From 563720283c162ebef1cc4e9a682f23763b142f03 Mon Sep 17 00:00:00 2001
From: Nikolas <nik.wipper@gmx.de>
Date: Fri, 17 Apr 2026 12:01:32 +0200
Subject: [PATCH 1/3] Revert "chore: Rename crate to nss (#35)"

This reverts commit 3c99b2581d1b17a66d531db9d0aab5237c62ba59.
---
 Cargo.lock              |  6 +++---
 Cargo.toml              |  4 ++--
 src/sig.rs              |  2 +-
 test-fixture/Cargo.toml |  4 ++--
 test-fixture/src/lib.rs |  2 +-
 tests/aead.rs           |  2 +-
 tests/agent.rs          |  4 ++--
 tests/ext.rs            |  2 +-
 tests/handshake.rs      |  2 +-
 tests/hkdf.rs           |  2 +-
 tests/hp.rs             |  2 +-
 tests/init.rs           | 16 ++++++++--------
 tests/selfencrypt.rs    |  2 +-
 13 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index aedb673..6028fa5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -159,8 +159,8 @@ dependencies = [
 ]
 
 [[package]]
-name = "nss"
-version = "0.8.0"
+name = "nss-rs"
+version = "0.3.0"
 dependencies = [
  "bindgen",
  "enum-map",
@@ -333,7 +333,7 @@ name = "test-fixture"
 version = "0.1.0"
 dependencies = [
  "log",
- "nss",
+ "nss-rs",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 10a38a2..2199398 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
-name = "nss"
-version = "0.8.0"
+name = "nss-rs"
+version = "0.3.0"
 authors = ["Martin Thomson <mt@lowentropy.net>", "Andy Leiserson <aleiserson@mozilla.com>", "John M. Schanck <jschanck@mozilla.com>", "Benjamin Beurdouche <beurdouche@mozilla.com>", "Anna Weine <anna.weine@mozilla.com>"]
 categories = ["network-programming", "web-programming"]
 keywords = ["nss", "crypto", "mozilla", "firefox"]
diff --git a/src/sig.rs b/src/sig.rs
index afaceab..5ab2b12 100644
--- a/src/sig.rs
+++ b/src/sig.rs
@@ -21,7 +21,7 @@
 
 // use crate::Result;
 use nss::ec::{Curve, PublicKey};
-use nss::HashAlgorithm;
+use nss_rs::HashAlgorithm;
 
 /// A signature verification algorithm.
 pub struct SignatureAlgorithm {
diff --git a/test-fixture/Cargo.toml b/test-fixture/Cargo.toml
index 7a52f9f..cb2669e 100644
--- a/test-fixture/Cargo.toml
+++ b/test-fixture/Cargo.toml
@@ -8,10 +8,10 @@ license = "MIT/Apache-2.0"
 
 [dependencies]
 log = {version = "0.4.0", default-features = false}
-nss = { path = "../" }
+nss-rs = { path = "../" }
 
 [features]
-bench = ["nss/bench"]
+bench = ["nss-rs/bench"]
 disable-random = []
 
 [package.metadata.cargo-machete]
diff --git a/test-fixture/src/lib.rs b/test-fixture/src/lib.rs
index 97bd2fa..f1ae154 100644
--- a/test-fixture/src/lib.rs
+++ b/test-fixture/src/lib.rs
@@ -11,7 +11,7 @@ use std::{
     time::{Duration, Instant},
 };
 
-use nss::{init_db, AntiReplay};
+use nss_rs::{init_db, AntiReplay};
 
 /// The path for the database used in tests.
 ///
diff --git a/tests/aead.rs b/tests/aead.rs
index 230d696..693fd52 100644
--- a/tests/aead.rs
+++ b/tests/aead.rs
@@ -7,7 +7,7 @@
 #![warn(clippy::pedantic)]
 #![cfg(not(feature = "disable-encryption"))]
 
-use nss::{
+use nss_rs::{
     RecordProtection,
     constants::{Cipher, TLS_AES_128_GCM_SHA256, TLS_VERSION_1_3},
     hkdf,
diff --git a/tests/agent.rs b/tests/agent.rs
index 776c26d..a5729d4 100644
--- a/tests/agent.rs
+++ b/tests/agent.rs
@@ -3,7 +3,7 @@
 
 use std::ffi::CStr;
 
-use nss::{
+use nss_rs::{
     AuthenticationStatus, Client, Error, HandshakeState, Res, SecretAgentPreInfo, Server,
     TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_GRP_EC_SECP256R1, TLS_GRP_EC_X25519,
     TLS_SIG_ECDSA_SECP256R1_SHA256, TLS_VERSION_1_3, ZeroRttCheckResult, ZeroRttChecker,
@@ -151,7 +151,7 @@ fn ocsp_stapling_and_signed_cert_timestamps() {
     fixture_init();
     let mut client = Client::new("server.example", true).expect("should create client");
     client
-        .set_option(nss::Opt::SignedCertificateTimestamps, true)
+        .set_option(nss_rs::Opt::SignedCertificateTimestamps, true)
         .unwrap();
     let ocsp_response = b"fake ocsp response";
     let scts = b"fake signed certificate timestamps";
diff --git a/tests/ext.rs b/tests/ext.rs
index 86b3454..1ec1581 100644
--- a/tests/ext.rs
+++ b/tests/ext.rs
@@ -7,7 +7,7 @@
 use std::{cell::RefCell, rc::Rc};
 
 use handshake::forward_records;
-use nss::{
+use nss_rs::{
     AuthenticationStatus, Client, Error, HandshakeState, Server,
     constants::{HandshakeMessage, TLS_HS_CLIENT_HELLO, TLS_HS_ENCRYPTED_EXTENSIONS},
     ext::{ExtensionHandler, ExtensionHandlerResult, ExtensionWriterResult},
diff --git a/tests/handshake.rs b/tests/handshake.rs
index c0406de..5e65f1b 100644
--- a/tests/handshake.rs
+++ b/tests/handshake.rs
@@ -9,7 +9,7 @@
 use std::{mem, time::Instant};
 
 use log::info;
-use nss::{
+use nss_rs::{
     AntiReplay, AuthenticationStatus, Client, HandshakeState, RecordList, Res, ResumptionToken,
     SecretAgent, Server, ZeroRttCheckResult, ZeroRttChecker,
 };
diff --git a/tests/hkdf.rs b/tests/hkdf.rs
index 876e130..0ebaa4d 100644
--- a/tests/hkdf.rs
+++ b/tests/hkdf.rs
@@ -4,7 +4,7 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
-use nss::{
+use nss_rs::{
     SymKey,
     constants::{
         Cipher, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256,
diff --git a/tests/hp.rs b/tests/hp.rs
index 5948783..95b6755 100644
--- a/tests/hp.rs
+++ b/tests/hp.rs
@@ -4,7 +4,7 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
-use nss::{
+use nss_rs::{
     constants::{
         Cipher, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256,
         TLS_VERSION_1_3,
diff --git a/tests/init.rs b/tests/init.rs
index f9b9b76..d459534 100644
--- a/tests/init.rs
+++ b/tests/init.rs
@@ -11,11 +11,11 @@
 // a different version of init_db.  That causes explosions as they get
 // different versions of the Once instance they use and they initialize NSS
 // twice, probably likely in parallel.  That doesn't work out well.
-use nss::assert_initialized;
+use nss_rs::assert_initialized;
 #[cfg(nss_nodb)]
-use nss::init;
+use nss_rs::init;
 #[cfg(not(nss_nodb))]
-use nss::init_db;
+use nss_rs::init_db;
 
 // Pull in the NSS internals so that we can ask NSS if it thinks that
 // it is properly initialized.
@@ -24,18 +24,18 @@ use nss::init_db;
     dead_code,
     reason = "Code is bindgen-generated."
 )]
-mod nss_init {
-    use nss::nss_prelude::*;
+mod nss {
+    use nss_rs::nss_prelude::*;
     include!(concat!(env!("OUT_DIR"), "/nss_init.rs"));
 }
 
 #[cfg(nss_nodb)]
 #[test]
 fn init_nodb() {
-    nss::init().unwrap();
+    nss_rs::init().unwrap();
     assert_initialized();
     unsafe {
-        assert_ne!(nss_init::NSS_IsInitialized(), 0);
+        assert_ne!(nss::NSS_IsInitialized(), 0);
     }
 }
 
@@ -45,6 +45,6 @@ fn init_withdb() {
     init_db(::test_fixture::NSS_DB_PATH).unwrap();
     assert_initialized();
     unsafe {
-        assert_ne!(nss_init::NSS_IsInitialized(), 0);
+        assert_ne!(nss::NSS_IsInitialized(), 0);
     }
 }
diff --git a/tests/selfencrypt.rs b/tests/selfencrypt.rs
index c0fd224..a57b634 100644
--- a/tests/selfencrypt.rs
+++ b/tests/selfencrypt.rs
@@ -7,7 +7,7 @@
 #![cfg(not(feature = "disable-encryption"))]
 #![cfg(test)]
 
-use nss::{
+use nss_rs::{
     Error,
     constants::{TLS_AES_128_GCM_SHA256, TLS_VERSION_1_3},
     init,

From 978aa70403291447e06d1d756f0f514f1d3df2cc Mon Sep 17 00:00:00 2001
From: Nikolas Wipper <nwipper@mozilla.com>
Date: Fri, 17 Apr 2026 12:04:02 +0200
Subject: [PATCH 2/3] Keep version at 0.8.0

---
 Cargo.lock | 2 +-
 Cargo.toml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 6028fa5..7a5e875 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -160,7 +160,7 @@ dependencies = [
 
 [[package]]
 name = "nss-rs"
-version = "0.3.0"
+version = "0.8.0"
 dependencies = [
  "bindgen",
  "enum-map",
diff --git a/Cargo.toml b/Cargo.toml
index 2199398..f019786 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "nss-rs"
-version = "0.3.0"
+version = "0.8.0"
 authors = ["Martin Thomson <mt@lowentropy.net>", "Andy Leiserson <aleiserson@mozilla.com>", "John M. Schanck <jschanck@mozilla.com>", "Benjamin Beurdouche <beurdouche@mozilla.com>", "Anna Weine <anna.weine@mozilla.com>"]
 categories = ["network-programming", "web-programming"]
 keywords = ["nss", "crypto", "mozilla", "firefox"]

From 94a1c6e5b45a89aeb32799d1153592db15f12e46 Mon Sep 17 00:00:00 2001
From: Nikolas Wipper <nwipper@mozilla.com>
Date: Tue, 21 Apr 2026 10:46:26 +0200
Subject: [PATCH 3/3] Fixes

---
 src/sig.rs    | 2 +-
 tests/init.rs | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/sig.rs b/src/sig.rs
index 5ab2b12..e3ce8b3 100644
--- a/src/sig.rs
+++ b/src/sig.rs
@@ -20,7 +20,7 @@
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 // use crate::Result;
-use nss::ec::{Curve, PublicKey};
+use nss_rs::ec::{Curve, PublicKey};
 use nss_rs::HashAlgorithm;
 
 /// A signature verification algorithm.
diff --git a/tests/init.rs b/tests/init.rs
index d459534..620af5f 100644
--- a/tests/init.rs
+++ b/tests/init.rs
@@ -24,7 +24,7 @@ use nss_rs::init_db;
     dead_code,
     reason = "Code is bindgen-generated."
 )]
-mod nss {
+mod nss_init {
     use nss_rs::nss_prelude::*;
     include!(concat!(env!("OUT_DIR"), "/nss_init.rs"));
 }
@@ -35,7 +35,7 @@ fn init_nodb() {
     nss_rs::init().unwrap();
     assert_initialized();
     unsafe {
-        assert_ne!(nss::NSS_IsInitialized(), 0);
+        assert_ne!(nss_init::NSS_IsInitialized(), 0);
     }
 }
 
@@ -45,6 +45,6 @@ fn init_withdb() {
     init_db(::test_fixture::NSS_DB_PATH).unwrap();
     assert_initialized();
     unsafe {
-        assert_ne!(nss::NSS_IsInitialized(), 0);
+        assert_ne!(nss_init::NSS_IsInitialized(), 0);
     }
 }