Ubuntu
nss package

Merge ~lucaskanashiro/ubuntu/+source/nss:merge-focal into ubuntu/+source/nss:ubuntu/devel

Proposed by Lucas Kanashiro on 2019-10-31

Status:

Superseded

Proposed branch:

~lucaskanashiro/ubuntu/+source/nss:merge-focal

Merge into:

ubuntu/+source/nss:ubuntu/devel

Diff against target:

212443 lines (+105527/-55021) (has conflicts)

243 files modified

debian/changelog (+21/-0)
debian/libnss3.symbols (+1/-0)
nss/.hg_archival.txt (+3/-3)
nss/.taskcluster.yml (+1/-1)
nss/Makefile (+1/-0)
nss/automation/abi-check/expected-report-libnss3.so.txt (+31/-2)
nss/automation/abi-check/expected-report-libsmime3.so.txt (+11/-0)
nss/automation/abi-check/expected-report-libssl3.so.txt (+7/-19)
nss/automation/abi-check/previous-nss-release (+1/-1)
nss/automation/release/nspr-version.txt (+1/-1)
nss/automation/taskcluster/docker-gcc-4.4/Dockerfile (+1/-0)
nss/automation/taskcluster/docker-hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc (+143/-0)
nss/automation/taskcluster/docker-hacl/Dockerfile (+2/-1)
nss/automation/taskcluster/docker-hacl/setup.sh (+7/-3)
nss/automation/taskcluster/graph/src/extend.js (+127/-28)
nss/automation/taskcluster/graph/src/queue.js (+9/-1)
nss/automation/taskcluster/graph/src/try_syntax.js (+12/-1)
nss/automation/taskcluster/scripts/build.sh (+6/-0)
nss/automation/taskcluster/scripts/build_gyp.sh (+7/-1)
nss/automation/taskcluster/scripts/build_nspr.sh (+6/-0)
nss/automation/taskcluster/scripts/build_softoken.sh (+3/-2)
nss/automation/taskcluster/scripts/check_abi.sh (+6/-0)
nss/automation/taskcluster/scripts/gen_coverage_report.sh (+6/-0)
nss/automation/taskcluster/scripts/run_coverity.sh (+7/-1)
nss/automation/taskcluster/scripts/run_scan_build.sh (+6/-0)
nss/automation/taskcluster/windows/build.sh (+6/-0)
nss/automation/taskcluster/windows/build_gyp.sh (+7/-1)
nss/build.sh (+70/-40)
nss/cmd/addbuiltin/addbuiltin.c (+62/-27)
nss/cmd/httpserv/httpserv.c (+1/-1)
nss/cmd/lib/Makefile (+1/-0)
nss/cmd/lib/derprint.c (+3/-1)
nss/cmd/lib/lib.gyp (+2/-1)
nss/cmd/lib/manifest.mn (+2/-0)
nss/cmd/lib/pk11table.c (+2/-0)
nss/cmd/lib/secpwd.c (+1/-1)
nss/cmd/lib/secutil.c (+208/-28)
nss/cmd/lib/secutil.h (+14/-0)
nss/cmd/p7env/p7env.c (+2/-2)
nss/cmd/pk11importtest/pk11importtest.c (+3/-1)
nss/cmd/pk11mode/pk11mode.c (+1/-1)
nss/cmd/pk12util/pk12util.c (+1/-0)
nss/cmd/platlibs.mk (+2/-2)
nss/cmd/selfserv/selfserv.c (+36/-6)
nss/cmd/shlibsign/shlibsign.c (+1/-1)
nss/cmd/strsclnt/strsclnt.c (+34/-7)
nss/cmd/symkeyutil/symkeyutil.c (+1/-1)
nss/cmd/tstclnt/tstclnt.c (+38/-3)
nss/cmd/vfyserv/vfyserv.c (+6/-1)
nss/coreconf/UNIX.mk (+1/-3)
nss/coreconf/WIN32.mk (+3/-10)
nss/coreconf/config.gypi (+1/-0)
nss/coreconf/nspr.sh (+18/-3)
nss/cpputil/freebl_scoped_ptrs.h (+33/-0)
nss/cpputil/nss_scoped_ptrs.h (+18/-17)
nss/cpputil/scoped_ptrs_util.h (+5/-0)
nss/cpputil/tls_parser.h (+1/-0)
nss/fuzz/fuzz.gyp (+1/-0)
nss/gtests/common/testvectors/curve25519-vectors.h (+63/-3)
nss/gtests/common/testvectors/kw-vectors.h (+1940/-0)
nss/gtests/der_gtest/der_quickder_unittest.cc (+38/-13)
nss/gtests/freebl_gtest/cmac_unittests.cc (+187/-0)
nss/gtests/freebl_gtest/freebl_gtest.gyp (+2/-0)
nss/gtests/freebl_gtest/mpi_unittest.cc (+1/-1)
nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp (+1/-0)
nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp (+4/-2)
nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp (+50/-0)
nss/gtests/pk11_gtest/manifest.mn (+5/-1)
nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc (+91/-0)
nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc (+60/-49)
nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc (+90/-100)
nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc (+415/-0)
nss/gtests/pk11_gtest/pk11_cbc_unittest.cc (+217/-0)
nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc (+67/-23)
nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc (+67/-15)
nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc (+5/-0)
nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h (+32/-0)
nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc (+311/-111)
nss/gtests/pk11_gtest/pk11_gtest.gyp (+8/-2)
nss/gtests/pk11_gtest/pk11_import_unittest.cc (+25/-141)
nss/gtests/pk11_gtest/pk11_key_unittest.cc (+80/-0)
nss/gtests/pk11_gtest/pk11_keygen.cc (+143/-0)
nss/gtests/pk11_gtest/pk11_keygen.h (+34/-0)
nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc (+71/-0)
nss/gtests/pk11_gtest/pk11_signature_test.h (+3/-0)
nss/gtests/softoken_gtest/manifest.mn (+10/-1)
nss/gtests/softoken_gtest/softoken_gtest.cc (+187/-0)
nss/gtests/softoken_gtest/softoken_gtest.gyp (+6/-0)
nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc (+124/-0)
nss/gtests/ssl_gtest/libssl_internals.c (+19/-0)
nss/gtests/ssl_gtest/libssl_internals.h (+2/-1)
nss/gtests/ssl_gtest/manifest.mn (+1/-0)
nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc (+41/-0)
nss/gtests/ssl_gtest/ssl_auth_unittest.cc (+153/-8)
nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc (+2/-2)
nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc (+241/-0)
nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc (+19/-0)
nss/gtests/ssl_gtest/ssl_extension_unittest.cc (+1/-1)
nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc (+1/-1)
nss/gtests/ssl_gtest/ssl_gtest.gyp (+1/-0)
nss/gtests/ssl_gtest/ssl_record_unittest.cc (+36/-0)
nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc (+3/-2)
nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc (+23/-0)
nss/gtests/ssl_gtest/ssl_resumption_unittest.cc (+105/-13)
nss/gtests/ssl_gtest/tls_agent.cc (+21/-17)
nss/gtests/ssl_gtest/tls_agent.h (+7/-6)
nss/gtests/ssl_gtest/tls_esni_unittest.cc (+1/-1)
nss/gtests/ssl_gtest/tls_subcerts_unittest.cc (+243/-33)
nss/help.txt (+6/-0)
nss/lib/certdb/certdb.c (+6/-20)
nss/lib/certdb/certt.h (+15/-0)
nss/lib/certdb/stanpcertdb.c (+11/-12)
nss/lib/certhigh/certvfy.c (+43/-23)
nss/lib/ckfw/builtins/README (+62/-1)
nss/lib/ckfw/builtins/certdata.txt (+313/-630)
nss/lib/ckfw/builtins/manifest.mn (+2/-0)
nss/lib/ckfw/builtins/nssckbi.h (+2/-2)
nss/lib/ckfw/builtins/testlib/Makefile (+52/-0)
nss/lib/ckfw/builtins/testlib/builtins-testlib.gyp (+64/-0)
nss/lib/ckfw/builtins/testlib/certdata-testlib.txt (+479/-0)
nss/lib/ckfw/builtins/testlib/config.mk (+38/-0)
nss/lib/ckfw/builtins/testlib/manifest.mn (+25/-0)
nss/lib/ckfw/builtins/testlib/nssckbi-testlib.rc (+52/-0)
nss/lib/ckfw/builtins/testlib/testcert_err_distrust.txt (+50/-0)
nss/lib/ckfw/builtins/testlib/testcert_no_distrust.txt (+50/-0)
nss/lib/ckfw/builtins/testlib/testcert_ok_distrust.txt (+50/-0)
nss/lib/ckfw/manifest.mn (+1/-1)
nss/lib/freebl/Makefile (+29/-1)
nss/lib/freebl/aes-armv8.c (+1168/-0)
nss/lib/freebl/aes-armv8.h (+103/-0)
nss/lib/freebl/aeskeywrap.c (+2/-1)
nss/lib/freebl/blapi.h (+1/-0)
nss/lib/freebl/blinit.c (+49/-1)
nss/lib/freebl/chacha20poly1305.c (+5/-0)
nss/lib/freebl/cmac.c (+322/-0)
nss/lib/freebl/cmac.h (+47/-0)
nss/lib/freebl/ctr.c (+12/-0)
nss/lib/freebl/drbg.c (+90/-9)
nss/lib/freebl/ec.c (+1/-1)
nss/lib/freebl/ecl/curve25519_32.c (+4/-0)
nss/lib/freebl/exports.gyp (+1/-0)
nss/lib/freebl/freebl.gyp (+68/-0)
nss/lib/freebl/freebl_base.gypi (+1/-0)
nss/lib/freebl/gcm-aarch64.c (+96/-0)
nss/lib/freebl/gcm.c (+27/-2)
nss/lib/freebl/gcm.h (+6/-0)
nss/lib/freebl/intel-aes.h (+3/-3)
nss/lib/freebl/intel-gcm-wrap.c (+31/-0)
nss/lib/freebl/ldvector.c (+10/-1)
nss/lib/freebl/loader.c (+51/-0)
nss/lib/freebl/loader.h (+15/-1)
nss/lib/freebl/manifest.mn (+3/-0)
nss/lib/freebl/mpi/README (+1/-0)
nss/lib/freebl/mpi/mpcpucache.c (+1/-1)
nss/lib/freebl/mpi/mpi.c (+30/-12)
nss/lib/freebl/mpi/mpi.h (+10/-1)
nss/lib/freebl/pqg.c (+4/-4)
nss/lib/freebl/rijndael.c (+17/-4)
nss/lib/freebl/rsapkcs.c (+13/-10)
nss/lib/freebl/seed.c (+26/-7)
nss/lib/freebl/verified/FStar.c (+1/-1)
nss/lib/freebl/verified/FStar.h (+1/-1)
nss/lib/freebl/verified/Hacl_Chacha20.c (+1/-1)
nss/lib/freebl/verified/Hacl_Chacha20.h (+1/-1)
nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c (+1/-1)
nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h (+1/-1)
nss/lib/freebl/verified/Hacl_Curve25519.c (+1/-1)
nss/lib/freebl/verified/Hacl_Curve25519.h (+1/-1)
nss/lib/freebl/verified/Hacl_Poly1305_32.c (+1/-1)
nss/lib/freebl/verified/Hacl_Poly1305_32.h (+1/-1)
nss/lib/freebl/verified/Hacl_Poly1305_64.c (+1/-1)
nss/lib/freebl/verified/Hacl_Poly1305_64.h (+1/-1)
nss/lib/freebl/verified/kremlib.h (+1/-1)
nss/lib/freebl/verified/kremlib_base.h (+1/-1)
nss/lib/freebl/verified/vec128.h (+1/-1)
nss/lib/jar/jarfile.c (+26/-18)
nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c (+3/-2)
nss/lib/mozpkix/include/pkix/pkixder.h (+11/-0)
nss/lib/mozpkix/lib/pkixcert.cpp (+7/-12)
nss/lib/mozpkix/test-lib/pkixtestnss.cpp (+6/-5)
nss/lib/nss/nss.def (+7/-1)
nss/lib/nss/nss.h (+2/-2)
nss/lib/pk11wrap/debug_module.c (+2/-0)
nss/lib/pk11wrap/pk11cert.c (+87/-0)
nss/lib/pk11wrap/pk11load.c (+4/-6)
nss/lib/pk11wrap/pk11mech.c (+4/-0)
nss/lib/pk11wrap/pk11pk12.c (+4/-0)
nss/lib/pk11wrap/pk11pub.h (+8/-0)
nss/lib/pki/pki3hack.c (+42/-13)
nss/lib/smime/cmssiginfo.c (+82/-25)
nss/lib/softoken/fipstokn.c (+24/-4)
nss/lib/softoken/legacydb/lgattr.c (+1/-1)
nss/lib/softoken/pkcs11.c (+18/-8)
nss/lib/softoken/pkcs11c.c (+323/-69)
nss/lib/softoken/pkcs11i.h (+2/-2)
nss/lib/softoken/pkcs11u.c (+5/-18)
nss/lib/softoken/sdb.c (+1/-1)
nss/lib/softoken/softkver.h (+2/-2)
nss/lib/softoken/tlsprf.c (+1/-1)
nss/lib/sqlite/Makefile (+2/-0)
nss/lib/sqlite/README (+1/-1)
nss/lib/sqlite/sqlite.gyp (+9/-1)
nss/lib/sqlite/sqlite3.c (+90169/-52437)
nss/lib/sqlite/sqlite3.h (+3773/-611)
nss/lib/ssl/ssl3con.c (+283/-154)
nss/lib/ssl/ssl3ext.c (+3/-0)
nss/lib/ssl/ssl3exthandle.c (+8/-3)
nss/lib/ssl/sslexp.h (+39/-0)
nss/lib/ssl/sslimpl.h (+10/-6)
nss/lib/ssl/sslsock.c (+115/-0)
nss/lib/ssl/sslt.h (+7/-1)
nss/lib/ssl/tls13con.c (+23/-16)
nss/lib/ssl/tls13esni.c (+1/-1)
nss/lib/ssl/tls13subcerts.c (+184/-11)
nss/lib/util/nssutil.h (+2/-2)
nss/lib/util/pkcs11n.h (+2/-0)
nss/lib/util/pkcs11t.h (+3/-0)
nss/lib/util/quickder.c (+1/-1)
nss/lib/util/utilmod.c (+4/-1)
nss/mach (+11/-3)
nss/nss.gyp (+3/-0)
nss/tests/all.sh (+3/-9)
nss/tests/cert/cert.sh (+1/-1)
nss/tests/common/certsetup.sh (+9/-2)
nss/tests/common/cleanup.sh (+9/-2)
nss/tests/fips/cavs_scripts/aes.sh (+2/-0)
nss/tests/fips/cavs_scripts/aesgcm.sh (+2/-0)
nss/tests/fips/cavs_scripts/dsa.sh (+2/-0)
nss/tests/fips/cavs_scripts/ecdsa.sh (+2/-0)
nss/tests/fips/cavs_scripts/hmac.sh (+3/-0)
nss/tests/fips/cavs_scripts/ike.sh (+2/-0)
nss/tests/fips/cavs_scripts/kas.sh (+2/-0)
nss/tests/fips/cavs_scripts/rng.sh (+3/-0)
nss/tests/fips/cavs_scripts/rsa.sh (+2/-0)
nss/tests/fips/cavs_scripts/sha.sh (+2/-0)
nss/tests/fips/cavs_scripts/tdea.sh (+2/-0)
nss/tests/fips/cavs_scripts/tls.sh (+3/-0)
nss/tests/policy/policy.sh (+1/-1)
nss/tests/smime/smime.sh (+213/-22)
nss/tests/ssl/ssl.sh (+64/-9)
nss/tests/ssl_gtests/ssl_gtests.sh (+1/-0)
nss/tests/tlsfuzzer/config.json.in (+20/-0)
nss/tests/tlsfuzzer/tlsfuzzer.sh (+3/-3)

Conflict in debian/changelog

Related bugs:

Bug #1744328: libfreebl3.so should be public, not in the nss subdir	Undecided	Fix Released
Bug #1837734: libnss3 reads fips_enabled flag and automatically switches to FIPS mode	High	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Canonical Server	2019-10-31	Pending
Canonical Server Core Reviewers	2019-10-31	Pending
Review via email: mp+374996@code.launchpad.net

This proposal has been superseded by a proposal from 2019-11-04.

Description of the change

Merge version 2:3.47-1 from Debian. The delta from version 2:3.45-1ubuntu2 was applied on top of this new release:

* d/libnss3.links: make freebl3 available as library
* d/control: add dh-exec to Build-Depends
* d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
* Disable reading fips_enabled flag in FIPS mode. libnss is not a FIPS certified library.

According to upstream release notes the library in this new release is compatible with the version we have in the archive, so the version bump should not be a problem.

Unmerged commits

3d3a453... by Lucas Kanashiro on 2019-10-31

update-maintainer

21cd5df... by Lucas Kanashiro on 2019-10-31

reconstruct-changelog

fb66659... by Lucas Kanashiro on 2019-10-31

merge-changelogs

40d0445... by Lucas Kanashiro on 2019-10-31

- Disable reading fips_enabled flag in FIPS mode. libnss is
not a FIPS certified library. (LP: #1837734)

4ad6ffe... by Lucas Kanashiro on 2019-10-31

- d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)

b59cfb2... by Lucas Kanashiro on 2019-10-31

- d/control: add dh-exec to Build-Depends

459c5ba... by Lucas Kanashiro on 2019-10-31

- d/libnss3.links: make freebl3 available as library (LP: #1744328)

02f7959... by Mike Hommey <email address hidden> on 2019-10-23

Import patches-unapplied version 2:3.47-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f4b87b1e16a7e93b79bb7b251d3b51f01766f2ae

New changelog entries:
* New upstream release.
* debian/libnss3.symbols: Add NSS_3_47 symbol version.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Lucas Kanashiro

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index 27fda7e..7e08155 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,24 @@
++<<<<<<< debian/changelog
++=======
++nss (2:3.47-1ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/libnss3.links: make freebl3 available as library (LP #1744328)
++    - d/control: add dh-exec to Build-Depends
++    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
++    - Disable reading fips_enabled flag in FIPS mode. libnss is
++      not a FIPS certified library. (LP #1837734)
++
++ -- Lucas Kanashiro <lucas.kanashiro@canonical.com>  Thu, 31 Oct 2019 16:18:35 -0300
++
++nss (2:3.47-1) unstable; urgency=medium
++
++  * New upstream release.
++  * debian/libnss3.symbols: Add NSS_3_47 symbol version.
++
++ -- Mike Hommey <glandium@debian.org>  Wed, 23 Oct 2019 11:19:59 +0900
++
++>>>>>>> debian/changelog
  nss (2:3.45-1ubuntu2) eoan; urgency=medium
    * Disable reading fips_enabled flag in FIPS mode. libnss is
 diff --git a/debian/libnss3.symbols b/debian/libnss3.symbols
 index e4da3e8..4bc778e 100644
 --- a/debian/libnss3.symbols
 +++ b/debian/libnss3.symbols
@@ -59,6 +59,7 @@ libnss3.so libnss3 #MINVER#
   (symver)NSS_3.43 2:3.44.0
   (symver)NSS_3.44 2:3.44.0
   (symver)NSS_3.45 2:3.45
++ (symver)NSS_3.47 2:3.47
   (symver)NSS_3.5 2:3.13.4-2~
   (symver)NSS_3.6 2:3.13.4-2~
   (symver)NSS_3.7 2:3.13.4-2~
 diff --git a/nss/.hg_archival.txt b/nss/.hg_archival.txt
 index 7c3f115..032d2c2 100644
 --- a/nss/.hg_archival.txt
 +++ b/nss/.hg_archival.txt
@@ -1,4 +1,4 @@
  repo: 9949429068caa6bb8827a8ceeaa7c605d722f47f
--node: 93ad9d963f4c773ea210b20af50198331ccd8639
--branch: NSS_3_45_BRANCH
--tag: NSS_3_45_RTM
++node: 7ccb4ade557739620b060c173d8660c502e53034
++branch: NSS_3_47_BRANCH
++tag: NSS_3_47_RTM
 diff --git a/nss/.taskcluster.yml b/nss/.taskcluster.yml
 index 4d5117e..05bade9 100644
 --- a/nss/.taskcluster.yml
 +++ b/nss/.taskcluster.yml
@@ -55,7 +55,7 @@ tasks:
          image: djmitche/nss-decision:0.0.3
          env:
--          TC_OWNER: "${push.owner}"
++          TC_OWNER: "${ownerEmail}"
            TC_SOURCE: "${repository.url}"
            TC_PROJECT: ${repository.project}
            TC_SCHEDULER_ID: "${schedulerId}"
 diff --git a/nss/Makefile b/nss/Makefile
 index 4a80ebd..2dc8de1 100644
 --- a/nss/Makefile
 +++ b/nss/Makefile
@@ -135,6 +135,7 @@ endif
  build_nspr: $(NSPR_CONFIG_STATUS)
  	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
++	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
  install_nspr: build_nspr
  	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
 diff --git a/nss/automation/abi-check/expected-report-libnss3.so.txt b/nss/automation/abi-check/expected-report-libnss3.so.txt
 index 76d0de6..ee06510 100644
 --- a/nss/automation/abi-check/expected-report-libnss3.so.txt
 +++ b/nss/automation/abi-check/expected-report-libnss3.so.txt
@@ -1,4 +1,33 @@
--
 Added function:
--  'function SECStatus PK11_FindRawCertsWithSubject(PK11SlotInfo*, SECItem*, CERTCertificateList**)'    {PK11_FindRawCertsWithSubject@@NSS_3.45}
++  'function CERTCertList* PK11_GetCertsMatchingPrivateKey(SECKEYPrivateKey*)'    {PK11_GetCertsMatchingPrivateKey@@NSS_3.47}
++
++3 functions with some indirect sub-type change:
++
++  [C]'function SECStatus CERT_AddCertToListHead(CERTCertList*, CERTCertificate*)' at certdb.c:2631:1 has some indirect sub-type changes:
++    parameter 2 of type 'CERTCertificate*' has sub-type changes:
++      in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
++        underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
++          type size changed from 6016 to 6080 (in bits)
++          1 data member insertion:
++            'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
++          no data member changes (2 filtered);
++
++  [C]'function SECStatus CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle*, CERTCertificate*, PRTime, const SECItem*, void*)' at ocsp.c:5102:1 has some indirect sub-type changes:
++    parameter 2 of type 'CERTCertificate*' has sub-type changes:
++      in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
++        underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
++          type size changed from 6016 to 6080 (in bits)
++          1 data member insertion:
++            'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
++          no data member change (1 filtered);
++
++  [C]'function CERTCertificateList* CERT_CertChainFromCert(CERTCertificate*, SECCertUsage, PRBool)' at certhigh.c:1030:1 has some indirect sub-type changes:
++    parameter 1 of type 'CERTCertificate*' has sub-type changes:
++      in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
++        underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
++          type size changed from 6016 to 6080 (in bits)
++          1 data member insertion:
++            'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
++          no data member changes (2 filtered);
++
 diff --git a/nss/automation/abi-check/expected-report-libsmime3.so.txt b/nss/automation/abi-check/expected-report-libsmime3.so.txt
 index e69de29..b57a98a 100644
 --- a/nss/automation/abi-check/expected-report-libsmime3.so.txt
 +++ b/nss/automation/abi-check/expected-report-libsmime3.so.txt
@@ -0,0 +1,11 @@
++1 function with some indirect sub-type change:
++
++  [C]'function CERTCertificate* CERT_ConvertAndDecodeCertificate(char*)' at certread.c:219:1 has some indirect sub-type changes:
++    return type changed:
++      in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
++        underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
++          type size changed from 6016 to 6080 (in bits)
++          1 data member insertion:
++            'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
++
++
 diff --git a/nss/automation/abi-check/expected-report-libssl3.so.txt b/nss/automation/abi-check/expected-report-libssl3.so.txt
 index 9f2f796..2c3aff4 100644
 --- a/nss/automation/abi-check/expected-report-libssl3.so.txt
 +++ b/nss/automation/abi-check/expected-report-libssl3.so.txt
@@ -1,22 +1,10 @@
++1 function with some indirect sub-type change:
--2 functions with some indirect sub-type change:
--
--  [C]'function SECStatus SSL_ConfigServerCert(PRFileDesc*, CERTCertificate*, SECKEYPrivateKey*, const SSLExtraServerCertData*, unsigned int)' at sslcert.c:640:1 has some indirect sub-type changes:
--    parameter 4 of type 'const SSLExtraServerCertData*' has sub-type changes:
--      in pointed to type 'const SSLExtraServerCertData':
--        in unqualified underlying type 'typedef SSLExtraServerCertData' at sslt.h:291:1:
--          underlying type 'struct SSLExtraServerCertDataStr' at sslt.h:256:1 changed:
--            type size changed from 256 to 384 (in bits)
--            2 data member insertions:
--              'const SECItem* SSLExtraServerCertDataStr::delegCred', at offset 256 (in bits) at sslt.h:283:1
--              'const SECKEYPrivateKey* SSLExtraServerCertDataStr::delegCredPrivKey', at offset 320 (in bits) at sslt.h:290:1
--
--  [C]'function SECStatus SSL_GetChannelInfo(PRFileDesc*, SSLChannelInfo*, PRUintn)' at sslinfo.c:13:1 has some indirect sub-type changes:
--    parameter 2 of type 'SSLChannelInfo*' has sub-type changes:
--      in pointed to type 'typedef SSLChannelInfo' at sslt.h:357:1:
--        underlying type 'struct SSLChannelInfoStr' at sslt.h:272:1 changed:
--          type size hasn't changed
++  [C]'function SECStatus NSS_CmpCertChainWCANames(CERTCertificate*, CERTDistNames*)' at cmpcert.c:25:1 has some indirect sub-type changes:
++    parameter 1 of type 'CERTCertificate*' has sub-type changes:
++      in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
++        underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
++          type size changed from 6016 to 6080 (in bits)
 data member insertion:
--            'PRBool SSLChannelInfoStr::peerDelegCred', at offset 928 (in bits) at sslt.h:353:1
--
++            'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
 diff --git a/nss/automation/abi-check/previous-nss-release b/nss/automation/abi-check/previous-nss-release
 index c6d6c97..3215111 100644
 --- a/nss/automation/abi-check/previous-nss-release
 +++ b/nss/automation/abi-check/previous-nss-release
@@ -1 +1 @@
--NSS_3_44_BRANCH
++NSS_3_46_BRANCH
 diff --git a/nss/automation/release/nspr-version.txt b/nss/automation/release/nspr-version.txt
 index b91871c..7ae4833 100644
 --- a/nss/automation/release/nspr-version.txt
 +++ b/nss/automation/release/nspr-version.txt
@@ -1,4 +1,4 @@
--4.21
++4.23
  # The first line of this file must contain the human readable NSPR
  # version number, which is the minimum required version of NSPR
 diff --git a/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile b/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
 index 6953832..55344e5 100644
 --- a/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
 +++ b/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
@@ -9,6 +9,7 @@ RUN apt-get update \
      gcc-4.4 \
      locales \
      make \
++    patch \
      mercurial \
      zlib1g-dev \
   && rm -rf /var/lib/apt/lists/* \
 diff --git a/nss/automation/taskcluster/docker-hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc b/nss/automation/taskcluster/docker-hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc
 new file mode 100644
 index 0000000..513dcd4
 --- /dev/null
 +++ b/nss/automation/taskcluster/docker-hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc
@@ -0,0 +1,143 @@
++-----BEGIN PGP PUBLIC KEY BLOCK-----
++
++mQINBFS+1SABEACnmkESkY7eZq0GhDjbkWpKmURGk9+ycsfAhA44NqUvf4tk1GPM
++5SkJ/fYedYZJaDVhIp98fHgucD0O+vjOzghtgwtITusYjiPHPFBd/MN+MQqSEAP+
++LUa/kjHLjgyXxKhFUIDGVaDWL5tKOA7/AQKl1TyJ8lz89NHQoUHFsF/hu10+qhJe
++V65d32MXFehIUSvegh8DrPuExrliSiORO4HOhuc6151dWA4YBWVg4rX5kfKrGMMT
++pTWnSSZtgoRhkKW2Ey8cmZUqPuUJIfWyeNVu1e4SFtAivLvu/Ymz2WBJcNA1ZlTr
++RCOR5SIRgZ453pQnI/Bzna2nnJ/TV1gGJIGRahj/ini0cs2x1CILfS/YJQ3rWGGo
++OxwG0BVmPk0cmLVtyTq8gUPwxcPUd6WcBKhot3TDMlrffZACnQwQjlVjk5S1dEEz
++atUfpEuNitU9WOM4jr/gjv36ZNCOWm95YwLhsuci/NddBN8HXhyvs+zYTVZEXa2W
++l/FqOdQsQqZBcJjjWckGKhESdd7934+cesGD3O8KaeSGxww7slJrS0+6QJ8oBoAB
++P/WCn/y2AiY2syEKp3wYIGJyAbsm542zMZ4nc7pYfSu49mcyhQQICmqN5QvOyYUx
++OSqwbAOUNtlOyeRLZNIKoXtTqWDEu5aEiDROTw6Rkq+dIcxPNgOLdeQ3HwARAQAB
++tCFIYW5zIFdlbm5ib3JnIDxoYW5zQGNocm9taXVtLm9yZz6JARwEEAECAAYFAlT2
++MQAACgkQVfXNcLtaBWnDKgf/fjusXk+kh1zuyn5eOCe16+2vV1lmXZrDIGdJtXDW
++ZtHKele1Yv1BA3kUi5tKQi+VOOrvHL0+TMjFWFiCy1sYJS9qgkS08kReI2nAnhZ7
++INdqEVxtVk1TTOhtYjOPy6txwujoICuPv5F4rHVhn1LPKGTLtYD2LOwf/8eKYQox
++51gaJ8dNxpcHE/iFOIDXdebJPufo3EhqDRihchxb8AVLhrNss7pGGG/tVfichmHK
++djPT2KfSh14pq1ahFOz0zH4nmTu7CCLnLAdRBHuhL8HVDbi0vKBtCiSmQggdxvoj
++u+hpXiiDFQoCjLh0zVCwtFqWDZbnKMTBNNF26aTmQ+2fiYkBMwQQAQgAHRYhBB/m
++NI7eqCWiKXDlxI3TBA8SPMP0BQJbcLU1AAoJEI3TBA8SPMP021sH/jD1m7azNCN6
++DVL1iDJT6uIIYCTylygH5XI46CRoWaz/LwdFnUqWHHTcQxJ5pIkWV9KF+SIgMT42
++brdZZmNvvSdX0odjFKqj5UR6w+wDN+uZ6Q40zu4pNoNzbk7pRpbFf1XIfGB1liyu
++m28EJ58IXu/0AV7FiDAHGGBqppK/cwQN8pGLwmz1n6YELtXeFmtOGnusO6iLYOE7
++3ByFCCqJB6twT5+7dDqFYqqQJgQ6jDTy19dDZ1vDhDttL+2Rn0OYXqPw7gy/1D2p
++Y1cM9PgPBsR4EXhbtV0uKUNomk8tM/HnGMFT0KirI/tSwEP3v9g5YH992mrvNuIV
++TkyQn0jGeMeJATMEEAEIAB0WIQRswFHTwdmkr54mDFjT45SsdE4uuwUCW3haCQAK
++CRDT45SsdE4uu4JjCACppkreiMrpJSREKbUscdOvFxFRYzkTFeSCwX9Ih7r5ENpa
++zjczfIqCCfWzioV6y4K0V04y8CXt/5S5a9vfW801pBUdF9nG4X8YbUn/xSe+8A9m
++MsfDjMNcF7Cp5czVoSS4/4oHm9mQUMYQsn3AwwCPDKFORRRv5Eb0om9JawKtt++7
++ZW0fOgDkvOCm14SN0UtVc4mxTx6iyxdMDgrKinBZVjxEh5oeqUyXh5TYM+XyWFVh
++/gDUvUWwLI0GUWNTyOyUQU1oPVp+sWqrEe1BXLVCKFVWaSTtgJtJ5FyP+z2uzRcv
++aanPOj/ohHAo8VBq9QbefYVAkShNBEuJkATnXhcGiQEzBBABCAAdFiEEvlzFWRM6
++4JjNAb2a+j2ZL9Cqr7wFAlkBCcIACgkQ+j2ZL9Cqr7yB9AgArj+0+i0DCo1nm4MF
++TLnW1Y9GF/Hq/mBva1MhkT0j3BzENK3xgqrqac8KqupsporNEmJ0ZbZzilJdZImb
++o4X5BFdmmnjMiGaH6GAiPqRBBHGvLV2r2pG467J4tOMWO3XipFRf7FibbfhAU1lV
++/GLWYTSwLqwWwBE8u5rriEvDngWUJw2Yd4Yqwduef7O6F+JfsGPRXFomR3387II0
++8AXo/C+P5cl64llaxV6BmkJhQ6ydL0/KwSkHVdlXugk1sPtV/qOyPQ5L1Ibqbsvh
++lLq/jhHlUUNLFjlQ2lrS9bhHGw9OIHTMJvS8RDrk0yAmoHAyRWNgbFN7aA62vBhq
++pcUVzokBMwQQAQgAHRYhBPZ+fW6ADyQOg+vIZ/9qyaZGTfCcBQJa+ZAwAAoJEP9q
++yaZGTfCcKMgH/jRxGfYhhGnlMnDLAEpYC+TGSDLMgmg9cOZbonqyMv+7Kts+pV03
++KUr9SPV+VtGtOxRNiqwFt6V2MHcwPJfTXuH/bBW/HCCpr6UlOVWqIiCNK0Gnpcj5
++rRt5unjG9CwsgyaK9QPI8bGin/c6m8BjwmEdfJ01ATLiUb8WuDHQy9OCyrEAnzSq
++FD5ZtFmAFxvzm2x1nwb5HPuqkOqbRatp8aRJzTxIeSJPpgLw0PawHKGN3Ckp7REc
++g26P1spkPe7SIVRsobH3al4uw7mgs7wiDWN3t8CdmuHAzmB2UrsR84JMTb45GboO
++Bc1CX8xZcHyNaDEpyWHav+P8nZqwfBm+cLiJAjMEEAEIAB0WIQSawVDb4dGOtiX0
+++gWyD0lU8+/LPwUCW/4O9QAKCRCyD0lU8+/LPyI7EACWtj0GEb1VT02gKwtKwgFn
++RJ2pz8vYm188wgJwCJaL04d2D/VwE0jMvmfH80hSKgSLPAVMG06RIOb/tGhHsQKU
++zBlHiAFmfjlJo1FC/Mp44RrERRsFAWBg0/URIs4vP8+5Vl+5m70sZrQpKeq+6TLM
++1dQ0Ohz+QkQ04Z+DTroChWU8/7Uw0E3CqGGKYqPvDh54T1q4s8FoN0no8ZUlt/O+
++r/3c7awr85ZnxqtnHIcuMbVyIZ+gOqXdrLa85yZITsh4zQrjYuyTEg7dpziReyiZ
+++rkpdIdFKl8YeD+d0JWzVm7kq9D4K3+x9C509z0IgJUT3bhsX/N0Yf/QUtUW5oxI
++T7fod86B/Q2M7zBTttFhd1vAjiSjEalK48SjTzWqTDYVIkea1+f1kZK5A0QlthqG
++P2zy5GUjZVzOiCSOhyEOvAorU3zKD2s84VFKlayZEqlHJh8u5U59TWBdkW3qZUJd
++ewW31xt0s8IovYSgOwX3wbsClQs6eVwNuCZT2yQAgAyXA5iFztBvDRQ0qmetvzV2
++Ay9SrjvkQ3qr/eZmbMErEwEUxIO4b1rctCQ6jcbyVxMTAZAfaDoVKWEMXNiF2KSw
++F9SSzGPIZDgiEXUlgaJBlUIYSFxrPuE+da0CM5RixyYIinU6AER6crl9C4C9XL6a
++u3jf+5MTGxviRGn2oQzSCYkCMwQQAQgAHRYhBKeHFU4z7cw4HFbYuaxFYRTTj42I
++BQJboq6kAAoJEKxFYRTTj42IWIAP/3rc9GjDTM4nI6Oi4OzLkwm/I2Vr7LUKG8oX
++8E4Nj3amvNGupzGySjB+vrM6APrMSScXunvM0f19LV84EnNrUQ3KFZcSC6r5WC0B
++2+TVRYGpY+6R9AQpqnuxicW0sa/AlV9WSEb4fDavCel2nW0arH4wkkCzTThUxoBB
++X4I9nf4ZzGoUnnDAwTD9rN0gpI6Td/7faa3t99dRLb6AHJ1KhvyiiV3lr0xtTssD
++xVHo0SpzQTnOcRJnYf/2rTny8bVfROPWieh6HuEiP7SxT1HyeTr4WSAjSCoG95O2
++b3OgSMl0Z82FRMoJYmxID/V5YqH7015SjCxKdYhEZVp9YwWruEJIH8r6MGbWYNAl
++REnyDvfGzAF0L0+gAUymDRmtp1jeXLo+HmLgVEUWegafs1TPfCWS/H9n10Upjmuq
++akituzacz6Kjleq9qbnl81Xmh4AKmOILRwE7Pmcbl8HATOrmi5EaKffjMdWFzOWh
++3U4/VsNDujqSTXD88EjGcpLiIiYefGy0sURJbIMTkfXVt3ruHLyuvhsRE/2QEAi7
++gWB0zuBV8iGBaag+6RQkxGdpemPiogzuDijqZHoUXlp7Q6IYLanXeweyivdrSyTB
++4HOECDbWEPZwk6tCxnuklW5iJndxBmxjSxefIMGU7G2JS9quppCVFCrKUjIWnf7b
++gXnNji5JiQIzBBABCAAdFiEExZuSbLy7rtFhdiOuHt8NuZ2LeoQFAluirpUACgkQ
++Ht8NuZ2LeoR/gQ/6A71JxUavzyBlCXlMy2Hx2+gOfy68b8UWl7DwKTOBSoZOzPC7
++dVCSTzoK8dRELqsp7CkFImWcEwLJWMptuH2I1nK+Ua8bvxJSMJnOlPxYE8Wz5EK3
++SQ2mQvifRezQTe8zjdpxEDSR6xocSiigvJow4X+Mivrxxj8sMgu1KA1ud2VGX/IR
++wMbwuBTH9YydgvzmFzTxdlJHEYmsI8koHrVWPHm//QqqPBn+qz2z9uAzDmGAiDYg
++qtQijo5IJC8ZjxgdcTfCkN6he+GhHtOhyP/KF/FcRHY83DoNCtqexQZWGuKtbd8o
++nQYtmemRFob5kR7GxuNdAqF74oQfXcvXZNtHSuN3VtLqkB4fzW+21JBJCsP3XCzd
++nKjR4erXNrQycmp3shSoJbnVvdbDwaVlWhDen1DvJb0Lj2sO3PQPcwVQbf5XHWR/
++ZCf2OQTfVgwFEB4/0Twv70XwYIui2Ry9hmTPbD4Nn+UXbMQ3SOp90tj/e2yY/MFt
++FvcIYcJTk9LM5IsnKgh+fSWDmdS3HD5Kjv2EPUHTNalruwwfmhS+ScJwM4XqHTJY
++JkB16j/Xv2FTF+6KlbA1zdOVycPzoFKjAENYccQBVo2B+WQac7dFDqGEVNal9z66
++DyU4ciAHl6PsbuN7DWeuScLoqq5jwx61bZgn71mUOYC1/47ypat2BKCOXZ2JAjME
++EgEIAB0WIQSm5op4O95BdGcqQkHwXKpE5VGK/wUCWie53AAKCRDwXKpE5VGK/3rM
++D/9jcYKOjYaPJh3Q7wNC1HjjUa73eo5GvJqyXbsXufIh/RAYgQkD08P5JgzfXvQ0
++zOQTtDlDTVG8VMFoBYeMJVDd0k9LBbaljxcttMPfOll+AlQGAL7iQIqTAndknkJL
++CFdl0ypa5GVsl1tzqmNC5fuMJ3vBoRtYbMitlHQkO0vLjZ7yl9fz+7YkREpEo/d5
++Ya8t4+L6el6lrETYaiGCTxHcbYD7VdiJxpxFQlpgl+XKtobrj70RocGQ5JwUNilC
++nRJKUb33lbmntwDwQ1y1AjCnhB++3GHjJDXBPgYFDCSZPCndKeOXhxmB2psFf41i
++8foJPJXuh1vWOqArdwseFCRM6W2deF1utZmROMSkUo6IC8dYlucO/hjpjhG+C8Zv
++QiM5uLylD3IPMX9wCz1tAhMNs3v4pEPo/4A//1cdLkor9cQVLFj3+TkS888EWZdj
++Y8mUTIXU6yL1DXcj8CfDPS29fMpDorDpK1swl4pN5qgGfsL5BSAXUf1AZDWbxnEY
++xf5rakfHDzrfbtbTSSfrBxS8gdW2vBKM+3nL21BeP8hQ0tkLA7bn2fNGz3aCOw46
++XeVJdBk1gVTwazspylqrh1ljr0hQEN4gs/8kM645BRdD0IyAFFcI44VmuVwd8+2g
++5miAGmVKSqN77w2cgMRnF7xpUsanv+3zKzaTnG+2liTeCokCPgQTAQIAKAUCVL7V
++IAIbAwUJBaOagAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQD8MELjRa0F1m
++RhAAj9X+/4iiQsN888dNW/H1wEFFTd/1vqb2j0sHP3t02LkEPN5Ii9u71TSD2gSD
++WTu1Eb46nRDcapFNv5M0vXcWrEt7PK9b51Kuj4KpP5IjJHpTl2g7umaYQWC8fqcY
++TJTH0guMSCzZlsP0xGLbAj3cG6X5OPzCO+IxEafXmE//SfS9w46n1OC57ca1Y0Fp
++WXfjA0sJrcozgNchsptu3jg/oEteYJoxDAzNO45O4geNONq5D9PUQPb+H5Vv5zpy
++MI7iUJhVnTOFvnoUgRS7v6pWiA3flh5FelK8tYPCzEfvxfe7EB5GO7MaJEO3ZLni
++COaAZ3Nfn6Tt28tCOgd052W4FeGWow7iYCS1Wgd30bq/FNgnl+tKv2woxmWt4jJv
++ioBHQ4PbUnap2RCmBFaG7llRkrKP8nhWSUdwSS3OmDwAfxTTXjPaESK9EX9OV9Xo
++or07thq+7OMs+2cyiy2jSfIau0SELy/tVioZBhoB7hzAJUB8sGHOxMPlVDFdUr3x
++F/cgCclWANhw2xvgPim1wQ0XpeZe6w9RpmjZR7ReMYwxn8APBDP/e9R5aLDUQAep
++2hrJUPK38D0L69RnpWQsR9hZ2hEOrMV2M6ChlvhwHbGSdJ2CcqG5Jx4ZAP23DK3A
++N26TB88H9F7IMrM0REZeu7KzvYwCWlpg0zMXXKQ/2vovoe2JAlUEEwECAD8CGwMG
++CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEEtsj5goK5ROOw1cJTD8MELjRa0F0F
++Alpd+i0FCQ8FJo0ACgkQD8MELjRa0F3X3A//dBQLm6GmXlQFjxZbukTw0lZsevFR
++M/6ljZTxp7bsC+HFzYoaCKv6rikaWzytxk//SOaLKrB4Z9HjAlpBMtyLl2Hk7tcZ
++bPpFafNmQ+4KgWNjLXCvt9se8BGrQvGQUrbE6YowbXa2YIgxIVEncFzIECAsp/+N
++xbMcZN5/X1PJxKi/N22gP4nn47muN6L3pKez3CXgWnhGYSc7BuD5ALWYH7yMYUem
++d4jlXfu5xkBIqirj1arIYC9wmF4ldbLNDPuracc8LmXcSqa5Rpao0s4iVzAD+tkX
++vE/73m3rhepwBXxrfk0McXuI9aucf5h4/KkIBzZsaJ6JM1tzlrJzzjaBKJF9OI5T
++jA0qTxdGzdPztS8gPaPcMkRFfh9ti0ZDx4VeF3s8sOtmMRHeGEWfxqUAbBUbwFsa
++JDu/+8/VO4KijfcuUi8tqJ/JHeosCuGE7TM93LwJu6ZcqMYOPDROE/hsnGm0ZU92
++xedu+07/X1ESHkSFPoaSHD5/DCNa/tXIyJZ8X7gF3eoDP5mSmrJqIqsOBR9WOVYv
++dI8i0GHTXbrZj8WXdoS+N8wlyMLLbAS2jvTe7M5RoqbLz4ABOUUnLVoEE0CiccVZ
++bW75BPxOfaD0szbinAeX6HDPI7St0MbKrRPjuDXjD0JVkLqFINtZfYLGMLss4tgn
++suefr0Bo9ISwG3u5Ag0EVL7VIAEQAOxBxrQesChjrCqKjY5PnSsSYpeb4froucrC
++898AFw2DgN/Zz+W7wtSTbtz/GRcCurjzZvN7o2rCuNk0j0+s1sgZZm2BdldlabLy
+++UF/kSW1rb5qhfXcGGubu48OMdtSfok9lOc0Q1L4HNlGE4lUBkZzmI7Ykqfl+Bwr
++m9rpi54g4ua9PIiiHIAmMoZIcbtOG1KaDr6CoXRk/3g2ZiGUwhq3jFGroiBsKEap
++2FJ1bh5NJk2Eg8pV7fMOF7hUQKBZrNOtIPu8hA5WEgku3U3VYjRSI3SDi6QXnDL+
++xHxajiWpKtF3JjZh8y/CCTD8PyP34YjfZuFmkdske5cdx6H0V2UCiH453ncgFVdQ
++DXkY4n+0MTzhy2xu0IVVnBxYDYNhi+3MjTHJd9C4xMi9t+5IuEvDAPhgfZjDpQak
++EPz6hVmgj0mlKIgRilBRK9/kOxky9utBpGk3jEJGru/hKNloFNspoYtY6zATAr8E
++cOgoCFQE0nIktcg3wF9+OCEnV28/a7XZwUZ7Gl/qfOHtdr374wo8kd8R3V8d2G9q
++5w0/uCV9NNQ0fGWZDPDoYt6wnPL6gZv/nJM8oZY+u0rC24WwScZIniaryC4JHDas
++Ahr2S2CtgCvBgslK6f3gD16KHxPZMBpX73TzOYIhMEP/vXgVJbUD6dYht+U9c4Oh
++EDJown0dABEBAAGJAjwEGAECACYCGwwWIQS2yPmCgrlE47DVwlMPwwQuNFrQXQUC
++Wl36SwUJDwUmqwAKCRAPwwQuNFrQXT1/D/9YpRDNgaJl3YVDtVZoeQwh7BQ6ULZT
++eXFPogYkF2j3VWg8s9UmAs4sg/4a+9KLSantXjX+JFsRv0lQe5Gr/Vl8VQ4LKEXB
++fiGmSivjIZ7eopdd3YP2w6G5T3SA4d2CQfsg4rnJPnXIjzKNiSOi368ybnt9fL0Y
++2r2aqLTmP6Y7issDUO+J1TW1XHm349JPR0Hl4cTuNnWm4JuX2m2CJEc5XBlDAha9
++pUVs+J5C2D0UFFkyeOzeJPwy6x5ApWHm84n8AjhQSpu1qRKxKXdwei6tkQWWMHui
+++TgSY/zCkmD9/oY15Ei5avJ4WgIbTLJUoZMi70riPmU8ThjpzA7S+Nk0g7rMPq+X
++l1whjKU/u0udlsrIJjzkh6ftqKUmIkbxYTpjhnEujNrEr5m2S6Z6x3y9E5QagBMR
++dxRhfk+HbyACcP/p9rXOzl4M291DoKeAAH70GHniGxyNs9rAoMr/hD5XW/Wrz3dc
++KMc2s555E6MZILE2ZiolcRn+bYOMPZtWlbx98t8uqMf49gY4FGQBZAwPglMrx7mr
++m7HTIiXahThQGOJg6izJDAD5RwSEGlAcL28T8KAuM6CLLkhlBfQwiKsUBNnh9r8w
++V3lB+pV0GhL+3i077gTYfZBRwLzjFdhm9xUKEaZ6rN1BX9lzix4eSNK5nln0jUq1
++67H2IH//2sf8dw==
++=fTDu
++-----END PGP PUBLIC KEY BLOCK-----
 \ No newline at end of file
 diff --git a/nss/automation/taskcluster/docker-hacl/Dockerfile b/nss/automation/taskcluster/docker-hacl/Dockerfile
 index 50f2be2..168be1c 100644
 --- a/nss/automation/taskcluster/docker-hacl/Dockerfile
 +++ b/nss/automation/taskcluster/docker-hacl/Dockerfile
@@ -9,9 +9,10 @@ ENV haclrepo https://github.com/mitls/hacl-star.git
  # Define versions of dependencies
  ENV opamv 4.05.0
--ENV haclversion 1da331f9ef30e13269e45ae73bbe4a4bca679ae6
++ENV haclversion 1442c015dab97cdf203ae238b1f3aeccf511bd1e
  # Install required packages and set versions
++ADD B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc /tmp/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc
  ADD setup.sh /tmp/setup.sh
  RUN bash /tmp/setup.sh
 diff --git a/nss/automation/taskcluster/docker-hacl/setup.sh b/nss/automation/taskcluster/docker-hacl/setup.sh
 index f5f8bd7..491342e 100644
 --- a/nss/automation/taskcluster/docker-hacl/setup.sh
 +++ b/nss/automation/taskcluster/docker-hacl/setup.sh
@@ -12,9 +12,13 @@ update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 200
  # Get clang-format-3.9
  curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
  curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
--# Verify the signature.
--gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
--gpg --verify *.tar.xz.sig
++
++# Verify the signature. The key used for verification was fetched via:
++#    gpg --keyserver pgp.key-server.io --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
++# Use a local copy to workaround bug 1565013.
++gpg --no-default-keyring --keyring tmp.keyring --import /tmp/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc
++gpg --no-default-keyring --keyring tmp.keyring --verify clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
++
  # Install into /usr/local/.
  tar xJvf *.tar.xz -C /usr/local --strip-components=1
  # Cleanup.
 diff --git a/nss/automation/taskcluster/graph/src/extend.js b/nss/automation/taskcluster/graph/src/extend.js
 index d7bd3f5..5b22ef8 100644
 --- a/nss/automation/taskcluster/graph/src/extend.js
 +++ b/nss/automation/taskcluster/graph/src/extend.js
@@ -121,12 +121,26 @@ queue.map(task => {
+     }
+   }
--  // We don't run FIPS SSL tests
    if (task.tests == "ssl") {
      if (!task.env) {
        task.env = {};
+     }
--    task.env.NSS_SSL_TESTS = "crl iopr policy";
++
++    // Stress tests to not include other SSL tests
++    if (task.symbol == "stress") {
++      task.env.NSS_SSL_TESTS = "normal_normal";
++    } else {
++      task.env.NSS_SSL_TESTS = "crl iopr policy normal_normal";
++    }
++
++    // FIPS runs
++    if (task.collection == "fips") {
++      task.env.NSS_SSL_TESTS += " fips_fips fips_normal normal_fips";
++    }
++
++    if (task.platform == "mac") {
++      task.maxRunTime = 7200;
++    }
+   }
    // Windows is slow.
@@ -135,6 +149,9 @@ queue.map(task => {
      task.maxRunTime = 7200;
+   }
++  if (task.platform == "mac" && task.tests == "tools") {
++      task.maxRunTime = 7200;
++  }
    return task;
  });
@@ -317,12 +334,7 @@ async function scheduleMac(name, base, args = "") {
    });
    // Build base definition.
--  let build_base = merge(mac_base, {
--    command: [
--      MAC_CHECKOUT_CMD,
--      ["bash", "-c",
--       "nss/automation/taskcluster/scripts/build_gyp.sh " + args]
--    ],
++  let build_base_without_command_symbol = merge(mac_base, {
      provisioner: "localprovisioner",
      workerType: "nss-macos-10-12",
      platform: "mac",
@@ -333,6 +345,35 @@ async function scheduleMac(name, base, args = "") {
        path: "public"
      }],
      kind: "build",
++  });
++
++  let gyp_cmd = "nss/automation/taskcluster/scripts/build_gyp.sh ";
++
++  if (!("collection" in base) ||
++      (base.collection != "make" &&
++       base.collection != "asan" &&
++       base.collection != "fips" &&
++       base.collection != "fuzz")) {
++    let nspr_gyp = gyp_cmd + "--nspr-only --nspr-test-build ";
++    // TODO (bug 1385039): nspr_gyp += "--nspr-test-run ";
++    let nspr_build = merge(build_base_without_command_symbol, {
++      command: [
++        MAC_CHECKOUT_CMD,
++        ["bash", "-c",
++         nspr_gyp + args]
++      ],
++      symbol: "NSPR"
++    });
++    // The task that tests NSPR.
++    let nspr_task_build = queue.scheduleTask(merge(nspr_build, {name}));
++  }
++
++  let build_base = merge(build_base_without_command_symbol, {
++    command: [
++      MAC_CHECKOUT_CMD,
++      ["bash", "-c",
++       gyp_cmd + args]
++    ],
      symbol: "B"
    });
@@ -366,25 +407,55 @@ async function scheduleMac(name, base, args = "") {
  /*****************************************************************************/
  async function scheduleLinux(name, overrides, args = "") {
++  let checkout_and_gyp = "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh ";
++  let artifacts_and_kind = {
++    artifacts: {
++      public: {
++        expires: 24 * 7,
++        type: "directory",
++        path: "/home/worker/artifacts"
++      }
++    },
++    kind: "build",
++  };
++
++  if (!("collection" in overrides) ||
++       (overrides.collection != "make" &&
++        overrides.collection != "asan" &&
++        overrides.collection != "fips" &&
++        overrides.collection != "fuzz")) {
++    let nspr_gyp = checkout_and_gyp + "--nspr-only --nspr-test-build ";
++    // TODO (bug 1385039): nspr_gyp += "--nspr-test-run ";
++
++    let nspr_base = merge({
++      command: [
++        "/bin/bash",
++        "-c",
++        nspr_gyp + args
++      ],
++    }, overrides);
++    let nspr_without_symbol = merge(nspr_base, artifacts_and_kind);
++    let nspr_build = merge(nspr_without_symbol, {
++      symbol: "NSPR",
++    });
++    // The task that tests NSPR.
++    let nspr_task_build = queue.scheduleTask(merge(nspr_build, {name}));
++  }
++
    // Construct a base definition.  This takes |overrides| second because
    // callers expect to be able to overwrite the |command| key.
    let base = merge({
      command: [
        "/bin/bash",
        "-c",
--      "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh " + args
++      checkout_and_gyp + args
      ],
    }, overrides);
++
++  let base_without_symbol = merge(base, artifacts_and_kind);
++
    // The base for building.
--  let build_base = merge(base, {
--    artifacts: {
--      public: {
--        expires: 24 * 7,
--        type: "directory",
--        path: "/home/worker/artifacts"
--      }
--    },
--    kind: "build",
++  let build_base = merge(base_without_symbol, {
      symbol: "B",
    });
@@ -567,7 +638,7 @@ async function scheduleFuzzing() {
        "/bin/bash",
        "-c",
        "bin/checkout.sh && " +
--      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz"
++      "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz"
      ],
      artifacts: {
        public: {
@@ -594,7 +665,7 @@ async function scheduleFuzzing() {
        "/bin/bash",
        "-c",
        "bin/checkout.sh && " +
--      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls"
++      "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz=tls"
      ],
    }));
@@ -672,7 +743,7 @@ async function scheduleFuzzing32() {
        "/bin/bash",
        "-c",
        "bin/checkout.sh && " +
--      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz -t ia32"
++      "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz -t ia32"
      ],
      artifacts: {
        public: {
@@ -699,7 +770,7 @@ async function scheduleFuzzing32() {
        "/bin/bash",
        "-c",
        "bin/checkout.sh && " +
--      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls -t ia32"
++      "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz=tls -t ia32"
      ],
    }));
@@ -771,21 +842,45 @@ async function scheduleWindows(name, base, build_script) {
+     }
    });
--  // Build base definition.
--  let build_base = merge(base, {
--    command: [
--      WINDOWS_CHECKOUT_CMD,
--      `bash -c 'nss/automation/taskcluster/windows/${build_script}'`
--    ],
++  let artifacts_and_kind = {
      artifacts: [{
        expires: 24 * 7,
        type: "directory",
        path: "public\\build"
      }],
      kind: "build",
++  };
++
++  let build_without_command_symbol = merge(base, artifacts_and_kind);
++
++  // Build base definition.
++  let build_base = merge(build_without_command_symbol, {
++    command: [
++      WINDOWS_CHECKOUT_CMD,
++      `bash -c 'nss/automation/taskcluster/windows/${build_script}'`
++    ],
      symbol: "B"
    });
++  if (!("collection" in base) ||
++      (base.collection != "make" &&
++       base.collection != "asan" &&
++       base.collection != "fips" &&
++       base.collection != "fuzz")) {
++    let nspr_gyp =
++      `bash -c 'nss/automation/taskcluster/windows/${build_script} --nspr-only --nspr-test-build'`;
++      // TODO (bug 1385039): add --nspr-test-run
++    let nspr_build = merge(build_without_command_symbol, {
++      command: [
++        WINDOWS_CHECKOUT_CMD,
++        nspr_gyp
++      ],
++      symbol: "NSPR"
++    });
++    // The task that tests NSPR.
++    let task_build = queue.scheduleTask(merge(nspr_build, {name}));
++  }
++
    // Make builds run FIPS tests, which need an extra FIPS build.
    if (base.collection == "make") {
      let extra_build = queue.scheduleTask(merge(build_base, {
@@ -951,6 +1046,10 @@ function scheduleTests(task_build, task_cert, test_base) {
    queue.scheduleTask(merge(ssl_base, {
      name: "SSL tests (upgradedb)", symbol: "upgradedb", cycle: "upgradedb"
    }));
++  queue.scheduleTask(merge(ssl_base, {
++    name: "SSL tests (stress)", symbol: "stress", cycle: "sharedb",
++    env: {NSS_SSL_RUN: "stress"}
++  }));
+ }
  /*****************************************************************************/
 diff --git a/nss/automation/taskcluster/graph/src/queue.js b/nss/automation/taskcluster/graph/src/queue.js
 index 0b7ade9..0dc6bbb 100644
 --- a/nss/automation/taskcluster/graph/src/queue.js
 +++ b/nss/automation/taskcluster/graph/src/queue.js
@@ -114,6 +114,14 @@ function convertTask(def) {
    if (def.cycle) {
      env.NSS_CYCLES = def.cycle;
+   }
++  if (def.kind === "build") {
++    // Disable leak checking during builds (bug 1579290).
++    if (env.ASAN_OPTIONS) {
++      env.ASAN_OPTIONS += ":detect_leaks=0";
++    } else {
++      env.ASAN_OPTIONS = "detect_leaks=0";
++    }
++  }
    let payload = {
      env,
@@ -143,7 +151,7 @@ function convertTask(def) {
+   }
    let extra = Object.assign({
--      treeherder: parseTreeherder(def)
++    treeherder: parseTreeherder(def)
    }, parameters);
    return {
 diff --git a/nss/automation/taskcluster/graph/src/try_syntax.js b/nss/automation/taskcluster/graph/src/try_syntax.js
 index 700032a..ca0b848 100644
 --- a/nss/automation/taskcluster/graph/src/try_syntax.js
 +++ b/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -183,6 +183,17 @@ export async function initFilter() {
    // Add try syntax filter.
    if (match) {
--    queue.filter(filter(parseOptions(match[1])));
++    let match1 = match[1];
++    queue.filter(filter(parseOptions(match1)));
++
++    if (match1.includes("--nspr-patch")) {
++      queue.map(task => {
++        if (!task.env) {
++          task.env = {};
++        }
++        task.env.ALLOW_NSPR_PATCH = "1";
++        return task;
++      });
++    }
+   }
+ }
 diff --git a/nss/automation/taskcluster/scripts/build.sh b/nss/automation/taskcluster/scripts/build.sh
 index 649fdaa..42ac822 100755
 --- a/nss/automation/taskcluster/scripts/build.sh
 +++ b/nss/automation/taskcluster/scripts/build.sh
@@ -13,6 +13,12 @@ fi
  # Clone NSPR if needed.
  hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
++if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++  pushd nspr
++  cat ../nss/nspr.patch | patch -p1
++  popd
++fi
++
  # Build.
  make -C nss nss_build_all
 diff --git a/nss/automation/taskcluster/scripts/build_gyp.sh b/nss/automation/taskcluster/scripts/build_gyp.sh
 index fb3a33a..e19a636 100755
 --- a/nss/automation/taskcluster/scripts/build_gyp.sh
 +++ b/nss/automation/taskcluster/scripts/build_gyp.sh
@@ -5,8 +5,14 @@ source $(dirname "$0")/tools.sh
  # Clone NSPR if needed.
  hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
++if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++  pushd nspr
++  cat ../nss/nspr.patch | patch -p1
++  popd
++fi
++
  # Build.
--nss/build.sh -g -v "$@"
++nss/build.sh -g -v --enable-libpkix "$@"
  # Package.
  if [[ $(uname) = "Darwin" ]]; then
 diff --git a/nss/automation/taskcluster/scripts/build_nspr.sh b/nss/automation/taskcluster/scripts/build_nspr.sh
 index 4d19034..b104e43 100755
 --- a/nss/automation/taskcluster/scripts/build_nspr.sh
 +++ b/nss/automation/taskcluster/scripts/build_nspr.sh
@@ -7,6 +7,12 @@ source $(dirname $0)/tools.sh
  # Clone NSPR if needed.
  hg_clone https://hg.mozilla.org/projects/nspr nspr default
++if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++  pushd nspr
++  cat ../nss/nspr.patch | patch -p1
++  popd
++fi
++
  # Build.
  rm -rf dist
  make -C nss build_nspr
 diff --git a/nss/automation/taskcluster/scripts/build_softoken.sh b/nss/automation/taskcluster/scripts/build_softoken.sh
 index e5aaecc..5f60456 100755
 --- a/nss/automation/taskcluster/scripts/build_softoken.sh
 +++ b/nss/automation/taskcluster/scripts/build_softoken.sh
@@ -20,8 +20,9 @@ export NSS_BUILD_SOFTOKEN_ONLY=1
  rm -rf dist
  make -C nss-softoken nss_build_all
--mv dist/private/nss/blapi.h dist/public/nss
--mv dist/private/nss/alghmac.h dist/public/nss
++for i in blapi alghmac cmac; do
++    mv "dist/private/nss/${i}.h" dist/public/nss
++done
  # Package.
  test -d artifacts || mkdir artifacts
 diff --git a/nss/automation/taskcluster/scripts/check_abi.sh b/nss/automation/taskcluster/scripts/check_abi.sh
 index caa5cca..5cd587a 100755
 --- a/nss/automation/taskcluster/scripts/check_abi.sh
 +++ b/nss/automation/taskcluster/scripts/check_abi.sh
@@ -20,6 +20,12 @@ set_env()
      done
    fi
++  if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++    pushd nspr
++    cat ../nss/nspr.patch | patch -p1
++    popd
++  fi
++
    cd nss
    ./build.sh -v -c
    cd ..
 diff --git a/nss/automation/taskcluster/scripts/gen_coverage_report.sh b/nss/automation/taskcluster/scripts/gen_coverage_report.sh
 index 3907c72..dc7d77d 100755
 --- a/nss/automation/taskcluster/scripts/gen_coverage_report.sh
 +++ b/nss/automation/taskcluster/scripts/gen_coverage_report.sh
@@ -5,6 +5,12 @@ source $(dirname "$0")/tools.sh
  # Clone NSPR.
  hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
++if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++  pushd nspr
++  cat ../nss/nspr.patch | patch -p1
++  popd
++fi
++
  out=/home/worker/artifacts
  mkdir -p $out
 diff --git a/nss/automation/taskcluster/scripts/run_coverity.sh b/nss/automation/taskcluster/scripts/run_coverity.sh
 index 4d008f4..4b09f53 100755
 --- a/nss/automation/taskcluster/scripts/run_coverity.sh
 +++ b/nss/automation/taskcluster/scripts/run_coverity.sh
@@ -5,6 +5,12 @@ source $(dirname "$0")/tools.sh
  # Clone NSPR if needed.
  if [ ! -d "nspr" ]; then
      hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
++
++  if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++    pushd nspr
++    cat ../nss/nspr.patch | patch -p1
++    popd
++  fi
  fi
  # Build and run Coverity
@@ -12,4 +18,4 @@ cd nss
  ./mach static-analysis
  # Return the exit code of the Coverity Analysis
--exit $?
 \ No newline at end of file
++exit $?
 diff --git a/nss/automation/taskcluster/scripts/run_scan_build.sh b/nss/automation/taskcluster/scripts/run_scan_build.sh
 index 014530b..0e4fcbd 100755
 --- a/nss/automation/taskcluster/scripts/run_scan_build.sh
 +++ b/nss/automation/taskcluster/scripts/run_scan_build.sh
@@ -5,6 +5,12 @@ source $(dirname "$0")/tools.sh
  # Clone NSPR if needed.
  if [ ! -d "nspr" ]; then
      hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
++
++    if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++      pushd nspr
++      cat ../nss/nspr.patch | patch -p1
++      popd
++    fi
  fi
  # Build.
 diff --git a/nss/automation/taskcluster/windows/build.sh b/nss/automation/taskcluster/windows/build.sh
 index eebb415..f878a3d 100644
 --- a/nss/automation/taskcluster/windows/build.sh
 +++ b/nss/automation/taskcluster/windows/build.sh
@@ -12,6 +12,12 @@ source "$(dirname "$0")/setup.sh"
  # Clone NSPR.
  hg_clone https://hg.mozilla.org/projects/nspr nspr default
++if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++  pushd nspr
++  cat ../nss/nspr.patch | patch -p1
++  popd
++fi
++
  # Build.
  make -C nss nss_build_all
 diff --git a/nss/automation/taskcluster/windows/build_gyp.sh b/nss/automation/taskcluster/windows/build_gyp.sh
 index c0f38f9..1a78d44 100644
 --- a/nss/automation/taskcluster/windows/build_gyp.sh
 +++ b/nss/automation/taskcluster/windows/build_gyp.sh
@@ -31,8 +31,14 @@ export PATH="${PATH}:${PWD}/ninja/bin:${PWD}/gyp/test-env/Scripts"
  # Clone NSPR.
  hg_clone https://hg.mozilla.org/projects/nspr nspr default
++if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
++  pushd nspr
++  cat ../nss/nspr.patch | patch -p1
++  popd
++fi
++
  # Build with gyp.
--./nss/build.sh -g -v "$@"
++./nss/build.sh -g -v --enable-libpkix "$@"
  # Package.
 z a public/build/dist.7z dist
 diff --git a/nss/build.sh b/nss/build.sh
 index 0b6fec8..7595d76 100755
 --- a/nss/build.sh
 +++ b/nss/build.sh
@@ -13,14 +13,16 @@
  set -e
  cwd=$(cd $(dirname $0); pwd -P)
--source "$cwd"/coreconf/nspr.sh
--source "$cwd"/coreconf/sanitizers.sh
++dist_dir="$cwd/../dist"
++argsfile="$dist_dir/build_args"
++source "$cwd/coreconf/nspr.sh"
++source "$cwd/coreconf/sanitizers.sh"
  GYP=${GYP:-gyp}
  # Usage info
  show_help()
+ {
--    cat "$cwd"/help.txt
++    cat "$cwd/help.txt"
+ }
  run_verbose()
@@ -35,6 +37,14 @@ run_verbose()
      exec 3>&-
+ }
++# The prehistoric bash on Mac doesn't support @Q quoting.
++# The consequences aren't that serious, unless there are odd arrangements of spaces.
++if /usr/bin/env bash -c 'x=1;echo "${x@Q}"' >/dev/null 2>&1; then
++    Q() { echo "${@@Q}"; }
++else
++    Q() { echo "$@"; }
++fi
++
  if [ -n "$CCC" ] && [ -z "$CXX" ]; then
      export CXX="$CCC"
  fi
@@ -44,6 +54,9 @@ build_64=0
  clean=0
  rebuild_gyp=0
  rebuild_nspr=0
++build_nspr_tests=0
++run_nspr_tests=0
++exit_after_nspr=0
  target=Debug
  verbose=0
  fuzz=0
@@ -56,7 +69,7 @@ gyp_params=(--depth="$cwd" --generator-output=".")
  ninja_params=()
  # Assume that the target architecture is the same as the host by default.
--host_arch=$(python "$cwd"/coreconf/detect_host_arch.py)
++host_arch=$(python "$cwd/coreconf/detect_host_arch.py")
  target_arch=$host_arch
  # Assume that MSVC is wanted if this is running on windows.
@@ -66,8 +79,17 @@ if [ "${platform%-*}" = "MINGW32_NT" -o "${platform%-*}" = "MINGW64_NT" ]; then
  fi
  # Parse command line arguments.
++all_args=("$@")
  while [ $# -gt 0 ]; do
      case "$1" in
++        --rebuild)
++            if [[ ! -e "$argsfile" ]]; then
++                echo "Unable to rebuild" 1>&2
++                exit 2
++            fi
++            IFS=$'\r\n' GLOBIGNORE='*' command eval  'previous_args=($(<"$argsfile"))'
++            exec /usr/bin/env bash -c "$(Q "$0")"' "$@"' "$0" "${previous_args[@]}"
++            ;;
          -c) clean=1 ;;
          -cc) clean_only=1 ;;
          -v) ninja_params+=(-v); verbose=1 ;;
@@ -98,6 +120,9 @@ while [ $# -gt 0 ]; do
          --static) gyp_params+=(-Dstatic_libs=1) ;;
          --ct-verif) gyp_params+=(-Dct_verif=1) ;;
          --nspr) nspr_clean; rebuild_nspr=1 ;;
++        --nspr-test-build) build_nspr_tests=1 ;;
++        --nspr-test-run) run_nspr_tests=1 ;;
++        --nspr-only) exit_after_nspr=1 ;;
          --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
          --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
          --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
@@ -105,7 +130,7 @@ while [ $# -gt 0 ]; do
          --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
          --mozpkix-only) gyp_params+=(-Dmozpkix_only=1 -Ddisable_tests=1 -Dsign_libs=0) ;;
          --disable-keylog) sslkeylogfile=0 ;;
--	-D*) gyp_params+=("$1") ;;
++        -D*) gyp_params+=("$1") ;;
          *) show_help; exit 2 ;;
      esac
      shift
@@ -123,7 +148,7 @@ gyp_params+=(-Denable_sslkeylogfile="$sslkeylogfile")
  # Do special setup.
  if [ "$fuzz" = 1 ]; then
--    source "$cwd"/coreconf/fuzz.sh
++    source "$cwd/coreconf/fuzz.sh"
  fi
  nspr_set_flags $sanitizer_flags
  if [ ! -z "$sanitizer_flags" ]; then
@@ -131,20 +156,13 @@ if [ ! -z "$sanitizer_flags" ]; then
  fi
  if [ "$msvc" = 1 ]; then
--    source "$cwd"/coreconf/msvc.sh
++    source "$cwd/coreconf/msvc.sh"
  fi
--# Setup build paths.
--target_dir="$cwd"/out/$target
--mkdir -p "$target_dir"
--dist_dir="$cwd"/../dist
--dist_dir=$(mkdir -p "$dist_dir"; cd "$dist_dir"; pwd -P)
--gyp_params+=(-Dnss_dist_dir="$dist_dir")
--
  # -c = clean first
  if [ "$clean" = 1 -o "$clean_only" = 1 ]; then
      nspr_clean
--    rm -rf "$cwd"/out
++    rm -rf "$cwd/out"
      rm -rf "$dist_dir"
      # -cc = only clean, don't build
      if [ "$clean_only" = 1 ]; then
@@ -153,6 +171,12 @@ if [ "$clean" = 1 -o "$clean_only" = 1 ]; then
      fi
  fi
++# Setup build paths.
++target_dir="$cwd/out/$target"
++mkdir -p "$target_dir"
++dist_dir=$(mkdir -p "$dist_dir"; cd "$dist_dir"; pwd -P)
++gyp_params+=(-Dnss_dist_dir="$dist_dir")
++
  # This saves a canonical representation of arguments that we are passing to gyp
  # or the NSPR build so that we can work out if a rebuild is needed.
  # Caveat: This can fail for arguments that are position-dependent.
@@ -162,66 +186,72 @@ check_config()
      local newconf="$1".new oldconf="$1"
      shift
      mkdir -p $(dirname "$newconf")
--    echo CC="$CC" >"$newconf"
--    echo CCC="$CCC" >>"$newconf"
--    echo CXX="$CXX" >>"$newconf"
--    echo target_arch="$target_arch" >>"$newconf"
--    for i in "$@"; do echo $i; done | sort >>"$newconf"
++    echo CC="$(Q "$CC")" >"$newconf"
++    echo CCC="$(Q "$CCC")" >>"$newconf"
++    echo CXX="$(Q "$CXX")" >>"$newconf"
++    echo target_arch="$(Q "$target_arch")" >>"$newconf"
++    for i in "$@"; do echo "$i"; done | sort >>"$newconf"
      # Note: The following diff fails if $oldconf isn't there as well, which
      # happens if we don't have a previous successful build.
      ! diff -q "$newconf" "$oldconf" >/dev/null 2>&1
+ }
--gyp_config="$cwd"/out/gyp_config
--nspr_config="$cwd"/out/$target/nspr_config
++gyp_config="$cwd/out/gyp_config"
++nspr_config="$cwd/out/$target/nspr_config"
  # Now check what needs to be rebuilt.
  # If we don't have a build directory make sure that we rebuild.
  if [ ! -d "$target_dir" ]; then
      rebuild_nspr=1
      rebuild_gyp=1
--elif [ ! -d "$dist_dir"/$target ]; then
++elif [ ! -d "$dist_dir/$target" ]; then
      rebuild_nspr=1
  fi
  if check_config "$nspr_config" \
--                 nspr_cflags="$nspr_cflags" \
--                 nspr_cxxflags="$nspr_cxxflags" \
--                 nspr_ldflags="$nspr_ldflags"; then
++                 nspr_cflags="$(Q "$nspr_cflags")" \
++                 nspr_cxxflags="$(Q "$nspr_cxxflags")" \
++                 nspr_ldflags="$(Q "$nspr_ldflags")"; then
      rebuild_nspr=1
  fi
--if check_config "$gyp_config" "${gyp_params[@]}"; then
++if check_config "$gyp_config" "$(Q "${gyp_params[@]}")"; then
      rebuild_gyp=1
  fi
  # Save the chosen target.
--mkdir -p "$dist_dir"
--echo $target > "$dist_dir"/latest
++echo "$target" > "$dist_dir/latest"
++for i in "${all_args[@]}"; do echo "$i"; done > "$argsfile"
  # Build.
  # NSPR.
  if [[ "$rebuild_nspr" = 1 && "$no_local_nspr" = 0 ]]; then
++    nspr_clean
      nspr_build
--    mv -f "$nspr_config".new "$nspr_config"
++    mv -f "$nspr_config.new" "$nspr_config"
++fi
++
++if [ "$exit_after_nspr" = 1 ]; then
++  exit 0
  fi
++
  # gyp.
  if [ "$rebuild_gyp" = 1 ]; then
--    if ! hash ${GYP} 2> /dev/null; then
--        echo "Please install gyp" 1>&2
--        exit 1
++    if ! hash "$GYP" 2> /dev/null; then
++        echo "Building NSS requires an installation of gyp: https://gyp.gsrc.io/" 1>&2
++        exit 3
      fi
      # These extra arguments aren't used in determining whether to rebuild.
--    obj_dir="$dist_dir"/$target
--    gyp_params+=(-Dnss_dist_obj_dir=$obj_dir)
++    obj_dir="$dist_dir/$target"
++    gyp_params+=(-Dnss_dist_obj_dir="$obj_dir")
      if [ "$no_local_nspr" = 0 ]; then
          set_nspr_path "$obj_dir/include/nspr:$obj_dir/lib"
      fi
--    run_verbose run_scanbuild ${GYP} -f ninja "${gyp_params[@]}" "$cwd"/nss.gyp
++    run_verbose run_scanbuild ${GYP} -f ninja "${gyp_params[@]}" "$cwd/nss.gyp"
--    mv -f "$gyp_config".new "$gyp_config"
++    mv -f "$gyp_config.new" "$gyp_config"
  fi
  # ninja.
@@ -230,7 +260,7 @@ if hash ninja-build 2>/dev/null; then
  elif hash ninja 2>/dev/null; then
      ninja=ninja
  else
--    echo "Please install ninja" 1>&2
--    exit 1
++    echo "Building NSS requires an installation of ninja: https://ninja-build.org/" 1>&2
++    exit 3
  fi
--run_scanbuild $ninja -C "$target_dir" "${ninja_params[@]}"
++run_scanbuild "$ninja" -C "$target_dir" "${ninja_params[@]}"
 diff --git a/nss/cmd/addbuiltin/addbuiltin.c b/nss/cmd/addbuiltin/addbuiltin.c
 index 8316720..5655888 100644
 --- a/nss/cmd/addbuiltin/addbuiltin.c
 +++ b/nss/cmd/addbuiltin/addbuiltin.c
@@ -230,6 +230,8 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
              hasPositiveTrust(trust->objectSigningFlags)) {
              printf("CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE\n");
+         }
++        printf("CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE\n");
++        printf("CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE\n");
+     }
      if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==
@@ -306,19 +308,21 @@ printheader()
             "#\n"
             "#    Certificates\n"
             "#\n"
--           "#  -- Attribute --          -- type --              -- value --\n"
--           "#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE\n"
--           "#  CKA_TOKEN                CK_BBOOL                CK_TRUE\n"
--           "#  CKA_PRIVATE              CK_BBOOL                CK_FALSE\n"
--           "#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE\n"
--           "#  CKA_LABEL                UTF8                    (varies)\n"
--           "#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509\n"
--           "#  CKA_SUBJECT              DER+base64              (varies)\n"
--           "#  CKA_ID                   byte array              (varies)\n"
--           "#  CKA_ISSUER               DER+base64              (varies)\n"
--           "#  CKA_SERIAL_NUMBER        DER+base64              (varies)\n"
--           "#  CKA_VALUE                DER+base64              (varies)\n"
--           "#  CKA_NSS_EMAIL            ASCII7                  (unused here)\n"
++           "#  -- Attribute --               -- type --          -- value --\n"
++           "#  CKA_CLASS                     CK_OBJECT_CLASS     CKO_CERTIFICATE\n"
++           "#  CKA_TOKEN                     CK_BBOOL            CK_TRUE\n"
++           "#  CKA_PRIVATE                   CK_BBOOL            CK_FALSE\n"
++           "#  CKA_MODIFIABLE                CK_BBOOL            CK_FALSE\n"
++           "#  CKA_LABEL                     UTF8                (varies)\n"
++           "#  CKA_CERTIFICATE_TYPE          CK_CERTIFICATE_TYPE CKC_X_509\n"
++           "#  CKA_SUBJECT                   DER+base64          (varies)\n"
++           "#  CKA_ID                        byte array          (varies)\n"
++           "#  CKA_ISSUER                    DER+base64          (varies)\n"
++           "#  CKA_SERIAL_NUMBER             DER+base64          (varies)\n"
++           "#  CKA_VALUE                     DER+base64          (varies)\n"
++           "#  CKA_NSS_EMAIL                 ASCII7              (unused here)\n"
++           "#  CKA_NSS_SERVER_DISTRUST_AFTER DER+base64          (varies)\n"
++           "#  CKA_NSS_EMAIL_DISTRUST_AFTER  DER+base64          (varies)\n"
             "#\n"
             "#    Trust\n"
             "#\n"
@@ -392,6 +396,12 @@ Usage(char *progName)
      fprintf(stderr, "%-15s a CRL entry number, as shown by \"crlutil -S\"\n", "-e");
      fprintf(stderr, "%-15s input file to read (default stdin)\n", "-i file");
      fprintf(stderr, "%-15s     (pipe through atob if the cert is b64-encoded)\n", "");
++    fprintf(stderr, "%-15s convert a timestamp to DER, and output.\n", "-d timestamp");
++    fprintf(stderr, "%-15s useful to fill server and email distrust fields\n", "");
++    fprintf(stderr, "%-15s Example: %s -d 1561939200\n", "", progName);
++    fprintf(stderr, "%-15s NOTE: The informed timestamp are interpreted as seconds\n", "");
++    fprintf(stderr, "%-15s since unix epoch.\n", "");
++    fprintf(stderr, "%-15s TIP: date -d \"2019-07-01 00:00:00 UTC\" +%%s\n", "");
      exit(-1);
+ }
@@ -403,20 +413,21 @@ enum {
      opt_ExcludeCert,
      opt_ExcludeHash,
      opt_DistrustCRL,
--    opt_CRLEnry
++    opt_CRLEntry,
++    opt_ConvertDate
  };
--static secuCommandFlag addbuiltin_options[] =
--    {
--      { /* opt_Input         */ 'i', PR_TRUE, 0, PR_FALSE },
--      { /* opt_Nickname      */ 'n', PR_TRUE, 0, PR_FALSE },
--      { /* opt_Trust         */ 't', PR_TRUE, 0, PR_FALSE },
--      { /* opt_Distrust      */ 'D', PR_FALSE, 0, PR_FALSE },
--      { /* opt_ExcludeCert   */ 'c', PR_FALSE, 0, PR_FALSE },
--      { /* opt_ExcludeHash   */ 'h', PR_FALSE, 0, PR_FALSE },
--      { /* opt_DistrustCRL   */ 'C', PR_FALSE, 0, PR_FALSE },
--      { /* opt_CRLEnry       */ 'e', PR_TRUE, 0, PR_FALSE },
--    };
++static secuCommandFlag addbuiltin_options[] = {
++    { /* opt_Input         */ 'i', PR_TRUE, 0, PR_FALSE },
++    { /* opt_Nickname      */ 'n', PR_TRUE, 0, PR_FALSE },
++    { /* opt_Trust         */ 't', PR_TRUE, 0, PR_FALSE },
++    { /* opt_Distrust      */ 'D', PR_FALSE, 0, PR_FALSE },
++    { /* opt_ExcludeCert   */ 'c', PR_FALSE, 0, PR_FALSE },
++    { /* opt_ExcludeHash   */ 'h', PR_FALSE, 0, PR_FALSE },
++    { /* opt_DistrustCRL   */ 'C', PR_FALSE, 0, PR_FALSE },
++    { /* opt_CRLEntry      */ 'e', PR_TRUE, 0, PR_FALSE },
++    { /* opt_ConvertDate   */ 'd', PR_TRUE, 0, PR_FALSE },
++};
  int
  main(int argc, char **argv)
@@ -444,6 +455,30 @@ main(int argc, char **argv)
      if (rv != SECSuccess)
          Usage(progName);
++    if (addbuiltin.options[opt_ConvertDate].activated) {
++        char *endPtr;
++        PRTime distrustTimestamp = strtol(addbuiltin.options[opt_ConvertDate].arg, &endPtr, 0) * PR_USEC_PER_SEC;
++        if (*endPtr != '\0' && distrustTimestamp > 0) {
++            Usage(progName);
++            exit(1);
++        }
++        SECItem encTime;
++        DER_EncodeTimeChoice(NULL, &encTime, distrustTimestamp);
++        SECU_PrintTimeChoice(stdout, &encTime, "The timestamp represents this date", 0);
++        printf("Locate the entry of the desired certificate in certdata.txt\n"
++               "Erase the CKA_NSS_[SERVER|EMAIL]_DISTRUST_AFTER CK_BBOOL CK_FALSE\n"
++               "And override with the following respective entry:\n\n");
++        SECU_PrintTimeChoice(stdout, &encTime, "# For Server Distrust After", 0);
++        printf("CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL\n");
++        dumpbytes(encTime.data, encTime.len);
++        printf("END\n");
++        SECU_PrintTimeChoice(stdout, &encTime, "# For Email Distrust After", 0);
++        printf("CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL\n");
++        dumpbytes(encTime.data, encTime.len);
++        printf("END\n");
++        exit(0);
++    }
++
      if (addbuiltin.options[opt_Trust].activated)
          ++mutuallyExclusiveOpts;
      if (addbuiltin.options[opt_Distrust].activated)
@@ -458,12 +493,12 @@ main(int argc, char **argv)
+     }
      if (addbuiltin.options[opt_DistrustCRL].activated) {
--        if (!addbuiltin.options[opt_CRLEnry].activated) {
++        if (!addbuiltin.options[opt_CRLEntry].activated) {
              fprintf(stderr, "%s: you must specify the CRL entry number.\n",
                      progName);
              Usage(progName);
          } else {
--            crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
++            crlentry = atoi(addbuiltin.options[opt_CRLEntry].arg);
              if (crlentry < 1) {
                  fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
                          progName);
 diff --git a/nss/cmd/httpserv/httpserv.c b/nss/cmd/httpserv/httpserv.c
 index 71e2ab8..c7277f3 100644
 --- a/nss/cmd/httpserv/httpserv.c
 +++ b/nss/cmd/httpserv/httpserv.c
@@ -463,7 +463,7 @@ handle_connection(
      char *getData = NULL; /* inplace conversion */
      SECItem postData;
      PRBool isOcspRequest = PR_FALSE;
--    PRBool isPost;
++    PRBool isPost = PR_FALSE;
      postData.data = NULL;
      postData.len = 0;
 diff --git a/nss/cmd/lib/Makefile b/nss/cmd/lib/Makefile
 index 0fb6c90..6b53451 100644
 --- a/nss/cmd/lib/Makefile
 +++ b/nss/cmd/lib/Makefile
@@ -27,6 +27,7 @@ include $(CORE_DEPTH)/coreconf/config.mk
  #######################################################################
  include config.mk
++include ../platlibs.mk
  #######################################################################
  # (5) Execute "global" rules. (OPTIONAL)                              #
 diff --git a/nss/cmd/lib/derprint.c b/nss/cmd/lib/derprint.c
 index 08ef66d..b86179e 100644
 --- a/nss/cmd/lib/derprint.c
 +++ b/nss/cmd/lib/derprint.c
@@ -4,6 +4,8 @@
  #include "secutil.h"
  #include "secoid.h"
++#include <stdint.h>
++
  #ifdef __sun
  extern int fprintf(FILE *strm, const char *format, ... /* args */);
  extern int fflush(FILE *stream);
@@ -509,7 +511,7 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end,
          /*
           * Just quit now if slen more bytes puts us off the end.
           */
--        if ((data + slen) > end) {
++        if (data > end || slen > (end - data)) {
              PORT_SetError(SEC_ERROR_BAD_DER);
              return -1;
+         }
 diff --git a/nss/cmd/lib/lib.gyp b/nss/cmd/lib/lib.gyp
 index 6b7da58..c5835a8 100644
 --- a/nss/cmd/lib/lib.gyp
 +++ b/nss/cmd/lib/lib.gyp
@@ -27,7 +27,8 @@
    ],
    'target_defaults': {
      'defines': [
--      'NSPR20'
++      'NSPR20',
++      'NSS_USE_STATIC_LIBS'
+     ]
    },
    'variables': {
 diff --git a/nss/cmd/lib/manifest.mn b/nss/cmd/lib/manifest.mn
 index 87440c0..b3c36b3 100644
 --- a/nss/cmd/lib/manifest.mn
 +++ b/nss/cmd/lib/manifest.mn
@@ -37,3 +37,5 @@ CSRCS	= basicutil.c \
  endif
  NO_MD_RELEASE	= 1
++
++USE_STATIC_LIBS = 1
 diff --git a/nss/cmd/lib/pk11table.c b/nss/cmd/lib/pk11table.c
 index 15c0a8d..ec5d889 100644
 --- a/nss/cmd/lib/pk11table.c
 +++ b/nss/cmd/lib/pk11table.c
@@ -333,6 +333,8 @@ const Constant _consts[] = {
      mkEntry(CKM_SHA512, Mechanism),
      mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism),
      mkEntry(CKM_SHA512_HMAC, Mechanism),
++    mkEntry(CKM_AES_CMAC, Mechanism),
++    mkEntry(CKM_AES_CMAC_GENERAL, Mechanism),
      mkEntry(CKM_CAST_KEY_GEN, Mechanism),
      mkEntry(CKM_CAST_ECB, Mechanism),
      mkEntry(CKM_CAST_CBC, Mechanism),
 diff --git a/nss/cmd/lib/secpwd.c b/nss/cmd/lib/secpwd.c
 index 7e99b27..e8ca792 100644
 --- a/nss/cmd/lib/secpwd.c
 +++ b/nss/cmd/lib/secpwd.c
@@ -66,7 +66,7 @@ SEC_GetPassword(FILE *input, FILE *output, char *prompt,
      int infd = fileno(input);
      int isTTY = isatty(infd);
  #endif
--    char phrase[200] = { '\0' }; /* ensure EOF doesn't return junk */
++    char phrase[500] = { '\0' }; /* ensure EOF doesn't return junk */
      for (;;) {
          /* Prompt for password */
 diff --git a/nss/cmd/lib/secutil.c b/nss/cmd/lib/secutil.c
 index 97c7f75..703845e 100644
 --- a/nss/cmd/lib/secutil.c
 +++ b/nss/cmd/lib/secutil.c
@@ -22,6 +22,7 @@
  #include <stdarg.h>
  #include <sys/stat.h>
  #include <errno.h>
++#include <limits.h>
  #ifdef XP_UNIX
  #include <unistd.h>
@@ -1107,36 +1108,33 @@ typedef struct secuPBEParamsStr {
  SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
  /* SECOID_PKCS5_PBKDF2 */
--const SEC_ASN1Template secuKDF2Params[] =
--    {
--      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
--      { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
--      { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
--      { SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
--      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
--        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
--      { 0 }
--    };
++const SEC_ASN1Template secuKDF2Params[] = {
++    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
++    { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
++    { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
++    { SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
++    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
++      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
++    { 0 }
++};
  /* PKCS5v1 & PKCS12 */
--const SEC_ASN1Template secuPBEParamsTemp[] =
--    {
--      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
--      { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
--      { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
--      { 0 }
--    };
++const SEC_ASN1Template secuPBEParamsTemp[] = {
++    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
++    { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
++    { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
++    { 0 }
++};
  /* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */
--const SEC_ASN1Template secuPBEV2Params[] =
--    {
--      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
--      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
--        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
--      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
--        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
--      { 0 }
--    };
++const SEC_ASN1Template secuPBEV2Params[] = {
++    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
++    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
++      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
++    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
++      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
++    { 0 }
++};
  void
  secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
@@ -2299,8 +2297,9 @@ SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
      return rv;
+ }
--int /* sometimes a PRErrorCode, other times a SECStatus.  Sigh. */
--    SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
++/* sometimes a PRErrorCode, other times a SECStatus.  Sigh. */
++int
++SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
+ {
      PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
      CERTCertificateRequest *cr;
@@ -3250,6 +3249,26 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert,
                               "Certificate Trust Flags", 1);
+     }
++    /* The distrust fields are hard-coded in nssckbi and read-only.
++     * If verifying some cert, with vfychain, for instance, the certificate may
++     * not have a defined slot if not imported. */
++    if (cert->slot != NULL && cert->distrust != NULL) {
++        const unsigned int kDistrustFieldSize = 13;
++        fprintf(stdout, "\n");
++        SECU_Indent(stdout, 1);
++        fprintf(stdout, "%s:\n", "Certificate Distrust Dates");
++        if (cert->distrust->serverDistrustAfter.len == kDistrustFieldSize) {
++            SECU_PrintTimeChoice(stdout,
++                                 &cert->distrust->serverDistrustAfter,
++                                 "Server Distrust After", 2);
++        }
++        if (cert->distrust->emailDistrustAfter.len == kDistrustFieldSize) {
++            SECU_PrintTimeChoice(stdout,
++                                 &cert->distrust->emailDistrustAfter,
++                                 "E-mail Distrust After", 2);
++        }
++    }
++
      printf("\n");
      return (SECSuccess);
@@ -3979,3 +3998,164 @@ done:
      *enabledSigSchemes = schemes;
      return SECSuccess;
+ }
++
++/* Parse the exporter spec in the form: LABEL[:OUTPUT-LENGTH[:CONTEXT]] */
++static SECStatus
++parseExporter(const char *arg,
++              secuExporter *exporter)
++{
++    SECStatus rv = SECSuccess;
++
++    char *str = PORT_Strdup(arg);
++    if (!str) {
++        rv = SECFailure;
++        goto done;
++    }
++
++    char *labelEnd = strchr(str, ':');
++    if (labelEnd) {
++        *labelEnd = '\0';
++        labelEnd++;
++
++        /* To extract CONTEXT, first skip OUTPUT-LENGTH */
++        char *outputEnd = strchr(labelEnd, ':');
++        if (outputEnd) {
++            *outputEnd = '\0';
++            outputEnd++;
++
++            exporter->hasContext = PR_TRUE;
++            exporter->context.data = (unsigned char *)PORT_Strdup(outputEnd);
++            exporter->context.len = strlen(outputEnd);
++            if (PORT_Strncasecmp((char *)exporter->context.data, "0x", 2) == 0) {
++                rv = SECU_SECItemHexStringToBinary(&exporter->context);
++                if (rv != SECSuccess) {
++                    goto done;
++                }
++            }
++        }
++    }
++
++    if (labelEnd && *labelEnd != '\0') {
++        long int outputLength = strtol(labelEnd, NULL, 10);
++        if (!(outputLength > 0 && outputLength <= UINT_MAX)) {
++            PORT_SetError(SEC_ERROR_INVALID_ARGS);
++            rv = SECFailure;
++            goto done;
++        }
++        exporter->outputLength = outputLength;
++    } else {
++        exporter->outputLength = 20;
++    }
++
++    char *label = PORT_Strdup(str);
++    exporter->label.data = (unsigned char *)label;
++    exporter->label.len = strlen(label);
++    if (PORT_Strncasecmp((char *)exporter->label.data, "0x", 2) == 0) {
++        rv = SECU_SECItemHexStringToBinary(&exporter->label);
++        if (rv != SECSuccess) {
++            goto done;
++        }
++    }
++
++done:
++    PORT_Free(str);
++
++    return rv;
++}
++
++SECStatus
++parseExporters(const char *arg,
++               const secuExporter **enabledExporters,
++               unsigned int *enabledExporterCount)
++{
++    secuExporter *exporters;
++    unsigned int numValues = 0;
++    unsigned int count = 0;
++
++    if (countItems(arg, &numValues) != SECSuccess) {
++        return SECFailure;
++    }
++    exporters = PORT_ZNewArray(secuExporter, numValues);
++    if (!exporters) {
++        return SECFailure;
++    }
++
++    /* Get exporter definitions. */
++    char *str = PORT_Strdup(arg);
++    if (!str) {
++        goto done;
++    }
++    char *p = strtok(str, ",");
++    while (p) {
++        SECStatus rv = parseExporter(p, &exporters[count++]);
++        if (rv != SECSuccess) {
++            count = 0;
++            goto done;
++        }
++        p = strtok(NULL, ",");
++    }
++
++done:
++    PORT_Free(str);
++    if (!count) {
++        PORT_Free(exporters);
++        return SECFailure;
++    }
++
++    *enabledExporterCount = count;
++    *enabledExporters = exporters;
++    return SECSuccess;
++}
++
++static SECStatus
++exportKeyingMaterial(PRFileDesc *fd, const secuExporter *exporter)
++{
++    SECStatus rv = SECSuccess;
++    unsigned char *out = PORT_Alloc(exporter->outputLength);
++
++    if (!out) {
++        fprintf(stderr, "Unable to allocate buffer for keying material\n");
++        return SECFailure;
++    }
++    rv = SSL_ExportKeyingMaterial(fd,
++                                  (char *)exporter->label.data,
++                                  exporter->label.len,
++                                  exporter->hasContext,
++                                  exporter->context.data,
++                                  exporter->context.len,
++                                  out,
++                                  exporter->outputLength);
++    if (rv != SECSuccess) {
++        goto done;
++    }
++    fprintf(stdout, "Exported Keying Material:\n");
++    secu_PrintRawString(stdout, (SECItem *)&exporter->label, "Label", 1);
++    if (exporter->hasContext) {
++        SECU_PrintAsHex(stdout, &exporter->context, "Context", 1);
++    }
++    SECU_Indent(stdout, 1);
++    fprintf(stdout, "Length: %u\n", exporter->outputLength);
++    SECItem temp = { siBuffer, out, exporter->outputLength };
++    SECU_PrintAsHex(stdout, &temp, "Keying Material", 1);
++
++done:
++    PORT_Free(out);
++    return rv;
++}
++
++SECStatus
++exportKeyingMaterials(PRFileDesc *fd,
++                      const secuExporter *exporters,
++                      unsigned int exporterCount)
++{
++    unsigned int i;
++
++    for (i = 0; i < exporterCount; i++) {
++        SECStatus rv = exportKeyingMaterial(fd, &exporters[i]);
++        if (rv != SECSuccess) {
++            return rv;
++        }
++    }
++
++    return SECSuccess;
++}
 diff --git a/nss/cmd/lib/secutil.h b/nss/cmd/lib/secutil.h
 index 90d7639..c6da961 100644
 --- a/nss/cmd/lib/secutil.h
 +++ b/nss/cmd/lib/secutil.h
@@ -409,6 +409,20 @@ SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
  SECStatus parseSigSchemeList(const char *arg,
                               const SSLSignatureScheme **enabledSigSchemes,
                               unsigned int *enabledSigSchemeCount);
++typedef struct {
++    SECItem label;
++    PRBool hasContext;
++    SECItem context;
++    unsigned int outputLength;
++} secuExporter;
++
++SECStatus parseExporters(const char *arg,
++                         const secuExporter **enabledExporters,
++                         unsigned int *enabledExporterCount);
++
++SECStatus exportKeyingMaterials(PRFileDesc *fd,
++                                const secuExporter *exporters,
++                                unsigned int exporterCount);
  /*
+  *
 diff --git a/nss/cmd/p7env/p7env.c b/nss/cmd/p7env/p7env.c
 index b35bf9a..453cbee 100644
 --- a/nss/cmd/p7env/p7env.c
 +++ b/nss/cmd/p7env/p7env.c
@@ -66,7 +66,7 @@ EncryptFile(FILE *outFile, FILE *inFile, struct recipient *recipients,
      SEC_PKCS7ContentInfo *cinfo;
      SEC_PKCS7EncoderContext *ecx;
      struct recipient *rcpt;
--    SECStatus rv;
++    SECStatus rv = SECFailure;
      if (outFile == NULL || inFile == NULL || recipients == NULL)
          return -1;
@@ -133,7 +133,7 @@ main(int argc, char **argv)
      struct recipient *recipients, *rcpt;
      PLOptState *optstate;
      PLOptStatus status;
--    SECStatus rv;
++    SECStatus rv = SECFailure;
      progName = strrchr(argv[0], '/');
      progName = progName ? progName + 1 : argv[0];
 diff --git a/nss/cmd/pk11importtest/pk11importtest.c b/nss/cmd/pk11importtest/pk11importtest.c
 index eb8e359..e832659 100644
 --- a/nss/cmd/pk11importtest/pk11importtest.c
 +++ b/nss/cmd/pk11importtest/pk11importtest.c
@@ -176,7 +176,9 @@ cleanup:
+     }
      SECITEM_FreeItem(&pubValue, PR_FALSE);
      SECITEM_FreeItem(&privID, PR_FALSE);
--    PORT_FreeArena(epki->arena, PR_TRUE);
++    if (epki && epki->arena) {
++        PORT_FreeArena(epki->arena, PR_TRUE);
++    }
      SECKEY_DestroyPublicKey(pubKey);
      SECKEY_DestroyPrivateKey(privKey);
      fprintf(stderr, "%s PrivateKeyImport %s ***********************\n",
 diff --git a/nss/cmd/pk11mode/pk11mode.c b/nss/cmd/pk11mode/pk11mode.c
 index 9989109..1655453 100644
 --- a/nss/cmd/pk11mode/pk11mode.c
 +++ b/nss/cmd/pk11mode/pk11mode.c
@@ -5229,7 +5229,7 @@ PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
  char *
  PKM_FilePasswd(char *pwFile)
+ {
--    unsigned char phrase[200];
++    unsigned char phrase[500];
      PRFileDesc *fd;
      PRInt32 nb;
      int i;
 diff --git a/nss/cmd/pk12util/pk12util.c b/nss/cmd/pk12util/pk12util.c
 index 5884713..794f17b 100644
 --- a/nss/cmd/pk12util/pk12util.c
 +++ b/nss/cmd/pk12util/pk12util.c
@@ -644,6 +644,7 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
+     }
      certlist = PK11_FindCertsFromNickname(nn, slotPw);
      if (!certlist) {
++        PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
          SECU_PrintError(progName, "find user certs from nickname failed");
          pk12uErrno = PK12UERR_FINDCERTBYNN;
          return;
 diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk
 index a59d03d..6401778 100644
 --- a/nss/cmd/platlibs.mk
 +++ b/nss/cmd/platlibs.mk
@@ -144,8 +144,8 @@ endif
  ifeq ($(OS_ARCH), WINNT)
  EXTRA_LIBS += \
--	$(NSS_LIBS_1) \
  	$(SECTOOL_LIB) \
++	$(NSS_LIBS_1) \
  	$(NSS_LIBS_2) \
  	$(SOFTOKENLIB) \
  	$(CRYPTOLIB) \
@@ -161,8 +161,8 @@ EXTRA_LIBS += \
  else
  EXTRA_LIBS += \
--	$(NSS_LIBS_1) \
  	$(SECTOOL_LIB) \
++	$(NSS_LIBS_1) \
  	$(NSS_LIBS_2) \
  	$(SOFTOKENLIB) \
  	$(NSS_LIBS_3) \
 diff --git a/nss/cmd/selfserv/selfserv.c b/nss/cmd/selfserv/selfserv.c
 index f2b1273..03e39d6 100644
 --- a/nss/cmd/selfserv/selfserv.c
 +++ b/nss/cmd/selfserv/selfserv.c
@@ -235,7 +235,13 @@ PrintParameterUsage()
          "     rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512,\n"
          "-Z enable 0-RTT (for TLS 1.3; also use -u)\n"
          "-E enable post-handshake authentication\n"
--        "   (for TLS 1.3; only has an effect with 3 or more -r options)\n",
++        "   (for TLS 1.3; only has an effect with 3 or more -r options)\n"
++        "-x Export and print keying material after successful handshake\n"
++        "   The argument is a comma separated list of exporters in the form:\n"
++        "     LABEL[:OUTPUT-LENGTH[:CONTEXT]]\n"
++        "   where LABEL and CONTEXT can be either a free-form string or\n"
++        "   a hex string if it is preceded by \"0x\"; OUTPUT-LENGTH\n"
++        "   is a decimal integer.\n",
          stderr);
+ }
@@ -812,6 +818,8 @@ SSLNamedGroup *enabledGroups = NULL;
  unsigned int enabledGroupsCount = 0;
  const SSLSignatureScheme *enabledSigSchemes = NULL;
  unsigned int enabledSigSchemeCount = 0;
++const secuExporter *enabledExporters = NULL;
++unsigned int enabledExporterCount = 0;
  static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX];
  static int virtServerNameIndex = 1;
@@ -1822,6 +1830,15 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
              SECITEM_FreeItem(hostInfo, PR_TRUE);
+         }
+     }
++    if (enabledExporters) {
++        SECStatus rv = exportKeyingMaterials(fd, enabledExporters, enabledExporterCount);
++        if (rv != SECSuccess) {
++            PRErrorCode err = PR_GetError();
++            fprintf(stderr,
++                    "couldn't export keying material: %s\n",
++                    SECU_Strerror(err));
++        }
++    }
+ }
  void
@@ -2012,7 +2029,7 @@ server_main(
          errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
+     }
--    if (expectedHostNameVal) {
++    if (expectedHostNameVal || enabledExporters) {
          SSL_HandshakeCallback(model_sock, handshakeCallback,
                                (void *)expectedHostNameVal);
+     }
@@ -2246,11 +2263,11 @@ main(int argc, char **argv)
      /* please keep this list of options in ASCII collating sequence.
      ** numbers, then capital letters, then lower case, alphabetical.
--    ** XXX: 'B', 'E', 'q', and 'x' were used in the past but removed
++    ** XXX: 'B', and 'q' were used in the past but removed
      **      in 3.28, please leave some time before resuing those.
      **      'z' was removed in 3.39. */
      optstate = PL_CreateOptState(argc, argv,
--                                 "2:A:C:DEGH:I:J:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:y");
++                                 "2:A:C:DEGH:I:J:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:x:y");
      while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
          ++optionsFound;
          switch (optstate->option) {
@@ -2496,6 +2513,17 @@ main(int argc, char **argv)
+                 }
                  break;
++            case 'x':
++                rv = parseExporters(optstate->value,
++                                    &enabledExporters, &enabledExporterCount);
++                if (rv != SECSuccess) {
++                    PL_DestroyOptState(optstate);
++                    fprintf(stderr, "Bad exporter specified.\n");
++                    fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
++                    exit(5);
++                }
++                break;
++
              default:
              case '?':
                  fprintf(stderr, "Unrecognized or bad option specified.\n");
@@ -2685,8 +2713,10 @@ main(int argc, char **argv)
+             }
              if (cipher > 0) {
                  rv = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
--                if (rv != SECSuccess)
--                    SECU_PrintError(progName, "SSL_CipherPrefSet()");
++                if (rv != SECSuccess) {
++                    SECU_PrintError(progName, "SSL_CipherPrefSetDefault()");
++                    exit(9);
++                }
              } else {
                  fprintf(stderr,
                          "Invalid cipher specification (-c arg).\n");
 diff --git a/nss/cmd/shlibsign/shlibsign.c b/nss/cmd/shlibsign/shlibsign.c
 index 221d1e6..b0a7512 100644
 --- a/nss/cmd/shlibsign/shlibsign.c
 +++ b/nss/cmd/shlibsign/shlibsign.c
@@ -614,7 +614,7 @@ cleanup:
  static char *
  filePasswd(char *pwFile)
+ {
--    unsigned char phrase[200];
++    unsigned char phrase[500];
      PRFileDesc *fd;
      PRInt32 nb;
      int i;
 diff --git a/nss/cmd/strsclnt/strsclnt.c b/nss/cmd/strsclnt/strsclnt.c
 index 099b7bf..3d9fc4f 100644
 --- a/nss/cmd/strsclnt/strsclnt.c
 +++ b/nss/cmd/strsclnt/strsclnt.c
@@ -166,6 +166,9 @@ Usage(void)
              "       -u enable TLS Session Ticket extension\n"
              "       -z enable compression\n"
              "       -g enable false start\n"
++            "       -4  Enforce using an IPv4 destination address\n"
++            "       -6  Enforce using an IPv6 destination address\n"
++            "           Note: Default behavior is both IPv4 and IPv6 enabled\n"
              "       -J enable signature schemes\n"
              "          This takes a comma separated list of signature schemes in preference\n"
              "          order.\n"
@@ -1061,7 +1064,9 @@ client_main(
      int connections,
      cert_and_key *Cert_And_Key,
      const char *hostName,
--    const char *sniHostName)
++    const char *sniHostName,
++    PRBool allowIPv4,
++    PRBool allowIPv6)
+ {
      PRFileDesc *model_sock = NULL;
      int i;
@@ -1083,11 +1088,15 @@ client_main(
              SECU_PrintError(progName, "error looking up host");
              return;
+         }
--        do {
++        for (;;) {
              enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, port, &addr);
--        } while (enumPtr != NULL &&
--                 addr.raw.family != PR_AF_INET &&
--                 addr.raw.family != PR_AF_INET6);
++            if (enumPtr == NULL)
++                break;
++            if (addr.raw.family == PR_AF_INET && allowIPv4)
++                break;
++            if (addr.raw.family == PR_AF_INET6 && allowIPv6)
++                break;
++        }
          PR_FreeAddrInfo(addrInfo);
          if (enumPtr == NULL) {
              SECU_PrintError(progName, "error looking up host address");
@@ -1319,6 +1328,8 @@ main(int argc, char **argv)
      int connections = 1;
      int exitVal;
      int tmpInt;
++    PRBool allowIPv4 = PR_TRUE;
++    PRBool allowIPv6 = PR_TRUE;
      unsigned short port = 443;
      SECStatus rv;
      PLOptState *optstate;
@@ -1338,9 +1349,25 @@ main(int argc, char **argv)
      /* XXX: 'B' was used in the past but removed in 3.28,
       *      please leave some time before resuing it. */
      optstate = PL_CreateOptState(argc, argv,
--                                 "C:DJ:NP:TUV:W:a:c:d:f:gin:op:qst:uvw:z");
++                                 "46C:DJ:NP:TUV:W:a:c:d:f:gin:op:qst:uvw:z");
      while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
          switch (optstate->option) {
++            case '4':
++                if (!allowIPv4) {
++                    fprintf(stderr, "Only one of [-4, -6] can be specified.\n");
++                    Usage();
++                }
++                allowIPv6 = PR_FALSE;
++                break;
++
++            case '6':
++                if (!allowIPv6) {
++                    fprintf(stderr, "Only one of [-4, -6] can be specified.\n");
++                    Usage();
++                }
++                allowIPv4 = PR_FALSE;
++                break;
++
              case 'C':
                  cipherString = optstate->value;
                  break;
@@ -1523,7 +1550,7 @@ main(int argc, char **argv)
+     }
      client_main(port, connections, &Cert_And_Key, hostName,
--                sniHostName);
++                sniHostName, allowIPv4, allowIPv6);
      /* clean up */
      if (Cert_And_Key.cert) {
 diff --git a/nss/cmd/symkeyutil/symkeyutil.c b/nss/cmd/symkeyutil/symkeyutil.c
 index 31ab4dd..6304338 100644
 --- a/nss/cmd/symkeyutil/symkeyutil.c
 +++ b/nss/cmd/symkeyutil/symkeyutil.c
@@ -254,7 +254,7 @@ HexToBuf(char *inString, SECItem *outbuf)
      int trueLen = 0;
      outbuf->data = PORT_Alloc(outlen);
--    if (outbuf->data) {
++    if (!outbuf->data) {
          return -1;
+     }
 diff --git a/nss/cmd/tstclnt/tstclnt.c b/nss/cmd/tstclnt/tstclnt.c
 index 12c6df0..6fa1541 100644
 --- a/nss/cmd/tstclnt/tstclnt.c
 +++ b/nss/cmd/tstclnt/tstclnt.c
@@ -318,6 +318,13 @@ PrintParameterUsage()
      fprintf(stderr, "%-20s Enable post-handshake authentication\n"
                      "%-20s for TLS 1.3; need to specify -n\n",
              "-E", "");
++    fprintf(stderr, "%-20s Export and print keying material after successful handshake.\n"
++                    "%-20s The argument is a comma separated list of exporters in the form:\n"
++                    "%-20s   LABEL[:OUTPUT-LENGTH[:CONTEXT]]\n"
++                    "%-20s where LABEL and CONTEXT can be either a free-form string or\n"
++                    "%-20s a hex string if it is preceded by \"0x\"; OUTPUT-LENGTH\n"
++                    "%-20s is a decimal integer.\n",
++            "-x", "", "", "", "", "");
+ }
  static void
@@ -924,7 +931,7 @@ restartHandshakeAfterServerCertIfNeeded(PRFileDesc *fd,
                                          PRBool override)
+ {
      SECStatus rv;
--    PRErrorCode error;
++    PRErrorCode error = 0;
      if (!serverCertAuth->isPaused)
          return SECSuccess;
@@ -998,6 +1005,8 @@ PRBool handshakeComplete = PR_FALSE;
  char *encryptedSNIKeys = NULL;
  PRBool enablePostHandshakeAuth = PR_FALSE;
  PRBool enableDelegatedCredentials = PR_FALSE;
++const secuExporter *enabledExporters = NULL;
++unsigned int enabledExporterCount = 0;
  static int
  writeBytesToServer(PRFileDesc *s, const PRUint8 *buf, int nb)
@@ -1093,6 +1102,18 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
          requestToExit = PR_TRUE;
+     }
      handshakeComplete = PR_TRUE;
++
++    if (enabledExporters) {
++        SECStatus rv;
++
++        rv = exportKeyingMaterials(fd, enabledExporters, enabledExporterCount);
++        if (rv != SECSuccess) {
++            PRErrorCode err = PR_GetError();
++            FPRINTF(stderr,
++                    "couldn't export keying material: %s\n",
++                    SECU_Strerror(err));
++        }
++    }
+ }
  static SECStatus
@@ -1313,8 +1334,11 @@ run()
+             }
              if (cipher > 0) {
                  rv = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
--                if (rv != SECSuccess)
++                if (rv != SECSuccess) {
                      SECU_PrintError(progName, "SSL_CipherPrefSet()");
++                    error = 1;
++                    goto done;
++                }
              } else {
                  Usage();
+             }
@@ -1732,7 +1756,7 @@ main(int argc, char **argv)
       * Please leave some time before reusing these.
       */
      optstate = PL_CreateOptState(argc, argv,
--                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:");
++                                 "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:x:");
      while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
          switch (optstate->option) {
              case '?':
@@ -1980,6 +2004,17 @@ main(int argc, char **argv)
                      Usage();
+                 }
                  break;
++
++            case 'x':
++                rv = parseExporters(optstate->value,
++                                    &enabledExporters,
++                                    &enabledExporterCount);
++                if (rv != SECSuccess) {
++                    PL_DestroyOptState(optstate);
++                    fprintf(stderr, "Bad exporter specified.\n");
++                    Usage();
++                }
++                break;
+         }
+     }
      PL_DestroyOptState(optstate);
 diff --git a/nss/cmd/vfyserv/vfyserv.c b/nss/cmd/vfyserv/vfyserv.c
 index 4234ecd..3c6d014 100644
 --- a/nss/cmd/vfyserv/vfyserv.c
 +++ b/nss/cmd/vfyserv/vfyserv.c
@@ -544,7 +544,12 @@ main(int argc, char **argv)
+                 }
+             }
              if (cipher > 0) {
--                SSL_CipherPrefSetDefault(cipher, PR_TRUE);
++                SECStatus rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
++                if (rv != SECSuccess) {
++                    SECU_PrintError(progName,
++                                    "error setting cipher default preference");
++                    goto cleanup;
++                }
              } else {
                  Usage(progName);
+             }
 diff --git a/nss/coreconf/UNIX.mk b/nss/coreconf/UNIX.mk
 index b448e75..8f6042e 100644
 --- a/nss/coreconf/UNIX.mk
 +++ b/nss/coreconf/UNIX.mk
@@ -14,9 +14,7 @@ ifdef BUILD_OPT
  	DEFINES    += -UDEBUG -DNDEBUG
  else
  	OPTIMIZER  += -g
--	USERNAME   := $(shell whoami)
--	USERNAME   := $(subst -,_,$(USERNAME))
--	DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
++	DEFINES    += -DDEBUG -UNDEBUG
  endif
  ifdef BUILD_TREE
 diff --git a/nss/coreconf/WIN32.mk b/nss/coreconf/WIN32.mk
 index be795f0..7269cc7 100644
 --- a/nss/coreconf/WIN32.mk
 +++ b/nss/coreconf/WIN32.mk
@@ -104,7 +104,7 @@ endif
  DLL_SUFFIX   = dll
  ifdef NS_USE_GCC
--    OS_CFLAGS += -mwindows -mms-bitfields
++    OS_CFLAGS += -mwindows
      _GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY)
      DLLFLAGS  += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB))
      ifdef BUILD_OPT
@@ -116,11 +116,7 @@ ifdef NS_USE_GCC
  	DEFINES    += -UDEBUG -DNDEBUG
      else
  	OPTIMIZER  += -g
--	NULLSTRING :=
--	SPACE      := $(NULLSTRING) # end of the line
--	USERNAME   := $(subst $(SPACE),_,$(USERNAME))
--	USERNAME   := $(subst -,_,$(USERNAME))
--	DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
++	DEFINES    += -DDEBUG -UNDEBUG
      endif
  else # !NS_USE_GCC
      WARNING_CFLAGS = -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \
@@ -179,10 +175,7 @@ else # !NS_USE_GCC
      else
  	OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od
  	NULLSTRING :=
--	SPACE      := $(NULLSTRING) # end of the line
--	USERNAME   := $(subst $(SPACE),_,$(USERNAME))
--	USERNAME   := $(subst -,_,$(USERNAME))
--	DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
++	DEFINES    += -DDEBUG -UNDEBUG
  	DLLFLAGS   += -DEBUG -OUT:$@
  	LDFLAGS    += -DEBUG
  ifeq ($(_MSC_VER),$(_MSC_VER_6))
 diff --git a/nss/coreconf/config.gypi b/nss/coreconf/config.gypi
 index 2f17c82..f4426ac 100644
 --- a/nss/coreconf/config.gypi
 +++ b/nss/coreconf/config.gypi
@@ -96,6 +96,7 @@
      'cc_is_gcc%': '<(cc_is_gcc)',
      'cc_use_gnu_ld%': '<(cc_use_gnu_ld)',
      # Some defaults
++    'disable_arm_hw_aes%': 0,
      'disable_tests%': 0,
      'disable_chachapoly%': 0,
      'disable_dbm%': 0,
 diff --git a/nss/coreconf/nspr.sh b/nss/coreconf/nspr.sh
 index 325a188..d84674e 100644
 --- a/nss/coreconf/nspr.sh
 +++ b/nss/coreconf/nspr.sh
@@ -36,15 +36,30 @@ nspr_build()
          extra_params+=(--enable-64bit)
      fi
--    echo "NSPR [1/3] configure ..."
++    echo "NSPR [1/5] configure ..."
      pushd "$nspr_dir" >/dev/null
      CFLAGS="$nspr_cflags" CXXFLAGS="$nspr_cxxflags" \
            LDFLAGS="$nspr_ldflags" CC="$CC" CXX="$CCC" \
            run_verbose ../configure "${extra_params[@]}" "$@"
      popd >/dev/null
--    echo "NSPR [2/3] make ..."
++    echo "NSPR [2/5] make ..."
      run_verbose make -C "$nspr_dir"
--    echo "NSPR [3/3] install ..."
++
++    if [ "$build_nspr_tests" = 1 ]; then
++      echo "NSPR [3/5] build tests ..."
++      run_verbose make -C "$nspr_dir/pr/tests"
++    else
++        echo "NSPR [3/5] NOT building tests"
++    fi
++
++    if [[ "$build_nspr_tests" = 1 && "$run_nspr_tests" = 1 ]]; then
++      echo "NSPR [4/5] run tests ..."
++      run_verbose make -C "$nspr_dir/pr/tests" runtests
++    else
++        echo "NSPR [4/5] NOT running tests"
++    fi
++
++    echo "NSPR [5/5] install ..."
      run_verbose make -C "$nspr_dir" install
+ }
 diff --git a/nss/cpputil/freebl_scoped_ptrs.h b/nss/cpputil/freebl_scoped_ptrs.h
 new file mode 100644
 index 0000000..2f21ca9
 --- /dev/null
 +++ b/nss/cpputil/freebl_scoped_ptrs.h
@@ -0,0 +1,33 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
++ * You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#ifndef freebl_scoped_ptrs_h__
++#define freebl_scoped_ptrs_h__
++
++#include <memory>
++#include "blapi.h"
++
++struct ScopedDelete {
++  void operator()(CMACContext* ctx) { CMAC_Destroy(ctx, PR_TRUE); }
++};
++
++template <class T>
++struct ScopedMaybeDelete {
++  void operator()(T* ptr) {
++    if (ptr) {
++      ScopedDelete del;
++      del(ptr);
++    }
++  }
++};
++
++#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
++
++SCOPED(CMACContext);
++
++#undef SCOPED
++
++#endif  // freebl_scoped_ptrs_h__
 diff --git a/nss/cpputil/nss_scoped_ptrs.h b/nss/cpputil/nss_scoped_ptrs.h
 index 9b1fbb4..3ee7c9e 100644
 --- a/nss/cpputil/nss_scoped_ptrs.h
 +++ b/nss/cpputil/nss_scoped_ptrs.h
@@ -21,13 +21,19 @@ struct ScopedDelete {
    void operator()(CERTCertificateList* list) {
      CERT_DestroyCertificateList(list);
+   }
++  void operator()(CERTDistNames* names) { CERT_FreeDistNames(names); }
    void operator()(CERTName* name) { CERT_DestroyName(name); }
    void operator()(CERTCertList* list) { CERT_DestroyCertList(list); }
    void operator()(CERTSubjectPublicKeyInfo* spki) {
      SECKEY_DestroySubjectPublicKeyInfo(spki);
+   }
++  void operator()(PK11Context* context) { PK11_DestroyContext(context, true); }
++  void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); }
    void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
    void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
++  void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
++  void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
++  void operator()(PQGParams* pqg) { PK11_PQG_DestroyParams(pqg); }
    void operator()(PRFileDesc* fd) { PR_Close(fd); }
    void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
    void operator()(SECKEYEncryptedPrivateKeyInfo* e) {
@@ -39,16 +45,10 @@ struct ScopedDelete {
    void operator()(SECKEYPrivateKeyList* list) {
      SECKEY_DestroyPrivateKeyList(list);
+   }
--  void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
--  void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
--  void operator()(PK11Context* context) { PK11_DestroyContext(context, true); }
--  void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); }
--  void operator()(PQGParams* pqg) { PK11_PQG_DestroyParams(pqg); }
++  void operator()(SECMODModule* module) { SECMOD_DestroyModule(module); }
    void operator()(SEC_PKCS12DecoderContext* dcx) {
      SEC_PKCS12DecoderFinish(dcx);
+   }
--  void operator()(CERTDistNames* names) { CERT_FreeDistNames(names); }
--  void operator()(SECMODModule* module) { SECMOD_DestroyModule(module); }
  };
  template <class T>
@@ -63,34 +63,35 @@ struct ScopedMaybeDelete {
  #define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
++SCOPED(CERTCertList);
  SCOPED(CERTCertificate);
  SCOPED(CERTCertificateList);
--SCOPED(CERTCertList);
++SCOPED(CERTDistNames);
  SCOPED(CERTName);
  SCOPED(CERTSubjectPublicKeyInfo);
++SCOPED(PK11Context);
++SCOPED(PK11GenericObject);
  SCOPED(PK11SlotInfo);
  SCOPED(PK11SymKey);
++SCOPED(PK11URI);
++SCOPED(PLArenaPool);
  SCOPED(PQGParams);
  SCOPED(PRFileDesc);
  SCOPED(SECAlgorithmID);
--SCOPED(SECKEYEncryptedPrivateKeyInfo);
  SCOPED(SECItem);
--SCOPED(SECKEYPublicKey);
++SCOPED(SECKEYEncryptedPrivateKeyInfo);
  SCOPED(SECKEYPrivateKey);
  SCOPED(SECKEYPrivateKeyList);
--SCOPED(PK11URI);
--SCOPED(PLArenaPool);
--SCOPED(PK11Context);
--SCOPED(PK11GenericObject);
--SCOPED(SEC_PKCS12DecoderContext);
--SCOPED(CERTDistNames);
++SCOPED(SECKEYPublicKey);
  SCOPED(SECMODModule);
++SCOPED(SEC_PKCS12DecoderContext);
  #undef SCOPED
  struct StackSECItem : public SECItem {
    StackSECItem() : SECItem({siBuffer, nullptr, 0}) {}
--  ~StackSECItem() { SECITEM_FreeItem(this, PR_FALSE); }
++  ~StackSECItem() { Reset(); }
++  void Reset() { SECITEM_FreeItem(this, PR_FALSE); }
  };
  #endif  // nss_scoped_ptrs_h__
 diff --git a/nss/cpputil/scoped_ptrs_util.h b/nss/cpputil/scoped_ptrs_util.h
 index dc6e1d7..d0a42ee 100644
 --- a/nss/cpputil/scoped_ptrs_util.h
 +++ b/nss/cpputil/scoped_ptrs_util.h
@@ -37,4 +37,9 @@ SCOPED(PLArenaPool);
  #undef SCOPED
++struct StackSECItem : public SECItem {
++  StackSECItem() : SECItem({siBuffer, nullptr, 0}) {}
++  ~StackSECItem() { SECITEM_FreeItem(this, PR_FALSE); }
++};
++
  #endif  // scoped_ptrs_util_h__
 diff --git a/nss/cpputil/tls_parser.h b/nss/cpputil/tls_parser.h
 index 2aa7a0e..015bd20 100644
 --- a/nss/cpputil/tls_parser.h
 +++ b/nss/cpputil/tls_parser.h
@@ -47,6 +47,7 @@ const uint8_t kTlsAlertIllegalParameter = 47;
  const uint8_t kTlsAlertDecodeError = 50;
  const uint8_t kTlsAlertDecryptError = 51;
  const uint8_t kTlsAlertProtocolVersion = 70;
++const uint8_t kTlsAlertInsufficientSecurity = 71;
  const uint8_t kTlsAlertInternalError = 80;
  const uint8_t kTlsAlertInappropriateFallback = 86;
  const uint8_t kTlsAlertMissingExtension = 109;
 diff --git a/nss/fuzz/fuzz.gyp b/nss/fuzz/fuzz.gyp
 index 91e9b25..292930a 100644
 --- a/nss/fuzz/fuzz.gyp
 +++ b/nss/fuzz/fuzz.gyp
@@ -43,6 +43,7 @@
          '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
          # This is a static build of pk11wrap, softoken, and freebl.
          '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
++        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
        ],
        'cflags_cc': [
          '-Wno-error=shadow',
 diff --git a/nss/gtests/common/testvectors/curve25519-vectors.h b/nss/gtests/common/testvectors/curve25519-vectors.h
 index de44444..bf350cf 100644
 --- a/nss/gtests/common/testvectors/curve25519-vectors.h
 +++ b/nss/gtests/common/testvectors/curve25519-vectors.h
@@ -48,9 +48,9 @@ const curve25519_testvector kCurve25519Vectors[] = {
 xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a},
       {0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
 x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
--      0x03, 0x20, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b,
--      0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
--      0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
++      0x03, 0x20, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
++      0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
++      0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b},
       {},
       false},
@@ -70,6 +70,66 @@ const curve25519_testvector kCurve25519Vectors[] = {
 x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
 x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34},
       {},
++     false},
++
++    // A private key with leading zeros (they should not be stripped)
++    {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
++      0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
++      0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
++      0x00, 0x99, 0xD1, 0x90, 0x60, 0xCF, 0x79, 0xF0, 0x6F, 0x4F, 0x2E, 0x47,
++      0x97, 0x5B, 0x2A, 0x90, 0x01, 0x6C, 0x94, 0xF4, 0x3D, 0x94, 0x02, 0x57,
++      0x13, 0xDB, 0xB2, 0xA3, 0xD9, 0x54, 0x0B, 0xE5, 0xa1, 0x23, 0x03, 0x21,
++      0x05, 0x66, 0xA7, 0x26, 0xE0, 0xFC, 0x83, 0xEF, 0xA2, 0x56, 0xF4, 0xCC,
++      0xEA, 0x71, 0x07, 0x4D, 0xBB, 0x5C, 0x76, 0x0A, 0x9F, 0xF4, 0x7E, 0x5C,
++      0x5D, 0x4C, 0xB8, 0xDA, 0x9E, 0x44, 0x60, 0x52, 0x00},
++     {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
++      0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
++      0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
++      0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
++      0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
++     {0xB9, 0x4B, 0x92, 0xEA, 0xDA, 0x64, 0x40, 0xD3, 0x08, 0x63, 0x06,
++      0x45, 0xF4, 0x4C, 0xCD, 0x19, 0x7B, 0xE6, 0x0A, 0xBC, 0x6C, 0x9D,
++      0x96, 0x8F, 0x5D, 0x70, 0x44, 0x55, 0xD0, 0x1B, 0xEE, 0x4A},
++     true},
++
++    // A private key that's too short
++    {{0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2A, 0x86, 0x48,
++      0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA,
++      0x47, 0x0F, 0x01, 0x04, 0x4B, 0x30, 0x49, 0x02, 0x01, 0x01, 0x04, 0x1F,
++      0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, 0x3C, 0x16, 0xC1, 0x72, 0x51,
++      0xB2, 0x66, 0x45, 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A, 0xB1,
++      0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A, 0xA1, 0x23, 0x03, 0x21, 0x00,
++      0x85, 0x20, 0xF0, 0x09, 0x89, 0x30, 0xA7, 0x54, 0x74, 0x8B, 0x7D, 0xDC,
++      0xB4, 0x3E, 0xF7, 0x5A, 0x0D, 0xBF, 0x3A, 0x0D, 0x26, 0x38, 0x1A, 0xF4,
++      0xEB, 0xA4, 0xA9, 0x8E, 0xAA, 0x9B, 0x4E, 0x6A},
++     {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
++      0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
++      0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
++      0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
++      0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
++     {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b,
++      0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1,
++      0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42},
++     false},
++
++    // A private key that's too long
++    {{0x30, 0x68, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2A, 0x86, 0x48,
++      0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA,
++      0x47, 0x0F, 0x01, 0x04, 0x4D, 0x30, 0x4B, 0x02, 0x01, 0x01, 0x04, 0x21,
++      0x43, 0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, 0x3C, 0x16, 0xC1,
++      0x72, 0x51, 0xB2, 0x66, 0x45, 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99,
++      0x2A, 0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A, 0xA1, 0x23, 0x03,
++      0x21, 0x00, 0x85, 0x20, 0xF0, 0x09, 0x89, 0x30, 0xA7, 0x54, 0x74, 0x8B,
++      0x7D, 0xDC, 0xB4, 0x3E, 0xF7, 0x5A, 0x0D, 0xBF, 0x3A, 0x0D, 0x26, 0x38,
++      0x1A, 0xF4, 0xEB, 0xA4, 0xA9, 0x8E, 0xAA, 0x9B, 0x4E, 0x6A},
++     {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
++      0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
++      0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
++      0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
++      0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
++     {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b,
++      0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1,
++      0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42},
       false}};
  // Testvectors from project wycheproof
 diff --git a/nss/gtests/common/testvectors/kw-vectors.h b/nss/gtests/common/testvectors/kw-vectors.h
 new file mode 100644
 index 0000000..38e641a
 --- /dev/null
 +++ b/nss/gtests/common/testvectors/kw-vectors.h
@@ -0,0 +1,1940 @@
++/* vim: set ts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
++ * You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#ifndef kw_vectors_h__
++#define kw_vectors_h__
++
++#include <string>
++#include <vector>
++#include <map>
++
++/* The result struct adds some granularity to what we are testing.
++ * With the single "valid" boolean, we don't know whether the function under
++ * test itself is expected to fail (i.e. return SECFailure), or if we simply
++ * expect the output to differ from what's in the test vector. Therefore,
++ * each vector contains a map of Actions (i.e. NSS capabilities that we wish to
++ * test) mapping to expected Result values (both in terms of return code as
++ * well as whether or not the output should match the test vector).
++ *
++ * - If |output_match| is true, the function under test MUST return the same
++ *   data (length and contents).
++ * - If |output_match| is false, the function under test MUST NOT return the
++ *   same data (length or contents must be different).
++ */
++
++typedef struct Result {
++  SECStatus expect_rv;
++  bool output_match;
++} Result;
++
++enum Action { WRAP, UNWRAP };
++
++typedef struct keywrap_vector {
++  uint32_t test_id;
++  std::vector<uint8_t> key;
++  std::vector<uint8_t> msg;
++  std::vector<uint8_t> ct;
++  std::map<Action, Result> tests;
++} keywrap_vector;
++
++const keywrap_vector kWycheproofAesKWVectors[] = {
++    {1,
++     {0x6f, 0x67, 0x48, 0x6d, 0x1e, 0x91, 0x44, 0x19, 0xcb, 0x43, 0xc2, 0x85,
++      0x09, 0xc7, 0xc1, 0xea},
++     {0x8d, 0xc0, 0x63, 0x2d, 0x92, 0xee, 0x0b, 0xe4, 0xf7, 0x40, 0x02, 0x84,
++      0x10, 0xb0, 0x82, 0x70},
++     {0x9d, 0xe4, 0x53, 0xce, 0xd5, 0xd4, 0xab, 0x46, 0xa5, 0x60, 0x17, 0x08,
++      0xee, 0xef, 0xef, 0xb5, 0xe5, 0x93, 0xe6, 0xae, 0x8e, 0x86, 0xb2, 0x6b},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {2,
++     {0xa0, 0xb1, 0x71, 0x72, 0xbb, 0x29, 0x6d, 0xb7, 0xf5, 0xc8, 0x69, 0xe9,
++      0xa3, 0x6b, 0x5c, 0xe3},
++     {0x61, 0x5d, 0xd0, 0x22, 0xd6, 0x07, 0xc9, 0x10, 0xf2, 0x01, 0x78, 0xcb,
++      0xdf, 0x42, 0x06, 0x0f},
++     {0x8c, 0x3a, 0xba, 0x85, 0xcc, 0x0a, 0xe1, 0xae, 0x10, 0xb3, 0x66, 0x58,
++      0xb0, 0x68, 0xf5, 0x95, 0xba, 0xf8, 0xca, 0xaf, 0xb7, 0x45, 0xef, 0x3c},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {3,
++     {0x0e, 0x49, 0xd5, 0x71, 0xc1, 0x9b, 0x52, 0x50, 0xef, 0xfd, 0x41, 0xd9,
++      0x4b, 0xde, 0x39, 0xd6},
++     {0xf2, 0x5e, 0x4d, 0xe8, 0xca, 0xca, 0x36, 0x3f, 0xd5, 0xf2, 0x94, 0x42,
++      0xeb, 0x14, 0x7b, 0x55},
++     {0x1d, 0xe0, 0x93, 0x65, 0x48, 0x26, 0xf1, 0x8f, 0xcd, 0x0f, 0x3f, 0xd4,
++      0x99, 0x41, 0x6f, 0xf2, 0x2e, 0xd7, 0x5e, 0xe1, 0x2f, 0xe0, 0xb6, 0x24},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {4,  // wrapped key is longer than wrapping key
++     {0xe0, 0xe1, 0x29, 0x59, 0x10, 0x91, 0x03, 0xe3, 0x0a, 0xe8, 0xb5, 0x68,
++      0x4a, 0x22, 0xe6, 0x62},
++     {0xdb, 0xb0, 0xf2, 0xbb, 0x2b, 0xe9, 0x12, 0xa2, 0x04, 0x30, 0x97, 0x2d,
++      0x98, 0x42, 0xce, 0x3f, 0xd3, 0xb9, 0x28, 0xe5, 0x73, 0xe1, 0xac, 0x8e},
++     {0x9c, 0x3d, 0xdc, 0x23, 0x82, 0x7b, 0x7b, 0x3c, 0x13, 0x10, 0x5f,
++      0x9e, 0x8b, 0x11, 0x52, 0x3b, 0xac, 0xcd, 0xfb, 0x6c, 0x8b, 0x7e,
++      0x78, 0x25, 0x49, 0x6e, 0x7a, 0x84, 0x0b, 0xd3, 0x2a, 0xec},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {5,  // wrapped key is longer than wrapping key
++     {0xdd, 0x58, 0x3d, 0x9f, 0x10, 0x59, 0x86, 0x14, 0x30, 0xec, 0x8b, 0x5d,
++      0x8a, 0x18, 0x0e, 0x9b},
++     {0xf2, 0xe3, 0x4f, 0x35, 0x63, 0x62, 0xa3, 0x1b, 0x51, 0xd6, 0xe0, 0x2b,
++      0xcd, 0x33, 0x3c, 0x9e, 0x61, 0x70, 0x49, 0x4c, 0xa5, 0xff, 0x54, 0x87},
++     {0xaf, 0xb7, 0x44, 0xaa, 0xf7, 0x46, 0xdc, 0xc0, 0xb5, 0x7f, 0x8b,
++      0x37, 0x8c, 0x40, 0x4c, 0xbe, 0x87, 0x7f, 0x44, 0xcf, 0x3d, 0x45,
++      0x14, 0x0d, 0x60, 0x81, 0x4e, 0xda, 0x3f, 0x54, 0x1f, 0x01},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {6,  // wrapped key is longer than wrapping key
++     {0xfa, 0xf5, 0xcc, 0xfa, 0xe4, 0x2b, 0x43, 0xce, 0xe2, 0xc5, 0xf0, 0xf3,
++      0x17, 0x7a, 0x7c, 0x5d},
++     {0x4e, 0x02, 0x08, 0x48, 0x33, 0x66, 0x0c, 0x46, 0x38, 0x30, 0x48, 0x3b,
++      0x36, 0xda, 0xb8, 0x66, 0xc6, 0x4c, 0x8c, 0xf7, 0x42, 0x9c, 0xac, 0x3d},
++     {0xcf, 0xf9, 0x8c, 0xd6, 0x4c, 0xb5, 0x1a, 0xb9, 0x9b, 0x81, 0xae,
++      0xe8, 0x2c, 0xee, 0x42, 0x74, 0xd0, 0xdf, 0x3e, 0x1b, 0x6a, 0x49,
++      0x43, 0xd3, 0x92, 0x36, 0xea, 0x98, 0x98, 0x46, 0xd0, 0xcc},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {7,  // wrapped key is longer than wrapping key
++     {0xc2, 0xb9, 0xd2, 0x3f, 0x28, 0x31, 0xdd, 0xcd, 0xeb, 0x45, 0x68, 0x53,
++      0xd4, 0x01, 0x4d, 0xb9},
++     {0xf4, 0xcf, 0xea, 0x98, 0xe5, 0x8b, 0x93, 0x9c, 0xc8, 0x59, 0x55,
++      0x43, 0x85, 0xcf, 0x3a, 0x6c, 0x7f, 0x82, 0x17, 0xf7, 0x28, 0xef,
++      0xb4, 0x31, 0xc9, 0x64, 0x78, 0x6d, 0xe8, 0x27, 0x49, 0x07},
++     {0x58, 0xdc, 0xfb, 0x0e, 0x7e, 0xc4, 0xd3, 0xbc, 0x80, 0x03,
++      0x41, 0x8d, 0x86, 0x5f, 0xbd, 0x52, 0x0c, 0x6b, 0x24, 0xb2,
++      0xbd, 0xe3, 0x5b, 0x1b, 0xe5, 0xb1, 0xc5, 0xff, 0x32, 0xa1,
++      0x30, 0xf3, 0x3d, 0x03, 0x5e, 0x59, 0x32, 0x61, 0x60, 0x83},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {8,  // wrapped key is longer than wrapping key
++     {0x62, 0x0a, 0x08, 0xf3, 0x20, 0xcd, 0xed, 0xbf, 0x7a, 0xe5, 0x51, 0xad,
++      0xd3, 0x48, 0xd9, 0x5e},
++     {0xce, 0xc3, 0x4e, 0xaf, 0x8e, 0x67, 0xe1, 0xce, 0x61, 0x9d, 0xdf,
++      0xc3, 0x09, 0x53, 0x1c, 0x42, 0xf1, 0x60, 0x33, 0xa7, 0xe2, 0xcb,
++      0xc4, 0xf5, 0xeb, 0x3a, 0x54, 0x81, 0x64, 0xe9, 0xb2, 0x91},
++     {0x4e, 0xe4, 0x7b, 0xd6, 0x8d, 0x41, 0x85, 0x86, 0xc4, 0x47,
++      0xa3, 0x91, 0x11, 0xe2, 0xec, 0x15, 0x02, 0xff, 0x0f, 0x17,
++      0x26, 0xea, 0x91, 0xc5, 0xd9, 0x73, 0x70, 0x40, 0x9d, 0x89,
++      0xb8, 0xe6, 0x6e, 0x88, 0x9b, 0x63, 0x8a, 0xc4, 0x0c, 0xed},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {9,  // wrapped key is longer than wrapping key
++     {0xed, 0x08, 0x9a, 0xc2, 0x74, 0xf8, 0xc7, 0xce, 0xa2, 0x41, 0x56, 0x71,
++      0xa9, 0x4b, 0x5e, 0x53},
++     {0x60, 0x65, 0xe4, 0x1d, 0xf1, 0x4d, 0xae, 0xee, 0xfa, 0xca, 0xc5,
++      0xda, 0xeb, 0x76, 0x74, 0xcd, 0xc9, 0xc1, 0xf6, 0x86, 0x01, 0x3b,
++      0x79, 0x71, 0x53, 0xe8, 0x0e, 0xf2, 0x15, 0x89, 0x32, 0x99},
++     {0xd3, 0xb0, 0x93, 0xfd, 0x82, 0x2c, 0xe4, 0x54, 0xeb, 0xc2,
++      0x51, 0xc6, 0xf2, 0x1f, 0xa7, 0x1c, 0x38, 0x58, 0xee, 0x7e,
++      0x62, 0x3e, 0xcb, 0xfb, 0xbf, 0x88, 0x73, 0x98, 0xa3, 0x0b,
++      0x40, 0xc5, 0x5d, 0x05, 0x65, 0xc7, 0xa1, 0x5e, 0x40, 0x15},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {10,  // Round counter overflows 256
++     {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72, 0x7c,
++      0x50, 0x48, 0xfe, 0x0c},
++     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
++     {0x22, 0x2d, 0xea, 0xdd, 0xe6, 0xef, 0xb7, 0x60, 0xca, 0xe4, 0x2f, 0xa1,
++      0x88, 0x31, 0x0e, 0x0c, 0x07, 0xe7, 0xd5, 0x57, 0x52, 0x97, 0x66, 0x44,
++      0x4a, 0x9e, 0xfb, 0x33, 0x09, 0x07, 0xd4, 0x2f, 0x0d, 0xd8, 0xf3, 0xd1,
++      0x7b, 0x3a, 0x38, 0xbf, 0x40, 0xd6, 0x8c, 0x09, 0x5a, 0x9c, 0xce, 0x19,
++      0xda, 0xf9, 0x07, 0xbf, 0x2c, 0x92, 0xf1, 0xe5, 0x9b, 0x18, 0xb2, 0x77,
++      0xff, 0x03, 0x97, 0xfc, 0x50, 0xf4, 0x5f, 0x58, 0x2d, 0xb9, 0x36, 0xaa,
++      0x8a, 0xfb, 0x94, 0x3d, 0xe0, 0x1b, 0x58, 0xab, 0xfd, 0xc8, 0x1d, 0xae,
++      0xf4, 0xe0, 0x38, 0xc9, 0x9e, 0x4c, 0x1e, 0xb3, 0xee, 0x44, 0x74, 0x64,
++      0xbb, 0x8f, 0x89, 0xa4, 0xea, 0x81, 0xe5, 0x65, 0x56, 0xcc, 0x26, 0xc7,
++      0x28, 0x83, 0xc0, 0x6a, 0x7f, 0xe8, 0x50, 0xd0, 0x43, 0x47, 0xd6, 0x8b,
++      0xba, 0xdc, 0x4a, 0x06, 0x77, 0x50, 0x30, 0x67, 0x6d, 0xb8, 0xcc, 0x34,
++      0xae, 0xb0, 0x7e, 0x39, 0xc7, 0xf0, 0x59, 0xc2, 0xbf, 0xf7, 0x6a, 0x7f,
++      0x2b, 0xaf, 0x07, 0x67, 0x49, 0x00, 0x4e, 0xf7, 0x18, 0x9f, 0x88, 0x7f,
++      0x89, 0x02, 0x9f, 0x88, 0xc5, 0xc1, 0xd0, 0xf5, 0xee, 0x62, 0x32, 0x0b,
++      0x42, 0x30, 0x48, 0xe2, 0xad, 0x81, 0x86, 0xe6, 0x3b, 0xe2, 0x3c, 0x55,
++      0x3f, 0x55, 0x76, 0xa4, 0x0d, 0x96, 0x7e, 0x8b, 0x52, 0x7c, 0xcd, 0x78,
++      0x3c, 0x41, 0xab, 0xc6, 0x4b, 0xea, 0x1a, 0xec, 0x8a, 0x76, 0xde, 0xb3,
++      0xe9, 0xc9, 0xa6, 0x65, 0x67, 0x56, 0xe1, 0xda, 0xc3, 0x8b, 0xd2, 0x5f,
++      0xf0, 0x08, 0x88, 0x8a, 0x55, 0x91, 0xaf, 0x76, 0x3f, 0xd7, 0x3f, 0x5a,
++      0xdd, 0xd7, 0x49, 0x79, 0x48, 0x17, 0x07, 0x09, 0x90, 0x48, 0x46, 0x54,
++      0xa4, 0x6e, 0xf4, 0x42, 0xad, 0xae, 0xac, 0xab, 0x14, 0xd1, 0x2d, 0xaa,
++      0xf8, 0x7b, 0xcb, 0x91, 0x66, 0x1a, 0x21, 0x59, 0x37, 0x17, 0xd9, 0xb9,
++      0x35, 0x29, 0xd8, 0x13, 0xea, 0x5f, 0xc8, 0x12, 0xd7, 0x08, 0xc0, 0xd8,
++      0xe9, 0xb6, 0x81, 0x22, 0xd9, 0xf5, 0xe6, 0x26, 0x7c, 0xde, 0x36, 0x37,
++      0x80, 0xa4, 0x5d, 0x07, 0xe4, 0xca, 0xa5, 0xbf, 0x14, 0xf2, 0x33, 0x4f,
++      0x25, 0xb9, 0xd1, 0x77, 0x63, 0x2b, 0xb8, 0x0a, 0x82, 0x89, 0x4a, 0xa4,
++      0x7b, 0x6f, 0x36, 0x0b, 0x2d, 0xa1, 0x13, 0x8d, 0xed, 0xd4, 0x33, 0x1f,
++      0x07, 0x7c, 0x90, 0x05, 0x54, 0xc7, 0xa6, 0x8b, 0x5d, 0x15, 0x49, 0x80,
++      0xbb, 0x35, 0x17, 0xac, 0x20, 0xa7, 0x8a, 0x51, 0xf6, 0xf2, 0x1e, 0x42,
++      0xb2, 0xc4, 0xc9, 0x60, 0xd3, 0x1c, 0xbd, 0x22, 0xbd, 0x61, 0x08, 0x19,
++      0x18, 0x2c, 0x5e, 0x45, 0x6b, 0xa7, 0xd7, 0xe9, 0x03, 0xf5, 0xe6, 0x0f,
++      0x6e, 0x0c, 0x4c, 0xc0, 0x14, 0xfe, 0xb4, 0xf8, 0x19, 0x73, 0xce, 0x48,
++      0xad, 0x6f, 0x4d, 0xab, 0x8d, 0xa5, 0x1e, 0xb7},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {11,  // empty keys cannot be wrapped
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {},
++     {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {12,  // keys of size 8 byte cannot be wrapped
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
++     {0xdc, 0x26, 0xfb, 0x69, 0x11, 0xd7, 0x19, 0x71, 0xdf, 0x03, 0x56, 0xd6,
++      0xbb, 0x9e, 0xd6, 0xe6},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {13,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {14,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {15,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01, 0x02},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {16,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01, 0x02, 0x03},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {17,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01, 0x02, 0x03, 0x04},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {18,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05},
++     {},
++     {{Action::WRAP, {SECFailure, false}}}},
++
++    {19,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {20,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
++      0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {21,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {22,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {},
++     {0x9f},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {23,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {},
++     {0xdc, 0x9e, 0x95, 0x80},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {24,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {},
++     {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {25,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {},
++     {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45,
++      0x91, 0xca, 0x6b},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {26,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {},
++     {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18,
++      0x31, 0x33, 0x8f, 0x33, 0xae},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {27,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {},
++     {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff,
++      0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {28,  // bytes appended to wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
++      0x0c, 0x0d, 0x0e, 0x0f},
++     {0x97, 0x90, 0xab, 0x51, 0xfb, 0xcb, 0x85, 0x0d, 0xf6, 0x76, 0x4e, 0x01,
++      0x1a, 0xe9, 0x7c, 0x85, 0x78, 0x5b, 0xed, 0x26, 0x33, 0xae, 0xa6, 0x65},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {28,  // Bytes appended to wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
++      0x0c, 0x0d, 0x0e, 0x0f},
++     {0x97, 0x90, 0xab, 0x51, 0xfb, 0xcb, 0x85, 0x0d, 0xf6,
++      0x76, 0x4e, 0x01, 0x1a, 0xe9, 0x7c, 0x85, 0x78, 0x5b,
++      0xed, 0x26, 0x33, 0xae, 0xa6, 0x65, 0x00},
++     {{Action::UNWRAP, {SECFailure, false}}}},
++
++    {29,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x0a, 0xac, 0x32, 0x9c, 0xcd, 0x51, 0x3e, 0xdb, 0xdd, 0x63, 0x67, 0xdf,
++      0x67, 0x99, 0x9e, 0xaa, 0xc9, 0xe7, 0xb5, 0x19, 0x84, 0xc4, 0xd3, 0x8d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {30,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x5a, 0x55, 0xdc, 0x42, 0x97, 0x49, 0xca, 0x49, 0xbb, 0x4a, 0xb0, 0x1d,
++      0x96, 0x6b, 0x19, 0xea, 0x9a, 0x9e, 0x14, 0x02, 0xe6, 0xab, 0x29, 0x62},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {31,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x45, 0xf5, 0x33, 0xf6, 0x07, 0x2f, 0x64, 0x0e, 0xb7, 0xe1, 0xe5, 0x12,
++      0xd5, 0x60, 0x72, 0x08, 0x55, 0x67, 0xf4, 0xad, 0x60, 0x12, 0xa9, 0x7a},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {32,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x84, 0xf2, 0x84, 0x56, 0x5d, 0xf4, 0x7c, 0x40, 0x91, 0x07, 0xf7, 0xa0,
++      0xa7, 0x1b, 0xc3, 0x70, 0xa8, 0xed, 0x44, 0x89, 0xd4, 0x14, 0xb9, 0xe9},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {33,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x39, 0x41, 0xc3, 0x66, 0x55, 0x4f, 0xc8, 0x96, 0xe9, 0xfe, 0x52, 0xf0,
++      0x24, 0x93, 0xca, 0x03, 0xd4, 0x39, 0xeb, 0x17, 0xc2, 0x36, 0x14, 0x6d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {34,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x45, 0xc9, 0xd4, 0x23, 0x63, 0xd9, 0x81, 0xd0, 0x86, 0xa9, 0x72, 0x72,
++      0x8e, 0x13, 0x0a, 0x42, 0xf5, 0xdd, 0x90, 0xbd, 0xa5, 0x62, 0xa8, 0x5a},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {35,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x03, 0x7d, 0x17, 0x85, 0x95, 0x19, 0xd6, 0xc0, 0x72, 0x8a, 0x9e, 0xb6,
++      0xe6, 0x41, 0x13, 0xe8, 0x69, 0x19, 0xde, 0xca, 0xbd, 0x3b, 0xbb, 0x88},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {36,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x1a, 0xd1, 0x0a, 0xf7, 0xf6, 0xc0, 0x42, 0xb2, 0x67, 0xa0, 0xc7, 0xbc,
++      0x4d, 0x25, 0xd2, 0x7c, 0x00, 0x3d, 0xeb, 0x50, 0xe2, 0xcc, 0x56, 0x6a},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {37,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x63, 0x0c, 0x57, 0x1b, 0x7f, 0xb8, 0x64, 0x7a, 0xc5, 0x36, 0x0a, 0x25,
++      0x5f, 0x9f, 0x5d, 0x36, 0x45, 0x79, 0x5a, 0xc4, 0x52, 0x85, 0xcb, 0xaa},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {38,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x16, 0xdb, 0x55, 0x3e, 0x46, 0x7d, 0x40, 0x29, 0xd0, 0xfe, 0xa6, 0x2b,
++      0x2c, 0x44, 0x0e, 0x5d, 0xf6, 0xc6, 0x59, 0x1f, 0x04, 0x97, 0xa9, 0x9d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {39,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x09, 0x79, 0x91, 0x09, 0x0a, 0x15, 0x60, 0x47, 0xd4, 0x78, 0x4b, 0x75,
++      0x7f, 0x26, 0x2e, 0x12, 0xce, 0x57, 0xe1, 0x3a, 0x3d, 0x5d, 0x28, 0x6c},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {40,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x39, 0x57, 0xc3, 0x38, 0xb7, 0x50, 0xa3, 0x28, 0x5e, 0xb7, 0xb6, 0x5c,
++      0x9c, 0xfe, 0x77, 0x05, 0x3d, 0xd7, 0xd8, 0x14, 0x9f, 0x42, 0xca, 0xa1},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {41,  // RFC 3394
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
++      0x0c, 0x0d, 0x0e, 0x0f},
++     {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
++      0xcc, 0xdd, 0xee, 0xff},
++     {0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, 0xae, 0xf3, 0x4b, 0xd8,
++      0xfb, 0x5a, 0x7b, 0x82, 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {42,
++     {0xf7, 0x5a, 0x2f, 0x49, 0xa6, 0x30, 0xc7, 0xdc, 0x91, 0x62, 0x6b, 0x00,
++      0xce, 0x02, 0x9f, 0x0b, 0xd2, 0x98, 0x1d, 0x7c, 0x74, 0xa9, 0x3e, 0xbe},
++     {0x9a, 0xdb, 0xc0, 0x0c, 0x71, 0x0b, 0x11, 0x01, 0xbd, 0xf6, 0xa4, 0xed,
++      0x65, 0xb3, 0x2d, 0x72},
++     {0x00, 0xbe, 0x1c, 0xad, 0xdf, 0xd5, 0xad, 0x76, 0x97, 0x87, 0x70, 0x17,
++      0x79, 0x5f, 0x9c, 0xee, 0x4b, 0xce, 0x5a, 0x61, 0x68, 0x7a, 0x61, 0x26},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {43,
++     {0xb7, 0x13, 0xf6, 0xb7, 0x81, 0x4f, 0x98, 0x89, 0x4d, 0x7b, 0x15, 0x39,
++      0x74, 0x68, 0x43, 0x59, 0xf1, 0x46, 0x02, 0x13, 0xeb, 0x74, 0xbe, 0x68},
++     {0x78, 0x58, 0x5f, 0x0c, 0x49, 0x92, 0x2e, 0x82, 0xca, 0xf1, 0x7e, 0xbc,
++      0x37, 0x21, 0xb4, 0xdb},
++     {0x54, 0xe7, 0xf2, 0x78, 0xb5, 0xa1, 0xfb, 0x4c, 0x31, 0xa0, 0xd7, 0x9a,
++      0xc1, 0xf6, 0x15, 0xed, 0xd9, 0x10, 0xbf, 0x22, 0x01, 0x5a, 0x06, 0x68},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {44,
++     {0x13, 0xec, 0xf4, 0x23, 0x21, 0x1c, 0xaa, 0x33, 0x4b, 0xa6, 0xdb, 0x37,
++      0x25, 0x9a, 0x53, 0x5c, 0x20, 0xde, 0x8a, 0xd1, 0x0f, 0xc8, 0xc4, 0x32},
++     {0x4f, 0xc7, 0x5d, 0x0f, 0x22, 0x1e, 0x22, 0x40, 0x8a, 0x37, 0xe1, 0x12,
++      0x65, 0xd4, 0x9a, 0x05},
++     {0x51, 0x04, 0x55, 0xbd, 0x9c, 0x07, 0x8a, 0xc1, 0xf0, 0x7b, 0xb3, 0x75,
++      0x2c, 0xbd, 0x04, 0xe4, 0x21, 0xb0, 0xdd, 0x63, 0x51, 0x90, 0xfa, 0x62},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {45,
++     {0x44, 0x17, 0xfb, 0xbe, 0xa5, 0x1b, 0xdd, 0x91, 0x81, 0x8d, 0x74, 0x05,
++      0x19, 0x57, 0xdd, 0x70, 0xe1, 0x35, 0xc5, 0xcf, 0x37, 0x32, 0xbd, 0xf1},
++     {0xf5, 0x35, 0x7d, 0xa9, 0xf8, 0xfd, 0x4a, 0x11, 0x90, 0xf3, 0x6e, 0x9f,
++      0xa0, 0x9a, 0x90, 0xfc, 0xf1, 0x4d, 0x87, 0xd6, 0x23, 0x32, 0xf1, 0xa5},
++     {0x88, 0x0d, 0xa5, 0xb4, 0x10, 0xf9, 0x13, 0xad, 0x72, 0xcc, 0x93,
++      0xf4, 0x63, 0x44, 0xf1, 0x15, 0x21, 0x65, 0xbd, 0xea, 0x14, 0x66,
++      0x4f, 0xd2, 0xd3, 0xaf, 0xbd, 0x87, 0xb8, 0xcc, 0x5c, 0xfd},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {46,
++     {0xb3, 0xf2, 0x6d, 0x8a, 0x22, 0xfd, 0xd6, 0x1f, 0x70, 0x98, 0x41, 0x23,
++      0x1f, 0xbd, 0xe6, 0x95, 0xb3, 0xf2, 0x8d, 0xdd, 0xce, 0xd6, 0xd4, 0x1e},
++     {0x0d, 0x0a, 0xf9, 0x55, 0xd2, 0xe3, 0x82, 0x9c, 0xc3, 0xd6, 0x43, 0x21,
++      0x9b, 0x30, 0x1e, 0x64, 0xe0, 0x51, 0x0d, 0xfb, 0xc4, 0x28, 0x11, 0x9a},
++     {0x27, 0x65, 0x4c, 0xf6, 0xa6, 0x3d, 0x60, 0x04, 0xae, 0x83, 0xda,
++      0x54, 0xc2, 0xe5, 0xd7, 0xb5, 0xfa, 0xd2, 0x08, 0x78, 0xf3, 0x50,
++      0x08, 0x7d, 0xdd, 0x17, 0xac, 0x44, 0xa2, 0xbe, 0x86, 0x8f},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {47,
++     {0xf7, 0x0c, 0xfb, 0x26, 0x2c, 0x72, 0x9a, 0x18, 0x20, 0x6c, 0x8a, 0xfd,
++      0x74, 0x35, 0x6e, 0xc7, 0xe0, 0x49, 0xd1, 0x0b, 0x44, 0xa6, 0xe0, 0x00},
++     {0x24, 0x1c, 0xed, 0xfa, 0x64, 0xc4, 0xe7, 0xbe, 0xc5, 0x41, 0xa2, 0xeb,
++      0x4c, 0x36, 0x82, 0x69, 0xe0, 0xf0, 0xdd, 0xeb, 0xc5, 0x82, 0x67, 0xea},
++     {0xad, 0x7c, 0xa6, 0x6a, 0xd4, 0x66, 0x4f, 0x43, 0xe4, 0xdd, 0x09,
++      0x29, 0x6a, 0x6e, 0x6f, 0x02, 0xd5, 0xaf, 0x44, 0x08, 0xf2, 0x25,
++      0xc0, 0xab, 0xeb, 0x0d, 0x9b, 0x76, 0xc8, 0xd1, 0xe9, 0x82},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {48,  // wrapped key is longer than wrapping key
++     {0x16, 0x39, 0xf9, 0xf8, 0x1e, 0x53, 0xe2, 0xee, 0xb6, 0x77, 0xa2, 0x49,
++      0xe5, 0xec, 0xed, 0x3a, 0xf1, 0x08, 0x97, 0x13, 0x01, 0x60, 0x1a, 0x7b},
++     {0xec, 0x3c, 0x6a, 0x1f, 0x1a, 0x95, 0x85, 0x32, 0x7f, 0xe6, 0x58,
++      0x49, 0x0c, 0x74, 0x63, 0x5e, 0x53, 0x00, 0x87, 0x6d, 0xa5, 0x84,
++      0x6a, 0x62, 0x93, 0x98, 0x98, 0x4f, 0xb5, 0x51, 0xd6, 0x91},
++     {0xe2, 0x45, 0xc9, 0x0a, 0x6b, 0x46, 0xca, 0xec, 0xe9, 0x4f,
++      0x47, 0x11, 0x7d, 0x60, 0x83, 0x31, 0x95, 0x8c, 0x8f, 0x75,
++      0xf5, 0x31, 0xeb, 0xcd, 0xc9, 0x02, 0xc0, 0x21, 0x3d, 0x91,
++      0x05, 0xf2, 0x15, 0x5a, 0xf0, 0x7d, 0xaa, 0x62, 0xd1, 0x32},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {49,  // wrapped key is longer than wrapping key
++     {0x1f, 0x22, 0xd5, 0x65, 0x8a, 0xa6, 0x85, 0xb8, 0xba, 0x86, 0x59, 0xdc,
++      0x34, 0x28, 0x80, 0xd5, 0xb2, 0x39, 0x9e, 0x6a, 0x81, 0x50, 0x05, 0xb0},
++     {0x50, 0xbe, 0x4c, 0x1b, 0x2f, 0x29, 0xa6, 0x3f, 0x44, 0xd7, 0xfc,
++      0x63, 0x73, 0x7f, 0x60, 0x0f, 0x01, 0x94, 0xea, 0x3f, 0xb3, 0x6e,
++      0x17, 0x3d, 0x2d, 0xdd, 0x19, 0xf2, 0x18, 0x65, 0x63, 0x80},
++     {0x8a, 0x32, 0xb9, 0xf2, 0x07, 0xae, 0x5a, 0xae, 0xdb, 0x7e,
++      0x8a, 0x0d, 0x94, 0x51, 0x07, 0x41, 0x2c, 0x1b, 0xd0, 0x69,
++      0x99, 0xbc, 0x5a, 0xc8, 0x3c, 0x1f, 0x95, 0x8d, 0xfb, 0x77,
++      0xeb, 0xdc, 0xf9, 0xd9, 0x8c, 0x60, 0xdb, 0xd4, 0x65, 0x0a},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {50,  // wrapped key is longer than wrapping key
++     {0x3a, 0x2f, 0x4a, 0xa5, 0x04, 0x41, 0x95, 0x4b, 0xba, 0x5a, 0x18, 0x36,
++      0x29, 0x4c, 0xe0, 0x71, 0xf9, 0x29, 0x6b, 0x23, 0xdb, 0xed, 0x67, 0x71},
++     {0x65, 0xda, 0x02, 0xff, 0x21, 0xb4, 0x83, 0xa1, 0xe3, 0x95, 0x75,
++      0x49, 0x0b, 0x43, 0x19, 0xe8, 0x4a, 0xe0, 0x29, 0x9f, 0x1f, 0x00,
++      0xb3, 0x85, 0x9f, 0xbe, 0x2e, 0x74, 0xb3, 0xec, 0x2a, 0xaf},
++     {0x4a, 0x58, 0x42, 0xb1, 0x0d, 0x2d, 0xb9, 0x6e, 0xa1, 0x03,
++      0x9e, 0xf4, 0x78, 0x5c, 0xe7, 0x22, 0x55, 0x5b, 0x37, 0x51,
++      0xa9, 0xb6, 0xdd, 0x39, 0x12, 0x6a, 0xd3, 0x63, 0x37, 0x8c,
++      0x72, 0x32, 0x0d, 0x83, 0xea, 0x7a, 0xdb, 0x81, 0x61, 0x5a},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {51,  // Round counter overflows 256
++     {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72, 0x7c,
++      0x50, 0x48, 0xfe, 0x0c, 0x01, 0xbc, 0x53, 0xb2, 0x3a, 0xb6, 0x35, 0x02},
++     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
++     {0xe2, 0x19, 0x25, 0x98, 0xe6, 0x12, 0x4f, 0x27, 0x91, 0xb2, 0x75, 0x1f,
++      0x93, 0x09, 0x58, 0x43, 0x5b, 0xb1, 0xd0, 0x2e, 0x98, 0xaa, 0x1e, 0x09,
++      0x78, 0x1b, 0xba, 0x0b, 0x15, 0x94, 0x35, 0xdb, 0x65, 0x9f, 0xa7, 0x3f,
++      0xa3, 0x10, 0x11, 0x17, 0x04, 0x69, 0x2c, 0x68, 0xe1, 0x6d, 0xdf, 0x4b,
++      0xe0, 0x60, 0x22, 0xc5, 0x2f, 0xe9, 0xdb, 0xa6, 0x27, 0x9a, 0xad, 0x1a,
++      0xeb, 0x81, 0x41, 0x25, 0xd0, 0xdd, 0xf3, 0x3f, 0x31, 0xe5, 0x8e, 0x62,
++      0x5a, 0xf3, 0x23, 0x05, 0x05, 0x0c, 0xfe, 0xa3, 0x90, 0xd8, 0x78, 0x2d,
++      0x32, 0xca, 0xac, 0x55, 0x88, 0x89, 0xca, 0x8e, 0x64, 0x19, 0x08, 0x20,
++      0x8d, 0xa6, 0x97, 0x65, 0x42, 0xb4, 0x0d, 0xbd, 0x09, 0x01, 0x78, 0xe2,
++      0xa6, 0x81, 0x2a, 0x43, 0x6c, 0x18, 0xa5, 0xe8, 0x91, 0xac, 0x80, 0x83,
++      0x17, 0x6a, 0xce, 0x1d, 0xdf, 0xee, 0x4d, 0x38, 0x28, 0x56, 0xa5, 0x9c,
++      0x80, 0xc6, 0x43, 0xec, 0xd5, 0xc1, 0xab, 0x68, 0xc6, 0x6b, 0x2b, 0x89,
++      0x84, 0xce, 0x6e, 0x0e, 0x38, 0x6f, 0x65, 0x54, 0xa9, 0xcb, 0x91, 0xd3,
++      0x63, 0xbb, 0x4a, 0xcc, 0xf0, 0x28, 0x87, 0x8e, 0xc2, 0x0b, 0x8b, 0x2e,
++      0x37, 0x21, 0x4f, 0x7b, 0x12, 0xdb, 0xcd, 0x78, 0xfb, 0x38, 0xf7, 0x11,
++      0xa9, 0x0f, 0xe2, 0x62, 0xc7, 0x84, 0x91, 0xb9, 0x05, 0x83, 0x54, 0xe2,
++      0x7b, 0x34, 0xfc, 0x92, 0xef, 0x0d, 0x70, 0x28, 0x59, 0x4c, 0xb0, 0x82,
++      0x59, 0xf8, 0x6b, 0x54, 0xcb, 0x1d, 0x31, 0x7e, 0xc5, 0x5f, 0x2e, 0xf2,
++      0xab, 0x7e, 0x8b, 0x14, 0x16, 0x71, 0xf8, 0xbc, 0xb1, 0xa9, 0x0b, 0xb7,
++      0xd8, 0x2b, 0xc8, 0xcb, 0x4f, 0xb0, 0x2c, 0x9c, 0xe4, 0x30, 0xef, 0x4a,
++      0xe0, 0xdc, 0x84, 0x7e, 0x91, 0xe7, 0xd4, 0xfb, 0x46, 0x3e, 0xb9, 0xdd,
++      0x87, 0xfc, 0x9d, 0xc9, 0x56, 0x8f, 0x3a, 0x4e, 0xf5, 0x04, 0xd7, 0x4c,
++      0x13, 0x4d, 0xcb, 0x60, 0xca, 0x01, 0xb3, 0x6c, 0xe1, 0x0c, 0xb4, 0x67,
++      0x26, 0x8e, 0xa2, 0x97, 0xc0, 0x51, 0x8a, 0x50, 0xd1, 0x2c, 0xc0, 0x25,
++      0xcf, 0xee, 0xa1, 0x38, 0x1d, 0xdd, 0x7d, 0xd6, 0x3e, 0x4a, 0xc9, 0x48,
++      0x90, 0xa0, 0xea, 0xe9, 0xdb, 0xd8, 0xdb, 0x24, 0x46, 0x25, 0xa3, 0xc8,
++      0xaf, 0x2e, 0x1a, 0xff, 0x6a, 0x81, 0x12, 0xc4, 0xd3, 0xd9, 0x8e, 0x82,
++      0x63, 0x58, 0x8e, 0xe1, 0xdd, 0x90, 0x63, 0xb7, 0x09, 0xb8, 0xec, 0x00,
++      0x47, 0x4c, 0x4e, 0xa4, 0x13, 0xa8, 0x02, 0xb8, 0xcd, 0xe8, 0x14, 0xe7,
++      0xb3, 0x73, 0x14, 0x10, 0x80, 0x9e, 0xd0, 0x00, 0x06, 0x0f, 0xb7, 0xb9,
++      0xb0, 0xbf, 0x85, 0x09, 0xef, 0x17, 0x51, 0x5f, 0x33, 0x3e, 0x86, 0x8b,
++      0x18, 0x8e, 0xa1, 0x64, 0x45, 0xf3, 0x80, 0xb3, 0xa7, 0xd4, 0x27, 0x74,
++      0xf6, 0x45, 0x6c, 0xdf, 0x72, 0x42, 0x46, 0xfa},
++     {{Action::WRAP,
++       {SECSuccess, true}},  // Round counter overflows - acceptable
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {52,  // empty keys cannot be wrapped
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {},
++     {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {53,  // keys of size 8 byte cannot be wrapped
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
++     {0x38, 0xd8, 0x23, 0x8c, 0xdb, 0x0d, 0x9a, 0x2d, 0xa2, 0x8d, 0x6d, 0x56,
++      0x19, 0x4f, 0x2e, 0x78},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {54,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {55,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {56,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01, 0x02},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {57,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01, 0x02, 0x03},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {58,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01, 0x02, 0x03, 0x04},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {59,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {60,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {61,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
++      0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
++      0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {62,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {63,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {},
++     {0x9f},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {64,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {},
++     {0xdc, 0x9e, 0x95, 0x80},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {65,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {},
++     {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {66,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {},
++     {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45,
++      0x91, 0xca, 0x6b},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {67,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {},
++     {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18,
++      0x31, 0x33, 0x8f, 0x33, 0xae},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {68,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {},
++     {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff,
++      0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {69,  // bytes appended to wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
++      0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
++      0x0c, 0x0d, 0x0e, 0x0f},
++     {0x55, 0xdf, 0xb2, 0xf7, 0xe0, 0xc1, 0xea, 0x04, 0xfe,
++      0xad, 0x89, 0x7c, 0x45, 0x1c, 0x05, 0x05, 0x92, 0x1d,
++      0xc4, 0x7f, 0x30, 0x8c, 0x49, 0x17, 0x00},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {70,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x9b, 0x15, 0x93, 0xfd, 0x7d, 0x4f, 0xe2, 0x5a, 0x66, 0x0b, 0xbc, 0x19,
++      0x76, 0xea, 0x4a, 0xb6, 0x8b, 0xcc, 0x53, 0xf8, 0x48, 0xa8, 0xeb, 0x9d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {71,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xe7, 0xed, 0xb8, 0x47, 0xfa, 0x91, 0xe2, 0xde, 0xde, 0xd7, 0x26, 0xed,
++      0xf3, 0xab, 0x93, 0xda, 0x91, 0x15, 0x16, 0x97, 0x42, 0x5f, 0xee, 0x28},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {72,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x1b, 0x51, 0xa7, 0xc0, 0x33, 0xc1, 0xef, 0xb5, 0xee, 0x29, 0x94, 0x25,
++      0x9c, 0x40, 0xf0, 0x3b, 0xb5, 0x7d, 0x8c, 0xc0, 0x9e, 0x50, 0x7e, 0x6e},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {73,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xc4, 0x0b, 0x61, 0x4a, 0x50, 0x62, 0xf5, 0xfd, 0x04, 0x9c, 0x53, 0x79,
++      0xb3, 0xe8, 0x14, 0x16, 0x14, 0xc2, 0xda, 0x97, 0x89, 0x35, 0x89, 0xfb},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {74,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xd7, 0x57, 0x5e, 0xf0, 0x2d, 0xf5, 0x4b, 0x30, 0x86, 0xeb, 0x49, 0x03,
++      0x5e, 0xea, 0xfb, 0xce, 0x0e, 0x08, 0x33, 0x6e, 0x89, 0xb3, 0x5a, 0xb0},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {75,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x0d, 0x61, 0x7f, 0x1c, 0x12, 0x48, 0x5a, 0x35, 0x91, 0x7d, 0x2a, 0x94,
++      0x1e, 0x94, 0x9d, 0x2f, 0xdb, 0xf0, 0x3a, 0x34, 0x68, 0x89, 0xb8, 0x50},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {76,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xc7, 0xdf, 0x34, 0x72, 0x91, 0x74, 0xdb, 0x2e, 0x83, 0xee, 0x16, 0xc6,
++      0xde, 0x74, 0xd5, 0xeb, 0x97, 0x66, 0x71, 0x5f, 0xad, 0x04, 0x9b, 0x40},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {77,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xc3, 0xed, 0x38, 0xd6, 0xf9, 0xcc, 0xb9, 0xbf, 0x3c, 0x56, 0xbb, 0x31,
++      0x76, 0xf0, 0x0d, 0x3c, 0xe9, 0x88, 0x75, 0x21, 0xf8, 0xd4, 0xc7, 0x0b},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {78,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x65, 0x82, 0xb5, 0xf4, 0x65, 0x27, 0x44, 0xb0, 0x53, 0x7e, 0x97, 0xe7,
++      0xcd, 0xae, 0x0f, 0x44, 0x31, 0x30, 0x14, 0x0d, 0xba, 0xea, 0x60, 0x4c},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {79,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xfc, 0x9b, 0x9b, 0xdf, 0x25, 0xf2, 0xb4, 0x8a, 0xd7, 0x99, 0x34, 0xc8,
++      0xd3, 0x48, 0x97, 0xcd, 0xbf, 0x4c, 0x84, 0x6f, 0x8c, 0xb4, 0xb1, 0x1d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {80,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xfc, 0x23, 0xc7, 0xf4, 0xfe, 0x20, 0xaa, 0x81, 0x10, 0x5e, 0xfc, 0x1a,
++      0x71, 0x05, 0xa5, 0x31, 0x6b, 0x23, 0x39, 0x9a, 0xc7, 0x92, 0xc8, 0x24},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {81,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x37, 0xb4, 0xa2, 0x61, 0xb9, 0x6b, 0xce, 0xc9, 0xcc, 0x93, 0xee, 0xf5,
++      0xb2, 0xfb, 0xbb, 0xe8, 0x46, 0x34, 0xf9, 0x78, 0xc5, 0x89, 0x3d, 0xda},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {82,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x18, 0x31, 0x10, 0x98, 0x47, 0xd1, 0x7d, 0x01, 0x0b, 0xfc, 0xd9,
++      0x3f, 0xb4, 0x6f, 0x31, 0x50, 0xcd, 0xaf, 0xd5, 0x27, 0x33, 0xdb,
++      0x74, 0xc2, 0x21, 0xb0, 0x34, 0xfe, 0x8e, 0x15, 0x52, 0xc0},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {83,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x2b, 0x2b, 0x89, 0xc3, 0xc6, 0xb2, 0xdb, 0x49, 0x03, 0x87, 0x7a,
++      0xd4, 0x62, 0x2c, 0xa3, 0x3f, 0x3a, 0x3c, 0xb7, 0xe6, 0x70, 0x1d,
++      0x13, 0x40, 0xe6, 0xaf, 0xc0, 0xfd, 0xab, 0x7d, 0xbd, 0x72},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {84,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x3c, 0x69, 0x03, 0xf3, 0x7d, 0xa5, 0x71, 0x61, 0xaf, 0x67, 0x06,
++      0x05, 0x0a, 0x2e, 0xd7, 0x47, 0xcd, 0x55, 0x34, 0x4d, 0x86, 0x91,
++      0x89, 0xfd, 0x49, 0xd2, 0x53, 0x6f, 0xf9, 0x48, 0x12, 0x9d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {85,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x8a, 0x8d, 0xc8, 0xb1, 0x31, 0xc6, 0xb9, 0x68, 0xb6, 0x0c, 0x1d,
++      0xd8, 0x19, 0xa6, 0x55, 0x39, 0x2d, 0x1a, 0x96, 0xd6, 0xca, 0xfa,
++      0x48, 0xe3, 0x0f, 0xb1, 0x14, 0x6f, 0x09, 0x62, 0x29, 0xc6},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {86,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x30, 0x3e, 0x0b, 0x36, 0x02, 0xd5, 0x14, 0xa7, 0xd5, 0x2e, 0xdb,
++      0xa3, 0x30, 0x6d, 0x73, 0x83, 0xe8, 0x99, 0x9e, 0x7c, 0x65, 0x2a,
++      0x51, 0x03, 0x35, 0xa8, 0x94, 0x9e, 0xfb, 0x42, 0xeb, 0x66},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {87,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x31, 0x9b, 0xef, 0xbf, 0x2d, 0xdb, 0xb4, 0x75, 0x72, 0x3f, 0xb2,
++      0xfa, 0x30, 0xf2, 0xae, 0x7f, 0xc1, 0xce, 0xb1, 0xe6, 0xf3, 0x61,
++      0x71, 0x5e, 0xca, 0x72, 0x09, 0x60, 0x88, 0x73, 0xc7, 0xfc},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {88,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x9b, 0x3e, 0x44, 0x03, 0x41, 0xc5, 0xda, 0x13, 0x15, 0x59, 0x95,
++      0x9d, 0xb6, 0xb3, 0x55, 0x3a, 0x53, 0x46, 0x91, 0x16, 0x2f, 0x4f,
++      0x00, 0x93, 0x27, 0xbf, 0x2c, 0x21, 0xd6, 0xfe, 0x5a, 0xda},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {89,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xeb, 0xa6, 0xcc, 0x09, 0x59, 0xe6, 0xa5, 0x63, 0x39, 0xb1, 0x41,
++      0x62, 0x98, 0x40, 0xad, 0xd8, 0x0f, 0x45, 0x65, 0x65, 0x6d, 0xc6,
++      0x87, 0xa3, 0xb9, 0x96, 0x96, 0x0c, 0x99, 0x4d, 0xfd, 0x26},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {90,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xb7, 0x03, 0xb6, 0xcf, 0x45, 0x87, 0x70, 0x93, 0x53, 0xc7, 0xe4,
++      0x00, 0x4d, 0x3d, 0xa6, 0x1c, 0xe5, 0xf5, 0xde, 0xaf, 0x71, 0x63,
++      0xca, 0x9d, 0x61, 0x58, 0xdd, 0xe9, 0x19, 0xe0, 0xac, 0x34},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {91,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x72, 0x54, 0x9d, 0x52, 0xd6, 0xf4, 0xff, 0x91, 0x2d, 0x83, 0x3c,
++      0x74, 0x13, 0x6d, 0x90, 0x63, 0x4c, 0xe8, 0xaf, 0xa4, 0xf8, 0x44,
++      0x12, 0xbb, 0xee, 0x80, 0x74, 0x08, 0x4d, 0x4c, 0xec, 0xff},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {92,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x13, 0x37, 0xc8, 0xbd, 0x6c, 0x8a, 0x5d, 0xd4, 0x3a, 0xba, 0x8d,
++      0x29, 0x88, 0x64, 0xff, 0xe7, 0x6a, 0xd6, 0xea, 0x90, 0x9f, 0x34,
++      0x88, 0x15, 0x7a, 0x15, 0xe6, 0xc4, 0x6a, 0xcf, 0x22, 0x14},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {93,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
++      0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x4a, 0xaf, 0xfa, 0xca, 0x5f, 0xe8, 0x58, 0x14, 0xd0, 0x40, 0xaa,
++      0x2a, 0x30, 0x6b, 0xa4, 0xd1, 0xd4, 0x47, 0x46, 0xcf, 0xe4, 0x6c,
++      0x97, 0x8a, 0xa0, 0x57, 0xb5, 0x3f, 0xd2, 0x53, 0x16, 0xc1},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {94,  // RFC 3394
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
++      0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
++     {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
++      0xcc, 0xdd, 0xee, 0xff},
++     {0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, 0xf9, 0x2b, 0x5b, 0x97,
++      0xc0, 0x50, 0xae, 0xd2, 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {95,  // RFC 3394
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
++      0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
++     {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
++      0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
++     {0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, 0x68, 0xf2, 0x4e,
++      0xc2, 0x60, 0x74, 0x3e, 0xdc, 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72,
++      0x5a, 0x93, 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {96,
++     {0xfc, 0xe0, 0x42, 0x9c, 0x61, 0x06, 0x58, 0xef, 0x8e, 0x7c, 0xfb,
++      0x01, 0x54, 0xc5, 0x1d, 0xe2, 0x23, 0x9a, 0x8a, 0x31, 0x7f, 0x5a,
++      0xf5, 0xb6, 0x71, 0x4f, 0x98, 0x5f, 0xb5, 0xc4, 0xd7, 0x5c},
++     {0x28, 0x73, 0x26, 0xb5, 0xed, 0x00, 0x78, 0xe7, 0xca, 0x01, 0x64, 0xd7,
++      0x48, 0xf6, 0x67, 0xe7},
++     {0x94, 0x0b, 0x1c, 0x58, 0x0e, 0x0c, 0x72, 0x33, 0xa7, 0x91, 0xb0, 0xf1,
++      0x92, 0x43, 0x8d, 0x2e, 0xac, 0xe1, 0x42, 0x14, 0xce, 0xe4, 0x55, 0xb7},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {97,
++     {0x0d, 0xda, 0x6d, 0xa5, 0x12, 0x3e, 0x2c, 0x37, 0xc6, 0xfa, 0x16,
++      0xba, 0x0d, 0x33, 0x4c, 0xd0, 0x1a, 0xcd, 0x65, 0x2f, 0x89, 0x94,
++      0x21, 0x17, 0x51, 0xdf, 0xab, 0x4f, 0xaa, 0xc2, 0xfc, 0x22},
++     {0xb4, 0x0b, 0x68, 0x28, 0x72, 0x9b, 0x45, 0x63, 0x22, 0xa8, 0xd0, 0x65,
++      0xab, 0xc0, 0xd0, 0x81},
++     {0x93, 0x9b, 0x33, 0x89, 0x33, 0x6f, 0xea, 0x4a, 0x97, 0x51, 0xbf, 0x01,
++      0x4e, 0xf1, 0x80, 0x11, 0x32, 0x30, 0x90, 0xe8, 0xa0, 0x50, 0x0b, 0xc4},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {98,
++     {0xd6, 0x92, 0x59, 0x14, 0xcd, 0x06, 0x30, 0x8f, 0x81, 0xad, 0x91,
++      0xe2, 0x30, 0x73, 0x59, 0x3d, 0x99, 0xd4, 0xe5, 0x03, 0x51, 0xb2,
++      0x0e, 0xb2, 0xa8, 0xd1, 0xa1, 0xac, 0x4c, 0xed, 0x65, 0x88},
++     {0x03, 0x7b, 0x27, 0xb3, 0xdc, 0x95, 0xb1, 0x9d, 0x15, 0xbd, 0x40, 0x91,
++      0xe3, 0x20, 0xbf, 0xe1},
++     {0x59, 0xee, 0x8e, 0x51, 0x98, 0x86, 0x12, 0x37, 0xf6, 0x82, 0xed, 0xec,
++      0x6b, 0xa9, 0x06, 0x52, 0x6c, 0x01, 0x6d, 0x4d, 0x93, 0x59, 0x42, 0xbd},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {99,
++     {0x07, 0x51, 0x8a, 0x82, 0xcb, 0xc8, 0xda, 0x1d, 0xce, 0xc5, 0x5f,
++      0x37, 0x63, 0xa2, 0x06, 0xd2, 0x77, 0x48, 0x7a, 0xbd, 0x03, 0xce,
++      0xdd, 0x0b, 0x8b, 0xef, 0x9e, 0xe2, 0xfb, 0x15, 0x71, 0x21},
++     {0xfa, 0xa4, 0x66, 0x4d, 0x79, 0xfc, 0xe3, 0xc7, 0xd2, 0xfd, 0xd4, 0x62,
++      0xf6, 0xc1, 0xc4, 0x23, 0xc2, 0xf8, 0xe6, 0xb6, 0x9b, 0xe2, 0xe0, 0x71},
++     {0x1a, 0xb5, 0x3a, 0x06, 0x5d, 0x8f, 0x77, 0x6a, 0x08, 0xb3, 0x3e,
++      0x51, 0x38, 0x30, 0x71, 0xb6, 0xf1, 0x54, 0x61, 0x21, 0x16, 0x65,
++      0x51, 0x37, 0xbd, 0x3b, 0x7e, 0xc2, 0x9b, 0x70, 0xfd, 0x56},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {100,
++     {0xea, 0x46, 0x99, 0x1d, 0x4e, 0x71, 0xf5, 0x3d, 0xd6, 0x24, 0xe7,
++      0xfe, 0x7f, 0xde, 0x11, 0x94, 0x4a, 0x7c, 0x59, 0x42, 0xd2, 0x32,
++      0x36, 0x9b, 0x80, 0x65, 0xd4, 0x2b, 0x8c, 0xd2, 0xdd, 0xe1},
++     {0xdf, 0xfc, 0x5c, 0xf1, 0xdd, 0x54, 0x11, 0xd0, 0x15, 0xd8, 0x46, 0x01,
++      0xfa, 0x38, 0xdf, 0x5e, 0xff, 0xe8, 0x85, 0xc7, 0xf2, 0x6a, 0x48, 0x25},
++     {0xa1, 0xbf, 0x8e, 0x73, 0xe3, 0xfa, 0x1d, 0xb7, 0x59, 0xf0, 0xab,
++      0x2a, 0xb0, 0xb1, 0xca, 0x6f, 0x2c, 0x85, 0xb6, 0x3d, 0x83, 0xe2,
++      0x5f, 0x7a, 0x0b, 0x52, 0x93, 0xd0, 0xa2, 0x16, 0xa2, 0xb7},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {101,
++     {0xfd, 0xcf, 0xa9, 0x02, 0xc6, 0xf2, 0x22, 0xf5, 0x27, 0xaf, 0x84,
++      0xda, 0x53, 0x3b, 0x14, 0xb5, 0x2e, 0x26, 0x15, 0xda, 0x3a, 0x89,
++      0xd1, 0xd3, 0x57, 0x08, 0xb0, 0xcd, 0x49, 0xf6, 0x0d, 0x87},
++     {0x96, 0x6b, 0x07, 0x04, 0x73, 0x54, 0x96, 0x6a, 0x70, 0x3e, 0x79, 0x60,
++      0x7b, 0x55, 0x60, 0x32, 0xf4, 0xf5, 0x96, 0xb7, 0xf9, 0x20, 0x6f, 0x05},
++     {0x27, 0x30, 0x8a, 0x0e, 0x1a, 0x6c, 0x0a, 0x1d, 0x15, 0xd6, 0x17,
++      0x4a, 0xb7, 0xd6, 0x86, 0x75, 0x20, 0x7b, 0x61, 0x5d, 0xf1, 0x6f,
++      0xcf, 0x7a, 0x3c, 0x69, 0xb2, 0x5f, 0x55, 0x1c, 0xca, 0x9f},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {102,
++     {0x38, 0xe1, 0xb1, 0xd0, 0x75, 0xd9, 0xd8, 0x52, 0xb9, 0xa6, 0xc0,
++      0x1c, 0x8f, 0xf6, 0x96, 0x5a, 0xf0, 0x1b, 0xac, 0x45, 0x7a, 0x4e,
++      0x33, 0x9a, 0xe3, 0xe1, 0xd7, 0xb2, 0xff, 0xac, 0xc0, 0xcd},
++     {0x80, 0xad, 0x68, 0x20, 0xf1, 0xc9, 0x09, 0x81, 0xe2, 0xca, 0x42,
++      0xb8, 0x17, 0xa3, 0x45, 0xc1, 0x17, 0x9d, 0x0a, 0x11, 0xd8, 0xe2,
++      0x3a, 0x8a, 0xdc, 0x05, 0x05, 0xe1, 0x3d, 0x87, 0x29, 0x5a},
++     {0x71, 0x55, 0xee, 0x93, 0x2b, 0x03, 0x58, 0xd9, 0x81, 0x82,
++      0xa2, 0x3f, 0x7f, 0x42, 0x7c, 0x77, 0x4a, 0xb3, 0x40, 0xa4,
++      0x75, 0x7d, 0x0b, 0x6a, 0x63, 0xfa, 0xcd, 0x3d, 0xe9, 0x05,
++      0x78, 0x43, 0x8c, 0xf0, 0x32, 0x01, 0xc3, 0xf8, 0x80, 0x57},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {103,
++     {0xc6, 0x41, 0xf1, 0x68, 0x9d, 0x81, 0xca, 0xa8, 0xba, 0x37, 0xd8,
++      0x95, 0x27, 0x22, 0x40, 0x66, 0x40, 0x54, 0xed, 0x97, 0x4c, 0xff,
++      0xfc, 0x40, 0xe6, 0xc5, 0xc0, 0xca, 0xd1, 0xb9, 0x16, 0xc7},
++     {0x3f, 0xd0, 0xba, 0x19, 0x95, 0x5e, 0x46, 0x74, 0x9f, 0x54, 0xd8,
++      0x8e, 0x99, 0xd0, 0x80, 0xb7, 0x33, 0x9d, 0x58, 0x8f, 0xe6, 0x12,
++      0xec, 0x0f, 0x40, 0x21, 0xca, 0x3c, 0xa2, 0x10, 0x42, 0x70},
++     {0xf2, 0x0b, 0x9b, 0x55, 0x3b, 0xc0, 0x84, 0x75, 0x29, 0xf8,
++      0xd4, 0x37, 0x9f, 0xa9, 0x09, 0x21, 0x1e, 0x68, 0x24, 0x9b,
++      0xd4, 0x29, 0xf4, 0x36, 0xc6, 0x15, 0xc4, 0xc4, 0xa5, 0xd9,
++      0xf1, 0xa1, 0x96, 0x8f, 0x0b, 0x89, 0xc5, 0x23, 0x7b, 0x30},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {104,
++     {0xaa, 0x0a, 0xb9, 0xd6, 0x8e, 0xd4, 0xa0, 0x4e, 0x72, 0x3f, 0x81,
++      0xb4, 0x4c, 0x0c, 0x88, 0xd0, 0xbc, 0xde, 0x7a, 0x80, 0xcf, 0xd4,
++      0x76, 0xeb, 0x4b, 0x88, 0x36, 0xd9, 0xaa, 0x01, 0xec, 0x4c},
++     {0x57, 0xfa, 0xa8, 0x76, 0x6f, 0x6d, 0x6a, 0x0a, 0xa1, 0xcf, 0x64,
++      0x3f, 0x85, 0x7c, 0x15, 0x0d, 0xf5, 0xb3, 0x13, 0x03, 0xb5, 0x0a,
++      0xf4, 0x80, 0xe2, 0x1c, 0x4b, 0x5e, 0x8c, 0x8a, 0x15, 0xd5},
++     {0x28, 0x11, 0x71, 0x68, 0x54, 0xa2, 0x14, 0xae, 0xcd, 0xd3,
++      0x18, 0xc6, 0x67, 0x0b, 0x9b, 0x2a, 0x75, 0x11, 0x71, 0x3c,
++      0x9a, 0x0c, 0x0f, 0xa8, 0x05, 0x23, 0x0f, 0xf0, 0x5c, 0xf8,
++      0x4a, 0xf7, 0x95, 0xdd, 0x72, 0xf6, 0xc1, 0xa4, 0x45, 0x12},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {105,  // Round counter overflows 256
++     {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72,
++      0x7c, 0x50, 0x48, 0xfe, 0x0c, 0x01, 0xbc, 0x53, 0xb2, 0x3a, 0xb6,
++      0x35, 0x02, 0x5c, 0xba, 0xc1, 0xec, 0xf5, 0x2c, 0xa4, 0x95},
++     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
++     {0x53, 0x22, 0xbc, 0x62, 0xbd, 0x83, 0x79, 0xab, 0xbb, 0x75, 0xf6, 0x96,
++      0x88, 0xb8, 0xf0, 0x0e, 0x31, 0x96, 0x2b, 0x8f, 0x9a, 0xe1, 0xe8, 0x97,
++      0x71, 0x95, 0x2d, 0x8a, 0x2a, 0x74, 0x9e, 0x13, 0x52, 0xec, 0x33, 0xb5,
++      0x43, 0x5a, 0x67, 0x42, 0x71, 0xb3, 0x14, 0x76, 0x0a, 0xb9, 0xf7, 0x53,
++      0xb1, 0x67, 0x26, 0x18, 0x5e, 0xc7, 0xd3, 0x19, 0xac, 0x60, 0x53, 0x13,
++      0x55, 0x34, 0x4c, 0x1d, 0x53, 0xc7, 0x90, 0x30, 0x00, 0xa8, 0x03, 0x9e,
++      0xb4, 0x0f, 0x70, 0x56, 0x4a, 0x0a, 0xd3, 0xf4, 0x1b, 0x23, 0x55, 0xea,
++      0x5d, 0xfa, 0x6a, 0x1d, 0x46, 0x39, 0x2f, 0x1d, 0x10, 0x6a, 0x5d, 0xa5,
++      0x69, 0xbf, 0xb0, 0x49, 0x3b, 0xf7, 0xc1, 0x2d, 0xff, 0x04, 0xba, 0xfe,
++      0xae, 0x37, 0x7d, 0xf4, 0xbb, 0x47, 0xcd, 0x44, 0x0b, 0x6f, 0x60, 0xfb,
++      0xab, 0x2a, 0x54, 0xa9, 0x85, 0x51, 0xb7, 0x62, 0x73, 0xe0, 0x2c, 0xac,
++      0x8d, 0x7b, 0xe9, 0xf2, 0x34, 0x3d, 0x3a, 0xbb, 0x2a, 0x23, 0xaf, 0x1c,
++      0x91, 0xa7, 0x01, 0x1c, 0x67, 0xa7, 0x90, 0x72, 0x60, 0x11, 0x6b, 0x67,
++      0xd5, 0x10, 0xaa, 0xbe, 0x5c, 0x7c, 0xa4, 0x6c, 0x1c, 0x20, 0xf7, 0x71,
++      0x06, 0xc4, 0x59, 0x66, 0x58, 0x3b, 0x3e, 0x4e, 0xd7, 0x99, 0xa4, 0x7e,
++      0xe1, 0x9b, 0xb4, 0x22, 0x32, 0x09, 0x26, 0x5c, 0x2b, 0x1a, 0xc8, 0x18,
++      0x3a, 0x67, 0x8f, 0xf4, 0x3b, 0xc9, 0xa3, 0x47, 0x0a, 0x50, 0xb9, 0xee,
++      0x4d, 0x10, 0xf6, 0x06, 0x74, 0x26, 0x8d, 0x72, 0xc6, 0x8b, 0xe0, 0x03,
++      0xa0, 0xd9, 0xdd, 0x68, 0x49, 0xab, 0xa8, 0x36, 0xfe, 0x8a, 0x17, 0x92,
++      0xb8, 0x1c, 0x90, 0xe1, 0x29, 0x45, 0xbf, 0xe1, 0xf2, 0x7a, 0x9c, 0x6b,
++      0x2a, 0xf6, 0x6a, 0x06, 0x3c, 0xdb, 0x77, 0x21, 0xa7, 0xf2, 0x3f, 0xb3,
++      0x0a, 0xfd, 0xbd, 0x8b, 0x18, 0xdb, 0x37, 0x7d, 0xd1, 0x69, 0x7f, 0x15,
++      0x7b, 0xe8, 0x1c, 0x15, 0x78, 0xd0, 0x8b, 0x06, 0x6c, 0x71, 0xb0, 0xc5,
++      0xca, 0x7f, 0xee, 0xca, 0xc1, 0xcd, 0xd9, 0x38, 0xcf, 0x9a, 0xd5, 0x25,
++      0xf7, 0x48, 0x44, 0x66, 0x09, 0x08, 0x19, 0x4b, 0x28, 0xe5, 0x4e, 0xdd,
++      0xb1, 0x58, 0xf6, 0xe4, 0xc9, 0x21, 0xb8, 0x11, 0xd9, 0x0d, 0xb7, 0x1a,
++      0x92, 0xff, 0x87, 0x2d, 0xb2, 0x25, 0x0d, 0xcc, 0x3f, 0x84, 0x7f, 0xc7,
++      0x52, 0xb6, 0x6d, 0x77, 0xe3, 0x3c, 0x85, 0x08, 0x4d, 0x3f, 0xa5, 0x3b,
++      0x4f, 0x30, 0x50, 0x3d, 0x2a, 0x06, 0xe6, 0xca, 0xbb, 0x90, 0x33, 0xd5,
++      0x9f, 0xc1, 0xdc, 0x15, 0xe3, 0x2f, 0x19, 0x84, 0x6a, 0x03, 0x9b, 0x91,
++      0x59, 0x7b, 0x0b, 0xa3, 0x14, 0x1a, 0x7d, 0x97, 0x17, 0x63, 0x00, 0x62,
++      0x17, 0x01, 0x17, 0xb2, 0x13, 0x1d, 0xab, 0x77, 0x40, 0x6e, 0x9e, 0xd7,
++      0xd6, 0x6b, 0x2c, 0x75, 0x4d, 0x84, 0x9c, 0x60},
++     {{Action::WRAP,
++       {SECSuccess, true}},  // Round counter overflows - acceptable
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {106,  // empty keys cannot be wrapped
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {},
++     {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {107,  // keys of size 8 byte cannot be wrapped
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
++     {0x18, 0x1b, 0xa6, 0xa3, 0xa4, 0x39, 0x24, 0x69, 0xe3, 0xde, 0x98, 0xdd,
++      0xbb, 0xdd, 0x24, 0x32},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {108,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {109,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {110,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01, 0x02},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {111,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01, 0x02, 0x03},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {112,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01, 0x02, 0x03, 0x04},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {113,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {114,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {115,  // wrapped key size must be divisible by 8
++     {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
++      0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
++      0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
++      0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {116,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {},
++     {},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {117,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {},
++     {0x9f},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {118,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {},
++     {0xdc, 0x9e, 0x95, 0x80},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {119,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {},
++     {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {120,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {},
++     {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45,
++      0x91, 0xca, 0x6b},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {121,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {},
++     {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18,
++      0x31, 0x33, 0x8f, 0x33, 0xae},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {122,  // invalid size of wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {},
++     {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff,
++      0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00},
++     {{Action::WRAP, {SECFailure, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {123,  // bytes appended to wrapped key
++     {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
++      0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
++      0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
++      0x0c, 0x0d, 0x0e, 0x0f},
++     {0x7d, 0xfb, 0xd7, 0xcf, 0x61, 0x58, 0xd7, 0x5b, 0xb5,
++      0x90, 0x0b, 0x3b, 0xf1, 0xe3, 0x87, 0x10, 0x03, 0x40,
++      0x2a, 0x65, 0x08, 0xb1, 0x91, 0x28, 0x00},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {124,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xa4, 0x17, 0x67, 0x1b, 0xc6, 0x2a, 0x23, 0xc7, 0xa6, 0x55, 0x43, 0x09,
++      0x21, 0x24, 0x02, 0x4d, 0xf7, 0x2c, 0x04, 0x8d, 0x8d, 0xb3, 0x30, 0xc7},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {125,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x95, 0x18, 0xd0, 0xf9, 0x9d, 0x7a, 0x73, 0xed, 0x4a, 0x50, 0x2b, 0x44,
++      0x9c, 0x14, 0xc2, 0x85, 0x97, 0x1b, 0x0e, 0x61, 0x77, 0xce, 0x0e, 0xca},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {126,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xf3, 0x51, 0x1f, 0x04, 0x91, 0xbd, 0x74, 0xae, 0x1d, 0xef, 0xb5, 0x30,
++      0x7f, 0x0e, 0x18, 0xdb, 0x86, 0x4b, 0x57, 0xb5, 0xc4, 0x04, 0xd4, 0x28},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {127,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x6c, 0x03, 0xce, 0x77, 0x92, 0x59, 0x66, 0x1c, 0x43, 0xd4, 0x1d, 0x5d,
++      0x0e, 0x45, 0x68, 0x7f, 0x87, 0x43, 0x53, 0xbb, 0xa5, 0x16, 0xc7, 0x3e},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {128,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x8d, 0xf0, 0x19, 0x69, 0xa1, 0x1c, 0x87, 0x02, 0x65, 0x35, 0xbf, 0xcc,
++      0xf7, 0x2b, 0x1d, 0x06, 0x4c, 0x86, 0xec, 0xc7, 0xe5, 0x22, 0x71, 0x57},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {129,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x8e, 0xd1, 0xcd, 0xe2, 0x28, 0xd9, 0xc8, 0xd0, 0x46, 0xdc, 0xa6, 0x5c,
++      0x7a, 0x27, 0xae, 0xf2, 0xed, 0xf8, 0xae, 0x90, 0xc7, 0x05, 0xd1, 0xe9},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {130,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xd6, 0x9b, 0x3e, 0x34, 0xe9, 0xde, 0x38, 0xd4, 0x4d, 0xe1, 0x99, 0x89,
++      0x92, 0x36, 0x2a, 0x6f, 0xa1, 0xf6, 0x96, 0xb5, 0xac, 0xab, 0x3f, 0x10},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {131,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x67, 0x86, 0x51, 0x22, 0xaf, 0x32, 0x94, 0xb8, 0xda, 0x05, 0x88, 0x77,
++      0x51, 0x25, 0xcb, 0xd6, 0xdc, 0x19, 0xd5, 0xe5, 0xca, 0xb9, 0x7b, 0x6d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {132,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x9f, 0x0f, 0xa5, 0x23, 0x63, 0xdd, 0x55, 0xdf, 0x47, 0x2d, 0x86, 0x7e,
++      0x6f, 0xaf, 0x5d, 0xa8, 0xeb, 0x20, 0x4a, 0x1d, 0x6d, 0x49, 0x70, 0x30},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {133,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xc3, 0x99, 0xf9, 0x99, 0xc9, 0x6a, 0x42, 0x04, 0x32, 0x5e, 0x7f, 0x08,
++      0xd6, 0xa4, 0xde, 0x25, 0x6f, 0xaf, 0x21, 0xec, 0x2c, 0x00, 0x7d, 0xdf},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {134,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0x28, 0x20, 0x82, 0x26, 0x4a, 0x87, 0xdc, 0x35, 0xce, 0x1c, 0xc5, 0xb9,
++      0x93, 0x1b, 0x77, 0xd8, 0x0d, 0x82, 0xfc, 0xac, 0xc0, 0x92, 0x7f, 0x85},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {135,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5},
++     {0xc1, 0x92, 0xc9, 0x0b, 0x83, 0x00, 0x3c, 0xa9, 0x67, 0x44, 0x49, 0x80,
++      0x14, 0xb6, 0xad, 0x6b, 0xed, 0xda, 0x83, 0x79, 0x55, 0x26, 0x98, 0x19},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {136,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x30, 0xa9, 0x83, 0xcd, 0x9e, 0x69, 0xd5, 0x61, 0xac, 0xc9, 0x5c,
++      0x42, 0xb2, 0x52, 0xab, 0xa4, 0x18, 0x5f, 0x83, 0x92, 0xf2, 0xe6,
++      0xc9, 0x35, 0xc8, 0xeb, 0x10, 0x5a, 0xf8, 0x08, 0x2e, 0x34},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {137,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x4d, 0xe9, 0xa6, 0x39, 0xb7, 0x99, 0x63, 0x0b, 0x45, 0xb4, 0x9e,
++      0x28, 0xdb, 0xfc, 0x44, 0xda, 0xbb, 0x98, 0x43, 0xee, 0x58, 0x8a,
++      0x8c, 0xff, 0x28, 0x6b, 0x8d, 0x5f, 0xbd, 0x7b, 0x32, 0xee},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {138,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xd9, 0x15, 0xb2, 0xcd, 0xfb, 0x76, 0x9d, 0x9d, 0x82, 0x25, 0x9d,
++      0xc3, 0xd1, 0x24, 0x64, 0x6b, 0xbf, 0x97, 0x2b, 0x83, 0xef, 0xd4,
++      0xc2, 0xea, 0xe9, 0xb9, 0xf7, 0x51, 0x07, 0x3f, 0x78, 0xd6},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {139,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x11, 0x7d, 0x65, 0x3f, 0x48, 0x0b, 0x69, 0xfc, 0xe5, 0x64, 0xf1,
++      0xfe, 0x99, 0x57, 0x24, 0x92, 0x94, 0x51, 0x89, 0xed, 0x5a, 0xf7,
++      0x89, 0xce, 0x05, 0xa2, 0x65, 0x1b, 0xaf, 0x90, 0xbb, 0x5e},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {140,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x82, 0x26, 0xd0, 0x7a, 0x2f, 0x91, 0x9e, 0x24, 0xad, 0xa1, 0x08,
++      0x1c, 0x69, 0xa7, 0x55, 0x20, 0xbe, 0x89, 0x5e, 0x3a, 0x2b, 0xda,
++      0x9b, 0x80, 0x5d, 0x97, 0x47, 0x77, 0x3d, 0xde, 0xaa, 0x38},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {141,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xb0, 0xa7, 0x43, 0x45, 0xbe, 0xdf, 0x88, 0x65, 0x34, 0x8d, 0xaf,
++      0x45, 0xd0, 0x54, 0xb9, 0x9c, 0xe5, 0x15, 0xea, 0x8b, 0xe1, 0x36,
++      0x27, 0x0d, 0x1c, 0xf7, 0x1e, 0x1c, 0xfa, 0x7a, 0xa4, 0xa2},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {142,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xa2, 0x61, 0xdb, 0x77, 0xf1, 0x7f, 0x7e, 0xc7, 0x36, 0xd1, 0xa8,
++      0xbe, 0x16, 0xe5, 0xf9, 0xae, 0x43, 0x2f, 0xe2, 0xa1, 0x70, 0x12,
++      0xe5, 0xa6, 0xf0, 0x7c, 0x54, 0x26, 0xa9, 0xf0, 0xca, 0x59},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {143,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xc5, 0x3a, 0xcb, 0x5e, 0x09, 0x6b, 0x54, 0x54, 0x8e, 0x13, 0x85,
++      0xb2, 0xff, 0x18, 0xea, 0xef, 0x68, 0xd2, 0x35, 0xc9, 0x5b, 0x01,
++      0x94, 0xe7, 0x4a, 0x23, 0x83, 0xd3, 0xa7, 0xa5, 0x30, 0xdc},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {144,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xfa, 0xef, 0x48, 0x2d, 0x99, 0xeb, 0xb1, 0x80, 0xe5, 0xbc, 0x5e,
++      0x3c, 0xf7, 0x75, 0xba, 0x29, 0x2c, 0x2a, 0x3b, 0x6c, 0x44, 0xaa,
++      0x4a, 0x21, 0xad, 0x40, 0x09, 0x06, 0xf1, 0x1a, 0xf3, 0x92},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {145,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x73, 0xa4, 0x50, 0xb6, 0x3b, 0x07, 0xb3, 0xae, 0xce, 0x9d, 0x1a,
++      0xe5, 0xbf, 0x09, 0x7a, 0x3d, 0xd3, 0xfc, 0xf7, 0x3e, 0x3e, 0xc2,
++      0xf1, 0xbd, 0x8f, 0xc3, 0xb5, 0x58, 0x6c, 0xb9, 0xbd, 0x73},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {146,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0xd3, 0x4b, 0x6e, 0xe1, 0x84, 0xd3, 0x87, 0xc9, 0xaa, 0x4b, 0x2d,
++      0x18, 0x0a, 0xe0, 0xa8, 0x94, 0x98, 0x01, 0x4e, 0x55, 0xfe, 0x8e,
++      0x41, 0x6b, 0xe4, 0xf8, 0x26, 0xfc, 0xf7, 0xd5, 0x65, 0x22},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {147,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
++      0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
++     {0x2a, 0xf8, 0x23, 0xd1, 0x60, 0x28, 0x03, 0x74, 0x0b, 0xfa, 0x90,
++      0x40, 0xc2, 0xc4, 0xe7, 0x69, 0xa5, 0xb6, 0xde, 0x91, 0x9d, 0x40,
++      0x3c, 0xfb, 0xa9, 0xad, 0x36, 0x0f, 0x63, 0xaf, 0x11, 0x13},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {148,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0xdd, 0x78, 0xeb, 0xd3, 0x09, 0x1c, 0x55, 0xa5, 0xda, 0x5b,
++      0x24, 0x50, 0x42, 0x00, 0xf7, 0xfa, 0xdd, 0x1b, 0x3a, 0xc6,
++      0xad, 0x35, 0xf8, 0x14, 0xf7, 0x33, 0xe6, 0x03, 0xc1, 0x39,
++      0x36, 0x24, 0x5d, 0x69, 0xd8, 0x3f, 0x26, 0x2f, 0x6b, 0x1e},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {149,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0x3d, 0x83, 0x38, 0xea, 0xe7, 0xde, 0x32, 0x23, 0x99, 0xe1,
++      0xd1, 0xb4, 0xa3, 0xdf, 0x54, 0x32, 0x6b, 0x24, 0x2b, 0x56,
++      0x36, 0x12, 0xea, 0x4b, 0x27, 0xda, 0x22, 0xa0, 0x41, 0xd3,
++      0xc8, 0x09, 0x66, 0x91, 0x1b, 0xc0, 0x09, 0x91, 0x17, 0x61},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {150,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0xd0, 0x4b, 0xf7, 0x5c, 0xad, 0xd3, 0xb5, 0xf0, 0x99, 0xc3,
++      0x4b, 0x27, 0xa9, 0x1e, 0x64, 0xa8, 0xf2, 0xdb, 0xcf, 0x08,
++      0xe8, 0xc5, 0xc1, 0xc9, 0xf0, 0x7a, 0x77, 0x7e, 0xeb, 0x80,
++      0x5d, 0x5d, 0x0e, 0x8c, 0x5c, 0x01, 0xaf, 0xc4, 0x39, 0x44},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {151,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0xbe, 0x0c, 0x5d, 0x19, 0x3b, 0x61, 0xc5, 0x13, 0x7a, 0x8f,
++      0xd8, 0xa6, 0xd7, 0xd1, 0xed, 0x8f, 0x0f, 0xa2, 0x8c, 0xec,
++      0x51, 0x6f, 0x54, 0x46, 0x97, 0xc1, 0x2a, 0xdd, 0x4f, 0x8f,
++      0x4d, 0x5c, 0xfc, 0xa6, 0x5e, 0xde, 0xb1, 0x01, 0x99, 0x74},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {152,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0xa8, 0x3e, 0xbc, 0xbe, 0xb2, 0xbe, 0x9d, 0x68, 0x07, 0xb5,
++      0xcf, 0xc3, 0x1c, 0x89, 0x84, 0x9d, 0x13, 0x43, 0xdd, 0x4e,
++      0xb2, 0x2e, 0x5b, 0xfe, 0x9e, 0x2b, 0x2b, 0x37, 0x90, 0xad,
++      0x89, 0x00, 0x60, 0x1f, 0x1f, 0x5d, 0x54, 0xfd, 0x47, 0x2f},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {153,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0x41, 0x62, 0x21, 0x48, 0x5a, 0x6c, 0xb9, 0x8a, 0xd1, 0x34,
++      0x2e, 0xa9, 0xa1, 0x29, 0x26, 0xa9, 0xa1, 0x33, 0xea, 0xd8,
++      0xbd, 0x91, 0x93, 0x23, 0xfe, 0x78, 0x9b, 0xb8, 0xf8, 0x9a,
++      0x4f, 0xca, 0xf8, 0x1e, 0x1b, 0xe5, 0x4f, 0x9d, 0x35, 0x8e},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {154,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0xbf, 0x6a, 0x53, 0x28, 0x6f, 0xac, 0x48, 0xe7, 0xf2, 0x5d,
++      0x89, 0xb7, 0x05, 0x6b, 0x27, 0xaa, 0x91, 0x7d, 0x5b, 0x54,
++      0xc0, 0xd3, 0x17, 0x1d, 0xff, 0x36, 0x9f, 0x72, 0x49, 0x15,
++      0x3b, 0xf0, 0x9d, 0xa5, 0x89, 0x1e, 0xb4, 0xdc, 0x2d, 0x88},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {155,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0x99, 0xd5, 0x17, 0xa1, 0x32, 0x1b, 0xb6, 0x33, 0xb0, 0xd5,
++      0xf3, 0xaf, 0xda, 0x23, 0x72, 0xd3, 0xab, 0xf6, 0x8b, 0x41,
++      0xd1, 0x3c, 0xbf, 0xdf, 0xfc, 0x78, 0xf1, 0x73, 0xb8, 0x8b,
++      0xc4, 0xb9, 0x7e, 0xfc, 0xab, 0x2b, 0x29, 0x04, 0x78, 0x8d},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {156,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0xd9, 0x24, 0x56, 0xbc, 0x77, 0xa2, 0x68, 0xef, 0x71, 0xcb,
++      0xa7, 0x60, 0x64, 0xa1, 0xb7, 0x72, 0xd1, 0xfe, 0xe2, 0xae,
++      0x4f, 0x0e, 0xe3, 0xbb, 0x93, 0x2a, 0x2a, 0xdb, 0x2b, 0x03,
++      0x17, 0x96, 0xb9, 0xea, 0xdb, 0x51, 0x75, 0x3f, 0x28, 0x68},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {157,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0x5b, 0xb5, 0x46, 0x30, 0xab, 0x8d, 0x73, 0xa0, 0x40, 0xf0,
++      0xf8, 0x7e, 0x70, 0xe2, 0x63, 0xd1, 0xae, 0xb2, 0x35, 0x8b,
++      0xcd, 0xc0, 0xdc, 0xe6, 0x99, 0x4d, 0x0d, 0x87, 0x44, 0x52,
++      0xbb, 0xd8, 0x74, 0x1b, 0x7e, 0xc1, 0xd5, 0x9d, 0x82, 0x98},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {158,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0x45, 0x81, 0xd6, 0x53, 0x60, 0x39, 0xdb, 0x1b, 0x23, 0xda,
++      0x50, 0xc6, 0x48, 0x77, 0x7e, 0x90, 0xc8, 0x2d, 0x61, 0x28,
++      0xbb, 0x92, 0xe2, 0x8b, 0x29, 0x74, 0xba, 0xe1, 0x14, 0x15,
++      0x43, 0xa1, 0x9a, 0x15, 0x92, 0xfd, 0xa1, 0xfb, 0xd6, 0x1f},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {159,  // Incorrect IV
++     {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
++      0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
++      0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
++     {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
++      0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
++      0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
++     {0xd3, 0x5b, 0xc6, 0x7e, 0x62, 0x06, 0x4c, 0x34, 0xf4, 0x81,
++      0x50, 0x99, 0x9b, 0xa3, 0x0d, 0xed, 0x47, 0x5d, 0x8c, 0x75,
++      0x97, 0x8f, 0x45, 0x73, 0x73, 0x20, 0xf2, 0x3e, 0xda, 0xaa,
++      0x7a, 0x40, 0xd7, 0x80, 0x3f, 0xc6, 0x1a, 0xdd, 0x34, 0xa4},
++     {{Action::WRAP, {SECSuccess, false}},
++      {Action::UNWRAP, {SECFailure, false}}}},
++
++    {160,  // RFC 3394
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
++      0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
++      0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
++     {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
++      0xcc, 0xdd, 0xee, 0xff},
++     {0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, 0x63, 0xe9, 0x77, 0x79,
++      0x05, 0x81, 0x8a, 0x2a, 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {161,  // RFC 3394
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
++      0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
++      0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
++     {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
++      0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
++     {0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, 0xf6, 0xe6, 0xf4,
++      0xfb, 0xe3, 0x0e, 0x71, 0xe4, 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c,
++      0xb8, 0x95, 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++
++    {162,  // RFC 3394
++     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
++      0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
++      0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
++     {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
++      0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
++      0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f},
++     {0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, 0xcb, 0xcc,
++      0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, 0x3f, 0x57, 0x86, 0xe2,
++      0xd8, 0x0e, 0xd3, 0x26, 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99,
++      0xf4, 0x3b, 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21},
++     {{Action::WRAP, {SECSuccess, true}},
++      {Action::UNWRAP, {SECSuccess, true}}}},
++};
++#endif  // kw_vectors_h__
 \ No newline at end of file
 diff --git a/nss/gtests/der_gtest/der_quickder_unittest.cc b/nss/gtests/der_gtest/der_quickder_unittest.cc
 index 9441179..a5301f1 100644
 --- a/nss/gtests/der_gtest/der_quickder_unittest.cc
 +++ b/nss/gtests/der_gtest/der_quickder_unittest.cc
@@ -16,17 +16,35 @@
  #include "secerr.h"
  #include "secitem.h"
--const SEC_ASN1Template mySEC_NullTemplate[] = {
--    {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}};
--
  namespace nss_test {
++struct TemplateAndInput {
++  const SEC_ASN1Template* t;
++  SECItem input;
++};
++
  class QuickDERTest : public ::testing::Test,
--                     public ::testing::WithParamInterface<SECItem> {};
++                     public ::testing::WithParamInterface<TemplateAndInput> {};
++static const uint8_t kBitstringTag = 0x03;
  static const uint8_t kNullTag = 0x05;
  static const uint8_t kLongLength = 0x80;
++const SEC_ASN1Template kBitstringTemplate[] = {
++    {SEC_ASN1_BIT_STRING, 0, NULL, sizeof(SECItem)}, {0}};
++
++// Empty bitstring with unused bits.
++static uint8_t kEmptyBitstringUnused[] = {kBitstringTag, 1, 1};
++
++// Bitstring with 8 unused bits.
++static uint8_t kBitstring8Unused[] = {kBitstringTag, 3, 8, 0xff, 0x00};
++
++// Bitstring with >8 unused bits.
++static uint8_t kBitstring9Unused[] = {kBitstringTag, 3, 9, 0xff, 0x80};
++
++const SEC_ASN1Template kNullTemplate[] = {
++    {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}, {0}};
++
  // Length of zero wrongly encoded as 0x80 instead of 0x00.
  static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0};
@@ -53,14 +71,22 @@ static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10,
 x00,     0x00,
 x00,     0x00};
--static const SECItem kInvalidDER[] = {
--    {siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)},
--    {siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)},
--    {siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)},
++#define TI(t, x)                  \
++  {                               \
++    t, { siBuffer, x, sizeof(x) } \
++  }
++static const TemplateAndInput kInvalidDER[] = {
++    TI(kBitstringTemplate, kEmptyBitstringUnused),
++    TI(kBitstringTemplate, kBitstring8Unused),
++    TI(kBitstringTemplate, kBitstring9Unused),
++    TI(kNullTemplate, kOverlongLength_0_0),
++    TI(kNullTemplate, kOverlongLength_1_0),
++    TI(kNullTemplate, kOverlongLength_16_0),
  };
++#undef TI
  TEST_P(QuickDERTest, InvalidLengths) {
--  const SECItem& original_input(GetParam());
++  const SECItem& original_input(GetParam().input);
    ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U));
    ASSERT_TRUE(copy_of_input);
@@ -69,11 +95,10 @@ TEST_P(QuickDERTest, InvalidLengths) {
    PORTCheapArenaPool pool;
    PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
--  ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U));
--  ASSERT_TRUE(parsed_value);
++  StackSECItem parsed_value;
    ASSERT_EQ(SECFailure,
--            SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(),
--                                   mySEC_NullTemplate, copy_of_input.get()));
++            SEC_QuickDERDecodeItem(&pool.arena, &parsed_value, GetParam().t,
++                                   copy_of_input.get()));
    ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
    PORT_DestroyCheapArena(&pool);
+ }
 diff --git a/nss/gtests/freebl_gtest/cmac_unittests.cc b/nss/gtests/freebl_gtest/cmac_unittests.cc
 new file mode 100644
 index 0000000..40088dc
 --- /dev/null
 +++ b/nss/gtests/freebl_gtest/cmac_unittests.cc
@@ -0,0 +1,187 @@
++// This Source Code Form is subject to the terms of the Mozilla Public
++// License, v. 2.0. If a copy of the MPL was not distributed with this file,
++// You can obtain one at http://mozilla.org/MPL/2.0/.
++
++#include "gtest/gtest.h"
++
++#include <stdint.h>
++#include <memory>
++
++#include "blapi.h"
++#include "secitem.h"
++#include "freebl_scoped_ptrs.h"
++
++class CmacAesTest : public ::testing::Test {
++ protected:
++  bool Compare(const uint8_t *actual, const uint8_t *expected,
++               unsigned int length) {
++    return strncmp((const char *)actual, (const char *)expected, length) == 0;
++  }
++};
++
++TEST_F(CmacAesTest, CreateInvalidSize) {
++  uint8_t key[1] = {0x00};
++  ScopedCMACContext ctx(CMAC_Create(CMAC_AES, key, sizeof(key)));
++  ASSERT_EQ(ctx, nullptr);
++}
++
++TEST_F(CmacAesTest, CreateRightSize) {
++  uint8_t *key = PORT_NewArray(uint8_t, AES_128_KEY_LENGTH);
++  ScopedCMACContext ctx(CMAC_Create(CMAC_AES, key, AES_128_KEY_LENGTH));
++
++  ASSERT_NE(ctx, nullptr);
++  PORT_Free(key);
++}
++
++// The following tests were taken from NIST's Cryptographic Standards and
++// Guidelines page for AES-CMAC Examples with Intermediate Values. These same
++// test vectors for AES-128 can be found in RFC 4493, Section 4.
++
++static const uint8_t kNistKeys[][AES_256_KEY_LENGTH] = {
++    {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15,
++     0x88, 0x09, 0xCF, 0x4F, 0x3C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
++    {0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 0xC8, 0x10, 0xF3,
++     0x2B, 0x80, 0x90, 0x79, 0xE5, 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C,
++     0x6B, 0x7B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
++    {0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 0x2B, 0x73, 0xAE,
++     0xF0, 0x85, 0x7D, 0x77, 0x81, 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61,
++     0x08, 0xD7, 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4}};
++static const size_t kNistKeyLengthsCount = PR_ARRAY_SIZE(kNistKeys);
++static const unsigned int kNistKeyLengths[kNistKeyLengthsCount] = {
++    AES_128_KEY_LENGTH, AES_192_KEY_LENGTH, AES_256_KEY_LENGTH};
++
++static const uint8_t kNistPlaintext[64] = {
++    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E,
++    0x11, 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03,
++    0xAC, 0x9C, 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, 0x30,
++    0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 0xE5, 0xFB, 0xC1, 0x19,
++    0x1A, 0x0A, 0x52, 0xEF, 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B,
++    0x17, 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10};
++static const unsigned int kNistPlaintextLengths[] = {0, 16, 20, 64};
++static const size_t kNistPlaintextLengthsCount =
++    PR_ARRAY_SIZE(kNistPlaintextLengths);
++
++// This table contains the result of a CMAC over kNistPlaintext using keys from
++// kNistKeys.  For each key, there are kNistPlaintextLengthsCount answers, all
++// listed one after the other as the input is truncated to the different sizes
++// in kNistPlaintextLengths.
++static const uint8_t kNistKnown[][AES_BLOCK_SIZE] = {
++    {0xBB, 0x1D, 0x69, 0x29, 0xE9, 0x59, 0x37, 0x28, 0x7F, 0xA3, 0x7D, 0x12,
++     0x9B, 0x75, 0x67, 0x46},
++    {0x07, 0x0A, 0x16, 0xB4, 0x6B, 0x4D, 0x41, 0x44, 0xF7, 0x9B, 0xDD, 0x9D,
++     0xD0, 0x4A, 0x28, 0x7C},
++    {0x7D, 0x85, 0x44, 0x9E, 0xA6, 0xEA, 0x19, 0xC8, 0x23, 0xA7, 0xBF, 0x78,
++     0x83, 0x7D, 0xFA, 0xDE},
++    {0x51, 0xF0, 0xBE, 0xBF, 0x7E, 0x3B, 0x9D, 0x92, 0xFC, 0x49, 0x74, 0x17,
++     0x79, 0x36, 0x3C, 0xFE},
++    {0xD1, 0x7D, 0xDF, 0x46, 0xAD, 0xAA, 0xCD, 0xE5, 0x31, 0xCA, 0xC4, 0x83,
++     0xDE, 0x7A, 0x93, 0x67},
++    {0x9E, 0x99, 0xA7, 0xBF, 0x31, 0xE7, 0x10, 0x90, 0x06, 0x62, 0xF6, 0x5E,
++     0x61, 0x7C, 0x51, 0x84},
++    {0x3D, 0x75, 0xC1, 0x94, 0xED, 0x96, 0x07, 0x04, 0x44, 0xA9, 0xFA, 0x7E,
++     0xC7, 0x40, 0xEC, 0xF8},
++    {0xA1, 0xD5, 0xDF, 0x0E, 0xED, 0x79, 0x0F, 0x79, 0x4D, 0x77, 0x58, 0x96,
++     0x59, 0xF3, 0x9A, 0x11},
++    {0x02, 0x89, 0x62, 0xF6, 0x1B, 0x7B, 0xF8, 0x9E, 0xFC, 0x6B, 0x55, 0x1F,
++     0x46, 0x67, 0xD9, 0x83},
++    {0x28, 0xA7, 0x02, 0x3F, 0x45, 0x2E, 0x8F, 0x82, 0xBD, 0x4B, 0xF2, 0x8D,
++     0x8C, 0x37, 0xC3, 0x5C},
++    {0x15, 0x67, 0x27, 0xDC, 0x08, 0x78, 0x94, 0x4A, 0x02, 0x3C, 0x1F, 0xE0,
++     0x3B, 0xAD, 0x6D, 0x93},
++    {0xE1, 0x99, 0x21, 0x90, 0x54, 0x9F, 0x6E, 0xD5, 0x69, 0x6A, 0x2C, 0x05,
++     0x6C, 0x31, 0x54, 0x10}};
++PR_STATIC_ASSERT(PR_ARRAY_SIZE(kNistKnown) ==
++                 kNistKeyLengthsCount * kNistPlaintextLengthsCount);
++
++TEST_F(CmacAesTest, AesNistAligned) {
++  for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount;
++       key_index++) {
++    ScopedCMACContext ctx(CMAC_Create(CMAC_AES, kNistKeys[key_index],
++                                      kNistKeyLengths[key_index]));
++    ASSERT_NE(ctx, nullptr);
++
++    for (unsigned int plaintext_index = 0;
++         plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) {
++      CMAC_Begin(ctx.get());
++
++      unsigned int known_index =
++          (key_index * kNistPlaintextLengthsCount) + plaintext_index;
++      CMAC_Update(ctx.get(), kNistPlaintext,
++                  kNistPlaintextLengths[plaintext_index]);
++
++      uint8_t output[AES_BLOCK_SIZE];
++      CMAC_Finish(ctx.get(), output, NULL, AES_BLOCK_SIZE);
++
++      ASSERT_TRUE(Compare(output, kNistKnown[known_index], AES_BLOCK_SIZE));
++    }
++  }
++}
++
++TEST_F(CmacAesTest, AesNistUnaligned) {
++  for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount;
++       key_index++) {
++    unsigned int key_length = kNistKeyLengths[key_index];
++    ScopedCMACContext ctx(
++        CMAC_Create(CMAC_AES, kNistKeys[key_index], key_length));
++    ASSERT_NE(ctx, nullptr);
++
++    // Skip the zero-length test.
++    for (unsigned int plaintext_index = 1;
++         plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) {
++      unsigned int known_index =
++          (key_index * kNistPlaintextLengthsCount) + plaintext_index;
++      unsigned int plaintext_length = kNistPlaintextLengths[plaintext_index];
++
++      // Test all possible offsets and make sure that misaligned updates
++      // produce the desired result. That is, do two updates:
++      //  0      ... offset
++      //  offset ... len - offset
++      // and ensure the result is the same as doing one update.
++      for (unsigned int offset = 1; offset < plaintext_length; offset++) {
++        CMAC_Begin(ctx.get());
++
++        CMAC_Update(ctx.get(), kNistPlaintext, offset);
++        CMAC_Update(ctx.get(), kNistPlaintext + offset,
++                    plaintext_length - offset);
++
++        uint8_t output[AES_BLOCK_SIZE];
++        CMAC_Finish(ctx.get(), output, NULL, AES_BLOCK_SIZE);
++
++        ASSERT_TRUE(Compare(output, kNistKnown[known_index], AES_BLOCK_SIZE));
++      }
++    }
++  }
++}
++
++TEST_F(CmacAesTest, AesNistTruncated) {
++  for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount;
++       key_index++) {
++    unsigned int key_length = kNistKeyLengths[key_index];
++    ScopedCMACContext ctx(
++        CMAC_Create(CMAC_AES, kNistKeys[key_index], key_length));
++    ASSERT_TRUE(ctx != nullptr);
++
++    // Skip the zero-length test.
++    for (unsigned int plaintext_index = 1;
++         plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) {
++      unsigned int known_index =
++          (key_index * kNistPlaintextLengthsCount) + plaintext_index;
++      unsigned int plaintext_length = kNistPlaintextLengths[plaintext_index];
++
++      // Test truncated outputs to ensure that we always get the desired values.
++      for (unsigned int out_len = 1; out_len < AES_BLOCK_SIZE; out_len++) {
++        CMAC_Begin(ctx.get());
++
++        CMAC_Update(ctx.get(), kNistPlaintext, plaintext_length);
++
++        unsigned int actual_out_len = 0;
++        uint8_t output[AES_BLOCK_SIZE];
++        CMAC_Finish(ctx.get(), output, &actual_out_len, out_len);
++
++        ASSERT_TRUE(actual_out_len == out_len);
++        ASSERT_TRUE(Compare(output, kNistKnown[known_index], out_len));
++      }
++    }
++  }
++}
 diff --git a/nss/gtests/freebl_gtest/freebl_gtest.gyp b/nss/gtests/freebl_gtest/freebl_gtest.gyp
 index 238f05e..c19db41 100644
 --- a/nss/gtests/freebl_gtest/freebl_gtest.gyp
 +++ b/nss/gtests/freebl_gtest/freebl_gtest.gyp
@@ -23,6 +23,7 @@
          '<(DEPTH)/lib/dev/dev.gyp:nssdev',
          '<(DEPTH)/lib/pki/pki.gyp:nsspki',
          '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
++        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
        ],
      },
+     {
@@ -34,6 +35,7 @@
          'ecl_unittest.cc',
          'ghash_unittest.cc',
          'rsa_unittest.cc',
++        'cmac_unittests.cc',
          '<(DEPTH)/gtests/common/gtests.cc'
        ],
        'dependencies': [
 diff --git a/nss/gtests/freebl_gtest/mpi_unittest.cc b/nss/gtests/freebl_gtest/mpi_unittest.cc
 index fbc27d0..56b7454 100644
 --- a/nss/gtests/freebl_gtest/mpi_unittest.cc
 +++ b/nss/gtests/freebl_gtest/mpi_unittest.cc
@@ -290,4 +290,4 @@ TEST_F(DISABLED_MPITest, MpiCmpConstTest) {
    mp_clear(&c);
+ }
--}  // nss_test
++}  // namespace nss_test
 diff --git a/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp b/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
 index 899b849..1623d76 100644
 --- a/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
 +++ b/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
@@ -43,6 +43,7 @@
          '<(DEPTH)/lib/base/base.gyp:nssb',
          '<(DEPTH)/lib/dev/dev.gyp:nssdev',
          '<(DEPTH)/lib/pki/pki.gyp:nsspki',
++        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
          '<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix',
          '<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix-testlib',
        ],
 diff --git a/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp b/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
 index e70f795..c66f06e 100644
 --- a/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
 +++ b/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
@@ -191,8 +191,10 @@ TEST_F(pkixder_input_tests, ReadByteWrapAroundPointer)
    // a null pointer is undefined behavior according to the C++ language spec.,
    // but this should catch the problem on at least some compilers, if not all of
    // them.
--  const uint8_t* der = nullptr;
--  --der;
++  uintptr_t derint = -1;
++  auto der = reinterpret_cast<const uint8_t*>(derint);
++  ASSERT_EQ(sizeof(der), sizeof(derint))
++      << "underflow of pointer might not work";
    Input buf;
    ASSERT_EQ(Success, buf.Init(der, 0));
    Reader input(buf);
 diff --git a/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp b/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
 index 260c735..0dc8555 100644
 --- a/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
 +++ b/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
@@ -1224,3 +1224,53 @@ TEST_F(pkixder_universal_types_tests, OID)
    ASSERT_EQ(Success, OID(reader, expectedOID));
+ }
++
++TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTag)
++{
++  const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
++    0x81,
++    0x04,
++      0x00,
++      0x0A,
++      0x0B,
++      0x0C,
++  };
++  Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
++  Reader reader(input);
++
++  ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
++  ASSERT_TRUE(reader.AtEnd());
++}
++
++TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTagMismatch)
++{
++  const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
++    0x81,
++    0x04,
++      0x00,
++      0x0A,
++      0x0B,
++      0x0C,
++  };
++  Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
++  Reader reader(input);
++
++  ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 2));
++  ASSERT_FALSE(reader.AtEnd());
++}
++
++TEST_F(pkixder_universal_types_tests, NoSkipOptionalImplicitConstructedTag)
++{
++  const uint8_t DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1[] = {
++    0xA1,
++    0x03,
++      0x05,
++      0x01,
++      0x00,
++  };
++  Input input(DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1);
++  Reader reader(input);
++
++  ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
++  ASSERT_FALSE(reader.AtEnd());
++}
 diff --git a/nss/gtests/pk11_gtest/manifest.mn b/nss/gtests/pk11_gtest/manifest.mn
 index b774f1d..861f45f 100644
 --- a/nss/gtests/pk11_gtest/manifest.mn
 +++ b/nss/gtests/pk11_gtest/manifest.mn
@@ -9,20 +9,24 @@ MODULE = nss
  CPPSRCS = \
        pk11_aes_gcm_unittest.cc \
        pk11_aeskeywrap_unittest.cc \
++      pk11_aeskeywrappad_unittest.cc \
        pk11_cbc_unittest.cc \
        pk11_chacha20poly1305_unittest.cc \
        pk11_curve25519_unittest.cc \
++      pk11_der_private_key_import_unittest.cc \
        pk11_ecdsa_unittest.cc \
        pk11_encrypt_derive_unittest.cc \
        pk11_export_unittest.cc \
        pk11_find_certs_unittest.cc \
        pk11_import_unittest.cc \
++      pk11_keygen.cc \
++      pk11_key_unittest.cc \
        pk11_pbkdf2_unittest.cc \
        pk11_prf_unittest.cc \
        pk11_prng_unittest.cc \
        pk11_rsapkcs1_unittest.cc \
        pk11_rsapss_unittest.cc \
--      pk11_der_private_key_import_unittest.cc \
++      pk11_seed_cbc_unittest.cc \
        $(NULL)
  INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
 diff --git a/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc b/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc
 new file mode 100644
 index 0000000..c520fff
 --- /dev/null
 +++ b/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc
@@ -0,0 +1,91 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
++ * You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include <memory>
++#include "nss.h"
++#include "pk11pub.h"
++#include "secerr.h"
++#include "sechash.h"
++
++#include "blapi.h"
++
++#include "gtest/gtest.h"
++#include "nss_scoped_ptrs.h"
++#include "util.h"
++
++namespace nss_test {
++
++class Pkcs11AesCmacTest : public ::testing::Test {
++ protected:
++  ScopedPK11SymKey ImportKey(CK_MECHANISM_TYPE mech, SECItem *key_item) {
++    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
++    if (!slot) {
++      ADD_FAILURE() << "Can't get slot";
++      return nullptr;
++    }
++
++    ScopedPK11SymKey result(PK11_ImportSymKey(
++        slot.get(), mech, PK11_OriginUnwrap, CKA_SIGN, key_item, nullptr));
++
++    return result;
++  }
++
++  void RunTest(uint8_t *key, unsigned int key_len, uint8_t *data,
++               unsigned int data_len, uint8_t *expected,
++               unsigned int expected_len, CK_ULONG mechanism) {
++    // Create SECItems for everything...
++    std::vector<uint8_t> output(expected_len);
++    SECItem key_item = {siBuffer, key, key_len};
++    SECItem output_item = {siBuffer, output.data(), expected_len};
++    SECItem data_item = {siBuffer, data, data_len};
++    SECItem expected_item = {siBuffer, expected, expected_len};
++
++    // Do the PKCS #11 stuff...
++    ScopedPK11SymKey p11_key = ImportKey(mechanism, &key_item);
++    ASSERT_NE(nullptr, p11_key.get());
++
++    SECStatus ret = PK11_SignWithSymKey(p11_key.get(), CKM_AES_CMAC, NULL,
++                                        &output_item, &data_item);
++
++    // Verify the result...
++    ASSERT_EQ(SECSuccess, ret);
++    ASSERT_EQ(0, SECITEM_CompareItem(&output_item, &expected_item));
++  }
++};
++
++// Sanity check of the PKCS #11 API only. Extensive tests for correctness of
++// underling CMAC implementation conducted in the following file:
++//      gtests/freebl_gtest/cmac_unittests.cc
++
++TEST_F(Pkcs11AesCmacTest, Aes128NistExample1) {
++  uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE,
++                                     0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
++                                     0x09, 0xCF, 0x4F, 0x3C};
++  uint8_t known[AES_BLOCK_SIZE] = {0xBB, 0x1D, 0x69, 0x29, 0xE9, 0x59,
++                                   0x37, 0x28, 0x7F, 0xA3, 0x7D, 0x12,
++                                   0x9B, 0x75, 0x67, 0x46};
++
++  RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, AES_BLOCK_SIZE,
++          CKM_AES_CMAC);
++}
++
++TEST_F(Pkcs11AesCmacTest, General) {
++  uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE,
++                                     0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
++                                     0x09, 0xCF, 0x4F, 0x3C};
++  uint8_t known[4] = {0xBB, 0x1D, 0x69, 0x29};
++
++  RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, 4, CKM_AES_CMAC_GENERAL);
++}
++
++TEST_F(Pkcs11AesCmacTest, InvalidKeySize) {
++  uint8_t key[4] = {0x00, 0x00, 0x00, 0x00};
++  SECItem key_item = {siBuffer, key, 4};
++
++  ScopedPK11SymKey result = ImportKey(CKM_AES_CMAC, &key_item);
++  ASSERT_EQ(nullptr, result.get());
++}
++}
 diff --git a/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc b/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
 index 9505b43..2c58063 100644
 --- a/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
 +++ b/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
@@ -37,47 +37,57 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
+     }
      // Prepare AEAD params.
--    CK_GCM_PARAMS gcmParams;
--    gcmParams.pIv = iv.data();
--    gcmParams.ulIvLen = iv.size();
--    gcmParams.pAAD = aad.data();
--    gcmParams.ulAADLen = aad.size();
--    gcmParams.ulTagBits = 128;
++    CK_GCM_PARAMS gcm_params;
++    gcm_params.pIv = iv.data();
++    gcm_params.ulIvLen = iv.size();
++    gcm_params.pAAD = aad.data();
++    gcm_params.ulAADLen = aad.size();
++    gcm_params.ulTagBits = 128;
--    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams),
--                      sizeof(gcmParams)};
++    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcm_params),
++                      sizeof(gcm_params)};
      ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
--    SECItem keyItem = {siBuffer, key.data(),
--                       static_cast<unsigned int>(key.size())};
++    SECItem key_item = {siBuffer, key.data(),
++                        static_cast<unsigned int>(key.size())};
      // Import key.
--    ScopedPK11SymKey symKey(PK11_ImportSymKey(
--        slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
--    ASSERT_TRUE(!!symKey) << msg;
++    ScopedPK11SymKey sym_key(PK11_ImportSymKey(
++        slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, nullptr));
++    ASSERT_TRUE(!!sym_key) << msg;
      // Encrypt with bogus parameters.
--    unsigned int outputLen = 0;
--    std::vector<uint8_t> output(plaintext.size() + gcmParams.ulTagBits / 8);
--    gcmParams.ulTagBits = 159082344;
++    unsigned int output_len = 0;
++    std::vector<uint8_t> output(plaintext.size() + gcm_params.ulTagBits / 8);
++    // "maxout" must be at least "inlen + tagBytes", or, in this case:
++    // "output.size()" must be at least "plaintext.size() + tagBytes"
++    gcm_params.ulTagBits = 128;
      SECStatus rv =
--        PK11_Encrypt(symKey.get(), mech, &params, output.data(), &outputLen,
--                     output.size(), plaintext.data(), plaintext.size());
++        PK11_Encrypt(sym_key.get(), mech, &params, output.data(), &output_len,
++                     output.size() - 10, plaintext.data(), plaintext.size());
      EXPECT_EQ(SECFailure, rv);
--    EXPECT_EQ(0U, outputLen);
--    gcmParams.ulTagBits = 128;
++    EXPECT_EQ(0U, output_len);
++
++    // The valid values for tag size in AES_GCM are:
++    // 32, 64, 96, 104, 112, 120 and 128.
++    gcm_params.ulTagBits = 110;
++    rv = PK11_Encrypt(sym_key.get(), mech, &params, output.data(), &output_len,
++                      output.size(), plaintext.data(), plaintext.size());
++    EXPECT_EQ(SECFailure, rv);
++    EXPECT_EQ(0U, output_len);
      // Encrypt.
--    rv = PK11_Encrypt(symKey.get(), mech, &params, output.data(), &outputLen,
++    gcm_params.ulTagBits = 128;
++    rv = PK11_Encrypt(sym_key.get(), mech, &params, output.data(), &output_len,
                        output.size(), plaintext.data(), plaintext.size());
      if (invalid_iv) {
--      EXPECT_EQ(rv, SECFailure) << msg;
--      EXPECT_EQ(0U, outputLen);
++      EXPECT_EQ(SECFailure, rv) << msg;
++      EXPECT_EQ(0U, output_len);
        return;
+     }
--    EXPECT_EQ(rv, SECSuccess) << msg;
++    EXPECT_EQ(SECSuccess, rv) << msg;
--    ASSERT_EQ(outputLen, output.size()) << msg;
++    ASSERT_EQ(output_len, output.size()) << msg;
      // Check ciphertext and tag.
      if (invalid_ct) {
@@ -87,48 +97,49 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
+     }
      // Decrypt.
--    unsigned int decryptedLen = 0;
++    unsigned int decrypted_len = 0;
      // The PK11 AES API is stupid, it expects an explicit IV and thus wants
      // a block more of available output memory.
      std::vector<uint8_t> decrypted(output.size());
--    rv =
--        PK11_Decrypt(symKey.get(), mech, &params, decrypted.data(),
--                     &decryptedLen, decrypted.size(), output.data(), outputLen);
--    EXPECT_EQ(rv, SECSuccess) << msg;
--    ASSERT_EQ(decryptedLen, plaintext.size()) << msg;
++    rv = PK11_Decrypt(sym_key.get(), mech, &params, decrypted.data(),
++                      &decrypted_len, decrypted.size(), output.data(),
++                      output_len);

Ubuntunss package