--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_27_BRANCH
+0cd63b117eb4

--- a/security/nss/automation/buildbot-slave/build.sh
+++ b/security/nss/automation/buildbot-slave/build.sh
@@ -289,23 +289,16 @@ prepare()
     mkdir -p ${OUTPUTDIR}
 
     # Remove temporary test files from previous jobs, that weren't cleaned up
     # by move_results(), e.g. caused by unexpected interruptions.
     rm -rf ${HGDIR}/tests_results/
 
     cd ${HGDIR}/nss
 
-    if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
-        ECF="lib/freebl/ecl/ecl-curve.h"
-	print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"
-        hg revert -r NSS_3_11_1_RTM security/nss/${ECF}
-        cp -f security/nss/${ECF} ${ECF}
-    fi
-
     if [ -n "${FEWER_STRESS_ITERATIONS}" ]; then
         sed -i 's/-c_1000_/-c_500_/g' tests/ssl/sslstress.txt
     fi
 
     return 0
 }
 
 move_results()

--- a/security/nss/automation/taskcluster/docker/setup.sh
+++ b/security/nss/automation/taskcluster/docker/setup.sh
@@ -10,16 +10,17 @@ apt-get -y update && apt-get -y upgrade
 apt-get install -y --no-install-recommends apt-utils
 
 apt_packages=()
 apt_packages+=('build-essential')
 apt_packages+=('ca-certificates')
 apt_packages+=('curl')
 apt_packages+=('npm')
 apt_packages+=('git')
+apt_packages+=('golang-1.6')
 apt_packages+=('ninja-build')
 apt_packages+=('pkg-config')
 apt_packages+=('zlib1g-dev')
 
 # 32-bit builds
 apt_packages+=('lib32z1-dev')
 apt_packages+=('gcc-multilib')
 apt_packages+=('g++-multilib')

--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -23,21 +23,38 @@ queue.filter(task => {
 
     // Remove extra builds w/o libpkix for non-linux64-debug.
     if (task.symbol == "noLibpkix" &&
         (task.platform != "linux64" || task.collection != "debug")) {
       return false;
     }
   }
 
+  if (task.tests == "bogo") {
+    // No BoGo tests on Windows.
+    if (task.platform == "windows2012-64") {
+      return false;
+    }
+
+    // No BoGo tests on ARM.
+    if (task.collection == "arm-debug") {
+      return false;
+    }
+  }
+
   return true;
 });
 
 queue.map(task => {
   if (task.collection == "asan") {
+    // Disable LSan on BoGo runs, for now.
+    if (task.tests == "bogo") {
+      task.env.ASAN_OPTIONS = "detect_leaks=0";
+    }
+
     // CRMF and FIPS tests still leak, unfortunately.
     if (task.tests == "crmf" || task.tests == "fips") {
       task.env.ASAN_OPTIONS = "detect_leaks=0";
     }
 
     // SSL(standard) runs on ASan take some time.
     if (task.tests == "ssl" && task.cycle == "standard") {
       task.maxRunTime = 7200;
@@ -276,17 +293,20 @@ async function scheduleWindows(name, bas
 /*****************************************************************************/
 
 function scheduleTests(task_build, task_cert, test_base) {
   test_base = merge({kind: "test"}, test_base);
 
   // Schedule tests that do NOT need certificates.
   let no_cert_base = merge(test_base, {parent: task_build});
   queue.scheduleTask(merge(no_cert_base, {
-    name: "Gtests", symbol: "Gtest", tests: "ssl_gtests gtests"
+    name: "Gtests", symbol: "Gtest", tests: "ssl_gtests gtests", cycle: "standard"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "Bogo tests", symbol: "Bogo", tests: "bogo", cycle: "standard"
   }));
   queue.scheduleTask(merge(no_cert_base, {
     name: "Chains tests", symbol: "Chains", tests: "chains"
   }));
   queue.scheduleTask(merge(no_cert_base, {
     name: "Cipher tests", symbol: "Cipher", tests: "cipher"
   }));
   queue.scheduleTask(merge(no_cert_base, {
@@ -360,17 +380,17 @@ async function scheduleTools() {
     name: "scan-build-3.9",
     env: {
       USE_64: "1",
       GCC_VERSION: "clang",
       GXX_VERSION: "clang++"
     },
     artifacts: {
       public: {
-        expires: 24,
+        expires: 24 * 7,
         type: "directory",
         path: "/home/worker/artifacts"
       }
     },
     command: [
       "/bin/bash",
       "-c",
       "bin/checkout.sh && nss/automation/taskcluster/scripts/run_scan_build.sh"

--- a/security/nss/automation/taskcluster/graph/src/try_syntax.js
+++ b/security/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -26,19 +26,23 @@ function parseOptions(opts) {
   let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
 
   // If the given value is nonsense or "none" default to all platforms.
   if (platforms.length == 0 && opts.platform != "none") {
     platforms = allPlatforms;
   }
 
   // Parse unit tests.
-  let allUnitTests = ["crmf", "chains", "cipher", "db", "ec", "fips", "gtest",
-                      "lowhash", "merge", "sdr", "smime", "tools", "ssl"];
-  let unittests = intersect(opts.unittests.split(/\s*,\s*/), allUnitTests);
+  let aliases = {"gtests": "gtest"};
+  let allUnitTests = ["bogo", "crmf", "chains", "cipher", "db", "ec", "fips",
+                      "gtest", "lowhash", "merge", "sdr", "smime", "tools",
+                      "ssl"];
+  let unittests = intersect(opts.unittests.split(/\s*,\s*/).map(t => {
+    return aliases[t] || t;
+  }), allUnitTests);
 
   // If the given value is "all" run all tests.
   // If it's nonsense then don't run any tests.
   if (opts.unittests == "all") {
     unittests = allUnitTests;
   } else if (unittests.length == 0) {
     unittests = [];
   }

--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -154,17 +154,17 @@ Usage()
     PRINTUSAGE("", "", "  nistp521, prime192v1, prime192v2, prime192v3,");
     PRINTUSAGE("", "", "  prime239v1, prime239v2, prime239v3, c2pnb163v1,");
     PRINTUSAGE("", "", "  c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
     PRINTUSAGE("", "", "  c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
     PRINTUSAGE("", "", "  c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
     PRINTUSAGE("", "", "  c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
     PRINTUSAGE("", "", "  c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
     PRINTUSAGE("", "", "  secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
-    PRINTUSAGE("", "", "  sect131r1, sect131r2");
+    PRINTUSAGE("", "", "  sect131r1, sect131r2, curve25519");
 #endif
     PRINTUSAGE("", "-p", "do performance test");
     PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
     PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer");
     PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]");
     PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
@@ -491,16 +491,17 @@ static CurveNameTagPair nameTagPair[] =
       { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
       { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
       { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
 
       { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
       { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
       { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
       { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+      { "curve25519", SEC_OID_CURVE25519 },
     };
 
 static SECItem *
 getECParams(const char *curve)
 {
     SECItem *ecparams;
     SECOidData *oidData = NULL;
     SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
@@ -1882,16 +1883,17 @@ bltest_ecdsa_init(bltestCipherInfo *ciph
         pubkey->ecParams.base.len = key->ecParams.base.len;
         pubkey->ecParams.base.data = key->ecParams.base.data;
         pubkey->ecParams.order.len = key->ecParams.order.len;
         pubkey->ecParams.order.data = key->ecParams.order.data;
         pubkey->ecParams.cofactor = key->ecParams.cofactor;
         pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
         pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
         pubkey->ecParams.name = key->ecParams.name;
+        pubkey->ecParams.pointSize = key->ecParams.pointSize;
         pubkey->publicValue.len = key->publicValue.len;
         pubkey->publicValue.data = key->publicValue.data;
         asymk->pubKey = pubkey;
         cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
     }
     return SECSuccess;
 }
 #endif

--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -426,20 +426,25 @@ DumpChain(CERTCertDBHandle *handle, char
     CERT_DestroyCertificate(the_cert);
     if (!chain) {
         SECU_PrintError(progName, "Could not obtain chain for: %s\n", name);
         return SECFailure;
     }
     for (i = chain->len - 1; i >= 0; i--) {
         CERTCertificate *c;
         c = CERT_FindCertByDERCert(handle, &chain->certs[i]);
-        for (j = i; j < chain->len - 1; j++)
+        for (j = i; j < chain->len - 1; j++) {
             printf("  ");
-        printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName);
-        CERT_DestroyCertificate(c);
+        }
+        if (c) {
+            printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName);
+            CERT_DestroyCertificate(c);
+        } else {
+            printf("(null)\n\n");
+        }
     }
     CERT_DestroyCertificateList(chain);
     return SECSuccess;
 }
 
 static SECStatus
 outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii,
                       SECItem *extensionOID, PRFileDesc *outfile)
@@ -1252,17 +1257,17 @@ luG(enum usage_level ul, const char *com
         "   -f password-file");
     FPS "%-20s Specify the noise file to be used\n",
         "   -z noisefile");
     FPS "%-20s read PQG value from pqgfile (dsa only)\n",
         "   -q pqgfile");
 #ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
-    FPS "%-20s One of nistp256, nistp384, nistp521\n", "");
+    FPS "%-20s One of nistp256, nistp384, nistp521, curve25519\n", "");
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
     FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", "");
     FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", "");
     FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", "");
     FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", "");
     FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", "");
     FPS "%-20s secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", "");
     FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", "");

--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -471,16 +471,17 @@ static CurveNameTagPair nameTagPair[] =
       { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
       { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
       { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
 
       { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
       { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
       { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
       { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+      { "curve25519", SEC_OID_CURVE25519 },
     };
 
 static SECKEYECParams *
 getECParams(const char *curve)
 {
     SECKEYECParams *ecparams;
     SECOidData *oidData = NULL;
     SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */

--- a/security/nss/cmd/ecperf/ecperf.c
+++ b/security/nss/cmd/ecperf/ecperf.c
@@ -4,16 +4,17 @@
 
 #include "blapi.h"
 #include "ec.h"
 #include "ecl-curve.h"
 #include "prprf.h"
 #include "basicutil.h"
 #include "pkcs11.h"
 #include "nspr.h"
+#include "certt.h" /* TODO: remove when old curves are removed */
 #include <stdio.h>
 
 #define __PASTE(x, y) x##y
 
 /*
  * Get the NSS specific PKCS #11 function names.
  */
 #undef CK_PKCS11_FUNCTION_INFO
@@ -81,17 +82,18 @@ static SECOidTag ecCurve_oid_map[] = {
     SEC_OID_SECG_EC_SECT131R2,
     SEC_OID_SECG_EC_SECT163R1,
     SEC_OID_SECG_EC_SECT193R1,
     SEC_OID_SECG_EC_SECT193R2,
     SEC_OID_SECG_EC_SECT239K1,
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_1 */
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_8 */
     SEC_OID_UNKNOWN, /* ECCurve_WTLS_9 */
-    SEC_OID_UNKNOWN  /* ECCurve_pastLastCurve */
+    SEC_OID_CURVE25519,
+    SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */
 };
 
 typedef SECStatus (*op_func)(void *, void *, void *);
 typedef SECStatus (*pk11_op_func)(CK_SESSION_HANDLE, void *, void *, void *);
 
 typedef SECItem SECKEYECParams;
 
 typedef struct ThreadDataStr {
@@ -253,30 +255,47 @@ M_TimeOperation(void (*threadFunc)(void 
     }
     PORT_Free(threadIDs);
     PORT_Free(threadData);
 
     return SECSuccess;
 }
 
 /* Test curve using specific field arithmetic. */
-#define ECTEST_NAMED_GFP(name_c, name_v)                               \
-    if (usefreebl) {                                                   \
-        printf("Testing %s using freebl implementation...\n", name_c); \
-        rv = ectest_curve_freebl(name_v, iterations, numThreads);      \
-        if (rv != SECSuccess)                                          \
-            goto cleanup;                                              \
-        printf("... okay.\n");                                         \
-    }                                                                  \
-    if (usepkcs11) {                                                   \
-        printf("Testing %s using pkcs11 implementation...\n", name_c); \
-        rv = ectest_curve_pkcs11(name_v, iterations, numThreads);      \
-        if (rv != SECSuccess)                                          \
-            goto cleanup;                                              \
-        printf("... okay.\n");                                         \
+#define ECTEST_NAMED_GFP(name_c, name_v)                                        \
+    if (usefreebl) {                                                            \
+        printf("Testing %s using freebl implementation...\n", name_c);          \
+        rv = ectest_curve_freebl(name_v, iterations, numThreads, ec_field_GFp); \
+        if (rv != SECSuccess)                                                   \
+            goto cleanup;                                                       \
+        printf("... okay.\n");                                                  \
+    }                                                                           \
+    if (usepkcs11) {                                                            \
+        printf("Testing %s using pkcs11 implementation...\n", name_c);          \
+        rv = ectest_curve_pkcs11(name_v, iterations, numThreads);               \
+        if (rv != SECSuccess)                                                   \
+            goto cleanup;                                                       \
+        printf("... okay.\n");                                                  \
+    }
+
+/* Test curve using specific field arithmetic. */
+#define ECTEST_NAMED_CUSTOM(name_c, name_v)                                       \
+    if (usefreebl) {                                                              \
+        printf("Testing %s using freebl implementation...\n", name_c);            \
+        rv = ectest_curve_freebl(name_v, iterations, numThreads, ec_field_plain); \
+        if (rv != SECSuccess)                                                     \
+            goto cleanup;                                                         \
+        printf("... okay.\n");                                                    \
+    }                                                                             \
+    if (usepkcs11) {                                                              \
+        printf("Testing %s using pkcs11 implementation...\n", name_c);            \
+        rv = ectest_curve_pkcs11(name_v, iterations, numThreads);                 \
+        if (rv != SECSuccess)                                                     \
+            goto cleanup;                                                         \
+        printf("... okay.\n");                                                    \
     }
 
 /*
  * Initializes a SECItem from a hexadecimal string
  *
  * Warning: This function ignores leading 00's, so any leading 00's
  * in the hexadecimal string must be optional.
  */
@@ -505,39 +524,44 @@ ectest_curve_pkcs11(ECCurveName curve, i
     ecdh_params.pPublicData = template.pValue;
 
     mech.mechanism = CKM_ECDH1_DERIVE;
     mech.pParameter = (void *)&ecdh_params;
     mech.ulParameterLen = sizeof(ecdh_params);
 
     lock = PR_NewLock();
 
-    rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Derive, "ECDH_Derive",
-                         &ecPriv, &mech, NULL, iterations, numThreads,
-                         lock, session, 0, &deriveRate);
-    if (rv != SECSuccess) {
-        goto cleanup;
-    }
-    rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Sign, "ECDSA_Sign",
-                         (void *)&ecPriv, &sig, &digest, iterations, numThreads,
-                         lock, session, 1, &signRate);
-    if (rv != SECSuccess) {
-        goto cleanup;
+    if (ecCurve_map[curve]->usage & KU_KEY_AGREEMENT) {
+        rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Derive, "ECDH_Derive",
+                             &ecPriv, &mech, NULL, iterations, numThreads,
+                             lock, session, 0, &deriveRate);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
     }
-    printf("        ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
-    /* get a signature */
-    rv = PKCS11_Sign(session, &ecPriv, &sig, &digest);
-    if (rv != SECSuccess) {
-        goto cleanup;
-    }
-    rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Verify, "ECDSA_Verify",
-                         (void *)&ecPub, &sig, &digest, iterations, numThreads,
-                         lock, session, 0, NULL);
-    if (rv != SECSuccess) {
-        goto cleanup;
+
+    if (ecCurve_map[curve]->usage & KU_DIGITAL_SIGNATURE) {
+        rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Sign, "ECDSA_Sign",
+                             (void *)&ecPriv, &sig, &digest, iterations, numThreads,
+                             lock, session, 1, &signRate);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        printf("        ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
+        /* get a signature */
+        rv = PKCS11_Sign(session, &ecPriv, &sig, &digest);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Verify, "ECDSA_Verify",
+                             (void *)&ecPub, &sig, &digest, iterations, numThreads,
+                             lock, session, 0, NULL);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
     }
 
 cleanup:
     if (lock) {
         PR_DestroyLock(lock);
     }
     return rv;
 }
@@ -557,17 +581,18 @@ ECDH_DeriveWrap(ECPrivateKey *priv, ECPu
     SECITEM_FreeItem(&secret, PR_FALSE);
     return rv;
 }
 
 /* Performs basic tests of elliptic curve cryptography over prime fields.
  * If tests fail, then it prints an error message, aborts, and returns an
  * error code. Otherwise, returns 0. */
 SECStatus
-ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads)
+ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads,
+                    ECFieldType fieldType)
 {
     ECParams ecParams = { 0 };
     ECPrivateKey *ecPriv = NULL;
     ECPublicKey ecPub;
     SECItem sig;
     SECItem digest;
     unsigned char sigData[256];
     unsigned char digestData[20];
@@ -589,19 +614,20 @@ ectest_curve_freebl(ECCurveName curve, i
     ecParams.name = curve;
     ecParams.type = ec_params_named;
     ecParams.curveOID.data = NULL;
     ecParams.curveOID.len = 0;
     ecParams.curve.seed.data = NULL;
     ecParams.curve.seed.len = 0;
     ecParams.DEREncoding.data = NULL;
     ecParams.DEREncoding.len = 0;
+    ecParams.pointSize = ecCurve_map[curve]->pointSize;
 
     ecParams.fieldID.size = ecCurve_map[curve]->size;
-    ecParams.fieldID.type = ec_field_GFp;
+    ecParams.fieldID.type = fieldType;
     hexString2SECItem(arena, &ecParams.fieldID.u.prime, ecCurve_map[curve]->irr);
     hexString2SECItem(arena, &ecParams.curve.a, ecCurve_map[curve]->curvea);
     hexString2SECItem(arena, &ecParams.curve.b, ecCurve_map[curve]->curveb);
     genenc[0] = '0';
     genenc[1] = '4';
     genenc[2] = '\0';
     strcat(genenc, ecCurve_map[curve]->genx);
     strcat(genenc, ecCurve_map[curve]->geny);
@@ -617,34 +643,39 @@ ectest_curve_freebl(ECCurveName curve, i
 
     rv = EC_NewKey(&ecParams, &ecPriv);
     if (rv != SECSuccess) {
         return SECFailure;
     }
     ecPub.ecParams = ecParams;
     ecPub.publicValue = ecPriv->publicValue;
 
-    rv = M_TimeOperation(genericThread, (op_func)ECDH_DeriveWrap, "ECDH_Derive",
-                         ecPriv, &ecPub, NULL, iterations, numThreads, 0, 0, 0, &deriveRate);
-    if (rv != SECSuccess) {
-        goto cleanup;
+    if (ecCurve_map[curve]->usage & KU_KEY_AGREEMENT) {
+        rv = M_TimeOperation(genericThread, (op_func)ECDH_DeriveWrap, "ECDH_Derive",
+                             ecPriv, &ecPub, NULL, iterations, numThreads, 0, 0, 0, &deriveRate);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
     }
-    rv = M_TimeOperation(genericThread, (op_func)ECDSA_SignDigest, "ECDSA_Sign",
-                         ecPriv, &sig, &digest, iterations, numThreads, 0, 0, 1, &signRate);
-    if (rv != SECSuccess)
-        goto cleanup;
-    printf("        ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
-    rv = ECDSA_SignDigest(ecPriv, &sig, &digest);
-    if (rv != SECSuccess) {
-        goto cleanup;
-    }
-    rv = M_TimeOperation(genericThread, (op_func)ECDSA_VerifyDigest, "ECDSA_Verify",
-                         &ecPub, &sig, &digest, iterations, numThreads, 0, 0, 0, NULL);
-    if (rv != SECSuccess) {
-        goto cleanup;
+
+    if (ecCurve_map[curve]->usage & KU_DIGITAL_SIGNATURE) {
+        rv = M_TimeOperation(genericThread, (op_func)ECDSA_SignDigest, "ECDSA_Sign",
+                             ecPriv, &sig, &digest, iterations, numThreads, 0, 0, 1, &signRate);
+        if (rv != SECSuccess)
+            goto cleanup;
+        printf("        ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
+        rv = ECDSA_SignDigest(ecPriv, &sig, &digest);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        rv = M_TimeOperation(genericThread, (op_func)ECDSA_VerifyDigest, "ECDSA_Verify",
+                             &ecPub, &sig, &digest, iterations, numThreads, 0, 0, 0, NULL);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
     }
 
 cleanup:
     PORT_FreeArena(arena, PR_FALSE);
     PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
     return rv;
 }
 
@@ -738,16 +769,17 @@ main(int argv, char **argc)
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
         ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
         ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
         ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
 #endif
         ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
         ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
         ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
+        ECTEST_NAMED_CUSTOM("Curve25519", ECCurve25519);
     }
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
     if (ansi) {
         ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
         ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
         ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
         ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
         ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);

--- a/security/nss/cmd/ecperf/manifest.mn
+++ b/security/nss/cmd/ecperf/manifest.mn
@@ -6,19 +6,13 @@
 DEPTH = ../..
 CORE_DEPTH = ../..
 
 # MODULE public and private header directories are implicitly REQUIRED.
 MODULE = nss
 
 INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
 
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-REQUIRES = dbm seccmd
-
-# DIRS =
-
 CSRCS = ecperf.c
 
 PROGRAM = ecperf
 
 USE_STATIC_LIBS = 1

--- a/security/nss/cmd/ectest/ectest.c
+++ b/security/nss/cmd/ectest/ectest.c
@@ -1,31 +1,40 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "blapi.h"
 #include "ec.h"
 #include "ecl-curve.h"
-#include "prprf.h"
-#include "basicutil.h"
-#include "secder.h"
+#include "nss.h"
+#include "secutil.h"
 #include "secitem.h"
 #include "nspr.h"
+#include "pk11pub.h"
 #include <stdio.h>
 
 typedef struct {
     ECCurveName curve;
+    int iterations;
     char *privhex;
     char *our_pubhex;
     char *their_pubhex;
     char *common_key;
     char *name;
+    ECFieldType fieldType;
 } ECDH_KAT;
 
+typedef struct {
+    ECCurveName curve;
+    char *point;
+    char *name;
+    ECFieldType fieldType;
+} ECDH_BAD;
+
 #include "testvecs.h"
 
 /*
  * Initializes a SECItem from a hexadecimal string
  *
  */
 static SECItem *
 hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
@@ -64,123 +73,362 @@ hexString2SECItem(PLArenaPool *arena, SE
             byteval = 0;
         }
         i++;
     }
 
     return item;
 }
 
+void
+printBuf(const SECItem *item)
+{
+    int i;
+    if (!item || !item->len) {
+        printf("(null)\n");
+        return;
+    }
+
+    for (i = 0; i < item->len; i++) {
+        printf("%02x", item->data[i]);
+    }
+    printf("\n");
+}
+
+/* Initialise test with basic curve populate with only the necessary things */
+SECStatus
+init_params(ECParams *ecParams, ECCurveName curve, PLArenaPool **arena,
+            ECFieldType type)
+{
+    if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve)) {
+        return SECFailure;
+    }
+    *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!*arena) {
+        return SECFailure;
+    }
+    ecParams->name = curve;
+    ecParams->type = ec_params_named;
+    ecParams->curveOID.data = NULL;
+    ecParams->curveOID.len = 0;
+    ecParams->curve.seed.data = NULL;
+    ecParams->curve.seed.len = 0;
+    ecParams->DEREncoding.data = NULL;
+    ecParams->DEREncoding.len = 0;
+    ecParams->arena = *arena;
+    ecParams->fieldID.size = ecCurve_map[curve]->size;
+    ecParams->fieldID.type = type;
+    ecParams->cofactor = ecCurve_map[curve]->cofactor;
+    ecParams->pointSize = ecCurve_map[curve]->pointSize;
+
+    return SECSuccess;
+}
+
 SECStatus
 ectest_ecdh_kat(ECDH_KAT *kat)
 {
     ECCurveName curve = kat->curve;
     ECParams ecParams = { 0 };
     ECPrivateKey *ecPriv = NULL;
     SECItem theirKey = { siBuffer, NULL, 0 };
     SECStatus rv = SECFailure;
-    PLArenaPool *arena;
+    PLArenaPool *arena = NULL;
     SECItem seed = { siBuffer, NULL, 0 };
     SECItem answer = { siBuffer, NULL, 0 };
     SECItem answer2 = { siBuffer, NULL, 0 };
     SECItem derived = { siBuffer, NULL, 0 };
     char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-        return SECFailure;
-    }
+    int i;
 
-    if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve)) {
-        PORT_FreeArena(arena, PR_FALSE);
-        return SECFailure;
+    rv = init_params(&ecParams, curve, &arena, kat->fieldType);
+    if (rv != SECSuccess) {
+        return rv;
     }
 
-    ecParams.name = curve;
-    ecParams.type = ec_params_named;
-    ecParams.curveOID.data = NULL;
-    ecParams.curveOID.len = 0;
-    ecParams.curve.seed.data = NULL;
-    ecParams.curve.seed.len = 0;
-    ecParams.DEREncoding.data = NULL;
-    ecParams.DEREncoding.len = 0;
-
-    ecParams.fieldID.size = ecCurve_map[curve]->size;
-    ecParams.fieldID.type = ec_field_GFp;
     hexString2SECItem(arena, &ecParams.fieldID.u.prime, ecCurve_map[curve]->irr);
     hexString2SECItem(arena, &ecParams.curve.a, ecCurve_map[curve]->curvea);
     hexString2SECItem(arena, &ecParams.curve.b, ecCurve_map[curve]->curveb);
     genenc[0] = '0';
     genenc[1] = '4';
     genenc[2] = '\0';
+    PORT_Assert(PR_ARRAY_SIZE(genenc) >= PORT_Strlen(ecCurve_map[curve]->genx));
+    PORT_Assert(PR_ARRAY_SIZE(genenc) >= PORT_Strlen(ecCurve_map[curve]->geny));
     strcat(genenc, ecCurve_map[curve]->genx);
     strcat(genenc, ecCurve_map[curve]->geny);
     hexString2SECItem(arena, &ecParams.base, genenc);
     hexString2SECItem(arena, &ecParams.order, ecCurve_map[curve]->order);
-    ecParams.cofactor = ecCurve_map[curve]->cofactor;
 
-    hexString2SECItem(arena, &answer, kat->our_pubhex);
+    if (kat->our_pubhex) {
+        hexString2SECItem(arena, &answer, kat->our_pubhex);
+    }
     hexString2SECItem(arena, &seed, kat->privhex);
     rv = EC_NewKeyFromSeed(&ecParams, &ecPriv, seed.data, seed.len);
     if (rv != SECSuccess) {
         rv = SECFailure;
         goto cleanup;
     }
-    if (SECITEM_CompareItem(&answer, &ecPriv->publicValue) != SECEqual) {
-        rv = SECFailure;
-        goto cleanup;
+    if (kat->our_pubhex) {
+        if (SECITEM_CompareItem(&answer, &ecPriv->publicValue) != SECEqual) {
+            rv = SECFailure;
+            goto cleanup;
+        }
     }
 
     hexString2SECItem(arena, &theirKey, kat->their_pubhex);
     hexString2SECItem(arena, &answer2, kat->common_key);
-    rv = ECDH_Derive(&theirKey, &ecParams, &ecPriv->privateValue, PR_TRUE, &derived);
+
+    rv = EC_ValidatePublicKey(&ecParams, &theirKey);
     if (rv != SECSuccess) {
+        printf("EC_ValidatePublicKey failed\n");
+        goto cleanup;
+    }
+
+    for (i = 0; i < kat->iterations; ++i) {
+        rv = ECDH_Derive(&theirKey, &ecParams, &ecPriv->privateValue, PR_TRUE, &derived);
+        if (rv != SECSuccess) {
+            rv = SECFailure;
+            goto cleanup;
+        }
+        rv = SECITEM_CopyItem(ecParams.arena, &theirKey, &ecPriv->privateValue);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        rv = SECITEM_CopyItem(ecParams.arena, &ecPriv->privateValue, &derived);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        SECITEM_FreeItem(&derived, PR_FALSE);
+    }
+
+    if (SECITEM_CompareItem(&answer2, &ecPriv->privateValue) != SECEqual) {
+        printf("expected: ");
+        printBuf(&answer2);
+        printf("derived:  ");
+        printBuf(&ecPriv->privateValue);
         rv = SECFailure;
         goto cleanup;
     }
 
-    if (SECITEM_CompareItem(&answer2, &derived) != SECEqual) {
-        rv = SECFailure;
+cleanup:
+    PORT_FreeArena(arena, PR_FALSE);
+    if (ecPriv) {
+        PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
+    }
+    if (derived.data) {
+        SECITEM_FreeItem(&derived, PR_FALSE);
+    }
+    return rv;
+}
+
+void
+PrintKey(PK11SymKey *symKey)
+{
+    char *name = PK11_GetSymKeyNickname(symKey);
+    int len = PK11_GetKeyLength(symKey);
+    int strength = PK11_GetKeyStrength(symKey, NULL);
+    SECItem *value = NULL;
+    CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
+    (void)PK11_ExtractKeyValue(symKey);
+
+    value = PK11_GetKeyData(symKey);
+    printf("%s %3d   %4d   %s  ", name ? name : "no-name", len, strength,
+           type == CKK_GENERIC_SECRET ? "generic" : "ERROR! UNKNOWN KEY TYPE");
+    printBuf(value);
+
+    PORT_Free(name);
+}
+
+SECStatus
+ectest_curve_pkcs11(SECOidTag oid)
+{
+    SECKEYECParams pk_11_ecParams = { siBuffer, NULL, 0 };
+    SECKEYPublicKey *pubKey = NULL;
+    SECKEYPrivateKey *privKey = NULL;
+    SECOidData *oidData = NULL;
+    CK_MECHANISM_TYPE target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+    PK11SymKey *symKey = NULL;
+    SECStatus rv = SECFailure;
+
+    oidData = SECOID_FindOIDByTag(oid);
+    if (oidData == NULL) {
+        printf(" >>> SECOID_FindOIDByTag failed.\n");
+        goto cleanup;
+    }
+    PORT_Assert(oidData->oid.len < 256);
+    SECITEM_AllocItem(NULL, &pk_11_ecParams, (2 + oidData->oid.len));
+    pk_11_ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
+    pk_11_ecParams.data[1] = oidData->oid.len;
+    memcpy(pk_11_ecParams.data + 2, oidData->oid.data, oidData->oid.len);
+
+    privKey = SECKEY_CreateECPrivateKey(&pk_11_ecParams, &pubKey, NULL);
+    if (!privKey || !pubKey) {
+        printf(" >>> SECKEY_CreateECPrivateKey failed.\n");
         goto cleanup;
     }
+
+    symKey = PK11_PubDeriveWithKDF(privKey, pubKey, PR_FALSE, NULL, NULL,
+                                   CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                                   CKD_NULL, NULL, NULL);
+    if (!symKey) {
+        printf(" >>> PK11_PubDeriveWithKDF failed.\n");
+        goto cleanup;
+    }
+    PrintKey(symKey);
+    rv = SECSuccess;
+
 cleanup:
+    if (privKey) {
+        SECKEY_DestroyPrivateKey(privKey);
+    }
+    if (pubKey) {
+        SECKEY_DestroyPublicKey(pubKey);
+    }
+    if (symKey) {
+        PK11_FreeSymKey(symKey);
+    }
+    SECITEM_FreeItem(&pk_11_ecParams, PR_FALSE);
+
+    return rv;
+}
+
+SECStatus
+ectest_validate_point(ECDH_BAD *bad)
+{
+    ECParams ecParams = { 0 };
+    SECItem point = { siBuffer, NULL, 0 };
+    SECStatus rv = SECFailure;
+    PLArenaPool *arena = NULL;
+
+    rv = init_params(&ecParams, bad->curve, &arena, bad->fieldType);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    hexString2SECItem(arena, &point, bad->point);
+    rv = EC_ValidatePublicKey(&ecParams, &point);
+
     PORT_FreeArena(arena, PR_FALSE);
-    PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
-    SECITEM_FreeItem(&derived, PR_FALSE);
     return rv;
 }
 
+void
+printUsage(char *prog)
+{
+    printf("Usage: %s [-fp] [-nd]\n"
+           "\t-f: usefreebl\n"
+           "\t-p: usepkcs11\n"
+           "\t-n: NIST curves\n"
+           "\t-d: non-NIST curves\n"
+           "You have to specify at least f or p and n or d.\n"
+           "By default no tests are executed.\n",
+           prog);
+}
+
 /* Performs tests of elliptic curve cryptography over prime fields If
  * tests fail, then it prints an error message, aborts, and returns an
  * error code. Otherwise, returns 0. */
 int
 main(int argv, char **argc)
 {
     SECStatus rv = SECSuccess;
     int numkats = 0;
     int i = 0;
+    int usepkcs11 = 0;
+    int usefreebl = 0;
+    int nist = 0;
+    int nonnist = 0;
+    SECOidTag nistOids[3] = { SEC_OID_SECG_EC_SECP256R1,
+                              SEC_OID_SECG_EC_SECP384R1,
+                              SEC_OID_SECG_EC_SECP521R1 };
 
-    rv = SECOID_Init();
+    for (i = 1; i < argv; i++) {
+        if (PL_strcasecmp(argc[i], "-p") == 0) {
+            usepkcs11 = 1;
+        } else if (PL_strcasecmp(argc[i], "-f") == 0) {
+            usefreebl = 1;
+        } else if (PL_strcasecmp(argc[i], "-n") == 0) {
+            nist = 1;
+        } else if (PL_strcasecmp(argc[i], "-d") == 0) {
+            nonnist = 1;
+        } else {
+            printUsage(argc[0]);
+            return 1;
+        }
+    }
+    if (!(usepkcs11 || usefreebl) || !(nist || nonnist)) {
+        printUsage(argc[0]);
+        return 1;
+    }
+
+    rv = NSS_NoDB_Init(NULL);
     if (rv != SECSuccess) {
-        SECU_PrintError("Error:", "SECOID_Init");
+        SECU_PrintError("Error:", "NSS_NoDB_Init");
         goto cleanup;
     }
 
-    while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
-        numkats++;
+    /* Test P256, P384, P521 */
+    if (usefreebl) {
+        if (nist) {
+            while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
+                numkats++;
+            }
+            printf("1..%d\n", numkats);
+            for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
+                if (ectest_ecdh_kat(&ecdh_testvecs[i]) != SECSuccess) {
+                    printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
+                    rv = SECFailure;
+                } else {
+                    printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
+                }
+            }
+        }
+
+        /* Test KAT for non-NIST curves */
+        if (nonnist) {
+            for (i = 0; nonnist_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
+                if (ectest_ecdh_kat(&nonnist_testvecs[i]) != SECSuccess) {
+                    printf("not okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
+                    rv = SECFailure;
+                } else {
+                    printf("okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
+                }
+            }
+            for (i = 0; nonnist_testvecs_bad_values[i].curve != ECCurve_pastLastCurve; i++) {
+                if (ectest_validate_point(&nonnist_testvecs_bad_values[i]) == SECSuccess) {
+                    printf("not okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
+                    rv = SECFailure;
+                } else {
+                    printf("okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
+                }
+            }
+        }
     }
-    printf("1..%d\n", numkats);
-    for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
-        rv = ectest_ecdh_kat(&ecdh_testvecs[i]);
-        if (rv != SECSuccess) {
-            printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
-        } else {
-            printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
+
+    /* Test PK11 for non-NIST curves */
+    if (usepkcs11) {
+        if (nonnist) {
+            if (ectest_curve_pkcs11(SEC_OID_CURVE25519) != SECSuccess) {
+                printf("not okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
+                rv = SECFailure;
+            } else {
+                printf("okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
+            }
+        }
+        if (nist) {
+            for (i = 0; i < 3; ++i) {
+                if (ectest_curve_pkcs11(nistOids[i]) != SECSuccess) {
+                    printf("not okay (OID %d) - PK11 test\n", nistOids[i]);
+                    rv = SECFailure;
+                } else {
+                    printf("okay (OID %d) - PK11 test\n", nistOids[i]);
+                }
+            }
         }
     }
 
 cleanup:
-    rv |= SECOID_Shutdown();
+    rv |= NSS_Shutdown();
 
     if (rv != SECSuccess) {
         printf("Error: exiting with error value\n");
     }
     return rv;
 }

--- a/security/nss/cmd/ectest/testvecs.h
+++ b/security/nss/cmd/ectest/testvecs.h
@@ -1,728 +1,818 @@
 static ECDH_KAT ecdh_testvecs[] = {
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
       "04ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b23028af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141",
       "04700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
       "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
-      "curve: P256 vector: 0" },
+      "curve: P256 vector: 0", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5",
       "04119f2f047902782ab0c9e27a54aff5eb9b964829ca99c06b02ddba95b0a3f6d08f52b726664cac366fc98ac7a012b2682cbd962e5acb544671d41b9445704d1d",
       "04809f04289c64348c01515eb03d5ce7ac1a8cb9498f5caa50197e58d43a86a7aeb29d84e811197f25eba8f5194092cb6ff440e26d4421011372461f579271cda3",
       "057d636096cb80b67a8c038c890e887d1adfa4195e9b3ce241c8a778c59cda67",
-      "curve: P256 vector: 1" },
+      "curve: P256 vector: 1", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "1accfaf1b97712b85a6f54b148985a1bdc4c9bec0bd258cad4b3d603f49f32c8",
       "04d9f2b79c172845bfdb560bbb01447ca5ecc0470a09513b6126902c6b4f8d1051f815ef5ec32128d3487834764678702e64e164ff7315185e23aff5facd96d7bc",
       "04a2339c12d4a03c33546de533268b4ad667debf458b464d77443636440ee7fec3ef48a3ab26e20220bcda2c1851076839dae88eae962869a497bf73cb66faf536",
       "2d457b78b4614132477618a5b077965ec90730a8c81a1c75d6d4ec68005d67ec",
-      "curve: P256 vector: 2" },
+      "curve: P256 vector: 2", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "207c43a79bfee03db6f4b944f53d2fb76cc49ef1c9c4d34d51b6c65c4db6932d",
       "0424277c33f450462dcb3d4801d57b9ced05188f16c28eda873258048cd1607e0dc4789753e2b1f63b32ff014ec42cd6a69fac81dfe6d0d6fd4af372ae27c46f88",
       "04df3989b9fa55495719b3cf46dccd28b5153f7808191dd518eff0c3cff2b705ed422294ff46003429d739a33206c8752552c8ba54a270defc06e221e0feaf6ac4",
       "96441259534b80f6aee3d287a6bb17b5094dd4277d9e294f8fe73e48bf2a0024",
-      "curve: P256 vector: 3" },
+      "curve: P256 vector: 3", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "59137e38152350b195c9718d39673d519838055ad908dd4757152fd8255c09bf",
       "04a8c5fdce8b62c5ada598f141adb3b26cf254c280b2857a63d2ad783a73115f6b806e1aafec4af80a0d786b3de45375b517a7e5b51ffb2c356537c9e6ef227d4a",
       "0441192d2813e79561e6a1d6f53c8bc1a433a199c835e141b05a74a97b0faeb9221af98cc45e98a7e041b01cf35f462b7562281351c8ebf3ffa02e33a0722a1328",
       "19d44c8d63e8e8dd12c22a87b8cd4ece27acdde04dbf47f7f27537a6999a8e62",
-      "curve: P256 vector: 4" },
+      "curve: P256 vector: 4", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "f5f8e0174610a661277979b58ce5c90fee6c9b3bb346a90a7196255e40b132ef",
       "047b861dcd2844a5a8363f6b8ef8d493640f55879217189d80326aad9480dfc149c4675b45eeb306405f6c33c38bc69eb2bdec9b75ad5af4706aab84543b9cc63a",
       "0433e82092a0f1fb38f5649d5867fba28b503172b7035574bf8e5b7100a3052792f2cf6b601e0a05945e335550bf648d782f46186c772c0f20d3cd0d6b8ca14b2f",
       "664e45d5bba4ac931cd65d52017e4be9b19a515f669bea4703542a2c525cd3d3",
-      "curve: P256 vector: 5" },
+      "curve: P256 vector: 5", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "3b589af7db03459c23068b64f63f28d3c3c6bc25b5bf76ac05f35482888b5190",
       "049fb38e2d58ea1baf7622e96720101cae3cde4ba6c1e9fa26d9b1de0899102863d5561b900406edf50802dd7d73e89395f8aed72fba0e1d1b61fe1d22302260f0",
       "046a9e0c3f916e4e315c91147be571686d90464e8bf981d34a90b6353bca6eeba740f9bead39c2f2bcc2602f75b8a73ec7bdffcbcead159d0174c6c4d3c5357f05",
       "ca342daa50dc09d61be7c196c85e60a80c5cb04931746820be548cdde055679d",
-      "curve: P256 vector: 6" },
+      "curve: P256 vector: 6", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "d8bf929a20ea7436b2461b541a11c80e61d826c0a4c9d322b31dd54e7f58b9c8",
       "0420f07631e4a6512a89ad487c4e9d63039e579cb0d7a556cb9e661cd59c1e7fa46de91846b3eee8a5ec09c2ab1f41e21bd83620ccdd1bdce3ab7ea6e02dd274f5",
       "04a9c0acade55c2a73ead1a86fb0a9713223c82475791cd0e210b046412ce224bbf6de0afa20e93e078467c053d241903edad734c6b403ba758c2b5ff04c9d4229",
       "35aa9b52536a461bfde4e85fc756be928c7de97923f0416c7a3ac8f88b3d4489",
-      "curve: P256 vector: 7" },
+      "curve: P256 vector: 7", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "0f9883ba0ef32ee75ded0d8bda39a5146a29f1f2507b3bd458dbea0b2bb05b4d",
       "04abb61b423be5d6c26e21c605832c9142dc1dfe5a5fff28726737936e6fbf516d733d2513ef58beab202090586fac91bf0fee31e80ab33473ab23a2d89e58fad6",
       "0494e94f16a98255fff2b9ac0c9598aac35487b3232d3231bd93b7db7df36f9eb9d8049a43579cfa90b8093a94416cbefbf93386f15b3f6e190b6e3455fedfe69a",
       "605c16178a9bc875dcbff54d63fe00df699c03e8a888e9e94dfbab90b25f39b4",
-      "curve: P256 vector: 8" },
+      "curve: P256 vector: 8", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "2beedb04b05c6988f6a67500bb813faf2cae0d580c9253b6339e4a3337bb6c08",
       "043d63e429cb5fa895a9247129bf4e48e89f35d7b11de8158efeb3e106a2a873950cae9e477ef41e7c8c1064379bb7b554ddcbcae79f9814281f1e50f0403c61f3",
       "04e099bf2a4d557460b5544430bbf6da11004d127cb5d67f64ab07c94fcdf5274fd9c50dbe70d714edb5e221f4e020610eeb6270517e688ca64fb0e98c7ef8c1c5",
       "f96e40a1b72840854bb62bc13c40cc2795e373d4e715980b261476835a092e0b",
-      "curve: P256 vector: 9" },
+      "curve: P256 vector: 9", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "77c15dcf44610e41696bab758943eff1409333e4d5a11bbe72c8f6c395e9f848",
       "04ad5d13c3db508ddcd38457e5991434a251bed49cf5ddcb59cdee73865f138c9f62cec1e70588aa4fdfc7b9a09daa678081c04e1208b9d662b8a2214bf8e81a21",
       "04f75a5fe56bda34f3c1396296626ef012dc07e4825838778a645c8248cff0165833bbdf1b1772d8059df568b061f3f1122f28a8d819167c97be448e3dc3fb0c3c",
       "8388fa79c4babdca02a8e8a34f9e43554976e420a4ad273c81b26e4228e9d3a3",
-      "curve: P256 vector: 10" },
+      "curve: P256 vector: 10", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "42a83b985011d12303db1a800f2610f74aa71cdf19c67d54ce6c9ed951e9093e",
       "04ab48caa61ea35f13f8ed07ffa6a13e8db224dfecfae1a7df8b1bb6ebaf0cb97d1274530ca2c385a3218bddfbcbf0b4024c9badd5243bff834ebff24a8618dccb",
       "042db4540d50230756158abf61d9835712b6486c74312183ccefcaef2797b7674d62f57f314e3f3495dc4e099012f5e0ba71770f9660a1eada54104cdfde77243e",
       "72877cea33ccc4715038d4bcbdfe0e43f42a9e2c0c3b017fc2370f4b9acbda4a",
-      "curve: P256 vector: 11" },
+      "curve: P256 vector: 11", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "ceed35507b5c93ead5989119b9ba342cfe38e6e638ba6eea343a55475de2800b",
       "049a8cd9bd72e71752df91440f77c547509a84df98114e7de4f26cdb39234a625dd07cfc84c8e144fab2839f5189bb1d7c88631d579bbc58012ed9a2327da52f62",
       "04cd94fc9497e8990750309e9a8534fd114b0a6e54da89c4796101897041d14ecbc3def4b5fe04faee0a11932229fff563637bfdee0e79c6deeaf449f85401c5c4",
       "e4e7408d85ff0e0e9c838003f28cdbd5247cdce31f32f62494b70e5f1bc36307",
-      "curve: P256 vector: 12" },
+      "curve: P256 vector: 12", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "43e0e9d95af4dc36483cdd1968d2b7eeb8611fcce77f3a4e7d059ae43e509604",
       "04f989cf8ee956a82e7ebd9881cdbfb2fd946189b08db53559bc8cfdd48071eb145eff28f1a18a616b04b7d337868679f6dd84f9a7b3d7b6f8af276c19611a541d",
       "0415b9e467af4d290c417402e040426fe4cf236bae72baa392ed89780dfccdb471cdf4e9170fb904302b8fd93a820ba8cc7ed4efd3a6f2d6b05b80b2ff2aee4e77",
       "ed56bcf695b734142c24ecb1fc1bb64d08f175eb243a31f37b3d9bb4407f3b96",
-      "curve: P256 vector: 13" },
+      "curve: P256 vector: 13", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "b2f3600df3368ef8a0bb85ab22f41fc0e5f4fdd54be8167a5c3cd4b08db04903",
       "0469c627625b36a429c398b45c38677cb35d8beb1cf78a571e40e99fe4eac1cd4e81690112b0a88f20f7136b28d7d47e5fbc2ada3c8edd87589bc19ec9590637bd",
       "0449c503ba6c4fa605182e186b5e81113f075bc11dcfd51c932fb21e951eee2fa18af706ff0922d87b3f0c5e4e31d8b259aeb260a9269643ed520a13bb25da5924",
       "bc5c7055089fc9d6c89f83c1ea1ada879d9934b2ea28fcf4e4a7e984b28ad2cf",
-      "curve: P256 vector: 14" },
+      "curve: P256 vector: 14", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "4002534307f8b62a9bf67ff641ddc60fef593b17c3341239e95bdb3e579bfdc8",
       "045fe964671315a18aa68a2a6e3dd1fde7e23b8ce7181471cfac43c99e1ae80262d5827be282e62c84de531b963884ba832db5d6b2c3a256f0e604fe7e6b8a7f72",
       "0419b38de39fdd2f70f7091631a4f75d1993740ba9429162c2a45312401636b29c09aed7232b28e060941741b6828bcdfa2bc49cc844f3773611504f82a390a5ae",
       "9a4e8e657f6b0e097f47954a63c75d74fcba71a30d83651e3e5a91aa7ccd8343",
-      "curve: P256 vector: 15" },
+      "curve: P256 vector: 15", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "4dfa12defc60319021b681b3ff84a10a511958c850939ed45635934ba4979147",
       "04c9b2b8496f1440bd4a2d1e52752fd372835b364885e154a7dac49295f281ec7cfbe6b926a8a4de26ccc83b802b1212400754be25d9f3eeaf008b09870ae76321",
       "042c91c61f33adfe9311c942fdbff6ba47020feff416b7bb63cec13faf9b0999546cab31b06419e5221fca014fb84ec870622a1b12bab5ae43682aa7ea73ea08d0",
       "3ca1fc7ad858fb1a6aba232542f3e2a749ffc7203a2374a3f3d3267f1fc97b78",
-      "curve: P256 vector: 16" },
+      "curve: P256 vector: 16", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "1331f6d874a4ed3bc4a2c6e9c74331d3039796314beee3b7152fcdba5556304e",
       "0459e1e101521046ad9cf1d082e9d2ec7dd22530cce064991f1e55c5bcf5fcb591482f4f673176c8fdaa0bb6e59b15a3e47454e3a04297d3863c9338d98add1f37",
       "04a28a2edf58025668f724aaf83a50956b7ac1cfbbff79b08c3bf87dfd2828d767dfa7bfffd4c766b86abeaf5c99b6e50cb9ccc9d9d00b7ffc7804b0491b67bc03",
       "1aaabe7ee6e4a6fa732291202433a237df1b49bc53866bfbe00db96a0f58224f",
-      "curve: P256 vector: 17" },
+      "curve: P256 vector: 17", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "dd5e9f70ae740073ca0204df60763fb6036c45709bf4a7bb4e671412fad65da3",
       "0430b9db2e2e977bcdc98cb87dd736cbd8e78552121925cf16e1933657c2fb23146a45028800b81291bce5c2e1fed7ded650620ebbe6050c6f3a7f0dfb4673ab5c",
       "04a2ef857a081f9d6eb206a81c4cf78a802bdf598ae380c8886ecd85fdc1ed7644563c4c20419f07bc17d0539fade1855e34839515b892c0f5d26561f97fa04d1a",
       "430e6a4fba4449d700d2733e557f66a3bf3d50517c1271b1ddae1161b7ac798c",
-      "curve: P256 vector: 18" },
+      "curve: P256 vector: 18", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "5ae026cfc060d55600717e55b8a12e116d1d0df34af831979057607c2d9c2f76",
       "0446c9ebd1a4a3c8c0b6d572b5dcfba12467603208a9cb5d2acfbb733c40cf639146c913a27d044185d38b467ace011e04d4d9bbbb8cb9ae25fa92aaf15a595e86",
       "04ccd8a2d86bc92f2e01bce4d6922cf7fe1626aed044685e95e2eebd464505f01fe9ddd583a9635a667777d5b8a8f31b0f79eba12c75023410b54b8567dddc0f38",
       "1ce9e6740529499f98d1f1d71329147a33df1d05e4765b539b11cf615d6974d3",
-      "curve: P256 vector: 19" },
+      "curve: P256 vector: 19", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "b601ac425d5dbf9e1735c5e2d5bdb79ca98b3d5be4a2cfd6f2273f150e064d9d",
       "047c9e950841d26c8dde8994398b8f5d475a022bc63de7773fcf8d552e01f1ba0acc42b9885c9b3bee0f8d8c57d3a8f6355016c019c4062fa22cff2f209b5cc2e1",
       "04c188ffc8947f7301fb7b53e36746097c2134bf9cc981ba74b4e9c4361f595e4ebf7d2f2056e72421ef393f0c0f2b0e00130e3cac4abbcc00286168e85ec55051",
       "4690e3743c07d643f1bc183636ab2a9cb936a60a802113c49bb1b3f2d0661660",
-      "curve: P256 vector: 20" },
+      "curve: P256 vector: 20", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "fefb1dda1845312b5fce6b81b2be205af2f3a274f5a212f66c0d9fc33d7ae535",
       "0438b54db85500cb20c61056edd3d88b6a9dc26780a047f213a6e1b900f76596eb6387e4e5781571e4eb8ae62991a33b5dc33301c5bc7e125d53794a39160d8fd0",
       "04317e1020ff53fccef18bf47bb7f2dd7707fb7b7a7578e04f35b3beed222a0eb609420ce5a19d77c6fe1ee587e6a49fbaf8f280e8df033d75403302e5a27db2ae",
       "30c2261bd0004e61feda2c16aa5e21ffa8d7e7f7dbf6ec379a43b48e4b36aeb0",
-      "curve: P256 vector: 21" },
+      "curve: P256 vector: 21", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "334ae0c4693d23935a7e8e043ebbde21e168a7cba3fa507c9be41d7681e049ce",
       "043f2bf1589abf3047bf3e54ac9a95379bff95f8f55405f64eca36a7eebe8ffca75212a94e66c5ae9a8991872f66a72723d80ec5b2e925745c456f5371943b3a06",
       "0445fb02b2ceb9d7c79d9c2fa93e9c7967c2fa4df5789f9640b24264b1e524fcb15c6e8ecf1f7d3023893b7b1ca1e4d178972ee2a230757ddc564ffe37f5c5a321",
       "2adae4a138a239dcd93c243a3803c3e4cf96e37fe14e6a9b717be9599959b11c",
-      "curve: P256 vector: 22" },
+      "curve: P256 vector: 22", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "2c4bde40214fcc3bfc47d4cf434b629acbe9157f8fd0282540331de7942cf09d",
       "0429c0807f10cbc42fb45c9989da50681eead716daa7b9e91fd32e062f5eb92ca0ff1d6d1955d7376b2da24fe1163a271659136341bc2eb1195fc706dc62e7f34d",
       "04a19ef7bff98ada781842fbfc51a47aff39b5935a1c7d9625c8d323d511c92de6e9c184df75c955e02e02e400ffe45f78f339e1afe6d056fb3245f4700ce606ef",
       "2e277ec30f5ea07d6ce513149b9479b96e07f4b6913b1b5c11305c1444a1bc0b",
-      "curve: P256 vector: 23" },
+      "curve: P256 vector: 23", ec_field_GFp },
 
-    { ECCurve_NIST_P256,
+    { ECCurve_NIST_P256, 1,
       "85a268f9d7772f990c36b42b0a331adc92b5941de0b862d5d89a347cbf8faab0",
       "049cf4b98581ca1779453cc816ff28b4100af56cf1bf2e5bc312d83b6b1b21d3337a5504fcac5231a0d12d658218284868229c844a04a3450d6c7381abe080bf3b",
       "04356c5a444c049a52fee0adeb7e5d82ae5aa83030bfff31bbf8ce2096cf161c4b57d128de8b2a57a094d1a001e572173f96e8866ae352bf29cddaf92fc85b2f92",
       "1e51373bd2c6044c129c436e742a55be2a668a85ae08441b6756445df5493857",
-      "curve: P256 vector: 24" },
+      "curve: P256 vector: 24", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "3cc3122a68f0d95027ad38c067916ba0eb8c38894d22e1b15618b6818a661774ad463b205da88cf699ab4d43c9cf98a1",
       "049803807f2f6d2fd966cdd0290bd410c0190352fbec7ff6247de1302df86f25d34fe4a97bef60cff548355c015dbb3e5"
       "fba26ca69ec2f5b5d9dad20cc9da711383a9dbe34ea3fa5a2af75b46502629ad54dd8b7d73a8abb06a3a3be47d650cc99",
       "04a7c76b970c3b5fe8b05d2838ae04ab47697b9eaf52e764592efda27fe7513272734466b400091adbf2d68c58e0c5006"
       "6ac68f19f2e1cb879aed43a9969b91a0839c4c38a49749b661efedf243451915ed0905a32b060992b468c64766fc8437a",
       "5f9d29dc5e31a163060356213669c8ce132e22f57c9a04f40ba7fcead493b457e5621e766c40a2e3d4d6a04b25e533f1",
-      "curve: P384 vector: 0" },
+      "curve: P384 vector: 0", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "92860c21bde06165f8e900c687f8ef0a05d14f290b3f07d8b3a8cc6404366e5d5119cd6d03fb12dc58e89f13df9cd783",
       "04ea4018f5a307c379180bf6a62fd2ceceebeeb7d4df063a66fb838aa35243419791f7e2c9d4803c9319aa0eb03c416b"
       "6668835a91484f05ef028284df6436fb88ffebabcdd69ab0133e6735a1bcfb37203d10d340a8328a7b68770ca75878a1a6",
       "0430f43fcf2b6b00de53f624f1543090681839717d53c7c955d1d69efaf0349b7363acb447240101cbb3af6641ce4b88e0"
       "25e46c0c54f0162a77efcc27b6ea792002ae2ba82714299c860857a68153ab62e525ec0530d81b5aa15897981e858757",
       "a23742a2c267d7425fda94b93f93bbcc24791ac51cd8fd501a238d40812f4cbfc59aac9520d758cf789c76300c69d2ff",
-      "curve: P384 vector: 1" },
+      "curve: P384 vector: 1", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "12cf6a223a72352543830f3f18530d5cb37f26880a0b294482c8a8ef8afad09aa78b7dc2f2789a78c66af5d1cc553853",
       "04fcfcea085e8cf74d0dced1620ba8423694f903a219bbf901b0b59d6ac81baad316a242ba32bde85cb248119b852fab6"
       "6972e3c68c7ab402c5836f2a16ed451a33120a7750a6039f3ff15388ee622b7065f7122bf6d51aefbc29b37b03404581b",
       "041aefbfa2c6c8c855a1a216774550b79a24cda37607bb1f7cc906650ee4b3816d68f6a9c75da6e4242cebfb6652f65180"
       "419d28b723ebadb7658fcebb9ad9b7adea674f1da3dc6b6397b55da0f61a3eddacb4acdb14441cb214b04a0844c02fa3",
       "3d2e640f350805eed1ff43b40a72b2abed0a518bcebe8f2d15b111b6773223da3c3489121db173d414b5bd5ad7153435",
-      "curve: P384 vector: 2" },
+      "curve: P384 vector: 2", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "8dd48063a3a058c334b5cc7a4ce07d02e5ee6d8f1f3c51a1600962cbab462690ae3cd974fb39e40b0e843daa0fd32de1",
       "04e38c9846248123c3421861ea4d32669a7b5c3c08376ad28104399494c84ff5efa3894adb2c6cbe8c3c913ef2eec5bd3"
       "c9fa84024a1028796df84021f7b6c9d02f0f4bd1a612a03cbf75a0beea43fef8ae84b48c60172aadf09c1ad016d0bf3ce",
       "048bc089326ec55b9cf59b34f0eb754d93596ca290fcb3444c83d4de3a5607037ec397683f8cef07eab2fe357eae36c44"
       "9d9d16ce8ac85b3f1e94568521aae534e67139e310ec72693526aa2e927b5b322c95a1a033c229cb6770c957cd3148dd7",
       "6a42cfc392aba0bfd3d17b7ccf062b91fc09bbf3417612d02a90bdde62ae40c54bb2e56e167d6b70db670097eb8db854",
-      "curve: P384 vector: 3" },
+      "curve: P384 vector: 3", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "84ece6cc3429309bd5b23e959793ed2b111ec5cb43b6c18085fcaea9efa0685d98a6262ee0d330ee250bc8a67d0e733f",
       "043222063a2997b302ee60ee1961108ff4c7acf1c0ef1d5fb0d164b84bce71c431705cb9aea9a45f5d73806655a058bee"
       "3e61fa9e7fbe7cd43abf99596a3d3a039e99fa9dc93b0bdd9cad81966d17eeaf557068afa7c78466bb5b22032d1100fa6",
       "04eb952e2d9ac0c20c6cc48fb225c2ad154f53c8750b003fd3b4ed8ed1dc0defac61bcdde02a2bcfee7067d75d342ed2b"
       "0f1828205baece82d1b267d0d7ff2f9c9e15b69a72df47058a97f3891005d1fb38858f5603de840e591dfa4f6e7d489e1",
       "ce7ba454d4412729a32bb833a2d1fd2ae612d4667c3a900e069214818613447df8c611de66da200db7c375cf913e4405",
-      "curve: P384 vector: 4" },
+      "curve: P384 vector: 4", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "68fce2121dc3a1e37b10f1dde309f9e2e18fac47cd1770951451c3484cdb77cb136d00e731260597cc2859601c01a25b",
       "04868be0e694841830e424d913d8e7d86b84ee1021d82b0ecf523f09fe89a76c0c95c49f2dfbcf829c1e39709d55efbb"
       "3b9195eb183675b40fd92f51f37713317e4a9b4f715c8ab22e0773b1bc71d3a219f05b8116074658ee86b52e36f3897116",
       "04441d029e244eb7168d647d4df50db5f4e4974ab3fdaf022aff058b3695d0b8c814cc88da6285dc6df1ac55c55388500"
       "3e8025ac23a41d4b1ea2aa46c50c6e479946b59b6d76497cd9249977e0bfe4a6262622f13d42a3c43d66bdbb30403c345",
       "ba69f0acdf3e1ca95caaac4ecaf475bbe51b54777efce01ca381f45370e486fe87f9f419b150c61e329a286d1aa265ec",
-      "curve: P384 vector: 5" },
+      "curve: P384 vector: 5", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "b1764c54897e7aae6de9e7751f2f37de849291f88f0f91093155b858d1cc32a3a87980f706b86cc83f927bdfdbeae0bd",
       "04c371222feaa6770c6f3ea3e0dac9740def4fcf821378b7f91ff937c21e0470f70f3a31d5c6b2912195f10926942b48ae"
       "047d6b4d765123563f81116bc665b7b8cc6207830d805fd84da7cb805a65baa7c12fd592d1b5b5e3e65d9672a9ef7662",
       "043d4e6bf08a73404accc1629873468e4269e82d90d832e58ad72142639b5a056ad8d35c66c60e8149fac0c797bceb7c2"
       "f9b0308dc7f0e6d29f8c277acbc65a21e5adb83d11e6873bc0a07fda0997f482504602f59e10bc5cb476b83d0a4f75e71",
       "1a6688ee1d6e59865d8e3ada37781d36bb0c2717eef92e61964d3927cb765c2965ea80f7f63e58c322ba0397faeaf62b",
-      "curve: P384 vector: 6" },
+      "curve: P384 vector: 6", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "f0f7a96e70d98fd5a30ad6406cf56eb5b72a510e9f192f50e1f84524dbf3d2439f7287bb36f5aa912a79deaab4adea82",
       "0499c8c41cb1ab5e0854a346e4b08a537c1706a61553387c8d94943ab15196d40dbaa55b8210a77a5d00915f2c4ea69e"
       "ab5531065bdcf17bfb3cb55a02e41a57c7f694c383ad289f900fbd656c2233a93c92e933e7a26f54cbb56f0ad875c51bb0",
       "04f5f6bef1d110da03be0017eac760cc34b24d092f736f237bc7054b3865312a813bcb62d297fb10a4f7abf54708fe2d3d"
       "06fdf8d7dc032f4e10010bf19cbf6159321252ff415fb91920d438f24e67e60c2eb0463204679fa356af44cea9c9ebf5",
       "d06a568bf2336b90cbac325161be7695eacb2295f599500d787f072612aca313ee5d874f807ddef6c1f023fe2b6e7cd0",
-      "curve: P384 vector: 7" },
+      "curve: P384 vector: 7", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "9efb87ddc61d43c482ba66e1b143aef678fbd0d1bebc2000941fabe677fe5b706bf78fce36d100b17cc787ead74bbca2",
       "044c34efee8f0c95565d2065d1bbac2a2dd25ae964320eb6bccedc5f3a9b42a881a1afca1bb6b880584fa27b01c193cd9"
       "2d8fb01dbf7cd0a3868c26b951f393c3c56c2858cee901f7793ff5d271925d13a41f8e52409f4eba1990f33acb0bac669",
       "047cdec77e0737ea37c67b89b7137fe38818010f4464438ee4d1d35a0c488cad3fde2f37d00885d36d3b795b9f93d23a6"
       "728c42ee8d6027c56cf979ba4c229fdb01d234944f8ac433650112c3cf0f02844e888a3569dfef7828a8a884589aa055e",
       "bb3b1eda9c6560d82ff5bee403339f1e80342338a991344853b56b24f109a4d94b92f654f0425edd4c205903d7586104",
-      "curve: P384 vector: 8" },
+      "curve: P384 vector: 8", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "d787a57fde22ec656a0a525cf3c738b30d73af61e743ea90893ecb2d7b622add2f94ee25c2171467afb093f3f84d0018",
       "04171546923b87b2cbbad664f01ce932bf09d6a6118168678446bfa9f0938608cb4667a98f4ec8ac1462285c2508f7486"
       "2fa41cb4db68ae71f1f8a3e8939dc52c2dec61a83c983beb2a02baf29ec49278088882ed0cf56c74b5c173b552ccf63cf",
       "048eeea3a319c8df99fbc29cb55f243a720d95509515ee5cc587a5c5ae22fbbd009e626db3e911def0b99a4f7ae304b1b"
       "a73877dc94db9adddc0d9a4b24e8976c22d73c844370e1ee857f8d1b129a3bd5f63f40caf3bd0533e38a5f5777074ff9e",
       "1e97b60add7cb35c7403dd884c0a75795b7683fff8b49f9d8672a8206bfdcf0a106b8768f983258c74167422e44e4d14",
-      "curve: P384 vector: 9" },
+      "curve: P384 vector: 9", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "83d70f7b164d9f4c227c767046b20eb34dfc778f5387e32e834b1e6daec20edb8ca5bb4192093f543b68e6aeb7ce788b",
       "0457cd770f3bbcbe0c78c770eab0b169bc45e139f86378ffae1c2b16966727c2f2eb724572b8f3eb228d130db4ff862c"
       "637ec5c8813b685558d83e924f14bc719f6eb7ae0cbb2c474227c5bda88637a4f26c64817929af999592da6f787490332f",
       "04a721f6a2d4527411834b13d4d3a33c29beb83ab7682465c6cbaf6624aca6ea58c30eb0f29dd842886695400d7254f20f"
       "14ba6e26355109ad35129366d5e3a640ae798505a7fa55a96a36b5dad33de00474f6670f522214dd7952140ab0a7eb68",
       "1023478840e54775bfc69293a3cf97f5bc914726455c66538eb5623e218feef7df4befa23e09d77145ad577db32b41f9",
-      "curve: P384 vector: 10" },
+      "curve: P384 vector: 10", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "8f558e05818b88ed383d5fca962e53413db1a0e4637eda194f761944cbea114ab9d5da175a7d57882550b0e432f395a9",
       "049a2f57f4867ce753d72b0d95195df6f96c1fae934f602efd7b6a54582f556cfa539d89005ca2edac08ad9b72dd1f60b"
       "ad9b94ee82da9cc601f346044998ba387aee56404dc6ecc8ab2b590443319d0b2b6176f9d0eac2d44678ed561607d09a9",
       "04d882a8505c2d5cb9b8851fc676677bb0087681ad53faceba1738286b45827561e7da37b880276c656cfc38b32ade847"
       "e34b314bdc134575654573cffaf40445da2e6aaf987f7e913cd4c3091523058984a25d8f21da8326192456c6a0fa5f60c",
       "6ad6b9dc8a6cf0d3691c501cbb967867f6e4bbb764b60dbff8fcff3ed42dbba39d63cf325b4b4078858495ddee75f954",
-      "curve: P384 vector: 11" },
+      "curve: P384 vector: 11", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "0f5dee0affa7bbf239d5dff32987ebb7cf84fcceed643e1d3c62d0b3352aec23b6e5ac7fa4105c8cb26126ad2d1892cb",
       "0423346bdfbc9d7c7c736e02bdf607671ff6082fdd27334a8bc75f3b23681ebe614d0597dd614fae58677c835a9f0b273"
       "b82ba36290d2f94db41479eb45ab4eaf67928a2315138d59eecc9b5285dfddd6714f77557216ea44cc6fc119d8243efaf",
       "04815c9d773dbf5fb6a1b86799966247f4006a23c92e68c55e9eaa998b17d8832dd4d84d927d831d4f68dac67c6488219f"
       "e79269948b2611484560fd490feec887cb55ef99a4b524880fa7499d6a07283aae2afa33feab97deca40bc606c4d8764",
       "cc9e063566d46b357b3fcae21827377331e5e290a36e60cd7c39102b828ae0b918dc5a02216b07fe6f1958d834e42437",
-      "curve: P384 vector: 12" },
+      "curve: P384 vector: 12", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "037b633b5b8ba857c0fc85656868232e2febf59578718391b81da8541a00bfe53c30ae04151847f27499f8d7abad8cf4",
       "048878ac8a947f7d5cb2b47aad24fbb8210d86126585399a2871f84aa9c5fde3074ae540c6bf82275ca822d0feb862bc7"
       "4632f5cd2f900c2711c32f8930728eb647d31edd8d650f9654e7d33e5ed1b475489d08daa30d8cbcba6bfc3b60d9b5a37",
       "041c0eeda7a2be000c5bdcda0478aed4db733d2a9e341224379123ad847030f29e3b168fa18e89a3c0fba2a6ce1c28fc3"
       "bec8c1c83c118c4dbea94271869f2d868eb65e8b44e21e6f14b0f4d9b38c068daefa27114255b9a41d084cc4a1ad85456",
       "deff7f03bd09865baf945e73edff6d5122c03fb561db87dec8662e09bed4340b28a9efe118337bb7d3d4f7f568635ff9",
-      "curve: P384 vector: 13" },
+      "curve: P384 vector: 13", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "e3d07106bedcc096e7d91630ffd3094df2c7859db8d7edbb2e37b4ac47f429a637d06a67d2fba33838764ef203464991",
       "04e74a1a2b85f1cbf8dbbdf050cf1aff8acb02fda2fb6591f9d3cfe4e79d0ae938a9c1483e7b75f8db24505d65065cdb1"
       "81773ee591822f7abaa856a1a60bc0a5203548dbd1cb5025466eff8481bd07614eaa04a16c3db76905913e972a5b6b59d",
       "04c95c185e256bf997f30b311548ae7f768a38dee43eeeef43083f3077be70e2bf39ac1d4daf360c514c8c6be623443d1"
       "a3e63a663eaf75d8a765ab2b9a35513d7933fa5e26420a5244550ec6c3b6f033b96db2aca3d6ac6aab052ce929595aea5",
       "c8b1038f735ad3bb3e4637c3e47eab487637911a6b7950a4e461948329d3923b969e5db663675623611a457fcda35a71",
-      "curve: P384 vector: 14" },
+      "curve: P384 vector: 14", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "f3f9b0c65a49a506632c8a45b10f66b5316f9eeb06fae218f2da62333f99905117b141c760e8974efc4af10570635791",
       "04a4ad77aa7d86e5361118a6b921710c820721210712f4c347985fdee58aa4effa1e28be80a17b120b139f96300f89b4"
       "9b1ddf22e07e03f1560d8f45a480094560dba9fae7f9531130c1b57ebb95982496524f31d3797793396fa823f22bdb4328",
       "043497238a7e6ad166df2dac039aa4dac8d17aa925e7c7631eb3b56e3aaa1c545fcd54d2e5985807910fb202b1fc191d2a"
       "a49e5c487dcc7aa40a8f234c979446040d9174e3ad357d404d7765183195aed3f913641b90c81a306ebf0d8913861316",
       "d337eaa32b9f716b8747b005b97a553c59dab0c51df41a2d49039cdae705aa75c7b9e7bc0b6a0e8c578c902bc4fff23e",
-      "curve: P384 vector: 15" },
+      "curve: P384 vector: 15", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "59fce7fad7de28bac0230690c95710c720e528f9a4e54d3a6a8cd5fc5c5f21637031ce1c5b4e3d39647d8dcb9b794664",
       "049c43bf971edf09402876ee742095381f78b1bd3aa39b5132af75dbfe7e98bd78bde10fe2e903c2b6379e1deee175a1b"
       "0a6c58ecea5a477bb01bd543b339f1cc49f1371a2cda4d46eb4e53e250597942351a99665a122ffea9bde0636c375daf2",
       "0490a34737d45b1aa65f74e0bd0659bc118f8e4b774b761944ffa6573c6df4f41dec0d11b697abd934d390871d4b453240"
       "9b590719bb3307c149a7817be355d684893a307764b512eeffe07cb699edb5a6ffbf8d6032e6c79d5e93e94212c2aa4e",
       "32d292b695a4488e42a7b7922e1ae537d76a3d21a0b2e36875f60e9f6d3e8779c2afb3a413b9dd79ae18e70b47d337c1",
-      "curve: P384 vector: 16" },
+      "curve: P384 vector: 16", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "3e49fbf950a424c5d80228dc4bc35e9f6c6c0c1d04440998da0a609a877575dbe437d6a5cedaa2ddd2a1a17fd112aded",
       "045a949594228b1a3d6f599eb3db0d06070fbc551c657b58234ba164ce3fe415fa5f3eb823c08dc29b8c341219c77b6b3"
       "d2baad447c8c290cfed25edd9031c41d0b76921457327f42db31122b81f337bbf0b1039ec830ce9061a3761953c75e4a8",
       "04dda546acfc8f903d11e2e3920669636d44b2068aeb66ff07aa266f0030e1535b0ed0203cb8a460ac990f1394faf22f1"
       "d15bbb2597913035faadf413476f4c70f7279769a40c986f470c427b4ee4962abdf8173bbad81874772925fd32f0b159f",
       "1220e7e6cad7b25df98e5bbdcc6c0b65ca6c2a50c5ff6c41dca71e475646fd489615979ca92fb4389aeadefde79a24f1",
-      "curve: P384 vector: 17" },
+      "curve: P384 vector: 17", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "50ccc1f7076e92f4638e85f2db98e0b483e6e2204c92bdd440a6deea04e37a07c6e72791c190ad4e4e86e01efba84269",
       "04756c07df0ce32c839dac9fb4733c9c28b70113a676a7057c38d223f22a3a9095a8d564653af528e04c7e1824be4a651"
       "217c2ce6962cbd2a2e066297b39d57dd9bb4680f0191d390f70b4e461419b2972ce68ad46127fdda6c39195774ea86df3",
       "04788be2336c52f4454d63ee944b1e49bfb619a08371048e6da92e584eae70bde1f171c4df378bd1f3c0ab03048a237802"
       "4673ebd8db604eaf41711748bab2968a23ca4476ce144e728247f08af752929157b5830f1e26067466bdfa8b65145a33",
       "793bb9cd22a93cf468faf804a38d12b78cb12189ec679ddd2e9aa21fa9a5a0b049ab16a23574fe04c1c3c02343b91beb",
-      "curve: P384 vector: 18" },
+      "curve: P384 vector: 18", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "06f132b71f74d87bf99857e1e4350a594e5fe35533b888552ceccbc0d8923c902e36141d7691e28631b8bc9bafe5e064",
       "042a3cc6b8ff5cde926e7e3a189a1bd029c9b586351af8838f4f201cb8f4b70ef3b0da06d352c80fc26baf8f42b784459"
       "ebf9985960176da6d23c7452a2954ffcbbcb24249b43019a2a023e0b3dabd461f19ad3e775c364f3f11ad49f3099400d3",
       "04d09bb822eb99e38060954747c82bb3278cf96bbf36fece3400f4c873838a40c135eb3babb9293bd1001bf3ecdee7bf2"
       "6d416db6e1b87bbb7427788a3b6c7a7ab2c165b1e366f9608df512037584f213a648d47f16ac326e19aae972f63fd76c9",
       "012d191cf7404a523678c6fc075de8285b243720a903047708bb33e501e0dbee5bcc40d7c3ef6c6da39ea24d830da1e8",
-      "curve: P384 vector: 19" },
+      "curve: P384 vector: 19", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "12048ebb4331ec19a1e23f1a2c773b664ccfe90a28bfb846fc12f81dff44b7443c77647164bf1e9e67fd2c07a6766241",
       "04bc18836bc7a9fdf54b5352f37d7528ab8fa8ec544a8c6180511cbfdd49cce377c39e34c031b5240dc9980503ed2f26"
       "2c8086cbe338191080f0b7a16c7afc4c7b0326f9ac66f58552ef4bb9d24de3429ed5d3277ed58fcf48f2b5f61326bec6c6",
       "0413741262ede5861dad71063dfd204b91ea1d3b7c631df68eb949969527d79a1dc59295ef7d2bca6743e8cd77b04d1"
       "b580baaeadc7e19d74a8a04451a135f1be1b02fe299f9dc00bfdf201e83d995c6950bcc1cb89d6f7b30bf54656b9a4da586",
       "ad0fd3ddffe8884b9263f3c15fe1f07f2a5a22ffdc7e967085eea45f0cd959f20f18f522763e28bcc925e496a52dda98",
-      "curve: P384 vector: 20" },
+      "curve: P384 vector: 20", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "34d61a699ca576169fcdc0cc7e44e4e1221db0fe63d16850c8104029f7d48449714b9884328cae189978754ab460b486",
       "04867f81104ccd6b163a7902b670ef406042cb0cce7dcdc63d1dfc91b2c40e3cdf7595834bf9eceb79849f1636fc8462f"
       "c9d4bde8e875ec49697d258d1d59465f8431c6f5531e1c59e9f9ebe3cf164a8d9ce10a12f1979283a959bad244dd83863",
       "049e22cbc18657f516a864b37b783348b66f1aa9626cd631f4fa1bd32ad88cf11db52057c660860d39d11fbf024fabd44"
       "46b0d53c79681c28116df71e9cee74fd56c8b7f04b39f1198cc72284e98be9562e35926fb4f48a9fbecafe729309e8b6f",
       "dc4ca392dc15e20185f2c6a8ea5ec31dfc96f56153a47394b3072b13d0015f5d4ae13beb3bed54d65848f9b8383e6c95",
-      "curve: P384 vector: 21" },
+      "curve: P384 vector: 21", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "dc60fa8736d702135ff16aab992bb88eac397f5972456c72ec447374d0d8ce61153831bfc86ad5a6eb5b60bfb96a862c",
       "04b69beede85d0f829fec1b893ccb9c3e052ff692e13b974537bc5b0f9feaf7b22e84f03231629b24866bdb4b8cf9089"
       "1466f85e2bfcaba2843285b0e14ebc07ef7dafff8b424416fee647b59897b619f20eed95a632e6a4206bf7da429c04c560",
       "042db5da5f940eaa884f4db5ec2139b0469f38e4e6fbbcc52df15c0f7cf7fcb1808c749764b6be85d2fdc5b16f58ad5d"
       "c022e8b02dcf33e1b5a083849545f84ad5e43f77cb71546dbbac0d11bdb2ee202e9d3872e8d028c08990746c5e1dde9989",
       "d765b208112d2b9ed5ad10c4046e2e3b0dbf57c469329519e239ac28b25c7d852bf757d5de0ee271cadd021d86cfd347",
-      "curve: P384 vector: 22" },
+      "curve: P384 vector: 22", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "6fa6a1c704730987aa634b0516a826aba8c6d6411d3a4c89772d7a62610256a2e2f289f5c3440b0ec1e70fa339e251ce",
       "0453de1fc1328e8de14aecab29ad8a40d6b13768f86f7d298433d20fec791f86f8bc73f358098b256a298bb488de257bf"
       "4ac28944fd27f17b82946c04c66c41f0053d3692f275da55cd8739a95bd8cd3af2f96e4de959ea8344d8945375905858b",
       "04329647baa354224eb4414829c5368c82d7893b39804e08cbb2180f459befc4b347a389a70c91a23bd9d30c83be5295d"
       "3cc8f61923fad2aa8e505d6cfa126b9fabd5af9dce290b75660ef06d1caa73681d06089c33bc4246b3aa30dbcd2435b12",
       "d3778850aeb58804fbe9dfe6f38b9fa8e20c2ca4e0dec335aafceca0333e3f2490b53c0c1a14a831ba37c4b9d74be0f2",
-      "curve: P384 vector: 23" },
+      "curve: P384 vector: 23", ec_field_GFp },
 
-    { ECCurve_NIST_P384,
+    { ECCurve_NIST_P384, 1,
       "74ad8386c1cb2ca0fcdeb31e0869bb3f48c036afe2ef110ca302bc8b910f621c9fcc54cec32bb89ec7caa84c7b8e54a8",
       "0427a3e83cfb9d5122e73129d801615857da7cc089cccc9c54ab3032a19e0a0a9f677346e37f08a0b3ed8da6e5dd69106"
       "38d60e44aa5e0fd30c918456796af37f0e41957901645e5c596c6d989f5859b03a0bd7d1f4e77936fff3c74d204e5388e",
       "0429d8a36d22200a75b7aea1bb47cdfcb1b7fd66de967041434728ab5d533a060df732130600fe6f75852a871fb2938e3"
       "9e19b53db528395de897a45108967715eb8cb55c3fcbf23379372c0873a058d57544b102ecce722b2ccabb1a603774fd5",
       "81e1e71575bb4505498de097350186430a6242fa6c57b85a5f984a23371123d2d1424eefbf804258392bc723e4ef1e35",
-      "curve: P384 vector: 24" },
+      "curve: P384 vector: 24", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "017eecc07ab4b329068fba65e56a1f8890aa935e57134ae0ffcce802735151f4eac6564f6ee9974c5e6887a1fefee5743"
       "ae2241bfeb95d5ce31ddcb6f9edb4d6fc47",
       "0400602f9d0cf9e526b29e22381c203c48a886c2b0673033366314f1ffbcba240ba42f4ef38a76174635f91e6b4ed3427"
       "5eb01c8467d05ca80315bf1a7bbd945f550a501b7c85f26f5d4b2d7355cf6b02117659943762b6d1db5ab4f1dbc44ce7b2"
       "946eb6c7de342962893fd387d1b73d7a8672d1f236961170b7eb3579953ee5cdc88cd2d",
       "0400685a48e86c79f0f0875f7bc18d25eb5fc8c0b07e5da4f4370f3a9490340854334b1e1b87fa395464c60626124a4e70"
       "d0f785601d37c09870ebf176666877a2046d01ba52c56fc8776d9e8f5db4f0cc27636d0b741bbe05400697942e80b739884"
       "a83bde99e0f6716939e632bc8986fa18dccd443a348b6c3e522497955a4f3c302f676",
       "005fc70477c3e63bc3954bd0df3ea0d1f41ee21746ed95fc5e1fdf90930d5e136672d72cc770742d1711c3c3a4c334a0ad9"
       "759436a4d3c5bf6e74b9578fac148c831",
-      "curve: P521 vector: 0" },
+      "curve: P521 vector: 0", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "00816f19c1fb10ef94d4a1d81c156ec3d1de08b66761f03f06ee4bb9dcebbbfe1eaa1ed49a6a990838d8ed318c14d74cc"
       "872f95d05d07ad50f621ceb620cd905cfb8",
       "0400d45615ed5d37fde699610a62cd43ba76bedd8f85ed31005fe00d6450fbbd101291abd96d4945a8b57bc73b3fe9f46"
       "71105309ec9b6879d0551d930dac8ba45d25501425332844e592b440c0027972ad1526431c06732df19cd46a242172d4d"
       "d67c2c8c99dfc22e49949a56cf90c6473635ce82f25b33682fb19bc33bd910ed8ce3a7fa",
       "0401df277c152108349bc34d539ee0cf06b24f5d3500677b4445453ccc21409453aafb8a72a0be9ebe54d12270aa51b3a"
       "b7f316aa5e74a951c5e53f74cd95fc29aee7a013d52f33a9f3c14384d1587fa8abe7aed74bc33749ad9c570b471776422c"
       "7d4505d9b0a96b3bfac041e4c6a6990ae7f700e5b4a6640229112deafa0cd8bb0d089b0",
       "000b3920ac830ade812c8f96805da2236e002acbbf13596a9ab254d44d0e91b6255ebf1229f366fb5a05c5884ef46032c2"
       "6d42189273ca4efa4c3db6bd12a6853759",
-      "curve: P521 vector: 1" },
+      "curve: P521 vector: 1", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "012f2e0c6d9e9d117ceb9723bced02eb3d4eebf5feeaf8ee0113ccd8057b13ddd416e0b74280c2d0ba8ed291c443bc1b14"
       "1caf8afb3a71f97f57c225c03e1e4d42b0",
       "0400717fcb3d4a40d103871ede044dc803db508aaa4ae74b70b9fb8d8dfd84bfecfad17871879698c292d2fd5e17b4f9343"
       "636c531a4fac68a35a93665546b9a87867900f3d96a8637036993ab5d244500fff9d2772112826f6436603d3eb234a44d5c"
       "4e5c577234679c4f9df725ee5b9118f23d8a58d0cc01096daf70e8dfec0128bdc2e8",
       "040092db3142564d27a5f0006f819908fba1b85038a5bc2509906a497daac67fd7aee0fc2daba4e4334eeaef0e0019204b4"
       "71cd88024f82115d8149cc0cf4f7ce1a4d5016bad0623f517b158d9881841d2571efbad63f85cbe2e581960c5d670601a67"
       "60272675a548996217e4ab2b8ebce31d71fca63fcc3c08e91c1d8edd91cf6fe845f8",
       "006b380a6e95679277cfee4e8353bf96ef2a1ebdd060749f2f046fe571053740bbcc9a0b55790bc9ab56c3208aa05ddf746"
       "a10a3ad694daae00d980d944aabc6a08f",
-      "curve: P521 vector: 2" },
+      "curve: P521 vector: 2", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "00e548a79d8b05f923b9825d11b656f222e8cb98b0f89de1d317184dc5a698f7c71161ee7dc11cd31f4f4f8ae3a981e1a3e7"
       "8bdebb97d7c204b9261b4ef92e0918e0",
       "04000ce800217ed243dd10a79ad73df578aa8a3f9194af528cd1094bbfee27a3b5481ad5862c8876c0c3f91294c0ab3aa806"
       "d9020cbaa2ed72b7fecdc5a09a6dad6f3201543c9ab45b12469232918e21d5a351f9a4b9cbf9efb2afcc402fa9b31650bec2d6"
       "41a05c440d35331c0893d11fb13151335988b303341301a73dc5f61d574e67d9",
       "0400fdd40d9e9d974027cb3bae682162eac1328ad61bc4353c45bf5afe76bf607d2894c8cce23695d920f2464fda4773d4693b"
       "e4b3773584691bdb0329b7f4c86cc2990034ceac6a3fef1c3e1c494bfe8d872b183832219a7e14da414d4e3474573671ec19b03"
       "3be831b915435905925b44947c592959945b4eb7c951c3b9c8cf52530ba23",
       "00fbbcd0b8d05331fef6086f22a6cce4d35724ab7a2f49dd8458d0bfd57a0b8b70f246c17c4468c076874b0dff7a0336823b19e"
       "98bf1cec05e4beffb0591f97713c6",
-      "curve: P521 vector: 3" },
+      "curve: P521 vector: 3", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "01c8aae94bb10b8ca4f7be577b4fb32bb2381032c4942c24fc2d753e7cc5e47b483389d9f3b956d20ee9001b1eef9f23545f72"
       "c5602140046839e963313c3decc864",
       "040106a14e2ee8ff970aa8ab0c79b97a33bba2958e070b75b94736b77bbe3f777324fa52872771aa88a63a9e8490c3378df4dc"
       "760cd14d62be700779dd1a4377943656002366ce3941e0b284b1aa81215d0d3b9778fce23c8cd1e4ed6fa0abf62156c91d4b3eb"
       "55999c3471bed275e9e60e5aa9d690d310bfb15c9c5bbd6f5e9eb39682b74",
       "040098d99dee0816550e84dbfced7e88137fddcf581a725a455021115fe49f8dc3cf233cd9ea0e6f039dc7919da973cdceaca20"
       "5da39e0bd98c8062536c47f258f44b500cd225c8797371be0c4297d2b457740100c774141d8f214c23b61aa2b6cd4806b9b70722"
       "aa4965fb622f42b7391e27e5ec21c5679c5b06b59127372997d421adc1e",
       "0145cfa38f25943516c96a5fd4bfebb2f645d10520117aa51971eff442808a23b4e23c187e639ff928c3725fbd1c0c2ad0d4aeb2"
       "07bc1a6fb6cb6d467888dc044b3c",
-      "curve: P521 vector: 4" },
+      "curve: P521 vector: 4", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "009b0af137c9696c75b7e6df7b73156bb2d45f482e5a4217324f478b10ceb76af09724cf86afa316e7f89918d31d54824a5c33"
       "107a483c15c15b96edc661340b1c0e",
       "0400748cdbb875d35f4bccb62abe20e82d32e4c14dc2feb5b87da2d0ccb11c9b6d4b7737b6c46f0dfb4d896e2db92fcf53cdbb"
       "ae2a404c0babd564ad7adeac6273efa301984acab8d8f173323de0bb60274b228871609373bb22a17287e9dec7495873abc09a"
       "8915b54c8455c8e02f654f602e23a2bbd7a9ebb74f3009bd65ecc650814cc0",
       "04007ae115adaaf041691ab6b7fb8c921f99d8ed32d283d67084e80b9ad9c40c56cd98389fb0a849d9ecf7268c297b6f934061"
       "19f40e32b5773ed25a28a9a85c4a758801a28e004e37eeaefe1f4dbb71f1878696141af3a10a9691c4ed93487214643b761fa4b"
       "0fbeeb247cf6d3fba7a60697536ad03f49b80a9d1cb079673654977c5fa94",
       "005c5721e96c273319fd60ecc46b5962f698e974b429f28fe6962f4ac656be2eb8674c4aafc037eab48ece612953b1e8d86101"
       "6b6ad0c79805784c67f73ada96f351",
-      "curve: P521 vector: 5" },
+      "curve: P521 vector: 5", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "01e48faacee6dec83ffcde944cf6bdf4ce4bae72747888ebafee455b1e91584971efb49127976a52f4142952f7c207ec0265f2b"
       "718cf3ead96ea4f62c752e4f7acd3",
       "04010eb1b4d9172bcc23f4f20cc9560fc54928c3f34ea61c00391dc766c76ed9fa608449377d1e4fadd1236025417330b4b91086"
       "704ace3e4e6484c606e2a943478c860149413864069825ee1d0828da9f4a97713005e9bd1adbc3b38c5b946900721a960fe96ad2c"
       "1b3a44fe3de9156136d44cb17cbc2415729bb782e16bfe2deb3069e43",
       "04012588115e6f7f7bdcfdf57f03b169b479758baafdaf569d04135987b2ce6164c02a57685eb5276b5dae6295d3fe90620f38b55"
       "35c6d2260c173e61eb888ca92020301542c169cf97c2596fe2ddd848a222e367c5f7e6267ebc1bcd9ab5dcf49158f1a48e4af29a89"
       "7b7e6a82091c2db874d8e7abf0f58064691344154f396dbaed188b6",
       "01736d9717429b4f412e903febe2f9e0fffd81355d6ce2c06ff3f66a3be15ceec6e65e308347593f00d7f33591da4043c30763d72"
       "749f72cdceebe825e4b34ecd570",
-      "curve: P521 vector: 6" },
+      "curve: P521 vector: 6", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "00c29aa223ea8d64b4a1eda27f39d3bc98ea0148dd98c1cbe595f8fd2bfbde119c9e017a50f5d1fc121c08c1cef31b75885955"
       "6eb3e0e042d8dd6aaac57a05ca61e3",
       "04001511c848ef60d5419a98d10204db0fe58224124370061bcfa4e9249d50618c56bf3722471b259f38263bb7b280d23caf2a"
       "1ee8737f9371cdb2732cdc958369930c01d461681ae6d8c49b4c5f4d6016143fb1bd7491573e3ed0e6c48b82e821644f87f82f0"
       "e5f08fd16f1f98fa17586200ab02ed8c627b35c3f27617ec5fd92f456203f",
       "040169491d55bd09049fdf4c2a53a660480fee4c03a0538675d1cd09b5bba78dac48543ef118a1173b3fbf8b20e39ce0e6b8"
       "90a163c50f9645b3d21d1cbb3b60a6fff40083494b2eba76910fed33c761804515011fab50e3b377abd8a8a045d886d2238d2"
       "c268ac1b6ec88bd71b7ba78e2c33c152e4bf7da5d565e4acbecf5e92c7ad662bb",
       "018f2ae9476c771726a77780208dedfefa205488996b18fecc50bfd4c132753f5766b2cd744afa9918606de2e016effc63622"
       "e9029e76dc6e3f0c69f7aeced565c2c",
-      "curve: P521 vector: 7" },
+      "curve: P521 vector: 7", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "0028692be2bf5c4b48939846fb3d5bce74654bb2646e15f8389e23708a1afadf561511ea0d9957d0b53453819d60fba8f65a1"
       "8f7b29df021b1bb01cd163293acc3cc",
       "0401cfdc10c799f5c79cb6930a65fba351748e07567993e5e410ef4cacc4cd8a25784991eb4674e41050f930c7190ac812b92"
       "45f48a7973b658daf408822fe5b85f6680180d9ddfc9af77b9c4a6f02a834db15e535e0b3845b2cce30388301b51cecbe32763"
       "07ef439b5c9e6a72dc2d94d879bc395052dbb4a5787d06efb280210fb8be037",
       "04008415f5bbd0eee387d6c09d0ef8acaf29c66db45d6ba101860ae45d3c60e1e0e3f7247a4626a60fdd404965c3566c79f644"
       "9e856ce0bf94619f97da8da24bd2cfb600fdd7c59c58c361bc50a7a5d0d36f723b17c4f2ad2b03c24d42dc50f74a8c465a0afc"
       "4683f10fab84652dfe9e928c2626b5456453e1573ff60be1507467d431fbb2",
       "0105a346988b92ed8c7a25ce4d79d21bc86cfcc7f99c6cd19dbb4a39f48ab943b79e4f0647348da0b80bd864b85c6b8d92536"
       "d6aa544dc7537a00c858f8b66319e25",
-      "curve: P521 vector: 8" },
+      "curve: P521 vector: 8", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "01194d1ee613f5366cbc44b504d21a0cf6715e209cd358f2dd5f3e71cc0d67d0e964168c42a084ebda746f9863a86bacffc81"
       "9f1edf1b8c727ccfb3047240a57c435",
       "04016bd15c8a58d366f7f2b2f298cc87b7485e9ee70d11d12448b8377c0a82c7626f67aff7f97be7a3546bf417eeeddf75a93"
       "c130191c84108042ea2fca17fd3f80d1401560502d04b74fce1743aab477a9d1eac93e5226981fdb97a7478ce4ce566ff72439"
       "31284fad850b0c2bcae0ddd2d97790160c1a2e77c3ed6c95ecc44b89e2637fc",
       "0401c721eea805a5cba29f34ba5758775be0cf6160e6c08723f5ab17bf96a1ff2bd9427961a4f34b07fc0b14ca4b2bf6845de"
       "bd5a869f124ebfa7aa72fe565050b7f1800b6e89eb0e1dcf181236f7c548fd1a8c16b258b52c1a9bfd3fe8f22841b26763265"
       "f074c4ccf2d634ae97b701956f67a11006c52d97197d92f585f5748bc2672eeb",
       "004531b3d2c6cd12f21604c8610e6723dbf4daf80b5a459d6ba5814397d1c1f7a21d7c114be964e27376aaebe3a7bc3d6af7"
       "a7f8c7befb611afe487ff032921f750f",
-      "curve: P521 vector: 9" },
+      "curve: P521 vector: 9", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "01fd90e3e416e98aa3f2b6afa7f3bf368e451ad9ca5bd54b5b14aee2ed6723dde5181f5085b68169b09fbec721372ccf6b"
       "284713f9a6356b8d560a8ff78ca3737c88",
       "0401ebea1b10d3e3b971b7efb69fc878de11c7f472e4e4d384c31b8d6288d8071517acade9b39796c7af5163bcf71aeda7"
       "77533f382c6cf0a4d9bbb938c85f44b78037016b0e3e19c2996b2cbd1ff64730e7ca90edca1984f9b2951333535e5748baa"
       "34a99f61ff4d5f812079e0f01e87789f34efdad8098015ee74a4f846dd190d16dc6e1",
       "0401c35823e440a9363ab98d9fc7a7bc0c0532dc7977a79165599bf1a9cc64c00fb387b42cca365286e8430360bfad3643"
       "bc31354eda50dc936c329ecdb60905c40fcb00d9e7f433531e44df4f6d514201cbaabb06badd6783e01111726d815531d23"
       "3c5cdb722893ffbb2027259d594de77438809738120c6f783934f926c3fb69b40c409",
       "0100c8935969077bae0ba89ef0df8161d975ec5870ac811ae7e65ca5394efba4f0633d41bf79ea5e5b9496bbd7aae000b05"
       "94baa82ef8f244e6984ae87ae1ed124b7",
-      "curve: P521 vector: 10" },
+      "curve: P521 vector: 10", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "009012ecfdadc85ced630afea534cdc8e9d1ab8be5f3753dcf5f2b09b40eda66fc6858549bc36e6f8df55998cfa9a0703a"
       "ecf6c42799c245011064f530c09db98369",
       "0400234e32be0a907131d2d128a6477e0caceb86f02479745e0fe245cb332de631c078871160482eeef584e274df7fa412c"
       "ea3e1e91f71ecba8781d9205d48386341ad01cf86455b09b1c005cffba8d76289a3759628c874beea462f51f30bd581e380"
       "3134307dedbb771b3334ee15be2e242cd79c3407d2f58935456c6941dd9b6d155a46",
       "0400093057fb862f2ad2e82e581baeb3324e7b32946f2ba845a9beeed87d6995f54918ec6619b9931955d5a89d4d74adf10"
       "46bb362192f2ef6bd3e3d2d04dd1f87054a00aa3fb2448335f694e3cda4ae0cc71b1b2f2a206fa802d7262f19983c44674f"
       "e15327acaac1fa40424c395a6556cb8167312527fae5865ecffc14bbdc17da78cdcf",
       "017f36af19303841d13a389d95ec0b801c7f9a679a823146c75c17bc44256e9ad422a4f8b31f14647b2c7d317b933f7c294"
       "6c4b8abd1d56d620fab1b5ff1a3adc71f",
-      "curve: P521 vector: 11" },
+      "curve: P521 vector: 11", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "01b5ff847f8eff20b88cfad42c06e58c3742f2f8f1fdfd64b539ba48c25926926bd5e332b45649c0b184f77255e9d58fe8"
       "afa1a6d968e2cb1d4637777120c765c128",
       "0401de3dc9263bc8c4969dc684be0eec54befd9a9f3dba194d8658a789341bf0d78d84da6735227cafaf093519516911975"
       "73c8c360a11e5285712b8bbdf5ac91b977c00812de58cd095ec2e5a9b247eb3ed41d8bef6aeace194a7a05b65aa5d289fbc9"
       "b1770ec84bb6be0c2c64cc37c1d54a7f5d71377a9adbe20f26f6f2b544a821ea831",
       "040083192ed0b1cb31f75817794937f66ad91cf74552cd510cedb9fd641310422af5d09f221cad249ee814d16dd7ac84ded"
       "9eacdc28340fcfc9c0c06abe30a2fc28cd8002212ed868c9ba0fb2c91e2c39ba93996a3e4ebf45f2852d0928c48930e875c"
       "c7b428d0e7f3f4d503e5d60c68cb49b13c2480cd486bed9200caddaddfe4ff8e3562",
       "00062f9fc29ae1a68b2ee0dcf956cbd38c88ae5f645eaa546b00ebe87a7260bf724be20d34b9d02076655c933d056b21e30"
       "4c24ddb1dedf1dd76de611fc4a2340336",
-      "curve: P521 vector: 12" },
+      "curve: P521 vector: 12", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "011a6347d4e801c91923488354cc533e7e35fddf81ff0fb7f56bb0726e0c29ee5dcdc5f394ba54cf57269048aab6e055895c"
       "8da24b8b0639a742314390cc04190ed6",
       "0400fe30267f33ba5cdefc25cbb3c9320dad9ccb1d7d376644620ca4fadee5626a3cede25ad254624def727a7048f7145f761"
       "62aa98042f9b123b2076f8e8cf59b3fdf001145dc6631953b6e2945e94301d6cbb098fe4b04f7ee9b09411df104dc82d7d79e"
       "c46a01ed0f2d3e7db6eb680694bdeb107c1078aec6cabd9ebee3d342fe7e54df",
       "0401a89b636a93e5d2ba6c2292bf23033a84f06a3ac1220ea71e806afbe097a804cc67e9baa514cfb6c12c9194be30212bf7a"
       "ae7fdf6d376c212f0554e656463ffab7e0182efcaf70fc412d336602e014da47256a0b606f2addcce8053bf817ac8656bb4e4"
       "2f14c8cbf2a68f488ab35dcdf64056271dee1f606a440ba4bd4e5a11b8b8e54f",
       "0128ab09bfec5406799e610f772ba17e892249fa8e0e7b18a04b9197034b250b48294f1867fb9641518f92766066a07a8b917"
       "b0e76879e1011e51ccbd9f540c54d4f",
-      "curve: P521 vector: 13" },
+      "curve: P521 vector: 13", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "0022b6d2a22d71dfaa811d2d9f9f31fbed27f2e1f3d239538ddf3e4cc8c39a330266db25b7bc0a9704f17bde7f3592bf5f1f2d"
       "4b56013aacc3d8d1bc02f00d3146cc",
       "0400ba38cfbf9fd2518a3f61d43549e7a6a6d28b2be57ffd3e0faceb636b34ed17e044a9f249dae8fc132e937e2d9349cd2ed7"
       "7bb1049ceb692a2ec5b17ad61502a64c001ec91d3058573fa6c0564a02a1a010160c313bc7c73510dc983e5461682b5be00dbc"
       "e7e2c682ad73f29ca822cdc111f68fabe33a7b384a648342c3cdb9f050bcdb",
       "04017200b3f16a68cbaed2bf78ba8cddfb6cffac262bba00fbc25f9dc72a07ce59372904899f364c44cb264c097b647d4412be"
       "e3e519892d534d9129f8a28f7500fee700baba8d672a4f4a3b63de48b96f56e18df5d68f7d70d5109833f43770d6732e06b39ad"
       "60d93e5b43db8789f1ec0aba47286a39ea584235acea757dbf13d53b58364",
       "0101e462e9d9159968f6440e956f11dcf2227ae4aea81667122b6af9239a291eb5d6cf5a4087f358525fcacfa46bb2db01a75a"
       "f1ba519b2d31da33eda87a9d565748",
-      "curve: P521 vector: 14" },
+      "curve: P521 vector: 14", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "005bacfff268acf6553c3c583b464ea36a1d35e2b257a5d49eb3419d5a095087c2fb4d15cf5bf5af816d0f3ff7586490ccd3ddc1"
       "a98b39ce63749c6288ce0dbdac7d",
       "040036e488da7581472a9d8e628c58d6ad727311b7e6a3f6ae33a8544f34b09280249020be7196916fafd90e2ec54b66b5468d23"
       "61b99b56fa00d7ac37abb8c6f16653011edb9fb8adb6a43f4f5f5fdc1421c9fe04fc8ba46c9b66334e3af927c8befb4307104f299"
       "acec4e30f812d9345c9720d19869dbfffd4ca3e7d2713eb5fc3f42615",
       "04004efd5dbd2f979e3831ce98f82355d6ca14a5757842875882990ab85ab9b7352dd6b9b2f4ea9a1e95c3880d65d1f3602f9ca6"
       "53dc346fac858658d75626f4d4fb080061cf15dbdaa7f31589c98400373da284506d70c89f074ed262a9e28140796b7236c2eef99"
       "016085e71552ff488c72b7339fefb7915c38459cb20ab85aec4e45052",
       "0141d6a4b719ab67eaf04a92c0a41e2dda78f4354fb90bdc35202cc7699b9b04d49616f82255debf7bbec045ae58f982a66905fc"
       "fae69d689785e38c868eb4a27e7b",
-      "curve: P521 vector: 15" },
+      "curve: P521 vector: 15", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "008e2c93c5423876223a637cad367c8589da69a2d0fc68612f31923ae50219df2452e7cc92615b67f17b57ffd2f52b19154bb40"
       "d7715336420fde2e89fee244f59dc",
       "0400fa3b35118d6c422570f724a26f90b2833b19239174cea081c53133f64db60d6940ea1261299c04c1f4587cdb0c4c39616"
       "479c1bb0c146799a118032dcf98f899c00069f040229006151fa32b51f679c8816f7c17506b403809dc77cd58a2aec430d94d"
       "13b6c916de99f355aa45fcfbc6853d686c71be496a067d24bfaea4818fc51f75",
       "040129891de0cf3cf82e8c2cf1bf90bb296fe00ab08ca45bb7892e0e227a504fdd05d2381a4448b68adff9c4153c87eacb783"
       "30d8bd52515f9f9a0b58e85f446bb4e10009edd679696d3d1d0ef327f200383253f6413683d9e4fcc87bb35f112c2f110098d"
       "15e5701d7ceee416291ff5fed85e687f727388b9afe26a4f6feed560b218e6bb",
       "00345e26e0abb1aac12b75f3a9cf41efe1c336396dffa4a067a4c2cfeb878c68b2b045faa4e5b4e6fa4678f5b603c351903b1"
       "4bf9a6a70c439257199a640890b61d1",
-      "curve: P521 vector: 16" },
+      "curve: P521 vector: 16", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "0004d49d39d40d8111bf16d28c5936554326b197353eebbcf47545393bc8d3aaf98f14f5be7074bfb38e6cc97b989754074da"
       "ddb3045f4e4ce745669fdb3ec0d5fa8",
       "04012ec226d050ce07c79b3df4d0f0891f9f7adf462e8c98dbc1a2a14f5e53a3f5ad894433587cc429a8be9ea1d84fa33b180"
       "3690dae04da7218d30026157fc995cf52004837dfbf3426f57b5c793269130abb9a38f618532211931154db4eeb9aede88e57"
       "290f842ea0f2ea9a5f74c6203a3920fe4e305f6118f676b154e1d75b9cb5eb88",
       "0401a3c20240e59f5b7a3e17c275d2314ba1741210ad58b71036f8c83cc1f6b0f409dfdd9113e94b67ec39c3291426c23ffc"
       "c447054670d2908ff8fe67dc2306034c5c01d2825bfd3af8b1e13205780c137fe938f84fde40188e61ea02cead81badfdb425"
       "c29f7d7fb0324debadc10bbb93de68f62c35069268283f5265865db57a79f7bf7",
       "006fe9de6fb8e672e7fd150fdc5e617fabb0d43906354ccfd224757c7276f7a1010091b17ed072074f8d10a5ec971eb35a5c"
       "b7076603b7bc38d432cbc059f80f9488",
-      "curve: P521 vector: 17" },
+      "curve: P521 vector: 17", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "011a5d1cc79cd2bf73ea106f0e60a5ace220813b53e27b739864334a07c03367efda7a4619fa6eef3a9746492283b3c445610"
       "a023a9cc49bf4591140384fca5c8bb5",
       "0400eb07c7332eedb7d3036059d35f7d2288d4377d5f42337ad3964079fb120ccd4c8bd384b585621055217023acd9a94fcb3"
       "b965bfb394675e788ade41a1de73e620c00491a835de2e6e7deb7e090f4a11f2c460c0b1f3d5e94ee8d751014dc720784fd3b"
       "54500c86ebaef18429f09e8e876d5d1538968a030d7715dde99f0d8f06e29d59",
       "04007e2d138f2832e345ae8ff65957e40e5ec7163f016bdf6d24a2243daa631d878a4a16783990c722382130f9e51f0c1bd6"
       "ff5ac96780e48b68f5dec95f42e6144bb500b0de5c896791f52886b0f09913e26e78dd0b69798fc4df6d95e3ca708ecbcbcce1c1895f"
       "5561bbabaae372e9e67e6e1a3be60e19b470cdf673ec1fc393d3426e20",
       "01e4e759ecedce1013baf73e6fcc0b92451d03bdd50489b78871c333114990c9ba6a9b2fc7b1a2d9a1794c1b60d9279af6f"
       "146f0bbfb0683140403bfa4ccdb524a29",
-      "curve: P521 vector: 18" },
+      "curve: P521 vector: 18", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "010c908caf1be74c616b625fc8c1f514446a6aec83b5937141d6afbb0a8c7666a7746fa1f7a6664a2123e8cdf6cd8bf836c5"
       "6d3c0ebdcc980e43a186f938f3a78ae7",
       "040031890f4c7abec3f723362285d77d2636f876817db3bbc88b01e773597b969ff6f013ea470c854ab4a7739004eb8cbea6"
       "9b82ddf36acadd406871798ecb2ac3aa7f00d8b429ae3250266b9643c0c765a60dc10155bc2531cf8627296f4978b6640a9e"
       "600e19d0037d58503fa80799546a814d7478a550aa90e5ebeb052527faaeae5d08",
       "0400118c36022209b1af8ebad1a12b566fc48744576e1199fe80de1cdf851cdf03e5b9091a8f7e079e83b7f827259b691d0"
       "c22ee29d6bdf73ec7bbfd746f2cd97a357d00da5ff4904548a342e2e7ba6a1f4ee5f840411a96cf63e6fe622f22c13e614e"
       "0a847c11a1ab3f1d12cc850c32e095614ca8f7e2721477b486e9ff40372977c3f65c",
       "0163c9191d651039a5fe985a0eea1eba018a40ab1937fcd2b61220820ee8f2302e9799f6edfc3f5174f369d672d377ea895"
       "4a8d0c8b851e81a56fda95212a6578f0e",
-      "curve: P521 vector: 19" },
+      "curve: P521 vector: 19", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "01b37d6b7288de671360425d3e5ac1ccb21815079d8d73431e9b74a6f0e7ae004a357575b11ad66642ce8b775593eba9d98"
       "bf25c75ef0b4d3a2098bbc641f59a2b77",
       "0400189a5ee34de7e35aefeaeef9220c18071b4c29a4c3bd9d954458bd3e82a7a34da34cff5579b8101c065b1f2f527cf45"
       "81501e28ef5671873e65267733d003520af01eb4bc50a7b4d4599d7e3fa773ddb9eb252c9b3422872e544bdf75c7bf60f51"
       "66ddc11eb08fa7c30822dabaee373ab468eb2d922e484e2a527fff2ebb804b7d9a37",
       "0401780edff1ca1c03cfbe593edc6c049bcb2860294a92c355489d9afb2e702075ade1c953895a456230a0cde905de4a3f"
       "38573dbfcccd67ad6e7e93f0b5581e926a5d00a5481962c9162962e7f0ebdec936935d0eaa813e8226d40d7f6119bfd940"
       "602380c86721e61db1830f51e139f210000bcec0d8edd39e54d73a9a129f95cd5fa979",
       "015d613e267a36342e0d125cdad643d80d97ed0600afb9e6b9545c9e64a98cc6da7c5aaa3a8da0bdd9dd3b97e9788218a8"
       "0abafc106ef065c8f1c4e1119ef58d298b",
-      "curve: P521 vector: 20" },
+      "curve: P521 vector: 20", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "00f2661ac762f60c5fff23be5d969ccd4ec6f98e4e72618d12bdcdb9b4102162333788c0bae59f91cdfc172c7a1681ee44d9"
       "6ab2135a6e5f3415ebbcd55165b1afb0",
       "0400a8e25a6902d687b4787cdc94c364ac7cecc5c495483ed363dc0aa95ee2bd739c4c4d46b17006c728b076350d7d7e54c"
       "6822f52f47162a25109aaaba690cab696ec0168d2f08fe19e4dc9ee7a195b03c9f7fe6676f9f520b6270557504e72ca4394"
       "a2c6918625e15ac0c51b8f95cd560123653fb8e8ee6db961e2c4c62cc54e92e2a2a9",
       "04016dacffa183e5303083a334f765de724ec5ec9402026d4797884a9828a0d321a8cfac74ab737fe20a7d6befcfc73b6a3"
       "5c1c7b01d373e31abc192d48a4241a35803011e5327cac22d305e7156e559176e19bee7e4f2f59e86f1a9d0b6603b6a7df"
       "1069bde6387feb71587b8ffce5b266e1bae86de29378a34e5c74b6724c4d40a719923",
       "014d6082a3b5ced1ab8ca265a8106f302146c4acb8c30bb14a4c991e3c82a9731288bdb91e0e85bda313912d06384fc44"
       "f2153fb13506fa9cf43c9aab5750988c943",
-      "curve: P521 vector: 21" },
+      "curve: P521 vector: 21", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "00f430ca1261f09681a9282e9e970a9234227b1d5e58d558c3cc6eff44d1bdf53de16ad5ee2b18b92d62fc79586116b0e"
       "fc15f79340fb7eaf5ce6c44341dcf8dde27",
       "04006c1d9b5eca87de1fb871a0a32f807c725adccde9b3967453a71347d608f0c030cd09e338cdecbf4a02015bc8a6e8"
       "d3e2595fe773ffc2fc4e4a55d0b1a2cc00323b01141b2109e7f4981c952aa818a2b9f6f5c41feccdb7a7a45b9b4b6729"
       "37771b008cae5f934dfe3fed10d383ab1f38769c92ce88d9be5414817ecb073a31ab368ccb",
       "0400a091421d3703e3b341e9f1e7d58f8cf7bdbd1798d001967b801d1cec27e605c580b2387c1cb464f55ce7ac803341"
       "02ab03cfb86d88af76c9f4129c01bedd3bbfc4008c9c577a8e6fc446815e9d40baa66025f15dae285f19eb668ee60ae9"
       "c98e7ecdbf2b2a68e22928059f67db188007161d3ecf397e0883f0c4eb7eaf7827a62205cc",
       "0020c00747cb8d492fd497e0fec54644bf027d418ab686381f109712a99cabe328b9743d2225836f9ad66e5d7fed1de2"
       "47e0da92f60d5b31f9e47672e57f710598f4",
-      "curve: P521 vector: 22" },
+      "curve: P521 vector: 22", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "005dc33aeda03c2eb233014ee468dff753b72f73b00991043ea353828ae69d4cd0fadeda7bb278b535d7c57406ff2e6e"
       "473a5a4ff98e90f90d6dadd25100e8d85666",
       "0400c825ba307373cec8dd2498eef82e21fd9862168dbfeb83593980ca9f82875333899fe94f137daf1c4189eb502937"
       "c3a367ea7951ed8b0f3377fcdf2922021d46a5016b8a2540d5e65493888bc337249e67c0a68774f3e8d81e3b4574a012"
       "5165f0bd58b8af9de74b35832539f95c3cd9f1b759408560aa6851ae3ac7555347b0d3b13b",
       "04004f38816681771289ce0cb83a5e29a1ab06fc91f786994b23708ff08a08a0f675b809ae99e9f9967eb1a49f196057"
       "d69e50d6dedb4dd2d9a81c02bdcc8f7f518460009efb244c8b91087de1eed766500f0e81530752d469256ef79f6b965d"
       "8a2232a0c2dbc4e8e1d09214bab38485be6e357c4200d073b52f04e4a16fc6f5247187aecb",
       "00c2bfafcd7fbd3e2fd1c750fdea61e70bd4787a7e68468c574ee99ebc47eedef064e8944a73bcb7913dbab5d93dca6"
       "60d216c553622362794f7a2acc71022bdb16f",
-      "curve: P521 vector: 23" },
+      "curve: P521 vector: 23", ec_field_GFp },
 
-    { ECCurve_NIST_P521,
+    { ECCurve_NIST_P521, 1,
       "00df14b1f1432a7b0fb053965fd8643afee26b2451ecb6a8a53a655d5fbe16e4c64ce8647225eb11e7fdcb23627471"
       "dffc5c2523bd2ae89957cba3a57a23933e5a78",
       "04004e8583bbbb2ecd93f0714c332dff5ab3bc6396e62f3c560229664329baa5138c3bb1c36428abd4e23d17fcb7"
       "a2cfcc224b2e734c8941f6f121722d7b6b9415457601cf0874f204b0363f020864672fadbf87c8811eb147758b254b"
       "74b14fae742159f0f671a018212bbf25b8519e126d4cad778cfff50d288fd39ceb0cac635b175ec0",
       "0401a32099b02c0bd85371f60b0dd20890e6c7af048c8179890fda308b359dbbc2b7a832bb8c6526c4af99a7ea3f0"
       "b3cb96ae1eb7684132795c478ad6f962e4a6f446d017627357b39e9d7632a1370b3e93c1afb5c851b910eb4ead0c9"
       "d387df67cde85003e0e427552f1cd09059aad0262e235cce5fba8cedc4fdc1463da76dcd4b6d1a46",
       "01aaf24e5d47e4080c18c55ea35581cd8da30f1a079565045d2008d51b12d0abb4411cda7a0785b15d149ed301a36"
       "97062f42da237aa7f07e0af3fd00eb1800d9c41",
-      "curve: P521 vector: 24" },
+      "curve: P521 vector: 24", ec_field_GFp },
+
+    { ECCurve_pastLastCurve, 0, NULL, NULL, NULL, NULL, NULL, 0 }
+};
 
-    { ECCurve_pastLastCurve, NULL, NULL, NULL, NULL, NULL }
+static ECDH_KAT nonnist_testvecs[] = {
+    { ECCurve25519, 1,
+      "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+      NULL,
+      "e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c",
+      "c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552",
+      "curve: 25519 vector: 0", ec_field_plain },
+    { ECCurve25519, 1,
+      "4b66e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba0d",
+      NULL,
+      "e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a493",
+      "95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957",
+      "curve: 25519 vector: 1", ec_field_plain },
+    { ECCurve25519, 1,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      NULL,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      "422c8e7a6227d7bca1350b3e2bb7279f7897b87bb6854b783c60e80311ae3079",
+      "curve: 25519 vector: 2", ec_field_plain },
+    { ECCurve25519, 1000,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      NULL,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      "684cf59ba83309552800ef566f2f4d3c1c3887c49360e3875f2eb94d99532c51",
+      "curve: 25519 vector: 1000 iterations", ec_field_plain },
+#ifdef NSS_ENABLE_EXPENSIVE_TESTS
+    /* This test is disabled by default because it takes a very long time
+       * to run. */
+    { ECCurve25519, 1000000,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      NULL,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      "7c3911e0ab2586fd864497297e575e6f3bc601c0883c30df5f4dd2d24f665424",
+      "curve: 25519 vector: 1000000 iterations", ec_field_plain },
+#endif
+    { ECCurve25519, 1,
+      "174a56a75017c029e0861044d3c57c291823cf477ae6e21065cc121578bfa893",
+      NULL,
+      "7bd8396462a5788951caf3d3a28cb0904e4d081e62e6ac2d9da7152eb1310f30",
+      "28c09f6be3666a6ab3bf8f5b03eec14e95505e32726ae887053ce6a2061a9656",
+      "curve: 25519 custom vector 1", ec_field_plain },
+    { ECCurve25519, 1,
+      "577a2a7fcdacd4ccf7d7f81ba93ec83ae4bda32bec00ff7d59c294b69404f688",
+      NULL,
+      "a43b5491cbd9273abf694115f383fabe3bdc5f2baa30d2e00e43b6937a75cc5d",
+      "4aed703c32552576ca0b30a3fab53242e1eea29ddec993219d3c2b3c3e59b735",
+      "curve: 25519 custom vector 1", ec_field_plain },
+
+    { ECCurve_pastLastCurve, 0, NULL, NULL, NULL, NULL, NULL, 0 }
 };
+
+static ECDH_BAD nonnist_testvecs_bad_values[] = {
+    { ECCurve25519, "00", "curve: 25519 vector: 0 bad point", ec_field_plain },
+    { ECCurve25519,
+      "0100000000000000000000000000000000000000000000000000000000000000",
+      "curve: 25519 vector: 1 bad point", ec_field_plain },
+    { ECCurve25519,
+      "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b8",
+      "curve: 25519 vector: 2 bad point", ec_field_plain },
+    { ECCurve25519,
+      "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157",
+      "curve: 25519 vector: 3 bad point", ec_field_plain },
+    { ECCurve25519,
+      "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+      "curve: 25519 vector: 4 bad point", ec_field_plain },
+    { ECCurve25519,
+      "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+      "curve: 25519 vector: 5 bad point", ec_field_plain },
+    { ECCurve25519,
+      "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+      "curve: 25519 vector: 6 bad point", ec_field_plain },
+    { ECCurve25519,
+      "cdeb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880",
+      "curve: 25519 vector: 7 bad point", ec_field_plain },
+    { ECCurve25519,
+      "4c9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7",
+      "curve: 25519 vector: 8 bad point", ec_field_plain },
+    { ECCurve25519,
+      "d9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "curve: 25519 vector: 9 bad point", ec_field_plain },
+    { ECCurve25519,
+      "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "curve: 25519 vector: 10 bad point", ec_field_plain },
+    { ECCurve25519,
+      "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "curve: 25519 vector: 11 bad point", ec_field_plain },
+
+    { ECCurve_pastLastCurve, 0, NULL, 0 }
+};

--- a/security/nss/cmd/fipstest/fipstest.c
+++ b/security/nss/cmd/fipstest/fipstest.c
@@ -2518,17 +2518,17 @@ ecdsa_pkv_test(char *reqfn)
                 goto loser;
             }
             SECITEM_FreeItem(encodedparams, PR_TRUE);
             len = (ecparams->fieldID.size + 7) >> 3;
             if (pubkey.data != NULL) {
                 PORT_Free(pubkey.data);
                 pubkey.data = NULL;
             }
-            SECITEM_AllocItem(NULL, &pubkey, 2 * len + 1);
+            SECITEM_AllocItem(NULL, &pubkey, ecparams->pointSize);
             if (pubkey.data == NULL) {
                 goto loser;
             }
             pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED;
             fputs(buf, ecdsaresp);
             continue;
         }
         /* Qx = ... */

--- a/security/nss/cmd/listsuites/listsuites.c
+++ b/security/nss/cmd/listsuites/listsuites.c
@@ -45,19 +45,18 @@ main(int argc, char **argv)
             ++errCount;
             fprintf(stderr,
                     "SSL_GetCipherSuiteInfo didn't like value 0x%04x (i = %d): %s\n",
                     suite, i, PORT_ErrorToString(err));
             continue;
         }
         fprintf(stdout,
                 "%s:\n" /* up to 37 spaces  */
-                "  0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s %-8s %-11s\n",
+                "  0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s Domestic %-11s\n",
                 info.cipherSuiteName, info.cipherSuite,
                 info.keaTypeName, info.authAlgorithmName, info.symCipherName,
                 info.effectiveKeyBits, info.macAlgorithmName,
                 enabled ? "Enabled" : "Disabled",
                 info.isFIPS ? "FIPS" : "",
-                info.isExportable ? "Export" : "Domestic",
                 info.nonStandard ? "nonStandard" : "");
     }
     return errCount;
 }

--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -90,42 +90,42 @@ static enum ocspStaplingModeEnum {
     osm_ocsp       /* retrieve ocsp status from external ocsp server,
               use empty status if server is unavailable */
 } ocspStaplingMode = osm_disabled;
 typedef enum ocspStaplingModeEnum ocspStaplingModeType;
 static char *ocspStaplingCA = NULL;
 static SECItemArray *certStatus[kt_kea_size] = { NULL };
 
 const int ssl3CipherSuites[] = {
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA    * b */
-    TLS_RSA_WITH_RC4_128_MD5,            /* c */
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA,       /* d */
-    TLS_RSA_WITH_DES_CBC_SHA,            /* e */
-    TLS_RSA_EXPORT_WITH_RC4_40_MD5,      /* f */
-    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,  /* g */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,  * h */
-    TLS_RSA_WITH_NULL_MD5,               /* i */
-    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,  /* j */
-    SSL_RSA_FIPS_WITH_DES_CBC_SHA,       /* k */
-    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
-    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,  /* m */
-    TLS_RSA_WITH_RC4_128_SHA,            /* n */
-    TLS_DHE_DSS_WITH_RC4_128_SHA,        /* o */
-    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,   /* p */
-    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,   /* q */
-    TLS_DHE_RSA_WITH_DES_CBC_SHA,        /* r */
-    TLS_DHE_DSS_WITH_DES_CBC_SHA,        /* s */
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,    /* t */
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,    /* u */
-    TLS_RSA_WITH_AES_128_CBC_SHA,        /* v */
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,    /* w */
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,    /* x */
-    TLS_RSA_WITH_AES_256_CBC_SHA,        /* y */
-    TLS_RSA_WITH_NULL_SHA,               /* z */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
     0
 };
 
 /* data and structures for shutdown */
 static int stopping;
 
 static PRBool noDelay;
 static int requestCert;
@@ -176,31 +176,29 @@ PrintParameterUsage()
     fputs(
         "-V [min]:[max] restricts the set of enabled SSL/TLS protocol versions.\n"
         "   All versions are enabled by default.\n"
         "   Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
         "   Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
         "-B bypasses the PKCS11 layer for SSL encryption and MACing\n"
         "-q checks for bypassability\n"
         "-D means disable Nagle delays in TCP\n"
-        "-E means disable export ciphersuites and SSL step down key gen\n"
         "-R means disable detection of rollback from TLS to SSL3\n"
         "-a configure server for SNI.\n"
         "-k expected name negotiated on server sockets\n"
         "-b means try binding to the port and exit\n"
         "-m means test the model-socket feature of SSL_ImportFD.\n"
         "-r flag is interepreted as follows:\n"
         "    1 -r  means request, not require, cert on initial handshake.\n"
         "    2 -r's mean request  and require, cert on initial handshake.\n"
         "    3 -r's mean request, not require, cert on second handshake.\n"
         "    4 -r's mean request  and require, cert on second handshake.\n"
         "-s means disable SSL socket locking for performance\n"
         "-u means enable Session Ticket extension for TLS.\n"
         "-v means verbose output\n"
-        "-x means use export policy.\n"
         "-z means enable compression.\n"
         "-L seconds means log statistics every 'seconds' seconds (default=30).\n"
         "-M maxProcs tells how many processes to run in a multi-process server\n"
         "-N means do NOT use the server session cache.  Incompatible with -M.\n"
         "-t threads -- specify the number of threads to use for connections.\n"
         "-i pid_file file to write the process id of selfserve\n"
         "-l means use local threads instead of global threads\n"
         "-g numblocks means test throughput by sending total numblocks chunks\n"
@@ -308,58 +306,16 @@ disableAllSSLCiphers(void)
         if (rv != SECSuccess) {
             printf("SSL_CipherPrefSetDefault rejected suite 0x%04x (i = %d)\n",
                    suite, i);
             errWarn("SSL_CipherPrefSetDefault");
         }
     }
 }
 
-/* disable all the export SSL cipher suites */
-SECStatus
-disableExportSSLCiphers(void)
-{
-    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
-    int i = SSL_NumImplementedCiphers;
-    SECStatus rv = SECSuccess;
-    SSLCipherSuiteInfo info;
-
-    while (--i >= 0) {
-        PRUint16 suite = cipherSuites[i];
-        SECStatus status;
-        status = SSL_GetCipherSuiteInfo(suite, &info, sizeof info);
-        if (status != SECSuccess) {
-            printf("SSL_GetCipherSuiteInfo rejected suite 0x%04x (i = %d)\n",
-                   suite, i);
-            errWarn("SSL_GetCipherSuiteInfo");
-            rv = SECFailure;
-            continue;
-        }
-        if (info.cipherSuite != suite) {
-            printf(
-                "SSL_GetCipherSuiteInfo returned wrong suite! Wanted 0x%04x, Got 0x%04x\n",
-                suite, i);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            rv = SECFailure;
-            continue;
-        }
-        /* should check here that info.length >= offsetof isExportable */
-        if (info.isExportable) {
-            status = SSL_CipherPolicySet(suite, SSL_NOT_ALLOWED);
-            if (status != SECSuccess) {
-                printf("SSL_CipherPolicySet rejected suite 0x%04x (i = %d)\n",
-                       suite, i);
-                errWarn("SSL_CipherPolicySet");
-                rv = SECFailure;
-            }
-        }
-    }
-    return rv;
-}
-
 static SECStatus
 mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
                      PRBool isServer)
 {
     SECStatus rv;
     CERTCertificate *peerCert;
 
     peerCert = SSL_PeerCertificate(fd);
@@ -834,17 +790,16 @@ logger(void *arg)
 ** End   thread management routines.
 **************************************************************************/
 
 PRBool useModelSocket = PR_FALSE;
 static SSLVersionRange enabledVersions;
 PRBool disableRollBack = PR_FALSE;
 PRBool NoReuse = PR_FALSE;
 PRBool hasSidCache = PR_FALSE;
-PRBool disableStepDown = PR_FALSE;
 PRBool bypassPKCS11 = PR_FALSE;
 PRBool disableLocking = PR_FALSE;
 PRBool testbypass = PR_FALSE;
 PRBool enableSessionTickets = PR_FALSE;
 PRBool enableCompression = PR_FALSE;
 PRBool failedToNegotiateName = PR_FALSE;
 PRBool enableExtendedMasterSecret = PR_FALSE;
 PRBool zeroRTT = PR_FALSE;
@@ -1900,22 +1855,16 @@ server_main(
     if (rv != SECSuccess) {
         errExit("error setting SSL/TLS version range ");
     }
 
     rv = SSL_OptionSet(model_sock, SSL_ROLLBACK_DETECTION, !disableRollBack);
     if (rv != SECSuccess) {
         errExit("error enabling RollBack detection ");
     }
-    if (disableStepDown) {
-        rv = SSL_OptionSet(model_sock, SSL_NO_STEP_DOWN, PR_TRUE);
-        if (rv != SECSuccess) {
-            errExit("error disabling SSL StepDown ");
-        }
-    }
     if (bypassPKCS11) {
         rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, PR_TRUE);
         if (rv != SECSuccess) {
             errExit("error enabling PKCS11 bypass ");
         }
     }
     if (disableLocking) {
         rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, PR_TRUE);
@@ -2247,17 +2196,16 @@ main(int argc, char **argv)
     CERTCertificate *cert[kt_kea_size] = { NULL };
     SECKEYPrivateKey *privKey[kt_kea_size] = { NULL };
     int optionsFound = 0;
     int maxProcs = 1;
     unsigned short port = 0;
     SECStatus rv;
     PRStatus prStatus;
     PRBool bindOnly = PR_FALSE;
-    PRBool useExportPolicy = PR_FALSE;
     PRBool useLocalThreads = PR_FALSE;
     PLOptState *optstate;
     PLOptStatus status;
     PRThread *loggerThread = NULL;
     PRBool debugCache = PR_FALSE; /* bug 90518 */
     char emptyString[] = { "" };
     char *certPrefix = emptyString;
     PRUint32 protos = 0;
@@ -2272,19 +2220,20 @@ main(int argc, char **argv)
     progName = strrchr(tmp, '\\');
     progName = progName ? progName + 1 : tmp;
 
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
     SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
 
     /* please keep this list of options in ASCII collating sequence.
     ** numbers, then capital letters, then lower case, alphabetical.
-    */
+    ** XXX: 'E' and 'x' were used in the past, please leave some
+    **      time before resuing those. */
     optstate = PL_CreateOptState(argc, argv,
-                                 "2:A:BC:DEGH:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz");
+                                 "2:A:BC:DGH:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:yz");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
         ++optionsFound;
         switch (optstate->option) {
             case '2':
                 fileName = optstate->value;
                 break;
 
             case 'A':
@@ -2298,19 +2247,16 @@ main(int argc, char **argv)
             case 'C':
                 if (optstate->value)
                     NumSidCacheEntries = PORT_Atoi(optstate->value);
                 break;
 
             case 'D':
                 noDelay = PR_TRUE;
                 break;
-            case 'E':
-                disableStepDown = PR_TRUE;
-                break;
             case 'H':
                 configureDHE = (PORT_Atoi(optstate->value) != 0);
                 break;
 
             case 'G':
                 enableExtendedMasterSecret = PR_TRUE;
                 break;
 
@@ -2485,20 +2431,16 @@ main(int argc, char **argv)
                 verbose++;
                 break;
 
             case 'w':
                 pwdata.source = PW_PLAINTEXT;
                 pwdata.data = passwd = PORT_Strdup(optstate->value);
                 break;
 
-            case 'x':
-                useExportPolicy = PR_TRUE;
-                break;
-
             case 'y':
                 debugCache = PR_TRUE;
                 break;
 
             case 'z':
                 enableCompression = PR_TRUE;
                 break;
 
@@ -2660,34 +2602,16 @@ main(int argc, char **argv)
 
     /* Call the NSS initialization routines */
     rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
     if (rv != SECSuccess) {
         fputs("NSS_Init failed.\n", stderr);
         exit(8);
     }
 
-    /* set the policy bits true for all the cipher suites. */
-    if (useExportPolicy) {
-        NSS_SetExportPolicy();
-        if (disableStepDown) {
-            fputs("selfserv: -x and -E options may not be used together\n",
-                  stderr);
-            exit(98);
-        }
-    } else {
-        NSS_SetDomesticPolicy();
-        if (disableStepDown) {
-            rv = disableExportSSLCiphers();
-            if (rv != SECSuccess) {
-                errExit("error disabling export ciphersuites ");
-            }
-        }
-    }
-
     /* all SSL3 cipher suites are enabled by default. */
     if (cipherString) {
         char *cstringSaved = cipherString;
         int ndx;
 
         /* disable all the ciphers, then enable the ones we want. */
         disableAllSSLCiphers();
 
@@ -2846,16 +2770,19 @@ main(int argc, char **argv)
 #endif /* NSS_DISABLE_ECC */
 
     if (testbypass)
         goto cleanup;
 
     if (configureWeakDHE > 0) {
         fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n");
         rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
         fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n");
     }
 
     /* allocate the array of thread slots, and launch the worker threads. */
     rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
 
     if (rv == SECSuccess && logStats) {
         loggerThread = PR_CreateThread(PR_SYSTEM_THREAD,

--- a/security/nss/cmd/signtool/javascript.c
+++ b/security/nss/cmd/signtool/javascript.c
@@ -1703,16 +1703,19 @@ make_dirs(char *path, int file_perms)
 
     if (!path) {
         return 0;
     }
 
     Path = PL_strdup(path);
     start = strpbrk(Path, "/\\");
     if (!start) {
+        if (Path) {
+            PR_Free(Path);
+        }
         return 0;
     }
     start++; /* start right after first slash */
 
     /* Each time through the loop add one more directory. */
     while ((sep = strpbrk(start, "/\\"))) {
         *sep = '\0';
 

--- a/security/nss/cmd/ssltap/ssltap.c
+++ b/security/nss/cmd/ssltap/ssltap.c
@@ -1866,16 +1866,20 @@ print_ssl(DataBufferList *s, int length,
         PR_Write(PR_STDOUT, buffer, length);
         return;
     }
 
     check_integrity(s);
 
     db = PR_NEW(struct _DataBuffer);
 
+    if (!db) {
+        return;
+    }
+
     db->buffer = (unsigned char *)PORT_Alloc(length);
     db->length = length;
     db->offset = 0;
     memcpy(db->buffer, buffer, length);
     db->next = NULL;
 
     /* now, add it to the stream */
 

--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -42,42 +42,42 @@
 
 #define RD_BUF_SIZE (60 * 1024)
 
 /* Include these cipher suite arrays to re-use tstclnt's
  * cipher selection code.
  */
 
 int ssl3CipherSuites[] = {
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
-    TLS_RSA_WITH_RC4_128_MD5,            /* c */
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA,       /* d */
-    TLS_RSA_WITH_DES_CBC_SHA,            /* e */
-    TLS_RSA_EXPORT_WITH_RC4_40_MD5,      /* f */
-    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,  /* g */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
-    TLS_RSA_WITH_NULL_MD5,               /* i */
-    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,  /* j */
-    SSL_RSA_FIPS_WITH_DES_CBC_SHA,       /* k */
-    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
-    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,  /* m */
-    TLS_RSA_WITH_RC4_128_SHA,            /* n */
-    TLS_DHE_DSS_WITH_RC4_128_SHA,        /* o */
-    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,   /* p */
-    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,   /* q */
-    TLS_DHE_RSA_WITH_DES_CBC_SHA,        /* r */
-    TLS_DHE_DSS_WITH_DES_CBC_SHA,        /* s */
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,    /* t */
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,    /* u */
-    TLS_RSA_WITH_AES_128_CBC_SHA,        /* v */
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,    /* w */
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,    /* x */
-    TLS_RSA_WITH_AES_256_CBC_SHA,        /* y */
-    TLS_RSA_WITH_NULL_SHA,               /* z */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
     0
 };
 
 #define NO_FULLHS_PERCENTAGE -1
 
 /* This global string is so that client main can see
  * which ciphers to use.
  */

--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -56,42 +56,42 @@
 #define EXIT_CODE_SIDECHANNELTEST_GOOD 0
 #define EXIT_CODE_SIDECHANNELTEST_BADCERT 1
 #define EXIT_CODE_SIDECHANNELTEST_NODATA 2
 #define EXIT_CODE_SIDECHANNELTEST_REVOKED 3
 
 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
 
 int ssl3CipherSuites[] = {
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,   * b */
-    TLS_RSA_WITH_RC4_128_MD5,            /* c */
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA,       /* d */
-    TLS_RSA_WITH_DES_CBC_SHA,            /* e */
-    TLS_RSA_EXPORT_WITH_RC4_40_MD5,      /* f */
-    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,  /* g */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,      * h */
-    TLS_RSA_WITH_NULL_MD5,               /* i */
-    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,  /* j */
-    SSL_RSA_FIPS_WITH_DES_CBC_SHA,       /* k */
-    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
-    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,  /* m */
-    TLS_RSA_WITH_RC4_128_SHA,            /* n */
-    TLS_DHE_DSS_WITH_RC4_128_SHA,        /* o */
-    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,   /* p */
-    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,   /* q */
-    TLS_DHE_RSA_WITH_DES_CBC_SHA,        /* r */
-    TLS_DHE_DSS_WITH_DES_CBC_SHA,        /* s */
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,    /* t */
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,    /* u */
-    TLS_RSA_WITH_AES_128_CBC_SHA,        /* v */
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,    /* w */
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,    /* x */
-    TLS_RSA_WITH_AES_256_CBC_SHA,        /* y */
-    TLS_RSA_WITH_NULL_SHA,               /* z */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
     0
 };
 
 unsigned long __cmp_umuls;
 PRBool verbose;
 int dumpServerChain = 0;
 int renegotiationsToDo = 0;
 int renegotiationsDone = 0;
@@ -223,17 +223,16 @@ PrintParameterUsage(void)
             "-V [min]:[max]", "", "", "");
     fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K");
     fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S");
     fprintf(stderr, "%-20s Client speaks first. \n", "-f");
     fprintf(stderr, "%-20s Use synchronous certificate validation\n", "-O");
     fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o");
     fprintf(stderr, "%-20s Disable SSL socket locking.\n", "-s");
     fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v");
-    fprintf(stderr, "%-20s Use export policy.\n", "-x");
     fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
     fprintf(stderr, "%-20s Timeout for server ping (default: no timeout).\n", "-t seconds");
     fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N");
     fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
     fprintf(stderr, "%-20s Enable compression.\n", "-z");
     fprintf(stderr, "%-20s Enable false start.\n", "-g");
     fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n", "-T");
     fprintf(stderr, "%-20s Enable the signed_certificate_timestamp extension.\n", "-U");
@@ -273,23 +272,17 @@ PrintCipherUsage(const char *progName)
 {
     PrintUsageHeader(progName);
     fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
             "-c ciphers");
     fprintf(stderr,
             "c    SSL3 RSA WITH RC4 128 MD5\n"
             "d    SSL3 RSA WITH 3DES EDE CBC SHA\n"
             "e    SSL3 RSA WITH DES CBC SHA\n"
-            "f    SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-            "g    SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
             "i    SSL3 RSA WITH NULL MD5\n"
-            "j    SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
-            "k    SSL3 RSA FIPS WITH DES CBC SHA\n"
-            "l    SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-            "m    SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
             "n    SSL3 RSA WITH RC4 128 SHA\n"
             "o    SSL3 DHE DSS WITH RC4 128 SHA\n"
             "p    SSL3 DHE RSA WITH 3DES EDE CBC SHA\n"
             "q    SSL3 DHE DSS WITH 3DES EDE CBC SHA\n"
             "r    SSL3 DHE RSA WITH DES CBC SHA\n"
             "s    SSL3 DHE DSS WITH DES CBC SHA\n"
             "t    SSL3 DHE DSS WITH AES 128 CBC SHA\n"
             "u    SSL3 DHE RSA WITH AES 128 CBC SHA\n"
@@ -906,17 +899,16 @@ main(int argc, char **argv)
     SECStatus rv;
     PRStatus status;
     PRInt32 filesReady;
     int npds;
     int override = 0;
     SSLVersionRange enabledVersions;
     int bypassPKCS11 = 0;
     int disableLocking = 0;
-    int useExportPolicy = 0;
     int enableSessionTickets = 0;
     int enableCompression = 0;
     int enableFalseStart = 0;
     int enableCertStatus = 0;
     int enableSignedCertTimestamps = 0;
     int forceFallbackSCSV = 0;
     int enableExtendedMasterSecret = 0;
     PRBool requireDHNamedGroups = 0;
@@ -963,17 +955,17 @@ main(int argc, char **argv)
         if (sec > 0) {
             maxInterval = PR_SecondsToInterval(sec);
         }
     }
 
     SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
 
     optstate = PL_CreateOptState(argc, argv,
-                                 "46BCDFGHKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz");
+                                 "46BCDFGHKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:z");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
         switch (optstate->option) {
             case '?':
             default:
                 Usage(progName);
                 break;
 
             case '4':
@@ -1154,20 +1146,16 @@ main(int argc, char **argv)
                 pwdata.data = PORT_Strdup(optstate->value);
                 break;
 
             case 'W':
                 pwdata.source = PW_FROMFILE;
                 pwdata.data = PORT_Strdup(optstate->value);
                 break;
 
-            case 'x':
-                useExportPolicy = 1;
-                break;
-
             case 'z':
                 enableCompression = 1;
                 break;
         }
     }
 
     PL_DestroyOptState(optstate);
 
@@ -1311,22 +1299,16 @@ main(int argc, char **argv)
 
     if (loadDefaultRootCAs) {
         SECMOD_AddNewModule("Builtins",
                             DLL_PREFIX "nssckbi." DLL_SUFFIX, 0, 0);
     } else if (rootModule) {
         SECMOD_AddNewModule("Builtins", rootModule, 0, 0);
     }
 
-    /* set the policy bits true for all the cipher suites. */
-    if (useExportPolicy)
-        NSS_SetExportPolicy();
-    else
-        NSS_SetDomesticPolicy();
-
     /* all SSL3 cipher suites are enabled by default. */
     if (cipherString) {
         /* disable all the ciphers, then enable the ones we want. */
         disableAllSSLCiphers();
     }
 
     /* Create socket */
     s = PR_OpenTCPSocket(addr.raw.family);

--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -9,42 +9,42 @@
 #include "secutil.h"
 
 extern PRBool dumpChain;
 extern void dumpCertChain(CERTCertificate *, SECCertUsage);
 
 /* Declare SSL cipher suites. */
 
 int ssl3CipherSuites[] = {
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
-    TLS_RSA_WITH_RC4_128_MD5,            /* c */
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA,       /* d */
-    TLS_RSA_WITH_DES_CBC_SHA,            /* e */
-    TLS_RSA_EXPORT_WITH_RC4_40_MD5,      /* f */
-    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,  /* g */
-    -1,                                  /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    TLS_RSA_WITH_NULL_MD5,               /* i */
-    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,  /* j */
-    SSL_RSA_FIPS_WITH_DES_CBC_SHA,       /* k */
-    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
-    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,  /* m */
-    TLS_RSA_WITH_RC4_128_SHA,            /* n */
-    TLS_DHE_DSS_WITH_RC4_128_SHA,        /* o */
-    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,   /* p */
-    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,   /* q */
-    TLS_DHE_RSA_WITH_DES_CBC_SHA,        /* r */
-    TLS_DHE_DSS_WITH_DES_CBC_SHA,        /* s */
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,    /* t */
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,    /* u */
-    TLS_RSA_WITH_AES_128_CBC_SHA,        /* v */
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,    /* w */
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,    /* x */
-    TLS_RSA_WITH_AES_256_CBC_SHA,        /* y */
-    TLS_RSA_WITH_NULL_SHA,               /* z */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
     0
 };
 int numSSL3CipherSuites = PR_ARRAY_SIZE(ssl3CipherSuites);
 
 /**************************************************************************
 **
 ** SSL callback routines.
 **

--- a/security/nss/coreconf/Darwin.mk
+++ b/security/nss/coreconf/Darwin.mk
@@ -105,16 +105,22 @@ endif
 ARCH		= darwin
 
 DSO_CFLAGS	= -fPIC
 # May override this with different compatibility and current version numbers.
 DARWIN_DYLIB_VERSIONS = -compatibility_version 1 -current_version 1
 # May override this with -bundle to create a loadable module.
 DSO_LDOPTS	= -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @executable_path/$(notdir $@) -headerpad_max_install_names
 
+ifdef USE_GCOV
+   OS_CFLAGS += --coverage
+   LDFLAGS += --coverage
+   DSO_LDOPTS += --coverage
+endif
+
 MKSHLIB		= $(CC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
 DLL_SUFFIX	= dylib
 ifdef MAPFILE
 	MKSHLIB += -exported_symbols_list $(MAPFILE)
 endif
 PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \
                 sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,_,' > $@
 

--- a/security/nss/coreconf/Linux.mk
+++ b/security/nss/coreconf/Linux.mk
@@ -210,9 +210,15 @@ ifdef MAPFILE
 endif
 PROCESS_MAP_FILE = grep -v ';-' $< | \
         sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
 
 ifeq ($(OS_RELEASE),2.4)
 DEFINES += -DNO_FORK_CHECK
 endif
 
+ifdef USE_GCOV
+OS_CFLAGS += --coverage
+LDFLAGS += --coverage
+DSO_LDOPTS += --coverage
+endif
+
 include $(CORE_DEPTH)/coreconf/sanitizers.mk

--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+

--- a/security/nss/external_tests/nss_bogo_shim/config.json
+++ b/security/nss/external_tests/nss_bogo_shim/config.json
@@ -1,19 +1,27 @@
 {
     "DisabledTests": {
-        "*HelloRetryRequest*":"HRR hasn't landed yet",
-        "SecondClientHelloWrongCurve":"HRR hasn't landed yet",
+        "*TLS13*":"Draft version mismatch (NSS=15, BoGo=14)",
+        "FallbackSCSV-VersionMatch":"Draft version mismatch (NSS=15, BoGo=14)",
+        "SendEmptyRecords-Pass":"Draft version mismatch (NSS=15, BoGo=14)",
+        "SendSNIWarningAlert":"Draft version mismatch (NSS=15, BoGo=14)",
+        "UnknownCipher":"Draft version mismatch (NSS=15, BoGo=14)",
+        "UnknownCurve":"Draft version mismatch (NSS=15, BoGo=14)",
+        "*TrailingMessageData*":"Draft version mismatch (NSS=15, BoGo=14)",
+        "*Downgrade-TLS12*":"Draft version mismatch (NSS=15, BoGo=14)",
+        "UnknownCurve":"Draft version mismatch (NSS=15, BoGo=14)",
+        "*MissingKeyShare*":"Draft version mismatch (NSS=15, BoGo=14)",
+        "SecondClientHelloWrongCurve":"Draft version mismatch (NSS=15, BoGo=14)",
+        "SendHelloRetryRequest":"Expects CurveX25519",
+        "SendHelloRetryRequest-2":"Expects CurveX25519",
         "KeyUpdate":"KeyUpdate Unimplemented",
         "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
         "ClientAuth-SHA1-Fallback":"Disagreement about alerts. Bug 1294975",
         "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
-        "*SignatureType-TLS13":"SignatureScheme patch",
-        "ECDSACurveMismatch-Verify-TLS13":"SignatureScheme patch",
-        "ServerAuth-NoFallback-TLS13":"PSS",
         "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
         "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
         "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
         "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
         "*VersionTolerance":"BoGo expects us to negotiate 1.3 but we negotiate 1.2 because BoGo didn't send draft version",
         "*SSL3*":"NSS disables SSLv3",
         "*SSLv3*":"NSS disables SSLv3",
         "*AES256*":"Inconsistent support for AES256",
@@ -24,18 +32,35 @@
         "SillyDH":"NSS supports 4097-bit DH",
         "SendWarningAlerts":"This appears to be Boring-specific",
         "V2ClientHello-WarningAlertPrefix":"Bug 1292893",
         "TLS12-AES128-GCM-client":"Bug 1292895",
         "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895",
         "Renegotiate-Client-Forbidden-1":"Bug 1292898",
         "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default",
         "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default",
-        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default"
+        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default",
+        "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error",
+        "FragmentedClientVersion":"received a malformed Client Hello handshake message",
+        "UnofferedExtension-Client-TLS13":"nss updated/broken",
+        "UnknownExtension-Client-TLS13":"nss updated/broken",
+        "WrongMessageType-TLS13-EncryptedExtensions":"nss updated/broken",
+        "WrongMessageType-TLS13-CertificateRequest":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
+        "EncryptedExtensionsWithKeyShare":"nss updated/broken",
+        "EmptyEncryptedExtensions":"nss updated/broken",
+        "ClientAuth-SHA1-Fallback-RSA":"We fail when the sig_algs_ext is empty",
+        "SendSNIWarningAlert":"Bug 1304574",
+        "Downgrade-TLS12-*":"NSS implements downgrade detection",
+        "TrailingMessageData-*": "Bug 1304575",
+        "DuplicateKeyShares":"Bug 1304578"
     },
     "ErrorMap" : {
         ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
         ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
         ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
-        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP"
+        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE"
     }
 }
 

--- a/security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
+++ b/security/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
@@ -170,22 +170,23 @@ class TestAgent {
   }
 
   bool EnableNonExportCiphers() {
     for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
       SSLCipherSuiteInfo csinfo;
 
       SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
                                             sizeof(csinfo));
-      if (rv != SECSuccess) return false;
-      if (!csinfo.isExportable) {
-        rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
-        if (rv != SECSuccess) {
-          return false;
-        }
+      if (rv != SECSuccess) {
+        return false;
+      }
+
+      rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
+      if (rv != SECSuccess) {
+        return false;
       }
     }
     return true;
   }
 
   // Dummy auth certificate hook.
   static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
                                        PRBool checksig, PRBool isServer) {

--- a/security/nss/external_tests/pk11_gtest/manifest.mn
+++ b/security/nss/external_tests/pk11_gtest/manifest.mn
@@ -4,16 +4,17 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 CORE_DEPTH = ../..
 DEPTH      = ../..
 MODULE = nss
 
 CPPSRCS = \
       pk11_aeskeywrap_unittest.cc \
       pk11_chacha20poly1305_unittest.cc \
+      pk11_export_unittest.cc \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \
       pk11_rsapss_unittest.cc \
       $(NULL)
 
 INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
             -I$(CORE_DEPTH)/external_tests/common
 

--- a/security/nss/external_tests/ssl_gtest/libssl_internals.c
+++ b/security/nss/external_tests/ssl_gtest/libssl_internals.c
@@ -21,31 +21,32 @@ SECStatus SSLInt_IncrementClientHandshak
 
   ++ss->clientHelloVersion;
 
   return SECSuccess;
 }
 
 // This function guesses what key exchange strength libssl will choose.
 PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
-                                 const SSLCipherSuiteInfo *info) {
+                                 SSLAuthType authAlgorithm,
+                                 PRUint32 symKeyBits) {
   PRUint32 authBits;
-  SSLAuthType authAlgorithm = info->authType;
+
   if (authAlgorithm == ssl_auth_ecdsa || authAlgorithm == ssl_auth_ecdh_rsa ||
       authAlgorithm == ssl_auth_ecdh_ecdsa) {
     authBits = serverKeyBits;
   } else {
     PORT_Assert(authAlgorithm == ssl_auth_rsa_decrypt ||
                 authAlgorithm == ssl_auth_rsa_sign);
     authBits = SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits);
   }
 
   // We expect a curve for key exchange to be selected based on the symmetric
   // key strength (times 2) or the server key size, whichever is smaller.
-  PRUint32 targetKeaBits = PR_MIN(info->symKeyBits * 2, authBits);
+  PRUint32 targetKeaBits = PR_MIN(symKeyBits * 2, authBits);
 
   // P-256 is the preferred curve of minimum size.
   return PR_MAX(256U, targetKeaBits);
 }
 
 /* Use this function to update the ClientRandom of a client's handshake state
  * after replacing its ClientHello message. We for example need to do this
  * when replacing an SSLv3 ClientHello with its SSLv2 equivalent. */
@@ -278,8 +279,15 @@ SECStatus SSLInt_AdvanceWriteSeqByAWindo
   if (!ss) {
     return SECFailure;
   }
   ssl_GetSpecReadLock(ss);
   to = ss->ssl3.cwSpec->write_seq_num + DTLS_RECVD_RECORDS_WINDOW + extra;
   ssl_ReleaseSpecReadLock(ss);
   return SSLInt_AdvanceWriteSeqNum(fd, to & RECORD_SEQ_MAX);
 }
+
+SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group) {
+  const sslNamedGroupDef *groupDef = ssl_LookupNamedGroup(group);
+  if (!groupDef) return ssl_kea_null;
+
+  return groupDef->keaType;
+}

--- a/security/nss/external_tests/ssl_gtest/libssl_internals.h
+++ b/security/nss/external_tests/ssl_gtest/libssl_internals.h
@@ -11,18 +11,18 @@
 
 #include "prio.h"
 #include "seccomon.h"
 #include "sslt.h"
 
 SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
 
 PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
-                                 const SSLCipherSuiteInfo *info);
-
+                                 SSLAuthType authAlgorithm,
+                                 PRUint32 symKeyBits);
 SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
                                          size_t rnd_len, uint8_t *msg,
                                          size_t msg_len);
 
 PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
 void SSLInt_ClearSessionTicketKey();
 PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd);
 void SSLInt_ForceTimerExpiry(PRFileDesc *fd);
@@ -31,10 +31,11 @@ PRBool SSLInt_CheckSecretsDestroyed(PRFi
 PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd);
 PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd);
 SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len);
 PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType);
 PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type);
 SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to);
 SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to);
 SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra);
+SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group);
 
 #endif  // ndef libssl_internals_h_

--- a/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
@@ -19,24 +19,24 @@
 namespace nss_test {
 
 // This is a 1-RTT ClientHello with ECDHE and DHE.
 const static uint8_t kCannedTls13ClientHello[] = {
     0x01, 0x00, 0x01, 0xfc, 0x03, 0x04, 0x77, 0x5c, 0x3a, 0xd8, 0x3f, 0x43,
     0x63, 0x98, 0xfa, 0x68, 0xfb, 0x01, 0x39, 0xff, 0x7c, 0x1a, 0x51, 0xa7,
     0x92, 0xda, 0x97, 0xf5, 0x15, 0x78, 0xb3, 0xbb, 0x26, 0xa7, 0xed, 0x6f,
     0x69, 0x71, 0x00, 0x00, 0x2a, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc,
-    0xa8, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9e, 0xcc,
+    0xa8, 0x13, 0x01, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9e, 0xcc,
     0xaa, 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x38, 0x00, 0x16, 0x00,
     0x13, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01,
     0x00, 0x01, 0xa9, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
     0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
     0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
     0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0xff, 0x02, 0x00, 0x02, 0x00,
-    0x0e, 0x00, 0x28, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04,
+    0x0f, 0x00, 0x28, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04,
     0xbf, 0x31, 0xb4, 0x29, 0x96, 0xf4, 0xe6, 0x4a, 0xe3, 0xea, 0x87, 0x05,
     0x38, 0x0e, 0x68, 0x02, 0xbc, 0x4a, 0x5d, 0x90, 0xed, 0xe7, 0xaa, 0x8e,
     0xb8, 0x42, 0x84, 0xaa, 0x3a, 0x4f, 0x2b, 0xe3, 0x52, 0x9a, 0x9a, 0x76,
     0xab, 0xf8, 0x2e, 0x59, 0xea, 0xcd, 0x2b, 0x2f, 0x03, 0x18, 0xd2, 0x0c,
     0xc9, 0x07, 0x15, 0xca, 0xe6, 0x61, 0xf7, 0x79, 0x9f, 0xfe, 0xc5, 0x10,
     0x40, 0x9e, 0x38, 0x33, 0x01, 0x00, 0x01, 0x00, 0xd8, 0x80, 0x1f, 0x06,
     0x9a, 0xbb, 0xf7, 0xbb, 0xd4, 0x5c, 0x75, 0x1d, 0x8e, 0x09, 0x27, 0xad,
     0x08, 0xb8, 0x16, 0x0f, 0x4f, 0x50, 0x79, 0xe1, 0x7e, 0xd4, 0x3b, 0xc0,
@@ -60,27 +60,26 @@ const static uint8_t kCannedTls13ClientH
     0xc8, 0x1b, 0xfe, 0xb4, 0x98, 0xed, 0xa4, 0xa0, 0xee, 0xf9, 0x53, 0x74,
     0x30, 0xac, 0x79, 0x2d, 0xf2, 0x92, 0xd0, 0x5e, 0x10, 0xd7, 0xb9, 0x41,
     0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
     0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03, 0x05, 0x02,
     0x04, 0x02, 0x02, 0x02, 0x00, 0x15, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 
 const static uint8_t kCannedTls13ServerHello[] = {
-    0x03, 0x04, 0xe9, 0x01, 0xa0, 0x81, 0x37, 0x97, 0xaa, 0x8c, 0x7e, 0x21,
-    0x1c, 0x66, 0x3f, 0xa4, 0x0f, 0x4d, 0x74, 0x7a, 0xcd, 0x4b, 0xe1, 0x7f,
-    0x37, 0x85, 0x14, 0xb5, 0x7e, 0x30, 0x15, 0x91, 0xdf, 0x18, 0xc0, 0x2f,
-    0x00, 0x49, 0x00, 0x28, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x1a,
-    0x53, 0x9b, 0x39, 0xe6, 0xda, 0x66, 0xfc, 0x8a, 0x75, 0x68, 0xb7, 0x73,
-    0xc7, 0x21, 0x1f, 0x01, 0x04, 0x54, 0xb4, 0x99, 0x1f, 0x0b, 0x7e, 0xea,
-    0x95, 0xec, 0x78, 0x5c, 0x37, 0x7c, 0x31, 0x56, 0x04, 0xc8, 0xbf, 0x79,
-    0x47, 0x56, 0xb9, 0x87, 0x06, 0xc1, 0xfc, 0x63, 0x09, 0x5d, 0xfc, 0x1a,
-    0x9e, 0x2b, 0xb9, 0xca, 0xdb, 0x0e, 0x10, 0xec, 0xd5, 0x95, 0x0d, 0x0a,
-    0x5e, 0x3c, 0xf7};
-
+    0x03, 0x04, 0x21, 0x12, 0xa7, 0xa7, 0x0d, 0x85, 0x8b, 0xb8, 0x0c, 0xbb,
+    0xdc, 0xa6, 0xfd, 0x97, 0xfe, 0x31, 0x26, 0x49, 0x2d, 0xa8, 0x6c, 0x7b,
+    0x65, 0x30, 0x71, 0x00, 0x31, 0x03, 0x2b, 0x94, 0xe2, 0x16, 0x13, 0x01,
+    0x00, 0x4d, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x28, 0x00, 0x45, 0x00, 0x17,
+    0x00, 0x41, 0x04, 0x10, 0x97, 0x3d, 0x7a, 0xcf, 0xa2, 0x34, 0xe3, 0x69,
+    0xc4, 0xdd, 0x1e, 0xf2, 0xd6, 0xc0, 0x9a, 0x3e, 0xf5, 0x41, 0xf3, 0x03,
+    0x23, 0x94, 0xd2, 0x31, 0x85, 0xb7, 0xae, 0x5d, 0xfa, 0xc6, 0x9a, 0xd0,
+    0xa5, 0x44, 0xa3, 0x3a, 0xe0, 0xbb, 0x61, 0xaa, 0x0a, 0x6f, 0xe8, 0xaf,
+    0xdf, 0x86, 0xd8, 0x48, 0x36, 0x9c, 0x19, 0x70, 0x55, 0x84, 0xb0, 0x1c,
+    0x8d, 0xfc, 0x6e, 0xd8, 0x86, 0xc3, 0x95};
 static const char *k0RttData = "ABCDEF";
 
 TEST_P(TlsAgentTest, EarlyFinished) {
   DataBuffer buffer;
   MakeTrivialHandshakeRecord(kTlsHandshakeFinished, 0, &buffer);
   ProcessMessage(buffer, TlsAgent::STATE_ERROR,
                  SSL_ERROR_RX_UNEXPECTED_FINISHED);
 }

--- a/security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -18,190 +18,135 @@ extern "C" {
 
 #include "gtest_utils.h"
 #include "tls_connect.h"
 #include "tls_parser.h"
 
 namespace nss_test {
 
 // mode, version, cipher suite
-typedef std::tuple<std::string, uint16_t, uint16_t> CipherSuiteProfile;
+typedef std::tuple<std::string, uint16_t, uint16_t, SSLNamedGroup,
+                   TlsSignatureScheme>
+    CipherSuiteProfile;
 
 class TlsCipherSuiteTestBase : public TlsConnectTestBase {
  public:
   TlsCipherSuiteTestBase(std::string mode, uint16_t version,
-                         uint16_t cipher_suite)
+                         uint16_t cipher_suite, SSLNamedGroup group,
+                         TlsSignatureScheme signature_scheme)
       : TlsConnectTestBase(TlsConnectTestBase::ToMode(mode), version),
         cipher_suite_(cipher_suite),
+        group_(group),
+        signature_scheme_(signature_scheme),
         csinfo_({0}) {
     SECStatus rv =
         SSL_GetCipherSuiteInfo(cipher_suite_, &csinfo_, sizeof(csinfo_));
     EXPECT_EQ(SECSuccess, rv);
     if (rv == SECSuccess) {
       std::cerr << "Cipher suite: " << csinfo_.cipherSuiteName << std::endl;
     }
+    auth_type_ = csinfo_.authType;
+    kea_type_ = csinfo_.keaType;
   }
 
  protected:
-  uint16_t cipher_suite_;
-  SSLCipherSuiteInfo csinfo_;
-
-  void SetupCertificate() {
-    switch (csinfo_.authType) {
-      case ssl_auth_rsa_sign:
-        Reset(TlsAgent::kServerRsaSign);
-        break;
-      case ssl_auth_rsa_decrypt:
-        Reset(TlsAgent::kServerRsaDecrypt);
-        break;
-      case ssl_auth_ecdsa:
-        Reset(TlsAgent::kServerEcdsa256);
-        break;
-      case ssl_auth_ecdh_ecdsa:
-        Reset(TlsAgent::kServerEcdhEcdsa);
-        break;
-      case ssl_auth_ecdh_rsa:
-        Reset(TlsAgent::kServerEcdhRsa);
-        break;
-      case ssl_auth_dsa:
-        Reset(TlsAgent::kServerDsa);
-        break;
-      default:
-        ASSERT_TRUE(false) << "Unsupported cipher suite: " << cipher_suite_;
-        break;
-    }
-  }
-
   void EnableSingleCipher() {
     EnsureTlsSetup();
     // It doesn't matter which does this, but the test is better if both do it.
     client_->EnableSingleCipher(cipher_suite_);
     server_->EnableSingleCipher(cipher_suite_);
+
+    if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+      client_->ConfigNamedGroups(&group_, 1);
+      server_->ConfigNamedGroups(&group_, 1);
+      kea_type_ = SSLInt_GetKEAType(group_);
+
+      SSLSignatureAndHashAlg signature_scheme = {
+          static_cast<SSLHashType>(signature_scheme_ >> 8),
+          static_cast<SSLSignType>(signature_scheme_ & 0xff)};
+      client_->SetSignatureAlgorithms(&signature_scheme, 1);
+      server_->SetSignatureAlgorithms(&signature_scheme, 1);
+    }
+  }
+
+  virtual void SetupCertificate() {
+    if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+      switch (signature_scheme_) {
+        case kTlsSignatureRsaPkcs1Sha256:
+        case kTlsSignatureRsaPkcs1Sha384:
+        case kTlsSignatureRsaPkcs1Sha512:
+          Reset(TlsAgent::kServerRsaSign);
+          auth_type_ = ssl_auth_rsa_sign;
+          break;
+        case kTlsSignatureRsaPssSha256:
+        case kTlsSignatureRsaPssSha384:
+          Reset(TlsAgent::kServerRsaSign);
+          auth_type_ = ssl_auth_rsa_sign;
+          break;
+        case kTlsSignatureRsaPssSha512:
+          // You can't fit SHA-512 PSS in a 1024-bit key.
+          Reset(TlsAgent::kRsa2048);
+          auth_type_ = ssl_auth_rsa_sign;
+          break;
+        case kTlsSignatureEcdsaSecp256r1Sha256:
+          Reset(TlsAgent::kServerEcdsa256);
+          auth_type_ = ssl_auth_ecdsa;
+          break;
+        case kTlsSignatureEcdsaSecp384r1Sha384:
+          Reset(TlsAgent::kServerEcdsa384);
+          auth_type_ = ssl_auth_ecdsa;
+          break;
+        default:
+          ASSERT_TRUE(false) << "Unsupported signature scheme: "
+                             << signature_scheme_;
+          break;
+      }
+    } else {
+      switch (csinfo_.authType) {
+        case ssl_auth_rsa_sign:
+          Reset(TlsAgent::kServerRsaSign);
+          break;
+        case ssl_auth_rsa_decrypt:
+          Reset(TlsAgent::kServerRsaDecrypt);
+          break;
+        case ssl_auth_ecdsa:
+          Reset(TlsAgent::kServerEcdsa256);
+          break;
+        case ssl_auth_ecdh_ecdsa:
+          Reset(TlsAgent::kServerEcdhEcdsa);
+          break;
+        case ssl_auth_ecdh_rsa:
+          Reset(TlsAgent::kServerEcdhRsa);
+          break;
+        case ssl_auth_dsa:
+          Reset(TlsAgent::kServerDsa);
+          break;
+        default:
+          ASSERT_TRUE(false) << "Unsupported cipher suite: " << cipher_suite_;
+          break;
+      }
+    }
   }
 
   void ConnectAndCheckCipherSuite() {
     Connect();
     SendReceive();
 
     // Check that we used the right cipher suite.
     uint16_t actual;
     EXPECT_TRUE(client_->cipher_suite(&actual) && actual == cipher_suite_);
     EXPECT_TRUE(server_->cipher_suite(&actual) && actual == cipher_suite_);
-  }
-};
-
-class TlsCipherSuiteTest
-    : public TlsCipherSuiteTestBase,
-      public ::testing::WithParamInterface<CipherSuiteProfile> {
- public:
-  TlsCipherSuiteTest()
-      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
-                               std::get<2>(GetParam())) {}
-};
-
-TEST_P(TlsCipherSuiteTest, SingleCipherSuite) {
-  SetupCertificate();
-  EnableSingleCipher();
-  ConnectAndCheckCipherSuite();
-}
-
-class TlsResumptionTest
-    : public TlsCipherSuiteTestBase,
-      public ::testing::WithParamInterface<CipherSuiteProfile> {
- public:
-  TlsResumptionTest()
-      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
-                               std::get<2>(GetParam())) {}
-
-  bool SkipIfCipherSuiteIsDSA() {
-    bool isDSA = csinfo_.authType == ssl_auth_dsa;
-    if (isDSA) {
-      std::cerr << "Skipping DSA suite: " << csinfo_.cipherSuiteName
-                << std::endl;
-    }
-    return isDSA;
+    SSLAuthType auth;
+    EXPECT_TRUE(client_->auth_type(&auth) && auth == auth_type_);
+    EXPECT_TRUE(server_->auth_type(&auth) && auth == auth_type_);
+    SSLKEAType kea;
+    EXPECT_TRUE(client_->kea_type(&kea) && kea == kea_type_);
+    EXPECT_TRUE(server_->kea_type(&kea) && kea == kea_type_);
   }
 
-  void EnablePskCipherSuite() {
-    SSLKEAType targetKea;
-    switch (csinfo_.keaType) {
-      case ssl_kea_ecdh:
-        targetKea = ssl_kea_ecdh_psk;
-        break;
-      case ssl_kea_dh:
-        targetKea = ssl_kea_dh_psk;
-        break;
-      default:
-        EXPECT_TRUE(false) << "Unsupported KEA type for "
-                           << csinfo_.cipherSuiteName;
-        return;
-    }
-
-    size_t count = SSL_GetNumImplementedCiphers();
-    const uint16_t *ciphers = SSL_GetImplementedCiphers();
-    bool found = false;
-    for (size_t i = 0; i < count; ++i) {
-      SSLCipherSuiteInfo candidateInfo;
-      ASSERT_EQ(SECSuccess, SSL_GetCipherSuiteInfo(ciphers[i], &candidateInfo,
-                                                   sizeof(candidateInfo)));
-      if (candidateInfo.authType == ssl_auth_psk &&
-          candidateInfo.keaType == targetKea &&
-          candidateInfo.symCipher == csinfo_.symCipher &&
-          candidateInfo.macAlgorithm == csinfo_.macAlgorithm) {
-        // We aren't able to check that the PRF hash is the same.  This is OK
-        // because there are (currently) no suites that have different PRF
-        // hashes but also use the same symmetric cipher.
-        EXPECT_EQ(SECSuccess,
-                  SSL_CipherPrefSet(client_->ssl_fd(), ciphers[i], PR_TRUE));
-        EXPECT_EQ(SECSuccess,
-                  SSL_CipherPrefSet(server_->ssl_fd(), ciphers[i], PR_TRUE));
-        found = true;
-      }
-    }
-    EXPECT_TRUE(found) << "Can't find matching PSK cipher for "
-                       << csinfo_.cipherSuiteName;
-  }
-};
-
-TEST_P(TlsResumptionTest, ResumeCipherSuite) {
-  if (SkipIfCipherSuiteIsDSA()) {
-    return;  // Tickets don't work with DSA (bug 1174677).
-  }
-
-  SetupCertificate();  // This is only needed once.
-
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  EnableSingleCipher();
-
-  ConnectAndCheckCipherSuite();
-
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  EnableSingleCipher();
-  // Enable a PSK cipher suite, since EnableSingleCipher() disabled all of them.
-  // On resumption in TLS 1.3, even though a PSK cipher suite is negotiated, the
-  // original cipher suite is reported through the API.  That is what makes this
-  // test work without more tweaks.
-  if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
-    EnablePskCipherSuite();
-  }
-
-  ExpectResumption(RESUME_TICKET);
-  ConnectAndCheckCipherSuite();
-}
-
-class TlsCipherLimitTest
-    : public TlsCipherSuiteTestBase,
-      public ::testing::WithParamInterface<CipherSuiteProfile> {
- public:
-  TlsCipherLimitTest()
-      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
-                               std::get<2>(GetParam())) {}
-
- protected:
   // Get the expected limit on the number of records that can be sent for the
   // cipher suite.
   uint64_t record_limit() const {
     switch (csinfo_.symCipher) {
       case ssl_calg_rc4:
       case ssl_calg_3des:
         return 1ULL << 20;
       case ssl_calg_aes:
@@ -227,24 +172,77 @@ class TlsCipherLimitTest
     if (version_ < SSL_LIBRARY_VERSION_TLS_1_1 &&
         (csinfo_.symCipher == ssl_calg_3des ||
          csinfo_.symCipher == ssl_calg_aes)) {
       // 1/n-1 record splitting needs space for two records.
       limit--;
     }
     return limit;
   }
+
+ protected:
+  uint16_t cipher_suite_;
+  SSLAuthType auth_type_;
+  SSLKEAType kea_type_;
+  SSLNamedGroup group_;
+  TlsSignatureScheme signature_scheme_;
+  SSLCipherSuiteInfo csinfo_;
 };
 
+class TlsCipherSuiteTest
+    : public TlsCipherSuiteTestBase,
+      public ::testing::WithParamInterface<CipherSuiteProfile> {
+ public:
+  TlsCipherSuiteTest()
+      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
+                               std::get<2>(GetParam()), std::get<3>(GetParam()),
+                               std::get<4>(GetParam())) {}
+
+ protected:
+  bool SkipIfCipherSuiteIsDSA() {
+    bool isDSA = csinfo_.authType == ssl_auth_dsa;
+    if (isDSA) {
+      std::cerr << "Skipping DSA suite: " << csinfo_.cipherSuiteName
+                << std::endl;
+    }
+    return isDSA;
+  }
+};
+
+TEST_P(TlsCipherSuiteTest, SingleCipherSuite) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+}
+
+TEST_P(TlsCipherSuiteTest, ResumeCipherSuite) {
+  if (SkipIfCipherSuiteIsDSA()) {
+    return;  // Tickets don't work with DSA (bug 1174677).
+  }
+
+  SetupCertificate();  // This is only needed once.
+
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableSingleCipher();
+
+  ConnectAndCheckCipherSuite();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableSingleCipher();
+  ExpectResumption(RESUME_TICKET);
+  ConnectAndCheckCipherSuite();
+}
+
 // This only works for stream ciphers because we modify the sequence number -
 // which is included explicitly in the DTLS record header - and that trips a
 // different error code.  Note that the message that the client sends would not
 // decrypt (the nonce/IV wouldn't match), but the record limit is hit before
 // attempting to decrypt a record.
-TEST_P(TlsCipherLimitTest, ReadLimit) {
+TEST_P(TlsCipherSuiteTest, ReadLimit) {
   SetupCertificate();
   EnableSingleCipher();
   ConnectAndCheckCipherSuite();
   EXPECT_EQ(SECSuccess,
             SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
   EXPECT_EQ(SECSuccess,
             SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last_safe_write()));
 
@@ -267,96 +265,117 @@ TEST_P(TlsCipherLimitTest, ReadLimit) {
                                payload, sizeof(payload), &record,
                                (epoch << 48) | record_limit());
   server_->adapter()->PacketReceived(record);
   server_->ExpectReadWriteError();
   server_->ReadBytes();
   EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, server_->error_code());
 }
 
-TEST_P(TlsCipherLimitTest, WriteLimit) {
+TEST_P(TlsCipherSuiteTest, WriteLimit) {
   SetupCertificate();
   EnableSingleCipher();
   ConnectAndCheckCipherSuite();
   EXPECT_EQ(SECSuccess,
             SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
   client_->SendData(10, 10);
   client_->ExpectReadWriteError();
   client_->SendData(10, 10);
   EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, client_->error_code());
 }
 
 // This awful macro makes the test instantiations easier to read.
-#define INSTANTIATE_CIPHER_TEST_P(name, modes, versions, ...)      \
-  static const uint16_t k##name##CiphersArr[] = {__VA_ARGS__};     \
-  static const ::testing::internal::ParamGenerator<uint16_t>       \
-      k##name##Ciphers = ::testing::ValuesIn(k##name##CiphersArr); \
-  INSTANTIATE_TEST_CASE_P(                                         \
-      CipherSuite##name, TlsCipherSuiteTest,                       \
-      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,     \
-                         TlsConnectTestBase::kTls##versions,       \
-                         k##name##Ciphers));                       \
-  INSTANTIATE_TEST_CASE_P(                                         \
-      Resume##name, TlsResumptionTest,                             \
-      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,     \
-                         TlsConnectTestBase::kTls##versions,       \
-                         k##name##Ciphers));                       \
-  INSTANTIATE_TEST_CASE_P(                                         \
-      Limit##name, TlsCipherLimitTest,                             \
-      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,     \
-                         TlsConnectTestBase::kTls##versions,       \
-                         k##name##Ciphers))
+#define INSTANTIATE_CIPHER_TEST_P(name, modes, versions, groups, sigalgs, ...) \
+  static const uint16_t k##name##CiphersArr[] = {__VA_ARGS__};                 \
+  static const ::testing::internal::ParamGenerator<uint16_t>                   \
+      k##name##Ciphers = ::testing::ValuesIn(k##name##CiphersArr);             \
+  INSTANTIATE_TEST_CASE_P(                                                     \
+      CipherSuite##name, TlsCipherSuiteTest,                                   \
+      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,                 \
+                         TlsConnectTestBase::kTls##versions, k##name##Ciphers, \
+                         groups, sigalgs));
 
-INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, TLS_RSA_WITH_RC4_128_SHA,
+static const SSLNamedGroup kDummyNamedGroupParamsArr[] = {
+    static_cast<SSLNamedGroup>(0)};
+static const auto kDummyNamedGroupParams =
+    ::testing::ValuesIn(kDummyNamedGroupParamsArr);
+static const TlsSignatureScheme kDummySignatureSchemesParamsArr[] = {
+    kTlsSignatureNone};
+static const auto kDummySignatureSchemesParams =
+    ::testing::ValuesIn(kDummySignatureSchemesParamsArr);
+
+static TlsSignatureScheme kSignatureSchemesParamsArr[] = {
+    kTlsSignatureRsaPkcs1Sha256,       kTlsSignatureRsaPkcs1Sha384,
+    kTlsSignatureRsaPkcs1Sha512,       kTlsSignatureEcdsaSecp256r1Sha256,
+    kTlsSignatureEcdsaSecp384r1Sha384, kTlsSignatureRsaPssSha256,
+    kTlsSignatureRsaPssSha384,         kTlsSignatureRsaPssSha512,
+};
+
+INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
+                          kDummySignatureSchemesParams,
+                          TLS_RSA_WITH_RC4_128_SHA,
                           TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
                           TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
                           TLS_ECDH_RSA_WITH_RC4_128_SHA,
                           TLS_ECDHE_RSA_WITH_RC4_128_SHA);
-INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V12, TLS_RSA_WITH_AES_128_GCM_SHA256,
+INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V12, kDummyNamedGroupParams,
+                          kDummySignatureSchemesParams,
+                          TLS_RSA_WITH_AES_128_GCM_SHA256,
                           TLS_RSA_WITH_AES_256_GCM_SHA384,
                           TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
                           TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
                           TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
                           TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
-INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12Plus,
+INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12, kDummyNamedGroupParams,
+                          kDummySignatureSchemesParams,
                           TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                           TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                           TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                           TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
                           TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
                           TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                           TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                           TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
-INSTANTIATE_CIPHER_TEST_P(CBC12, All, V12, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-                          TLS_RSA_WITH_AES_256_CBC_SHA256,
-                          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-                          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-                          TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-                          TLS_RSA_WITH_AES_128_CBC_SHA256,
-                          TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
-                          TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
 INSTANTIATE_CIPHER_TEST_P(
-    CBCStream, Stream, V10ToV12, TLS_ECDH_ECDSA_WITH_NULL_SHA,
+    CBC12, All, V12, kDummyNamedGroupParams, kDummySignatureSchemesParams,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+INSTANTIATE_CIPHER_TEST_P(
+    CBCStream, Stream, V10ToV12, kDummyNamedGroupParams,
+    kDummySignatureSchemesParams, TLS_ECDH_ECDSA_WITH_NULL_SHA,
     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA,
     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_NULL_SHA,
     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA,
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
 INSTANTIATE_CIPHER_TEST_P(
-    CBCDatagram, Datagram, V11V12, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    CBCDatagram, Datagram, V11V12, kDummyNamedGroupParams,
+    kDummySignatureSchemesParams, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
+                          ::testing::ValuesIn(kFasterDHEGroups),
+                          ::testing::ValuesIn(kSignatureSchemesParamsArr),
+                          TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
+                          TLS_AES_256_GCM_SHA384);
+INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
+                          ::testing::ValuesIn(kAllDHEGroups),
+                          ::testing::Values(kTlsSignatureEcdsaSecp384r1Sha384),
+                          TLS_AES_256_GCM_SHA384);
 
 // Fields are: version, cipher suite, bulk cipher name, secretKeySize
 struct SecStatusParams {
   uint16_t version;
   uint16_t cipher_suite;
   std::string name;
   int keySize;
 };
@@ -375,18 +394,19 @@ inline std::ostream &operator<<(std::ost
                 << "\", key size = " << vals.keySize;
 }
 
 class SecurityStatusTest
     : public TlsCipherSuiteTestBase,
       public ::testing::WithParamInterface<SecStatusParams> {
  public:
   SecurityStatusTest()
-      : TlsCipherSuiteTestBase("TLS", GetParam().version,
-                               GetParam().cipher_suite) {}
+      : TlsCipherSuiteTestBase(
+            "TLS", GetParam().version, GetParam().cipher_suite,
+            static_cast<SSLNamedGroup>(0), kTlsSignatureNone) {}
 };
 
 // SSL_SecurityStatus produces fairly useless output when compared to
 // SSL_GetCipherSuiteInfo and SSL_GetChannelInfo, but we can't break it, so we
 // need to check it.
 TEST_P(SecurityStatusTest, CheckSecurityStatus) {
   SetupCertificate();
   EnableSingleCipher();