Bug 1401594 - land NSS NSS_3_34_BETA2 UPGRADE_NSS_RELEASE, r=me
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Wed, 08 Nov 2017 11:44:14 +0100
changeset 443996 4230f196a3a149b8418c8ea825d596fef3ce78a0
parent 443995 aed9ec52c5b85db8422757eb6774fe2b8e5c45dd
child 443997 0c7ad25df749504edd8b5045349e39296aaee3bd
push id1618
push userCallek@gmail.com
push dateThu, 11 Jan 2018 17:45:48 +0000
treeherdermozilla-release@882ca853e05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1401594
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1401594 - land NSS NSS_3_34_BETA2 UPGRADE_NSS_RELEASE, r=me MozReview-Commit-ID: IZcYFTH0x9o
old-configure.in
security/nss/TAG-INFO
security/nss/automation/abi-check/expected-report-libnss3.so.txt
security/nss/automation/abi-check/expected-report-libssl3.so.txt
security/nss/automation/abi-check/previous-nss-release
security/nss/coreconf/coreconf.dep
security/nss/gtests/common/util.h
security/nss/gtests/pk11_gtest/manifest.mn
security/nss/gtests/pk11_gtest/pk11_gtest.gyp
security/nss/gtests/ssl_gtest/ssl_alths_unittest.cc
security/nss/lib/freebl/poly1305.h
security/nss/lib/nss/nss.h
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/softkver.h
security/nss/lib/softoken/softoknt.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/tls13con.c
security/nss/lib/util/nssutil.h
security/nss/lib/util/pkcs11uri.c
security/nss/lib/util/secport.c
security/nss/tests/ssl_gtests/ssl_gtests.sh
--- a/old-configure.in
+++ b/old-configure.in
@@ -1910,17 +1910,17 @@ dnl = If NSS was not detected in the sys
 dnl = use the one in the source tree (mozilla/security/nss)
 dnl ========================================================
 
 MOZ_ARG_WITH_BOOL(system-nss,
 [  --with-system-nss       Use system installed NSS],
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.35, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.34, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_SYSTEM_NSS"; then
    NSS_LIBS="$NSS_LIBS -lcrmf"
 else
    NSS_CFLAGS="-I${DIST}/include/nss"
    case "${OS_ARCH}" in
         # Only few platforms have been tested with GYP
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-de7e5e67e878
+NSS_3_34_BETA2
--- a/security/nss/automation/abi-check/expected-report-libnss3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libnss3.so.txt
@@ -0,0 +1,11 @@
+Functions changes summary: 0 Removed, 0 Changed, 4 Added functions
+Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
+
+4 Added functions:
+
+  'function SECItem* SEC_CreateSignatureAlgorithmParameters(SECItem*, SECOidTag, SECOidTag, const SECItem*, const SECKEYPrivateKey*)'    {SEC_CreateSignatureAlgorithmParameters@@NSS_3.34}
+  'function SECStatus SEC_DerSignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)'    {SEC_DerSignDataWithAlgorithmID@@NSS_3.34}
+  'function SECStatus SEC_SignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)'    {SEC_SignDataWithAlgorithmID@@NSS_3.34}
+  'function void SGN_NewContextWithAlgorithmID(SECAlgorithmID*, SECKEYPrivateKey*)'    {SGN_NewContextWithAlgorithmID@@NSS_3.34}
+
+
--- a/security/nss/automation/abi-check/expected-report-libssl3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libssl3.so.txt
@@ -0,0 +1,15 @@
+Functions changes summary: 0 Removed, 1 Changed, 0 Added function
+Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
+
+1 function with some indirect sub-type change:
+
+  [C]'function SECStatus SSL_GetChannelInfo(SSLChannelInfo*, PRUintn)' at sslinfo.c:26:1 has some indirect sub-type changes:
+    parameter 1 of type 'SSLChannelInfo*' has sub-type changes:
+      in pointed to type 'typedef SSLChannelInfo' at sslt.h:288:1:
+        underlying type 'struct SSLChannelInfoStr' at sslt.h:229:1 changed:
+          type size changed from 896 to 960 bits
+          2 data member insertions:
+            'SSLNamedGroup SSLChannelInfoStr::originalKeaGroup', at offset 864 (in bits) at sslt.h:281:1
+            'PRBool SSLChannelInfoStr::resumed', at offset 896 (in bits) at sslt.h:284:1
+
+
--- a/security/nss/automation/abi-check/previous-nss-release
+++ b/security/nss/automation/abi-check/previous-nss-release
@@ -1,1 +1,1 @@
-NSS_3_34_BRANCH
+NSS_3_33_BRANCH
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/gtests/common/util.h
+++ b/security/nss/gtests/common/util.h
@@ -5,17 +5,17 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef util_h__
 #define util_h__
 
 #include <cassert>
 #include <vector>
 
-static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
   std::vector<uint8_t> bytes;
   for (size_t i = 0; i < s.length(); i += 2) {
     bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
   }
   return bytes;
 }
 
 #endif  // util_h__
--- a/security/nss/gtests/pk11_gtest/manifest.mn
+++ b/security/nss/gtests/pk11_gtest/manifest.mn
@@ -6,17 +6,16 @@ CORE_DEPTH = ../..
 DEPTH      = ../..
 MODULE = nss
 
 CPPSRCS = \
       pk11_aeskeywrap_unittest.cc \
       pk11_chacha20poly1305_unittest.cc \
       pk11_curve25519_unittest.cc \
       pk11_ecdsa_unittest.cc \
-      pk11_encrypt_derive_unittest.cc \
       pk11_export_unittest.cc \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \
       pk11_prng_unittest.cc \
       pk11_rsapss_unittest.cc \
       pk11_der_private_key_import_unittest.cc \
       $(NULL)
 
--- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -11,17 +11,16 @@
       'target_name': 'pk11_gtest',
       'type': 'executable',
       'sources': [
         'pk11_aeskeywrap_unittest.cc',
         'pk11_aes_gcm_unittest.cc',
         'pk11_chacha20poly1305_unittest.cc',
         'pk11_curve25519_unittest.cc',
         'pk11_ecdsa_unittest.cc',
-        'pk11_encrypt_derive_unittest.cc',
         'pk11_pbkdf2_unittest.cc',
         'pk11_prf_unittest.cc',
         'pk11_prng_unittest.cc',
         'pk11_rsapss_unittest.cc',
         'pk11_der_private_key_import_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_alths_unittest.cc
@@ -0,0 +1,189 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include <vector>
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+static const uint32_t kServerHelloVersionAlt = SSL_LIBRARY_VERSION_TLS_1_2;
+static const uint16_t kServerHelloVersionRegular =
+    0x7f00 | TLS_1_3_DRAFT_VERSION;
+
+class AltHandshakeTest : public TlsConnectStreamTls13 {
+ protected:
+  void SetUp() {
+    TlsConnectStreamTls13::SetUp();
+    client_ccs_recorder_ =
+        std::make_shared<TlsRecordRecorder>(kTlsChangeCipherSpecType);
+    server_handshake_recorder_ =
+        std::make_shared<TlsRecordRecorder>(kTlsHandshakeType);
+    server_ccs_recorder_ =
+        std::make_shared<TlsRecordRecorder>(kTlsChangeCipherSpecType);
+    server_hello_recorder_ =
+        std::make_shared<TlsInspectorRecordHandshakeMessage>(
+            kTlsHandshakeServerHello);
+  }
+
+  void SetAltHandshakeTypeEnabled() {
+    client_->SetAltHandshakeTypeEnabled();
+    server_->SetAltHandshakeTypeEnabled();
+  }
+
+  void InstallFilters() {
+    client_->SetPacketFilter(client_ccs_recorder_);
+    auto chain = std::make_shared<ChainedPacketFilter>(ChainedPacketFilterInit(
+        {server_handshake_recorder_, server_ccs_recorder_,
+         server_hello_recorder_}));
+    server_->SetPacketFilter(chain);
+  }
+
+  void CheckServerHelloRecordVersion(uint16_t record_version) {
+    ASSERT_EQ(record_version,
+              server_handshake_recorder_->record(0).header.version());
+  }
+
+  void CheckServerHelloVersion(uint16_t server_hello_version) {
+    uint32_t ver;
+    ASSERT_TRUE(server_hello_recorder_->buffer().Read(0, 2, &ver));
+    ASSERT_EQ(server_hello_version, ver);
+  }
+
+  void CheckForRegularHandshake() {
+    EXPECT_EQ(0U, client_ccs_recorder_->count());
+    EXPECT_EQ(0U, server_ccs_recorder_->count());
+    CheckServerHelloVersion(kServerHelloVersionRegular);
+    CheckServerHelloRecordVersion(SSL_LIBRARY_VERSION_TLS_1_0);
+  }
+
+  void CheckForAltHandshake() {
+    EXPECT_EQ(1U, client_ccs_recorder_->count());
+    EXPECT_EQ(1U, server_ccs_recorder_->count());
+    CheckServerHelloVersion(kServerHelloVersionAlt);
+    CheckServerHelloRecordVersion(SSL_LIBRARY_VERSION_TLS_1_2);
+  }
+
+  std::shared_ptr<TlsRecordRecorder> client_ccs_recorder_;
+  std::shared_ptr<TlsRecordRecorder> server_handshake_recorder_;
+  std::shared_ptr<TlsRecordRecorder> server_ccs_recorder_;
+  std::shared_ptr<TlsInspectorRecordHandshakeMessage> server_hello_recorder_;
+};
+
+TEST_F(AltHandshakeTest, ClientOnly) {
+  client_->SetAltHandshakeTypeEnabled();
+  InstallFilters();
+  Connect();
+  CheckForRegularHandshake();
+}
+
+TEST_F(AltHandshakeTest, ServerOnly) {
+  server_->SetAltHandshakeTypeEnabled();
+  InstallFilters();
+  Connect();
+  CheckForRegularHandshake();
+}
+
+TEST_F(AltHandshakeTest, Enabled) {
+  SetAltHandshakeTypeEnabled();
+  InstallFilters();
+  Connect();
+  CheckForAltHandshake();
+}
+
+TEST_F(AltHandshakeTest, ZeroRtt) {
+  SetAltHandshakeTypeEnabled();
+  SetupForZeroRtt();
+  SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  InstallFilters();
+
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+
+  CheckForAltHandshake();
+}
+
+// Neither client nor server has the extension prior to resumption, so the
+// client doesn't send a CCS before its 0-RTT data.
+TEST_F(AltHandshakeTest, DisabledBeforeZeroRtt) {
+  SetupForZeroRtt();
+  SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  InstallFilters();
+
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+
+  EXPECT_EQ(0U, client_ccs_recorder_->count());
+  EXPECT_EQ(1U, server_ccs_recorder_->count());
+  CheckServerHelloVersion(kServerHelloVersionAlt);
+}
+
+// Both use the alternative in the initial handshake but only the server enables
+// it on resumption.
+TEST_F(AltHandshakeTest, ClientDisabledAfterZeroRtt) {
+  SetAltHandshakeTypeEnabled();
+  SetupForZeroRtt();
+  server_->SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  InstallFilters();
+
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+
+  CheckForRegularHandshake();
+}
+
+// If the alternative handshake isn't negotiated after 0-RTT, and the client has
+// it enabled, it will send a ChangeCipherSpec.  The server chokes on it if it
+// hasn't negotiated the alternative handshake.
+TEST_F(AltHandshakeTest, ServerDisabledAfterZeroRtt) {
+  SetAltHandshakeTypeEnabled();
+  SetupForZeroRtt();
+  client_->SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  client_->ExpectSendAlert(kTlsAlertEndOfEarlyData);
+  client_->Handshake();  // Send ClientHello (and CCS)
+
+  server_->Handshake();  // Consume the ClientHello, which is OK.
+  client_->ExpectResumption();
+  client_->Handshake();  // Read the server handshake.
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+
+  // Now the server reads the CCS instead of more handshake messages.
+  ExpectAlert(server_, kTlsAlertBadRecordMac);
+  server_->Handshake();
+  EXPECT_EQ(TlsAgent::STATE_ERROR, server_->state());
+  client_->Handshake();  // Consume the alert.
+  EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+}
+
+}  // nss_test
--- a/security/nss/lib/freebl/poly1305.h
+++ b/security/nss/lib/freebl/poly1305.h
@@ -3,18 +3,16 @@
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef FREEBL_POLY1305_H_
 #define FREEBL_POLY1305_H_
 
-#include "stddef.h"
-
 typedef unsigned char poly1305_state[512];
 
 /* Poly1305Init sets up |state| so that it can be used to calculate an
  * authentication tag with the one-time key |key|. Note that |key| is a
  * one-time key and therefore there is no `reset' method because that would
  * enable several messages to be authenticated with the same key. */
 extern void Poly1305Init(poly1305_state* state, const unsigned char key[32]);
 
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -17,19 +17,19 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.35" _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.34" _NSS_CUSTOMIZED " Beta"
 #define NSS_VMAJOR 3
-#define NSS_VMINOR 35
+#define NSS_VMINOR 34
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
 #define NSS_BETA PR_TRUE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -416,30 +416,21 @@ static const struct mechanismList mechan
     { CKM_IDEA_ECB, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
     { CKM_IDEA_CBC, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
     { CKM_IDEA_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
     { CKM_IDEA_MAC_GENERAL, { 16, 16, CKF_SN_VR }, PR_TRUE },
     { CKM_IDEA_CBC_PAD, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
 #endif
     /* --------------------- Secret Key Operations ------------------------ */
     { CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
-    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
+    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
     { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_DES3_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_DES3_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_AES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_AES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CAMELLIA_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CAMELLIA_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_SEED_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_SEED_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-
     /* ---------------------- SSL Key Derivations ------------------------- */
     { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
     { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_MD5_MAC, { 0, 16, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_SHA1_MAC, { 0, 20, CKF_DERIVE }, PR_FALSE },
     { CKM_MD5_KEY_DERIVATION, { 0, 16, CKF_DERIVE }, PR_FALSE },
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -1519,17 +1519,18 @@ NSC_DecryptUpdate(CK_SESSION_HANDLE hSes
             rv = (*context->update)(context->cipherInfo, pPart, &padoutlen,
                                     maxout, context->padBuf, context->blockSize);
             if (rv != SECSuccess)
                 return sftk_MapDecryptError(PORT_GetError());
             pPart += padoutlen;
             maxout -= padoutlen;
         }
         /* now save the final block for the next decrypt or the final */
-        PORT_Memcpy(context->padBuf, &pEncryptedPart[ulEncryptedPartLen - context->blockSize],
+        PORT_Memcpy(context->padBuf, &pEncryptedPart[ulEncryptedPartLen -
+                                                     context->blockSize],
                     context->blockSize);
         context->padDataLength = context->blockSize;
         ulEncryptedPartLen -= context->padDataLength;
     }
 
     /* do it: NOTE: this assumes buf size in is >= buf size out! */
     rv = (*context->update)(context->cipherInfo, pPart, &outlen,
                             maxout, pEncryptedPart, ulEncryptedPartLen);
@@ -6236,53 +6237,16 @@ sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_UL
     else if (kdf == CKD_SHA512_KDF)
         return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo,
                                            SharedInfoLen, SHA512_HashBuf, SHA512_LENGTH);
     else
         return CKR_MECHANISM_INVALID;
 }
 
 /*
- *  Handle the derive from a block encryption cipher
- */
-CK_RV
-sftk_DeriveEncrypt(SFTKCipher encrypt, void *cipherInfo,
-                   int blockSize, SFTKObject *key, CK_ULONG keySize,
-                   unsigned char *data, CK_ULONG len)
-{
-    /* large enough for a 512-bit key */
-    unsigned char tmpdata[SFTK_MAX_DERIVE_KEY_SIZE];
-    SECStatus rv;
-    unsigned int outLen;
-    CK_RV crv;
-
-    if ((len % blockSize) != 0) {
-        return CKR_MECHANISM_PARAM_INVALID;
-    }
-    if (len > SFTK_MAX_DERIVE_KEY_SIZE) {
-        return CKR_MECHANISM_PARAM_INVALID;
-    }
-    if (keySize && (len < keySize)) {
-        return CKR_MECHANISM_PARAM_INVALID;
-    }
-    if (keySize == 0) {
-        keySize = len;
-    }
-
-    rv = (*encrypt)(cipherInfo, &tmpdata, &outLen, len, data, len);
-    if (rv != SECSuccess) {
-        crv = sftk_MapCryptError(PORT_GetError());
-        return crv;
-    }
-
-    crv = sftk_forceAttribute(key, CKA_VALUE, tmpdata, keySize);
-    return crv;
-}
-
-/*
  * SSL Key generation given pre master secret
  */
 #define NUM_MIXERS 9
 static const char *const mixers[NUM_MIXERS] = {
     "A",
     "BB",
     "CCC",
     "DDDD",
@@ -6930,182 +6894,16 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
             }
             MD5_DestroyContext(md5, PR_TRUE);
             SHA1_DestroyContext(sha, PR_TRUE);
             sftk_FreeObject(key);
             key = NULL;
             break;
         }
 
-        case CKM_DES3_ECB_ENCRYPT_DATA:
-        case CKM_DES3_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            unsigned char des3key[MAX_DES3_KEY_SIZE];
-            CK_DES_CBC_ENCRYPT_DATA_PARAMS *desEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_DES3_ECB_ENCRYPT_DATA) {
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
-                                pMechanism->pParameter;
-                mode = NSS_DES_EDE3;
-                iv = NULL;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-            } else {
-                mode = NSS_DES_EDE3_CBC;
-                desEncryptPtr =
-                    (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
-                        pMechanism->pParameter;
-                iv = desEncryptPtr->iv;
-                data = desEncryptPtr->pData;
-                len = desEncryptPtr->length;
-            }
-            if (att->attrib.ulValueLen == 16) {
-                PORT_Memcpy(des3key, att->attrib.pValue, 16);
-                PORT_Memcpy(des3key + 16, des3key, 8);
-            } else if (att->attrib.ulValueLen == 24) {
-                PORT_Memcpy(des3key, att->attrib.pValue, 24);
-            } else {
-                crv = CKR_KEY_SIZE_RANGE;
-                break;
-            }
-            cipherInfo = DES_CreateContext(des3key, iv, mode, PR_TRUE);
-            PORT_Memset(des3key, 0, 24);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)DES_Encrypt,
-                                     cipherInfo, 8, key, keySize,
-                                     data, len);
-            DES_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
-        case CKM_AES_ECB_ENCRYPT_DATA:
-        case CKM_AES_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_AES_ECB_ENCRYPT_DATA) {
-                mode = NSS_AES;
-                iv = NULL;
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-            } else {
-                aesEncryptPtr =
-                    (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)pMechanism->pParameter;
-                mode = NSS_AES_CBC;
-                iv = aesEncryptPtr->iv;
-                data = aesEncryptPtr->pData;
-                len = aesEncryptPtr->length;
-            }
-
-            cipherInfo = AES_CreateContext((unsigned char *)att->attrib.pValue,
-                                           iv, mode, PR_TRUE,
-                                           att->attrib.ulValueLen, 16);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)AES_Encrypt,
-                                     cipherInfo, 16, key, keySize,
-                                     data, len);
-            AES_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
-        case CKM_CAMELLIA_ECB_ENCRYPT_DATA:
-        case CKM_CAMELLIA_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_CAMELLIA_ECB_ENCRYPT_DATA) {
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
-                                pMechanism->pParameter;
-                aesEncryptPtr = NULL;
-                mode = NSS_CAMELLIA;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-                iv = NULL;
-            } else {
-                stringPtr = NULL;
-                aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
-                                    pMechanism->pParameter;
-                mode = NSS_CAMELLIA_CBC;
-                iv = aesEncryptPtr->iv;
-                data = aesEncryptPtr->pData;
-                len = aesEncryptPtr->length;
-            }
-
-            cipherInfo = Camellia_CreateContext((unsigned char *)att->attrib.pValue,
-                                                iv, mode, PR_TRUE,
-                                                att->attrib.ulValueLen);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)Camellia_Encrypt,
-                                     cipherInfo, 16, key, keySize,
-                                     data, len);
-            Camellia_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
-        case CKM_SEED_ECB_ENCRYPT_DATA:
-        case CKM_SEED_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_SEED_ECB_ENCRYPT_DATA) {
-                mode = NSS_SEED;
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
-                                pMechanism->pParameter;
-                aesEncryptPtr = NULL;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-                iv = NULL;
-            } else {
-                mode = NSS_SEED_CBC;
-                aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
-                                    pMechanism->pParameter;
-                iv = aesEncryptPtr->iv;
-                data = aesEncryptPtr->pData;
-                len = aesEncryptPtr->length;
-            }
-
-            cipherInfo = SEED_CreateContext((unsigned char *)att->attrib.pValue,
-                                            iv, mode, PR_TRUE);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)SEED_Encrypt,
-                                     cipherInfo, 16, key, keySize,
-                                     data, len);
-            SEED_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
         case CKM_CONCATENATE_BASE_AND_KEY: {
             SFTKObject *newKey;
 
             crv = sftk_DeriveSensitiveCheck(sourceKey, key);
             if (crv != CKR_OK)
                 break;
 
             session = sftk_SessionFromHandle(hSession);
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -12,16 +12,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.35" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION "3.34" SOFTOKEN_ECC_STRING " Beta"
 #define SOFTOKEN_VMAJOR 3
-#define SOFTOKEN_VMINOR 35
+#define SOFTOKEN_VMINOR 34
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
 #define SOFTOKEN_BETA PR_TRUE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/softoken/softoknt.h
+++ b/security/nss/lib/softoken/softoknt.h
@@ -4,19 +4,16 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _SOFTOKNT_H_
 #define _SOFTOKNT_H_
 
 #define NSS_SOFTOKEN_DEFAULT_CHUNKSIZE 2048
-#define DES_BLOCK_SIZE 8     /* bytes */
-#define MAX_DES3_KEY_SIZE 24 /* DES_BLOCK_SIZE * 3 */
-#define SFTK_MAX_DERIVE_KEY_SIZE 64
 
 /*
  * FIPS 140-2 auditing
  */
 typedef enum {
     NSS_AUDIT_ERROR = 3,   /* errors */
     NSS_AUDIT_WARNING = 2, /* warning messages */
     NSS_AUDIT_INFO = 1     /* informational messages */
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -4319,17 +4319,17 @@ ssl3_ConsumeHandshake(sslSocket *ss, voi
  *
  * On error, an alert has been sent, and a generic error code has been set.
  */
 SECStatus
 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, PRUint32 bytes,
                             PRUint8 **b, PRUint32 *length)
 {
     PRUint8 *buf = *b;
-    PRUint32 i;
+    int i;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     *num = 0;
     if (bytes > *length || bytes > sizeof(*num)) {
         return ssl3_DecodeError(ss);
     }
@@ -4941,17 +4941,17 @@ ssl_MakeFakeSid(sslSocket *ss, PRUint8 *
  * - client_hello_renegotiation is used to renegotiate (in TLS <1.3)
  */
 SECStatus
 ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
 {
     sslSessionID *sid;
     ssl3CipherSpec *cwSpec;
     SECStatus rv;
-    unsigned int i;
+    int i;
     int length;
     int num_suites;
     int actual_count = 0;
     PRBool isTLS = PR_FALSE;
     PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
     PRInt32 total_exten_len = 0;
     unsigned numCompressionMethods;
     PRUint16 version;
@@ -6835,19 +6835,18 @@ ssl3_HandleServerHello(sslSocket *ss, PR
         }
     }
 
     /* Set compression (to be removed soon), and cipher suite. */
     ss->ssl3.hs.compression = ssl_compression_null;
     rv = ssl_ClientSetCipherSuite(ss, ss->version, cipher,
                                   PR_TRUE /* init hashes */);
     if (rv != SECSuccess) {
-        desc = handshake_failure;
         errCode = PORT_GetError();
-        goto alert_loser;
+        goto loser;
     }
 
     rv = ssl3_HandleParsedExtensions(ss, server_hello);
     ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
     if (rv != SECSuccess) {
         goto alert_loser;
     }
 
@@ -7136,21 +7135,21 @@ ssl_HandleDHServerKeyExchange(sslSocket 
     SECKEYPublicKey *peerKey = NULL;
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
     if (rv != SECSuccess) {
         goto loser; /* malformed. */
     }
 
     rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
-    if (rv != SECSuccess || minDH <= 0) {
+    if (rv != SECSuccess) {
         minDH = SSL_DH_MIN_P_BITS;
     }
     dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
-    if (dh_p_bits < (unsigned)minDH) {
+    if (dh_p_bits < minDH) {
         errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
         goto alert_loser;
     }
     rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
     if (rv != SECSuccess) {
         goto loser; /* malformed. */
     }
     /* Abort if dh_g is 0, 1, or obviously too big. */
@@ -8077,18 +8076,18 @@ ssl3_KEASupportsTickets(const ssl3KEADef
 ** cipher suites. Therefore, we refuse to negotiate export cipher suites
 ** with any client that indicates support for TLS 1.1 or higher when we
 ** (the server) have TLS 1.1 support enabled.
 */
 SECStatus
 ssl3_NegotiateCipherSuite(sslSocket *ss, const SECItem *suites,
                           PRBool initHashes)
 {
-    unsigned int j;
-    unsigned int i;
+    int j;
+    int i;
 
     for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
         ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
         SSLVersionRange vrange = { ss->version, ss->version };
         if (!config_match(suite, ss->ssl3.policy, &vrange, ss)) {
             continue;
         }
         for (i = 0; i + 1 < suites->len; i += 2) {
@@ -8678,16 +8677,25 @@ ssl3_HandleClientHello(sslSocket *ss, PR
             sid = NULL;
         }
     }
 
     if (IS_DTLS(ss)) {
         ssl3_DisableNonDTLSSuites(ss);
     }
 
+#ifdef PARANOID
+    /* Look for a matching cipher suite. */
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) {                  /* no ciphers are working/supported by PK11 */
+        errCode = PORT_GetError(); /* error code is already set. */
+        goto alert_loser;
+    }
+#endif
+
     if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
         rv = tls13_HandleClientHelloPart2(ss, &suites, sid);
     } else {
         rv = ssl3_HandleClientHelloPart2(ss, &suites, &comps, sid);
     }
     if (rv != SECSuccess) {
         errCode = PORT_GetError();
         goto loser;
@@ -8709,17 +8717,17 @@ ssl3_HandleClientHelloPart2(sslSocket *s
                             sslSessionID *sid)
 {
     PRBool haveSpecWriteLock = PR_FALSE;
     PRBool haveXmitBufLock = PR_FALSE;
     int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
     SSL3AlertDescription desc = illegal_parameter;
     SECStatus rv;
     unsigned int i;
-    unsigned int j;
+    int j;
 
     /* If we already have a session for this client, be sure to pick the
     ** same cipher suite and compression method we picked before.
     ** This is not a loop, despite appearances.
     */
     if (sid)
         do {
             ssl3CipherSuiteCfg *suite;
@@ -8741,17 +8749,17 @@ ssl3_HandleClientHelloPart2(sslSocket *s
 
             suite = ss->cipherSuites;
             /* Find the entry for the cipher suite used in the cached session. */
             for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) {
                 if (suite->cipher_suite == sid->u.ssl3.cipherSuite)
                     break;
             }
             PORT_Assert(j > 0);
-            if (j == 0)
+            if (j <= 0)
                 break;
 #ifdef PARANOID
             /* Double check that the cached cipher suite is still enabled,
              * implemented, and allowed by policy.  Might have been disabled.
              * The product policy won't change during the process lifetime.
              * Implemented ("isPresent") shouldn't change for servers.
              */
             if (!config_match(suite, ss->ssl3.policy, &vrange, ss))
@@ -8778,17 +8786,18 @@ ssl3_HandleClientHelloPart2(sslSocket *s
                     goto compression_found;
                 }
             }
         } while (0);
 /* START A NEW SESSION */
 
 #ifndef PARANOID
     /* Look for a matching cipher suite. */
-    if (ssl3_config_match_init(ss) <= 0) {
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) { /* no ciphers are working/supported by PK11 */
         desc = internal_error;
         errCode = PORT_GetError(); /* error code is already set. */
         goto alert_loser;
     }
 #endif
 
     rv = ssl3_NegotiateCipherSuite(ss, suites, PR_TRUE);
     if (rv != SECSuccess) {
@@ -9680,22 +9689,22 @@ ssl3_EncodeSigAlgs(const sslSocket *ss, 
 }
 
 static SECStatus
 ssl3_SendCertificateRequest(sslSocket *ss)
 {
     PRBool isTLS12;
     const PRUint8 *certTypes;
     SECStatus rv;
-    PRUint32 length;
+    int length;
     SECItem *names;
     unsigned int calen;
     unsigned int nnames;
     SECItem *name;
-    unsigned int i;
+    int i;
     int certTypesLength;
     PRUint8 sigAlgs[MAX_SIGNATURE_SCHEMES * 2];
     unsigned int sigAlgsLength = 0;
 
     SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
                 SSL_GETPID(), ss->fd));
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
@@ -10903,51 +10912,50 @@ ssl3_AuthCertificate(sslSocket *ss)
         if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
             /* These are filled in in tls13_HandleCertificateVerify and
              * tls13_HandleServerKeyShare. */
             ss->sec.authType = ss->ssl3.hs.kea_def->authKeyType;
             ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
         }
         if (pubKey) {
             KeyType pubKeyType;
-            PRUint32 minKey;
-            PRInt32 optval;
+            PRInt32 minKey;
             /* This partly fixes Bug 124230 and may cause problems for
              * callers which depend on the old (wrong) behavior. */
             ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey);
             pubKeyType = SECKEY_GetPublicKeyType(pubKey);
             minKey = ss->sec.authKeyBits;
             switch (pubKeyType) {
                 case rsaKey:
                 case rsaPssKey:
                 case rsaOaepKey:
                     rv =
-                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &optval);
-                    if (rv == SECSuccess && optval > 0) {
-                        minKey = (PRUint32)optval;
-                    } else {
-                        minKey = SSL_RSA_MIN_MODULUS_BITS;
+                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_RSA_MIN_MODULUS_BITS;
                     }
                     break;
                 case dsaKey:
                     rv =
-                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &optval);
-                    if (rv == SECSuccess && optval > 0) {
-                        minKey = (PRUint32)optval;
-                    } else {
-                        minKey = SSL_DSA_MIN_P_BITS;
+                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_DSA_MIN_P_BITS;
                     }
                     break;
                 case dhKey:
                     rv =
-                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &optval);
-                    if (rv == SECSuccess && optval > 0) {
-                        minKey = (PRUint32)optval;
-                    } else {
-                        minKey = SSL_DH_MIN_P_BITS;
+                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_DH_MIN_P_BITS;
                     }
                     break;
                 default:
                     break;
             }
 
             /* Too small: not good enough. Send a fatal alert. */
             /* We aren't checking EC here on the understanding that we only
--- a/security/nss/lib/ssl/tls13con.c
+++ b/security/nss/lib/ssl/tls13con.c
@@ -2739,16 +2739,19 @@ tls13_SetSpecRecordVersion(sslSocket *ss
 
 static SECStatus
 tls13_SetupPendingCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
 {
     ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
+    ssl_GetSpecWriteLock(ss); /*******************************/
+
+    spec = ss->ssl3.pwSpec;
     /* Version isn't set when we send 0-RTT data. */
     spec->version = PR_MAX(SSL_LIBRARY_VERSION_TLS_1_3, ss->version);
 
     SSL_TRC(3, ("%d: TLS13[%d]: Set Pending Cipher Suite to 0x%04x",
                 SSL_GETPID(), ss->fd, suite));
 
     spec->cipher_def = ssl_GetBulkCipherDef(ssl_LookupCipherSuiteDef(suite));
     switch (spec->cipher_def->calg) {
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,19 +14,19 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.35 Beta"
+#define NSSUTIL_VERSION "3.34 Beta"
 #define NSSUTIL_VMAJOR 3
-#define NSSUTIL_VMINOR 35
+#define NSSUTIL_VMINOR 34
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
 #define NSSUTIL_BETA PR_TRUE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
--- a/security/nss/lib/util/pkcs11uri.c
+++ b/security/nss/lib/util/pkcs11uri.c
@@ -237,17 +237,17 @@ fail:
 
 /* Compare two attribute names by the array index in attr_names.  Both
  * attribute names must be present in attr_names, otherwise it is a
  * programming error. */
 static int
 pk11uri_CompareByPosition(const char *a, const char *b,
                           const char **attr_names, size_t num_attr_names)
 {
-    size_t i, j;
+    int i, j;
 
     for (i = 0; i < num_attr_names; i++) {
         if (strcmp(a, attr_names[i]) == 0) {
             break;
         }
     }
     PR_ASSERT(i < num_attr_names);
 
--- a/security/nss/lib/util/secport.c
+++ b/security/nss/lib/util/secport.c
@@ -784,14 +784,14 @@ NSS_SecureMemcmp(const void *ia, const v
 /*
  * Perform a constant-time check if a memory region is all 0. The return value
  * is 0 if the memory region is all zero.
  */
 unsigned int
 NSS_SecureMemcmpZero(const void *mem, size_t n)
 {
     PRUint8 zero = 0;
-    size_t i;
+    int i;
     for (i = 0; i < n; ++i) {
         zero |= *(PRUint8 *)((uintptr_t)mem + i);
     }
     return zero;
 }
--- a/security/nss/tests/ssl_gtests/ssl_gtests.sh
+++ b/security/nss/tests/ssl_gtests/ssl_gtests.sh
@@ -16,27 +16,26 @@
 # ---------------
 #   FIXME ... known problems, search for this string
 #   NOTE .... unexpected behavior
 #
 ########################################################################
 
 # Generate input to certutil
 certscript() {
-  ca=n
   while [ $# -gt 0 ]; do
     case $1 in
       sign) echo 0 ;;
       kex) echo 2 ;;
-      ca) echo 5;echo 6;ca=y ;;
+      ca) echo 5;echo 6 ;;
     esac; shift
   done;
   echo 9
   echo n
-  echo $ca
+  echo ${ca:-n}
   echo
   echo n
 }
 
 # $1: name
 # $2: type
 # $3+: usages: sign or kex
 make_cert() {
@@ -46,19 +45,19 @@ make_cert() {
   case $type in
     dsa) type_args='-g 1024' ;;
     rsa) type_args='-g 1024' ;;
     rsa2048) type_args='-g 2048';type=rsa ;;
     rsapss) type_args='-g 1024 --pss';type=rsa ;;
     p256) type_args='-q nistp256';type=ec ;;
     p384) type_args='-q secp384r1';type=ec ;;
     p521) type_args='-q secp521r1';type=ec ;;
-    rsa_ca) type_args='-g 1024';trust='CT,CT,CT';type=rsa ;;
+    rsa_ca) type_args='-g 1024';trust='CT,CT,CT';ca=y;type=rsa ;;
     rsa_chain) type_args='-g 1024';sign='-c rsa_ca';type=rsa;;
-    rsapss_ca) type_args='-g 1024 --pss';trust='CT,CT,CT';type=rsa ;;
+    rsapss_ca) type_args='-g 1024 --pss';trust='CT,CT,CT';ca=y;type=rsa ;;
     rsapss_chain) type_args='-g 1024';sign='-c rsa_pss_ca';type=rsa;;
     rsa_ca_rsapss_chain) type_args='-g 1024 --pss-sign';sign='-c rsa_ca';type=rsa;;
     ecdh_rsa) type_args='-q nistp256';sign='-c rsa_ca';type=ec ;;
   esac
   shift 2
   counter=$(($counter + 1))
   certscript $@ | ${BINDIR}/certutil -S \
     -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \