diff --git a/security/manager/ssl/src/nsCrypto.cpp b/security/manager/ssl/src/nsCrypto.cpp
--- a/security/manager/ssl/src/nsCrypto.cpp
+++ b/security/manager/ssl/src/nsCrypto.cpp
@@ -23,16 +23,17 @@
 #include "nsIDOMWindow.h"
 #include "nsIDOMClassInfo.h"
 #include "nsIDOMDocument.h"
 #include "nsIDocument.h"
 #include "nsIScriptObjectPrincipal.h"
 #include "nsIScriptContext.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsDOMJSUtils.h"
+#include "nsJSUtils.h"
 #include "nsIXPConnect.h"
 #include "nsIRunnable.h"
 #include "nsIWindowWatcher.h"
 #include "nsIPrompt.h"
 #include "nsIFilePicker.h"
 #include "nsJSPrincipals.h"
 #include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
@@ -324,63 +325,63 @@ cryptojs_convert_to_mechanism(nsKeyGenTy
     break;
   default:
     retMech = CKM_INVALID_MECHANISM;
   }
   return retMech;
 }
 
 /*
- * This function converts a string read through JavaScript parameters
+ * This function takes a string read through JavaScript parameters
  * and translates it to the internal enumeration representing the
- * key gen type.
+ * key gen type. Leading and trailing whitespace must be already removed.
  */
 static nsKeyGenType
-cryptojs_interpret_key_gen_type(char *keyAlg)
+cryptojs_interpret_key_gen_type(const nsAString& keyAlg)
 {
-  char *end;
-  if (keyAlg == nullptr) {
-    return invalidKeyGen;
+  if (keyAlg.EqualsLiteral("rsa-ex")) {
+    return rsaEnc;
   }
-  /* First let's remove all leading and trailing white space */
-  while (isspace(keyAlg[0])) keyAlg++;
-  end = strchr(keyAlg, '\0');
-  if (end == nullptr) {
-    return invalidKeyGen;
+  if (keyAlg.EqualsLiteral("rsa-dual-use")) {
+    return rsaDualUse;
   }
-  end--;
-  while (isspace(*end)) end--;
-  end[1] = '\0';
-  if (strcmp(keyAlg, "rsa-ex") == 0) {
-    return rsaEnc;
-  } else if (strcmp(keyAlg, "rsa-dual-use") == 0) {
-    return rsaDualUse;
-  } else if (strcmp(keyAlg, "rsa-sign") == 0) {
+  if (keyAlg.EqualsLiteral("rsa-sign")) {
     return rsaSign;
-  } else if (strcmp(keyAlg, "rsa-sign-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("rsa-sign-nonrepudiation")) {
     return rsaSignNonrepudiation;
-  } else if (strcmp(keyAlg, "rsa-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("rsa-nonrepudiation")) {
     return rsaNonrepudiation;
-  } else if (strcmp(keyAlg, "ec-ex") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-ex")) {
     return ecEnc;
-  } else if (strcmp(keyAlg, "ec-dual-use") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-dual-use")) {
     return ecDualUse;
-  } else if (strcmp(keyAlg, "ec-sign") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-sign")) {
     return ecSign;
-  } else if (strcmp(keyAlg, "ec-sign-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-sign-nonrepudiation")) {
     return ecSignNonrepudiation;
-  } else if (strcmp(keyAlg, "ec-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-nonrepudiation")) {
     return ecNonrepudiation;
-  } else if (strcmp(keyAlg, "dsa-sign-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("dsa-sign-nonrepudiation")) {
     return dsaSignNonrepudiation;
-  } else if (strcmp(keyAlg, "dsa-sign") ==0 ){
+  }
+  if (keyAlg.EqualsLiteral("dsa-sign")) {
     return dsaSign;
-  } else if (strcmp(keyAlg, "dsa-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("dsa-nonrepudiation")) {
     return dsaNonrepudiation;
-  } else if (strcmp(keyAlg, "dh-ex") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("dh-ex")) {
     return dhEx;
   }
   return invalidKeyGen;
 }
 
 /* 
  * input: null terminated char* pointing to (the remainder of) an
  * EC key param string.
@@ -909,17 +910,17 @@ cryptojs_generateOneKeyPair(JSContext *c
 static nsresult
 cryptojs_ReadArgsAndGenerateKey(JSContext *cx,
                                 jsval *argv,
                                 nsKeyPairInfo *keyGenType,
                                 nsIInterfaceRequestor *uiCxt,
                                 PK11SlotInfo **slot, bool willEscrow)
 {
   JSString  *jsString;
-  JSAutoByteString params, keyGenAlg;
+  JSAutoByteString params;
   int    keySize;
   nsresult  rv;
 
   if (!JSVAL_IS_INT(argv[0])) {
     JS_ReportError(cx, "%s%s\n", JS_ERROR,
                    "passed in non-integer for key size");
     return NS_ERROR_FAILURE;
   }
@@ -935,38 +936,42 @@ cryptojs_ReadArgsAndGenerateKey(JSContex
   if (JSVAL_IS_NULL(argv[2])) {
     JS_ReportError(cx,"%s%s\n", JS_ERROR,
              "key generation type not specified");
     return NS_ERROR_FAILURE;
   }
   jsString = JS_ValueToString(cx, argv[2]);
   NS_ENSURE_TRUE(jsString, NS_ERROR_OUT_OF_MEMORY);
   argv[2] = STRING_TO_JSVAL(jsString);
-  keyGenAlg.encode(cx, jsString);
-  NS_ENSURE_TRUE(!!keyGenAlg, NS_ERROR_OUT_OF_MEMORY);
-  keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg.ptr());
+  nsDependentJSString dependentKeyGenAlg;
+  NS_ENSURE_TRUE(dependentKeyGenAlg.init(cx, jsString), NS_ERROR_UNEXPECTED);
+  nsAutoString keyGenAlg(dependentKeyGenAlg);
+  keyGenAlg.Trim("\r\n\t ");
+  keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg);
   if (keyGenType->keyGenType == invalidKeyGen) {
+    NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg);
     JS_ReportError(cx, "%s%s%s", JS_ERROR,
                    "invalid key generation argument:",
-                   keyGenAlg.ptr());
+                   keyGenAlgNarrow.get());
     goto loser;
   }
   if (*slot == nullptr) {
     *slot = nsGetSlotForKeyGen(keyGenType->keyGenType, uiCxt);
     if (*slot == nullptr)
       goto loser;
   }
 
   rv = cryptojs_generateOneKeyPair(cx,keyGenType,keySize,params.ptr(),uiCxt,
                                    *slot,willEscrow);
 
   if (rv != NS_OK) {
+    NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg);
     JS_ReportError(cx,"%s%s%s", JS_ERROR,
                    "could not generate the key for algorithm ",
-                   keyGenAlg.ptr());
+                   keyGenAlgNarrow.get());
     goto loser;
   }
   return NS_OK;
 loser:
   return NS_ERROR_FAILURE;
 }
 
 //Utility funciton to free up the memory used by nsKeyPairInfo
