int64 t,
+		PRBool checkSig, SECCertificateUsage requiredUsages, PRTime t,
 		void *wincx, CERTVerifyLog *log, SECCertificateUsage* returnedUsages)
 {
     SECStatus rv;
     SECStatus valid;
     unsigned int requiredKeyUsage;
     unsigned int requiredCertType;
     unsigned int flags;
     unsigned int certType;
@@ -1227,17 +1227,17 @@ CERT_VerifyCertificate(CERTCertDBHandle 
     }
     
 loser:
     return(valid);
 }
 
 SECStatus
 CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
-		PRBool checkSig, SECCertUsage certUsage, int64 t,
+		PRBool checkSig, SECCertUsage certUsage, PRTime t,
 		void *wincx, CERTVerifyLog *log)
 {
     SECStatus rv;
     unsigned int requiredKeyUsage;
     unsigned int requiredCertType;
     unsigned int flags;
     unsigned int certType;
     PRBool       trusted;
@@ -1381,17 +1381,17 @@ CERT_VerifyCertNow(CERTCertDBHandle *han
  *	certUsageEmailSigner
  *	certUsageEmailRecipient
  *	certUsageObjectSigner
  */
 
 CERTCertificate *
 CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
 		      CERTCertOwner owner, SECCertUsage usage,
-		      PRBool preferTrusted, int64 validTime, PRBool validOnly)
+		      PRBool preferTrusted, PRTime validTime, PRBool validOnly)
 {
     CERTCertList *certList = NULL;
     CERTCertificate *cert = NULL;
     CERTCertTrust certTrust;
     unsigned int requiredTrustFlags;
     SECTrustType requiredTrustType;
     unsigned int flags;
     
@@ -1499,17 +1499,17 @@ CERT_FilterCertListByCANames(CERTCertLis
 {
     CERTCertificate *issuerCert = NULL;
     CERTCertificate *subjectCert;
     CERTCertListNode *node, *freenode;
     CERTCertificate *cert;
     int n;
     char **names;
     PRBool found;
-    int64 time;
+    PRTime time;
     
     if ( nCANames <= 0 ) {
 	return(SECSuccess);
     }
 
     time = PR_Now();
     
     node = CERT_LIST_HEAD(certList);
@@ -1575,17 +1575,17 @@ CERT_FilterCertListByCANames(CERTCertLis
  *	is used.
  * "cert" - the cert to get nickname from
  * "expiredString" - the string to append to the nickname if the cert is
  *		expired.
  * "notYetGoodString" - the string to append to the nickname if the cert is
  *		not yet good.
  */
 char *
-CERT_GetCertNicknameWithValidity(PRArenaPool *arena, CERTCertificate *cert,
+CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
 				 char *expiredString, char *notYetGoodString)
 {
     SECCertTimeValidity validity;
     char *nickname = NULL, *tmpstr = NULL;
     
     validity = CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE);
 
     /* if the cert is good, then just use the nickname directly */
@@ -1647,17 +1647,17 @@ loser:
  * "notYetGoodString" - the string to append to the nickname of any cert
  *		that is not yet valid
  */
 CERTCertNicknames *
 CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
 				 char *notYetGoodString)
 {
     CERTCertNicknames *names;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCertListNode *node;
     char **nn;
     
     /* allocate an arena */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
 	return(NULL);
     }
@@ -1782,17 +1782,17 @@ CERT_ExtractNicknameString(char *namestr
 done:
     return(retstr);
 
 loser:
     return(NULL);
 }
 
 CERTCertList *
-CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage)
+CERT_GetCertChainFromCert(CERTCertificate *cert, PRTime time, SECCertUsage usage)
 {
     CERTCertList *chain = NULL;
     int count = 0;
 
     if (NULL == cert) {
         return NULL;
     }
     
--- a/security/nss/lib/certhigh/certvfypkix.c
+++ b/security/nss/lib/certhigh/certvfypkix.c
@@ -645,17 +645,17 @@ cleanup:
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 static PKIX_Error*
 cert_PkixToNssCertsChain(
     PKIX_List *pkixCertChain, 
     CERTCertList **pvalidChain, 
     void *plContext)
 {
-    PRArenaPool     *arena = NULL;
+    PLArenaPool     *arena = NULL;
     CERTCertificate *nssCert = NULL;
     CERTCertList    *validChain = NULL;
     PKIX_PL_Object  *certItem = NULL;
     PKIX_UInt32      length = 0;
     PKIX_UInt32      i = 0;
 
     PKIX_ENTER(CERTVFYPKIX, "cert_PkixToNssCertsChain");
     PKIX_NULLCHECK_ONE(pvalidChain);
--- a/security/nss/lib/certhigh/crlv2.c
+++ b/security/nss/lib/certhigh/crlv2.c
@@ -53,17 +53,17 @@ SetCrlEntryExts(void *object, CERTCertEx
 }
 
 void *
 CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
 {
     return (cert_StartExtensions (entry, crl->arena, SetCrlEntryExts));
 }
 
-SECStatus CERT_FindCRLNumberExten (PRArenaPool *arena, CERTCrl *crl,
+SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
                                    SECItem *value)
 {
     SECItem encodedExtenValue;
     SECItem *tmpItem = NULL;
     SECStatus rv;
     void *mark = NULL;
 
     encodedExtenValue.data = NULL;
@@ -95,17 +95,17 @@ SECStatus CERT_FindCRLNumberExten (PRAre
 }
 
 SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
                                         CERTCRLEntryReasonCode *value)
 {
     SECItem wrapperItem = {siBuffer,0};
     SECItem tmpItem = {siBuffer,0};
     SECStatus rv;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);   
     if ( ! arena ) {
 	return(SECFailure);
     }
     
     rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE, 
                             &wrapperItem);
@@ -130,17 +130,17 @@ loser:
     
     if ( wrapperItem.data ) {
 	PORT_Free(wrapperItem.data);
     }
 
     return (rv);
 }
 
-SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, int64 *value)
+SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value)
 {
     SECItem encodedExtenValue;
     SECItem decodedExtenValue = {siBuffer,0};
     SECStatus rv;
 
     encodedExtenValue.data = decodedExtenValue.data = NULL;
     encodedExtenValue.len = decodedExtenValue.len = 0;
 
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -52,17 +52,17 @@ struct OCSPCacheItemStr {
     /* key */
     CERTOCSPCertID *certID;
     /* CertID's arena also used to allocate "this" cache item */
 
     /* cache control information */
     PRTime nextFetchAttemptTime;
 
     /* Cached contents. Use a separate arena, because lifetime is different */
-    PRArenaPool *certStatusArena; /* NULL means: no cert status cached */
+    PLArenaPool *certStatusArena; /* NULL means: no cert status cached */
     ocspCertStatus certStatus;
 
     /* This may contain an error code when no OCSP response is available. */
     SECErrorCodes missingResponseError;
 
     PRPackedBool haveThisUpdate;
     PRPackedBool haveNextUpdate;
     PRTime thisUpdate;
@@ -96,52 +96,52 @@ static struct OCSPGlobalStruct {
                   ocspMode_FailureIsVerificationFailure,
                   NULL
                 };
 
 
 
 /* Forward declarations */
 static SECItem *
-ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena, 
                                        CERTOCSPRequest *request,
-                                       const char *location, int64 time,
+                                       const char *location, PRTime time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest);
 static SECStatus
 ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, 
                               CERTOCSPCertID *certID, 
                               CERTCertificate *cert, 
-                              int64 time, 
+                              PRTime time, 
                               void *pwArg,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp);
 
 static SECStatus
 ocsp_CacheEncodedOCSPResponse(CERTCertDBHandle *handle,
 			      CERTOCSPCertID *certID,
 			      CERTCertificate *cert,
-			      int64 time,
+			      PRTime time,
 			      void *pwArg,
 			      const SECItem *encodedResponse,
 			      PRBool cacheInvalid,
 			      PRBool *certIDWasConsumed,
 			      SECStatus *rv_ocsp);
 
 static SECStatus
 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, 
                                         CERTOCSPResponse *response, 
                                         CERTOCSPCertID   *certID,
                                         CERTCertificate  *signerCert,
-                                        int64             time,
+                                        PRTime            time,
                                         CERTOCSPSingleResponse **pSingleResponse);
 
 static SECStatus
-ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time);
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time);
 
 static CERTOCSPCertID *
 cert_DupOCSPCertID(CERTOCSPCertID *src);
 
 #ifndef DEBUG
 #define OCSP_TRACE(msg)
 #define OCSP_TRACE_TIME(msg, time)
 #define OCSP_TRACE_CERT(cert)
@@ -184,17 +184,17 @@ ocsp_Trace(const char *format, ...)
         return;
     va_start(args, format);
     PR_vsnprintf(buf, sizeof(buf), format, args);
     va_end(args);
     PR_LogPrint("%s", buf);
 }
 
 static void
-ocsp_dumpStringWithTime(const char *str, int64 time)
+ocsp_dumpStringWithTime(const char *str, PRTime time)
 {
     PRExplodedTime timePrintable;
     char timestr[256];
 
     if (!wantOcspTrace())
         return;
     PR_ExplodeTime(time, PR_GMTParameters, &timePrintable);
     if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) {
@@ -225,17 +225,17 @@ static void
 dumpCertificate(CERTCertificate *cert)
 {
     if (!wantOcspTrace())
         return;
 
     ocsp_Trace("OCSP ----------------\n");
     ocsp_Trace("OCSP ## SUBJECT:  %s\n", cert->subjectName);
     {
-        int64 timeBefore, timeAfter;
+        PRTime timeBefore, timeAfter;
         PRExplodedTime beforePrintable, afterPrintable;
         char beforestr[256], afterstr[256];
         PRStatus rv1, rv2;
         DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
         DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
         PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
         PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
         rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y", 
@@ -330,17 +330,17 @@ ocsp_CacheKeyCompareFunction(const void 
                                             &cid2->issuerNameHash)
             && SECEqual == SECITEM_CompareItem(&cid1->issuerKeyHash, 
                                                &cid2->issuerKeyHash)
             && SECEqual == SECITEM_CompareItem(&cid1->serialNumber, 
                                                &cid2->serialNumber));
 }
 
 static SECStatus
-ocsp_CopyRevokedInfo(PRArenaPool *arena, ocspCertStatus *dest, 
+ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest,
                      ocspRevokedInfo *src)
 {
     SECStatus rv = SECFailure;
     void *mark;
   
     mark = PORT_ArenaMark(arena);
   
     dest->certStatusInfo.revokedInfo = 
@@ -370,17 +370,17 @@ ocsp_CopyRevokedInfo(PRArenaPool *arena,
     return SECSuccess;
 
 loser:
     PORT_ArenaRelease(arena, mark);
     return SECFailure;
 }
 
 static SECStatus
-ocsp_CopyCertStatus(PRArenaPool *arena, ocspCertStatus *dest, 
+ocsp_CopyCertStatus(PLArenaPool *arena, ocspCertStatus *dest,
                     ocspCertStatus*src)
 {
     SECStatus rv = SECFailure;
     dest->certStatusType = src->certStatusType;
   
     switch (src->certStatusType) {
     case ocspCertStatus_good:
         dest->certStatusInfo.goodInfo = 
@@ -605,17 +605,17 @@ CERT_ClearOCSPCache(void)
     return SECSuccess;
 }
 
 static SECStatus
 ocsp_CreateCacheItemAndConsumeCertID(OCSPCacheData *cache,
                                      CERTOCSPCertID *certID, 
                                      OCSPCacheItem **pCacheItem)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     void *mark;
     PLHashEntry *new_hash_entry;
     OCSPCacheItem *item;
   
     PORT_Assert(pCacheItem != NULL);
     *pCacheItem = NULL;
 
     PR_EnterMonitor(OCSP_Global.monitor);
@@ -1437,31 +1437,31 @@ static const SEC_ASN1Template ocsp_Servi
  * REQUEST SUPPORT FUNCTIONS (encode/create/decode/destroy):
  */
 
 /* 
  * FUNCTION: CERT_EncodeOCSPRequest
  *   DER encodes an OCSP Request, possibly adding a signature as well.
  *   XXX Signing is not yet supported, however; see comments in code.
  * INPUTS: 
- *   PRArenaPool *arena
+ *   PLArenaPool *arena
  *     The return value is allocated from here.
  *     If a NULL is passed in, allocation is done from the heap instead.
  *   CERTOCSPRequest *request
  *     The request to be encoded.
  *   void *pwArg
  *     Pointer to argument for password prompting, if needed.  (Definitely
  *     not needed if not signing.)
  * RETURN:
  *   Returns a NULL on error and a pointer to the SECItem with the
  *   encoded value otherwise.  Any error is likely to be low-level
  *   (e.g. no memory).
  */
 SECItem *
-CERT_EncodeOCSPRequest(PRArenaPool *arena, CERTOCSPRequest *request, 
+CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
 		       void *pwArg)
 {
     ocspTBSRequest *tbsRequest;
     SECStatus rv;
 
     /* XXX All of these should generate errors if they fail. */
     PORT_Assert(request);
     PORT_Assert(request->tbsRequest);
@@ -1498,17 +1498,17 @@ CERT_EncodeOCSPRequest(PRArenaPool *aren
  * RETURN:
  *   Returns a pointer to a CERTOCSPRequest containing the decoded request.
  *   On error, returns NULL.  Most likely error is trouble decoding
  *   (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
  */
 CERTOCSPRequest *
 CERT_DecodeOCSPRequest(const SECItem *src)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECFailure;
     CERTOCSPRequest *dest = NULL;
     int i;
     SECItem newSrc;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	goto loser;
@@ -1566,17 +1566,17 @@ CERT_DestroyOCSPCertID(CERTOCSPCertID* c
  * Digest data using the specified algorithm.
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */
 
 SECItem *
-ocsp_DigestValue(PRArenaPool *arena, SECOidTag digestAlg, 
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg, 
                  SECItem *fill, const SECItem *src)
 {
     const SECHashObject *digestObject;
     SECItem *result = NULL;
     void *mark = NULL;
     void *digestBuff = NULL;
 
     if ( arena != NULL ) {
@@ -1630,17 +1630,17 @@ loser:
 /*
  * Digest the cert's subject public key using the specified algorithm.
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */
 SECItem *
-CERT_GetSPKIDigest(PRArenaPool *arena, const CERTCertificate *cert,
+CERT_GetSPKIDigest(PLArenaPool *arena, const CERTCertificate *cert,
                            SECOidTag digestAlg, SECItem *fill)
 {
     SECItem spk;
 
     /*
      * Copy just the length and data pointer (nothing needs to be freed)
      * of the subject public key so we can convert the length from bits
      * to bytes, which is what the digest function expects.
@@ -1650,17 +1650,17 @@ CERT_GetSPKIDigest(PRArenaPool *arena, c
 
     return ocsp_DigestValue(arena, digestAlg, fill, &spk);
 }
 
 /*
  * Digest the cert's subject name using the specified algorithm.
  */
 static SECItem *
-cert_GetSubjectNameDigest(PRArenaPool *arena, const CERTCertificate *cert,
+cert_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
                            SECOidTag digestAlg, SECItem *fill)
 {
     SECItem name;
 
     /*
      * Copy just the length and data pointer (nothing needs to be freed)
      * of the subject name
      */
@@ -1675,17 +1675,17 @@ cert_GetSubjectNameDigest(PRArenaPool *a
  * Someday it might need to be more flexible about hash algorithm, but
  * for now we have no intention/need to create anything else.
  *
  * Error causes a null to be returned; most likely cause is trouble
  * finding the certificate issuer (SEC_ERROR_UNKNOWN_ISSUER).
  * Other errors are low-level problems (no memory, bad database, etc.).
  */
 static CERTOCSPCertID *
-ocsp_CreateCertID(PRArenaPool *arena, CERTCertificate *cert, int64 time)
+ocsp_CreateCertID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
 {
     CERTOCSPCertID *certID;
     CERTCertificate *issuerCert = NULL;
     void *mark = PORT_ArenaMark(arena);
     SECStatus rv;
 
     PORT_Assert(arena != NULL);
 
@@ -1755,19 +1755,19 @@ loser:
     if (issuerCert != NULL) {
 	CERT_DestroyCertificate(issuerCert);
     }
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 CERTOCSPCertID*
-CERT_CreateOCSPCertID(CERTCertificate *cert, int64 time)
+CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTOCSPCertID *certID;
     PORT_Assert(arena != NULL);
     if (!arena)
 	return NULL;
     
     certID = ocsp_CreateCertID(arena, cert, time);
     if (!certID) {
 	PORT_FreeArena(arena, PR_FALSE);
@@ -1776,17 +1776,17 @@ CERT_CreateOCSPCertID(CERTCertificate *c
     certID->poolp = arena;
     return certID;
 }
 
 static CERTOCSPCertID *
 cert_DupOCSPCertID(CERTOCSPCertID *src)
 {
     CERTOCSPCertID *dest;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
     if (!src) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
@@ -1915,18 +1915,18 @@ loser:
  * order than preserve it, but since the requirement is not obvious,
  * it deserves to be mentioned.
  *
  * Any problem causes a null return and error set:
  *      SEC_ERROR_UNKNOWN_ISSUER
  * Other errors are low-level problems (no memory, bad database, etc.).
  */
 static ocspSingleRequest **
-ocsp_CreateSingleRequestList(PRArenaPool *arena, CERTCertList *certList,
-                             int64 time, PRBool includeLocator)
+ocsp_CreateSingleRequestList(PLArenaPool *arena, CERTCertList *certList,
+                             PRTime time, PRBool includeLocator)
 {
     ocspSingleRequest **requestList = NULL;
     CERTCertListNode *node = NULL;
     int i, count;
     void *mark = PORT_ArenaMark(arena);
  
     node = CERT_LIST_HEAD(certList);
     for (count = 0; !CERT_LIST_END(node, certList); count++) {
@@ -1970,20 +1970,20 @@ ocsp_CreateSingleRequestList(PRArenaPool
     return requestList;
 
 loser:
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 static ocspSingleRequest **
-ocsp_CreateRequestFromCert(PRArenaPool *arena, 
+ocsp_CreateRequestFromCert(PLArenaPool *arena,
                            CERTOCSPCertID *certID, 
                            CERTCertificate *singleCert,
-                           int64 time, 
+                           PRTime time,
                            PRBool includeLocator)
 {
     ocspSingleRequest **requestList = NULL;
     void *mark = PORT_ArenaMark(arena);
     PORT_Assert(certID != NULL && singleCert != NULL);
 
     /* meaning of value 2: one entry + one end marker */
     requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, 2);
@@ -2010,17 +2010,17 @@ ocsp_CreateRequestFromCert(PRArenaPool *
 loser:
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 static CERTOCSPRequest *
 ocsp_prepareEmptyOCSPRequest(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTOCSPRequest *request = NULL;
     ocspTBSRequest *tbsRequest = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
         goto loser;
     }
     request = PORT_ArenaZNew(arena, CERTOCSPRequest);
@@ -2042,17 +2042,17 @@ loser:
         PORT_FreeArena(arena, PR_FALSE);
     }
     return NULL;
 }
 
 CERTOCSPRequest *
 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, 
                                  CERTCertificate *singleCert, 
-                                 int64 time, 
+                                 PRTime time,
                                  PRBool addServiceLocator,
                                  CERTCertificate *signerCert)
 {
     CERTOCSPRequest *request;
     OCSP_TRACE(("OCSP cert_CreateSingleCertOCSPRequest %s\n", singleCert->subjectName));
 
     /* XXX Support for signerCert may be implemented later,
      * see also the comment in CERT_CreateOCSPRequest.
@@ -2090,17 +2090,17 @@ cert_CreateSingleCertOCSPRequest(CERTOCS
  *   CERTCertList *certList
  *     A list of certs for which status will be requested.
  *     Note that all of these certificates should have the same issuer,
  *     or it's expected the response will be signed by a trusted responder.
  *     If the certs need to be broken up into multiple requests, that
  *     must be handled by the caller (and thus by having multiple calls
  *     to this routine), who knows about where the request(s) are being
  *     sent and whether there are any trusted responders in place.
- *   int64 time
+ *   PRTime time
  *     Indicates the time for which the certificate status is to be 
  *     determined -- this may be used in the search for the cert's issuer
  *     but has no effect on the request itself.
  *   PRBool addServiceLocator
  *     If true, the Service Locator extension should be added to the
  *     single request(s) for each cert.
  *   CERTCertificate *signerCert
  *     If non-NULL, means sign the request using this cert.  Otherwise,
@@ -2109,17 +2109,17 @@ cert_CreateSingleCertOCSPRequest(CERTOCS
  * RETURN:
  *   A pointer to a CERTOCSPRequest structure containing an OCSP request
  *   for the cert list.  On error, null is returned, with an error set
  *   indicating the reason.  This is likely SEC_ERROR_UNKNOWN_ISSUER.
  *   (The issuer is needed to create a request for the certificate.)
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 CERTOCSPRequest *
-CERT_CreateOCSPRequest(CERTCertList *certList, int64 time, 
+CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
 		       PRBool addServiceLocator,
 		       CERTCertificate *signerCert)
 {
     CERTOCSPRequest *request = NULL;
 
     if (!certList) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
@@ -2379,17 +2379,17 @@ ocsp_CertStatusTypeByTag(int derTag)
 /*
  * Helper function for decoding SingleResponses -- they each contain
  * a status which is encoded as CHOICE, which needs to be decoded "by hand".
  *
  * Note -- on error, this routine does not release the memory it may
  * have allocated; it expects its caller to do that.
  */
 static SECStatus
-ocsp_FinishDecodingSingleResponses(PRArenaPool *reqArena,
+ocsp_FinishDecodingSingleResponses(PLArenaPool *reqArena,
 				   CERTOCSPSingleResponse **responses)
 {
     ocspCertStatus *certStatus;
     ocspCertStatusType certStatusType;
     const SEC_ASN1Template *certStatusTemplate;
     int derTag;
     int i;
     SECStatus rv = SECFailure;
@@ -2463,17 +2463,17 @@ ocsp_ResponderIDTypeByTag(int derTag)
 
     return responderIDType;
 }
 
 /*
  * Decode "src" as a BasicOCSPResponse, returning the result.
  */
 static ocspBasicOCSPResponse *
-ocsp_DecodeBasicOCSPResponse(PRArenaPool *arena, SECItem *src)
+ocsp_DecodeBasicOCSPResponse(PLArenaPool *arena, SECItem *src)
 {
     void *mark;
     ocspBasicOCSPResponse *basicResponse;
     ocspResponseData *responseData;
     ocspResponderID *responderID;
     CERTOCSPResponderIDType responderIDType;
     const SEC_ASN1Template *responderIDTemplate;
     int derTag;
@@ -2553,17 +2553,17 @@ loser:
 }
 
 
 /*
  * Decode the responseBytes based on the responseType found in "rbytes",
  * leaving the resulting translated/decoded information in there as well.
  */
 static SECStatus
-ocsp_DecodeResponseBytes(PRArenaPool *arena, ocspResponseBytes *rbytes)
+ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes)
 {
     PORT_Assert(rbytes != NULL);		/* internal error, really */
     if (rbytes == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);	/* XXX set better error? */
 	return SECFailure;
     }
 
     rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType);
@@ -2605,17 +2605,17 @@ ocsp_DecodeResponseBytes(PRArenaPool *ar
  *   the caller is responsible for destroying it.  Or NULL if error (either
  *   response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
  *   it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
  *   or a low-level or internal error occurred).
  */
 CERTOCSPResponse *
 CERT_DecodeOCSPResponse(const SECItem *src)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTOCSPResponse *response = NULL;
     SECStatus rv = SECFailure;
     ocspResponseStatus sv;
     SECItem newSrc;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	goto loser;
@@ -2976,17 +2976,17 @@ loser:
  * Sends an encoded OCSP request to the server identified by "location",
  * and returns the socket on which it was sent (so can listen for the reply).
  * "location" is expected to be a valid URL -- an error parsing it produces
  * SEC_ERROR_CERT_BAD_ACCESS_LOCATION.  Other errors are likely problems
  * connecting to it, or writing to it, or allocating memory, and the low-level
  * errors appropriate to the problem will be set.
  */
 static PRFileDesc *
-ocsp_SendEncodedRequest(const char *location, SECItem *encodedRequest)
+ocsp_SendEncodedRequest(const char *location, const SECItem *encodedRequest)
 {
     char *hostname = NULL;
     char *path = NULL;
     PRUint16 port;
     SECStatus rv;
     PRFileDesc *sock = NULL;
     PRFileDesc *returnSock = NULL;
     char *header = NULL;
@@ -3096,17 +3096,17 @@ ocsp_read(PRFileDesc *fd, char *buf, int
  * Reads on the given socket and returns an encoded response when received.
  * Properly formatted HTTP/1.0 response headers are expected to be read
  * from the socket, preceding a binary-encoded OCSP response.  Problems
  * with parsing cause the error SEC_ERROR_OCSP_BAD_HTTP_RESPONSE to be
  * set; any other problems are likely low-level i/o or memory allocation
  * errors.
  */
 static SECItem *
-ocsp_GetEncodedResponse(PRArenaPool *arena, PRFileDesc *sock)
+ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
 {
     /* first read HTTP status line and headers */
 
     char* inBuffer = NULL;
     PRInt32 offset = 0;
     PRInt32 inBufsize = 0;
     const PRInt32 bufSizeIncrement = OCSP_BUFSIZE; /* 1 KB at a time */
     const PRInt32 maxBufSize = 8 * bufSizeIncrement ; /* 8 KB max */
@@ -3333,20 +3333,20 @@ CERT_ParseURL(const char *url, char **pH
 }
 
 /*
  * Limit the size of http responses we are willing to accept.
  */
 #define MAX_WANTED_OCSP_RESPONSE_LEN 64*1024
 
 static SECItem *
-fetchOcspHttpClientV1(PRArenaPool *arena, 
+fetchOcspHttpClientV1(PLArenaPool *arena, 
                       const SEC_HttpClientFcnV1 *hcv1, 
                       const char *location, 
-                      SECItem *encodedRequest)
+                      const SECItem *encodedRequest)
 {
     char *hostname = NULL;
     char *path = NULL;
     PRUint16 port;
     SECItem *encodedResponse = NULL;
     SEC_HTTP_SERVER_SESSION pServerSession = NULL;
     SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
     PRUint16 myHttpResponseCode;
@@ -3442,31 +3442,31 @@ loser:
     return encodedResponse;
 }
 
 /*
  * FUNCTION: CERT_GetEncodedOCSPResponse
  *   Creates and sends a request to an OCSP responder, then reads and
  *   returns the (encoded) response.
  * INPUTS:
- *   PRArenaPool *arena
+ *   PLArenaPool *arena
  *     Pointer to arena from which return value will be allocated.
  *     If NULL, result will be allocated from the heap (and thus should
  *     be freed via SECITEM_FreeItem).
  *   CERTCertList *certList
  *     A list of certs for which status will be requested.
  *     Note that all of these certificates should have the same issuer,
  *     or it's expected the response will be signed by a trusted responder.
  *     If the certs need to be broken up into multiple requests, that
  *     must be handled by the caller (and thus by having multiple calls
  *     to this routine), who knows about where the request(s) are being
  *     sent and whether there are any trusted responders in place.
  *   const char *location
  *     The location of the OCSP responder (a URL).
- *   int64 time
+ *   PRTime time
  *     Indicates the time for which the certificate status is to be 
  *     determined -- this may be used in the search for the cert's issuer
  *     but has no other bearing on the operation.
  *   PRBool addServiceLocator
  *     If true, the Service Locator extension should be added to the
  *     single request(s) for each cert.
  *   CERTCertificate *signerCert
  *     If non-NULL, means sign the request using this cert.  Otherwise,
@@ -3484,97 +3484,101 @@ loser:
  *   Returns a pointer to the SECItem holding the response.
  *   On error, returns null with error set describing the reason:
  *	SEC_ERROR_UNKNOWN_ISSUER
  *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
  *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 SECItem *
-CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
-			    const char *location, int64 time,
+CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
+			    const char *location, PRTime time,
 			    PRBool addServiceLocator,
 			    CERTCertificate *signerCert, void *pwArg,
 			    CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
                                      signerCert);
     if (!request)
         return NULL;
     return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location, 
                                                   time, addServiceLocator, 
                                                   pwArg, pRequest);
 }
 
 static SECItem *
-ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
                                        CERTOCSPRequest *request,
-                                       const char *location, int64 time,
+                                       const char *location, PRTime time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest)
 {
     SECItem *encodedRequest = NULL;
     SECItem *encodedResponse = NULL;
-    PRFileDesc *sock = NULL;
     SECStatus rv;
-    const SEC_HttpClientFcn *registeredHttpClient = NULL;
 
     rv = CERT_AddOCSPAcceptableResponses(request,
 					 SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
     if (rv != SECSuccess)
 	goto loser;
 
     encodedRequest = CERT_EncodeOCSPRequest(NULL, request, pwArg);
     if (encodedRequest == NULL)
 	goto loser;
 
-    registeredHttpClient = SEC_GetRegisteredHttpClient();
-
-    if (registeredHttpClient
-            &&
-            registeredHttpClient->version == 1) {
-        encodedResponse = fetchOcspHttpClientV1(
-                              arena,
-                              &registeredHttpClient->fcnTable.ftable1,
-                              location,
-                              encodedRequest);
-    }
-    else {
-      /* use internal http client */
-    
-      sock = ocsp_SendEncodedRequest(location, encodedRequest);
-      if (sock == NULL)
-	  goto loser;
-
-      encodedResponse = ocsp_GetEncodedResponse(arena, sock);
-    }
+    encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest);
 
     if (encodedResponse != NULL && pRequest != NULL) {
 	*pRequest = request;
 	request = NULL;			/* avoid destroying below */
     }
 
 loser:
     if (request != NULL)
 	CERT_DestroyOCSPRequest(request);
     if (encodedRequest != NULL)
 	SECITEM_FreeItem(encodedRequest, PR_TRUE);
-    if (sock != NULL)
-	PR_Close(sock);
+
+    return encodedResponse;
+}
+
+SECItem *
+CERT_PostOCSPRequest(PLArenaPool *arena,  const char *location, 
+                     const SECItem *encodedRequest)
+{
+    const SEC_HttpClientFcn *registeredHttpClient;
+    SECItem *encodedResponse = NULL;
+
+    registeredHttpClient = SEC_GetRegisteredHttpClient();
+
+    if (registeredHttpClient && registeredHttpClient->version == 1) {
+        encodedResponse = fetchOcspHttpClientV1(
+                              arena,
+                              &registeredHttpClient->fcnTable.ftable1,
+                              location,
+                              encodedRequest);
+    } else {
+        /* use internal http client */
+        PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest);
+        if (sock) {
+            encodedResponse = ocsp_GetEncodedResponse(arena, sock);
+            PR_Close(sock);
+        }
+    }
 
     return encodedResponse;
 }
 
 static SECItem *
-ocsp_GetEncodedOCSPResponseForSingleCert(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseForSingleCert(PLArenaPool *arena, 
                                          CERTOCSPCertID *certID, 
                                          CERTCertificate *singleCert, 
-                                         const char *location, int64 time,
+                                         const char *location, PRTime time,
                                          PRBool addServiceLocator,
                                          void *pwArg,
                                          CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time, 
                                                addServiceLocator, NULL);
     if (!request)
@@ -3873,17 +3877,17 @@ SECStatus
 CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,	
 				 CERTCertDBHandle *handle, void *pwArg,
 				 CERTCertificate **pSignerCert,
 				 CERTCertificate *issuer)
 {
     SECItem *tbsResponseDataDER;
     CERTCertificate *signerCert = NULL;
     SECStatus rv = SECFailure;
-    int64 producedAt;
+    PRTime producedAt;
 
     /* ocsp_DecodeBasicOCSPResponse will fail if asn1 decoder is unable
      * to properly decode tbsData (see the function and
      * ocsp_BasicOCSPResponseTemplate). Thus, tbsData can not be
      * equal to null */
     ocspResponseData *tbsData = ocsp_GetResponseData(response,
                                                      &tbsResponseDataDER);
     ocspSignature *signature = ocsp_GetResponseSignature(response);
@@ -4201,17 +4205,17 @@ ocsp_CertIsOCSPDefaultResponder(CERTCert
  *  3.  A "CA designated responder", aka an "authorized responder" -- it
  *      must be represented by a special cert issued by the CA who issued
  *      the certificate in question.
  */
 static PRBool
 ocsp_AuthorizedResponderForCertID(CERTCertDBHandle *handle,
 				  CERTCertificate *signerCert,
 				  CERTOCSPCertID *certID,
-				  int64 thisUpdate)
+				  PRTime thisUpdate)
 {
     CERTCertificate *issuerCert = NULL, *defRespCert;
     SECItem *keyHash = NULL;
     SECItem *nameHash = NULL;
     SECOidTag hashAlg;
     PRBool keyHashEQ = PR_FALSE, nameHashEQ = PR_FALSE;
 
     /*
@@ -4323,20 +4327,20 @@ ocsp_AuthorizedResponderForCertID(CERTCe
  * different usages could specify exactly what constitutes "sufficiently
  * recent".  But that is not going to happen right away.  For now, we
  * want something from within the last 24 hours.  This macro defines that
  * number in seconds.
  */
 #define OCSP_ALLOWABLE_LAPSE_SECONDS	(24L * 60L * 60L)
 
 static PRBool
-ocsp_TimeIsRecent(int64 checkTime)
+ocsp_TimeIsRecent(PRTime checkTime)
 {
-    int64 now = PR_Now();
-    int64 lapse, tmp;
+    PRTime now = PR_Now();
+    PRTime lapse, tmp;
 
     LL_I2L(lapse, OCSP_ALLOWABLE_LAPSE_SECONDS);
     LL_I2L(tmp, PR_USEC_PER_SEC);
     LL_MUL(lapse, lapse, tmp);		/* allowable lapse in microseconds */
 
     LL_ADD(checkTime, checkTime, lapse);
     if (LL_CMP(now, >, checkTime))
 	return PR_FALSE;
@@ -4398,20 +4402,20 @@ ocsp_HandleOldSingleResponse(CERTOCSPSin
  *	SEC_ERROR_OCSP_OLD_RESPONSE
  *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
  * Other errors are low-level problems (no memory, bad database, etc.).
  */ 
 static SECStatus
 ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
 			  CERTCertDBHandle *handle,
 			  CERTCertificate *signerCert,
-			  int64 producedAt)
+			  PRTime producedAt)
 {
     CERTOCSPCertID *certID = single->certID;
-    int64 now, thisUpdate, nextUpdate, tmstamp, tmp;
+    PRTime now, thisUpdate, nextUpdate, tmstamp, tmp;
     SECStatus rv;
 
     OCSP_TRACE(("OCSP ocsp_VerifySingleResponse, nextUpdate: %d\n", 
                ((single->nextUpdate) != 0)));
     /*
      * If all the responder said was that the given cert was unknown to it,
      * that is a valid response.  Not very interesting to us, of course,
      * but all this function is concerned with is validity of the response,
@@ -4480,24 +4484,24 @@ ocsp_VerifySingleResponse(CERTOCSPSingle
  *     A copy of the URI for the OCSP method, if found.  If either the
  *     extension is not present or it does not contain an entry for OCSP,
  *     SEC_ERROR_CERT_BAD_ACCESS_LOCATION will be set and a NULL returned.
  *     Any other error will also result in a NULL being returned.
  *     
  *     This result should be freed (via PORT_Free) when no longer in use.
  */
 char *
-CERT_GetOCSPAuthorityInfoAccessLocation(CERTCertificate *cert)
+CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert)
 {
     CERTGeneralName *locname = NULL;
     SECItem *location = NULL;
     SECItem *encodedAuthInfoAccess = NULL;
     CERTAuthInfoAccess **authInfoAccess = NULL;
     char *locURI = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     int i;
 
     /*
      * Allocate this one from the heap because it will get filled in
      * by CERT_FindCertExtension which will also allocate from the heap,
      * and we can free the entire thing on our way out.
      */
@@ -4641,19 +4645,19 @@ ocsp_GetResponderLocation(CERTCertDBHand
     return ocspUrl;
 }
 
 /*
  * Return SECSuccess if the cert was revoked *after* "time",
  * SECFailure otherwise.
  */
 static SECStatus
-ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time)
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time)
 {
-    int64 revokedTime;
+    PRTime revokedTime;
     SECStatus rv;
 
     rv = DER_GeneralizedTimeToTime(&revokedTime, &revokedInfo->revocationTime);
     if (rv != SECSuccess)
 	return rv;
 
     /*
      * Set the error even if we will return success; someone might care.
@@ -4666,17 +4670,17 @@ ocsp_CertRevokedAfter(ocspRevokedInfo *r
     return SECFailure;
 }
 
 /*
  * See if the cert represented in the single response had a good status
  * at the specified time.
  */
 static SECStatus
-ocsp_CertHasGoodStatus(ocspCertStatus *status, int64 time)
+ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time)
 {
     SECStatus rv;
     switch (status->certStatusType) {
     case ocspCertStatus_good:
         rv = SECSuccess;
         break;
     case ocspCertStatus_revoked:
         rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
@@ -4692,33 +4696,33 @@ ocsp_CertHasGoodStatus(ocspCertStatus *s
         rv = SECFailure;
         break;
     }
     return rv;
 }
 
 static SECStatus
 ocsp_SingleResponseCertHasGoodStatus(CERTOCSPSingleResponse *single, 
-                                     int64 time)
+                                     PRTime time)
 {
     return ocsp_CertHasGoodStatus(single->certStatus, time);
 }
 
 /* Return value SECFailure means: not found or not fresh.
  * On SECSuccess, the out parameters contain the OCSP status.
  * rvOcsp contains the overall result of the OCSP operation.
  * Depending on input parameter ignoreGlobalOcspFailureSetting,
  * a soft failure might be converted into *rvOcsp=SECSuccess.
  * If the cached attempt to obtain OCSP information had resulted
  * in a failure, missingResponseError shows the error code of
  * that failure.
  */
 SECStatus
 ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID, 
-                                        int64 time, 
+                                        PRTime time,
                                         PRBool ignoreGlobalOcspFailureSetting,
                                         SECStatus *rvOcsp,
                                         SECErrorCodes *missingResponseError)
 {
     OCSPCacheItem *cacheItem = NULL;
     SECStatus rv = SECFailure;
   
     if (!certID || !missingResponseError || !rvOcsp) {
@@ -4780,17 +4784,17 @@ ocsp_FetchingFailureIsVerificationFailur
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTCertificate *cert
  *     the certificate being checked
  *   XXX in the long term also need a boolean parameter that specifies
  *	whether to check the cert chain, as well; for now we check only
  *	the leaf (the specified certificate)
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   void *pwArg
  *     argument for password prompting, if needed
  * RETURN:
  *   Returns SECSuccess if an approved OCSP responder "knows" the cert
  *   *and* returns a non-revoked status for it; SECFailure otherwise,
  *   with an error set describing the reason:
  *
@@ -4817,17 +4821,17 @@ ocsp_FetchingFailureIsVerificationFailur
  *
  *   Other errors are any of the many possible failures in cert verification
  *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
  *   verifying the signer's cert, or low-level problems (error allocating
  *   memory, error performing ASN.1 decoding, etc.).
  */    
 SECStatus 
 CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
-		     int64 time, void *pwArg)
+		     PRTime time, void *pwArg)
 {
     CERTOCSPCertID *certID;
     PRBool certIDWasConsumed = PR_FALSE;
     SECStatus rv = SECFailure;
     SECStatus rvOcsp;
     SECErrorCodes dummy_error_code; /* we ignore this */
   
     OCSP_TRACE_CERT(cert);
@@ -4871,30 +4875,30 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *h
  *   This function is intended for use when OCSP responses are provided via a
  *   side-channel, i.e. TLS OCSP stapling (a.k.a. the status_request extension).
  *
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTCertificate *cert
  *     the certificate being checked
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   SECItem *encodedResponse
  *     the DER encoded bytes of the OCSP response
  *   void *pwArg
  *     argument for password prompting, if needed
  * RETURN:
  *   SECSuccess if the cert was found in the cache, or if the OCSP response was
  *   found to be valid and inserted into the cache. SECFailure otherwise.
  */
 SECStatus
 CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
 				      CERTCertificate *cert,
-				      int64 time,
+				      PRTime time,
 				      const SECItem *encodedResponse,
 				      void *pwArg)
 {
     CERTOCSPCertID *certID = NULL;
     PRBool certIDWasConsumed = PR_FALSE;
     SECStatus rv = SECFailure;
     SECStatus rvOcsp;
     SECErrorCodes dummy_error_code; /* we ignore this */
@@ -4971,17 +4975,17 @@ CERT_CacheOCSPResponseFromSideChannel(CE
 /*
  * Status in *certIDWasConsumed will always be correct, regardless of 
  * return value.
  */
 static SECStatus
 ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, 
                               CERTOCSPCertID *certID, 
                               CERTCertificate *cert, 
-                              int64 time, 
+                              PRTime time,
                               void *pwArg,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp)
 {
     char *location = NULL;
     PRBool locationIsDefault;
     SECItem *encodedResponse = NULL;
     CERTOCSPRequest *request = NULL;
@@ -5077,17 +5081,17 @@ loser:
  *
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTOCSPCertID *certID
  *     the cert ID corresponding to |cert|
  *   CERTCertificate *cert
  *     the certificate being checked
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   void *pwArg
  *     the opaque argument to the password prompting function.
  *   SECItem *encodedResponse
  *     the DER encoded bytes of the OCSP response
  *   PRBool cacheInvalid
  *     If true then invalid responses will cause a negative cache entry to be
  *     created. (Invalid means bad syntax, bad signature etc)
@@ -5099,17 +5103,17 @@ loser:
  *     definition of 'good' above).
  * RETURN:
  *   SECSuccess iff the response is valid.
  */
 static SECStatus
 ocsp_CacheEncodedOCSPResponse(CERTCertDBHandle *handle,
 			      CERTOCSPCertID *certID,
 			      CERTCertificate *cert,
-			      int64 time,
+			      PRTime time,
 			      void *pwArg,
 			      const SECItem *encodedResponse,
                               PRBool cacheInvalid,
 			      PRBool *certIDWasConsumed,
 			      SECStatus *rv_ocsp)
 {
     CERTOCSPResponse *response = NULL;
     CERTCertificate *signerCert = NULL;
@@ -5190,23 +5194,23 @@ loser:
     return rv;
 }
 
 static SECStatus
 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, 
                                         CERTOCSPResponse *response, 
                                         CERTOCSPCertID   *certID,
                                         CERTCertificate  *signerCert,
-                                        int64             time,
+                                        PRTime            time,
                                         CERTOCSPSingleResponse 
                                             **pSingleResponse)
 {
     SECStatus rv;
     ocspResponseData *responseData;
-    int64 producedAt;
+    PRTime producedAt;
     CERTOCSPSingleResponse *single;
 
     /*
      * The ResponseData part is the real guts of the response.
      */
     responseData = ocsp_GetResponseData(response, NULL);
     if (responseData == NULL) {
         rv = SECFailure;
@@ -5239,17 +5243,17 @@ loser:
     return rv;
 }
 
 SECStatus
 CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle, 
                             CERTOCSPResponse *response, 
                             CERTOCSPCertID   *certID,
                             CERTCertificate  *signerCert,
-                            int64             time)
+                            PRTime            time)
 {
     /*
      * We do not update the cache, because:
      *
      * CERT_GetOCSPStatusForCertID is an old exported API that was introduced
      * before the OCSP cache got implemented.
      *
      * The implementation of helper function cert_ProcessOCSPResponse
@@ -5273,17 +5277,17 @@ CERT_GetOCSPStatusForCertID(CERTCertDBHa
 /*
  * The first 5 parameters match the definition of CERT_GetOCSPStatusForCertID.
  */
 SECStatus
 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, 
                          CERTOCSPResponse *response, 
                          CERTOCSPCertID   *certID,
                          CERTCertificate  *signerCert,
-                         int64             time,
+                         PRTime            time,
                          PRBool           *certIDWasConsumed,
                          SECStatus        *cacheUpdateStatus)
 {
     SECStatus rv;
     SECStatus rv_cache = SECSuccess;
     CERTOCSPSingleResponse *single = NULL;
 
     rv = ocsp_GetVerifiedSingleResponseForCertID(handle, response, certID, 
--- a/security/nss/lib/certhigh/ocsp.h
+++ b/security/nss/lib/certhigh/ocsp.h
@@ -415,17 +415,17 @@ CERT_VerifyOCSPResponseSignature(CERTOCS
  *     A copy of the URI for the OCSP method, if found.  If either the
  *     extension is not present or it does not contain an entry for OCSP,
  *     SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned.
  *     Any other error will also result in a NULL being returned.
  *     
  *     This result should be freed (via PORT_Free) when no longer in use.
  */
 extern char *
-CERT_GetOCSPAuthorityInfoAccessLocation(CERTCertificate *cert);
+CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert);
 
 /*
  * FUNCTION: CERT_RegisterAlternateOCSPAIAInfoCallBack
  *   This function serves two purposes.  
  *   1) It registers the address of a callback function that will be 
  *   called for certs that have no OCSP AIA extension, to see if the 
  *   callback wishes to supply an alternative URL for such an OCSP inquiry.
  *   2) It outputs the previously registered function's address to the 
@@ -692,12 +692,26 @@ CERT_CreateEncodedOCSPSuccessResponse(
  *   Returns a pointer to the SECItem holding the response.
  *   On error, returns null with error set describing the reason:
  *	SEC_ERROR_INVALID_ARGS
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 extern SECItem*
 CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error);
 
+/* Sends an OCSP request using the HTTP POST method to the location addressed
+ * by the URL in |location| parameter. The request body will be
+ * |encodedRequest|, which must be a valid encoded OCSP request. On success,
+ * the server's response is returned and the caller must free it using
+ * SECITEM_FreeItem. On failure, NULL is returned. No parsing or validation of
+ * the HTTP response is done.
+ *
+ * If a default HTTP client has been registered with
+ * SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an
+ * internal HTTP client is used.
+ */
+SECItem* CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
+                              const SECItem *encodedRequest);
+
 /************************************************************************/
 SEC_END_PROTOS
 
 #endif /* _OCSP_H_ */
--- a/security/nss/lib/certhigh/ocspi.h
+++ b/security/nss/lib/certhigh/ocspi.h
@@ -13,17 +13,17 @@ SECStatus OCSP_ShutdownGlobal(void);
 
 ocspResponseData *
 ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER);
 
 ocspSignature *
 ocsp_GetResponseSignature(CERTOCSPResponse *response);
 
 SECItem *
-ocsp_DigestValue(PRArenaPool *arena, SECOidTag digestAlg,
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
                  SECItem *fill, const SECItem *src);
 
 PRBool
 ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert);
 
 CERTCertificate *
 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
                           ocspSignature *signature, CERTCertificate *issuer);
@@ -32,23 +32,23 @@ SECStatus
 ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
                              ocspSignature *signature,
                              SECItem *tbsResponseDataDER,
                              void *pwArg);
 
 CERTOCSPRequest *
 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, 
                                  CERTCertificate *singleCert, 
-                                 int64 time, 
+                                 PRTime time,
                                  PRBool addServiceLocator,
                                  CERTCertificate *signerCert);
 
 SECStatus
 ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID, 
-                                        int64 time, 
+                                        PRTime time,
                                         PRBool ignoreOcspFailureMode,
                                         SECStatus *rvOcsp,
                                         SECErrorCodes *missingResponseError);
 
 /*
  * FUNCTION: cert_ProcessOCSPResponse
  *  Same behavior and basic parameters as CERT_GetOCSPStatusForCertID.
  *  In addition it can update the OCSP cache (using information
@@ -58,17 +58,17 @@ ocsp_GetCachedOCSPResponseStatusIfFresh(
  *    certificate DB of the cert that is being checked
  *  CERTOCSPResponse *response
  *    the OCSP response we want to retrieve status from.
  *  CERTOCSPCertID *certID
  *    the ID we want to look for from the response.
  *  CERTCertificate *signerCert
  *    the certificate that was used to sign the OCSP response.
  *    must be obtained via a call to CERT_VerifyOCSPResponseSignature.
- *  int64 time
+ *  PRTime time
  *    The time at which we're checking the status for.
  *  PRBool *certIDWasConsumed
  *    In and Out parameter.
  *    If certIDWasConsumed is NULL on input,
  *    this function might produce a deep copy of cert ID
  *    for storing it in the cache.
  *    If out value is true, ownership of parameter certID was
  *    transferred to the OCSP cache.
@@ -80,17 +80,17 @@ ocsp_GetCachedOCSPResponseStatusIfFresh(
  *    it matches the documentation for CERT_CheckOCSPStatus
  */
 
 SECStatus
 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, 
                          CERTOCSPResponse *response, 
                          CERTOCSPCertID   *certID,
                          CERTCertificate  *signerCert,
-                         int64             time,
+                         PRTime            time,
                          PRBool           *certIDWasConsumed,
                          SECStatus        *cacheUpdateStatus);
 
 /*
  * FUNCTION: cert_RememberOCSPProcessingFailure
  *  If an application notices a failure during OCSP processing,
  *  it should finally call this function. The failure will be recorded
  *  in the OCSP cache in order to avoid repetitive failures.
--- a/security/nss/lib/certhigh/ocspti.h
+++ b/security/nss/lib/certhigh/ocspti.h
@@ -67,17 +67,17 @@ typedef struct ocspSingleRequestStr ocsp
 typedef struct ocspSingleResponseStr ocspSingleResponse;
 typedef struct ocspTBSRequestStr ocspTBSRequest;
 
 
 /*
  * An OCSPRequest; this is what is sent (encoded) to an OCSP responder.
  */
 struct CERTOCSPRequestStr {
-    PRArenaPool *arena;			/* local; not part of encoding */
+    PLArenaPool *arena;			/* local; not part of encoding */
     ocspTBSRequest *tbsRequest;
     ocspSignature *optionalSignature;
 };
 
 /*
  * A TBSRequest; when an OCSPRequest is signed, the encoding of this
  * is what the signature is actually applied to.  ("TBS" == To Be Signed)
  * Whether signed or not, however, this structure will be present, and
@@ -139,17 +139,17 @@ struct ocspSignatureStr {
  * Note that in the OCSP specification this is just called "Request",
  * but since that seemed confusing (vs. an OCSPRequest) and to be more
  * consistent with the parallel type "SingleResponse", I called it a
  * "SingleRequest".
  * 
  * XXX figure out how to get rid of that arena -- there must be a way
  */
 struct ocspSingleRequestStr {
-    PRArenaPool *arena;			/* just a copy of the response arena,
+    PLArenaPool *arena;			/* just a copy of the response arena,
 					 * needed here for extension handling
 					 * routines, on creation only */
     CERTOCSPCertID *reqCert;
     CERTCertExtension **singleRequestExtensions;
 };
 
 /*
  * A CertID is the means of identifying a certificate, used both in requests
@@ -164,17 +164,17 @@ struct CERTOCSPCertIDStr {
     SECItem issuerKeyHash;		/* an OCTET STRING */
     SECItem serialNumber;		/* an INTEGER */
     SECItem issuerSHA1NameHash;		/* keep other hashes around when */
     SECItem issuerMD5NameHash;              /* we have them */
     SECItem issuerMD2NameHash;
     SECItem issuerSHA1KeyHash;		/* keep other hashes around when */
     SECItem issuerMD5KeyHash;              /* we have them */
     SECItem issuerMD2KeyHash;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 };
 
 /*
  * This describes the value of the responseStatus field in an OCSPResponse.
  * The corresponding ASN.1 definition is:
  *
  * OCSPResponseStatus	::=	ENUMERATED {
  *	successful		(0),	--Response has valid confirmations
@@ -204,17 +204,17 @@ typedef enum {
 /*
  * An OCSPResponse is what is sent (encoded) by an OCSP responder.
  *
  * The field "responseStatus" is the ASN.1 encoded value; the field
  * "statusValue" is simply that same value translated into our local
  * type ocspResponseStatus.
  */
 struct CERTOCSPResponseStr {
-    PRArenaPool *arena;			/* local; not part of encoding */
+    PLArenaPool *arena;			/* local; not part of encoding */
     SECItem responseStatus;		/* an ENUMERATED, see above */
     ocspResponseStatus statusValue;	/* local; not part of encoding */
     ocspResponseBytes *responseBytes;	/* only when status is successful */
 };
 
 /*
  * A ResponseBytes (despite appearances) is what contains the meat
  * of a successful response -- but still in encoded form.  The type
@@ -279,17 +279,17 @@ struct ocspResponderIDStr {
 
 /*
  * The ResponseData in a BasicOCSPResponse contains a SEQUENCE OF
  * SingleResponse -- one for each certificate whose status is being supplied.
  * 
  * XXX figure out how to get rid of that arena -- there must be a way
  */
 struct CERTOCSPSingleResponseStr {
-    PRArenaPool *arena;			/* just a copy of the response arena,
+    PLArenaPool *arena;			/* just a copy of the response arena,
 					 * needed here for extension handling
 					 * routines, on creation only */
     CERTOCSPCertID *certID;
     SECItem derCertStatus;
     ocspCertStatus *certStatus;		/* local; not part of encoding */
     SECItem thisUpdate;			/* a GeneralizedTime */
     SECItem *nextUpdate;		/* a GeneralizedTime */
     CERTCertExtension **singleExtensions;
--- a/security/nss/lib/crmf/asn1cmn.c
+++ b/security/nss/lib/crmf/asn1cmn.c
@@ -110,17 +110,17 @@ static const SEC_ASN1Template CMMFChalle
 
 const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF,offsetof(CMMFPOPODecKeyChallContent, challenges),
       CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
     { 0 }
 };
 
 SECStatus
-cmmf_decode_process_cert_response(PRArenaPool      *poolp, 
+cmmf_decode_process_cert_response(PLArenaPool      *poolp,
 				  CERTCertDBHandle *db,
 				  CMMFCertResponse *inCertResp)
 {
     SECStatus rv = SECSuccess;
   
     if (inCertResp->certifiedKeyPair != NULL) {
         rv = cmmf_decode_process_certified_key_pair(poolp, 
 						    db,
@@ -153,17 +153,17 @@ cmmf_get_certorenccertchoice_from_der(SE
     default:
         retChoice = cmmfNoCertOrEncCert;
 	break;
     }
     return retChoice;
 }
 
 static SECStatus
-cmmf_decode_process_certorenccert(PRArenaPool       *poolp,
+cmmf_decode_process_certorenccert(PLArenaPool       *poolp,
 				  CERTCertDBHandle  *db,
 				  CMMFCertOrEncCert *inCertOrEncCert)
 {
     SECStatus rv = SECSuccess;
 
     inCertOrEncCert->choice = 
         cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);
 
@@ -203,17 +203,17 @@ cmmf_decode_process_certorenccert(PRAren
 	break;
     default:
         rv = SECFailure;
     }
     return rv;
 }
 
 SECStatus 
-cmmf_decode_process_certified_key_pair(PRArenaPool          *poolp,
+cmmf_decode_process_certified_key_pair(PLArenaPool          *poolp,
 				       CERTCertDBHandle     *db,
 				       CMMFCertifiedKeyPair *inCertKeyPair)
 {
     return cmmf_decode_process_certorenccert (poolp,
 					      db,
 					      &inCertKeyPair->certOrEncCert);
 }
 
--- a/security/nss/lib/crmf/challcli.c
+++ b/security/nss/lib/crmf/challcli.c
@@ -8,17 +8,17 @@
 #include "secitem.h"
 #include "pk11func.h"
 #include "secder.h"
 #include "sechash.h"
 
 CMMFPOPODecKeyChallContent*
 CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len)
 {
-    PRArenaPool                *poolp;
+    PLArenaPool                *poolp;
     CMMFPOPODecKeyChallContent *challContent;
     SECStatus                   rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
@@ -85,17 +85,17 @@ cmmf_get_owf(CMMFPOPODecKeyChallContent 
 
 SECStatus 
 CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
 					 int                         inIndex,
 					 SECKEYPrivateKey           *inPrivKey)
 {
     CMMFChallenge  *challenge;
     SECItem        *decryptedRand=NULL;
-    PRArenaPool    *poolp  = NULL;
+    PLArenaPool    *poolp  = NULL;
     SECAlgorithmID *owf;
     SECStatus       rv     = SECFailure;
     SECOidTag       tag;
     CMMFRand        randStr;
     SECItem         hashItem;
     unsigned char   hash[HASH_LENGTH_MAX]; 
 
     PORT_Assert(inChalCont != NULL && inPrivKey != NULL);
@@ -199,17 +199,17 @@ CMMF_POPODecKeyChallContentGetRandomNumb
 }
 
 SECStatus 
 CMMF_EncodePOPODecKeyRespContent(long                     *inDecodedRand,
 				 int                       inNumRand,
 				 CRMFEncoderOutputCallback inCallback,
 				 void                     *inArg)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     CMMFPOPODecKeyRespContent *response;
     SECItem *currItem;
     SECStatus rv=SECFailure;
     int i;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return SECFailure;
--- a/security/nss/lib/crmf/cmmfasn1.c
+++ b/security/nss/lib/crmf/cmmfasn1.c
@@ -47,17 +47,17 @@ CMMF_EncodePOPODecKeyChallContent(CMMFPO
 {
     return cmmf_user_encode(inDecKeyChall, inCallback, inArg,
 			    CMMFPOPODecKeyChallContentTemplate);
 }
 
 CMMFPOPODecKeyRespContent*
 CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
 {
-    PRArenaPool               *poolp;
+    PLArenaPool               *poolp;
     CMMFPOPODecKeyRespContent *decKeyResp;
     SECStatus                  rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     decKeyResp = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent);
@@ -87,17 +87,17 @@ CMMF_EncodeKeyRecRepContent(CMMFKeyRecRe
     return cmmf_user_encode(inKeyRecRep, inCallback, inArg,
 			    CMMFKeyRecRepContentTemplate);
 }
 
 CMMFKeyRecRepContent* 
 CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf, 
 				   long len)
 {
-    PRArenaPool          *poolp;
+    PLArenaPool          *poolp;
     CMMFKeyRecRepContent *keyRecContent;
     SECStatus             rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
--- a/security/nss/lib/crmf/cmmfchal.c
+++ b/security/nss/lib/crmf/cmmfchal.c
@@ -9,17 +9,17 @@
 #include "genname.h"
 #include "pk11func.h"
 #include "cert.h"
 #include "secitem.h"
 #include "secmod.h"
 #include "keyhi.h"
 
 static int
-cmmf_create_witness_and_challenge(PRArenaPool     *poolp,
+cmmf_create_witness_and_challenge(PLArenaPool     *poolp,
 				  CMMFChallenge   *challenge,
 				  long             inRandom,
 				  SECItem         *senderDER,
 				  SECKEYPublicKey *inPubKey,
 				  void            *passwdArg)
 {
     SECItem       *encodedRandNum;
     SECItem        encodedRandStr = {siBuffer, NULL, 0};
@@ -121,17 +121,17 @@ cmmf_create_first_challenge(CMMFPOPODecK
 			    long                        inRandom, 
 			    SECItem                    *senderDER, 
 			    SECKEYPublicKey            *inPubKey,
 			    void                       *passwdArg)
 {
     SECOidData     *oidData;
     CMMFChallenge  *challenge;
     SECAlgorithmID *algId;
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     SECStatus       rv;
 
     oidData = SECOID_FindOIDByTag(SEC_OID_SHA1);
     if (oidData == NULL) {
         return SECFailure;
     }
     poolp = challContent->poolp;
     challenge = PORT_ArenaZNew(poolp, CMMFChallenge);
@@ -151,17 +151,17 @@ cmmf_create_first_challenge(CMMFPOPODecK
     challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL;
     challContent->numChallenges++;
     return rv ;
 }
 
 CMMFPOPODecKeyChallContent*
 CMMF_CreatePOPODecKeyChallContent (void)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     CMMFPOPODecKeyChallContent *challContent;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
     if (challContent == NULL) {
@@ -176,17 +176,17 @@ SECStatus
 CMMF_POPODecKeyChallContentSetNextChallenge
                                     (CMMFPOPODecKeyChallContent *inDecKeyChall,
 				     long                        inRandom,
 				     CERTGeneralName            *inSender,
 				     SECKEYPublicKey            *inPubKey,
 				     void                       *passwdArg)
 {
     CMMFChallenge               *curChallenge;
-    PRArenaPool                 *genNamePool = NULL, *poolp;
+    PLArenaPool                 *genNamePool = NULL, *poolp;
     SECStatus                    rv;
     SECItem                     *genNameDER;
     void                        *mark;
 
     PORT_Assert (inDecKeyChall != NULL &&
 		 inSender      != NULL &&
 		 inPubKey      != NULL);
 
--- a/security/nss/lib/crmf/cmmfi.h
+++ b/security/nss/lib/crmf/cmmfi.h
@@ -28,71 +28,71 @@ extern const SEC_ASN1Template CMMFPKISta
 extern const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[];
 
 
 /*
  * Some utility functions that are shared by multiple files in this 
  * implementation.
  */
 
-extern SECStatus cmmf_CopyCertResponse (PRArenaPool      *poolp, 
+extern SECStatus cmmf_CopyCertResponse (PLArenaPool      *poolp,
 					CMMFCertResponse *dest, 
 					CMMFCertResponse *src);
 
-extern SECStatus cmmf_CopyPKIStatusInfo (PRArenaPool       *poolp, 
+extern SECStatus cmmf_CopyPKIStatusInfo (PLArenaPool       *poolp,
 					 CMMFPKIStatusInfo *dest,
 					 CMMFPKIStatusInfo *src);
 
-extern SECStatus cmmf_CopyCertifiedKeyPair(PRArenaPool          *poolp, 
+extern SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool          *poolp,
 					   CMMFCertifiedKeyPair *dest,
 					   CMMFCertifiedKeyPair *src);
 
 extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, 
 					   PRBool freeit);
 
 extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, 
 					   PRBool freeit);
 
 extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo    *statusInfo,
-					     PRArenaPool          *poolp,
+					     PLArenaPool          *poolp,
 					     CMMFPKIStatus         inStatus);
 
 extern SECStatus cmmf_ExtractCertsFromList(CERTCertList      *inCertList,
-					   PRArenaPool       *poolp,
+					   PLArenaPool       *poolp,
 					   CERTCertificate ***certArray);
 
 extern SECStatus 
        cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
-					PRArenaPool       *poolp,
+					PLArenaPool       *poolp,
 					CERTCertificate   *inCert);
 
 extern CMMFPKIStatus 
        cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus);
 
 extern CERTCertList*
        cmmf_MakeCertList(CERTCertificate **inCerts);
 
 extern CERTCertificate*
 cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
                                  CERTCertDBHandle  *certdb);
 
 extern SECStatus
-cmmf_decode_process_cert_response(PRArenaPool      *poolp, 
+cmmf_decode_process_cert_response(PLArenaPool      *poolp,
 				  CERTCertDBHandle *db,
 				  CMMFCertResponse *inCertResp);
 
 extern SECStatus
-cmmf_decode_process_certified_key_pair(PRArenaPool          *poolp,
+cmmf_decode_process_certified_key_pair(PLArenaPool          *poolp,
 				       CERTCertDBHandle     *db,
 				       CMMFCertifiedKeyPair *inCertKeyPair);
 
 extern SECStatus
 cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
 		 const SEC_ASN1Template *inTemplate);
 
 extern SECStatus
-cmmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src);
+cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src);
 #endif /*_CMMFI_H_*/
 
 
 
 
 
--- a/security/nss/lib/crmf/cmmfit.h
+++ b/security/nss/lib/crmf/cmmfit.h
@@ -65,17 +65,17 @@ struct CMMFCertResponseStr {
     SECItem               certReqId;
     CMMFPKIStatusInfo     status; /*PKIStatusInfo*/
     CMMFCertifiedKeyPair *certifiedKeyPair;
 };
 
 struct CMMFCertRepContentStr {
     CERTCertificate  **caPubs;
     CMMFCertResponse **response;
-    PRArenaPool       *poolp;
+    PLArenaPool       *poolp;
     PRBool             isDecoded;
 };
 
 struct CMMFChallengeStr {
     SECAlgorithmID  *owf;
     SECItem          witness;
     SECItem          senderDER;
     SECItem          key;
@@ -86,31 +86,31 @@ struct CMMFChallengeStr {
 struct CMMFRandStr {
     SECItem          integer;
     SECItem          senderHash;
     CERTGeneralName *sender;
 };
 
 struct CMMFPOPODecKeyChallContentStr {
     CMMFChallenge **challenges;
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     int             numChallenges;
     int             numAllocated;
 };
 
 struct CMMFPOPODecKeyRespContentStr {
     SECItem     **responses;
-    PRArenaPool  *poolp;
+    PLArenaPool  *poolp;
 };
 
 struct CMMFKeyRecRepContentStr {
     CMMFPKIStatusInfo      status; /* PKIStatusInfo */
     CERTCertificate       *newSigCert;
     CERTCertificate      **caCerts;
     CMMFCertifiedKeyPair **keyPairHist;
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     int                    numKeyPairs;
     int                    allocKeyPairs;
     PRBool                 isDecoded;
 };
 
 #endif /* _CMMFIT_H_ */
 
--- a/security/nss/lib/crmf/cmmfrec.c
+++ b/security/nss/lib/crmf/cmmfrec.c
@@ -11,17 +11,17 @@
 #include "cmmf.h"
 #include "cmmfi.h"
 #include "secitem.h"
 #include "keyhi.h"
 
 CMMFKeyRecRepContent*
 CMMF_CreateKeyRecRepContent(void)
 {
-    PRArenaPool          *poolp;
+    PLArenaPool          *poolp;
     CMMFKeyRecRepContent *keyRecContent;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
     if (keyRecContent == NULL) {
@@ -117,17 +117,17 @@ CMMF_KeyRecRepContentSetCACerts(CMMFKeyR
 SECStatus
 CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
 					 CERTCertificate      *inCert,
 					 SECKEYPrivateKey     *inPrivKey,
 					 SECKEYPublicKey      *inPubKey)
 {
     CMMFCertifiedKeyPair *keyPair;
     CRMFEncryptedValue   *dummy;
-    PRArenaPool          *poolp;
+    PLArenaPool          *poolp;
     void                 *mark;
     SECStatus             rv;
 
     PORT_Assert (inKeyRecRep != NULL &&
 		 inCert      != NULL &&
 		 inPrivKey   != NULL &&
 		 inPubKey    != NULL);
     if (inKeyRecRep == NULL ||
--- a/security/nss/lib/crmf/cmmfresp.c
+++ b/security/nss/lib/crmf/cmmfresp.c
@@ -14,17 +14,17 @@
 #include "crmfi.h"
 #include "secitem.h"
 #include "secder.h"
 
 CMMFCertRepContent*
 CMMF_CreateCertRepContent(void)
 {
     CMMFCertRepContent *retCertRep;
-    PRArenaPool        *poolp;
+    PLArenaPool        *poolp;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     retCertRep = PORT_ArenaZNew(poolp, CMMFCertRepContent);
     if (retCertRep == NULL) {
         goto loser;
@@ -35,17 +35,17 @@ CMMF_CreateCertRepContent(void)
     if (poolp != NULL) {
         PORT_FreeArena(poolp, PR_FALSE);
     }
     return NULL;
 }
 
 SECStatus 
 cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
-				 PRArenaPool       *poolp,
+				 PLArenaPool       *poolp,
 				 CERTCertificate   *inCert)
 {
     SECItem               *derDest = NULL;
     SECStatus             rv = SECFailure;
 
     if (inCert->derCert.data == NULL) {
         derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert, 
 				     CMMFCertOrEncCertCertificateTemplate);
@@ -75,17 +75,17 @@ cmmf_CertOrEncCertSetCertificate(CMMFCer
     if (derDest != NULL) {
         SECITEM_FreeItem(derDest, PR_TRUE);
     }
     return rv;
 }
 
 SECStatus
 cmmf_ExtractCertsFromList(CERTCertList      *inCertList,
-			  PRArenaPool       *poolp,
+			  PLArenaPool       *poolp,
 			  CERTCertificate ***certArray)
 {
     CERTCertificate  **arrayLocalCopy;
     CERTCertListNode  *node;
     int                numNodes = 0, i;
 
     for (node = CERT_LIST_HEAD(inCertList); !CERT_LIST_END(node, inCertList);
 	 node = CERT_LIST_NEXT(node)) {
@@ -119,17 +119,17 @@ cmmf_ExtractCertsFromList(CERTCertList  
     return SECSuccess;
 }
 
 SECStatus
 CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
 				    CMMFCertResponse  **inCertResponses,
 				    int                 inNumResponses)
 {
-    PRArenaPool       *poolp;
+    PLArenaPool       *poolp;
     CMMFCertResponse **respArr, *newResp;
     void              *mark;
     SECStatus          rv;
     int                i;
 
     PORT_Assert (inCertRepContent != NULL &&
 		 inCertResponses  != NULL &&
 		 inNumResponses    > 0);
@@ -238,17 +238,17 @@ CMMF_CertResponseSetCertificate (CMMFCer
     return rv;
 }
 
 
 SECStatus
 CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
 			     CERTCertList       *inCAPubs)
 {
-    PRArenaPool      *poolp;
+    PLArenaPool      *poolp;
     void             *mark;
     SECStatus         rv;
 
     PORT_Assert(inCertRepContent != NULL &&
 		inCAPubs         != NULL &&
 		inCertRepContent->caPubs == NULL);
     
     if (inCertRepContent == NULL ||
--- a/security/nss/lib/crmf/crmfcont.c
+++ b/security/nss/lib/crmf/crmfcont.c
@@ -26,17 +26,17 @@ crmf_modify_control_array (CRMFCertReque
 }
 
 static SECStatus
 crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
 		     CRMFControl **destControl)
 {
     SECOidData  *oidData;
     SECStatus    rv;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     int          numControls = 0;
     CRMFControl *newControl;
     CRMFControl **controls;
     void        *mark;
 
     poolp = inCertReq->poolp;
     if (poolp == NULL) {
         return SECFailure;
@@ -147,17 +147,17 @@ crmf_destroy_encrypted_value(CRMFEncrypt
 
 SECStatus
 CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue)
 {
     return crmf_destroy_encrypted_value(inEncrValue, PR_TRUE);
 }
 
 SECStatus
-crmf_copy_encryptedvalue_secalg(PRArenaPool     *poolp,
+crmf_copy_encryptedvalue_secalg(PLArenaPool     *poolp,
 				SECAlgorithmID  *srcAlgId,
 				SECAlgorithmID **destAlgId)
 {
     SECAlgorithmID *newAlgId;
     SECStatus rv;
 
     newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) :
                                  PORT_ZNew(SECAlgorithmID);
@@ -173,17 +173,17 @@ crmf_copy_encryptedvalue_secalg(PRArenaP
         return rv;
     }
     *destAlgId = newAlgId;
     
     return rv;
 }
 
 SECStatus
-crmf_copy_encryptedvalue(PRArenaPool        *poolp,
+crmf_copy_encryptedvalue(PLArenaPool        *poolp,
 			 CRMFEncryptedValue *srcValue,
 			 CRMFEncryptedValue *destValue)
 {
     SECStatus           rv;
 
     if (srcValue->intendedAlg != NULL) {
         rv = crmf_copy_encryptedvalue_secalg(poolp,
 					     srcValue->intendedAlg,
@@ -236,17 +236,17 @@ crmf_copy_encryptedvalue(PRArenaPool    
  loser:
     if (poolp == NULL && destValue != NULL) {
         crmf_destroy_encrypted_value(destValue, PR_FALSE);
     }
     return SECFailure;
 }
 
 SECStatus 
-crmf_copy_encryptedkey(PRArenaPool       *poolp,
+crmf_copy_encryptedkey(PLArenaPool       *poolp,
 		       CRMFEncryptedKey  *srcEncrKey,
 		       CRMFEncryptedKey  *destEncrKey)
 {
     SECStatus          rv;
     void              *mark = NULL;
 
     if (poolp != NULL) {
         mark = PORT_ArenaMark(poolp);
@@ -600,17 +600,17 @@ crmf_get_public_value(SECKEYPublicKey *p
     return dest;
 }
 
 static SECItem*
 crmf_decode_params(SECItem *inParams)
 {
     SECItem     *params;
     SECStatus    rv      = SECFailure;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     
     params = PORT_ArenaZNew(poolp, SECItem);
     if (params) {
@@ -636,17 +636,17 @@ crmf_get_key_size_from_mech(CK_MECHANISM
 	return 16;
     case CKM_DES3_KEY_GEN:
 	return 24;
     }
     return 0;
 }
 
 SECStatus
-crmf_encrypted_value_unwrap_priv_key(PRArenaPool        *poolp,
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool        *poolp,
 				     CRMFEncryptedValue *encValue,
 				     SECKEYPrivateKey   *privKey,
 				     SECKEYPublicKey    *newPubKey,
 				     SECItem            *nickname,
 				     PK11SlotInfo       *slot,
 				     unsigned char       keyUsage,
 				     SECKEYPrivateKey  **unWrappedKey,
 				     void               *wincx)
@@ -895,17 +895,17 @@ CRMF_CreateEncryptedKeyWithEncryptedValu
 
 SECStatus
 CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey)
 {
     return crmf_destroy_encrypted_key(inEncrKey, PR_TRUE);
 }
 
 SECStatus
-crmf_copy_pkiarchiveoptions(PRArenaPool           *poolp,
+crmf_copy_pkiarchiveoptions(PLArenaPool           *poolp,
 			    CRMFPKIArchiveOptions *destOpt,
 			    CRMFPKIArchiveOptions *srcOpt)
 {
     SECStatus rv;
     destOpt->archOption = srcOpt->archOption;
     switch (srcOpt->archOption) {
     case crmfEncryptedPrivateKey:
         rv = crmf_copy_encryptedkey(poolp,
@@ -1004,17 +1004,17 @@ crmf_get_pkiarchiveoptions_subtemplate(C
 	break;
     default:
         retTemplate = NULL;
     }
     return retTemplate;
 }
 
 static SECStatus
-crmf_encode_pkiarchiveoptions(PRArenaPool *poolp, CRMFControl *inControl)
+crmf_encode_pkiarchiveoptions(PLArenaPool *poolp, CRMFControl *inControl)
 {
     const SEC_ASN1Template *asn1Template;
 
     asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
     /* We've got a union, so passing a pointer to one element of the 
      * union, is the same as passing a pointer to any of the other
      * members of the union.
      */
@@ -1029,17 +1029,17 @@ crmf_encode_pkiarchiveoptions(PRArenaPoo
     return SECFailure;
 }
 
 SECStatus
 CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest       *inCertReq,
 				     CRMFPKIArchiveOptions *inOptions)
 {
     CRMFControl *newControl;
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     SECStatus    rv;
     void        *mark;
     
     PORT_Assert(inCertReq != NULL && inOptions != NULL);
     if (inCertReq == NULL || inOptions == NULL) {
         return SECFailure;
     }
     poolp = inCertReq->poolp;
--- a/security/nss/lib/crmf/crmfdec.c
+++ b/security/nss/lib/crmf/crmfdec.c
@@ -158,17 +158,17 @@ crmf_decode_process_keyencipherment(CRMF
     }
     return SECSuccess;
 }
 
 static SECStatus
 crmf_decode_process_pop(CRMFCertReqMsg *inCertReqMsg)
 {
      SECItem               *derPOP;
-     PRArenaPool           *poolp;
+     PLArenaPool           *poolp;
      CRMFProofOfPossession *pop;
      void                  *mark;
      SECStatus              rv;
 
      derPOP = &inCertReqMsg->derPOP;
      poolp  = inCertReqMsg->poolp;
      if (derPOP->data == NULL) {
          /* There is no Proof of Possession field in this message. */
@@ -212,17 +212,17 @@ crmf_decode_process_pop(CRMFCertReqMsg *
  loser:
      PORT_ArenaRelease(poolp, mark);
      inCertReqMsg->pop = NULL;
      return SECFailure;
      
 }
 
 static SECStatus
-crmf_decode_process_single_control(PRArenaPool *poolp, 
+crmf_decode_process_single_control(PLArenaPool *poolp,
 				   CRMFControl *inControl)
 {
     const SEC_ASN1Template *asn1Template = NULL;
 
     inControl->tag = SECOID_FindOIDTag(&inControl->derTag);
     asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
 
     PORT_Assert (asn1Template != NULL);
@@ -240,17 +240,17 @@ crmf_decode_process_single_control(PRAre
 			  inControl->derValue.len);
 }
 
 static SECStatus 
 crmf_decode_process_controls(CRMFCertReqMsg *inCertReqMsg)
 {
     int           i, numControls;
     SECStatus     rv;
-    PRArenaPool  *poolp;
+    PLArenaPool  *poolp;
     CRMFControl **controls;
     
     numControls = CRMF_CertRequestGetNumControls(inCertReqMsg->certReq);
     controls = inCertReqMsg->certReq->controls;
     poolp    = inCertReqMsg->poolp;
     for (i=0; i < numControls; i++) {
         rv = crmf_decode_process_single_control(poolp, controls[i]);
 	if (rv != SECSuccess) {
@@ -280,17 +280,17 @@ crmf_decode_process_single_reqmsg(CRMFCe
     rv = SECSuccess;
  loser:
     return rv;
 }
 
 CRMFCertReqMsg*
 CRMF_CreateCertReqMsgFromDER (const char * buf, long len)
 {
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     CRMFCertReqMsg *certReqMsg;
     SECStatus       rv;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     certReqMsg = PORT_ArenaZNew (poolp, CRMFCertReqMsg);
@@ -317,17 +317,17 @@ CRMF_CreateCertReqMsgFromDER (const char
 }
 
 CRMFCertReqMessages*
 CRMF_CreateCertReqMessagesFromDER(const char *buf, long len)
 {
     long                 arenaSize;
     int                  i;
     SECStatus            rv;
-    PRArenaPool         *poolp;
+    PLArenaPool         *poolp;
     CRMFCertReqMessages *certReqMsgs;
 
     PORT_Assert (buf != NULL);
     /* Wanna make sure the arena is big enough to store all of the requests
      * coming in.  We'll guestimate according to the length of the buffer.
      */
     arenaSize = len + len/2;
     poolp = PORT_NewArena(arenaSize);
--- a/security/nss/lib/crmf/crmfget.c
+++ b/security/nss/lib/crmf/crmfget.c
@@ -32,17 +32,17 @@ crmf_destroy_validity(CRMFOptionalValidi
 	if (freeit) {
 	    PORT_Free(inValidity);
 	}
     }
     return SECSuccess;
 }
 
 static SECStatus 
-crmf_copy_cert_request_validity(PRArenaPool           *poolp,
+crmf_copy_cert_request_validity(PLArenaPool           *poolp,
 				CRMFOptionalValidity **destValidity,
 				CRMFOptionalValidity  *srcValidity)
 {
     CRMFOptionalValidity *myValidity = NULL;
     SECStatus             rv;
 
     *destValidity = myValidity = (poolp == NULL) ?
                                   PORT_ZNew(CRMFOptionalValidity) :
@@ -68,17 +68,17 @@ crmf_copy_cert_request_validity(PRArenaP
  loser:
     if (myValidity != NULL && poolp == NULL) {
         crmf_destroy_validity(myValidity, PR_TRUE);
     }
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_extensions(PRArenaPool        *poolp, 
+crmf_copy_extensions(PLArenaPool        *poolp,
 		     CRMFCertTemplate   *destTemplate,
 		     CRMFCertExtension **srcExt)
 {
     int       numExt = 0, i;
     CRMFCertExtension **myExtArray = NULL;
 
     while (srcExt[numExt] != NULL) {
         numExt++;
@@ -114,17 +114,17 @@ crmf_copy_extensions(PRArenaPool        
 	PORT_Free(myExtArray);
     }
     destTemplate->extensions = NULL;
     destTemplate->numExtensions = 0;
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_cert_request_template(PRArenaPool      *poolp, 
+crmf_copy_cert_request_template(PLArenaPool      *poolp,
 				CRMFCertTemplate *destTemplate,
 				CRMFCertTemplate *srcTemplate)
 {
     SECStatus rv;
 
     if (srcTemplate->version.data != NULL) {
         rv = SECITEM_CopyItem(poolp, &destTemplate->version, 
 			      &srcTemplate->version);
@@ -196,17 +196,17 @@ crmf_copy_cert_request_template(PRArenaP
 	}
     }
     return SECSuccess;
  loser:
     return SECFailure;
 }
 
 static CRMFControl*
-crmf_copy_control(PRArenaPool *poolp, CRMFControl *srcControl)
+crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
 {
     CRMFControl *newControl;
     SECStatus    rv;
 
     newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) :
                                    PORT_ArenaZNew(poolp, CRMFControl);
     if (newControl == NULL) {
         goto loser;
@@ -241,17 +241,17 @@ crmf_copy_control(PRArenaPool *poolp, CR
  loser:
     if (poolp == NULL && newControl != NULL) {
         CRMF_DestroyControl(newControl);
     }
     return NULL;
 }
 
 static SECStatus
-crmf_copy_cert_request_controls(PRArenaPool     *poolp, 
+crmf_copy_cert_request_controls(PLArenaPool     *poolp,
 				CRMFCertRequest *destReq, 
 				CRMFCertRequest *srcReq)
 {
     int           numControls, i;
     CRMFControl **myControls = NULL;
 
     numControls = CRMF_CertRequestGetNumControls(srcReq);
     if (numControls == 0) {
@@ -280,17 +280,17 @@ crmf_copy_cert_request_controls(PRArenaP
 	}
 	PORT_Free(myControls);
     }
     return SECFailure;
 }
 
 
 CRMFCertRequest*
-crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq)
+crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
 {
     CRMFCertRequest *newReq = NULL;
     SECStatus        rv;
 
     if (srcReq == NULL) {
         return NULL;
     }
     newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) :
@@ -333,17 +333,17 @@ CRMF_DestroyGetValidity(CRMFGetValidity 
 	    PORT_Free(inValidity->notBefore);
 	    inValidity->notBefore = NULL;
 	}
     }
     return SECSuccess;
 }
 
 SECStatus
-crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, SECItem *src)
+crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, SECItem *src)
 {
     int origLenBits;
     int bytesToCopy;
     SECStatus rv;
 
     origLenBits = src->len;
     bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
     src->len = bytesToCopy;         
--- a/security/nss/lib/crmf/crmfi.h
+++ b/security/nss/lib/crmf/crmfi.h
@@ -103,84 +103,84 @@ extern const SEC_ASN1Template CRMFEncryp
 /*
  * Use these two values for encoding Boolean values.
  */
 extern const unsigned char hexTrue;
 extern const unsigned char hexFalse;
 /*
  * Prototypes for helper routines used internally by multiple files.
  */
-extern SECStatus crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, 
+extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
 				     long value);
-extern SECStatus crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, 
+extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
 					  SECItem *src);
 
-extern SECStatus crmf_copy_pkiarchiveoptions(PRArenaPool           *poolp, 
+extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool           *poolp,
 					     CRMFPKIArchiveOptions *destOpt,
 					     CRMFPKIArchiveOptions *srcOpt);
 extern SECStatus  
        crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
 				      PRBool                 freeit);
 extern const SEC_ASN1Template*
        crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
 
-extern SECStatus crmf_copy_encryptedkey(PRArenaPool       *poolp,
+extern SECStatus crmf_copy_encryptedkey(PLArenaPool       *poolp,
 					CRMFEncryptedKey  *srcEncrKey,
 					CRMFEncryptedKey  *destEncrKey);
 extern SECStatus
-crmf_copy_encryptedvalue(PRArenaPool        *poolp,
+crmf_copy_encryptedvalue(PLArenaPool        *poolp,
 			 CRMFEncryptedValue *srcValue,
 			 CRMFEncryptedValue *destValue);
 
 extern SECStatus
-crmf_copy_encryptedvalue_secalg(PRArenaPool     *poolp,
+crmf_copy_encryptedvalue_secalg(PLArenaPool     *poolp,
 				SECAlgorithmID  *srcAlgId,
 				SECAlgorithmID **destAlgId);
 
-extern SECStatus crmf_template_copy_secalg(PRArenaPool *poolp, 
+extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
 					   SECAlgorithmID **dest,
 					   SECAlgorithmID *src);
 
-extern SECStatus crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest, 
+extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
 				     CERTName *src);
 
-extern SECStatus crmf_template_add_public_key(PRArenaPool               *poolp,
+extern SECStatus crmf_template_add_public_key(PLArenaPool               *poolp,
 					      CERTSubjectPublicKeyInfo **dest,
 					      CERTSubjectPublicKeyInfo  *pubKey);
 
-extern CRMFCertExtension* crmf_create_cert_extension(PRArenaPool *poolp, 
+extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp,
 						     SECOidTag    tag, 
 						     PRBool       isCritical,
 						     SECItem     *data);
 extern CRMFCertRequest*
-crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq);
+crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
 
 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, 
 					      PRBool freeit);
 
 extern CRMFEncryptedValue *
 crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey   *inPrivKey,
 					    SECKEYPublicKey    *inPubKey,
 					    CRMFEncryptedValue *destValue);
 
 extern CK_MECHANISM_TYPE 
        crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
 
 extern SECStatus
-crmf_encrypted_value_unwrap_priv_key(PRArenaPool        *poolp,
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool        *poolp,
 				     CRMFEncryptedValue *encValue,
 				     SECKEYPrivateKey   *privKey,
 				     SECKEYPublicKey    *newPubKey,
 				     SECItem            *nickname,
 				     PK11SlotInfo       *slot,
 				     unsigned char       keyUsage,
 				     SECKEYPrivateKey  **unWrappedKey,
 				     void               *wincx);
 
 extern SECItem*
 crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
 
 extern CRMFCertExtension*
-crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension);
+crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
 
 extern SECStatus
 crmf_create_prtime(SECItem *src, PRTime **dest);
 #endif /*_CRMFI_H_*/
--- a/security/nss/lib/crmf/crmfit.h
+++ b/security/nss/lib/crmf/crmfit.h
@@ -4,17 +4,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 
 #ifndef _CRMFIT_H_
 #define _CRMFIT_H_
 
 struct CRMFCertReqMessagesStr {
     CRMFCertReqMsg **messages;
-    PRArenaPool     *poolp;
+    PLArenaPool     *poolp;
 };
 
 struct CRMFCertExtensionStr {
     SECItem id;
     SECItem critical;
     SECItem value;
 };
 
@@ -102,17 +102,17 @@ struct CRMFControlStr {
 
 struct CRMFCertRequestStr {
     SECItem            certReqId;
     CRMFCertTemplate   certTemplate;
     CRMFControl      **controls;
     /* The following members are used by the internal implementation, but
      * are not part of the encoding.
      */
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     PRUint32     requestID; /* This is the value that will be encoded into
 			     * the certReqId field.
 			     */
 };                                   
 
 struct CRMFAttributeStr {
     SECItem derTag;
     SECItem derValue;
@@ -120,17 +120,17 @@ struct CRMFAttributeStr {
 
 struct CRMFCertReqMsgStr {
     CRMFCertRequest            *certReq;
     CRMFProofOfPossession      *pop;
     CRMFAttribute             **regInfo;
     SECItem                     derPOP;
     /* This arena will be used for allocating memory when decoding.
      */
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
     PRBool       isDecoded;
 };
 
 struct CRMFPOPOSigningKeyInputStr {
     /* ASN1 must have only one of the next 2 options */
     union {
         SECItem          sender; /*General Name*/
         CRMFPKMACValue  *publicKeyMAC;
--- a/security/nss/lib/crmf/crmfpop.c
+++ b/security/nss/lib/crmf/crmfpop.c
@@ -30,17 +30,17 @@ crmf_init_encoder_callback_arg (struct c
 /* Caller should release or unmark the pool, instead of doing it here.
 ** But there are NO callers of this function at present...
 */
 SECStatus 
 CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
 {
     SECItem               *dummy;
     CRMFProofOfPossession *pop;
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     void                  *mark;
 
     PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
     poolp = inCertReqMsg->poolp;
     mark = PORT_ArenaMark(poolp);
     if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
         return SECFailure;
     }
@@ -68,17 +68,17 @@ crmf_get_key_sign_tag(SECKEYPublicKey *i
      * implementations */
     if (inPubKey->keyType == rsaKey) {
         return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
     }
     return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
 }
 
 static SECAlgorithmID*
-crmf_create_poposignkey_algid(PRArenaPool      *poolp,
+crmf_create_poposignkey_algid(PLArenaPool      *poolp,
 			      SECKEYPublicKey  *inPubKey)
 {
     SECAlgorithmID *algID;
     SECOidTag       tag;
     SECStatus       rv;
     void           *mark;
 
     mark = PORT_ArenaMark(poolp);
@@ -97,17 +97,17 @@ crmf_create_poposignkey_algid(PRArenaPoo
     PORT_ArenaUnmark(poolp, mark);
     return algID;
  loser:
     PORT_ArenaRelease(poolp, mark);
     return NULL;
 }
 
 static CRMFPOPOSigningKeyInput*
-crmf_create_poposigningkeyinput(PRArenaPool *poolp, CERTCertificate *inCert,
+crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert,
 				CRMFMACPasswordCallback fn, void *arg)
 {
   /* PSM isn't going to do this, so we'll fail here for now.*/
      return NULL;
 }
 
 void
 crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
@@ -142,17 +142,17 @@ crmf_encode_certreq(CRMFCertRequest *inC
     if (rv != SECSuccess) {
         return SECFailure;
     }
     return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, 
 			  crmf_generic_encoder_callback, &encoderArg);
 }
 
 static SECStatus
-crmf_sign_certreq(PRArenaPool        *poolp, 
+crmf_sign_certreq(PLArenaPool        *poolp,
 		  CRMFPOPOSigningKey *crmfSignKey, 
 		  CRMFCertRequest    *certReq,
 		  SECKEYPrivateKey   *inKey,
 		  SECAlgorithmID     *inAlgId)
 {
     SECItem                      derCertReq = { siBuffer, NULL, 0 };
     SECItem                      certReqSig = { siBuffer, NULL, 0 };
     SECStatus                    rv = SECSuccess;
@@ -178,17 +178,17 @@ crmf_sign_certreq(PRArenaPool        *po
     }
     if (certReqSig.data != NULL) {
         PORT_Free(certReqSig.data);
     }
     return rv;
 }
 
 static SECStatus
-crmf_create_poposignkey(PRArenaPool             *poolp, 
+crmf_create_poposignkey(PLArenaPool             *poolp,
 			CRMFCertReqMsg          *inCertReqMsg, 
 			CRMFPOPOSigningKeyInput *signKeyInput, 
 			SECKEYPrivateKey        *inPrivKey,
 			SECAlgorithmID          *inAlgID,
 			CRMFPOPOSigningKey      *signKey) 
 {
     CRMFCertRequest    *certReq;
     void               *mark;
@@ -223,17 +223,17 @@ SECStatus
 CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg   *inCertReqMsg,
 			       SECKEYPrivateKey *inPrivKey,
 			       SECKEYPublicKey  *inPubKey,
 			       CERTCertificate  *inCertForInput,
 			       CRMFMACPasswordCallback  fn,
 			       void                    *arg)
 {
     SECAlgorithmID  *algID;
-    PRArenaPool     *poolp;
+    PLArenaPool     *poolp;
     SECItem          derTemp = {siBuffer, NULL, 0};
     void            *mark;
     SECStatus        rv;
     CRMFPOPOSigningKeyInput *signKeyInput = NULL;
     CRMFCertRequest         *certReq;
     CRMFProofOfPossession   *pop;
     struct crmfEncoderArg    encoderArg;
 
@@ -315,17 +315,17 @@ crmf_get_popoprivkey_subtemplate(CRMFPOP
 	break;
     default:
         retTemplate = NULL;
     }
     return retTemplate;
 }
 
 static SECStatus
-crmf_encode_popoprivkey(PRArenaPool            *poolp, 
+crmf_encode_popoprivkey(PLArenaPool            *poolp,
 			CRMFCertReqMsg         *inCertReqMsg,
 			CRMFPOPOPrivKey        *popoPrivKey,
 			const SEC_ASN1Template *privKeyTemplate)
 {
     struct crmfEncoderArg   encoderArg;
     SECItem                 derTemp = { siBuffer, NULL, 0 };
     SECStatus               rv;
     void                   *mark;
@@ -389,17 +389,17 @@ crmf_get_template_for_privkey(CRMFPOPCho
     }
     return NULL;
 }
 
 static SECStatus
 crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
 			     CRMFPOPChoice inChoice)
 {
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     void                  *mark;
     CRMFPOPOPrivKey       *popoPrivKey;
     CRMFProofOfPossession *pop;
     SECStatus              rv;
 
     PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
     poolp = inCertReqMsg->poolp;
     mark = PORT_ArenaMark(poolp);
@@ -436,17 +436,17 @@ crmf_add_privkey_thismessage(CRMFCertReq
     PORT_ArenaRelease(poolp, mark);
     return SECFailure;
 }
 
 static SECStatus
 crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
                              CRMFPOPChoice inChoice)
 {
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     void                  *mark;
     CRMFPOPOPrivKey       *popoPrivKey;
     CRMFProofOfPossession *pop;
     SECStatus              rv;
 
     PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
     poolp = inCertReqMsg->poolp;
     mark = PORT_ArenaMark(poolp);
@@ -479,17 +479,17 @@ crmf_add_privkey_dhmac(CRMFCertReqMsg *i
 }
 
 static SECStatus
 crmf_add_privkey_subseqmessage(CRMFCertReqMsg        *inCertReqMsg,
 			       CRMFSubseqMessOptions  subsequentMessage,
 			       CRMFPOPChoice          inChoice)
 {
     void                  *mark;
-    PRArenaPool           *poolp;
+    PLArenaPool           *poolp;
     CRMFProofOfPossession *pop;
     CRMFPOPOPrivKey       *popoPrivKey;
     SECStatus              rv;
     const SEC_ASN1Template *privKeyTemplate;
 
     if (subsequentMessage == crmfNoSubseqMess) {
         return SECFailure;
     }
--- a/security/nss/lib/crmf/crmfreq.c
+++ b/security/nss/lib/crmf/crmfreq.c
@@ -14,44 +14,44 @@
  */
 #define IS_NOT_NULL(ptr) ((ptr) == NULL) ? PR_FALSE : PR_TRUE
 
 const unsigned char hexTrue  = 0xff;
 const unsigned char hexFalse = 0x00;
 
 
 SECStatus
-crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, long value) 
+crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, long value)
 {
     SECItem *dummy;
 
     dummy = SEC_ASN1EncodeInteger(poolp, dest, value);
     PORT_Assert (dummy == dest);
     if (dummy == NULL) {
         return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
-crmf_encode_unsigned_integer(PRArenaPool *poolp, SECItem *dest, 
+crmf_encode_unsigned_integer(PLArenaPool *poolp, SECItem *dest,
                              unsigned long value) 
 {
     SECItem *dummy;
 
     dummy = SEC_ASN1EncodeUnsignedInteger(poolp, dest, value);
     PORT_Assert (dummy == dest);
     if (dummy != dest) {
         return SECFailure;
     }
     return SECSuccess;
 }
 
 static SECStatus
-crmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src)
+crmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src)
 {
     return  SECITEM_CopyItem (poolp, dest, src); 
 }
 
 PRBool
 CRMF_DoesRequestHaveField (CRMFCertRequest       *inCertReq, 
 			   CRMFCertTemplateField  inField)
 {
@@ -83,17 +83,17 @@ CRMF_DoesRequestHaveField (CRMFCertReque
         return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0;
     }
     return PR_FALSE;
 }
 
 CRMFCertRequest *
 CRMF_CreateCertRequest (PRUint32 inRequestID)
 {
-    PRArenaPool     *poolp;
+    PLArenaPool     *poolp;
     CRMFCertRequest *certReq;
     SECStatus        rv;
     
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     
@@ -137,29 +137,29 @@ CRMF_DestroyCertRequest(CRMFCertRequest 
 	if (inCertReq->poolp) {
 	    PORT_FreeArena(inCertReq->poolp, PR_TRUE);
 	}
     }
     return SECSuccess;
 }
 
 static SECStatus
-crmf_template_add_version(PRArenaPool *poolp, SECItem *dest, long version)
+crmf_template_add_version(PLArenaPool *poolp, SECItem *dest, long version)
 {
     return (crmf_encode_integer(poolp, dest, version));
 }
 
 static SECStatus
-crmf_template_add_serialnumber(PRArenaPool *poolp, SECItem *dest, long serial)
+crmf_template_add_serialnumber(PLArenaPool *poolp, SECItem *dest, long serial)
 {
     return (crmf_encode_integer(poolp, dest, serial));
 }
 
 SECStatus
-crmf_template_copy_secalg (PRArenaPool *poolp, SECAlgorithmID **dest, 
+crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest,
 			   SECAlgorithmID* src)
 {
     SECStatus         rv;
     void             *mark = NULL;
     SECAlgorithmID   *mySecAlg;
 
     if (!poolp) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -184,17 +184,17 @@ crmf_template_copy_secalg (PRArenaPool *
     *dest = NULL;
     if (mark) {
         PORT_ArenaRelease(poolp, mark);
     }
     return SECFailure;
 }
 
 SECStatus
-crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest, 
+crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
 		    CERTName *src)
 {
     CERTName *newName;
     SECStatus rv;
     void     *mark;
 
     mark = PORT_ArenaMark(poolp);
     *dest = newName = PORT_ArenaZNew(poolp, CERTName);
@@ -210,25 +210,25 @@ crmf_copy_cert_name(PRArenaPool *poolp, 
     return SECSuccess;
  loser:
     PORT_ArenaRelease(poolp, mark);
     *dest = NULL;
     return SECFailure;
 }
 
 static SECStatus
-crmf_template_add_issuer (PRArenaPool *poolp, CERTName **dest, 
+crmf_template_add_issuer (PLArenaPool *poolp, CERTName **dest,
 			  CERTName* issuerName)
 {
     return crmf_copy_cert_name(poolp, dest, issuerName);
 }
 
 
 static SECStatus
-crmf_template_add_validity (PRArenaPool *poolp, CRMFOptionalValidity **dest,
+crmf_template_add_validity (PLArenaPool *poolp, CRMFOptionalValidity **dest,
 			    CRMFValidityCreationInfo *info)
 {
     SECStatus             rv;
     void                 *mark; 
     CRMFOptionalValidity *myValidity;
 
     /*First off, let's make sure at least one of the two fields is present*/
     if (!info  || (!info->notBefore && !info->notAfter)) {
@@ -258,24 +258,24 @@ crmf_template_add_validity (PRArenaPool 
     return SECSuccess;
  loser:
     PORT_ArenaRelease(poolp, mark);
     *dest = NULL;
     return SECFailure;
 }
 
 static SECStatus
-crmf_template_add_subject (PRArenaPool *poolp, CERTName **dest,
+crmf_template_add_subject (PLArenaPool *poolp, CERTName **dest,
 			   CERTName *subject)
 {
     return crmf_copy_cert_name(poolp, dest, subject);
 }
 
 SECStatus
-crmf_template_add_public_key(PRArenaPool *poolp, 
+crmf_template_add_public_key(PLArenaPool *poolp,
 			     CERTSubjectPublicKeyInfo **dest,
 			     CERTSubjectPublicKeyInfo  *pubKey)
 {
     CERTSubjectPublicKeyInfo *spki;
     SECStatus rv;
 
     *dest = spki = (poolp == NULL) ?
                               PORT_ZNew(CERTSubjectPublicKeyInfo) :
@@ -292,37 +292,37 @@ crmf_template_add_public_key(PRArenaPool
     if (poolp == NULL && spki != NULL) {
         SECKEY_DestroySubjectPublicKeyInfo(spki);
     }
     *dest = NULL;
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_bitstring (PRArenaPool *poolp, SECItem *dest, const SECItem *src)
+crmf_copy_bitstring (PLArenaPool *poolp, SECItem *dest, const SECItem *src)
 {
     SECStatus rv;
     SECItem  byteSrc;
     
     byteSrc = *src;
     byteSrc.len = CRMF_BITS_TO_BYTES(byteSrc.len);
     rv = crmf_copy_secitem(poolp, dest, &byteSrc);
     dest->len = src->len;
     return rv;
 }
 
 static SECStatus
-crmf_template_add_issuer_uid(PRArenaPool *poolp, SECItem *dest,
+crmf_template_add_issuer_uid(PLArenaPool *poolp, SECItem *dest,
 			     const SECItem *issuerUID)
 {
     return crmf_copy_bitstring (poolp, dest, issuerUID);
 }
 
 static SECStatus
-crmf_template_add_subject_uid(PRArenaPool *poolp, SECItem *dest, 
+crmf_template_add_subject_uid(PLArenaPool *poolp, SECItem *dest,
 			      const SECItem *subjectUID)
 {
     return crmf_copy_bitstring (poolp, dest, subjectUID);
 }
 
 static void
 crmf_zeroize_new_extensions (CRMFCertExtension **extensions,
 			     int numToZeroize) 
@@ -336,17 +336,17 @@ crmf_zeroize_new_extensions (CRMFCertExt
  * of this API to set extensions more than just once.  So we will
  * need the ability grow the array of extensions.  Since arenas don't
  * give us the realloc function, we'll use the generic PORT_* functions
  * to allocate the array of pointers *ONLY*.  Then we will allocate each
  * individual extension from the arena that comes along with the certReq
  * structure that owns this template.
  */
 static SECStatus
-crmf_template_add_extensions(PRArenaPool *poolp, CRMFCertTemplate *inTemplate,
+crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate,
 			     CRMFCertExtCreationInfo *extensions)
 {
     void               *mark;
     int                 newSize, oldSize, i;
     SECStatus           rv;
     CRMFCertExtension **extArray;
     CRMFCertExtension  *newExt, *currExt;
 
@@ -399,17 +399,17 @@ crmf_template_add_extensions(PRArenaPool
 }
 
 SECStatus
 CRMF_CertRequestSetTemplateField(CRMFCertRequest       *inCertReq, 
 				 CRMFCertTemplateField  inTemplateField,
 				 void                  *data)
 {
     CRMFCertTemplate *certTemplate;
-    PRArenaPool      *poolp;
+    PLArenaPool      *poolp;
     SECStatus         rv = SECFailure;
     void             *mark;
     
 
     if (inCertReq == NULL) {
         return SECFailure;
     }
 
@@ -479,17 +479,17 @@ CRMF_CertReqMsgSetCertRequest (CRMFCertR
     inCertReqMsg->certReq = crmf_copy_cert_request(inCertReqMsg->poolp,
 						   inCertReq);
     return (inCertReqMsg->certReq == NULL) ? SECFailure : SECSuccess;
 }
 
 CRMFCertReqMsg*
 CRMF_CreateCertReqMsg(void)
 {
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
     CRMFCertReqMsg *reqMsg;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
     reqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
     if (reqMsg == NULL) {
@@ -517,17 +517,17 @@ CRMF_DestroyCertReqMsg(CRMFCertReqMsg *i
 	    PORT_Free(inCertReqMsg->certReq->controls);
 	}
     }
     PORT_FreeArena(inCertReqMsg->poolp, PR_TRUE);
     return SECSuccess;
 }
 
 CRMFCertExtension*
-crmf_create_cert_extension(PRArenaPool *poolp, 
+crmf_create_cert_extension(PLArenaPool *poolp,
 			   SECOidTag    id,
 			   PRBool       isCritical,
 			   SECItem     *data)
 {
     CRMFCertExtension *newExt;
     SECOidData        *oidData;
     SECStatus          rv;
 
--- a/security/nss/lib/crmf/respcli.c
+++ b/security/nss/lib/crmf/respcli.c
@@ -17,17 +17,17 @@
 #include "secitem.h"
 #include "secder.h"
 #include "secasn1.h"
 
 CMMFCertRepContent*
 CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf, 
 				 long len)
 {
-    PRArenaPool        *poolp;
+    PLArenaPool        *poolp;
     CMMFCertRepContent *certRepContent;
     SECStatus           rv;
     int                 i;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
--- a/security/nss/lib/crmf/respcmn.c
+++ b/security/nss/lib/crmf/respcmn.c
@@ -94,17 +94,17 @@ CMMF_DestroyPOPODecKeyChallContent(CMMFP
 SECStatus
 crmf_create_prtime(SECItem *src, PRTime **dest)
 {
    *dest = PORT_ZNew(PRTime);
     return DER_DecodeTimeChoice(*dest, src);
 }
 
 CRMFCertExtension*
-crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension)
+crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension)
 {
     PRBool             isCritical;
     SECOidTag          id;
     SECItem           *data;
     CRMFCertExtension *newExt;
 
     PORT_Assert(inExtension != NULL);
     if (inExtension == NULL) {
@@ -209,17 +209,17 @@ cmmf_DestroyCertOrEncCert(CMMFCertOrEncC
     }
     if (freeit) {
         PORT_Free(certOrEncCert);
     }
     return SECSuccess;
 }
 
 SECStatus
-cmmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src)
+cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src)
 {
     SECStatus rv;
 
     if (src->data != NULL) {
         rv = SECITEM_CopyItem(poolp, dest, src);
     } else {
         dest->data = NULL;
 	dest->len  = 0;
@@ -241,17 +241,17 @@ CMMF_DestroyCertifiedKeyPair(CMMFCertifi
             PORT_Free(inCertKeyPair->derPublicationInfo.data);
         }
         PORT_Free(inCertKeyPair);
     }
     return SECSuccess;
 }
 
 SECStatus
-cmmf_CopyCertResponse(PRArenaPool      *poolp, 
+cmmf_CopyCertResponse(PLArenaPool      *poolp,
 		      CMMFCertResponse *dest,
 		      CMMFCertResponse *src)
 {
     SECStatus rv;
 
     if (src->certReqId.data != NULL) {
         rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId);
 	if (rv != SECSuccess) {
@@ -279,17 +279,17 @@ cmmf_CopyCertResponse(PRArenaPool      *
 	    return rv;
 	}
 	dest->certifiedKeyPair = destKeyPair;
     }
     return SECSuccess;
 }
 
 static SECStatus
-cmmf_CopyCertOrEncCert(PRArenaPool *poolp, CMMFCertOrEncCert *dest,
+cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
 		       CMMFCertOrEncCert *src)
 {
     SECStatus           rv = SECSuccess;
     CRMFEncryptedValue *encVal;
 
     dest->choice = src->choice;
     rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
     switch (src->choice) {
@@ -313,17 +313,17 @@ cmmf_CopyCertOrEncCert(PRArenaPool *pool
 	break;
     default:
         rv = SECFailure;
     }
     return rv;
 }
 
 SECStatus
-cmmf_CopyCertifiedKeyPair(PRArenaPool *poolp, CMMFCertifiedKeyPair *dest,
+cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
 			  CMMFCertifiedKeyPair *src)
 {
     SECStatus rv;
 
     rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert, 
 				&src->certOrEncCert);
     if (rv != SECSuccess) {
         return rv;
@@ -348,17 +348,17 @@ cmmf_CopyCertifiedKeyPair(PRArenaPool *p
 	dest->privateKey = encVal;
     }
     rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo, 
 			   &src->derPublicationInfo);
     return rv;
 }
 
 SECStatus
-cmmf_CopyPKIStatusInfo(PRArenaPool *poolp, CMMFPKIStatusInfo *dest,
+cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, CMMFPKIStatusInfo *dest,
 		       CMMFPKIStatusInfo *src)
 {
     SECStatus rv;
 
     rv = cmmf_copy_secitem (poolp, &dest->status, &src->status);
     if (rv != SECSuccess) {
         return rv;
     }
@@ -380,17 +380,17 @@ cmmf_CertOrEncCertGetCertificate(CMMFCer
     }
     return CERT_NewTempCertificate(certdb,
 				   &certOrEncCert->cert.certificate->derCert,
 				   NULL, PR_FALSE, PR_TRUE);
 }
 
 SECStatus 
 cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo    *statusInfo,
-			    PRArenaPool          *poolp,
+			    PLArenaPool          *poolp,
 			    CMMFPKIStatus         inStatus)
 {
     SECItem *dummy;
     
     if (inStatus <cmmfGranted || inStatus >= cmmfNumPKIStatus) {
         return SECFailure;
     }
 
--- a/security/nss/lib/crmf/servget.c
+++ b/security/nss/lib/crmf/servget.c
@@ -339,17 +339,17 @@ CRMF_POPOSigningKeyGetSignature(CRMFPOPO
  loser:
     if (newSig != NULL) {
         SECITEM_FreeItem(newSig, PR_TRUE);
     }
     return NULL;
 }
 
 static SECStatus 
-crmf_copy_poposigningkey(PRArenaPool        *poolp, 
+crmf_copy_poposigningkey(PLArenaPool        *poolp,
 			 CRMFPOPOSigningKey *inPopoSignKey,
 			 CRMFPOPOSigningKey *destPopoSignKey)
 {
     SECStatus rv;
 
     /* We don't support use of the POPOSigningKeyInput, so we'll only 
      * store away the DER encoding.
      */
@@ -379,17 +379,17 @@ crmf_copy_poposigningkey(PRArenaPool    
  loser:
     if (poolp == NULL) {
         CRMF_DestroyPOPOSigningKey(destPopoSignKey);
     }
     return SECFailure;
 }
 
 static SECStatus
-crmf_copy_popoprivkey(PRArenaPool     *poolp,
+crmf_copy_popoprivkey(PLArenaPool     *poolp,
 		      CRMFPOPOPrivKey *srcPrivKey,
 		      CRMFPOPOPrivKey *destPrivKey)
 {
     SECStatus        rv;
 
     destPrivKey->messageChoice = srcPrivKey->messageChoice;
     switch (destPrivKey->messageChoice) {
     case crmfThisMessage:
@@ -410,17 +410,17 @@ crmf_copy_popoprivkey(PRArenaPool     *p
 
     if (rv != SECSuccess && poolp == NULL) {
         CRMF_DestroyPOPOPrivKey(destPrivKey);
     }
     return rv;
 }
 
 static CRMFProofOfPossession*
-crmf_copy_pop(PRArenaPool *poolp, CRMFProofOfPossession *srcPOP)
+crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
 {
     CRMFProofOfPossession *newPOP;
     SECStatus              rv;
 
     /* 
      * Proof Of Possession structures are always part of the Request
      * message, so there will always be an arena for allocating memory.
      */
@@ -463,17 +463,17 @@ crmf_copy_pop(PRArenaPool *poolp, CRMFPr
  loser:
     return NULL;
 }
 
 static CRMFCertReqMsg*
 crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
 {
     CRMFCertReqMsg *newReqMsg;
-    PRArenaPool    *poolp;
+    PLArenaPool    *poolp;
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         return NULL;
     }
     newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
     if (newReqMsg == NULL) {
         PORT_FreeArena(poolp, PR_TRUE);
@@ -531,17 +531,17 @@ CRMF_CertReqMessagesGetNumMessages(CRMFC
         numMessages++;
     }
     return numMessages;
 }
 
 CRMFCertRequest*
 CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
 {
-    PRArenaPool     *poolp      = NULL;
+    PLArenaPool     *poolp      = NULL;
     CRMFCertRequest *newCertReq = NULL;
 
     PORT_Assert(inCertReqMsg != NULL);
 
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
     if (poolp == NULL) {
         goto loser;
     }
@@ -623,17 +623,17 @@ CRMF_CertReqMsgGetPOPOSigningKey(CRMFCer
         return SECFailure;
     }
     return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
 }
 
 static SECStatus
 crmf_copy_name(CERTName *destName, CERTName *srcName)
 {
-  PRArenaPool *poolp = NULL;
+  PLArenaPool *poolp = NULL;
   SECStatus rv;
 
   if (destName->arena != NULL) {
     poolp = destName->arena;
   } else {
     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
   }
   if (poolp == NULL) {
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -261,17 +261,17 @@ SECKEY_DestroyPublicKey(SECKEYPublicKey 
 	}
     	if (pubk->arena) {
 	    PORT_FreeArena(pubk->arena, PR_FALSE);
 	}
     }
 }
 
 SECStatus
-SECKEY_CopySubjectPublicKeyInfo(PRArenaPool *arena,
+SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
 			     CERTSubjectPublicKeyInfo *to,
 			     CERTSubjectPublicKeyInfo *from)
 {
     SECStatus rv;
     SECItem spk;
 
     rv = SECOID_CopyAlgorithmID(arena, &to->algorithm, &from->algorithm);
     if (rv == SECSuccess) {
@@ -440,17 +440,17 @@ SECKEY_UpdateCertPQG(CERTCertificate * s
    
 
 /* Decode the DSA PQG parameters.  The params could be stored in two
  * possible formats, the old fortezza-only wrapped format or
  * the normal standard format.  Store the decoded parameters in
  * a V3 certificate data structure.  */ 
 
 SECStatus
-SECKEY_DSADecodePQG(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
+SECKEY_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
     SECStatus rv;
     SECItem newparams;
 
     if (params == NULL) return SECFailure; 
     
     if (params->data == NULL) return SECFailure;
 
     PORT_Assert(arena);
@@ -545,17 +545,17 @@ CERT_GetCertKeyType (CERTSubjectPublicKe
 }
 
 static SECKEYPublicKey *
 seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
 {
     SECKEYPublicKey *pubk;
     SECItem os, newOs, newParms;
     SECStatus rv;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECOidTag tag;
 
     arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
 	return NULL;
 
     pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
     if (pubk == NULL) {
@@ -1021,17 +1021,17 @@ SECKEY_SignatureLen(const SECKEYPublicKe
     PORT_SetError(SEC_ERROR_INVALID_KEY);
     return 0;
 }
 
 SECKEYPrivateKey *
 SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privk)
 {
     SECKEYPrivateKey *copyk;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     
     if (!privk || !privk->pkcs11Slot) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
     }
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
@@ -1067,17 +1067,17 @@ fail:
     PORT_FreeArena (arena, PR_FALSE);
     return NULL;
 }
 
 SECKEYPublicKey *
 SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk)
 {
     SECKEYPublicKey *copyk;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv = SECSuccess;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError (SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
 
@@ -1152,17 +1152,17 @@ SECKEY_CopyPublicKey(const SECKEYPublicK
     return NULL;
 }
 
 
 SECKEYPublicKey *
 SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
 {
     SECKEYPublicKey *pubk;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTCertificate *cert;
     SECStatus rv;
 
     /*
      * First try to look up the cert.
      */
     cert = PK11_GetCertFromPrivateKey(privk);
     if (cert) {
@@ -1211,17 +1211,17 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
     PORT_FreeArena (arena, PR_FALSE);
     return NULL;
 }
 
 CERTSubjectPublicKeyInfo *
 SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
 {
     CERTSubjectPublicKeyInfo *spki;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECItem params = { siBuffer, NULL, 0 };
 
     if (!pubk) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1341,17 +1341,17 @@ SECKEY_DestroySubjectPublicKeyInfo(CERTS
 
 /*
  * this only works for RSA keys... need to do something
  * similiar to CERT_ExtractPublicKey for other key times.
  */
 SECKEYPublicKey *
 SECKEY_DecodeDERPublicKey(SECItem *pubkder)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECKEYPublicKey *pubk;
     SECStatus rv;
     SECItem newPubkder;
 
     arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError (SEC_ERROR_NO_MEMORY);
 	return NULL;
@@ -1422,17 +1422,17 @@ SECKEY_EncodeDERSubjectPublicKeyInfo(SEC
 finish:
     return spkiDER;
 }
 
 
 CERTSubjectPublicKeyInfo *
 SECKEY_DecodeDERSubjectPublicKeyInfo(SECItem *spkider)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     CERTSubjectPublicKeyInfo *spki;
     SECStatus rv;
     SECItem newSpkider;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
@@ -1487,17 +1487,17 @@ SECKEY_ConvertAndDecodeSubjectPublicKeyI
 CERTSubjectPublicKeyInfo *
 SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
 								void *wincx)
 {
     CERTSubjectPublicKeyInfo *spki = NULL;
     CERTPublicKeyAndChallenge pkac;
     SECStatus rv;
     SECItem signedItem;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTSignedData sd;
     SECItem sig;
     SECKEYPublicKey *pubKey = NULL;
     unsigned int len;
     
     signedItem.data = NULL;
     
     /* convert the base64 encoded data to binary */
@@ -1582,17 +1582,17 @@ done:
     
     return spki;
 }
 
 void
 SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
 			     PRBool freeit)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 
     if(pvk != NULL) {
 	if(pvk->arena) {
 	    poolp = pvk->arena;
 	    /* zero structure since PORT_FreeArena does not support
 	     * this yet.
 	     */
 	    PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len);
@@ -1613,17 +1613,17 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPriva
 	}
     }
 }
 
 void
 SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
 				      PRBool freeit)
 {
-    PRArenaPool *poolp;
+    PLArenaPool *poolp;
 
     if(epki != NULL) {
 	if(epki->arena) {
 	    poolp = epki->arena;
 	    /* zero structure since PORT_FreeArena does not support
 	     * this yet.
 	     */
 	    PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len);
@@ -1640,17 +1640,17 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SE
 	    if(freeit == PR_TRUE) {
 		PORT_Free(epki);
 	    }
 	}
     }
 }
 
 SECStatus
-SECKEY_CopyPrivateKeyInfo(PRArenaPool *poolp,
+SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
 			  SECKEYPrivateKeyInfo *to,
 			  SECKEYPrivateKeyInfo *from)
 {
     SECStatus rv = SECFailure;
 
     if((to == NULL) || (from == NULL)) {
 	return SECFailure;
     }
@@ -1664,17 +1664,17 @@ SECKEY_CopyPrivateKeyInfo(PRArenaPool *p
 	return SECFailure;
     }
     rv = SECITEM_CopyItem(poolp, &to->version, &from->version);
 
     return rv;
 }
 
 SECStatus
-SECKEY_CopyEncryptedPrivateKeyInfo(PRArenaPool *poolp, 
+SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
 				   SECKEYEncryptedPrivateKeyInfo *to,
 				   SECKEYEncryptedPrivateKeyInfo *from)
 {
     SECStatus rv = SECFailure;
 
     if((to == NULL) || (from == NULL)) {
 	return SECFailure;
     }
@@ -1701,17 +1701,17 @@ SECKEY_GetPublicKeyType(SECKEYPublicKey 
 }
 
 SECKEYPublicKey*
 SECKEY_ImportDERPublicKey(SECItem *derKey, CK_KEY_TYPE type)
 {
     SECKEYPublicKey *pubk = NULL;
     SECStatus rv = SECFailure;
     SECItem newDerKey;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
     if (!derKey) {
         return NULL;
     } 
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -1761,17 +1761,17 @@ finish:
         pubk = NULL;
     }
     return pubk;
 }
 
 SECKEYPrivateKeyList*
 SECKEY_NewPrivateKeyList(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECKEYPrivateKeyList *ret = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
         goto loser;
     }
 
     ret = (SECKEYPrivateKeyList *)PORT_ArenaZAlloc(arena,
@@ -1838,17 +1838,17 @@ SECKEY_AddPrivateKeyToListTail( SECKEYPr
 loser:
     return(SECFailure);
 }
 
 
 SECKEYPublicKeyList*
 SECKEY_NewPublicKeyList(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECKEYPublicKeyList *ret = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
         goto loser;
     }
 
     ret = (SECKEYPublicKeyList *)PORT_ArenaZAlloc(arena,
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -137,17 +137,17 @@ static DERTemplate SGNDigestInfoTemplate
 SECStatus
 SGN_End(SGNContext *cx, SECItem *result)
 {
     unsigned char digest[HASH_LENGTH_MAX];
     unsigned part1;
     int signatureLen;
     SECStatus rv;
     SECItem digder, sigitem;
-    PRArenaPool *arena = 0;
+    PLArenaPool *arena = 0;
     SECKEYPrivateKey *privKey = cx->key;
     SGNDigestInfo *di = 0;
 
     result->data = 0;
     digder.data = 0;
 
     /* Finish up digest function */
     if (cx->hashcx == NULL) {
@@ -293,17 +293,17 @@ const SEC_ASN1Template CERT_SignedDataTe
 	  offsetof(CERTSignedData,signature), },
     { 0, }
 };
 
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate)
 
 
 SECStatus
-SEC_DerSignData(PRArenaPool *arena, SECItem *result, 
+SEC_DerSignData(PLArenaPool *arena, SECItem *result,
 	const unsigned char *buf, int len, SECKEYPrivateKey *pk,
 	SECOidTag algID)
 {
     SECItem it;
     CERTSignedData sd;
     SECStatus rv;
 
     it.data = 0;
@@ -364,17 +364,17 @@ SEC_DerSignData(PRArenaPool *arena, SECI
 
 SECStatus
 SGN_Digest(SECKEYPrivateKey *privKey,
 		SECOidTag algtag, SECItem *result, SECItem *digest)
 {
     int modulusLen;
     SECStatus rv;
     SECItem digder;
-    PRArenaPool *arena = 0;
+    PLArenaPool *arena = 0;
     SGNDigestInfo *di = 0;
 
 
     result->data = 0;
 
     if (privKey->keyType == rsaKey) {
 
 	arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/security/nss/lib/cryptohi/secvfy.c
+++ b/security/nss/lib/cryptohi/secvfy.c
@@ -177,17 +177,17 @@ const SEC_ASN1Template hashParameterTemp
  * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the
  *	algorithm was not found or was not a signing algorithm.
  */
 SECStatus
 sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, 
              const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg)
 {
     int len;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     SECStatus rv;
     SECItem oid;
 
     PR_ASSERT(hashalg!=NULL);
     PR_ASSERT(encalg!=NULL);
 
     switch (sigAlg) {
       /* We probably shouldn't be generating MD2 signatures either */
--- a/security/nss/lib/dbm/include/mcom_db.h
+++ b/security/nss/lib/dbm/include/mcom_db.h
@@ -35,16 +35,24 @@
 #ifndef _DB_H_
 #define	_DB_H_
 
 #ifndef macintosh
 #include <sys/types.h>
 #endif
 #include "prtypes.h"
 
+#if !defined(XP_BEOS) && !defined(XP_OS2) && !defined(XP_UNIX) || defined(NTO)
+typedef PRUintn uint;
+#endif
+typedef PRUint8 uint8;
+typedef PRUint16 uint16;
+typedef PRInt32 int32;
+typedef PRUint32 uint32;
+
 #include <limits.h>
 
 #ifdef __DBINTERFACE_PRIVATE
 
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #else
 #include "cdefs.h"
--- a/security/nss/lib/freebl/arcfour.c
+++ b/security/nss/lib/freebl/arcfour.c
@@ -367,17 +367,16 @@ rc4_wordconv(RC4Context *cx, unsigned ch
 	register WORD streamWord;
 	register const WORD *pInWord;
 	register WORD *pOutWord;
 	register WORD inWord, nextInWord;
 	PRUint8 t;
 	register Stype tmpSi, tmpSj;
 	register PRUint8 tmpi = cx->i;
 	register PRUint8 tmpj = cx->j;
-	unsigned int byteCount;
 	unsigned int bufShift, invBufShift;
 	unsigned int i;
 	const unsigned char *finalIn;
 	unsigned char *finalOut;
 
 	PORT_Assert(maxOutputLen >= inputLen);
 	if (maxOutputLen < inputLen) {
 		PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -385,33 +384,33 @@ rc4_wordconv(RC4Context *cx, unsigned ch
 	}
 	if (inputLen < 2*WORDSIZE) {
 		/* Ignore word conversion, do byte-at-a-time */
 		return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen);
 	}
 	*outputLen = inputLen;
 	pInWord = (const WORD *)(input - inOffset);
 	pOutWord = (WORD *)(output - outOffset);
-	if (inOffset < outOffset) {
+	if (inOffset <= outOffset) {
 		bufShift = 8*(outOffset - inOffset);
 		invBufShift = 8*WORDSIZE - bufShift;
 	} else {
 		invBufShift = 8*(inOffset - outOffset);
 		bufShift = 8*WORDSIZE - invBufShift;
 	}
 	/*****************************************************************/
 	/* Step 1:                                                       */
 	/* If the first output word is partial, consume the bytes in the */
 	/* first partial output word by loading one or two words of      */
 	/* input and shifting them accordingly.  Otherwise, just load    */
 	/* in the first word of input.  At the end of this block, at     */
 	/* least one partial word of input should ALWAYS be loaded.      */
 	/*****************************************************************/
 	if (outOffset) {
-		byteCount = WORDSIZE - outOffset; 
+		unsigned int byteCount = WORDSIZE - outOffset; 
 		for (i = 0; i < byteCount; i++) {
 			ARCFOUR_NEXT_BYTE();
 			output[i] = cx->S[t] ^ input[i];
 		}
 		/* Consumed byteCount bytes of input */
 		inputLen -= byteCount;
 		pInWord++;
 
@@ -461,43 +460,44 @@ rc4_wordconv(RC4Context *cx, unsigned ch
 		} else {
 			/* Input is word-aligned.  The first word load of input 
 			 * will produce a full word of input bytes, so nothing
 			 * needs to be loaded here.
 			 */
 			inWord = 0;
 		}
 	}
-	/* Output buffer is aligned, inOffset is now measured relative to
-	 * outOffset (and not a word boundary).
-	 */
-	inOffset = (inOffset + WORDSIZE - outOffset) % WORDSIZE;
 	/*****************************************************************/
 	/* Step 2: main loop                                             */
 	/* At this point the output buffer is word-aligned.  Any unused  */
 	/* bytes from above will be in inWord (shifted correctly).  If   */
 	/* the input buffer is unaligned relative to the output buffer,  */
 	/* shifting has to be done.                                      */
 	/*****************************************************************/
-	if (inOffset) {
-		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
+	if (bufShift) {
+		/* preloadedByteCount is the number of input bytes pre-loaded
+		 * in inWord.
+		 */
+		unsigned int preloadedByteCount = bufShift/8;
+		for (; inputLen >= preloadedByteCount + WORDSIZE;
+		     inputLen -= WORDSIZE) {
 			nextInWord = *pInWord++;
 			inWord |= nextInWord RSH bufShift;
 			nextInWord = nextInWord LSH invBufShift;
 			ARCFOUR_NEXT_WORD();
 			*pOutWord++ = inWord ^ streamWord;
 			inWord = nextInWord;
 		}
 		if (inputLen == 0) {
 			/* Nothing left to do. */
 			cx->i = tmpi;
 			cx->j = tmpj;
 			return SECSuccess;
 		}
-		finalIn = (const unsigned char *)pInWord - WORDSIZE + inOffset;
+		finalIn = (const unsigned char *)pInWord - preloadedByteCount;
 	} else {
 		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
 			inWord = *pInWord++;
 			ARCFOUR_NEXT_WORD();
 			*pOutWord++ = inWord ^ streamWord;
 		}
 		if (inputLen == 0) {
 			/* Nothing left to do. */
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -828,17 +828,17 @@ Camellia_Decrypt(CamelliaContext *cx, un
 ** Hash a null terminated string "src" into "dest" using MD5
 */
 extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
 
 /*
 ** Hash a non-null terminated string "src" into "dest" using MD5
 */
 extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
-			     uint32 src_length);
+			     PRUint32 src_length);
 
 /*
 ** Create a new MD5 context
 */
 extern MD5Context *MD5_NewContext(void);
 
 
 /*
@@ -996,17 +996,17 @@ extern void MD2_Clone(MD2Context *dest, 
 ** Hash a null terminated string "src" into "dest" using SHA-1
 */
 extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
 
 /*
 ** Hash a non-null terminated string "src" into "dest" using SHA-1
 */
 extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			      PRUint32 src_length);
 
 /*
 ** Create a new SHA-1 context
 */
 extern SHA1Context *SHA1_NewContext(void);
 
 
 /*
@@ -1098,17 +1098,17 @@ extern void SHA224_End(SHA224Context *cx
 **	"digest" where the 28 bytes of digest data are stored
 **	"digestLen" where the digest length (28) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
 extern void SHA224_TraceState(SHA224Context *cx);
 extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
 extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
 extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
 
 /******************************************/
@@ -1127,17 +1127,17 @@ extern void SHA256_End(SHA256Context *cx
 **	"digest" where the 32 bytes of digest data are stored
 **	"digestLen" where the digest length (32) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
 extern void SHA256_TraceState(SHA256Context *cx);
 extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
 extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
 extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
 extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
 
 /******************************************/
@@ -1156,17 +1156,17 @@ extern void SHA512_Update(SHA512Context 
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
 extern void SHA512_TraceState(SHA512Context *cx);
 extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
 extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
 extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
 extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
 
 /******************************************/
@@ -1185,17 +1185,17 @@ extern void SHA384_End(SHA384Context *cx
 **	"digest" where the 48 bytes of digest data are stored
 **	"digestLen" where the digest length (48) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
 extern void SHA384_TraceState(SHA384Context *cx);
 extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
 extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
 extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
 extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
 
 /****************************************
--- a/security/nss/lib/freebl/dh.c
+++ b/security/nss/lib/freebl/dh.c
@@ -39,17 +39,17 @@ dh_GetSecretKeyLen(unsigned int primeLen
         return 28;  /* 224 bits */
     }
     return 20;  /* 160 bits */
 }
 
 SECStatus 
 DH_GenParam(int primeLen, DHParams **params)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     DHParams *dhparams;
     unsigned char *pb = NULL;
     unsigned char *ab = NULL;
     unsigned long counter = 0;
     mp_int p, q, a, h, psub1, test;
     mp_err err = MP_OKAY;
     SECStatus rv = SECSuccess;
     if (!params || primeLen < 0) {
@@ -130,17 +130,17 @@ cleanup:
     if (rv)
 	PORT_FreeArena(arena, PR_TRUE);
     return rv;
 }
 
 SECStatus 
 DH_NewKey(DHParams *params, DHPrivateKey **privKey)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     DHPrivateKey *key;
     mp_int g, xa, p, Ya;
     mp_err   err = MP_OKAY;
     SECStatus rv = SECSuccess;
     if (!params || !privKey) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
--- a/security/nss/lib/freebl/dsa.c
+++ b/security/nss/lib/freebl/dsa.c
@@ -153,17 +153,17 @@ static void translate_mpi_error(mp_err e
 
 static SECStatus 
 dsa_NewKeyExtended(const PQGParams *params, const SECItem * seed,
                    DSAPrivateKey **privKey)
 {
     mp_int p, g;
     mp_int x, y;
     mp_err err;
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     DSAPrivateKey *key;
     /* Check args. */
     if (!params || !privKey || !seed || !seed->data) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
     /* Initialize an arena for the DSA key. */
     arena = PORT_NewArena(NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE);
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -199,17 +199,17 @@ cleanup:
  * point multiplication of that value with the curve's base point.
  */
 SECStatus 
 ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, 
     const unsigned char *privKeyBytes, int privKeyLen)
 {
     SECStatus rv = SECFailure;
 #ifdef NSS_ENABLE_ECC
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     ECPrivateKey *key;
     mp_int k;
     mp_err err = MP_OKAY;
     int len;
 
 #if EC_DEBUG
     printf("ec_NewKey called\n");
 #endif
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -552,17 +552,17 @@ SECStatus
 MD5_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_MD5_Hash)(dest, src);
 }
 
 SECStatus 
-MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_MD5_HashBuf)(dest, src, src_length);
 }
 
 MD5Context *
 MD5_NewContext(void)
@@ -715,17 +715,17 @@ SECStatus
 SHA1_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA1_Hash)(dest, src);
 }
 
 SECStatus 
-SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA1_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA1_HashBuf)(dest, src, src_length);
 }
 
 SHA1Context *
 SHA1_NewContext(void)
@@ -913,17 +913,17 @@ SECStatus
 SHA256_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA256_Hash)(dest, src);
 }
 
 SECStatus 
-SHA256_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA256_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA256_HashBuf)(dest, src, src_length);
 }
 
 SHA256Context *
 SHA256_NewContext(void)
@@ -1003,17 +1003,17 @@ SECStatus
 SHA512_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA512_Hash)(dest, src);
 }
 
 SECStatus 
-SHA512_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA512_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA512_HashBuf)(dest, src, src_length);
 }
 
 SHA512Context *
 SHA512_NewContext(void)
@@ -1094,17 +1094,17 @@ SECStatus
 SHA384_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA384_Hash)(dest, src);
 }
 
 SECStatus 
-SHA384_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA384_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA384_HashBuf)(dest, src, src_length);
 }
 
 SHA384Context *
 SHA384_NewContext(void)
@@ -1739,17 +1739,17 @@ SECStatus
 SHA224_Hash(unsigned char *dest, const char *src)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA224_Hash)(dest, src);
 }
 
 SECStatus
-SHA224_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+SHA224_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_SHA224_HashBuf)(dest, src, src_length);
 }
 
 SHA224Context *
 SHA224_NewContext(void)
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -134,17 +134,17 @@ struct FREEBLVectorStr {
 
  SECStatus (* p_AES_Decrypt)(AESContext *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 
  SECStatus (* p_MD5_Hash)(unsigned char *dest, const char *src);
 
  SECStatus (* p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src,
-			     uint32 src_length);
+			     PRUint32 src_length);
 
  MD5Context *(* p_MD5_NewContext)(void);
 
  void (* p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit);
 
  void (* p_MD5_Begin)(MD5Context *cx);
 
  void (* p_MD5_Update)(MD5Context *cx,
@@ -179,17 +179,17 @@ struct FREEBLVectorStr {
 
  SECStatus (* p_MD2_Flatten)(MD2Context *cx,unsigned char *space);
 
  MD2Context * (* p_MD2_Resurrect)(unsigned char *space, void *arg);
 
  SECStatus (* p_SHA1_Hash)(unsigned char *dest, const char *src);
 
  SECStatus (* p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			      PRUint32 src_length);
 
  SHA1Context *(* p_SHA1_NewContext)(void);
 
  void (* p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit);
 
  void (* p_SHA1_Begin)(SHA1Context *cx);
 
  void (* p_SHA1_Update)(SHA1Context *cx, const unsigned char *input,
@@ -238,47 +238,47 @@ struct FREEBLVectorStr {
  SHA256Context *(* p_SHA256_NewContext)(void);
  void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
  void (* p_SHA256_Begin)(SHA256Context *cx);
  void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
  SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src);
  void (* p_SHA256_TraceState)(SHA256Context *cx);
  unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx);
  SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space);
  SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg);
 
  SHA512Context *(* p_SHA512_NewContext)(void);
  void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
  void (* p_SHA512_Begin)(SHA512Context *cx);
  void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
  SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src);
  void (* p_SHA512_TraceState)(SHA512Context *cx);
  unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx);
  SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space);
  SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg);
 
  SHA384Context *(* p_SHA384_NewContext)(void);
  void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
  void (* p_SHA384_Begin)(SHA384Context *cx);
  void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+				PRUint32 src_length);
  SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src);
  void (* p_SHA384_TraceState)(SHA384Context *cx);
  unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx);
  SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space);
  SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg);
 
   /* Version 3.003 came to here */
 
@@ -546,17 +546,17 @@ struct FREEBLVectorStr {
  SHA224Context *(*p_SHA224_NewContext)(void);
  void (* p_SHA224_DestroyContext)(SHA224Context *cx, PRBool freeit);
  void (* p_SHA224_Begin)(SHA224Context *cx);
  void (* p_SHA224_Update)(SHA224Context *cx, const unsigned char *input,
 			unsigned int inputLen);
  void (* p_SHA224_End)(SHA224Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
  SECStatus (*p_SHA224_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			       PRUint32 src_length);
  SECStatus (*p_SHA224_Hash)(unsigned char *dest, const char *src);
  void (*p_SHA224_TraceState)(SHA224Context *cx);
  unsigned int (* p_SHA224_FlattenSize)(SHA224Context *cx);
  SECStatus (* p_SHA224_Flatten)(SHA224Context *cx,unsigned char *space);
  SHA224Context * (* p_SHA224_Resurrect)(unsigned char *space, void *arg);
  void (* p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);
  PRBool (*p_BLAPI_SHVerifyFile)(const char *name);
 
--- a/security/nss/lib/freebl/md5.c
+++ b/security/nss/lib/freebl/md5.c
@@ -193,17 +193,17 @@ struct MD5ContextStr {
 
 SECStatus 
 MD5_Hash(unsigned char *dest, const char *src)
 {
 	return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
 }
 
 SECStatus 
-MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
 	unsigned int len;
 	MD5Context cx;
 
 	MD5_Begin(&cx);
 	MD5_Update(&cx, src, src_length);
 	MD5_End(&cx, dest, &len, MD5_HASH_LEN);
 	memset(&cx, 0, sizeof cx);
--- a/security/nss/lib/freebl/mpi/mpmontg.c
+++ b/security/nss/lib/freebl/mpi/mpmontg.c
@@ -621,19 +621,19 @@ typedef unsigned int mp_weave_word;
  * of 4 bytes still requires a single read-modify-write operation.
  *
  * This function is takes the identical parameters as the function above, 
  * however it lays out the final array differently. Where the previous function
  * treats the mpi_int as an byte array, this function treats it as an array of
  * mp_digits where each digit is stored in big endian order.
  * 
  * since we need to interleave on a byte by byte basis, we need to collect 
- * several mpi structures together into a single uint32 before we write. We
- * also need to make sure the uint32 is arranged so that the first value of 
- * the first array winds up in b[0]. This means construction of that uint32
+ * several mpi structures together into a single PRUint32 before we write. We
+ * also need to make sure the PRUint32 is arranged so that the first value of
+ * the first array winds up in b[0]. This means construction of that PRUint32
  * is endian specific (even though the layout of the mp_digits in the array 
  * is always big endian).
  *
  * The final data is stored as follows :
  *
  * Our same logical array p array, m is sizeof(mp_digit),
  * N is still count and n is now b_size. If we define p[i].digit[j]0 as the 
  * most significant byte of the word p[i].digit[j], p[i].digit[j]1 as 
--- a/security/nss/lib/freebl/pqg.c
+++ b/security/nss/lib/freebl/pqg.c
@@ -223,18 +223,18 @@ PQG_Check(const PQGParams *params)
     unsigned int L,N;
     SECStatus rv = SECSuccess;
 
     if (params == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
 
-    L = PQG_GetLength(&params->prime)*BITS_PER_BYTE;
-    N = PQG_GetLength(&params->subPrime)*BITS_PER_BYTE;
+    L = PQG_GetLength(&params->prime)*PR_BITS_PER_BYTE;
+    N = PQG_GetLength(&params->subPrime)*PR_BITS_PER_BYTE;
 
     if (L < 1024) {
 	int j;
 
 	/* handle DSA1 pqg parameters with less thatn 1024 bits*/
 	if ( N != DSA1_Q_BITS ) {
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    return SECFailure;
@@ -256,27 +256,27 @@ PQG_GetHashType(const PQGParams *params)
 {
     unsigned int L,N;
 
     if (params == NULL) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return HASH_AlgNULL;
     }
 
-    L = PQG_GetLength(&params->prime)*BITS_PER_BYTE;
-    N = PQG_GetLength(&params->subPrime)*BITS_PER_BYTE;
+    L = PQG_GetLength(&params->prime)*PR_BITS_PER_BYTE;
+    N = PQG_GetLength(&params->subPrime)*PR_BITS_PER_BYTE;
     return getFirstHash(L, N);
 }
 
 /* Get a seed for generating P and Q.  If in testing mode, copy in the
 ** seed from FIPS 186-1 appendix 5.  Otherwise, obtain bytes from the
 ** global random number generator.
 */
 static SECStatus
-getPQseed(SECItem *seed, PRArenaPool* arena)
+getPQseed(SECItem *seed, PLArenaPool* arena)
 {
     SECStatus rv;
 
     if (!seed->data) {
         seed->data = (unsigned char*)PORT_ArenaZAlloc(arena, seed->len);
     }
     if (!seed->data) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -438,17 +438,17 @@ makeQ2fromSeed(
       HASH_HashType hashtype,	/* selected Hashing algorithm */
       unsigned int  N,          /* input.  Length of q in bits. */
 const SECItem   *   seed,       /* input.  */
       mp_int    *   Q)          /* output. */
 {
     unsigned char U[HASH_LENGTH_MAX];
     SECStatus rv  = SECSuccess;
     mp_err    err = MP_OKAY;
-    int N_bytes = N/BITS_PER_BYTE; /* length of N in bytes rather than bits */
+    int N_bytes = N/PR_BITS_PER_BYTE; /* length of N in bytes rather than bits */
     int hashLen = HASH_ResultLen(hashtype);
     int offset = 0;
 
     /* ******************************************************************
     ** Step 6.
     ** "Compute U = hash[SEED] mod 2**N-1]."
     **/
     CHECK_SEC_OK( HASH_HashBuf(hashtype, U, seed->data, seed->len) );
@@ -480,17 +480,17 @@ cleanup:
 **  Perform steps from  FIPS 186-3, Appendix A.1.2.1 and Appendix C.6
 **
 **  This generates a provable prime from two smaller prime. The resulting
 **  prime p will have q0 as a multiple of p-1. q0 can be 1.
 **
 ** This implments steps 4 thorough 22 of FIPS 186-3 A.1.2.1 and
 **                steps 16 through 34 of FIPS 186-2 C.6
 */
-#define MAX_ST_SEED_BITS HASH_LENGTH_MAX*BITS_PER_BYTE
+#define MAX_ST_SEED_BITS (HASH_LENGTH_MAX*PR_BITS_PER_BYTE)
 SECStatus
 makePrimefromPrimesShaweTaylor(
       HASH_HashType hashtype,	/* selected Hashing algorithm */
       unsigned int  length,     /* input. Length of prime in bits. */
       mp_int    *   c0,         /* seed prime */
       mp_int    *   q,          /* sub prime, can be 1 */
       mp_int    *   prime,      /* output.  */
       SECItem   *   prime_seed, /* input/output.  */
@@ -499,17 +499,17 @@ makePrimefromPrimesShaweTaylor(
     mp_int c;
     mp_int c0_2;
     mp_int t;
     mp_int a;
     mp_int z;
     mp_int two_length_minus_1;
     SECStatus rv = SECFailure;
     int hashlen = HASH_ResultLen(hashtype);