Bug 1370890 - land NSS a1a6eb781dd4 UPGRADE_NSS_RELEASE, r=me
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Tue, 13 Jun 2017 14:26:51 +0200
changeset 363736 81a2b945dd165e653414fdbe0a326e344c5ba101
parent 363735 7944ab5a5cec21e12095950533f174878823ac1a
child 363737 79057bf09abc6c198288de66388547077f8e8ee4
push id32024
push userkwierso@gmail.com
push dateWed, 14 Jun 2017 01:31:14 +0000
treeherdermozilla-central@b266a8d8fd59 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1370890
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1370890 - land NSS a1a6eb781dd4 UPGRADE_NSS_RELEASE, r=me
security/nss/Makefile
security/nss/TAG-INFO
security/nss/automation/abi-check/expected-report-libnss3.so.txt
security/nss/automation/abi-check/expected-report-libnssutil3.so.txt
security/nss/automation/abi-check/expected-report-libssl3.so.txt
security/nss/automation/abi-check/previous-nss-release
security/nss/automation/clang-format/Dockerfile
security/nss/automation/clang-format/run_clang_format.sh
security/nss/automation/clang-format/setup.sh
security/nss/automation/release/nss-release-helper.py
security/nss/automation/taskcluster/graph/src/extend.js
security/nss/automation/taskcluster/scripts/run_clang_format.sh
security/nss/automation/taskcluster/scripts/split.sh
security/nss/build.sh
security/nss/cmd/platlibs.gypi
security/nss/cmd/platlibs.mk
security/nss/coreconf/coreconf.dep
security/nss/cpputil/Makefile
security/nss/cpputil/config.mk
security/nss/cpputil/manifest.mn
security/nss/cpputil/scoped_ptrs.h
security/nss/cpputil/scoped_ptrs_util.h
security/nss/gtests/.clang-format
security/nss/gtests/certdb_gtest/alg1485_unittest.cc
security/nss/gtests/certhigh_gtest/manifest.mn
security/nss/gtests/common/gcm-vectors.h
security/nss/gtests/common/gtests-util.cc
security/nss/gtests/common/manifest.mn
security/nss/gtests/common/util.h
security/nss/gtests/der_gtest/der_getint_unittest.cc
security/nss/gtests/der_gtest/der_gtest.gyp
security/nss/gtests/der_gtest/der_quickder_unittest.cc
security/nss/gtests/der_gtest/manifest.mn
security/nss/gtests/freebl_gtest/freebl_gtest.gyp
security/nss/gtests/freebl_gtest/ghash_unittest.cc
security/nss/gtests/freebl_gtest/prng_kat_unittest.cc
security/nss/gtests/manifest.mn
security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
security/nss/gtests/pk11_gtest/manifest.mn
security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
security/nss/gtests/pk11_gtest/pk11_gtest.gyp
security/nss/gtests/ssl_gtest/libssl_internals.c
security/nss/gtests/ssl_gtest/libssl_internals.h
security/nss/gtests/ssl_gtest/manifest.mn
security/nss/gtests/ssl_gtest/selfencrypt_unittest.cc
security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
security/nss/gtests/ssl_gtest/ssl_gtest.gyp
security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
security/nss/gtests/ssl_gtest/tls_agent.cc
security/nss/gtests/ssl_gtest/tls_agent.h
security/nss/gtests/ssl_gtest/tls_connect.cc
security/nss/gtests/util_gtest/manifest.mn
security/nss/gtests/util_gtest/util_b64_unittest.cc
security/nss/gtests/util_gtest/util_gtest.gyp
security/nss/gtests/util_gtest/util_pkcs11uri_unittest.cc
security/nss/help.txt
security/nss/lib/certdb/secname.c
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/aeskeywrap.c
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/blapii.h
security/nss/lib/freebl/ctr.c
security/nss/lib/freebl/ctr.h
security/nss/lib/freebl/cts.c
security/nss/lib/freebl/cts.h
security/nss/lib/freebl/fipsfreebl.c
security/nss/lib/freebl/freebl.gyp
security/nss/lib/freebl/gcm.c
security/nss/lib/freebl/gcm.h
security/nss/lib/freebl/intel-aes-x64-masm.asm
security/nss/lib/freebl/intel-aes-x86-masm.asm
security/nss/lib/freebl/intel-aes.s
security/nss/lib/freebl/intel-gcm-wrap.c
security/nss/lib/freebl/intel-gcm-x64-masm.asm
security/nss/lib/freebl/intel-gcm-x86-masm.asm
security/nss/lib/freebl/intel-gcm.h
security/nss/lib/freebl/intel-gcm.s
security/nss/lib/freebl/mpi/Makefile
security/nss/lib/freebl/mpi/Makefile.os2
security/nss/lib/freebl/mpi/Makefile.win
security/nss/lib/freebl/mpi/README
security/nss/lib/freebl/mpi/all-tests
security/nss/lib/freebl/mpi/hppatch.adb
security/nss/lib/freebl/mpi/make-logtab
security/nss/lib/freebl/mpi/make-test-arrays
security/nss/lib/freebl/mpi/mdxptest.c
security/nss/lib/freebl/mpi/mpcpucache.c
security/nss/lib/freebl/mpi/mpmontg.c
security/nss/lib/freebl/mpi/multest
security/nss/lib/freebl/mpi/stats
security/nss/lib/freebl/mpi/target.mk
security/nss/lib/freebl/mpi/test-arrays.txt
security/nss/lib/freebl/mpi/tests/LICENSE
security/nss/lib/freebl/mpi/tests/LICENSE-MPL
security/nss/lib/freebl/mpi/tests/mptest-1.c
security/nss/lib/freebl/mpi/tests/mptest-2.c
security/nss/lib/freebl/mpi/tests/mptest-3.c
security/nss/lib/freebl/mpi/tests/mptest-3a.c
security/nss/lib/freebl/mpi/tests/mptest-4.c
security/nss/lib/freebl/mpi/tests/mptest-4a.c
security/nss/lib/freebl/mpi/tests/mptest-4b.c
security/nss/lib/freebl/mpi/tests/mptest-5.c
security/nss/lib/freebl/mpi/tests/mptest-5a.c
security/nss/lib/freebl/mpi/tests/mptest-6.c
security/nss/lib/freebl/mpi/tests/mptest-7.c
security/nss/lib/freebl/mpi/tests/mptest-8.c
security/nss/lib/freebl/mpi/tests/mptest-9.c
security/nss/lib/freebl/mpi/tests/mptest-b.c
security/nss/lib/freebl/mpi/tests/pi1k.txt
security/nss/lib/freebl/mpi/tests/pi2k.txt
security/nss/lib/freebl/mpi/tests/pi5k.txt
security/nss/lib/freebl/mpi/timetest
security/nss/lib/freebl/mpi/types.pl
security/nss/lib/freebl/mpi/utils/LICENSE
security/nss/lib/freebl/mpi/utils/LICENSE-MPL
security/nss/lib/freebl/mpi/utils/PRIMES
security/nss/lib/freebl/mpi/utils/README
security/nss/lib/freebl/mpi/utils/basecvt.c
security/nss/lib/freebl/mpi/utils/bbs_rand.c
security/nss/lib/freebl/mpi/utils/bbs_rand.h
security/nss/lib/freebl/mpi/utils/bbsrand.c
security/nss/lib/freebl/mpi/utils/dec2hex.c
security/nss/lib/freebl/mpi/utils/exptmod.c
security/nss/lib/freebl/mpi/utils/fact.c
security/nss/lib/freebl/mpi/utils/gcd.c
security/nss/lib/freebl/mpi/utils/hex2dec.c
security/nss/lib/freebl/mpi/utils/identest.c
security/nss/lib/freebl/mpi/utils/invmod.c
security/nss/lib/freebl/mpi/utils/isprime.c
security/nss/lib/freebl/mpi/utils/lap.c
security/nss/lib/freebl/mpi/utils/makeprime.c
security/nss/lib/freebl/mpi/utils/metime.c
security/nss/lib/freebl/mpi/utils/pi.c
security/nss/lib/freebl/mpi/utils/primegen.c
security/nss/lib/freebl/mpi/utils/prng.c
security/nss/lib/freebl/mpi/utils/ptab.pl
security/nss/lib/freebl/mpi/utils/sieve.c
security/nss/lib/freebl/rijndael.c
security/nss/lib/freebl/rijndael.h
security/nss/lib/freebl/unix_rand.c
security/nss/lib/libpkix/libpkix.gyp
security/nss/lib/nss/nss.gyp
security/nss/lib/nss/nss.h
security/nss/lib/softoken/softkver.h
security/nss/lib/ssl/dtlscon.c
security/nss/lib/ssl/manifest.mn
security/nss/lib/ssl/selfencrypt.c
security/nss/lib/ssl/selfencrypt.h
security/nss/lib/ssl/ssl.gyp
security/nss/lib/ssl/ssl.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/ssl3ecc.c
security/nss/lib/ssl/ssl3encode.c
security/nss/lib/ssl/ssl3encode.h
security/nss/lib/ssl/ssl3ext.c
security/nss/lib/ssl/ssl3ext.h
security/nss/lib/ssl/ssl3exthandle.c
security/nss/lib/ssl/ssl3prot.h
security/nss/lib/ssl/sslcert.c
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslsnce.c
security/nss/lib/ssl/tls13con.c
security/nss/lib/ssl/tls13con.h
security/nss/lib/util/nssutil.h
security/nss/mach
security/nss/manifest.mn
security/nss/nss-tool/common/util.cc
security/nss/nss-tool/common/util.h
security/nss/nss-tool/digest/digesttool.cc
security/nss/nss-tool/digest/digesttool.h
security/nss/nss-tool/nss_tool.cc
security/nss/nss-tool/nss_tool.gyp
security/nss/nss.gyp
security/nss/readme.md
security/nss/tests/gtests/gtests.sh
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -23,16 +23,17 @@ include $(CORE_DEPTH)/coreconf/config.mk
 
 
 #######################################################################
 # (4) Include "local" platform-dependent assignments (OPTIONAL).      #
 #######################################################################
 
 ifdef NSS_DISABLE_GTESTS
 DIRS := $(filter-out gtests,$(DIRS))
+DIRS := $(filter-out cpputil,$(DIRS))
 endif
 
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
 
 include $(CORE_DEPTH)/coreconf/rules.mk
 
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_31_RTM
+a1a6eb781dd4
--- a/security/nss/automation/abi-check/expected-report-libnss3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libnss3.so.txt
@@ -1,12 +0,0 @@
-Functions changes summary: 0 Removed, 0 Changed, 6 Added functions
-Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
-
-6 Added functions:
-
-  'function SECStatus CERT_GetCertIsPerm(const CERTCertificate*, PRBool*)'    {CERT_GetCertIsPerm@@NSS_3.31}
-  'function SECStatus CERT_GetCertIsTemp(const CERTCertificate*, PRBool*)'    {CERT_GetCertIsTemp@@NSS_3.31}
-  'function CERTCertificate* PK11_FindCertFromURI(const char*, void*)'    {PK11_FindCertFromURI@@NSS_3.31}
-  'function CERTCertList* PK11_FindCertsFromURI(const char*, void*)'    {PK11_FindCertsFromURI@@NSS_3.31}
-  'function char* PK11_GetModuleURI(SECMODModule*)'    {PK11_GetModuleURI@@NSS_3.31}
-  'function char* PK11_GetTokenURI()'    {PK11_GetTokenURI@@NSS_3.31}
-
--- a/security/nss/automation/abi-check/expected-report-libnssutil3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libnssutil3.so.txt
@@ -1,12 +0,0 @@
-Functions changes summary: 0 Removed, 0 Changed, 6 Added functions
-Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
-
-6 Added functions:
-
-  'function void PK11URI_CreateURI(size_t, size_t)'    {PK11URI_CreateURI@@NSSUTIL_3.31}
-  'function void PK11URI_DestroyURI()'    {PK11URI_DestroyURI@@NSSUTIL_3.31}
-  'function char* PK11URI_FormatURI()'    {PK11URI_FormatURI@@NSSUTIL_3.31}
-  'function const char* PK11URI_GetPathAttribute(const char*)'    {PK11URI_GetPathAttribute@@NSSUTIL_3.31}
-  'function const char* PK11URI_GetQueryAttribute(const char*)'    {PK11URI_GetQueryAttribute@@NSSUTIL_3.31}
-  'function void PK11URI_ParseURI(const char*)'    {PK11URI_ParseURI@@NSSUTIL_3.31}
-
--- a/security/nss/automation/abi-check/expected-report-libssl3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libssl3.so.txt
@@ -1,14 +0,0 @@
-Functions changes summary: 0 Removed, 1 Changed, 0 Added function
-Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
-
-1 function with some indirect sub-type change:
-
-  [C]'function SECStatus SSL_GetPreliminaryChannelInfo(SSLPreliminaryChannelInfo*, PRUintn)' at sslinfo.c:115:1 has some indirect sub-type changes:
-    parameter 1 of type 'SSLPreliminaryChannelInfo*' has sub-type changes:
-      in pointed to type 'typedef SSLPreliminaryChannelInfo' at sslt.h:318:1:
-        underlying type 'struct SSLPreliminaryChannelInfoStr' at sslt.h:287:1 changed:
-          type size changed from 128 to 160 bits
-          1 data member insertion:
-            'PRUint32 SSLPreliminaryChannelInfoStr::maxEarlyDataSize', at offset 128 (in bits) at sslt.h:314:1
-
-
--- a/security/nss/automation/abi-check/previous-nss-release
+++ b/security/nss/automation/abi-check/previous-nss-release
@@ -1,1 +1,1 @@
-NSS_3_30_BRANCH
+NSS_3_31_BRANCH
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/clang-format/Dockerfile
@@ -0,0 +1,26 @@
+FROM ubuntu:16.04
+MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Change user.
+USER worker
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# Entrypoint.
+ENTRYPOINT ["/home/worker/nss/automation/clang-format/run_clang_format.sh"]
new file mode 100755
--- /dev/null
+++ b/security/nss/automation/clang-format/run_clang_format.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+if [[ $(id -u) -eq 0 ]]; then
+    # Drop privileges by re-running this script.
+    # Note: this mangles arguments, better to avoid running scripts as root.
+    exec su worker -c "$0 $*"
+fi
+
+# Apply clang-format on the provided folder and verify that this doesn't change any file.
+# If any file differs after formatting, the script eventually exits with 1.
+# Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
+
+# Includes a default set of directories NOT to clang-format on.
+blacklist=(
+     "./automation" \
+     "./coreconf" \
+     "./doc" \
+     "./pkg" \
+     "./tests" \
+     "./lib/libpkix" \
+     "./lib/zlib" \
+     "./lib/sqlite" \
+     "./gtests/google_test" \
+     "./.hg" \
+)
+
+top="$(dirname $0)/../.."
+cd "$top"
+
+if [ $# -gt 0 ]; then
+    dirs=("$@")
+else
+    dirs=($(find . -maxdepth 2 -mindepth 1 -type d ! -path . \( ! -regex '.*/' \)))
+fi
+
+format_folder()
+{
+    for black in "${blacklist[@]}"; do
+        if [[ "$1" == "$black"* ]]; then
+            echo "skip $1"
+            return 1
+        fi
+    done
+    return 0
+}
+
+for dir in "${dirs[@]}"; do
+    if format_folder "$dir" ; then
+        c="${dir//[^\/]}"
+        echo "formatting $dir ..."
+        depth=""
+        if [ "${#c}" == "1" ]; then
+            depth="-maxdepth 1"
+        fi
+        find "$dir" $depth -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
+    fi
+done
+
+TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX)
+trap 'rm $TMPFILE' exit
+if (cd $(dirname $0); hg root >/dev/null 2>&1); then
+    hg diff --git "$top" | tee $TMPFILE
+else
+    git -C "$top" diff | tee $TMPFILE
+fi
+[[ ! -s $TMPFILE ]]
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/clang-format/setup.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Update packages.
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y update && apt-get -y upgrade
+
+# Install packages.
+apt_packages=()
+apt_packages+=('ca-certificates')
+apt_packages+=('curl')
+apt_packages+=('xz-utils')
+apt_packages+=('mercurial')
+apt_packages+=('git')
+apt-get install -y --no-install-recommends ${apt_packages[@]}
+
+# Download clang.
+curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz
+curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig
+# Verify the signature.
+gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
+gpg --verify clang.tar.xz.sig
+# Install into /usr/local/.
+tar xJvf *.tar.xz -C /usr/local --strip-components=1
+
+# Cleanup.
+function cleanup() {
+  rm -f clang.tar.xz clang.tar.xz.sig
+}
+trap cleanup ERR EXIT
+
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+
+# We're done. Remove this script.
+rm $0
--- a/security/nss/automation/release/nss-release-helper.py
+++ b/security/nss/automation/release/nss-release-helper.py
@@ -5,21 +5,37 @@
 
 import os
 import sys
 import datetime
 import shutil
 import glob
 from optparse import OptionParser
 from subprocess import check_call
+from subprocess import check_output
 
 nssutil_h = "lib/util/nssutil.h"
 softkver_h = "lib/softoken/softkver.h"
 nss_h = "lib/nss/nss.h"
 nssckbi_h = "lib/ckfw/builtins/nssckbi.h"
+abi_base_version_file = "automation/abi-check/previous-nss-release"
+
+abi_report_files = ['automation/abi-check/expected-report-libfreebl3.so.txt',
+                    'automation/abi-check/expected-report-libfreeblpriv3.so.txt',
+                    'automation/abi-check/expected-report-libnspr4.so.txt',
+                    'automation/abi-check/expected-report-libnss3.so.txt',
+                    'automation/abi-check/expected-report-libnssckbi.so.txt',
+                    'automation/abi-check/expected-report-libnssdbm3.so.txt',
+                    'automation/abi-check/expected-report-libnsssysinit.so.txt',
+                    'automation/abi-check/expected-report-libnssutil3.so.txt',
+                    'automation/abi-check/expected-report-libplc4.so.txt',
+                    'automation/abi-check/expected-report-libplds4.so.txt',
+                    'automation/abi-check/expected-report-libsmime3.so.txt',
+                    'automation/abi-check/expected-report-libsoftokn3.so.txt',
+                    'automation/abi-check/expected-report-libssl3.so.txt']
 
 def check_call_noisy(cmd, *args, **kwargs):
     print "Executing command:", cmd
     check_call(cmd, *args, **kwargs)
 
 o = OptionParser(usage="client.py [options] remove_beta | set_beta | print_library_versions | print_root_ca_version | set_root_ca_version | set_version_to_minor_release | set_version_to_patch_release | set_release_candidate_number | set_4_digit_release_number | create_nss_release_archive")
 
 try:
@@ -127,16 +143,36 @@ def set_root_ca_version():
     major = args[1].strip()
     minor = args[2].strip()
     version = major + '.' + minor
     sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION *\"\).*$/\\1' + version + '/', nssckbi_h)
     sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MAJOR *\).*$/\\1' + major + '/', nssckbi_h)
     sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MINOR *\).*$/\\1' + minor + '/', nssckbi_h)
 
 def set_all_lib_versions(version, major, minor, patch, build):
+    grep_major = check_output(['grep', 'define.*NSS_VMAJOR', nss_h])
+    grep_minor = check_output(['grep', 'define.*NSS_VMINOR', nss_h])
+
+    old_major = int(grep_major.split()[2]);
+    old_minor = int(grep_minor.split()[2]);
+
+    new_major = int(major)
+    new_minor = int(minor)
+
+    if (old_major < new_major or (old_major == new_major and old_minor < new_minor)):
+        print "You're increasing the minor (or major) version:"
+        print "- erasing ABI comparison expectations"
+        new_branch = "NSS_" + str(old_major) + "_" + str(old_minor) + "_BRANCH"
+        print "- setting reference branch to the branch of the previous version: " + new_branch
+        with open(abi_base_version_file, "w") as abi_base:
+            abi_base.write("%s\n" % new_branch)
+        for report_file in abi_report_files:
+            with open(report_file, "w") as report_file_handle:
+                report_file_handle.truncate()
+
     set_full_lib_versions(version)
     set_major_versions(major)
     set_minor_versions(minor)
     set_patch_versions(patch)
     set_build_versions(build)
 
 def set_version_to_minor_release():
     ensure_arguments_after_action(2, "major_version  minor_version")
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -741,17 +741,17 @@ async function scheduleTools() {
 
   queue.scheduleTask(merge(base, {
     symbol: "clang-format-3.9",
     name: "clang-format-3.9",
     image: LINUX_CLANG39_IMAGE,
     command: [
       "/bin/bash",
       "-c",
-      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh"
+      "bin/checkout.sh && nss/automation/clang-format/run_clang_format.sh"
     ]
   }));
 
   queue.scheduleTask(merge(base, {
     symbol: "scan-build-4.0",
     name: "scan-build-4.0",
     image: LINUX_IMAGE,
     env: {
deleted file mode 100755
--- a/security/nss/automation/taskcluster/scripts/run_clang_format.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-
-source $(dirname "$0")/tools.sh
-
-set +x
-
-# Apply clang-format on the provided folder and verify that this doesn't change any file.
-# If any file differs after formatting, the script eventually exits with 1.
-# Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
-
-# Includes a default set of directories NOT to clang-format on.
-blacklist=(
-     "./automation" \
-     "./coreconf" \
-     "./doc" \
-     "./pkg" \
-     "./tests" \
-     "./lib/libpkix" \
-     "./lib/zlib" \
-     "./lib/sqlite" \
-     "./gtests/google_test" \
-     "./.hg" \
-)
-
-top="$PWD/$(dirname $0)/../../.."
-cd "$top"
-
-if [ $# -gt 0 ]; then
-    dirs=("$@")
-else
-    dirs=($(find . ! -path . \( ! -regex '.*/' \) -maxdepth 2 -mindepth 1 -type d))
-fi
-
-format_folder()
-{
-    for black in "${blacklist[@]}"; do
-        if [[ "$1" == "$black"* ]]; then
-            echo "skip $1"
-            return 1
-        fi
-    done
-    return 0
-}
-
-for dir in "${dirs[@]}"; do
-    if format_folder "$dir" ; then
-        c="${dir//[^\/]}"
-        echo "formatting $dir ..."
-        depth=""
-        if [ "${#c}" == "1" ]; then
-            depth="-maxdepth 1"
-        fi
-        find "$dir" $depth -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
-    fi
-done
-
-TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX)
-trap 'rm $TMPFILE' exit
-if (cd $(dirname $0); hg root >/dev/null 2>&1); then
-    hg diff --git "$top" | tee $TMPFILE
-else
-    git -C "$top" diff | tee $TMPFILE
-fi
-[[ ! -s $TMPFILE ]]
--- a/security/nss/automation/taskcluster/scripts/split.sh
+++ b/security/nss/automation/taskcluster/scripts/split.sh
@@ -19,24 +19,25 @@ split_util() {
   #   nss                         top files only
   #   nss/lib                     top files only
   #   nss/lib/util                full directory
 
   # Copy everything.
   cp -R $nssdir $dstdir
 
   # Skip gtests when building.
-  sed '/^DIRS = /s/ gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn
+  sed '/^DIRS = /s/ cpputil gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn
 
   # Remove subdirectories that we don't want.
   rm -rf $dstdir/cmd
   rm -rf $dstdir/tests
   rm -rf $dstdir/lib
   rm -rf $dstdir/automation
   rm -rf $dstdir/gtests
+  rm -rf $dstdir/cpputil
   rm -rf $dstdir/doc
 
   # Start with an empty cmd lib directories to be filled selectively.
   mkdir $dstdir/cmd
   cp $nssdir/cmd/Makefile $dstdir/cmd
   cp $nssdir/cmd/manifest.mn $dstdir/cmd
   cp $nssdir/cmd/platlibs.mk $dstdir/cmd
   cp $nssdir/cmd/platrules.mk $dstdir/cmd
@@ -61,25 +62,26 @@ split_softoken() {
   #   nss/lib/freebl              full directory
   #   nss/lib/softoken            full directory
   #   nss/lib/softoken/dbm        full directory
 
   # Copy everything.
   cp -R $nssdir $dstdir
 
   # Skip gtests when building.
-  sed '/^DIRS = /s/ gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn
+  sed '/^DIRS = /s/ cpputil gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn
 
   # Remove subdirectories that we don't want.
   rm -rf $dstdir/cmd
   rm -rf $dstdir/tests
   rm -rf $dstdir/lib
   rm -rf $dstdir/pkg
   rm -rf $dstdir/automation
   rm -rf $dstdir/gtests
+  rm -rf $dstdir/cpputil
   rm -rf $dstdir/doc
 
   # Start with an empty lib directory and copy only what we need.
   mkdir $dstdir/lib
   copy_top $nssdir/lib $dstdir/lib
   cp -R $nssdir/lib/dbm $dstdir/lib/dbm
   cp -R $nssdir/lib/freebl $dstdir/lib/freebl
   cp -R $nssdir/lib/softoken $dstdir/lib/softoken
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -88,16 +88,17 @@ while [ $# -gt 0 ]; do
         --sancov=?*) enable_sancov "${1#*=}" ;;
         --pprof) gyp_params+=(-Duse_pprof=1) ;;
         --ct-verif) gyp_params+=(-Dct_verif=1) ;;
         --disable-tests) gyp_params+=(-Ddisable_tests=1) ;;
         --no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
         --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
         --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
         --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
+        --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
         *) show_help; exit 2 ;;
     esac
     shift
 done
 
 if [ "$opt_build" = 1 ]; then
     target=Release
 else
--- a/security/nss/cmd/platlibs.gypi
+++ b/security/nss/cmd/platlibs.gypi
@@ -28,39 +28,25 @@
           '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
           '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
           '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
           '<(DEPTH)/lib/pki/pki.gyp:nsspki',
           '<(DEPTH)/lib/dev/dev.gyp:nssdev',
           '<(DEPTH)/lib/base/base.gyp:nssb',
           '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
           '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+          '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
         ],
         'conditions': [
           [ 'disable_dbm==0', {
             'dependencies': [
               '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
               '<(DEPTH)/lib/softoken/legacydb/legacydb.gyp:nssdbm',
             ],
           }],
-          [ 'disable_libpkix==0', {
-            'dependencies': [
-              '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-              '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-              '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-              '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-              '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-              '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-              '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-              '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-              '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-              '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-              '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule'
-            ],
-          }],
         ]},{ # !use_static_libs
           'conditions': [
             ['moz_fold_libs==0', {
               'dependencies': [
                 '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
                 '<(DEPTH)/lib/smime/smime.gyp:smime3',
                 '<(DEPTH)/lib/nss/nss.gyp:nss3',
               ],
--- a/security/nss/cmd/platlibs.mk
+++ b/security/nss/cmd/platlibs.mk
@@ -27,16 +27,22 @@ endif
 endif # BUILD_SUN_PKG
 
 ifdef NSS_DISABLE_DBM
 DBMLIB = $(NULL)
 else
 DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) 
 endif
 
+ifeq ($(NSS_BUILD_UTIL_ONLY),1)
+SECTOOL_LIB = $(NULL)
+else
+SECTOOL_LIB = $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX)
+endif
+
 ifdef USE_STATIC_LIBS
 
 DEFINES += -DNSS_USE_STATIC_LIBS
 # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
 ifndef NSS_USE_SYSTEM_FREEBL
 CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
 SOFTOKENLIB=$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
 else
@@ -65,30 +71,20 @@ PKIXLIB = \
 	$(DIST)/lib/$(LIB_PREFIX)pkixpki.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixresults.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX)
 endif
 endif
 
 NSS_LIBS_1=
-SECTOOL_LIB=
 NSS_LIBS_2=
 NSS_LIBS_3=
 NSS_LIBS_4=
 
-ifneq ($(NSS_BUILD_UTIL_ONLY),1)
-SECTOOL_LIB = \
-	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
-	$(NULL)
-else
-SECTOOL_LIB = \
-	$(NULL)
-endif
-
 ifneq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
 ifeq ($(OS_ARCH), WINNT)
 # breakdown for windows
 NSS_LIBS_1 = \
 	$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
 	$(NULL)
@@ -116,19 +112,16 @@ NSS_LIBS_4 = \
 	$(NULL)
 else
 # breakdown for others
 NSS_LIBS_1 = \
 	$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
 	$(NULL)
-SECTOOL_LIB = \
-	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
-	$(NULL)
 NSS_LIBS_2 = \
 	$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
 	$(NULL)
 NSS_LIBS_3 = \
@@ -196,17 +189,17 @@ EXTRA_SHARED_LIBS += \
 endif
 
 else # USE_STATIC_LIBS
 # can't do this in manifest.mn because OS_ARCH isn't defined there.
 ifeq ($(OS_ARCH), WINNT)
 
 # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
 EXTRA_LIBS += \
-	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+	$(SECTOOL_LIB) \
 	$(NSSUTIL_LIB_DIR)/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \
 	$(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \
 	$(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \
 	$(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4$(IMPORT_LIB_SUFFIX) \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4$(IMPORT_LIB_SUFFIX) \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4$(IMPORT_LIB_SUFFIX) \
 	$(NULL)
@@ -215,17 +208,17 @@ EXTRA_LIBS += \
 #OS_LIBS += \
 	wsock32.lib \
 	winmm.lib \
 	$(NULL)
 else
 
 # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
 EXTRA_LIBS += \
-	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+	$(SECTOOL_LIB) \
 	$(NULL)
 
 ifeq ($(OS_ARCH), AIX) 
 EXTRA_SHARED_LIBS += -brtl 
 endif
 
 # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
 # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
@@ -233,23 +226,25 @@ EXTRA_SHARED_LIBS += \
 	-L$(DIST)/lib \
 	-L$(NSSUTIL_LIB_DIR) \
 	-lnssutil3 \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
 	-lnspr4 \
 	$(NULL)
+ifndef NSS_BUILD_UTIL_ONLY
 ifndef NSS_BUILD_SOFTOKEN_ONLY
 EXTRA_SHARED_LIBS += \
 	-lssl3 \
 	-lsmime3 \
 	-lnss3
 endif
 endif
+endif
 
 ifdef SOFTOKEN_LIB_DIR
 ifdef NSS_USE_SYSTEM_FREEBL
 EXTRA_SHARED_LIBS += -L$(SOFTOKEN_LIB_DIR) -lsoftokn3
 endif
 endif
 
 endif # USE_STATIC_LIBS
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cpputil/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+ifeq (WINNT,$(OS_ARCH))
+OS_CFLAGS += -EHsc
+else
+CXXFLAGS += -std=c++0x
+endif
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
new file mode 100644
--- /dev/null
+++ b/security/nss/cpputil/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cpputil/manifest.mn
@@ -0,0 +1,18 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ..
+DEPTH      = ..
+
+MODULE = nss
+LIBRARY_NAME = cpputil
+
+CPPSRCS = \
+      dummy_io.cc \
+      dummy_io_fwd.cc \
+      tls_parser.cc \
+      $(NULL)
+
+EXPORTS = \
+      $(NULL)
--- a/security/nss/cpputil/scoped_ptrs.h
+++ b/security/nss/cpputil/scoped_ptrs.h
@@ -30,16 +30,17 @@ struct ScopedDelete {
   void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
   void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
   void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
   void operator()(SECKEYPrivateKeyList* list) {
     SECKEY_DestroyPrivateKeyList(list);
   }
   void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
   void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
+  void operator()(PK11Context* context) { PK11_DestroyContext(context, true); }
 };
 
 template <class T>
 struct ScopedMaybeDelete {
   void operator()(T* ptr) {
     if (ptr) {
       ScopedDelete del;
       del(ptr);
@@ -59,12 +60,13 @@ SCOPED(PK11SymKey);
 SCOPED(PRFileDesc);
 SCOPED(SECAlgorithmID);
 SCOPED(SECItem);
 SCOPED(SECKEYPublicKey);
 SCOPED(SECKEYPrivateKey);
 SCOPED(SECKEYPrivateKeyList);
 SCOPED(PK11URI);
 SCOPED(PLArenaPool);
+SCOPED(PK11Context);
 
 #undef SCOPED
 
 #endif  // scoped_ptrs_h__
new file mode 100644
--- /dev/null
+++ b/security/nss/cpputil/scoped_ptrs_util.h
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef scoped_ptrs_util_h__
+#define scoped_ptrs_util_h__
+
+#include <memory>
+#include "pkcs11uri.h"
+#include "secoid.h"
+
+struct ScopedDelete {
+  void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
+  void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
+  void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
+  void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
+};
+
+template <class T>
+struct ScopedMaybeDelete {
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDelete del;
+      del(ptr);
+    }
+  }
+};
+
+#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
+
+SCOPED(SECAlgorithmID);
+SCOPED(SECItem);
+SCOPED(PK11URI);
+
+#undef SCOPED
+
+#endif  // scoped_ptrs_util_h__
--- a/security/nss/gtests/.clang-format
+++ b/security/nss/gtests/.clang-format
@@ -1,4 +1,5 @@
 ---
 Language: Cpp
 BasedOnStyle: Google
+SortIncludes: false
 ...
--- a/security/nss/gtests/certdb_gtest/alg1485_unittest.cc
+++ b/security/nss/gtests/certdb_gtest/alg1485_unittest.cc
@@ -13,18 +13,30 @@
 
 namespace nss_test {
 
 typedef struct AVATestValuesStr {
   std::string avaString;
   bool expectedResult;
 } AVATestValues;
 
-class Alg1485Test : public ::testing::Test,
-                    public ::testing::WithParamInterface<AVATestValues> {};
+typedef struct AVACompareValuesStr {
+  std::string avaString1;
+  std::string avaString2;
+  SECComparison expectedResult;
+} AVACompareValues;
+
+class Alg1485Test : public ::testing::Test {};
+
+class Alg1485ParseTest : public Alg1485Test,
+                         public ::testing::WithParamInterface<AVATestValues> {};
+
+class Alg1485CompareTest
+    : public Alg1485Test,
+      public ::testing::WithParamInterface<AVACompareValues> {};
 
 static const AVATestValues kAVATestStrings[] = {
     {"CN=Marshall T. Rose, O=Dover Beach Consulting, L=Santa Clara, "
      "ST=California, C=US",
      true},
     {"C=HU,L=Budapest,O=Organization,CN=Example - Qualified Citizen "
      "CA,2.5.4.97=VATHU-10",
      true},
@@ -40,18 +52,41 @@ static const AVATestValues kAVATestStrin
     {"YO=LO", false},             // Unknown Tag, 'YO'
     {"CN=Tester,ZZ=Top", false},  // Unknown tag, 'ZZ'
     // These tests are disabled pending Bug 1363416
     // { "01.02.03=Nope", false }, // Numbers not in minimal form
     // { "000001.0000000001=👌", false },
     // { "CN=Somebody,L=Set,O=Up,C=US,01=The,02=Bomb", false },
 };
 
-TEST_P(Alg1485Test, TryParsingAVAStrings) {
+static const AVACompareValues kAVACompareStrings[] = {
+    {"CN=Max, O=Mozilla, ST=Berlin", "CN=Max, O=Mozilla, ST=Berlin, C=DE",
+     SECLessThan},
+    {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin",
+     SECGreaterThan},
+    {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin, C=DE",
+     SECEqual},
+    {"CN=Max1, O=Mozilla, ST=Berlin, C=DE",
+     "CN=Max2, O=Mozilla, ST=Berlin, C=DE", SECLessThan},
+    {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin, C=US",
+     SECLessThan},
+};
+
+TEST_P(Alg1485ParseTest, TryParsingAVAStrings) {
   const AVATestValues& param(GetParam());
 
   ScopedCERTName certName(CERT_AsciiToName(param.avaString.c_str()));
   ASSERT_EQ(certName != nullptr, param.expectedResult);
 }
 
-INSTANTIATE_TEST_CASE_P(ParseAVAStrings, Alg1485Test,
+TEST_P(Alg1485CompareTest, CompareAVAStrings) {
+  const AVACompareValues& param(GetParam());
+  ScopedCERTName a(CERT_AsciiToName(param.avaString1.c_str()));
+  ScopedCERTName b(CERT_AsciiToName(param.avaString2.c_str()));
+  ASSERT_TRUE(a && b);
+  EXPECT_EQ(param.expectedResult, CERT_CompareName(a.get(), b.get()));
+}
+
+INSTANTIATE_TEST_CASE_P(ParseAVAStrings, Alg1485ParseTest,
                         ::testing::ValuesIn(kAVATestStrings));
+INSTANTIATE_TEST_CASE_P(CompareAVAStrings, Alg1485CompareTest,
+                        ::testing::ValuesIn(kAVACompareStrings));
 }
--- a/security/nss/gtests/certhigh_gtest/manifest.mn
+++ b/security/nss/gtests/certhigh_gtest/manifest.mn
@@ -9,14 +9,14 @@ MODULE = nss
 CPPSRCS = \
       certhigh_unittest.cc \
       $(NULL)
 
 INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
-REQUIRES = nspr nss libdbm gtest
+REQUIRES = nspr gtest
 
 PROGRAM = certhigh_gtest
 
 EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
-             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
+             $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/common/gcm-vectors.h
@@ -0,0 +1,172 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef gcm_vectors_h__
+#define gcm_vectors_h__
+
+#include <string>
+
+typedef struct gcm_kat_str {
+  std::string key;
+  std::string plaintext;
+  std::string additional_data;
+  std::string iv;
+  std::string hash_key;
+  std::string ghash;
+  std::string result;
+} gcm_kat_value;
+
+/*
+ * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
+ */
+const gcm_kat_value kGcmKatValues[] = {
+    {"00000000000000000000000000000000", "", "", "000000000000000000000000",
+     "66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000",
+     "58e2fccefa7e3061367f1d57a4e7455a"},
+
+    {"00000000000000000000000000000000", "00000000000000000000000000000000", "",
+     "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e",
+     "f38cbb1ad69223dcc3457ae5b6b0f885",
+     "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf"},
+
+    {"feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+     "", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78",
+     "7f1b32b81b820d02614f8895ac1d4eac",
+     "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
+     "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c"
+     "f35abd2ba6fab4"},
+
+    {"feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+     "b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f",
+     "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
+     "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7"
+     "121a47"},
+
+    {"feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+     "b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b",
+     "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e"
+     "49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac"
+     "a2fccb"},
+
+    {"feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+     "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+     "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+     "b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de",
+     "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f"
+     "ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16"
+     "99d050"},
+
+    {"000000000000000000000000000000000000000000000000", "", "",
+     "000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7",
+     "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435"},
+
+    {"000000000000000000000000000000000000000000000000",
+     "00000000000000000000000000000000", "", "000000000000000000000000",
+     "aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce",
+     "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+     "", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249",
+     "51110d40f6c8fff0eb1ae33445a889f0",
+     "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
+     "144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1"
+     "18024db8674a14"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+     "466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268",
+     "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
+     "144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d"
+     "27618c"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+     "466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089",
+     "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9"
+     "a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d"
+     "3533f8"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+     "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+     "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+     "466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94",
+     "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a"
+     "f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3"
+     "76a6d9"},
+
+    {"0000000000000000000000000000000000000000000000000000000000000000", "", "",
+     "000000000000000000000000", "dc95c078a2408989ad48a21492842087",
+     "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b"},
+
+    {"0000000000000000000000000000000000000000000000000000000000000000",
+     "00000000000000000000000000000000", "", "000000000000000000000000",
+     "dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92",
+     "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+     "", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7",
+     "4db870d37cb75fcb46097c36230d1612",
+     "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
+     "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec"
+     "1a502270e3cc6c"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+     "acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65",
+     "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
+     "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb"
+     "2d551b"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+     "acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63",
+     "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33"
+     "934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe"
+     "2ea8f2"},
+
+    {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+     "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+     "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+     "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+     "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+     "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+     "acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b",
+     "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78"
+     "0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a"
+     "e9f19a"},
+
+    /* Extra, non-NIST, test case to test 64-bit binary multiplication carry
+     * correctness. This is a GHASH-only test. */
+    {"", "", "", "", "0000000000000000fcefef64ffc4766c",
+     "3561e34e52d8b598f9937982512fff27",
+     "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000"}};
+
+#endif  // gcm_vectors_h__
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/common/gtests-util.cc
@@ -0,0 +1,26 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nspr.h"
+#include "secoid.h"
+
+#include <cstdlib>
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+
+  if (SECOID_Init() != SECSuccess) {
+    return 1;
+  }
+  int rv = RUN_ALL_TESTS();
+
+  if (SECOID_Shutdown() != SECSuccess) {
+    return 1;
+  }
+
+  return rv;
+}
--- a/security/nss/gtests/common/manifest.mn
+++ b/security/nss/gtests/common/manifest.mn
@@ -1,22 +1,23 @@
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 CORE_DEPTH = ../..
 DEPTH      = ../..
 MODULE = nss
 
-CPPSRCS = \
-      gtests.cc \
-      $(NULL)
+LIBRARY_NAME = gtestutil
+
+ifeq ($(NSS_BUILD_UTIL_ONLY),1)
+CPPSRCS = gtests-util.cc
+else
+CPPSRCS = gtests.cc
+endif
 
 INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
 REQUIRES = gtest
 
 EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
-
-# NOTE: this is not actually used but required to build gtests.o
-PROGRAM = gtests
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/common/util.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef util_h__
+#define util_h__
+
+#include <cassert>
+#include <vector>
+
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+  std::vector<uint8_t> bytes;
+  for (size_t i = 0; i < s.length(); i += 2) {
+    bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
+  }
+  return bytes;
+}
+
+#endif  // util_h__
--- a/security/nss/gtests/der_gtest/der_getint_unittest.cc
+++ b/security/nss/gtests/der_gtest/der_getint_unittest.cc
@@ -1,22 +1,21 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include "secder.h"
+#include "secerr.h"
+
 #include <climits>
 #include <memory>
-#include "nss.h"
-#include "pk11pub.h"
-#include "secutil.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
 
 namespace nss_test {
 
 class DERIntegerDecodingTest : public ::testing::Test {
  public:
   void TestGetInteger(long number, unsigned char *der_number,
                       unsigned int len) {
     SECItem input = {siBuffer, der_number, len};
--- a/security/nss/gtests/der_gtest/der_gtest.gyp
+++ b/security/nss/gtests/der_gtest/der_gtest.gyp
@@ -7,17 +7,16 @@
     '../common/gtest.gypi',
   ],
   'targets': [
     {
       'target_name': 'der_gtest',
       'type': 'executable',
       'sources': [
         'der_getint_unittest.cc',
-        'der_private_key_import_unittest.cc',
         'der_quickder_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
--- a/security/nss/gtests/der_gtest/der_quickder_unittest.cc
+++ b/security/nss/gtests/der_gtest/der_quickder_unittest.cc
@@ -2,21 +2,22 @@
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <stdint.h>
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "scoped_ptrs_util.h"
 
 #include "nss.h"
 #include "prerror.h"
 #include "secasn1.h"
+#include "secder.h"
 #include "secerr.h"
 #include "secitem.h"
 
 const SEC_ASN1Template mySEC_NullTemplate[] = {
     {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}};
 
 namespace nss_test {
 
--- a/security/nss/gtests/der_gtest/manifest.mn
+++ b/security/nss/gtests/der_gtest/manifest.mn
@@ -3,22 +3,21 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 CORE_DEPTH = ../..
 DEPTH      = ../..
 MODULE = nss
 
 CPPSRCS = \
       der_getint_unittest.cc \
-      der_private_key_import_unittest.cc \
       der_quickder_unittest.cc \
       $(NULL)
 
 INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
-REQUIRES = nspr nss libdbm gtest
+REQUIRES = nspr gtest
 
 PROGRAM = der_gtest
 
 EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
-             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
+             $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
--- a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
+++ b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
@@ -9,16 +9,17 @@
   'targets': [
     {
       'target_name': 'freebl_gtest',
       'type': 'executable',
       'sources': [
         'mpi_unittest.cc',
         'dh_unittest.cc',
         'ecl_unittest.cc',
+        'ghash_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
         '<(DEPTH)/lib/nss/nss.gyp:nss_static',
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
@@ -45,16 +46,17 @@
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'OS=="win"', {
           'libraries': [
             'advapi32.lib',
           ],
         }],
       ],
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/freebl_gtest/ghash_unittest.cc
@@ -0,0 +1,55 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "gcm-vectors.h"
+#include "gtest/gtest.h"
+#include "util.h"
+
+#include "gcm.h"
+
+namespace nss_test {
+
+class GHashTest : public ::testing::TestWithParam<gcm_kat_value> {
+ protected:
+  void TestGHash(const gcm_kat_value val, bool sw) {
+    // Read test data.
+    std::vector<uint8_t> hash_key = hex_string_to_bytes(val.hash_key);
+    ASSERT_EQ(16UL, hash_key.size());
+    std::vector<uint8_t> additional_data =
+        hex_string_to_bytes(val.additional_data);
+    std::vector<uint8_t> result = hex_string_to_bytes(val.result);
+    std::vector<uint8_t> cipher_text(result.begin(), result.end() - 16);
+    std::vector<uint8_t> expected = hex_string_to_bytes(val.ghash);
+    ASSERT_EQ(16UL, expected.size());
+
+    // Prepare context.
+    gcmHashContext ghashCtx;
+    ASSERT_EQ(SECSuccess, gcmHash_InitContext(&ghashCtx, hash_key.data(), sw));
+
+    // Hash additional_data, cipher_text.
+    gcmHash_Reset(&ghashCtx,
+                  const_cast<const unsigned char *>(additional_data.data()),
+                  additional_data.size());
+    gcmHash_Update(&ghashCtx,
+                   const_cast<const unsigned char *>(cipher_text.data()),
+                   cipher_text.size());
+
+    // Finalise (hash in the length).
+    uint8_t result_bytes[16];
+    unsigned int out_len;
+    ASSERT_EQ(SECSuccess, gcmHash_Final(&ghashCtx, result_bytes, &out_len, 16));
+    ASSERT_EQ(16U, out_len);
+    EXPECT_EQ(expected, std::vector<uint8_t>(result_bytes, result_bytes + 16));
+  }
+};
+
+#ifdef NSS_X86_OR_X64
+TEST_P(GHashTest, KAT_X86_HW) { TestGHash(GetParam(), false); }
+#endif
+TEST_P(GHashTest, KAT_Sftw) { TestGHash(GetParam(), true); }
+
+INSTANTIATE_TEST_CASE_P(NISTTestVector, GHashTest,
+                        ::testing::ValuesIn(kGcmKatValues));
+
+}  // nss_test
--- a/security/nss/gtests/freebl_gtest/prng_kat_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/prng_kat_unittest.cc
@@ -3,20 +3,20 @@
 // You can obtain one at http://mozilla.org/MPL/2.0/.
 
 #include "nspr.h"
 #include "nss.h"
 #include "ssl.h"
 
 #include <cstdlib>
 #include <fstream>
-#include <string>
 
 #define GTEST_HAS_RTTI 0
 #include "gtest/gtest.h"
+#include "util.h"
 
 #include "blapi.h"
 
 namespace nss_test {
 
 typedef struct PRNGTestValuesStr {
   std::vector<uint8_t> entropy;
   std::vector<uint8_t> nonce;
@@ -39,25 +39,16 @@ std::string trim(std::string str) {
   if (strBegin == std::string::npos) {
     return "";
   }
   const auto strEnd = str.find_last_not_of(whitespace);
   const auto strRange = strEnd - strBegin + 1;
   return str.substr(strBegin, strRange);
 }
 
-std::vector<uint8_t> hex_string_to_bytes(std::string s) {
-  std::vector<uint8_t> bytes;
-  assert(s.length() % 2 == 0);
-  for (size_t i = 0; i < s.length(); i += 2) {
-    bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
-  }
-  return bytes;
-}
-
 std::vector<uint8_t> read_option_s(std::string& s) {
   size_t start = s.find("=") + 1;
   assert(start > 0);
   return hex_string_to_bytes(trim(s.substr(start, s.find("]", start))));
 }
 
 void print_bytes(std::vector<uint8_t> bytes, std::string name) {
   std::cout << name << ": ";
--- a/security/nss/gtests/manifest.mn
+++ b/security/nss/gtests/manifest.mn
@@ -1,18 +1,36 @@
 # 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 CORE_DEPTH = ..
 DEPTH      = ..
 
-DIRS = \
+LIB_SRCDIRS = \
 	google_test \
 	common \
+	$(NULL)
+
+ifneq ($(NSS_BUILD_WITHOUT_UTIL),1)
+UTIL_SRCDIRS = \
+	util_gtest \
+	der_gtest \
+	$(NULL)
+endif
+
+ifneq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
+ifneq ($(NSS_BUILD_UTIL_ONLY),1)
+NSS_SRCDIRS = \
 	certdb_gtest \
 	certhigh_gtest \
-	der_gtest \
-	util_gtest \
 	pk11_gtest \
 	ssl_gtest \
         nss_bogo_shim \
 	$(NULL)
+endif
+endif
+
+DIRS = \
+	$(LIB_SRCDIRS) \
+	$(UTIL_SRCDIRS) \
+	$(NSS_SRCDIRS) \
+	$(NULL)
--- a/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
+++ b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
@@ -30,39 +30,25 @@
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
         '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
-        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'disable_dbm==0', {
           'dependencies': [
             '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
           ],
         }],
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-          ],
-        }],
       ],
     }
   ],
   'target_defaults': {
     'defines': [
       'NSS_USE_STATIC_LIBS'
     ],
     'include_dirs': [
--- a/security/nss/gtests/pk11_gtest/manifest.mn
+++ b/security/nss/gtests/pk11_gtest/manifest.mn
@@ -11,21 +11,22 @@ CPPSRCS = \
       pk11_chacha20poly1305_unittest.cc \
       pk11_curve25519_unittest.cc \
       pk11_ecdsa_unittest.cc \
       pk11_export_unittest.cc \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \
       pk11_prng_unittest.cc \
       pk11_rsapss_unittest.cc \
+      pk11_der_private_key_import_unittest.cc \
       $(NULL)
 
 INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
 REQUIRES = nspr nss libdbm gtest
 
 PROGRAM = pk11_gtest
 
 EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
-             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
+             $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
 
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
@@ -0,0 +1,135 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secerr.h"
+#include "sechash.h"
+
+#include "scoped_ptrs.h"
+
+#include "gcm-vectors.h"
+#include "gtest/gtest.h"
+#include "util.h"
+
+namespace nss_test {
+
+class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
+ protected:
+  void RunTest(const gcm_kat_value val) {
+    std::vector<uint8_t> key = hex_string_to_bytes(val.key);
+    std::vector<uint8_t> iv = hex_string_to_bytes(val.iv);
+    std::vector<uint8_t> plaintext = hex_string_to_bytes(val.plaintext);
+    std::vector<uint8_t> aad = hex_string_to_bytes(val.additional_data);
+    std::vector<uint8_t> result = hex_string_to_bytes(val.result);
+
+    // Ignore GHASH-only vectors.
+    if (key.empty()) {
+      return;
+    }
+
+    // Prepare AEAD params.
+    CK_GCM_PARAMS gcmParams;
+    gcmParams.pIv = iv.data();
+    gcmParams.ulIvLen = iv.size();
+    gcmParams.pAAD = aad.data();
+    gcmParams.ulAADLen = aad.size();
+    gcmParams.ulTagBits = 128;
+
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams),
+                      sizeof(gcmParams)};
+
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    SECItem keyItem = {siBuffer, key.data(),
+                       static_cast<unsigned int>(key.size())};
+
+    // Import key.
+    ScopedPK11SymKey symKey(PK11_ImportSymKey(
+        slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
+    EXPECT_TRUE(!!symKey);
+
+    // Encrypt.
+    unsigned int outputLen = 0;
+    std::vector<uint8_t> output(plaintext.size() + gcmParams.ulTagBits / 8);
+    SECStatus rv =
+        PK11_Encrypt(symKey.get(), mech, &params, output.data(), &outputLen,
+                     output.size(), plaintext.data(), plaintext.size());
+    EXPECT_EQ(rv, SECSuccess);
+    ASSERT_EQ(outputLen, output.size());
+
+    // Check ciphertext and tag.
+    EXPECT_EQ(result, output);
+
+    // Decrypt.
+    unsigned int decryptedLen = 0;
+    // The PK11 AES API is stupid, it expects an explicit IV and thus wants
+    // a block more of available output memory.
+    std::vector<uint8_t> decrypted(output.size());
+    rv =
+        PK11_Decrypt(symKey.get(), mech, &params, decrypted.data(),
+                     &decryptedLen, decrypted.size(), output.data(), outputLen);
+    EXPECT_EQ(rv, SECSuccess);
+    ASSERT_EQ(decryptedLen, plaintext.size());
+
+    // Check the plaintext.
+    EXPECT_EQ(plaintext,
+              std::vector<uint8_t>(decrypted.begin(),
+                                   decrypted.begin() + decryptedLen));
+  }
+
+  SECStatus EncryptWithIV(std::vector<uint8_t>& iv) {
+    // Generate a random key.
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    ScopedPK11SymKey symKey(
+        PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr));
+    EXPECT_TRUE(!!symKey);
+
+    std::vector<uint8_t> data(17);
+    std::vector<uint8_t> output(33);
+    std::vector<uint8_t> aad(0);
+
+    // Prepare AEAD params.
+    CK_GCM_PARAMS gcmParams;
+    gcmParams.pIv = iv.data();
+    gcmParams.ulIvLen = iv.size();
+    gcmParams.pAAD = aad.data();
+    gcmParams.ulAADLen = aad.size();
+    gcmParams.ulTagBits = 128;
+
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams),
+                      sizeof(gcmParams)};
+
+    // Try to encrypt.
+    unsigned int outputLen = 0;
+    return PK11_Encrypt(symKey.get(), mech, &params, output.data(), &outputLen,
+                        output.size(), data.data(), data.size());
+  }
+
+  const CK_MECHANISM_TYPE mech = CKM_AES_GCM;
+};
+
+TEST_P(Pkcs11AesGcmTest, TestVectors) { RunTest(GetParam()); }
+
+INSTANTIATE_TEST_CASE_P(NISTTestVector, Pkcs11AesGcmTest,
+                        ::testing::ValuesIn(kGcmKatValues));
+
+TEST_F(Pkcs11AesGcmTest, ZeroLengthIV) {
+  std::vector<uint8_t> iv(0);
+  EXPECT_EQ(EncryptWithIV(iv), SECFailure);
+}
+
+TEST_F(Pkcs11AesGcmTest, AllZeroIV) {
+  std::vector<uint8_t> iv(16, 0);
+  EXPECT_EQ(EncryptWithIV(iv), SECSuccess);
+}
+
+TEST_F(Pkcs11AesGcmTest, TwelveByteZeroIV) {
+  std::vector<uint8_t> iv(12, 0);
+  EXPECT_EQ(EncryptWithIV(iv), SECSuccess);
+}
+
+}  // namespace nss_test
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
@@ -0,0 +1,110 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <climits>
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secutil.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+const std::vector<uint8_t> kValidRSAKey = {
+    // 512-bit RSA private key (PKCS#8)
+    0x30, 0x82, 0x01, 0x54, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x01, 0x3e, 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
+    0xa2, 0x40, 0xce, 0xb5, 0x4e, 0x70, 0xdc, 0x14, 0x82, 0x5b, 0x58, 0x7d,
+    0x2f, 0x5d, 0xfd, 0x46, 0x3c, 0x4b, 0x82, 0x50, 0xb6, 0x96, 0x00, 0x4a,
+    0x1a, 0xca, 0xaf, 0xe4, 0x9b, 0xcf, 0x38, 0x4a, 0x46, 0xaa, 0x9f, 0xb4,
+    0xd9, 0xc7, 0xee, 0x88, 0xe9, 0xef, 0x0a, 0x31, 0x5f, 0x53, 0x86, 0x8f,
+    0x63, 0x68, 0x0b, 0x58, 0x34, 0x72, 0x49, 0xba, 0xed, 0xd9, 0x34, 0x15,
+    0x16, 0xc4, 0xca, 0xb7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x40, 0x34,
+    0xe6, 0xdc, 0x7e, 0xd0, 0xec, 0x8b, 0x55, 0x44, 0x8b, 0x73, 0xf6, 0x9d,
+    0x13, 0x10, 0x19, 0x6e, 0x5f, 0x50, 0x45, 0xf0, 0xc2, 0x47, 0xa5, 0xe1,
+    0xc6, 0x64, 0x43, 0x2d, 0x6a, 0x0a, 0xf7, 0xe7, 0xda, 0x40, 0xb8, 0x3a,
+    0xf0, 0x47, 0xdd, 0x01, 0xf5, 0xe0, 0xa9, 0x0e, 0x47, 0xc2, 0x24, 0xd7,
+    0xb5, 0x13, 0x3a, 0x35, 0x4d, 0x11, 0xaa, 0x50, 0x03, 0xb3, 0xe8, 0x54,
+    0x6c, 0x99, 0x01, 0x02, 0x21, 0x00, 0xcd, 0xb2, 0xd7, 0xa7, 0x43, 0x5b,
+    0xcb, 0x45, 0xe5, 0x0e, 0x86, 0xf6, 0xc1, 0x4e, 0x97, 0xed, 0x78, 0x1f,
+    0x09, 0x56, 0xcd, 0x26, 0xe6, 0xf7, 0x5e, 0xd9, 0xfc, 0x88, 0x12, 0x5f,
+    0x84, 0x07, 0x02, 0x21, 0x00, 0xc9, 0xee, 0x30, 0xaf, 0x6c, 0xb9, 0x5a,
+    0xc9, 0xc1, 0x14, 0x9e, 0xd8, 0x4b, 0x33, 0x38, 0x48, 0x17, 0x41, 0x35,
+    0x94, 0x09, 0xf3, 0x69, 0xc4, 0x97, 0xbe, 0x17, 0x7d, 0x95, 0x0f, 0xb7,
+    0xd1, 0x02, 0x21, 0x00, 0x8b, 0x0e, 0xf9, 0x8d, 0x61, 0x13, 0x20, 0x63,
+    0x9b, 0x0b, 0x6c, 0x20, 0x4a, 0xe4, 0xa7, 0xfe, 0xe8, 0xf3, 0x0a, 0x6c,
+    0x3c, 0xfa, 0xac, 0xaf, 0xd4, 0xd6, 0xc7, 0x4a, 0xf2, 0x28, 0xd2, 0x67,
+    0x02, 0x20, 0x6b, 0x0e, 0x1d, 0xbf, 0x93, 0x5b, 0xbd, 0x77, 0x43, 0x27,
+    0x24, 0x83, 0xb5, 0x72, 0xa5, 0x3f, 0x0b, 0x1d, 0x26, 0x43, 0xa2, 0xf6,
+    0xea, 0xb7, 0x30, 0x5f, 0xb6, 0x62, 0x7c, 0xf9, 0x85, 0x51, 0x02, 0x20,
+    0x3d, 0x22, 0x63, 0x15, 0x6b, 0x32, 0x41, 0x46, 0x44, 0x78, 0xb7, 0x13,
+    0xeb, 0x85, 0x4c, 0x4f, 0x6b, 0x3e, 0xf0, 0x52, 0xf0, 0x46, 0x3b, 0x65,
+    0xd8, 0x21, 0x7d, 0xae, 0xc0, 0x09, 0x98, 0x34};
+
+const std::vector<uint8_t> kInvalidLengthKey = {
+    0x30, 0x1b,        // SEQUENCE(len=27)
+    0x02, 0x01, 0x00,  // INT(len=1) = 0
+    0x30, 0x13,        // SEQUENCE(len=19)
+    0x06, 0x07,        // OID(len=7)
+    // dhPublicKey (1.2.840.10046.2.1)
+    0x2a, 0x86, 0x48, 0xce, 0x3e, 0x02, 0x01, 0x06, 0x08,  // OID(len=8)
+    // prime256v1 (1.2.840.10045.3.1.7) */
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04,
+    0x00  // OCTET STRING(len=0)
+};
+
+const std::vector<uint8_t> kInvalidZeroLengthKey = {
+    0x30, 0x1a,        // SEQUENCE(len=26)
+    0x02, 0x01, 0x00,  // INT(len=1) = 0
+    0x30, 0x13,        // SEQUENCE(len=19)
+    0x06, 0x07,        // OID(len=7)
+    // dhPublicKey (1.2.840.10046.2.1)
+    0x2a, 0x86, 0x48, 0xce, 0x3e, 0x02, 0x01, 0x06, 0x08,  // OID(len=8)
+    // prime256v1 (1.2.840.10045.3.1.7) */
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04,
+    0x00  // OCTET STRING(len=0)
+};
+
+class DERPrivateKeyImportTest : public ::testing::Test {
+ public:
+  bool ParsePrivateKey(const std::vector<uint8_t>& data) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    EXPECT_TRUE(slot);
+
+    SECKEYPrivateKey* key = nullptr;
+    SECItem item = {siBuffer, const_cast<unsigned char*>(data.data()),
+                    (unsigned int)data.size()};
+
+    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+        slot.get(), &item, nullptr, nullptr, false, false, KU_ALL, &key,
+        nullptr);
+
+    EXPECT_EQ(rv == SECSuccess, key != nullptr);
+    SECKEY_DestroyPrivateKey(key);
+
+    return rv == SECSuccess;
+  }
+};
+
+TEST_F(DERPrivateKeyImportTest, ImportPrivateRSAKey) {
+  EXPECT_TRUE(ParsePrivateKey(kValidRSAKey));
+  EXPECT_FALSE(PORT_GetError());
+}
+
+TEST_F(DERPrivateKeyImportTest, ImportInvalidPrivateKey) {
+  EXPECT_FALSE(ParsePrivateKey(kInvalidLengthKey));
+  EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_DER);
+}
+
+TEST_F(DERPrivateKeyImportTest, ImportZeroLengthPrivateKey) {
+  EXPECT_FALSE(ParsePrivateKey(kInvalidZeroLengthKey));
+  EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_KEY);
+}
+
+}  // namespace nss_test
--- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -7,23 +7,25 @@
     '../common/gtest.gypi',
   ],
   'targets': [
     {
       'target_name': 'pk11_gtest',
       'type': 'executable',
       'sources': [
         'pk11_aeskeywrap_unittest.cc',
+        'pk11_aes_gcm_unittest.cc',
         'pk11_chacha20poly1305_unittest.cc',
         'pk11_curve25519_unittest.cc',
         'pk11_ecdsa_unittest.cc',
         'pk11_pbkdf2_unittest.cc',
         'pk11_prf_unittest.cc',
         'pk11_prng_unittest.cc',
         'pk11_rsapss_unittest.cc',
+        'pk11_der_private_key_import_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
       ],
       'conditions': [
--- a/security/nss/gtests/ssl_gtest/libssl_internals.c
+++ b/security/nss/gtests/ssl_gtest/libssl_internals.c
@@ -5,16 +5,17 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* This file contains functions for frobbing the internals of libssl */
 #include "libssl_internals.h"
 
 #include "nss.h"
 #include "pk11pub.h"
 #include "seccomon.h"
+#include "selfencrypt.h"
 
 SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return SECFailure;
   }
 
   ++ss->clientHelloVersion;
@@ -50,17 +51,26 @@ SECStatus SSLInt_UpdateSSLv2ClientRandom
   return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
 }
 
 PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext) {
   sslSocket *ss = ssl_FindSocket(fd);
   return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
 }
 
-void SSLInt_ClearSessionTicketKey() { ssl_ResetSessionTicketKeys(); }
+void SSLInt_ClearSelfEncryptKey() { ssl_ResetSelfEncryptKeys(); }
+
+sslSelfEncryptKeys *ssl_GetSelfEncryptKeysInt();
+
+void SSLInt_SetSelfEncryptMacKey(PK11SymKey *key) {
+  sslSelfEncryptKeys *keys = ssl_GetSelfEncryptKeysInt();
+
+  PK11_FreeSymKey(keys->macKey);
+  keys->macKey = key;
+}
 
 SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
     return SECFailure;
   }
   ss->ssl3.mtu = mtu;
   return SECSuccess;
--- a/security/nss/gtests/ssl_gtest/libssl_internals.h
+++ b/security/nss/gtests/ssl_gtest/libssl_internals.h
@@ -17,17 +17,18 @@
 
 SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
 
 SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
                                          size_t rnd_len, uint8_t *msg,
                                          size_t msg_len);
 
 PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
-void SSLInt_ClearSessionTicketKey();
+void SSLInt_ClearSelfEncryptKey();
+void SSLInt_SetSelfEncryptMacKey(PK11SymKey *key);
 PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd);
 void SSLInt_PrintTls13CipherSpecs(PRFileDesc *fd);
 void SSLInt_ForceTimerExpiry(PRFileDesc *fd);
 SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu);
 PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd);
 PRBool SSLInt_DamageClientHsTrafficSecret(PRFileDesc *fd);
 PRBool SSLInt_DamageServerHsTrafficSecret(PRFileDesc *fd);
 PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd);
--- a/security/nss/gtests/ssl_gtest/manifest.mn
+++ b/security/nss/gtests/ssl_gtest/manifest.mn
@@ -7,19 +7,16 @@ DEPTH      = ../..
 MODULE = nss
 
 # These sources have access to libssl internals
 CSRCS = \
       libssl_internals.c \
       $(NULL)
 
 CPPSRCS = \
-      $(CORE_DEPTH)/cpputil/dummy_io.cc \
-      $(CORE_DEPTH)/cpputil/dummy_io_fwd.cc \
-      $(CORE_DEPTH)/cpputil/tls_parser.cc \
       ssl_0rtt_unittest.cc \
       ssl_agent_unittest.cc \
       ssl_auth_unittest.cc \
       ssl_cert_ext_unittest.cc \
       ssl_ciphersuite_unittest.cc \
       ssl_damage_unittest.cc \
       ssl_dhe_unittest.cc \
       ssl_drop_unittest.cc \
@@ -35,26 +32,30 @@ CPPSRCS = \
       ssl_loopback_unittest.cc \
       ssl_record_unittest.cc \
       ssl_resumption_unittest.cc \
       ssl_skip_unittest.cc \
       ssl_staticrsa_unittest.cc \
       ssl_v2_client_hello_unittest.cc \
       ssl_version_unittest.cc \
       ssl_versionpolicy_unittest.cc \
+      selfencrypt_unittest.cc \
       test_io.cc \
       tls_agent.cc \
       tls_connect.cc \
       tls_hkdf_unittest.cc \
       tls_filter.cc \
       tls_protect.cc \
       $(NULL)
 
 INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
-REQUIRES = nspr nss libdbm gtest
+REQUIRES = nspr nss libdbm gtest cpputil
 
 PROGRAM = ssl_gtest
-EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
+EXTRA_LIBS += \
+      $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+      $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
+      $(NULL)
 
 USE_STATIC_LIBS = 1
new file mode 100644
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/selfencrypt_unittest.cc
@@ -0,0 +1,281 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+extern "C" {
+#include "sslimpl.h"
+#include "selfencrypt.h"
+}
+
+#include "databuffer.h"
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+static const uint8_t kAesKey1Buf[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
+                                      0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+                                      0x0c, 0x0d, 0x0e, 0x0f};
+static const DataBuffer kAesKey1(kAesKey1Buf, sizeof(kAesKey1Buf));
+
+static const uint8_t kAesKey2Buf[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+                                      0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+                                      0x1c, 0x1d, 0x1e, 0x1f};
+static const DataBuffer kAesKey2(kAesKey2Buf, sizeof(kAesKey2Buf));
+
+static const uint8_t kHmacKey1Buf[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+    0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+    0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f};
+static const DataBuffer kHmacKey1(kHmacKey1Buf, sizeof(kHmacKey1Buf));
+
+static const uint8_t kHmacKey2Buf[] = {
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a,
+    0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
+    0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
+static const DataBuffer kHmacKey2(kHmacKey2Buf, sizeof(kHmacKey2Buf));
+
+static const uint8_t* kKeyName1 =
+    reinterpret_cast<const unsigned char*>("KEY1KEY1KEY1KEY1");
+static const uint8_t* kKeyName2 =
+    reinterpret_cast<const uint8_t*>("KEY2KEY2KEY2KEY2");
+
+static void ImportKey(const DataBuffer& key, PK11SlotInfo* slot,
+                      CK_MECHANISM_TYPE mech, CK_ATTRIBUTE_TYPE cka,
+                      ScopedPK11SymKey* to) {
+  SECItem key_item = {siBuffer, const_cast<uint8_t*>(key.data()),
+                      static_cast<unsigned int>(key.len())};
+
+  PK11SymKey* inner =
+      PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, cka, &key_item, nullptr);
+  ASSERT_NE(nullptr, inner);
+  to->reset(inner);
+}
+
+extern "C" {
+extern char ssl_trace;
+extern FILE* ssl_trace_iob;
+}
+
+class SelfEncryptTestBase : public ::testing::Test {
+ public:
+  SelfEncryptTestBase(size_t message_size)
+      : aes1_(),
+        aes2_(),
+        hmac1_(),
+        hmac2_(),
+        message_(),
+        slot_(PK11_GetInternalSlot()) {
+    EXPECT_NE(nullptr, slot_);
+    char* ev = getenv("SSLTRACE");
+    if (ev && ev[0]) {
+      ssl_trace = atoi(ev);
+      ssl_trace_iob = stderr;
+    }
+    message_.Allocate(message_size);
+    for (size_t i = 0; i < message_.len(); ++i) {
+      message_.data()[i] = i;
+    }
+  }
+
+  void SetUp() {
+    message_.Allocate(100);
+    for (size_t i = 0; i < 100; ++i) {
+      message_.data()[i] = i;
+    }
+    ImportKey(kAesKey1, slot_.get(), CKM_AES_CBC, CKA_ENCRYPT, &aes1_);
+    ImportKey(kAesKey2, slot_.get(), CKM_AES_CBC, CKA_ENCRYPT, &aes2_);
+    ImportKey(kHmacKey1, slot_.get(), CKM_SHA256_HMAC, CKA_SIGN, &hmac1_);
+    ImportKey(kHmacKey2, slot_.get(), CKM_SHA256_HMAC, CKA_SIGN, &hmac2_);
+  }
+
+  void SelfTest(
+      const uint8_t* writeKeyName, const ScopedPK11SymKey& writeAes,
+      const ScopedPK11SymKey& writeHmac, const uint8_t* readKeyName,
+      const ScopedPK11SymKey& readAes, const ScopedPK11SymKey& readHmac,
+      PRErrorCode protect_error_code = 0, PRErrorCode unprotect_error_code = 0,
+      std::function<void(uint8_t* ciphertext, unsigned int* ciphertext_len)>
+          mutate = nullptr) {
+    uint8_t ciphertext[1000];
+    unsigned int ciphertext_len;
+    uint8_t plaintext[1000];
+    unsigned int plaintext_len;
+
+    SECStatus rv = ssl_SelfEncryptProtectInt(
+        writeAes.get(), writeHmac.get(), writeKeyName, message_.data(),
+        message_.len(), ciphertext, &ciphertext_len, sizeof(ciphertext));
+    if (rv != SECSuccess) {
+      std::cerr << "Error: " << PORT_ErrorToName(PORT_GetError()) << std::endl;
+    }
+    if (protect_error_code) {
+      ASSERT_EQ(protect_error_code, PORT_GetError());
+      return;
+    }
+    ASSERT_EQ(SECSuccess, rv);
+
+    if (mutate) {
+      mutate(ciphertext, &ciphertext_len);
+    }
+    rv = ssl_SelfEncryptUnprotectInt(readAes.get(), readHmac.get(), readKeyName,
+                                     ciphertext, ciphertext_len, plaintext,
+                                     &plaintext_len, sizeof(plaintext));
+    if (rv != SECSuccess) {
+      std::cerr << "Error: " << PORT_ErrorToName(PORT_GetError()) << std::endl;
+    }
+    if (!unprotect_error_code) {
+      ASSERT_EQ(SECSuccess, rv);
+      EXPECT_EQ(message_.len(), plaintext_len);
+      EXPECT_EQ(0, memcmp(message_.data(), plaintext, message_.len()));
+    } else {
+      ASSERT_EQ(SECFailure, rv);
+      EXPECT_EQ(unprotect_error_code, PORT_GetError());
+    }
+  }
+
+ protected:
+  ScopedPK11SymKey aes1_;
+  ScopedPK11SymKey aes2_;
+  ScopedPK11SymKey hmac1_;
+  ScopedPK11SymKey hmac2_;
+  DataBuffer message_;
+
+ private:
+  ScopedPK11SlotInfo slot_;
+};
+
+class SelfEncryptTestVariable : public SelfEncryptTestBase,
+                                public ::testing::WithParamInterface<size_t> {
+ public:
+  SelfEncryptTestVariable() : SelfEncryptTestBase(GetParam()) {}
+};
+
+class SelfEncryptTest128 : public SelfEncryptTestBase {
+ public:
+  SelfEncryptTest128() : SelfEncryptTestBase(128) {}
+};
+
+TEST_P(SelfEncryptTestVariable, SuccessCase) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_);
+}
+
+TEST_P(SelfEncryptTestVariable, WrongMacKey) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac2_, 0,
+           SEC_ERROR_BAD_DATA);
+}
+
+TEST_P(SelfEncryptTestVariable, WrongKeyName) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName2, aes1_, hmac1_, 0,
+           SEC_ERROR_NOT_A_RECIPIENT);
+}
+
+TEST_P(SelfEncryptTestVariable, AddAByte) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             (*ciphertext_len)++;
+           });
+}
+
+TEST_P(SelfEncryptTestVariable, SubtractAByte) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             (*ciphertext_len)--;
+           });
+}
+
+TEST_P(SelfEncryptTestVariable, BogusIv) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             ciphertext[16]++;
+           });
+}
+
+TEST_P(SelfEncryptTestVariable, BogusCiphertext) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             ciphertext[32]++;
+           });
+}
+
+TEST_P(SelfEncryptTestVariable, BadMac) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             ciphertext[*ciphertext_len - 1]++;
+           });
+}
+
+TEST_F(SelfEncryptTest128, DISABLED_BadPadding) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes2_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA);
+}
+
+TEST_F(SelfEncryptTest128, ShortKeyName) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             *ciphertext_len = 15;
+           });
+}
+
+TEST_F(SelfEncryptTest128, ShortIv) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             *ciphertext_len = 31;
+           });
+}
+
+TEST_F(SelfEncryptTest128, ShortCiphertextLen) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             *ciphertext_len = 32;
+           });
+}
+
+TEST_F(SelfEncryptTest128, ShortCiphertext) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, hmac1_, 0,
+           SEC_ERROR_BAD_DATA,
+           [](uint8_t* ciphertext, unsigned int* ciphertext_len) {
+             *ciphertext_len -= 17;
+           });
+}
+
+TEST_F(SelfEncryptTest128, MacWithAESKeyEncrypt) {
+  SelfTest(kKeyName1, aes1_, aes1_, kKeyName1, aes1_, hmac1_,
+           SEC_ERROR_LIBRARY_FAILURE);
+}
+
+TEST_F(SelfEncryptTest128, AESWithMacKeyEncrypt) {
+  SelfTest(kKeyName1, hmac1_, hmac1_, kKeyName1, aes1_, hmac1_,
+           SEC_ERROR_INVALID_KEY);
+}
+
+TEST_F(SelfEncryptTest128, MacWithAESKeyDecrypt) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, aes1_, aes1_, 0,
+           SEC_ERROR_LIBRARY_FAILURE);
+}
+
+TEST_F(SelfEncryptTest128, AESWithMacKeyDecrypt) {
+  SelfTest(kKeyName1, aes1_, hmac1_, kKeyName1, hmac1_, hmac1_, 0,
+           SEC_ERROR_INVALID_KEY);
+}
+
+INSTANTIATE_TEST_CASE_P(VariousSizes, SelfEncryptTestVariable,
+                        ::testing::Values(0, 15, 16, 31, 255, 256, 257));
+
+}  // namespace nss_test
--- a/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
@@ -276,23 +276,18 @@ FUZZ_P(TlsConnectGeneric, UnencryptedSes
   server_->SetPacketFilter(i1);
   Connect();
 
   size_t offset = 4; /* lifetime */
   if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
     offset += 1 + 1 + /* ke_modes */
               1 + 1;  /* auth_modes */
   }
-
-  offset += 2 +  /* ticket length */
-            16 + /* SESS_TICKET_KEY_NAME_LEN */
-            16 + /* AES-128 IV */
-            2 +  /* ciphertext length */
-            2;   /* TLS_EX_SESS_TICKET_VERSION */
-
+  offset += 2 + /* ticket length */
+            2;  /* TLS_EX_SESS_TICKET_VERSION */
   // Check the protocol version number.
   uint32_t tls_version = 0;
   EXPECT_TRUE(i1->buffer().Read(offset, sizeof(version_), &tls_version));
   EXPECT_EQ(version_, static_cast<decltype(version_)>(tls_version));
 
   // Check the cipher suite.
   uint32_t suite = 0;
   EXPECT_TRUE(i1->buffer().Read(offset + sizeof(version_), 2, &suite));
--- a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
@@ -7,16 +7,17 @@
     '../common/gtest.gypi',
   ],
   'targets': [
     {
       'target_name': 'ssl_gtest',
       'type': 'executable',
       'sources': [
         'libssl_internals.c',
+        'selfencrypt_unittest.cc',
         'ssl_0rtt_unittest.cc',
         'ssl_agent_unittest.cc',
         'ssl_auth_unittest.cc',
         'ssl_cert_ext_unittest.cc',
         'ssl_ciphersuite_unittest.cc',
         'ssl_damage_unittest.cc',
         'ssl_dhe_unittest.cc',
         'ssl_drop_unittest.cc',
@@ -56,16 +57,17 @@
         '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
         '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'test_build==1', {
           'dependencies': [
             '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
           ],
         }, {
           'dependencies': [
@@ -75,31 +77,16 @@
             '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
           ],
         }],
         [ 'disable_dbm==0', {
           'dependencies': [
             '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
           ],
         }],
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-          ],
-        }],
       ],
     }
   ],
   'target_defaults': {
     'include_dirs': [
       '../../lib/ssl'
     ],
     'defines': [
--- a/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
@@ -193,38 +193,40 @@ TEST_P(TlsConnectGeneric, ConnectSendRec
 // automatically read the first 1024 bytes, so if
 // we provide 1200 bytes, they overrun the read buffer
 // provided by the calling test.
 
 // DTLS should return an error.
 TEST_P(TlsConnectDatagram, ShortRead) {
   Connect();
   client_->ExpectReadWriteError();
-  server_->SendData(1200, 1200);
-  client_->WaitForErrorCode(SSL_ERROR_RX_SHORT_DTLS_READ, 2000);
+  server_->SendData(50, 50);
+  client_->ReadBytes(20);
+  EXPECT_EQ(0U, client_->received_bytes());
+  EXPECT_EQ(SSL_ERROR_RX_SHORT_DTLS_READ, PORT_GetError());
 
   // Now send and receive another packet.
   server_->ResetSentBytes();  // Reset the counter.
   SendReceive();
 }
 
 // TLS should get the write in two chunks.
 TEST_P(TlsConnectStream, ShortRead) {
   // This test behaves oddly with TLS 1.0 because of 1/n+1 splitting,
   // so skip in that case.
   if (version_ < SSL_LIBRARY_VERSION_TLS_1_1) return;
 
   Connect();
-  server_->SendData(1200, 1200);
+  server_->SendData(50, 50);
   // Read the first tranche.
-  WAIT_(client_->received_bytes() == 1024, 2000);
-  ASSERT_EQ(1024U, client_->received_bytes());
+  client_->ReadBytes(20);
+  ASSERT_EQ(20U, client_->received_bytes());
   // The second tranche should now immediately be available.
   client_->ReadBytes();
-  ASSERT_EQ(1200U, client_->received_bytes());
+  ASSERT_EQ(50U, client_->received_bytes());
 }
 
 TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
   EnsureTlsSetup();
   client_->EnableCompression();
   server_->EnableCompression();
   Connect();
   EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 &&
--- a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
@@ -253,16 +253,40 @@ TEST_P(TlsConnectGeneric, ConnectWithExp
   EXPECT_LT(0U, capture->extension().len());
 
   WAIT_(false, 1000);  // Let the ticket expire on the server.
 
   Handshake();
   CheckConnected();
 }
 
+TEST_P(TlsConnectGeneric, ConnectResumeCorruptTicket) {
+  // This causes a ticket resumption.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  static const uint8_t kHmacKey1Buf[32] = {0};
+  static const DataBuffer kHmacKey1(kHmacKey1Buf, sizeof(kHmacKey1Buf));
+
+  SECItem key_item = {siBuffer, const_cast<uint8_t*>(kHmacKey1Buf),
+                      sizeof(kHmacKey1Buf)};
+
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  PK11SymKey* hmac_key =
+      PK11_ImportSymKey(slot.get(), CKM_SHA256_HMAC, PK11_OriginUnwrap,
+                        CKA_SIGN, &key_item, nullptr);
+  ASSERT_NE(nullptr, hmac_key);
+  SSLInt_SetSelfEncryptMacKey(hmac_key);
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConnectExpectAlert(server_, illegal_parameter);
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+}
+
 // This callback switches out the "server" cert used on the server with
 // the "client" certificate, which should be the same type.
 static int32_t SwitchCertificates(TlsAgent* agent, const SECItem* srvNameArr,
                                   uint32_t srvNameArrSize) {
   bool ok = agent->ConfigServerCert("client");
   if (!ok) return SSL_SNI_SEND_ALERT;
 
   return 0;  // first config
@@ -622,17 +646,17 @@ TEST_F(TlsConnectTest, TestTls13Resumpti
 
 // Check that resumption works after receiving two NST messages.
 TEST_F(TlsConnectTest, TestTls13ResumptionDuplicateNST) {
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   Connect();
 
   // Clear the session ticket keys to invalidate the old ticket.
-  SSLInt_ClearSessionTicketKey();
+  SSLInt_ClearSelfEncryptKey();
   SSLInt_SendNewSessionTicket(server_->ssl_fd());
 
   SendReceive();  // Need to read so that we absorb the session tickets.
   CheckKeys();
 
   // Resume the connection.
   Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
--- a/security/nss/gtests/ssl_gtest/tls_agent.cc
+++ b/security/nss/gtests/ssl_gtest/tls_agent.cc
@@ -913,20 +913,20 @@ void TlsAgent::SendBuffer(const DataBuff
     EXPECT_NE(PR_WOULD_BLOCK_ERROR, error_code_);
     error_code_ = PR_GetError();
     expect_readwrite_error_ = false;
   } else {
     ASSERT_EQ(buf.len(), static_cast<size_t>(rv));
   }
 }
 
-void TlsAgent::ReadBytes() {
-  uint8_t block[1024];
+void TlsAgent::ReadBytes(size_t amount) {
+  uint8_t block[16384];
 
-  int32_t rv = PR_Read(ssl_fd(), block, sizeof(block));
+  int32_t rv = PR_Read(ssl_fd(), block, (std::min)(amount, sizeof(block)));
   LOGV("ReadBytes " << rv);
   int32_t err;
 
   if (rv >= 0) {
     size_t count = static_cast<size_t>(rv);
     for (size_t i = 0; i < count; ++i) {
       ASSERT_EQ(recv_ctr_ & 0xff, block[i]);
       recv_ctr_++;
--- a/security/nss/gtests/ssl_gtest/tls_agent.h
+++ b/security/nss/gtests/ssl_gtest/tls_agent.h
@@ -146,17 +146,17 @@ class TlsAgent : public PollTarget {
   void CheckSrtp() const;
   void CheckErrorCode(int32_t expected) const;
   void WaitForErrorCode(int32_t expected, uint32_t delay) const;
   // Send data on the socket, encrypting it.
   void SendData(size_t bytes, size_t blocksize = 1024);
   void SendBuffer(const DataBuffer& buf);
   // Send data directly to the underlying socket, skipping the TLS layer.
   void SendDirect(const DataBuffer& buf);
-  void ReadBytes();
+  void ReadBytes(size_t max = 16384U);
   void ResetSentBytes();  // Hack to test drops.
   void EnableExtendedMasterSecret();
   void CheckExtendedMasterSecret(bool expected);
   void CheckEarlyDataAccepted(bool expected);
   void DisableRollbackDetection();
   void EnableCompression();
   void SetDowngradeCheckVersion(uint16_t version);
   void CheckSecretsDestroyed();
--- a/security/nss/gtests/ssl_gtest/tls_connect.cc
+++ b/security/nss/gtests/ssl_gtest/tls_connect.cc
@@ -164,35 +164,35 @@ void TlsConnectTestBase::CheckShares(
 void TlsConnectTestBase::ClearStats() {
   // Clear statistics.
   SSL3Statistics* stats = SSL_GetStatistics();
   memset(stats, 0, sizeof(*stats));
 }
 
 void TlsConnectTestBase::ClearServerCache() {
   SSL_ShutdownServerSessionIDCache();
-  SSLInt_ClearSessionTicketKey();
+  SSLInt_ClearSelfEncryptKey();
   SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
 }
 
 void TlsConnectTestBase::SetUp() {
   SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
-  SSLInt_ClearSessionTicketKey();
+  SSLInt_ClearSelfEncryptKey();
   SSLInt_SetTicketLifetime(30);
   SSLInt_SetMaxEarlyDataSize(1024);
   ClearStats();
   Init();
 }
 
 void TlsConnectTestBase::TearDown() {
   client_ = nullptr;
   server_ = nullptr;
 
   SSL_ClearSessionCache();
-  SSLInt_ClearSessionTicketKey();
+  SSLInt_ClearSelfEncryptKey();
   SSL_ShutdownServerSessionIDCache();
 }
 
 void TlsConnectTestBase::Init() {
   client_->SetPeer(server_);
   server_->SetPeer(client_);
 
   if (version_) {
--- a/security/nss/gtests/util_gtest/manifest.mn
+++ b/security/nss/gtests/util_gtest/manifest.mn
@@ -20,10 +20,10 @@ INCLUDES += \
 
 REQUIRES = nspr gtest
 
 PROGRAM = util_gtest
 
 EXTRA_LIBS = \
 	$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
-	../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
 	$(NULL)
--- a/security/nss/gtests/util_gtest/util_b64_unittest.cc
+++ b/security/nss/gtests/util_gtest/util_b64_unittest.cc
@@ -4,17 +4,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <climits>
 #include <memory>
 #include "nssb64.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "scoped_ptrs_util.h"
 
 namespace nss_test {
 
 class B64EncodeDecodeTest : public ::testing::Test {
  public:
   void TestDecodeStr(const std::string &str) {
     ScopedSECItem tmp(
         NSSBase64_DecodeBuffer(nullptr, nullptr, str.c_str(), str.size()));
--- a/security/nss/gtests/util_gtest/util_gtest.gyp
+++ b/security/nss/gtests/util_gtest/util_gtest.gyp
@@ -24,16 +24,17 @@
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'OS=="win"', {
           'libraries': [
             'advapi32.lib',
           ],
         }],
       ],
--- a/security/nss/gtests/util_gtest/util_pkcs11uri_unittest.cc
+++ b/security/nss/gtests/util_gtest/util_pkcs11uri_unittest.cc
@@ -4,17 +4,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <climits>
 #include <memory>
 #include "pkcs11uri.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "scoped_ptrs_util.h"
 
 namespace nss_test {
 
 class PK11URITest : public ::testing::Test {
  public:
   bool TestCreate(const PK11URIAttribute *pattrs, size_t num_pattrs,
                   const PK11URIAttribute *qattrs, size_t num_qattrs) {
     ScopedPK11URI tmp(
--- a/security/nss/help.txt
+++ b/security/nss/help.txt
@@ -1,13 +1,13 @@
-Usage: ${0##*/} [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
+Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
                 [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
                 [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
                 [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
-                [--no-zdefs] [--with-nspr] [--system-nspr]
+                [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
 
 This script builds NSS with gyp and ninja.
 
 This build system is still under development.  It does not yet support all
 the features or platforms that NSS supports.
 
 NSS build tool options:
 
@@ -35,8 +35,9 @@ NSS build tool options:
                      --sancov=func sets coverage to function level for example
     --disable-tests  don't build tests and corresponding cmdline utils
     --system-sqlite  use system sqlite
     --no-zdefs       don't set -Wl,-z,defs
     --with-nspr      don't build NSPR but use the one at the given location, e.g.
                      --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
     --system-nspr    use system nspr. This requires an installation of NSPR and
                      might not work on all systems.
+    --enable-libpkix make libpkix part of the build.
--- a/security/nss/lib/certdb/secname.c
+++ b/security/nss/lib/certdb/secname.c
@@ -563,18 +563,18 @@ CERT_CompareRDN(const CERTRDN *a, const 
             return SECGreaterThan;
     }
     return rv;
 }
 
 SECComparison
 CERT_CompareName(const CERTName *a, const CERTName *b)
 {
-    CERTRDN **ardns, *ardn;
-    CERTRDN **brdns, *brdn;
+    CERTRDN **ardns;
+    CERTRDN **brdns;
     int ac, bc;
     SECComparison rv = SECEqual;
 
     ardns = a->rdns;
     brdns = b->rdns;
 
     /*
     ** Make sure array of rdn's are the same length. If not, then we are
@@ -582,28 +582,18 @@ CERT_CompareName(const CERTName *a, cons
     */
     ac = CountArray((void **)ardns);
     bc = CountArray((void **)brdns);
     if (ac < bc)
         return SECLessThan;
     if (ac > bc)
         return SECGreaterThan;
 
-    for (;;) {
-        if (!ardns++ || !brdns++) {
-            break;
-        }
-        ardn = *ardns;
-        brdn = *brdns;
-        if (!ardn) {
-            break;
-        }
-        rv = CERT_CompareRDN(ardn, brdn);
-        if (rv)
-            return rv;
+    while (rv == SECEqual && *ardns) {
+        rv = CERT_CompareRDN(*ardns++, *brdns++);
     }
     return rv;
 }
 
 /* Moved from certhtml.c */
 SECItem *
 CERT_DecodeAVAValue(const SECItem *derAVAValue)
 {
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -105,16 +105,17 @@ endif
 ifdef FREEBL_PRELINK_COMMAND
 	DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\"
 endif
 # NSS_X86 means the target is a 32-bits x86 CPU architecture
 # NSS_X64 means the target is a 64-bits 64 CPU architecture
 # NSS_X86_OR_X64 means the target is either x86 or x64
 ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
         DEFINES += -DNSS_X86_OR_X64
+        CFLAGS += -mpclmul -maes
 ifneq (,$(USE_64)$(USE_X32))
         DEFINES += -DNSS_X64
 else
         DEFINES += -DNSS_X86
 endif
 endif
 
 ifeq ($(OS_TARGET),OSF1)
--- a/security/nss/lib/freebl/aeskeywrap.c
+++ b/security/nss/lib/freebl/aeskeywrap.c
@@ -17,30 +17,37 @@
 #endif
 #include "prtypes.h" /* for PRUintXX */
 #include "secport.h" /* for PORT_XXX */
 #include "secerr.h"
 #include "blapi.h" /* for AES_ functions */
 #include "rijndael.h"
 
 struct AESKeyWrapContextStr {
+    AESContext aescx;
     unsigned char iv[AES_KEY_WRAP_IV_BYTES];
-    AESContext aescx;
+    void *mem; /* Pointer to beginning of allocated memory. */
 };
 
 /******************************************/
 /*
 ** AES key wrap algorithm, RFC 3394
 */
 
 AESKeyWrapContext *
 AESKeyWrap_AllocateContext(void)
 {
-    AESKeyWrapContext *cx = PORT_New(AESKeyWrapContext);
-    return cx;
+    /* aligned_alloc is C11 so we have to do it the old way. */
+    AESKeyWrapContext *ctx = PORT_ZAlloc(sizeof(AESKeyWrapContext) + 15);
+    if (ctx == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    ctx->mem = ctx;
+    return (AESKeyWrapContext *)(((uintptr_t)ctx + 15) & ~(uintptr_t)0x0F);
 }
 
 SECStatus
 AESKeyWrap_InitContext(AESKeyWrapContext *cx,
                        const unsigned char *key,
                        unsigned int keylen,
                        const unsigned char *iv,
                        int x1,
@@ -72,35 +79,36 @@ AESKeyWrap_CreateContext(const unsigned 
                          int encrypt, unsigned int keylen)
 {
     SECStatus rv;
     AESKeyWrapContext *cx = AESKeyWrap_AllocateContext();
     if (!cx)
         return NULL; /* error is already set */
     rv = AESKeyWrap_InitContext(cx, key, keylen, iv, 0, encrypt, 0);
     if (rv != SECSuccess) {
-        PORT_Free(cx);
+        PORT_Free(cx->mem);
         cx = NULL; /* error should already be set */
     }
     return cx;
 }
 
 /*
 ** Destroy a AES KeyWrap context.
 **  "cx" the context
 **  "freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void
 AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
 {
     if (cx) {
         AES_DestroyContext(&cx->aescx, PR_FALSE);
         /*  memset(cx, 0, sizeof *cx); */
-        if (freeit)
-            PORT_Free(cx);
+        if (freeit) {
+            PORT_Free(cx->mem);
+        }
     }
 }
 
 #if !BIG_ENDIAN_WITH_64_BIT_REGISTERS
 
 /* The AES Key Wrap algorithm has 64-bit values that are ALWAYS big-endian
 ** (Most significant byte first) in memory.  The only ALU operations done
 ** on them are increment, decrement, and XOR.  So, on little-endian CPUs,
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -796,18 +796,17 @@ SEED_Decrypt(SEEDContext *cx, unsigned c
 /*
 ** AES symmetric block cypher (Rijndael)
 */
 
 /*
 ** Create a new AES context suitable for AES encryption/decryption.
 **  "key" raw key data
 **  "keylen" the number of bytes of key data (16, 24, or 32)
-**      "blocklen" is the blocksize to use (16, 24, or 32)
-**                        XXX currently only blocksize==16 has been tested!
+**  "blocklen" is the blocksize to use. NOTE: only 16 is supported!
 */
 extern AESContext *
 AES_CreateContext(const unsigned char *key, const unsigned char *iv,
                   int mode, int encrypt,
                   unsigned int keylen, unsigned int blocklen);
 extern AESContext *AES_AllocateContext(void);
 extern SECStatus AES_InitContext(AESContext *cx,
                                  const unsigned char *key,
--- a/security/nss/lib/freebl/blapii.h
+++ b/security/nss/lib/freebl/blapii.h
@@ -46,16 +46,28 @@ SEC_END_PROTOS
 #endif
 
 #if defined(__clang__)
 #define HAVE_NO_SANITIZE_ATTR __has_attribute(no_sanitize)
 #else
 #define HAVE_NO_SANITIZE_ATTR 0
 #endif
 
+/* Alignment helpers. */
+#if defined(_WINDOWS) && defined(NSS_X86_OR_X64)
+#define pre_align __declspec(align(16))
+#define post_align
+#elif defined(NSS_X86_OR_X64)
+#define pre_align
+#define post_align __attribute__((aligned(16)))
+#else
+#define pre_align
+#define post_align
+#endif
+
 #if defined(HAVE_UNALIGNED_ACCESS) && HAVE_NO_SANITIZE_ATTR
 #define NO_SANITIZE_ALIGNMENT __attribute__((no_sanitize("alignment")))
 #else
 #define NO_SANITIZE_ALIGNMENT
 #endif
 
 #undef HAVE_NO_SANITIZE_ATTR
 
--- a/security/nss/lib/freebl/ctr.c
+++ b/security/nss/lib/freebl/ctr.c
@@ -14,58 +14,58 @@
 
 #ifdef USE_HW_AES
 #include "intel-aes.h"
 #include "rijndael.h"
 #endif
 
 SECStatus
 CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher,
-                const unsigned char *param, unsigned int blocksize)
+                const unsigned char *param)
 {
     const CK_AES_CTR_PARAMS *ctrParams = (const CK_AES_CTR_PARAMS *)param;
 
     if (ctrParams->ulCounterBits == 0 ||
-        ctrParams->ulCounterBits > blocksize * PR_BITS_PER_BYTE) {
+        ctrParams->ulCounterBits > AES_BLOCK_SIZE * PR_BITS_PER_BYTE) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
-    /* Invariant: 0 < ctr->bufPtr <= blocksize */
+    /* Invariant: 0 < ctr->bufPtr <= AES_BLOCK_SIZE */
     ctr->checkWrap = PR_FALSE;
-    ctr->bufPtr = blocksize; /* no unused data in the buffer */
+    ctr->bufPtr = AES_BLOCK_SIZE; /* no unused data in the buffer */
     ctr->cipher = cipher;
     ctr->context = context;
     ctr->counterBits = ctrParams->ulCounterBits;
-    if (blocksize > sizeof(ctr->counter) ||
-        blocksize > sizeof(ctrParams->cb)) {
+    if (AES_BLOCK_SIZE > sizeof(ctr->counter) ||
+        AES_BLOCK_SIZE > sizeof(ctrParams->cb)) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
-    PORT_Memcpy(ctr->counter, ctrParams->cb, blocksize);
+    PORT_Memcpy(ctr->counter, ctrParams->cb, AES_BLOCK_SIZE);
     if (ctr->counterBits < 64) {
-        PORT_Memcpy(ctr->counterFirst, ctr->counter, blocksize);
+        PORT_Memcpy(ctr->counterFirst, ctr->counter, AES_BLOCK_SIZE);
         ctr->checkWrap = PR_TRUE;
     }
     return SECSuccess;
 }
 
 CTRContext *
 CTR_CreateContext(void *context, freeblCipherFunc cipher,
-                  const unsigned char *param, unsigned int blocksize)
+                  const unsigned char *param)
 {
     CTRContext *ctr;
     SECStatus rv;
 
     /* first fill in the Counter context */
     ctr = PORT_ZNew(CTRContext);
     if (ctr == NULL) {
         return NULL;
     }
-    rv = CTR_InitContext(ctr, context, cipher, param, blocksize);
+    rv = CTR_InitContext(ctr, context, cipher, param);
     if (rv != SECSuccess) {
         CTR_DestroyContext(ctr, PR_TRUE);
         ctr = NULL;
     }
     return ctr;
 }
 
 void
--- a/security/nss/lib/freebl/ctr.h
+++ b/security/nss/lib/freebl/ctr.h
@@ -18,28 +18,27 @@ struct CTRContextStr {
     PRBool checkWrap;                           /*check for counter overflow*/
     unsigned long counterBits;
     unsigned int bufPtr;
 };
 
 typedef struct CTRContextStr CTRContext;
 
 SECStatus CTR_InitContext(CTRContext *ctr, void *context,
-                          freeblCipherFunc cipher, const unsigned char *param,
-                          unsigned int blocksize);
+                          freeblCipherFunc cipher, const unsigned char *param);
 
 /*
  * The context argument is the inner cipher context to use with cipher. The
  * CTRContext does not own context. context needs to remain valid for as long
  * as the CTRContext is valid.
  *
  * The cipher argument is a block cipher in the ECB encrypt mode.
  */
 CTRContext *CTR_CreateContext(void *context, freeblCipherFunc cipher,
-                              const unsigned char *param, unsigned int blocksize);
+                              const unsigned char *param);
 
 void CTR_DestroyContext(CTRContext *ctr, PRBool freeit);
 
 SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf,
                      unsigned int *outlen, unsigned int maxout,
                      const unsigned char *inbuf, unsigned int inlen,
                      unsigned int blocksize);
 
--- a/security/nss/lib/freebl/cts.c
+++ b/security/nss/lib/freebl/cts.c
@@ -15,29 +15,25 @@ struct CTSContextStr {
     void *context;
     /* iv stores the last ciphertext block of the previous message.
      * Only used by decrypt. */
     unsigned char iv[MAX_BLOCK_SIZE];
 };
 
 CTSContext *
 CTS_CreateContext(void *context, freeblCipherFunc cipher,
-                  const unsigned char *iv, unsigned int blocksize)
+                  const unsigned char *iv)
 {
     CTSContext *cts;
 
-    if (blocksize > MAX_BLOCK_SIZE) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return NULL;
-    }
     cts = PORT_ZNew(CTSContext);
     if (cts == NULL) {
         return NULL;
     }
-    PORT_Memcpy(cts->iv, iv, blocksize);
+    PORT_Memcpy(cts->iv, iv, MAX_BLOCK_SIZE);
     cts->cipher = cipher;
     cts->context = context;
     return cts;
 }
 
 void
 CTS_DestroyContext(CTSContext *cts, PRBool freeit)
 {
--- a/security/nss/lib/freebl/cts.h
+++ b/security/nss/lib/freebl/cts.h
@@ -12,17 +12,17 @@ typedef struct CTSContextStr CTSContext;
 /*
  * The context argument is the inner cipher context to use with cipher. The
  * CTSContext does not own context. context needs to remain valid for as long
  * as the CTSContext is valid.
  *
  * The cipher argument is a block cipher in the CBC mode.
  */
 CTSContext *CTS_CreateContext(void *context, freeblCipherFunc cipher,
-                              const unsigned char *iv, unsigned int blocksize);
+                              const unsigned char *iv);
 
 void CTS_DestroyContext(CTSContext *cts, PRBool freeit);
 
 SECStatus CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
                             unsigned int *outlen, unsigned int maxout,
                             const unsigned char *inbuf, unsigned int inlen,
                             unsigned int blocksize);
 SECStatus CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
--- a/security/nss/lib/freebl/fipsfreebl.c
+++ b/security/nss/lib/freebl/fipsfreebl.c
@@ -1702,14 +1702,14 @@ BL_FIPSEntryOK(PRBool freebl_only)
         bl_startup_tests();
     }
 #endif
     /* if the general self tests succeeded, we're done */
     if (self_tests_success) {
         return SECSuccess;
     }
     /* standalone freebl can initialize */
-    if (freebl_only & self_tests_freebl_success) {
+    if (freebl_only && self_tests_freebl_success) {
         return SECSuccess;
     }
     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     return SECFailure;
 }
--- a/security/nss/lib/freebl/freebl.gyp
+++ b/security/nss/lib/freebl/freebl.gyp
@@ -148,16 +148,32 @@
       'SHLIB_SUFFIX=\"<(dll_suffix)\"',
       'SHLIB_PREFIX=\"<(dll_prefix)\"',
       'SHLIB_VERSION=\"3\"',
       'SOFTOKEN_SHLIB_VERSION=\"3\"',
       'RIJNDAEL_INCLUDE_TABLES',
       'MP_API_COMPATIBLE'
     ],
     'conditions': [
+      [ 'target_arch=="ia32" or target_arch=="x64"', {
+        'cflags_mozilla': [
+          '-mpclmul',
+          '-maes',
+        ],
+      }],
+      [ 'OS=="mac"', {
+        'xcode_settings': {
+          # I'm not sure since when this is supported.
+          # But I hope that doesn't matter. We also assume this is x86/x64.
+          'OTHER_CFLAGS': [
+            '-mpclmul',
+            '-maes',
+          ],
+        },
+      }],
       [ 'OS=="win" and target_arch=="ia32"', {
         'msvs_settings': {
           'VCCLCompilerTool': {
             #TODO: -Ox optimize flags
             'PreprocessorDefinitions': [
               'MP_ASSEMBLY_MULTIPLY',
               'MP_ASSEMBLY_SQUARE',
               'MP_ASSEMBLY_DIV_2DX1D',
@@ -238,16 +254,24 @@
             'defines': [
               'MP_IS_LITTLE_ENDIAN',
               'MP_ASSEMBLY_MULTIPLY',
               'MP_ASSEMBLY_SQUARE',
               'MP_ASSEMBLY_DIV_2DX1D',
               'MP_USE_UINT_DIGIT',
             ],
           }],
+          [ 'target_arch=="ia32" or target_arch=="x64"', {
+            'cflags': [
+              # enable isa option for pclmul am aes-ni; supported since gcc 4.4
+              # This is only support by x84/x64. It's not needed for Windows.
+              '-mpclmul',
+              '-maes',
+            ],
+          }],
           [ 'target_arch=="arm"', {
             'defines': [
               'MP_ASSEMBLY_MULTIPLY',
               'MP_ASSEMBLY_SQUARE',
               'MP_USE_UINT_DIGIT',
               'SHA_NO_LONG_LONG',
               'ARMHF',
             ],
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -1,727 +1,698 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* Thanks to Thomas Pornin for the ideas how to implement the constat time
+ * binary multiplication. */
 
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 #include "blapii.h"
 #include "blapit.h"
 #include "gcm.h"
 #include "ctr.h"
 #include "secerr.h"
 #include "prtypes.h"
 #include "pkcs11t.h"
 
 #include <limits.h>
 
-/**************************************************************************
- *          First implement the Galois hash function of GCM (gcmHash)     *
- **************************************************************************/
-#define GCM_HASH_LEN_LEN 8 /* gcm hash defines lengths to be 64 bits */
-
-typedef struct gcmHashContextStr gcmHashContext;
-
-static SECStatus gcmHash_InitContext(gcmHashContext *hash,
-                                     const unsigned char *H,
-                                     unsigned int blocksize);
-static void gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit);
-static SECStatus gcmHash_Update(gcmHashContext *ghash,
-                                const unsigned char *buf, unsigned int len,
-                                unsigned int blocksize);
-static SECStatus gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize);
-static SECStatus gcmHash_Final(gcmHashContext *gcm, unsigned char *outbuf,
-                               unsigned int *outlen, unsigned int maxout,
-                               unsigned int blocksize);
-static SECStatus gcmHash_Reset(gcmHashContext *ghash,
-                               const unsigned char *inbuf,
-                               unsigned int inbufLen, unsigned int blocksize);
-
-/* compile time defines to select how the GF2 multiply is calculated.
- * There are currently 2 algorithms implemented here: MPI and ALGORITHM_1.
- *
- * MPI uses the GF2m implemented in mpi to support GF2 ECC.
- * ALGORITHM_1 is the Algorithm 1 in both NIST SP 800-38D and
- * "The Galois/Counter Mode of Operation (GCM)", McGrew & Viega.
- */
-#if !defined(GCM_USE_ALGORITHM_1) && !defined(GCM_USE_MPI)
-#define GCM_USE_MPI 1 /* MPI is about 5x faster with the               \
-                       * same or less complexity. It's possible to use \
-                       * tables to speed things up even more */
+#ifdef NSS_X86_OR_X64
+#include <wmmintrin.h> /* clmul */
 #endif
 
-/* GCM defines the bit string to be LSB first, which is exactly
- * opposite everyone else, including hardware. build array
- * to reverse everything. */
-static const unsigned char gcm_byte_rev[256] = {
-    0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
-    0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
-    0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
-    0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
-    0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
-    0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
-    0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
-    0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
-    0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
-    0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
-    0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
-    0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
-    0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
-    0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
-    0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
-    0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
-    0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
-    0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
-    0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
-    0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
-    0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
-    0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
-    0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
-    0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
-    0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
-    0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
-    0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
-    0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
-    0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
-    0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
-    0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
-    0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
-};
-
-#ifdef GCM_TRACE
-#include <stdio.h>
+/* Forward declarations */
+SECStatus gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
+                          unsigned int count);
+SECStatus gcm_HashMult_sftw(gcmHashContext *ghash, const unsigned char *buf,
+                            unsigned int count);
+SECStatus gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf,
+                              unsigned int count);
 
-#define GCM_TRACE_X(ghash, label)         \
-    {                                     \
-        unsigned char _X[MAX_BLOCK_SIZE]; \
-        int i;                            \
-        gcm_getX(ghash, _X, blocksize);   \
-        printf(label, (ghash)->m);        \
-        for (i = 0; i < blocksize; i++)   \
-            printf("%02x", _X[i]);        \
-        printf("\n");                     \
-    }
-#define GCM_TRACE_BLOCK(label, buf, blocksize) \
-    {                                          \
-        printf(label);                         \
-        for (i = 0; i < blocksize; i++)        \
-            printf("%02x", buf[i]);            \
-        printf("\n");                          \
-    }
-#else
-#define GCM_TRACE_X(ghash, label)
-#define GCM_TRACE_BLOCK(label, buf, blocksize)
-#endif
-
-#ifdef GCM_USE_MPI
-
-#ifdef GCM_USE_ALGORITHM_1
-#error "Only define one of GCM_USE_MPI, GCM_USE_ALGORITHM_1"
-#endif
-/* use the MPI functions to calculate Xn = (Xn-1^C_i)*H mod poly */
-#include "mpi.h"
-#include "secmpi.h"
-#include "mplogic.h"
-#include "mp_gf2m.h"
-
-/* state needed to handle GCM Hash function */
-struct gcmHashContextStr {
-    mp_int H;
-    mp_int X;
-    mp_int C_i;
-    const unsigned int *poly;
-    unsigned char buffer[MAX_BLOCK_SIZE];
-    unsigned int bufLen;
-    int m; /* XXX what is m? */
-    unsigned char counterBuf[2 * GCM_HASH_LEN_LEN];
-    PRUint64 cLen;
-};
-
-/* f = x^128 + x^7 + x^2 + x + 1 */
-static const unsigned int poly_128[] = { 128, 7, 2, 1, 0 };
-
-/* sigh, GCM defines the bit strings exactly backwards from everything else */
-static void
-gcm_reverse(unsigned char *target, const unsigned char *src,
-            unsigned int blocksize)
+uint64_t
+get64(const unsigned char *bytes)
 {
-    unsigned int i;
-    for (i = 0; i < blocksize; i++) {
-        target[blocksize - i - 1] = gcm_byte_rev[src[i]];
-    }
+    return ((uint64_t)bytes[0]) << 56 |
+           ((uint64_t)bytes[1]) << 48 |
+           ((uint64_t)bytes[2]) << 40 |
+           ((uint64_t)bytes[3]) << 32 |
+           ((uint64_t)bytes[4]) << 24 |
+           ((uint64_t)bytes[5]) << 16 |
+           ((uint64_t)bytes[6]) << 8 |
+           ((uint64_t)bytes[7]);
 }
 
 /* Initialize a gcmHashContext */
-static SECStatus
-gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
-                    unsigned int blocksize)
+SECStatus
+gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
 {
-    mp_err err = MP_OKAY;
-    unsigned char H_rev[MAX_BLOCK_SIZE];
-
-    MP_DIGITS(&ghash->H) = 0;
-    MP_DIGITS(&ghash->X) = 0;
-    MP_DIGITS(&ghash->C_i) = 0;
-    CHECK_MPI_OK(mp_init(&ghash->H));
-    CHECK_MPI_OK(mp_init(&ghash->X));
-    CHECK_MPI_OK(mp_init(&ghash->C_i));
-
-    mp_zero(&ghash->X);
-    gcm_reverse(H_rev, H, blocksize);
-    CHECK_MPI_OK(mp_read_unsigned_octets(&ghash->H, H_rev, blocksize));
-
-    /* set the irreducible polynomial. Each blocksize has its own polynomial.
-     * for now only blocksize 16 (=128 bits) is defined */
-    switch (blocksize) {
-        case 16: /* 128 bits */
-            ghash->poly = poly_128;
-            break;
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            goto cleanup;
-    }
     ghash->cLen = 0;
     ghash->bufLen = 0;
-    ghash->m = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
+
+    ghash->h_low = get64(H + 8);
+    ghash->h_high = get64(H);
+    if (clmul_support() && !sw) {
+#ifdef NSS_X86_OR_X64
+        ghash->ghash_mul = gcm_HashMult_hw;
+        ghash->x = _mm_setzero_si128();
+        /* MSVC requires __m64 to load epi64. */
+        ghash->h = _mm_set_epi32(ghash->h_high >> 32, (uint32_t)ghash->h_high,
+                                 ghash->h_low >> 32, (uint32_t)ghash->h_low);
+        ghash->hw = PR_TRUE;
+#else
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+#endif /* NSS_X86_OR_X64 */
+    } else {
+/* We fall back to the software implementation if we can't use / don't
+         * want to use pclmul. */
+#ifdef HAVE_INT128_SUPPORT
+        ghash->ghash_mul = gcm_HashMult_sftw;
+#else
+        ghash->ghash_mul = gcm_HashMult_sftw32;
+#endif
+        ghash->x_high = ghash->x_low = 0;
+        ghash->hw = PR_FALSE;
+    }
     return SECSuccess;
-cleanup:
-    gcmHash_DestroyContext(ghash, PR_FALSE);
-    return SECFailure;
+}
+
+#ifdef HAVE_INT128_SUPPORT
+/* Binary multiplication x * y = r_high << 64 | r_low. */
+void
+bmul(uint64_t x, uint64_t y, uint64_t *r_high, uint64_t *r_low)
+{
+    uint128_t x1, x2, x3, x4, x5;
+    uint128_t y1, y2, y3, y4, y5;
+    uint128_t r, z;
+
+    uint128_t m1 = (uint128_t)0x2108421084210842 << 64 | 0x1084210842108421;
+    uint128_t m2 = (uint128_t)0x4210842108421084 << 64 | 0x2108421084210842;
+    uint128_t m3 = (uint128_t)0x8421084210842108 << 64 | 0x4210842108421084;
+    uint128_t m4 = (uint128_t)0x0842108421084210 << 64 | 0x8421084210842108;
+    uint128_t m5 = (uint128_t)0x1084210842108421 << 64 | 0x0842108421084210;
+
+    x1 = x & m1;
+    y1 = y & m1;
+    x2 = x & m2;
+    y2 = y & m2;
+    x3 = x & m3;
+    y3 = y & m3;
+    x4 = x & m4;
+    y4 = y & m4;
+    x5 = x & m5;
+    y5 = y & m5;
+
+    z = (x1 * y1) ^ (x2 * y5) ^ (x3 * y4) ^ (x4 * y3) ^ (x5 * y2);
+    r = z & m1;
+    z = (x1 * y2) ^ (x2 * y1) ^ (x3 * y5) ^ (x4 * y4) ^ (x5 * y3);
+    r |= z & m2;
+    z = (x1 * y3) ^ (x2 * y2) ^ (x3 * y1) ^ (x4 * y5) ^ (x5 * y4);
+    r |= z & m3;
+    z = (x1 * y4) ^ (x2 * y3) ^ (x3 * y2) ^ (x4 * y1) ^ (x5 * y5);
+    r |= z & m4;
+    z = (x1 * y5) ^ (x2 * y4) ^ (x3 * y3) ^ (x4 * y2) ^ (x5 * y1);
+    r |= z & m5;
+
+    *r_high = (uint64_t)(r >> 64);
+    *r_low = (uint64_t)r;
+}
+
+SECStatus
+gcm_HashMult_sftw(gcmHashContext *ghash, const unsigned char *buf,
+                  unsigned int count)
+{
+    uint64_t ci_low, ci_high;
+    size_t i;
+    uint64_t z2_low, z2_high, z0_low, z0_high, z1a_low, z1a_high;
+    uint128_t z_high = 0, z_low = 0;
+
+    ci_low = ghash->x_low;
+    ci_high = ghash->x_high;
+    for (i = 0; i < count; i++, buf += 16) {
+        ci_low ^= get64(buf + 8);
+        ci_high ^= get64(buf);
+
+        /* Do binary mult ghash->X = C * ghash->H (Karatsuba). */
+        bmul(ci_high, ghash->h_high, &z2_high, &z2_low);
+        bmul(ci_low, ghash->h_low, &z0_high, &z0_low);
+        bmul(ci_high ^ ci_low, ghash->h_high ^ ghash->h_low, &z1a_high, &z1a_low);
+        z1a_high ^= z2_high ^ z0_high;
+        z1a_low ^= z2_low ^ z0_low;
+        z_high = ((uint128_t)z2_high << 64) | (z2_low ^ z1a_high);
+        z_low = (((uint128_t)z0_high << 64) | z0_low) ^ (((uint128_t)z1a_low) << 64);
+
+        /* Shift one (multiply by x) as gcm spec is stupid. */
+        z_high = (z_high << 1) | (z_low >> 127);
+        z_low <<= 1;
+
+        /* Reduce */
+        z_low ^= (z_low << 127) ^ (z_low << 126) ^ (z_low << 121);
+        z_high ^= z_low ^ (z_low >> 1) ^ (z_low >> 2) ^ (z_low >> 7);
+        ci_low = (uint64_t)z_high;
+        ci_high = (uint64_t)(z_high >> 64);
+    }
+    ghash->x_low = ci_low;
+    ghash->x_high = ci_high;
+    return SECSuccess;
+}
+#else
+/* Binary multiplication x * y = r_high << 32 | r_low. */
+void
+bmul32(uint32_t x, uint32_t y, uint32_t *r_high, uint32_t *r_low)
+{
+    uint32_t x0, x1, x2, x3;
+    uint32_t y0, y1, y2, y3;
+    uint32_t m1 = (uint32_t)0x11111111;
+    uint32_t m2 = (uint32_t)0x22222222;
+    uint32_t m4 = (uint32_t)0x44444444;
+    uint32_t m8 = (uint32_t)0x88888888;
+    uint64_t z0, z1, z2, z3;
+    uint64_t z;
+
+    x0 = x & m1;
+    x1 = x & m2;
+    x2 = x & m4;
+    x3 = x & m8;
+    y0 = y & m1;
+    y1 = y & m2;
+    y2 = y & m4;
+    y3 = y & m8;
+    z0 = ((uint64_t)x0 * y0) ^ ((uint64_t)x1 * y3) ^
+         ((uint64_t)x2 * y2) ^ ((uint64_t)x3 * y1);
+    z1 = ((uint64_t)x0 * y1) ^ ((uint64_t)x1 * y0) ^
+         ((uint64_t)x2 * y3) ^ ((uint64_t)x3 * y2);
+    z2 = ((uint64_t)x0 * y2) ^ ((uint64_t)x1 * y1) ^
+         ((uint64_t)x2 * y0) ^ ((uint64_t)x3 * y3);
+    z3 = ((uint64_t)x0 * y3) ^ ((uint64_t)x1 * y2) ^
+         ((uint64_t)x2 * y1) ^ ((uint64_t)x3 * y0);
+    z0 &= ((uint64_t)m1 << 32) | m1;
+    z1 &= ((uint64_t)m2 << 32) | m2;
+    z2 &= ((uint64_t)m4 << 32) | m4;
+    z3 &= ((uint64_t)m8 << 32) | m8;
+    z = z0 | z1 | z2 | z3;
+    *r_high = (uint32_t)(z >> 32);
+    *r_low = (uint32_t)z;
 }
 
-/* Destroy a HashContext (Note we zero the digits so this function
- * is idempotent if called with freeit == PR_FALSE */
-static void
-gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit)
+SECStatus
+gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf,
+                    unsigned int count)
 {
-    mp_clear(&ghash->H);
-    mp_clear(&ghash->X);
-    mp_clear(&ghash->C_i);
-    PORT_Memset(ghash, 0, sizeof(gcmHashContext));
-    if (freeit) {
-        PORT_Free(ghash);
+    size_t i;
+    uint64_t ci_low, ci_high;
+    uint64_t z_high_h, z_high_l, z_low_h, z_low_l;
+    uint32_t ci_high_h, ci_high_l, ci_low_h, ci_low_l;
+    uint32_t b_a_h, b_a_l, a_a_h, a_a_l, b_b_h, b_b_l;
+    uint32_t a_b_h, a_b_l, b_c_h, b_c_l, a_c_h, a_c_l, c_c_h, c_c_l;
+    uint32_t ci_highXlow_h, ci_highXlow_l, c_a_h, c_a_l, c_b_h, c_b_l;
+
+    uint32_t h_high_h = (uint32_t)(ghash->h_high >> 32);
+    uint32_t h_high_l = (uint32_t)ghash->h_high;
+    uint32_t h_low_h = (uint32_t)(ghash->h_low >> 32);
+    uint32_t h_low_l = (uint32_t)ghash->h_low;
+    uint32_t h_highXlow_h = h_high_h ^ h_low_h;
+    uint32_t h_highXlow_l = h_high_l ^ h_low_l;
+    uint32_t h_highX_xored = h_highXlow_h ^ h_highXlow_l;
+
+    for (i = 0; i < count; i++, buf += 16) {
+        ci_low = ghash->x_low ^ get64(buf + 8);
+        ci_high = ghash->x_high ^ get64(buf);
+        ci_low_h = (uint32_t)(ci_low >> 32);
+        ci_low_l = (uint32_t)ci_low;
+        ci_high_h = (uint32_t)(ci_high >> 32);
+        ci_high_l = (uint32_t)ci_high;
+        ci_highXlow_h = ci_high_h ^ ci_low_h;
+        ci_highXlow_l = ci_high_l ^ ci_low_l;
+
+        /* Do binary mult ghash->X = C * ghash->H (recursive Karatsuba). */
+        bmul32(ci_high_h, h_high_h, &a_a_h, &a_a_l);
+        bmul32(ci_high_l, h_high_l, &a_b_h, &a_b_l);
+        bmul32(ci_high_h ^ ci_high_l, h_high_h ^ h_high_l, &a_c_h, &a_c_l);
+        a_c_h ^= a_a_h ^ a_b_h;
+        a_c_l ^= a_a_l ^ a_b_l;
+        a_a_l ^= a_c_h;
+        a_b_h ^= a_c_l;
+        /* ci_high * h_high = a_a_h:a_a_l:a_b_h:a_b_l */
+
+        bmul32(ci_low_h, h_low_h, &b_a_h, &b_a_l);
+        bmul32(ci_low_l, h_low_l, &b_b_h, &b_b_l);
+        bmul32(ci_low_h ^ ci_low_l, h_low_h ^ h_low_l, &b_c_h, &b_c_l);
+        b_c_h ^= b_a_h ^ b_b_h;
+        b_c_l ^= b_a_l ^ b_b_l;
+        b_a_l ^= b_c_h;
+        b_b_h ^= b_c_l;
+        /* ci_low * h_low = b_a_h:b_a_l:b_b_h:b_b_l */
+
+        bmul32(ci_highXlow_h, h_highXlow_h, &c_a_h, &c_a_l);
+        bmul32(ci_highXlow_l, h_highXlow_l, &c_b_h, &c_b_l);
+        bmul32(ci_highXlow_h ^ ci_highXlow_l, h_highX_xored, &c_c_h, &c_c_l);
+        c_c_h ^= c_a_h ^ c_b_h;
+        c_c_l ^= c_a_l ^ c_b_l;
+        c_a_l ^= c_c_h;
+        c_b_h ^= c_c_l;
+        /* (ci_high ^ ci_low) * (h_high ^ h_low) = c_a_h:c_a_l:c_b_h:c_b_l */
+
+        c_a_h ^= b_a_h ^ a_a_h;
+        c_a_l ^= b_a_l ^ a_a_l;
+        c_b_h ^= b_b_h ^ a_b_h;
+        c_b_l ^= b_b_l ^ a_b_l;
+        z_high_h = ((uint64_t)a_a_h << 32) | a_a_l;
+        z_high_l = (((uint64_t)a_b_h << 32) | a_b_l) ^
+                   (((uint64_t)c_a_h << 32) | c_a_l);
+        z_low_h = (((uint64_t)b_a_h << 32) | b_a_l) ^
+                  (((uint64_t)c_b_h << 32) | c_b_l);
+        z_low_l = ((uint64_t)b_b_h << 32) | b_b_l;
+
+        /* Shift one (multiply by x) as gcm spec is stupid. */
+        z_high_h = z_high_h << 1 | z_high_l >> 63;
+        z_high_l = z_high_l << 1 | z_low_h >> 63;
+        z_low_h = z_low_h << 1 | z_low_l >> 63;
+        z_low_l <<= 1;
+
+        /* Reduce */
+        z_low_h ^= (z_low_l << 63) ^ (z_low_l << 62) ^ (z_low_l << 57);
+        z_high_h ^= z_low_h ^ (z_low_h >> 1) ^ (z_low_h >> 2) ^ (z_low_h >> 7);
+        z_high_l ^= z_low_l ^ (z_low_l >> 1) ^ (z_low_l >> 2) ^ (z_low_l >> 7) ^
+                    (z_low_h << 63) ^ (z_low_h << 62) ^ (z_low_h << 57);
+        ghash->x_high = z_high_h;
+        ghash->x_low = z_high_l;
     }
+    return SECSuccess;
+}
+#endif /* HAVE_INT128_SUPPORT */
+
+SECStatus
+gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
+                unsigned int count)
+{
+#ifdef NSS_X86_OR_X64
+    size_t i;
+    pre_align __m128i z_high post_align;
+    pre_align __m128i z_low post_align;
+    pre_align __m128i C post_align;
+    pre_align __m128i D post_align;
+    pre_align __m128i E post_align;
+    pre_align __m128i F post_align;
+    pre_align __m128i bin post_align;
+    pre_align __m128i Ci post_align;
+    pre_align __m128i tmp post_align;
+
+    for (i = 0; i < count; i++, buf += 16) {
+        bin = _mm_set_epi16(((uint16_t)buf[0] << 8) | buf[1],
+                            ((uint16_t)buf[2] << 8) | buf[3],
+                            ((uint16_t)buf[4] << 8) | buf[5],
+                            ((uint16_t)buf[6] << 8) | buf[7],
+                            ((uint16_t)buf[8] << 8) | buf[9],
+                            ((uint16_t)buf[10] << 8) | buf[11],
+                            ((uint16_t)buf[12] << 8) | buf[13],
+                            ((uint16_t)buf[14] << 8) | buf[15]);
+        Ci = _mm_xor_si128(bin, ghash->x);
+
+        /* Do binary mult ghash->X = Ci * ghash->H. */
+        C = _mm_clmulepi64_si128(Ci, ghash->h, 0x00);
+        D = _mm_clmulepi64_si128(Ci, ghash->h, 0x11);
+        E = _mm_clmulepi64_si128(Ci, ghash->h, 0x01);
+        F = _mm_clmulepi64_si128(Ci, ghash->h, 0x10);
+        tmp = _mm_xor_si128(E, F);
+        z_high = _mm_xor_si128(tmp, _mm_slli_si128(D, 8));
+        z_high = _mm_unpackhi_epi64(z_high, D);
+        z_low = _mm_xor_si128(_mm_slli_si128(tmp, 8), C);
+        z_low = _mm_unpackhi_epi64(_mm_slli_si128(C, 8), z_low);
+
+        /* Shift one to the left (multiply by x) as gcm spec is stupid. */
+        C = _mm_slli_si128(z_low, 8);
+        E = _mm_srli_epi64(C, 63);
+        D = _mm_slli_si128(z_high, 8);
+        F = _mm_srli_epi64(D, 63);
+        /* Carry over */
+        C = _mm_srli_si128(z_low, 8);
+        D = _mm_srli_epi64(C, 63);
+        z_low = _mm_or_si128(_mm_slli_epi64(z_low, 1), E);
+        z_high = _mm_or_si128(_mm_or_si128(_mm_slli_epi64(z_high, 1), F), D);
+
+        /* Reduce */
+        C = _mm_slli_si128(z_low, 8);
+        /* D = z_low << 127 */
+        D = _mm_slli_epi64(C, 63);
+        /* E = z_low << 126 */
+        E = _mm_slli_epi64(C, 62);
+        /* F = z_low << 121 */
+        F = _mm_slli_epi64(C, 57);
+        /* z_low ^= (z_low << 127) ^ (z_low << 126) ^ (z_low << 121); */
+        z_low = _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(z_low, D), E), F);
+        C = _mm_srli_si128(z_low, 8);
+        /* D = z_low >> 1 */
+        D = _mm_slli_epi64(C, 63);
+        D = _mm_or_si128(_mm_srli_epi64(z_low, 1), D);
+        /* E = z_low >> 2 */
+        E = _mm_slli_epi64(C, 62);
+        E = _mm_or_si128(_mm_srli_epi64(z_low, 2), E);
+        /* F = z_low >> 7 */
+        F = _mm_slli_epi64(C, 57);
+        F = _mm_or_si128(_mm_srli_epi64(z_low, 7), F);
+        /* ghash->x ^= z_low ^ (z_low >> 1) ^ (z_low >> 2) ^ (z_low >> 7); */
+        ghash->x = _mm_xor_si128(_mm_xor_si128(
+                                     _mm_xor_si128(_mm_xor_si128(z_high, z_low), D), E),
+                                 F);
+    }
+    return SECSuccess;
+#else
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+#endif /* NSS_X86_OR_X64 */
 }
 
 static SECStatus
-gcm_getX(gcmHashContext *ghash, unsigned char *T, unsigned int blocksize)
+gcm_zeroX(gcmHashContext *ghash)
 {
-    int len;
-    mp_err err;
-    unsigned char tmp_buf[MAX_BLOCK_SIZE];
-    unsigned char *X;
-
-    len = mp_unsigned_octet_size(&ghash->X);
-    if (len <= 0) {
+    if (ghash->hw) {
+#ifdef NSS_X86_OR_X64
+        ghash->x = _mm_setzero_si128();
+        return SECSuccess;
+#else
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
-    }
-    X = tmp_buf;
-    PORT_Assert((unsigned int)len <= blocksize);
-    if ((unsigned int)len > blocksize) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    /* zero pad the result */
-    if (len != blocksize) {
-        PORT_Memset(X, 0, blocksize - len);
-        X += blocksize - len;
+#endif /* NSS_X86_OR_X64 */
     }
 
-    err = mp_to_unsigned_octets(&ghash->X, X, len);
-    if (err < 0) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    gcm_reverse(T, tmp_buf, blocksize);
+    ghash->x_high = ghash->x_low = 0;
     return SECSuccess;
 }
 
-static SECStatus
-gcm_HashMult(gcmHashContext *ghash, const unsigned char *buf,
-             unsigned int count, unsigned int blocksize)
-{
-    SECStatus rv = SECFailure;
-    mp_err err = MP_OKAY;
-    unsigned char tmp_buf[MAX_BLOCK_SIZE];
-    unsigned int i;
-
-    for (i = 0; i < count; i++, buf += blocksize) {
-        ghash->m++;
-        gcm_reverse(tmp_buf, buf, blocksize);
-        CHECK_MPI_OK(mp_read_unsigned_octets(&ghash->C_i, tmp_buf, blocksize));
-        CHECK_MPI_OK(mp_badd(&ghash->X, &ghash->C_i, &ghash->C_i));
-        /*
-         * Looking to speed up GCM, this the the place to do it.
-         * There are two areas that can be exploited to speed up this code.
-         *
-         * 1) H is a constant in this multiply. We can precompute H * (0 - 255)
-         * at init time and this becomes an blockize xors of our table lookup.
-         *
-         * 2) poly is a constant for each blocksize. We can calculate the
-         * modulo reduction by a series of adds and shifts.
-         *
-         * For now we are after functionality, so we will go ahead and use
-         * the builtin bmulmod from mpi
-         */
-        CHECK_MPI_OK(mp_bmulmod(&ghash->C_i, &ghash->H,
-                                ghash->poly, &ghash->X));
-        GCM_TRACE_X(ghash, "X%d = ")
-    }
-    rv = SECSuccess;
-cleanup:
-    PORT_Memset(tmp_buf, 0, sizeof(tmp_buf));
-    if (rv != SECSuccess) {
-        MP_TO_SEC_ERROR(err);
-    }
-    return rv;
-}
-
-static void
-gcm_zeroX(gcmHashContext *ghash)
-{
-    mp_zero(&ghash->X);
-    ghash->m = 0;
-}
-
-#endif
-
-#ifdef GCM_USE_ALGORITHM_1
-/* use algorithm 1 of McGrew & Viega "The Galois/Counter Mode of Operation" */
-
-#define GCM_ARRAY_SIZE (MAX_BLOCK_SIZE / sizeof(unsigned long))
-
-struct gcmHashContextStr {
-    unsigned long H[GCM_ARRAY_SIZE];
-    unsigned long X[GCM_ARRAY_SIZE];
-    unsigned long R;
-    unsigned char buffer[MAX_BLOCK_SIZE];
-    unsigned int bufLen;
-    int m;
-    unsigned char counterBuf[2 * GCM_HASH_LEN_LEN];
-    PRUint64 cLen;
-};
-
-static void
-gcm_bytes_to_longs(unsigned long *l, const unsigned char *c, unsigned int len)
-{
-    int i, j;
-    int array_size = len / sizeof(unsigned long);
-
-    PORT_Assert(len % sizeof(unsigned long) == 0);
-    for (i = 0; i < array_size; i++) {
-        unsigned long tmp = 0;
-        int byte_offset = i * sizeof(unsigned long);
-        for (j = sizeof(unsigned long) - 1; j >= 0; j--) {
-            tmp = (tmp << PR_BITS_PER_BYTE) | gcm_byte_rev[c[byte_offset + j]];
-        }
-        l[i] = tmp;
-    }
-}
-
-static void
-gcm_longs_to_bytes(const unsigned long *l, unsigned char *c, unsigned int len)
-{
-    int i, j;
-    int array_size = len / sizeof(unsigned long);
-
-    PORT_Assert(len % sizeof(unsigned long) == 0);
-    for (i = 0; i < array_size; i++) {
-        unsigned long tmp = l[i];
-        int byte_offset = i * sizeof(unsigned long);
-        for (j = 0; j < sizeof(unsigned long); j++) {
-            c[byte_offset + j] = gcm_byte_rev[tmp & 0xff];
-            tmp = (tmp >> PR_BITS_PER_BYTE);
-        }
-    }
-}
-
-/* Initialize a gcmHashContext */
-static SECStatus
-gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
-                    unsigned int blocksize)
-{
-    PORT_Memset(ghash->X, 0, sizeof(ghash->X));
-    PORT_Memset(ghash->H, 0, sizeof(ghash->H));
-    gcm_bytes_to_longs(ghash->H, H, blocksize);
-
-    /* set the irreducible polynomial. Each blocksize has its own polynommial
-     * for now only blocksize 16 (=128 bits) is defined */
-    switch (blocksize) {
-        case 16:                            /* 128 bits */
-            ghash->R = (unsigned long)0x87; /* x^7 + x^2 + x +1 */
-            break;
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            goto cleanup;
-    }
-    ghash->cLen = 0;
-    ghash->bufLen = 0;
-    ghash->m = 0;
-    PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
-    return SECSuccess;
-cleanup:
-    return SECFailure;
-}
-
-/* Destroy a HashContext (Note we zero the digits so this function
- * is idempotent if called with freeit == PR_FALSE */
-static void
-gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit)
-{
-    PORT_Memset(ghash, 0, sizeof(gcmHashContext));
-    if (freeit) {
-        PORT_Free(ghash);
-    }
-}
-
-static unsigned long
-gcm_shift_one(unsigned long *t, unsigned int count)
-{
-    unsigned long carry = 0;
-    unsigned long nextcarry = 0;
-    unsigned int i;
-    for (i = 0; i < count; i++) {
-        nextcarry = t[i] >> ((sizeof(unsigned long) * PR_BITS_PER_BYTE) - 1);
-        t[i] = (t[i] << 1) | carry;
-        carry = nextcarry;
-    }
-    return carry;
-}
-
-static SECStatus
-gcm_getX(gcmHashContext *ghash, unsigned char *T, unsigned int blocksize)
-{
-    gcm_longs_to_bytes(ghash->X, T, blocksize);
-    return SECSuccess;
-}
-
-#define GCM_XOR(t, s, len)    \
-    for (l = 0; l < len; l++) \
-    t[l] ^= s[l]
-
-static SECStatus
-gcm_HashMult(gcmHashContext *ghash, const unsigned char *buf,
-             unsigned int count, unsigned int blocksize)
-{
-    unsigned long C_i[GCM_ARRAY_SIZE];
-    unsigned int arraysize = blocksize / sizeof(unsigned long);
-    unsigned int i, j, k, l;
-
-    for (i = 0; i < count; i++, buf += blocksize) {
-        ghash->m++;
-        gcm_bytes_to_longs(C_i, buf, blocksize);
-        GCM_XOR(C_i, ghash->X, arraysize);
-        /* multiply X = C_i * H */
-        PORT_Memset(ghash->X, 0, sizeof(ghash->X));
-        for (j = 0; j < arraysize; j++) {
-            unsigned long H = ghash->H[j];
-            for (k = 0; k < sizeof(unsigned long) * PR_BITS_PER_BYTE; k++) {
-                if (H & 1) {
-                    GCM_XOR(ghash->X, C_i, arraysize);
-                }
-                if (gcm_shift_one(C_i, arraysize)) {
-                    C_i[0] = C_i[0] ^ ghash->R;
-                }
-                H = H >> 1;
-            }
-        }
-        GCM_TRACE_X(ghash, "X%d = ")
-    }
-    PORT_Memset(C_i, 0, sizeof(C_i));
-    return SECSuccess;
-}
-
-static void
-gcm_zeroX(gcmHashContext *ghash)
-{
-    PORT_Memset(ghash->X, 0, sizeof(ghash->X));
-    ghash->m = 0;
-}
-#endif
-
 /*
  * implement GCM GHASH using the freebl GHASH function. The gcm_HashMult
- * function always takes blocksize lengths of data. gcmHash_Update will
+ * function always takes AES_BLOCK_SIZE lengths of data. gcmHash_Update will
  * format the data properly.
  */
-static SECStatus
+SECStatus
 gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
-               unsigned int len, unsigned int blocksize)
+               unsigned int len)
 {
     unsigned int blocks;
     SECStatus rv;
 
     ghash->cLen += (len * PR_BITS_PER_BYTE);
 
     /* first deal with the current buffer of data. Try to fill it out so
      * we can hash it */
     if (ghash->bufLen) {
-        unsigned int needed = PR_MIN(len, blocksize - ghash->bufLen);
+        unsigned int needed = PR_MIN(len, AES_BLOCK_SIZE - ghash->bufLen);
         if (needed != 0) {
             PORT_Memcpy(ghash->buffer + ghash->bufLen, buf, needed);
         }
         buf += needed;
         len -= needed;
         ghash->bufLen += needed;
         if (len == 0) {
             /* didn't add enough to hash the data, nothing more do do */
             return SECSuccess;
         }
-        PORT_Assert(ghash->bufLen == blocksize);
+        PORT_Assert(ghash->bufLen == AES_BLOCK_SIZE);
         /* hash the buffer and clear it */
-        rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
-        PORT_Memset(ghash->buffer, 0, blocksize);
+        rv = ghash->ghash_mul(ghash, ghash->buffer, 1);
+        PORT_Memset(ghash->buffer, 0, AES_BLOCK_SIZE);
         ghash->bufLen = 0;
         if (rv != SECSuccess) {
             return SECFailure;
         }
     }
     /* now hash any full blocks remaining in the data stream */
-    blocks = len / blocksize;
+    blocks = len / AES_BLOCK_SIZE;
     if (blocks) {
-        rv = gcm_HashMult(ghash, buf, blocks, blocksize);
+        rv = ghash->ghash_mul(ghash, buf, blocks);
         if (rv != SECSuccess) {
             return SECFailure;
         }
-        buf += blocks * blocksize;
-        len -= blocks * blocksize;
+        buf += blocks * AES_BLOCK_SIZE;
+        len -= blocks * AES_BLOCK_SIZE;
     }
 
     /* save any remainder in the buffer to be hashed with the next call */
     if (len != 0) {
         PORT_Memcpy(ghash->buffer, buf, len);
         ghash->bufLen = len;
     }
     return SECSuccess;
 }
 
 /*
  * write out any partial blocks zero padded through the GHASH engine,
  * save the lengths for the final completion of the hash
  */
 static SECStatus
-gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize)
+gcmHash_Sync(gcmHashContext *ghash)
 {
     int i;
     SECStatus rv;
 
     /* copy the previous counter to the upper block */
     PORT_Memcpy(ghash->counterBuf, &ghash->counterBuf[GCM_HASH_LEN_LEN],
                 GCM_HASH_LEN_LEN);
     /* copy the current counter in the lower block */
     for (i = 0; i < GCM_HASH_LEN_LEN; i++) {
         ghash->counterBuf[GCM_HASH_LEN_LEN + i] =
             (ghash->cLen >> ((GCM_HASH_LEN_LEN - 1 - i) * PR_BITS_PER_BYTE)) & 0xff;
     }
     ghash->cLen = 0;
 
     /* now zero fill the buffer and hash the last block */
     if (ghash->bufLen) {
-        PORT_Memset(ghash->buffer + ghash->bufLen, 0, blocksize - ghash->bufLen);
-        rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
-        PORT_Memset(ghash->buffer, 0, blocksize);
+        PORT_Memset(ghash->buffer + ghash->bufLen, 0, AES_BLOCK_SIZE - ghash->bufLen);
+        rv = ghash->ghash_mul(ghash, ghash->buffer, 1);
+        PORT_Memset(ghash->buffer, 0, AES_BLOCK_SIZE);
         ghash->bufLen = 0;
         if (rv != SECSuccess) {
             return SECFailure;
         }
     }
     return SECSuccess;
 }
 
+#define WRITE64(x, bytes)   \
+    (bytes)[0] = (x) >> 56; \
+    (bytes)[1] = (x) >> 48; \
+    (bytes)[2] = (x) >> 40; \
+    (bytes)[3] = (x) >> 32; \
+    (bytes)[4] = (x) >> 24; \
+    (bytes)[5] = (x) >> 16; \
+    (bytes)[6] = (x) >> 8;  \
+    (bytes)[7] = (x);
+
 /*
  * This does the final sync, hashes the lengths, then returns
  * "T", the hashed output.
  */
-static SECStatus
+SECStatus
 gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
-              unsigned int *outlen, unsigned int maxout,
-              unsigned int blocksize)
+              unsigned int *outlen, unsigned int maxout)
 {
     unsigned char T[MAX_BLOCK_SIZE];
     SECStatus rv;
 
-    rv = gcmHash_Sync(ghash, blocksize);
+    rv = gcmHash_Sync(ghash);
+    if (rv != SECSuccess) {
+        goto cleanup;
+    }
+
+    rv = ghash->ghash_mul(ghash, ghash->counterBuf,
+                          (GCM_HASH_LEN_LEN * 2) / AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         goto cleanup;
     }
 
-    rv = gcm_HashMult(ghash, ghash->counterBuf, (GCM_HASH_LEN_LEN * 2) / blocksize,
-                      blocksize);
-    if (rv != SECSuccess) {
-        goto cleanup;
+    if (ghash->hw) {
+#ifdef NSS_X86_OR_X64
+        uint64_t tmp_out[2];
+        _mm_storeu_si128((__m128i *)tmp_out, ghash->x);
+        WRITE64(tmp_out[0], T + 8);
+        WRITE64(tmp_out[1], T);
+#else
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+#endif /* NSS_X86_OR_X64 */
+    } else {
+        WRITE64(ghash->x_low, T + 8);
+        WRITE64(ghash->x_high, T);
     }
 
-    GCM_TRACE_X(ghash, "GHASH(H,A,C) = ")
-
-    rv = gcm_getX(ghash, T, blocksize);
-    if (rv != SECSuccess) {
-        goto cleanup;
+    if (maxout > AES_BLOCK_SIZE) {
+        maxout = AES_BLOCK_SIZE;
     }
-
-    if (maxout > blocksize)
-        maxout = blocksize;
     PORT_Memcpy(outbuf, T, maxout);
     *outlen = maxout;
     rv = SECSuccess;
 
 cleanup:
     PORT_Memset(T, 0, sizeof(T));
     return rv;
 }
 
 SECStatus
 gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
-              unsigned int AADLen, unsigned int blocksize)
+              unsigned int AADLen)
 {
     SECStatus rv;
 
     ghash->cLen = 0;
     PORT_Memset(ghash->counterBuf, 0, GCM_HASH_LEN_LEN * 2);
     ghash->bufLen = 0;
-    gcm_zeroX(ghash);
+    rv = gcm_zeroX(ghash);
+    if (rv != SECSuccess) {
+        return rv;
+    }
 
     /* now kick things off by hashing the Additional Authenticated Data */
     if (AADLen != 0) {
-        rv = gcmHash_Update(ghash, AAD, AADLen, blocksize);
+        rv = gcmHash_Update(ghash, AAD, AADLen);
         if (rv != SECSuccess) {
             return SECFailure;
         }
-        rv = gcmHash_Sync(ghash, blocksize);
+        rv = gcmHash_Sync(ghash);
         if (rv != SECSuccess) {
             return SECFailure;
         }
     }
     return SECSuccess;
 }
 
 /**************************************************************************
  *           Now implement the GCM using gcmHash and CTR                  *
  **************************************************************************/
 
 /* state to handle the full GCM operation (hash and counter) */
 struct GCMContextStr {
-    gcmHashContext ghash_context;
+    gcmHashContext *ghash_context;
     CTRContext ctr_context;
     unsigned long tagBits;
     unsigned char tagKey[MAX_BLOCK_SIZE];
 };
 
 GCMContext *
 GCM_CreateContext(void *context, freeblCipherFunc cipher,
-                  const unsigned char *params, unsigned int blocksize)
+                  const unsigned char *params)
 {
     GCMContext *gcm = NULL;
-    gcmHashContext *ghash;
+    gcmHashContext *ghash = NULL;
     unsigned char H[MAX_BLOCK_SIZE];
     unsigned int tmp;
     PRBool freeCtr = PR_FALSE;
-    PRBool freeHash = PR_FALSE;
     const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     CK_AES_CTR_PARAMS ctrParams;
     SECStatus rv;
+#ifdef DISABLE_HW_GCM
+    const PRBool sw = PR_TRUE;
+#else
+    const PRBool sw = PR_FALSE;
+#endif
 
-    if (blocksize > MAX_BLOCK_SIZE || blocksize > sizeof(ctrParams.cb)) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    if (gcmParams->ulIvLen == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     gcm = PORT_ZNew(GCMContext);
     if (gcm == NULL) {
         return NULL;
     }
-    /* first fill in the ghash context */
-    ghash = &gcm->ghash_context;
-    PORT_Memset(H, 0, blocksize);
-    rv = (*cipher)(context, H, &tmp, blocksize, H, blocksize, blocksize);
+    /* aligned_alloc is C11 so we have to do it the old way. */
+    ghash = PORT_ZAlloc(sizeof(gcmHashContext) + 15);
+    if (ghash == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    ghash->mem = ghash;
+    ghash = (gcmHashContext *)(((uintptr_t)ghash + 15) & ~(uintptr_t)0x0F);
+
+    /* first plug in the ghash context */
+    gcm->ghash_context = ghash;
+    PORT_Memset(H, 0, AES_BLOCK_SIZE);
+    rv = (*cipher)(context, H, &tmp, AES_BLOCK_SIZE, H, AES_BLOCK_SIZE, AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         goto loser;
     }
-    rv = gcmHash_InitContext(ghash, H, blocksize);
+    rv = gcmHash_InitContext(ghash, H, sw);
     if (rv != SECSuccess) {
         goto loser;
     }
-    freeHash = PR_TRUE;
 
     /* fill in the Counter context */
     ctrParams.ulCounterBits = 32;
     PORT_Memset(ctrParams.cb, 0, sizeof(ctrParams.cb));
-    if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
+    if (gcmParams->ulIvLen == 12) {
         PORT_Memcpy(ctrParams.cb, gcmParams->pIv, gcmParams->ulIvLen);
-        ctrParams.cb[blocksize - 1] = 1;
+        ctrParams.cb[AES_BLOCK_SIZE - 1] = 1;
     } else {
-        rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen,
-                            blocksize);
+        rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen);
         if (rv != SECSuccess) {
             goto loser;
         }
-        rv = gcmHash_Final(ghash, ctrParams.cb, &tmp, blocksize, blocksize);
+        rv = gcmHash_Final(ghash, ctrParams.cb, &tmp, AES_BLOCK_SIZE);
         if (rv != SECSuccess) {
             goto loser;
         }
     }
     rv = CTR_InitContext(&gcm->ctr_context, context, cipher,
-                         (unsigned char *)&ctrParams, blocksize);
+                         (unsigned char *)&ctrParams);
     if (rv != SECSuccess) {
         goto loser;
     }
     freeCtr = PR_TRUE;
 
     /* fill in the gcm structure */
     gcm->tagBits = gcmParams->ulTagBits; /* save for final step */
     /* calculate the final tag key. NOTE: gcm->tagKey is zero to start with.
      * if this assumption changes, we would need to explicitly clear it here */
-    rv = CTR_Update(&gcm->ctr_context, gcm->tagKey, &tmp, blocksize,
-                    gcm->tagKey, blocksize, blocksize);
+    rv = CTR_Update(&gcm->ctr_context, gcm->tagKey, &tmp, AES_BLOCK_SIZE,
+                    gcm->tagKey, AES_BLOCK_SIZE, AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         goto loser;
     }
 
     /* finally mix in the AAD data */
-    rv = gcmHash_Reset(ghash, gcmParams->pAAD, gcmParams->ulAADLen, blocksize);
+    rv = gcmHash_Reset(ghash, gcmParams->pAAD, gcmParams->ulAADLen);
     if (rv != SECSuccess) {
         goto loser;
     }
 
     return gcm;
 
 loser:
     if (freeCtr) {
         CTR_DestroyContext(&gcm->ctr_context, PR_FALSE);
     }
-    if (freeHash) {
-        gcmHash_DestroyContext(&gcm->ghash_context, PR_FALSE);
+    if (ghash && ghash->mem) {
+        PORT_Free(ghash->mem);
     }
     if (gcm) {
         PORT_Free(gcm);
     }
     return NULL;
 }
 
 void
 GCM_DestroyContext(GCMContext *gcm, PRBool freeit)
 {
     /* these two are statically allocated and will be freed when we free
      * gcm. call their destroy functions to free up any locally
      * allocated data (like mp_int's) */
     CTR_DestroyContext(&gcm->ctr_context, PR_FALSE);
-    gcmHash_DestroyContext(&gcm->ghash_context, PR_FALSE);
+    PORT_Free(gcm->ghash_context->mem);
     PORT_Memset(&gcm->tagBits, 0, sizeof(gcm->tagBits));
     PORT_Memset(gcm->tagKey, 0, sizeof(gcm->tagKey));
     if (freeit) {
         PORT_Free(gcm);
     }
 }
 
 static SECStatus
 gcm_GetTag(GCMContext *gcm, unsigned char *outbuf,
-           unsigned int *outlen, unsigned int maxout,
-           unsigned int blocksize)
+           unsigned int *outlen, unsigned int maxout)
 {
     unsigned int tagBytes;
     unsigned int extra;
     unsigned int i;
     SECStatus rv;
 
     tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
     extra = tagBytes * PR_BITS_PER_BYTE - gcm->tagBits;
@@ -733,28 +704,24 @@ gcm_GetTag(GCMContext *gcm, unsigned cha
     }
 
     if (maxout < tagBytes) {
         *outlen = tagBytes;
         PORT_SetError(SEC_ERROR_OUTPUT_LEN);
         return SECFailure;
     }
     maxout = tagBytes;
-    rv = gcmHash_Final(&gcm->ghash_context, outbuf, outlen, maxout, blocksize);
+    rv = gcmHash_Final(gcm->ghash_context, outbuf, outlen, maxout);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    GCM_TRACE_BLOCK("GHASH=", outbuf, blocksize);
-    GCM_TRACE_BLOCK("Y0=", gcm->tagKey, blocksize);
     for (i = 0; i < *outlen; i++) {
         outbuf[i] ^= gcm->tagKey[i];
     }
-    GCM_TRACE_BLOCK("Y0=", gcm->tagKey, blocksize);
-    GCM_TRACE_BLOCK("T=", outbuf, blocksize);
     /* mask off any extra bits we got */
     if (extra) {
         outbuf[tagBytes - 1] &= ~((1 << extra) - 1);
     }
     return SECSuccess;
 }
 
 /*
@@ -767,39 +734,45 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig
                   unsigned int *outlen, unsigned int maxout,
                   const unsigned char *inbuf, unsigned int inlen,
                   unsigned int blocksize)
 {
     SECStatus rv;
     unsigned int tagBytes;
     unsigned int len;
 
+    PORT_Assert(blocksize == AES_BLOCK_SIZE);
+    if (blocksize != AES_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
     tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
     if (UINT_MAX - inlen < tagBytes) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
     if (maxout < inlen + tagBytes) {
         *outlen = inlen + tagBytes;
         PORT_SetError(SEC_ERROR_OUTPUT_LEN);
         return SECFailure;
     }
 
     rv = CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout,
-                    inbuf, inlen, blocksize);
+                    inbuf, inlen, AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         return SECFailure;
     }
-    rv = gcmHash_Update(&gcm->ghash_context, outbuf, *outlen, blocksize);
+    rv = gcmHash_Update(gcm->ghash_context, outbuf, *outlen);
     if (rv != SECSuccess) {
         PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
         *outlen = 0;
         return SECFailure;
     }
-    rv = gcm_GetTag(gcm, outbuf + *outlen, &len, maxout - *outlen, blocksize);
+    rv = gcm_GetTag(gcm, outbuf + *outlen, &len, maxout - *outlen);
     if (rv != SECSuccess) {
         PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
         *outlen = 0;
         return SECFailure;
     };
     *outlen += len;
     return SECSuccess;
 }
@@ -819,42 +792,48 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig
                   unsigned int blocksize)
 {
     SECStatus rv;
     unsigned int tagBytes;
     unsigned char tag[MAX_BLOCK_SIZE];
     const unsigned char *intag;
     unsigned int len;
 
+    PORT_Assert(blocksize == AES_BLOCK_SIZE);
+    if (blocksize != AES_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
     tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
 
     /* get the authentication block */
     if (inlen < tagBytes) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
 
     inlen -= tagBytes;
     intag = inbuf + inlen;
 
     /* verify the block */
-    rv = gcmHash_Update(&gcm->ghash_context, inbuf, inlen, blocksize);
+    rv = gcmHash_Update(gcm->ghash_context, inbuf, inlen);
     if (rv != SECSuccess) {
         return SECFailure;
     }
-    rv = gcm_GetTag(gcm, tag, &len, blocksize, blocksize);
+    rv = gcm_GetTag(gcm, tag, &len, AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         return SECFailure;
     }
     /* Don't decrypt if we can't authenticate the encrypted data!
      * This assumes that if tagBits is not a multiple of 8, intag will
      * preserve the masked off missing bits.  */
     if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) {
         /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
         PORT_SetError(SEC_ERROR_BAD_DATA);
         PORT_Memset(tag, 0, sizeof(tag));
         return SECFailure;
     }
     PORT_Memset(tag, 0, sizeof(tag));
     /* finish the decryption */
     return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout,
-                      inbuf, inlen, blocksize);
+                      inbuf, inlen, AES_BLOCK_SIZE);
 }
--- a/security/nss/lib/freebl/gcm.h
+++ b/security/nss/lib/freebl/gcm.h
@@ -1,31 +1,72 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef GCM_H
 #define GCM_H 1
 
 #include "blapii.h"
+#include <stdint.h>
+
+#ifdef NSS_X86_OR_X64
+#include <emmintrin.h> /* __m128i */
+#endif
+
+SEC_BEGIN_PROTOS
+
+#ifdef HAVE_INT128_SUPPORT
+typedef unsigned __int128 uint128_t;
+#endif
 
 typedef struct GCMContextStr GCMContext;
 
 /*
  * The context argument is the inner cipher context to use with cipher. The
  * GCMContext does not own context. context needs to remain valid for as long
  * as the GCMContext is valid.
  *
  * The cipher argument is a block cipher in the ECB encrypt mode.
  */
 GCMContext *GCM_CreateContext(void *context, freeblCipherFunc cipher,
-                              const unsigned char *params, unsigned int blocksize);
+                              const unsigned char *params);
 void GCM_DestroyContext(GCMContext *gcm, PRBool freeit);
 SECStatus GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
                             unsigned int *outlen, unsigned int maxout,
                             const unsigned char *inbuf, unsigned int inlen,
                             unsigned int blocksize);
 SECStatus GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
                             unsigned int *outlen, unsigned int maxout,
                             const unsigned char *inbuf, unsigned int inlen,
                             unsigned int blocksize);
 
+/* These functions are here only so we can test them */
+#define GCM_HASH_LEN_LEN 8 /* gcm hash defines lengths to be 64 bits */
+typedef struct gcmHashContextStr gcmHashContext;
+typedef SECStatus (*ghash_t)(gcmHashContext *, const unsigned char *,
+                             unsigned int);
+pre_align struct gcmHashContextStr {
+#ifdef NSS_X86_OR_X64
+    __m128i x, h;
 #endif
+    uint64_t x_low, x_high, h_high, h_low;
+    unsigned char buffer[MAX_BLOCK_SIZE];
+    unsigned int bufLen;
+    uint8_t counterBuf[16];
+    uint64_t cLen;
+    ghash_t ghash_mul;
+    PRBool hw;
+    gcmHashContext *mem;
+} post_align;
+
+SECStatus gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
+                         unsigned int len);
+SECStatus gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
+                              PRBool sw);
+SECStatus gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
+                        unsigned int AADLen);
+SECStatus gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
+                        unsigned int *outlen, unsigned int maxout);
+
+SEC_END_PROTOS
+
+#endif
--- a/security/nss/lib/freebl/intel-aes-x64-masm.asm
+++ b/security/nss/lib/freebl/intel-aes-x64-masm.asm
@@ -86,18 +86,16 @@ LOCAL   bail
         mov     inputLen,   [rsp + 1*8 + 8*5]
 
         sub     rsp, 3*16
 
         movdqu  [rsp + 0*16], xmm6
         movdqu  [rsp + 1*16], xmm7
         movdqu  [rsp + 2*16], xmm8
 
-        lea     ctx, [48+ctx]
-
 loop8:
         cmp     inputLen, 8*16
         jb      loop1
 
         movdqu  xmm0, [0*16 + input]
         movdqu  xmm1, [1*16 + input]
         movdqu  xmm2, [2*16 + input]
         movdqu  xmm3, [3*16 + input]
@@ -550,19 +548,17 @@ LOCAL   bail
         mov     inputLen,   [rsp + 1*8 + 8*5]
 
         sub     rsp, 3*16
 
         movdqu  [rsp + 0*16], xmm6
         movdqu  [rsp + 1*16], xmm7
         movdqu  [rsp + 2*16], xmm8
 
-        lea     ctx, [48+ctx]
-
-        movdqu  xmm0, [-32+ctx]
+        movdqu  xmm0, [256+ctx]
 
         movdqu  xmm2, [0*16 + ctx]
         movdqu  xmm3, [1*16 + ctx]
         movdqu  xmm4, [2*16 + ctx]
         movdqu  xmm5, [3*16 + ctx]
         movdqu  xmm6, [4*16 + ctx]
         movdqu  xmm7, [5*16 + ctx]
 
@@ -592,17 +588,17 @@ loop1:
         movdqu  [output], xmm0
 
         lea input, [1*16 + input]
         lea output, [1*16 + output]
         sub inputLen, 1*16
         jmp loop1
 
 bail:
-        movdqu  [-32+ctx], xmm0
+        movdqu  [256+ctx], xmm0
 
         xor rax, rax
 
         movdqu  xmm6, [rsp + 0*16]
         movdqu  xmm7, [rsp + 1*16]
         movdqu  xmm8, [rsp + 2*16]
         add     rsp, 3*16
         ret
@@ -620,18 +616,16 @@ LOCAL   bail
         mov     inputLen,   [rsp + 1*8 + 8*5]
 
         sub     rsp, 3*16
 
         movdqu  [rsp + 0*16], xmm6
         movdqu  [rsp + 1*16], xmm7
         movdqu  [rsp + 2*16], xmm8
 
-        lea     ctx, [48+ctx]
-
 loop8:
         cmp     inputLen, 8*16
         jb      dec1
 
         movdqu  xmm0, [0*16 + input]
         movdqu  xmm1, [1*16 + input]
         movdqu  xmm2, [2*16 + input]
         movdqu  xmm3, [3*16 + input]
@@ -652,17 +646,17 @@ loop8:
 
         i = 1
         WHILE i LT rnds
             aes_dec_rnd i
             i = i+1
             ENDM
         aes_dec_last_rnd rnds
 
-        movdqu  xmm8, [-32 + ctx]
+        movdqu  xmm8, [256 + ctx]
         pxor    xmm0, xmm8
         movdqu  xmm8, [0*16 + input]
         pxor    xmm1, xmm8
         movdqu  xmm8, [1*16 + input]
         pxor    xmm2, xmm8
         movdqu  xmm8, [2*16 + input]
         pxor    xmm3, xmm8
         movdqu  xmm8, [3*16 + input]
@@ -678,25 +672,25 @@ loop8:
         movdqu  [0*16 + output], xmm0
         movdqu  [1*16 + output], xmm1
         movdqu  [2*16 + output], xmm2
         movdqu  [3*16 + output], xmm3
         movdqu  [4*16 + output], xmm4
         movdqu  [5*16 + output], xmm5
         movdqu  [6*16 + output], xmm6
         movdqu  [7*16 + output], xmm7
-        movdqu  [-32 + ctx], xmm8
+        movdqu  [256 + ctx], xmm8
 
         lea input, [8*16 + input]
         lea output, [8*16 + output]
         sub inputLen, 8*16
         jmp loop8
 dec1:
 
-        movdqu  xmm3, [-32 + ctx]
+        movdqu  xmm3, [256 + ctx]
 
 loop1:
         cmp     inputLen, 1*16
         jb      bail
 
         movdqu  xmm0, [input]
         movdqa  xmm4, xmm0
         movdqu  xmm7, [0*16 + ctx]
@@ -716,17 +710,17 @@ loop1:
         movdqa  xmm3, xmm4
 
         lea input, [1*16 + input]
         lea output, [1*16 + output]
         sub inputLen, 1*16
         jmp loop1
 
 bail:
-        movdqu  [-32 + ctx], xmm3
+        movdqu  [256 + ctx], xmm3
         xor rax, rax
 
         movdqu  xmm6, [rsp + 0*16]
         movdqu  xmm7, [rsp + 1*16]
         movdqu  xmm8, [rsp + 2*16]
         add     rsp, 3*16
         ret
 ENDM
@@ -768,17 +762,16 @@ LOCAL   loop1
 LOCAL   enc1
 LOCAL   bail
 
         mov     input,      [rsp + 8*1 + 4*8]
         mov     inputLen,   [rsp + 8*1 + 5*8]
 
         mov     ctrCtx, ctx
         mov     ctx, [8+ctrCtx]
-        lea     ctx, [48+ctx]
 
         sub     rsp, 3*16
         movdqu  [rsp + 0*16], xmm6
         movdqu  [rsp + 1*16], xmm7
         movdqu  [rsp + 2*16], xmm8
 
 
         push    rbp
--- a/security/nss/lib/freebl/intel-aes-x86-masm.asm
+++ b/security/nss/lib/freebl/intel-aes-x86-masm.asm
@@ -82,18 +82,16 @@ LOCAL   bail
 
         push    inputLen
 
         mov     ctx,    [esp + 2*4 + 0*4]
         mov     output,     [esp + 2*4 + 1*4]
         mov     input,      [esp + 2*4 + 4*4]
         mov     inputLen,   [esp + 2*4 + 5*4]
 
-        lea     ctx, [44+ctx]
-
 loop7:
         cmp     inputLen, 7*16
         jb      loop1
 
         movdqu  xmm0, [0*16 + input]
         movdqu  xmm1, [1*16 + input]
         movdqu  xmm2, [2*16 + input]
         movdqu  xmm3, [3*16 + input]
@@ -552,19 +550,17 @@ LOCAL   bail
 
         push    inputLen
 
         mov     ctx,    [esp + 2*4 + 0*4]
         mov     output,     [esp + 2*4 + 1*4]
         mov     input,      [esp + 2*4 + 4*4]
         mov     inputLen,   [esp + 2*4 + 5*4]
 
-        lea     ctx, [44+ctx]
-
-        movdqu  xmm0, [-32+ctx]
+        movdqu  xmm0, [252+ctx]
 
         movdqu  xmm2, [0*16 + ctx]
         movdqu  xmm3, [1*16 + ctx]
         movdqu  xmm4, [2*16 + ctx]
         movdqu  xmm5, [3*16 + ctx]
         movdqu  xmm6, [4*16 + ctx]
 
 loop1:
@@ -592,17 +588,17 @@ loop1:
         movdqu  [output], xmm0
 
         lea input, [1*16 + input]
         lea output, [1*16 + output]
         sub inputLen, 1*16
         jmp loop1
 
 bail:
-        movdqu  [-32+ctx], xmm0
+        movdqu  [252+ctx], xmm0
 
         xor eax, eax
         pop inputLen
         ret
 
 ENDM
 
 gen_aes_cbc_dec_func MACRO rnds
@@ -614,18 +610,16 @@ LOCAL   bail
 
         push    inputLen
 
         mov     ctx,    [esp + 2*4 + 0*4]
         mov     output,     [esp + 2*4 + 1*4]
         mov     input,      [esp + 2*4 + 4*4]
         mov     inputLen,   [esp + 2*4 + 5*4]
 
-        lea     ctx, [44+ctx]
-
 loop7:
         cmp     inputLen, 7*16
         jb      dec1
 
         movdqu  xmm0, [0*16 + input]
         movdqu  xmm1, [1*16 + input]
         movdqu  xmm2, [2*16 + input]
         movdqu  xmm3, [3*16 + input]
@@ -644,17 +638,17 @@ loop7:
 
         i = 1
         WHILE i LT rnds
             aes_dec_rnd i
             i = i+1
             ENDM
         aes_dec_last_rnd rnds
 
-        movdqu  xmm7, [-32 + ctx]
+        movdqu  xmm7, [252 + ctx]
         pxor    xmm0, xmm7
         movdqu  xmm7, [0*16 + input]
         pxor    xmm1, xmm7
         movdqu  xmm7, [1*16 + input]
         pxor    xmm2, xmm7
         movdqu  xmm7, [2*16 + input]
         pxor    xmm3, xmm7
         movdqu  xmm7, [3*16 + input]
@@ -667,25 +661,25 @@ loop7:
 
         movdqu  [0*16 + output], xmm0
         movdqu  [1*16 + output], xmm1
         movdqu  [2*16 + output], xmm2
         movdqu  [3*16 + output], xmm3
         movdqu  [4*16 + output], xmm4
         movdqu  [5*16 + output], xmm5
         movdqu  [6*16 + output], xmm6
-        movdqu  [-32 + ctx], xmm7
+        movdqu  [252 + ctx], xmm7
 
         lea input, [7*16 + input]
         lea output, [7*16 + output]
         sub inputLen, 7*16
         jmp loop7
 dec1:
 
-        movdqu  xmm3, [-32 + ctx]
+        movdqu  xmm3, [252 + ctx]
 
 loop1:
         cmp     inputLen, 1*16
         jb      bail
 
         movdqu  xmm0, [input]
         movdqa  xmm4, xmm0
         movdqu  xmm7, [0*16 + ctx]
@@ -705,17 +699,17 @@ loop1:
         movdqa  xmm3, xmm4
 
         lea input, [1*16 + input]
         lea output, [1*16 + output]
         sub inputLen, 1*16
         jmp loop1
 
 bail:
-        movdqu  [-32 + ctx], xmm3
+        movdqu  [252 + ctx], xmm3
         xor eax, eax
         pop     inputLen
         ret
 ENDM
 
 ALIGN 16
 intel_aes_encrypt_cbc_128 PROC
 gen_aes_cbc_enc_func  10
@@ -764,17 +758,16 @@ LOCAL   bail
         push    ebp
 
         mov     ctrCtx, [esp + 4*5 + 0*4]
         mov     output, [esp + 4*5 + 1*4]
         mov     input,  [esp + 4*5 + 4*4]
         mov     inputLen, [esp + 4*5 + 5*4]
 
         mov     ctx, [4+ctrCtx]
-        lea     ctx, [44+ctx]
 
         mov     ebp, esp
         sub     esp, 7*16
         and     esp, -16
 
         movdqu  xmm0, [8+ctrCtx]
         mov     ctrCtx, [ctrCtx + 8 + 3*4]
         bswap   ctrCtx
--- a/security/nss/lib/freebl/intel-aes.s
+++ b/security/nss/lib/freebl/intel-aes.s
@@ -1,16 +1,15 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 	.text
 
-#define IV_OFFSET 16
-#define EXPANDED_KEY_OFFSET 48
+#define IV_OFFSET 256
 
 /*
  * Warning: the length values used in this module are "unsigned int"
  * in C, which is 32-bit.  When they're passed in registers, use only
  * the low 32 bits, because the top half is unspecified.
  *
  * This is called from C code, so the contents of those bits can
  * depend on the C compiler's optimization decisions.  This means that
@@ -139,19 +138,16 @@ key_expansion128:
    in %r8  : input - pointer to input buffer
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_encrypt_ecb_128,@function
 	.globl intel_aes_encrypt_ecb_128
 	.align	16
 intel_aes_encrypt_ecb_128:
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	48(%rdi), %rdi
-
 	movdqu	(%rdi), %xmm2
 	movdqu	160(%rdi), %xmm12
 	xor	%eax, %eax
 //	cmpl	$8*16, %r9d
 	cmpl	$128, %r9d
 	jb	1f
 //	leal	-8*16(%r9), %r11d
 	leal	-128(%r9), %r11d
@@ -323,19 +319,16 @@ 5:	xor	%eax, %eax
    in %r8  : input - pointer to input buffer
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_decrypt_ecb_128,@function
 	.globl intel_aes_decrypt_ecb_128
 	.align	16
 intel_aes_decrypt_ecb_128:
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	48(%rdi), %rdi
-
 	movdqu	(%rdi), %xmm2
 	movdqu	160(%rdi), %xmm12
 	xorl	%eax, %eax
 //	cmpl	$8*16, %r9d
 	cmpl	$128, %r9d
 	jb	1f
 //	leal	-8*16(%r9), %r11d
 	leal	-128(%r9), %r11d
@@ -511,19 +504,17 @@ 5:	xor	%eax, %eax
 	.type intel_aes_encrypt_cbc_128,@function
 	.globl intel_aes_encrypt_cbc_128
 	.align	16
 intel_aes_encrypt_cbc_128:
 	testl	%r9d, %r9d
 	je	2f
 
 //	leaq	IV_OFFSET(%rdi), %rdx
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	16(%rdi), %rdx
-	leaq	48(%rdi), %rdi
+	leaq	256(%rdi), %rdx
 
 	movdqu	(%rdx), %xmm0
 	movdqu	(%rdi), %xmm2
 	movdqu	16(%rdi), %xmm3
 	movdqu	32(%rdi), %xmm4
 	movdqu	48(%rdi), %xmm5
 	movdqu	64(%rdi), %xmm6
 	movdqu	80(%rdi), %xmm7
@@ -570,19 +561,17 @@ 2:	xor	%eax, %eax
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_decrypt_cbc_128,@function
 	.globl intel_aes_decrypt_cbc_128
 	.align	16
 intel_aes_decrypt_cbc_128:
 //	leaq	IV_OFFSET(%rdi), %rdx
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	16(%rdi), %rdx
-	leaq	48(%rdi), %rdi
+	leaq	256(%rdi), %rdx
 
 	movdqu	(%rdx), %xmm0   /* iv */
 	movdqu	(%rdi), %xmm2   /* first key block */
 	movdqu	160(%rdi), %xmm12 /* last key block */
 	xorl	%eax, %eax
 	cmpl	$128, %r9d
 	jb	1f
 	leal	-128(%r9), %r11d
@@ -897,19 +886,16 @@ key_expansion192:
    in %r8  : input - pointer to input buffer
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_encrypt_ecb_192,@function
 	.globl intel_aes_encrypt_ecb_192
 	.align	16
 intel_aes_encrypt_ecb_192:
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	48(%rdi), %rdi
-
 	movdqu	(%rdi), %xmm2
 	movdqu	192(%rdi), %xmm14
 	xorl	%eax, %eax
 //	cmpl	$8*16, %r9d
 	cmpl	$128, %r9d
 	jb	1f
 //	leal	-8*16(%r9), %r11d
 	leal	-128(%r9), %r11d
@@ -1104,19 +1090,16 @@ 5:	xor	%eax, %eax
    in %r8  : input - pointer to input buffer
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_decrypt_ecb_192,@function
 	.globl intel_aes_decrypt_ecb_192
 	.align	16
 intel_aes_decrypt_ecb_192:
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	48(%rdi), %rdi
-
 	movdqu	(%rdi), %xmm2
 	movdqu	192(%rdi), %xmm14
 	xorl	%eax, %eax
 //	cmpl	$8*16, %r9d
 	cmpl	$128, %r9d
 	jb	1f
 //	leal	-8*16(%r9), %r11d
 	leal	-128(%r9), %r11d
@@ -1315,19 +1298,17 @@ 5:	xor	%eax, %eax
 	.type intel_aes_encrypt_cbc_192,@function
 	.globl intel_aes_encrypt_cbc_192
 	.align	16
 intel_aes_encrypt_cbc_192:
 	testl	%r9d, %r9d
 	je	2f
 
 //	leaq	IV_OFFSET(%rdi), %rdx
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	16(%rdi), %rdx
-	leaq	48(%rdi), %rdi
+	leaq	256(%rdi), %rdx
 
 	movdqu	(%rdx), %xmm0
 	movdqu	(%rdi), %xmm2
 	movdqu	16(%rdi), %xmm3
 	movdqu	32(%rdi), %xmm4
 	movdqu	48(%rdi), %xmm5
 	movdqu	64(%rdi), %xmm6
 	movdqu	80(%rdi), %xmm7
@@ -1377,18 +1358,18 @@ 2:	xor	%eax, %eax
    in %r8  : input - pointer to input buffer
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_decrypt_cbc_192,@function
 	.globl intel_aes_decrypt_cbc_192
 	.align	16
 intel_aes_decrypt_cbc_192:
-	leaq	16(%rdi), %rdx
-	leaq	48(%rdi), %rdi
+//	leaq	IV_OFFSET(%rdi), %rdx
+	leaq	256(%rdi), %rdx
 
 	movdqu	(%rdx), %xmm0
 	movdqu	(%rdi), %xmm2
 	movdqu	192(%rdi), %xmm14
 	xorl	%eax, %eax
 	cmpl	$128, %r9d
 	jb	1f
 	leal	-128(%r9), %r11d
@@ -1733,19 +1714,16 @@ key_expansion256:
    in %r8  : input - pointer to input buffer
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_encrypt_ecb_256,@function
 	.globl intel_aes_encrypt_ecb_256
 	.align	16
 intel_aes_encrypt_ecb_256:
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	48(%rdi), %rdi
-
 	movdqu	(%rdi), %xmm2
 	movdqu	224(%rdi), %xmm15
 	xorl	%eax, %eax
 //	cmpl	$8*16, %r9d
 	cmpl	$128, %r9d
 	jb	1f
 //	leal	-8*16(%r9), %r11d
 	leal	-128(%r9), %r11d
@@ -1965,19 +1943,16 @@ 5:	xor	%eax, %eax
    in %r8  : input - pointer to input buffer
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_decrypt_ecb_256,@function
 	.globl intel_aes_decrypt_ecb_256
 	.align	16
 intel_aes_decrypt_ecb_256:
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	48(%rdi), %rdi
-
 	movdqu	(%rdi), %xmm2
 	movdqu	224(%rdi), %xmm15
 	xorl	%eax, %eax
 //	cmpl	$8*16, %r9d
 	cmpl	$128, %r9d
 	jb	1f
 //	leal	-8*16(%r9), %r11d
 	leal	-128(%r9), %r11d
@@ -2201,19 +2176,17 @@ 5:	xor	%eax, %eax
 	.type intel_aes_encrypt_cbc_256,@function
 	.globl intel_aes_encrypt_cbc_256
 	.align	16
 intel_aes_encrypt_cbc_256:
 	testl	%r9d, %r9d
 	je	2f
 
 //	leaq	IV_OFFSET(%rdi), %rdx
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	16(%rdi), %rdx
-	leaq	48(%rdi), %rdi
+	leaq	256(%rdi), %rdx
 
 	movdqu	(%rdx), %xmm0
 	movdqu	(%rdi), %xmm8
 	movdqu	16(%rdi), %xmm2
 	movdqu	32(%rdi), %xmm3
 	movdqu	48(%rdi), %xmm4
 	movdqu	64(%rdi), %xmm5
 	movdqu	80(%rdi), %xmm6
@@ -2269,19 +2242,17 @@ 2:	xor	%eax, %eax
    in %r9d : inputLen - length of input buffer
    on stack: blocksize - AES blocksize (always 16, unused)
 */
 	.type intel_aes_decrypt_cbc_256,@function
 	.globl intel_aes_decrypt_cbc_256
 	.align	16
 intel_aes_decrypt_cbc_256:
 //	leaq	IV_OFFSET(%rdi), %rdx
-//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
-	leaq	16(%rdi), %rdx
-	leaq	48(%rdi), %rdi
+	leaq	256(%rdi), %rdx
 
 	movdqu	(%rdx), %xmm0
 	movdqu	(%rdi), %xmm2
 	movdqu	224(%rdi), %xmm15
 	xorl	%eax, %eax
 //	cmpl	$8*16, %r9d
 	cmpl	$128, %r9d
 	jb	1f
--- a/security/nss/lib/freebl/intel-gcm-wrap.c
+++ b/security/nss/lib/freebl/intel-gcm-wrap.c
@@ -36,40 +36,38 @@ struct intel_AES_GCMContextStr {
     unsigned long tagBits;
     unsigned long Alen;
     unsigned long Mlen;
 };
 
 intel_AES_GCMContext *
 intel_AES_GCM_CreateContext(void *context,
                             freeblCipherFunc cipher,
-                            const unsigned char *params,
-                            unsigned int blocksize)
+                            const unsigned char *params)
 {
     intel_AES_GCMContext *gcm = NULL;
     AESContext *aes = (AESContext *)context;
     const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */
 
     unsigned long IV_whole_len = gcmParams->ulIvLen & (~0xful);
     unsigned int IV_remainder_len = gcmParams->ulIvLen & 0xful;
     unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful);
     unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful;
 
     __m128i BSWAP_MASK = _mm_setr_epi8(15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0);
     __m128i ONE = _mm_set_epi32(0, 0, 0, 1);
     unsigned int j;
     SECStatus rv;
 
-    if (blocksize != AES_BLOCK_SIZE) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    if (gcmParams->ulIvLen == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     gcm = PORT_ZNew(intel_AES_GCMContext);
-
     if (gcm == NULL) {
         return NULL;
     }
 
     /* initialize context fields */
     gcm->aes_context = aes;
     gcm->tagBits = gcmParams->ulTagBits;
     gcm->Alen = 0;
--- a/security/nss/lib/freebl/intel-gcm-x64-masm.asm
+++ b/security/nss/lib/freebl/intel-gcm-x64-masm.asm
@@ -491,18 +491,18 @@ LbeginENC:
     mov rbp, rsp
     sub rsp, 16*16
     and rsp, -16
 
     vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
     vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
     vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
     mov     KS, [16*16 + 3*16 + Gctx]
-    mov     NR, [4 + KS]
-    lea     KS, [48 + KS]
+    mov     NR, [244 + KS]
+    lea     KS, [KS]
 
     vpshufb CTR0, CTR0, BSWAPMASK
 
     mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
     mov aluKSl, [3*4 + KS]
     bswap   aluCTR
     bswap   aluKSl
 
@@ -989,18 +989,17 @@ LbeginDEC:
     mov rbp, rsp
     sub rsp, 8*16
     and rsp, -16
 
     vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
     vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
     vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
     mov     KS, [16*16 + 3*16 + Gctx]
-    mov     NR, [4 + KS]
-    lea     KS, [48 + KS]
+    mov     NR, [244 + KS]
 
     vpshufb CTR0, CTR0, BSWAPMASK
 
     mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
     mov aluKSl, [3*4 + KS]
     bswap   aluCTR
     bswap   aluKSl
 
--- a/security/nss/lib/freebl/intel-gcm-x86-masm.asm
+++ b/security/nss/lib/freebl/intel-gcm-x86-masm.asm
@@ -385,17 +385,17 @@ ALIGN 16
 intel_aes_gcmENC PROC
 
 PT      textequ <eax>
 CT      textequ <ecx>
 Htbl    textequ <edx>
 Gctx    textequ <edx>
 len     textequ <DWORD PTR[ebp + 5*4 + 3*4]>
 KS      textequ <esi>
-NR      textequ <DWORD PTR[-40 + KS]>
+NR      textequ <DWORD PTR[244+KS]>
 
 aluCTR  textequ <ebx>
 aluTMP  textequ <edi>
 
 T       textequ <XMMWORD PTR[16*16 + 1*16 + Gctx]>
 TMP0    textequ <xmm1>
 TMP1    textequ <xmm2>
 TMP2    textequ <xmm3>
@@ -458,17 +458,16 @@ LbeginENC:
     sub esp, 16*16
     and esp, -16
 
     mov PT, [ebp + 5*4 + 0*4]
     mov CT, [ebp + 5*4 + 1*4]
     mov Gctx, [ebp + 5*4 + 2*4]
 
     mov     KS, [16*16 + 3*16 + Gctx]
-    lea     KS, [44 + KS]
 
     mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
     bswap   aluCTR
 
 
     vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
     vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
     vmovdqu XMMWORD PTR[8*16 + 0*16 + esp], TMP0
@@ -926,17 +925,16 @@ LbeginDEC:
     sub esp, 8*16
     and esp, -16
 
     mov CT, [ebp + 5*4 + 0*4]
     mov PT, [ebp + 5*4 + 1*4]
     mov Gctx, [ebp + 5*4 + 2*4]
 
     mov     KS, [16*16 + 3*16 + Gctx]
-    lea     KS, [44 + KS]
 
     mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
     bswap   aluCTR
 
 
     vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
     vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
     vmovdqu XMMWORD PTR[0*16 + esp], TMP0
--- a/security/nss/lib/freebl/intel-gcm.h
+++ b/security/nss/lib/freebl/intel-gcm.h
@@ -22,17 +22,17 @@
 #ifndef INTEL_GCM_H
 #define INTEL_GCM_H 1
 
 #include "blapii.h"
 
 typedef struct intel_AES_GCMContextStr intel_AES_GCMContext;
 
 intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher,
-                                                  const unsigned char *params, unsigned int blocksize);
+                                                  const unsigned char *params);
 
 void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit);
 
 SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
                                       unsigned int *outlen, unsigned int maxout,
                                       const unsigned char *inbuf, unsigned int inlen,
                                       unsigned int blocksize);
 
--- a/security/nss/lib/freebl/intel-gcm.s
+++ b/security/nss/lib/freebl/intel-gcm.s
@@ -462,18 +462,18 @@ intel_aes_gcmENC:
 
     movq %rsp, %rbp   
     sub  $128, %rsp
     andq $-16, %rsp
 
     vmovdqu  288(Gctx), CTR
     vmovdqu  272(Gctx), T
     mov  304(Gctx), KS
-    mov  4(KS), NR
-    lea  48(KS), KS
+# AESContext->Nr
+    mov  244(KS), NR
 
     vpshufb  .Lbswap_mask(%rip), CTR, CTR
     vpshufb  .Lbswap_mask(%rip), T, T
 
     cmp  $128, len
     jb   .LDataSingles
    
 # Encrypt the first eight blocks
@@ -996,18 +996,18 @@ intel_aes_gcmDEC:
     pushq   %rbp
     pushq   %rbx
     movq    %rsp, %rbp   
     sub     $128, %rsp
     andq    $-16, %rsp
     vmovdqu 288(Gctx), CTR
     vmovdqu 272(Gctx), T
     mov     304(Gctx), KS
-    mov     4(KS), NR
-    lea     48(KS), KS
+# AESContext->Nr
+    mov     244(KS), NR
 
     vpshufb .Lbswap_mask(%rip), CTR, CTR
     vpshufb .Lbswap_mask(%rip), T, T
      
     vmovdqu .Lbswap_mask(%rip), TMP3
     jmp     .LDECOctets
       
 # Decrypt 8 blocks each time while hashing them at the same time
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/Makefile
+++ /dev/null
@@ -1,244 +0,0 @@
-#
-# Makefile for MPI library
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-## Define CC to be the C compiler you wish to use.  The GNU cc
-## compiler (gcc) should work, at the very least
-#CC=cc
-#CC=gcc
-
-## 
-## Define PERL to point to your local Perl interpreter.  It
-## should be Perl 5.x, although it's conceivable that Perl 4
-## might work ... I haven't tested it.
-##
-#PERL=/usr/bin/perl
-#PERL=perl
-
-include target.mk
-
-CFLAGS+= $(XCFLAGS)
-
-##
-## Define LIBS to include any libraries you need to link against.
-## If NO_TABLE is define, LIBS should include '-lm' or whatever is
-## necessary to bring in the math library.  Otherwise, it can be
-## left alone, unless your system has other peculiar requirements.
-##
-LIBS=#-lmalloc#-lefence#-lm
-
-## 
-## Define RANLIB to be the library header randomizer; you might not
-## need this on some systems (just set it to 'echo' on these systems,
-## such as IRIX)
-##
-RANLIB=echo
-
-##
-## This is the version string used for the documentation and 
-## building the distribution tarball.  Don't mess with it unless
-## you are releasing a new version
-VERS=1.7p6
-
-## ----------------------------------------------------------------------
-## You probably don't need to change anything below this line...
-##
-
-##
-## This is the list of source files that need to be packed into
-## the distribution file
-SRCS=   mpi.c mpprime.c mplogic.c mp_gf2m.c mpmontg.c mpi-test.c primes.c \
-	mpcpucache.c tests/ \
-	utils/gcd.c utils/invmod.c utils/lap.c \
-	utils/ptab.pl utils/sieve.c utils/isprime.c\
-	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
-	utils/bbsrand.c utils/prng.c utils/primegen.c \
-	utils/basecvt.c utils/makeprime.c\
-	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
-	utils/mpi.h utils/mpprime.h mulsqr.c \
-	make-test-arrays test-arrays.txt all-tests make-logtab \
-	types.pl stats timetest multest
-
-## These are the header files that go into the distribution file
-HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h mp_gf2m.h \
-     mp_gf2m-priv.h utils/bbs_rand.h tests/mpi.h tests/mpprime.h
-
-## These are the documentation files that go into the distribution file
-DOCS=README doc utils/README utils/PRIMES 
-
-## This is the list of tools built by 'make tools'
-TOOLS=gcd invmod isprime lap dec2hex hex2dec primegen prng \
-	basecvt fact exptmod pi makeprime identest
-
-LIBOBJS = mpprime.o mpmontg.o mplogic.o mp_gf2m.o mpi.o mpcpucache.o $(AS_OBJS)
-LIBHDRS = mpi-config.h mpi-priv.h mpi.h
-APPHDRS = mpi-config.h mpi.h mplogic.h mp_gf2m.h mpprime.h
-
-help:
-	@ echo ""
-	@ echo "The following targets can be built with this Makefile:"
-	@ echo ""
-	@ echo "libmpi.a     - arithmetic and prime testing library"
-	@ echo "mpi-test     - test driver (requires MP_IOFUNC)"
-	@ echo "tools        - command line tools"
-	@ echo "doc          - manual pages for tools"
-	@ echo "clean        - clean up objects and such"
-	@ echo "distclean    - get ready for distribution"
-	@ echo "dist         - distribution tarball"
-	@ echo ""
-
-.SUFFIXES: .c .o .i
-
-.c.i:
-	$(CC) $(CFLAGS) -E $< > $@
-
-#.c.o: $*.h $*.c
-#	$(CC) $(CFLAGS) -c $<
-
-#---------------------------------------
-
-$(LIBOBJS): $(LIBHDRS)
-
-logtab.h: make-logtab
-	$(PERL) make-logtab > logtab.h
-
-mpi.o: mpi.c logtab.h $(LIBHDRS)
-
-mplogic.o: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
-
-mp_gf2m.o: mp_gf2m.c mpi-priv.h mp_gf2m.h mp_gf2m-priv.h $(LIBHDRS)
-
-mpmontg.o: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
-
-mpprime.o: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
-
-mpcpucache.o: mpcpucache.c $(LIBHDRS)
-
-mpi_mips.o: mpi_mips.s
-	$(CC) -o $@ $(ASFLAGS) -c mpi_mips.s
-
-mpi_sparc.o : montmulf.h
-
-mpv_sparcv9.s: vis_64.il mpv_sparc.c
-	$(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_64.il mpv_sparc.c
-
-mpv_sparcv8.s: vis_64.il mpv_sparc.c
-	$(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_32.il mpv_sparc.c
-
-montmulfv8.o montmulfv9.o mpv_sparcv8.o mpv_sparcv9.o : %.o : %.s 
-	$(CC) -o $@ $(SOLARIS_ASM_FLAGS) -c $<
-
-mpi_arm.o: mpi_arm.c $(LIBHDRS)
-
-# This rule is used to build the .s sources, which are then hand optimized.
-#montmulfv8.s montmulfv9.s : montmulf%.s : montmulf%.il montmulf.c montmulf.h 
-#	$(CC) -o $@ $(SOLARIS_ASM_FLAGS) -S montmulf$*.il montmulf.c
-
-
-libmpi.a: $(LIBOBJS)
-	ar -cvr libmpi.a $(LIBOBJS)
-	$(RANLIB) libmpi.a
-
-lib libs: libmpi.a
-
-mpi.i: mpi.h
-
-#---------------------------------------
-
-MPTESTOBJS = mptest1.o mptest2.o mptest3.o mptest3a.o mptest4.o mptest4a.o \
-	mptest4b.o mptest6.o mptest7.o mptest8.o mptest9.o mptestb.o
-MPTESTS = $(MPTESTOBJS:.o=)
-
-$(MPTESTOBJS): mptest%.o: tests/mptest-%.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -o $@ -c $<
-
-$(MPTESTS): mptest%: mptest%.o libmpi.a
-	$(CC) $(CFLAGS) -o $@ $^  $(LIBS)
-
-tests: mptest1 mptest2 mptest3 mptest3a mptest4 mptest4a mptest4b mptest6 \
-	mptestb bbsrand
-
-utests: mptest7 mptest8 mptest9
-
-#---------------------------------------
-
-EXTRAOBJS = bbsrand.o bbs_rand.o prng.o
-UTILOBJS = primegen.o metime.o identest.o basecvt.o fact.o exptmod.o pi.o \
-	makeprime.o gcd.o invmod.o lap.o isprime.o \
-	dec2hex.o hex2dec.o
-UTILS = $(UTILOBJS:.o=) 
-
-$(UTILS): % : %.o libmpi.a
-	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
-
-$(UTILOBJS) $(EXTRAOBJS): %.o : utils/%.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -o $@ -c $<
-
-prng: prng.o bbs_rand.o libmpi.a
-	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
-
-bbsrand: bbsrand.o bbs_rand.o libmpi.a
-	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
-
-utils: $(UTILS) prng bbsrand
-
-#---------------------------------------
-
-test-info.c: test-arrays.txt
-	$(PERL) make-test-arrays test-arrays.txt > test-info.c
-
-mpi-test.o: mpi-test.c test-info.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -o $@ -c $<
-
-mpi-test: mpi-test.o libmpi.a
-	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
-
-mdxptest.o: mdxptest.c $(LIBHDRS) mpi-priv.h
-
-mdxptest: mdxptest.o libmpi.a
-	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
-
-mulsqr.o: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
-	$(CC) $(CFLAGS) -DMP_SQUARE=1 -o $@ -c mulsqr.c 
-
-mulsqr: mulsqr.o libmpi.a
-	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
-
-#---------------------------------------
-
-alltests: tests utests mpi-test
-
-tools: $(TOOLS)
-
-doc:
-	(cd doc; ./build)
-
-clean:
-	rm -f *.o *.a *.i
-	rm -f core
-	rm -f *~ .*~
-	rm -f utils/*.o
-	rm -f utils/core
-	rm -f utils/*~ utils/.*~
-
-clobber: clean
-	rm -f $(TOOLS) $(UTILS)
-
-distclean: clean
-	rm -f mptest? mpi-test metime mulsqr karatsuba
-	rm -f mptest?a mptest?b
-	rm -f utils/mptest?
-	rm -f test-info.c logtab.h
-	rm -f libmpi.a
-	rm -f $(TOOLS)
-
-dist: Makefile $(HDRS) $(SRCS) $(DOCS)
-	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
-	pgps -ab mpi-$(VERS).tar
-	chmod +r mpi-$(VERS).tar.asc
-	gzip -9 mpi-$(VERS).tar
-
-# END
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/Makefile.os2
+++ /dev/null
@@ -1,243 +0,0 @@
-#
-# Makefile.win - gmake Makefile for building MPI with VACPP on OS/2
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-## Define CC to be the C compiler you wish to use.  The GNU cc
-## compiler (gcc) should work, at the very least
-#CC=cc
-#CC=gcc
-CC=icc.exe
-AS=alp.exe
-
-## 
-## Define PERL to point to your local Perl interpreter.  It
-## should be Perl 5.x, although it's conceivable that Perl 4
-## might work ... I haven't tested it.
-##
-#PERL=/usr/bin/perl
-#PERL=perl
-
-##
-## Define CFLAGS to contain any local options your compiler
-## setup requires.
-##
-## Conditional compilation options are no longer here; see
-## the file 'mpi-config.h' instead.
-##
-MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
-
-#OS/2
-AS_SRCS = mpi_x86.asm
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
-#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \
- -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
-#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
- -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
-#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
- -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
-CFLAGS = /Ti+ -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
- $(MPICMN)
-ASFLAGS =
-
-##
-## Define LIBS to include any libraries you need to link against.
-## If NO_TABLE is define, LIBS should include '-lm' or whatever is
-## necessary to bring in the math library.  Otherwise, it can be
-## left alone, unless your system has other peculiar requirements.
-##
-LIBS=#-lmalloc#-lefence#-lm
-
-## 
-## Define RANLIB to be the library header randomizer; you might not
-## need this on some systems (just set it to 'echo' on these systems,
-## such as IRIX)
-##
-RANLIB=echo
-
-##
-## This is the version string used for the documentation and 
-## building the distribution tarball.  Don't mess with it unless
-## you are releasing a new version
-VERS=1.7p6
-
-## ----------------------------------------------------------------------
-## You probably don't need to change anything below this line...
-##
-
-##
-## This is the list of source files that need to be packed into
-## the distribution file
-SRCS=   mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \
-	utils/gcd.c utils/invmod.c utils/lap.c \
-	utils/ptab.pl utils/sieve.c utils/isprime.c\
-	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
-	utils/bbsrand.c utils/prng.c utils/primegen.c \
-	utils/basecvt.c utils/makeprime.c\
-	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
-	utils/mpi.h utils/mpprime.h mulsqr.c \
-	make-test-arrays test-arrays.txt all-tests make-logtab \
-	types.pl stats timetest multest
-
-## These are the header files that go into the distribution file
-HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \
-     utils/bbs_rand.h tests/mpi.h tests/mpprime.h
-
-## These are the documentation files that go into the distribution file
-DOCS=README doc utils/README utils/PRIMES 
-
-## This is the list of tools built by 'make tools'
-TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \
- primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe
-
-AS_OBJS = $(AS_SRCS:.asm=.obj)
-LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS)
-LIBHDRS = mpi-config.h mpi-priv.h mpi.h
-APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h
-
-
-help:
-	@ echo ""
-	@ echo "The following targets can be built with this Makefile:"
-	@ echo ""
-	@ echo "mpi.lib      - arithmetic and prime testing library"
-	@ echo "mpi-test.exe - test driver (requires MP_IOFUNC)"
-	@ echo "tools        - command line tools"
-	@ echo "doc          - manual pages for tools"
-	@ echo "clean        - clean up objects and such"
-	@ echo "distclean    - get ready for distribution"
-	@ echo "dist         - distribution tarball"
-	@ echo ""
-
-.SUFFIXES: .c .obj .i .lib .exe .asm
-
-.c.i:
-	$(CC) $(CFLAGS) -E $< > $@
-
-.c.obj: 
-	$(CC) $(CFLAGS) -c $<
-
-.asm.obj:
-	$(AS) $(ASFLAGS) $<
-
-.obj.exe:
-	$(CC) $(CFLAGS) -Fo$@ $<
-
-#---------------------------------------
-
-$(LIBOBJS): $(LIBHDRS)
-
-logtab.h: make-logtab
-	$(PERL) make-logtab > logtab.h
-
-mpi.obj: mpi.c logtab.h $(LIBHDRS)
-
-mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
-
-mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
-
-mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
-
-mpi_mips.obj: mpi_mips.s
-	$(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s
-
-mpi.lib: $(LIBOBJS)
-	ilib /out:mpi.lib $(LIBOBJS)
-	$(RANLIB) mpi.lib
-
-lib libs: mpi.lib
-
-#---------------------------------------
-
-MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \
- mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj
-MPTESTS = $(MPTESTOBJS:.obj=.exe)
-
-$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -Fo$@ -c $<
-
-$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^ 
-
-tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \
- mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe
-
-utests: mptest7.exe mptest8.exe mptest9.exe
-
-#---------------------------------------
-
-EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj
-UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \
- exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \
- isprime.obj dec2hex.obj hex2dec.obj
-UTILS = $(UTILOBJS:.obj=.exe) 
-
-$(UTILS): %.exe : %.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^ 
-
-$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -Fo$@ -c $<
-
-prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-utils: $(UTILS) prng.exe bbsrand.exe
-
-#---------------------------------------
-
-test-info.c: test-arrays.txt
-	$(PERL) make-test-arrays test-arrays.txt > test-info.c
-
-mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -Fo$@ -c $<
-
-mpi-test.exe: mpi-test.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h
-
-mdxptest.exe: mdxptest.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
-	$(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c 
-
-mulsqr.exe: mulsqr.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-#---------------------------------------
-
-alltests: tests utests mpi-test.exe
-
-tools: $(TOOLS)
-
-doc:
-	(cd doc; ./build)
-
-clean:
-	rm -f *.obj *.lib *.pdb *.ilk
-	cd utils; rm -f *.obj *.lib *.pdb *.ilk
-
-distclean: clean
-	rm -f mptest? mpi-test metime mulsqr karatsuba
-	rm -f mptest?a mptest?b
-	rm -f utils/mptest?
-	rm -f test-info.c logtab.h
-	rm -f mpi.lib
-	rm -f $(TOOLS)
-
-dist: Makefile $(HDRS) $(SRCS) $(DOCS)
-	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
-	pgps -ab mpi-$(VERS).tar
-	chmod +r mpi-$(VERS).tar.asc
-	gzip -9 mpi-$(VERS).tar
-
-
-print: 
-	@echo LIBOBJS = $(LIBOBJS)
-# END
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/Makefile.win
+++ /dev/null
@@ -1,254 +0,0 @@
-#
-# Makefile.win - gmake Makefile for building MPI with MSVC on NT
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-## Define CC to be the C compiler you wish to use.  The GNU cc
-## compiler (gcc) should work, at the very least
-#CC=cc
-#CC=gcc
-CC=cl.exe
-ifeq ($(CPU_ARCH),x86_64)
-AS=ml64.exe
-else
-AS=ml.exe
-endif
-
-## 
-## Define PERL to point to your local Perl interpreter.  It
-## should be Perl 5.x, although it's conceivable that Perl 4
-## might work ... I haven't tested it.
-##
-#PERL=/usr/bin/perl
-#PERL=perl
-
-##
-## Define CFLAGS to contain any local options your compiler
-## setup requires.
-##
-## Conditional compilation options are no longer here; see
-## the file 'mpi-config.h' instead.
-##
-MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC
-
-ifeq ($(CPU_ARCH),x86_64)
-AS_SRCS = mpi_x86_64.asm
-CFLAGS = -O2 -Z7 -MD -W3 -nologo -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
- -DWIN32 -D_WIN64 -D_AMD64_ -D_M_AMD64 -D_WINDOWS -DWIN95 $(MPICMN)
-ASFLAGS = -Cp -Sn -Zi -I.
-else
-#NT
-AS_SRCS = mpi_x86.asm
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
-#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \
- -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
-#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
- -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
-#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
- -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
-CFLAGS = -O2 -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
- -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
-ASFLAGS = -Cp -Sn -Zi -coff -I. 
-endif
-
-##
-## Define LIBS to include any libraries you need to link against.
-## If NO_TABLE is define, LIBS should include '-lm' or whatever is
-## necessary to bring in the math library.  Otherwise, it can be
-## left alone, unless your system has other peculiar requirements.
-##
-LIBS=#-lmalloc#-lefence#-lm
-
-## 
-## Define RANLIB to be the library header randomizer; you might not
-## need this on some systems (just set it to 'echo' on these systems,
-## such as IRIX)
-##
-RANLIB=echo
-
-##
-## This is the version string used for the documentation and 
-## building the distribution tarball.  Don't mess with it unless
-## you are releasing a new version
-VERS=1.7p6
-
-## ----------------------------------------------------------------------
-## You probably don't need to change anything below this line...
-##
-
-##
-## This is the list of source files that need to be packed into
-## the distribution file
-SRCS=   mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \
-	utils/gcd.c utils/invmod.c utils/lap.c \
-	utils/ptab.pl utils/sieve.c utils/isprime.c\
-	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
-	utils/bbsrand.c utils/prng.c utils/primegen.c \
-	utils/basecvt.c utils/makeprime.c\
-	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
-	utils/mpi.h utils/mpprime.h mulsqr.c \
-	make-test-arrays test-arrays.txt all-tests make-logtab \
-	types.pl stats timetest multest
-
-## These are the header files that go into the distribution file
-HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \
-     utils/bbs_rand.h tests/mpi.h tests/mpprime.h
-
-## These are the documentation files that go into the distribution file
-DOCS=README doc utils/README utils/PRIMES 
-
-## This is the list of tools built by 'make tools'
-TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \
- primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe
-
-AS_OBJS = $(AS_SRCS:.asm=.obj)
-LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS)
-LIBHDRS = mpi-config.h mpi-priv.h mpi.h
-APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h
-
-
-help:
-	@ echo ""
-	@ echo "The following targets can be built with this Makefile:"
-	@ echo ""
-	@ echo "mpi.lib     - arithmetic and prime testing library"
-	@ echo "mpi-test     - test driver (requires MP_IOFUNC)"
-	@ echo "tools        - command line tools"
-	@ echo "doc          - manual pages for tools"
-	@ echo "clean        - clean up objects and such"
-	@ echo "distclean    - get ready for distribution"
-	@ echo "dist         - distribution tarball"
-	@ echo ""
-
-.SUFFIXES: .c .obj .i .lib .exe .asm
-
-.c.i:
-	$(CC) $(CFLAGS) -E $< > $@
-
-.c.obj: 
-	$(CC) $(CFLAGS) -c $<
-
-.asm.obj:
-	$(AS) $(ASFLAGS) -c $<
-
-.obj.exe:
-	$(CC) $(CFLAGS) -Fo$@ $<
-
-#---------------------------------------
-
-$(LIBOBJS): $(LIBHDRS)
-
-logtab.h: make-logtab
-	$(PERL) make-logtab > logtab.h
-
-mpi.obj: mpi.c logtab.h $(LIBHDRS)
-
-mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
-
-mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
-
-mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
-
-mpi_mips.obj: mpi_mips.s
-	$(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s
-
-mpi.lib: $(LIBOBJS)
-	ar -cvr mpi.lib $(LIBOBJS)
-	$(RANLIB) mpi.lib
-
-lib libs: mpi.lib
-
-#---------------------------------------
-
-MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \
- mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj
-MPTESTS = $(MPTESTOBJS:.obj=.exe)
-
-$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -Fo$@ -c $<
-
-$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^ 
-
-tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \
- mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe
-
-utests: mptest7.exe mptest8.exe mptest9.exe
-
-#---------------------------------------
-
-EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj
-UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \
- exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \
- isprime.obj dec2hex.obj hex2dec.obj
-UTILS = $(UTILOBJS:.obj=.exe) 
-
-$(UTILS): %.exe : %.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^ 
-
-$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -Fo$@ -c $<
-
-prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-utils: $(UTILS) prng.exe bbsrand.exe
-
-#---------------------------------------
-
-test-info.c: test-arrays.txt
-	$(PERL) make-test-arrays test-arrays.txt > test-info.c
-
-mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS)
-	$(CC) $(CFLAGS) -Fo$@ -c $<
-
-mpi-test.exe: mpi-test.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h
-
-mdxptest.exe: mdxptest.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
-	$(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c 
-
-mulsqr.exe: mulsqr.obj mpi.lib $(LIBS)
-	$(CC) $(CFLAGS) -Fo$@ $^
-
-#---------------------------------------
-
-alltests: tests utests mpi-test.exe
-
-tools: $(TOOLS)
-
-doc:
-	(cd doc; ./build)
-
-clean:
-	rm -f *.obj *.lib *.pdb *.ilk
-	cd utils; rm -f *.obj *.lib *.pdb *.ilk
-
-distclean: clean
-	rm -f mptest? mpi-test metime mulsqr karatsuba
-	rm -f mptest?a mptest?b
-	rm -f utils/mptest?
-	rm -f test-info.c logtab.h
-	rm -f mpi.lib
-	rm -f $(TOOLS)
-
-dist: Makefile $(HDRS) $(SRCS) $(DOCS)
-	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
-	pgps -ab mpi-$(VERS).tar
-	chmod +r mpi-$(VERS).tar.asc
-	gzip -9 mpi-$(VERS).tar
-
-
-print: 
-	@echo LIBOBJS = $(LIBOBJS)
-# END
--- a/security/nss/lib/freebl/mpi/README
+++ b/security/nss/lib/freebl/mpi/README
@@ -62,24 +62,16 @@ code relies on having the full positive 
 digits and words.
 
 The remaining type definitions should be left alone, for the most
 part.  The code in the library does not make any significant
 assumptions about the sizes of things, but there is little if any
 reason to change the other parameters, so I would recommend you leave
 them as you found them.
 
-The library comes with a Perl script, 'types.pl', which will scan your
-current Makefile settings, and attempt to find good definitions for
-these types.  It relies on a Unix sort of build environment, so it
-probably won't work under MacOS or Windows, but it can be convenient
-if you're porting to a new flavour of Unix.  Just run 'types.pl' at
-the command line, and it will spit out its results to the standard
-output.
-
 
 Conventions
 -----------
 
 Most functions in the library return a value of type mp_err.  This
 permits the library to communicate success or various kinds of failure
 to the calling program.  The return values currently defined are:
 
@@ -625,102 +617,16 @@ fact.c          Computes the factorial o
 
 exptmod.c       Computes arbitrary precision modular exponentiation
                 from the command line (exptmod a b m -> a^b (mod m))
 
 Most of these can be built from the Makefile that comes with the
 library.  Try 'make tools', if your environment supports it.
 
 
-Testing the Library
--------------------
-
-Automatic test vectors are included, in the form of a program called
-'mpi-test'.  To build this program and run all the tests, simply
-invoke the shell script 'all-tests'.  If all the tests pass, you
-should see a message:
-
-        All tests passed
-
-If something went wrong, you'll get:
-
-        One or more tests failed.
-
-If this happens, scan back through the preceding lines, to see which
-test failed.  Any failure indicates a bug in the library, which needs
-to be fixed before it will give accurate results.  If you get any such
-thing, please let me know, and I'll try to fix it.  Please let me know
-what platform and compiler you were using, as well as which test
-failed.  If a reason for failure was given, please send me that text
-as well.
-
-If you're on a system where the standard Unix build tools don't work,
-you can build the 'mpi-test' program manually, and run it by hand.
-This is tedious and obnoxious, sorry.
-
-Further manual testing can be performed by building the manual testing
-programs, whose source is found in the 'tests' subdirectory.  Each
-test is in a source file called 'mptest-X.c'.  The Makefile contains a
-target to build all of them at once:
-
-        make tests
-
-Read the comments at the top of each source file to see what the
-driver is supposed to test.  You probably don't need to do this; these
-programs were only written to help me as I was developing the library.
-
-The relevant files are:
-
-mpi-test.c              The source for the test driver
-
-make-test-arrays        A Perl script to generate some of the internal
-                        data structures used by mpi-test.c
-
-test-arrays.txt         The source file for make-test-arrays
-
-all-tests               A Bourne shell script which runs all the
-                        tests in the mpi-test suite
-
-Running 'make mpi-test' should build the mpi-test program.  If you
-cannot use make, here is what needs to be done:
-
-(1) Use 'make-test-arrays' to generate the file 'test-info.c' from
-    the 'test-arrays.txt' file.  Since Perl can be found everywhere,
-    this should be no trouble.  Under Unix, this looks like:
-
-        make-test-arrays test-arrays.txt > test-info.c
-
-(2) Build the MPI library:
-
-        gcc -ansi -pedantic -Wall -c mpi.c
-
-(3) Build the mpi-test program:
-
-        gcc -ansi -pedantic -Wall -o mpi-test mpi.o mpi-test.c
-
-When you've got mpi-test, you can use 'all-tests' to run all the tests
-made available by mpi-test.  If any of them fail, there should be a
-diagnostic indicating what went wrong.  These are fairly high-level
-diagnostics, and won't really help you debug the problem; they're
-simply intended to help you isolate which function caused the problem.
-If you encounter a problem of this sort, feel free to e-mail me, and I
-will certainly attempt to help you debug it.
-
-Note:   Several of the tests hard-wired into 'mpi-test' operate under
-----    the assumption that you are using at least a 16-bit mp_digit 
-        type.  If that is not true, several tests might fail, because 
-        of range problems with the maximum digit value.
-
-        If you are using an 8-bit digit, you will also need to 
-        modify the code for mp_read_raw(), which assumes that
-        multiplication by 256 can be done with mp_mul_d(), a
-        fact that fails when DIGIT_MAX is 255.  You can replace
-        the call with s_mp_lshd(), which will give you the same
-        effect, and without doing as much work. :)
-
 Acknowledgements:
 ----------------
 
 The algorithms used in this library were drawn primarily from Volume
 2 of Donald Knuth's magnum opus, _The Art of Computer Programming_, 
 "Semi-Numerical Methods".  Barrett's algorithm for modular reduction
 came from Menezes, Oorschot, and Vanstone's _Handbook of Applied
 Cryptography_, Chapter 14.
deleted file mode 100755
--- a/security/nss/lib/freebl/mpi/all-tests
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-ECHO=/bin/echo
-MAKE=gmake
-
-$ECHO "\n** Running unit tests for MPI library\n"
-
-# Build the mpi-test program, which comprises all the unit tests for
-# the MPI library...
-
-$ECHO "Bringing mpi-test up to date ... "
-if $MAKE mpi-test ; then
-  :
-else
-  $ECHO " "
-  $ECHO "Make failed to build mpi-test."
-  $ECHO " "
-  exit 1
-fi
-
-if [ ! -x mpi-test ] ; then
-  $ECHO " "
-  $ECHO "Cannot find 'mpi-test' program, testing cannot continue."
-  $ECHO " "
-  exit 1
-fi
-
-# Get the list of available test suites...
-tests=`./mpi-test list | awk '{print $1}'`
-errs=0
-
-# Run each test suite and check the result code of mpi-test
-for test in $tests ; do
-  $ECHO "$test ... \c"
-  if ./mpi-test $test ; then
-    $ECHO "passed"
-  else
-    $ECHO "FAILED"
-    errs=1
-  fi
-done
-
-# If any tests failed, we'll stop at this point
-if [ "$errs" = "0" ] ; then
-  $ECHO "All unit tests passed"
-else
-  $ECHO "One or more tests failed"
-  exit 1
-fi
-
-# Now try to build the 'pi' program, and see if it can compute the
-# first thousand digits of pi correctly
-$ECHO "\n** Running other tests\n"
-
-$ECHO "Bringing 'pi' up to date ... "
-if $MAKE pi ; then
-    :
-else
-    $ECHO "\nMake failed to build pi.\n"
-    exit 1
-fi
-
-if [ ! -x pi ] ; then
-    $ECHO "\nCannot find 'pi' program; testing cannot continue.\n"
-    exit 1
-fi
-
-./pi 2000 > /tmp/pi.tmp.$$
-if cmp tests/pi2k.txt /tmp/pi.tmp.$$ ; then
-    $ECHO "Okay!  The pi test passes."
-else
-    $ECHO "Oops!  The pi test failed. :("
-    exit 1
-fi
-
-rm -f /tmp/pi.tmp.$$
-
-exit 0
-
-# Here there be dragons
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/hppatch.adb
+++ /dev/null
@@ -1,21 +0,0 @@
-#/bin/sh
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# script to change the system id in an object file from PA-RISC 2.0 to 1.1
-
-adb -w $1 << EOF
-?m 0 -1 0
-0x0?X
-0x0?W (@0x0&~0x40000)|(~@0x0&0x40000)
-
-0?"change checksum"
-0x7c?X
-0x7c?W (@0x7c&~0x40000)|(~@0x7c&0x40000)
-$q
-EOF
-
-exit 0
-
deleted file mode 100755
--- a/security/nss/lib/freebl/mpi/make-logtab
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/perl
-
-#
-# make-logtab
-#
-# Generate a table of logarithms of 2 in various bases, for use in
-# estimating the output sizes of various bases.
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-$ARRAYNAME = $ENV{'ARRAYNAME'} || "s_logv_2";
-$ARRAYTYPE = $ENV{'ARRAYTYPE'} || "float";
-
-printf("const %s %s[] = {\n   %0.9ff, %0.9ff, ", 
-       $ARRAYTYPE, $ARRAYNAME, 0, 0);
-$brk = 2;
-for($ix = 2; $ix < 64; $ix++) {
-    printf("%0.9ff, ", (log(2)/log($ix)));
-    $brk = ($brk + 1) & 3;
-    if(!$brk) {
-	printf(" /* %2d %2d %2d %2d */\n   ",
-	       $ix - 3, $ix - 2, $ix - 1, $ix);
-    }
-}
-printf("%0.9ff\n};\n\n", (log(2)/log($ix)));
-
-exit 0;
deleted file mode 100755
--- a/security/nss/lib/freebl/mpi/make-test-arrays
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/usr/bin/perl
-
-#
-# make-test-arrays
-#
-# Given a test-arrays file, which specifies the test suite names, the
-# names of the functions which perform those test suites, and
-# descriptive comments, this script generates C structures for the
-# mpi-test program.  The input consists of lines of the form:
-#
-# suite-name:function-name:comment
-#
-# The output is written to the standard output.  Blank lines are
-# ignored, and comments beginning with '#' are stripped.
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# Read parameters from the environment, if available
-$NAMEVAR = $ENV{'NAMEVAR'} || "g_names";
-$COUNTVAR = $ENV{'COUNTVAR'} || "g_count";
-$FUNCVAR = $ENV{'FUNCVAR'} || "g_tests";
-$DESCVAR = $ENV{'DESCVAR'} || "g_descs";
-$FUNCLEN = 13;
-$NAMELEN = 18;
-$DESCLEN = 45;
-
-#------------------------------------------------------------------------
-# Suck in input from the files on the command line, or standard input
-while(<>) {
-    chomp;
-    s/\#.*$//;
-    next if /^\s*$/;
-
-    ($suite, $func, $desc) = split(/:/, $_);
-
-    $tmp = { "suite" => $suite,
-	     "func"  => $func,
-	     "desc"  => $desc };
-
-    push(@item, $tmp);
-}
-$count = scalar(@item);
-$last = pop(@item);
-
-#------------------------------------------------------------------------
-# Output the table of names
-print "/* Table mapping test suite names to index numbers */\n";
-printf("const int   %s = %d;\n", $COUNTVAR, $count);
-printf("const char *%s[] = {\n", $NAMEVAR);
-
-foreach $elt (@item) {
-    printf("   \"%s\",%s/* %s%s */\n", $elt->{"suite"},
-	   " " x ($NAMELEN - length($elt->{"suite"})),
-	   $elt->{"desc"},
-	   " " x ($DESCLEN - length($elt->{"desc"})));
-}
-printf("   \"%s\" %s/* %s%s */\n", $last->{"suite"},
-       " " x ($NAMELEN - length($last->{"suite"})),
-       $last->{"desc"},
-       " " x ($DESCLEN - length($last->{"desc"})));
-print "};\n\n";
-
-#------------------------------------------------------------------------
-# Output the driver function prototypes
-print "/* Test function prototypes */\n";
-foreach $elt (@item, $last) {
-    printf("int  %s(void);\n", $elt->{"func"});
-}
-print "\n";
-
-#------------------------------------------------------------------------
-# Output the table of functions
-print "/* Table mapping index numbers to functions */\n";
-printf("int (*%s[])(void)  = {\n   ", $FUNCVAR);
-$brk = 0;
-
-foreach $elt (@item) {
-    print($elt->{"func"}, ", ", 
-	  " " x ($FUNCLEN - length($elt->{"func"})));
-    $brk = ($brk + 1) & 3;
-    print "\n   " unless($brk);
-}
-print $last->{"func"}, "\n};\n\n";
-
-#------------------------------------------------------------------------
-# Output the table of descriptions
-print "/* Table mapping index numbers to descriptions */\n";
-printf("const char *%s[] = {\n", $DESCVAR);
-
-foreach $elt (@item) {
-    printf("   \"%s\",\n", $elt->{"desc"});
-}
-printf("   \"%s\"\n};\n\n", $last->{"desc"});
-
-exit 0;
-
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/mdxptest.c
+++ /dev/null
@@ -1,306 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpi.h"
-#include "mpi-priv.h"
-
-/* #define OLD_WAY 1  */
-
-/* This key is the 1024-bit test key used for speed testing of RSA private
-** key ops.
-*/
-
-#define CONST const
-
-static CONST unsigned char default_n[128] = {
-    0xc2, 0xae, 0x96, 0x89, 0xaf, 0xce, 0xd0, 0x7b, 0x3b, 0x35, 0xfd, 0x0f, 0xb1, 0xf4, 0x7a, 0xd1,
-    0x3c, 0x7d, 0xb5, 0x86, 0xf2, 0x68, 0x36, 0xc9, 0x97, 0xe6, 0x82, 0x94, 0x86, 0xaa, 0x05, 0x39,
-    0xec, 0x11, 0x51, 0xcc, 0x5c, 0xa1, 0x59, 0xba, 0x29, 0x18, 0xf3, 0x28, 0xf1, 0x9d, 0xe3, 0xae,
-    0x96, 0x5d, 0x6d, 0x87, 0x73, 0xf6, 0xf6, 0x1f, 0xd0, 0x2d, 0xfb, 0x2f, 0x7a, 0x13, 0x7f, 0xc8,
-    0x0c, 0x7a, 0xe9, 0x85, 0xfb, 0xce, 0x74, 0x86, 0xf8, 0xef, 0x2f, 0x85, 0x37, 0x73, 0x0f, 0x62,
-    0x4e, 0x93, 0x17, 0xb7, 0x7e, 0x84, 0x9a, 0x94, 0x11, 0x05, 0xca, 0x0d, 0x31, 0x4b, 0x2a, 0xc8,
-    0xdf, 0xfe, 0xe9, 0x0c, 0x13, 0xc7, 0xf2, 0xad, 0x19, 0x64, 0x28, 0x3c, 0xb5, 0x6a, 0xc8, 0x4b,
-    0x79, 0xea, 0x7c, 0xce, 0x75, 0x92, 0x45, 0x3e, 0xa3, 0x9d, 0x64, 0x6f, 0x04, 0x69, 0x19, 0x17
-};
-
-static CONST unsigned char default_d[128] = {
-    0x13, 0xcb, 0xbc, 0xf2, 0xf3, 0x35, 0x8c, 0x6d, 0x7b, 0x6f, 0xd9, 0xf3, 0xa6, 0x9c, 0xbd, 0x80,
-    0x59, 0x2e, 0x4f, 0x2f, 0x11, 0xa7, 0x17, 0x2b, 0x18, 0x8f, 0x0f, 0xe8, 0x1a, 0x69, 0x5f, 0x6e,
-    0xac, 0x5a, 0x76, 0x7e, 0xd9, 0x4c, 0x6e, 0xdb, 0x47, 0x22, 0x8a, 0x57, 0x37, 0x7a, 0x5e, 0x94,
-    0x7a, 0x25, 0xb5, 0xe5, 0x78, 0x1d, 0x3c, 0x99, 0xaf, 0x89, 0x7d, 0x69, 0x2e, 0x78, 0x9d, 0x1d,
-    0x84, 0xc8, 0xc1, 0xd7, 0x1a, 0xb2, 0x6d, 0x2d, 0x8a, 0xd9, 0xab, 0x6b, 0xce, 0xae, 0xb0, 0xa0,
-    0x58, 0x55, 0xad, 0x5c, 0x40, 0x8a, 0xd6, 0x96, 0x08, 0x8a, 0xe8, 0x63, 0xe6, 0x3d, 0x6c, 0x20,
-    0x49, 0xc7, 0xaf, 0x0f, 0x25, 0x73, 0xd3, 0x69, 0x43, 0x3b, 0xf2, 0x32, 0xf8, 0x3d, 0x5e, 0xee,
-    0x7a, 0xca, 0xd6, 0x94, 0x55, 0xe5, 0xbd, 0x25, 0x34, 0x8d, 0x63, 0x40, 0xb5, 0x8a, 0xc3, 0x01
-};
-
-#define DEFAULT_ITERS 50
-
-typedef clock_t timetype;
-#define gettime(x) *(x) = clock()
-#define subtime(a, b) a -= b
-#define msec(x) ((clock_t)((double)x * 1000.0 / CLOCKS_PER_SEC))
-#define sec(x) (x / CLOCKS_PER_SEC)
-
-struct TimingContextStr {
-    timetype start;
-    timetype end;
-    timetype interval;
-
-    int minutes;
-    int seconds;
-    int millisecs;
-};
-
-typedef struct TimingContextStr TimingContext;
-
-TimingContext *
-CreateTimingContext(void)
-{
-    return (TimingContext *)malloc(sizeof(TimingContext));
-}
-
-void
-DestroyTimingContext(TimingContext *ctx)
-{
-    free(ctx);
-}
-
-void
-TimingBegin(TimingContext *ctx)
-{
-    gettime(&ctx->start);
-}
-
-static void
-timingUpdate(TimingContext *ctx)
-{
-
-    ctx->millisecs = msec(ctx->interval) % 1000;
-    ctx->seconds = sec(ctx->interval);
-    ctx->minutes = ctx->seconds / 60;
-    ctx->seconds %= 60;
-}
-
-void
-TimingEnd(TimingContext *ctx)
-{
-    gettime(&ctx->end);
-    ctx->interval = ctx->end;
-    subtime(ctx->interval, ctx->start);
-    timingUpdate(ctx);
-}
-
-char *
-TimingGenerateString(TimingContext *ctx)
-{
-    static char sBuf[4096];
-
-    sprintf(sBuf, "%d minutes, %d.%03d seconds", ctx->minutes,
-            ctx->seconds, ctx->millisecs);
-    return sBuf;
-}
-
-static void
-dumpBytes(unsigned char *b, int l)
-{
-    int i;
-    if (l <= 0)
-        return;
-    for (i = 0; i < l; ++i) {
-        if (i % 16 == 0)
-            printf("\t");
-        printf(" %02x", b[i]);
-        if (i % 16 == 15)
-            printf("\n");
-    }
-    if ((i % 16) != 0)
-        printf("\n");
-    printf("\n");
-}
-
-static mp_err
-testNewFuncs(const unsigned char *modulusBytes, int modulus_len)
-{
-    mp_err mperr = MP_OKAY;
-    mp_int modulus;
-    unsigned char buf[512];
-
-    mperr = mp_init(&modulus);
-    mperr = mp_read_unsigned_octets(&modulus, modulusBytes, modulus_len);
-    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len);
-    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len + 1);
-    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len + 4);
-    mperr = mp_to_unsigned_octets(&modulus, buf, modulus_len);
-    mperr = mp_to_signed_octets(&modulus, buf, modulus_len + 1);
-    mp_clear(&modulus);
-    return mperr;
-}
-
-int
-testModExp(const unsigned char *modulusBytes,
-           const unsigned int expo,
-           const unsigned char *input,
-           unsigned char *output,
-           int modulus_len)
-{
-    mp_err mperr = MP_OKAY;
-    mp_int modulus;
-    mp_int base;
-    mp_int exponent;
-    mp_int result;
-
-    mperr = mp_init(&modulus);
-    mperr += mp_init(&base);
-    mperr += mp_init(&exponent);
-    mperr += mp_init(&result);
-    /* we initialize all mp_ints unconditionally, even if some fail.
-    ** This guarantees that the DIGITS pointer is valid (even if null).
-    ** So, mp_clear will do the right thing below.
-    */
-    if (mperr == MP_OKAY) {
-        mperr = mp_read_unsigned_octets(&modulus,
-                                        modulusBytes + (sizeof default_n - modulus_len), modulus_len);
-        mperr += mp_read_unsigned_octets(&base, input, modulus_len);
-        mp_set(&exponent, expo);
-        if (mperr == MP_OKAY) {
-#if OLD_WAY
-            mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
-#else
-            mperr = mp_exptmod(&base, &exponent, &modulus, &result);
-#endif
-            if (mperr == MP_OKAY) {
-                mperr = mp_to_fixlen_octets(&result, output, modulus_len);
-            }
-        }
-    }
-    mp_clear(&base);
-    mp_clear(&result);
-
-    mp_clear(&modulus);
-    mp_clear(&exponent);
-
-    return (int)mperr;
-}
-
-int
-doModExp(const unsigned char *modulusBytes,
-         const unsigned char *exponentBytes,
-         const unsigned char *input,
-         unsigned char *output,
-         int modulus_len)
-{
-    mp_err mperr = MP_OKAY;
-    mp_int modulus;
-    mp_int base;
-    mp_int exponent;
-    mp_int result;
-
-    mperr = mp_init(&modulus);
-    mperr += mp_init(&base);
-    mperr += mp_init(&exponent);
-    mperr += mp_init(&result);
-    /* we initialize all mp_ints unconditionally, even if some fail.
-    ** This guarantees that the DIGITS pointer is valid (even if null).
-    ** So, mp_clear will do the right thing below.
-    */
-    if (mperr == MP_OKAY) {
-        mperr = mp_read_unsigned_octets(&modulus,
-                                        modulusBytes + (sizeof default_n - modulus_len), modulus_len);
-        mperr += mp_read_unsigned_octets(&exponent, exponentBytes, modulus_len);
-        mperr += mp_read_unsigned_octets(&base, input, modulus_len);
-        if (mperr == MP_OKAY) {
-#if OLD_WAY
-            mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
-#else
-            mperr = mp_exptmod(&base, &exponent, &modulus, &result);
-#endif
-            if (mperr == MP_OKAY) {
-                mperr = mp_to_fixlen_octets(&result, output, modulus_len);
-            }
-        }
-    }
-    mp_clear(&base);
-    mp_clear(&result);
-
-    mp_clear(&modulus);
-    mp_clear(&exponent);
-
-    return (int)mperr;
-}
-
-int
-main(int argc, char **argv)
-{
-    TimingContext *timeCtx;
-    char *progName;
-    long iters = DEFAULT_ITERS;
-    unsigned int modulus_len;
-    int i;
-    int rv;
-    unsigned char buf[1024];
-    unsigned char buf2[1024];
-
-    progName = strrchr(argv[0], '/');
-    if (!progName)
-        progName = strrchr(argv[0], '\\');
-    progName = progName ? progName + 1 : argv[0];
-
-    if (argc >= 2) {
-        iters = atol(argv[1]);
-    }
-
-    if (argc >= 3) {
-        modulus_len = atol(argv[2]);
-    } else
-        modulus_len = sizeof default_n;
-
-    /* no library init function !? */
-
-    memset(buf, 0x41, sizeof buf);
-
-    if (iters < 2) {
-        testNewFuncs(default_n, modulus_len);
-        testNewFuncs(default_n + 1, modulus_len - 1);
-        testNewFuncs(default_n + 2, modulus_len - 2);
-        testNewFuncs(default_n + 3, modulus_len - 3);
-
-        rv = testModExp(default_n, 0, buf, buf2, modulus_len);
-        dumpBytes((unsigned char *)buf2, modulus_len);
-
-        rv = testModExp(default_n, 1, buf, buf2, modulus_len);
-        dumpBytes((unsigned char *)buf2, modulus_len);
-
-        rv = testModExp(default_n, 2, buf, buf2, modulus_len);
-        dumpBytes((unsigned char *)buf2, modulus_len);
-
-        rv = testModExp(default_n, 3, buf, buf2, modulus_len);
-        dumpBytes((unsigned char *)buf2, modulus_len);
-    }
-    rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
-    if (rv != 0) {
-        fprintf(stderr, "Error in modexp operation:\n");
-        exit(1);
-    }
-    dumpBytes((unsigned char *)buf2, modulus_len);
-
-    timeCtx = CreateTimingContext();
-    TimingBegin(timeCtx);
-    i = iters;
-    while (i--) {
-        rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
-        if (rv != 0) {
-            fprintf(stderr, "Error in modexp operation\n");
-            exit(1);
-        }
-    }
-    TimingEnd(timeCtx);
-    printf("%ld iterations in %s\n", iters, TimingGenerateString(timeCtx));
-
-    return 0;
-}
--- a/security/nss/lib/freebl/mpi/mpcpucache.c
+++ b/security/nss/lib/freebl/mpi/mpcpucache.c
@@ -12,17 +12,17 @@
  * cache line exists, it should return the smallest line size (which is
  * usually the L1 cache).
  *
  * mp_modexp uses this information to make sure that private key information
  * isn't being leaked through the cache.
  *
  * Currently the file returns good data for most modern x86 processors, and
  * reasonable data on 64-bit ppc processors. All other processors are assumed
- * to have a cache line size of 32 bytes unless modified by target.mk.
+ * to have a cache line size of 32 bytes.
  *
  */
 
 #if defined(i386) || defined(__i386) || defined(__X86__) || defined(_M_IX86) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
 /* X86 processors have special instructions that tell us about the cache */
 #include "string.h"
 
 #if defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
@@ -770,39 +770,18 @@ s_mpi_getProcessorLineSize()
  *
  * If there is no cache, return 0;
  *
  * define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED so the generic functions
  * below aren't compiled.
  *
  */
 
-/* target.mk can define MPI_CACHE_LINE_SIZE if it's common for the family or
- * OS */
-#if defined(MPI_CACHE_LINE_SIZE) && !defined(MPI_GET_PROCESSOR_LINE_SIZE_DEFINED)
-
-unsigned long
-s_mpi_getProcessorLineSize()
-{
-    return MPI_CACHE_LINE_SIZE;
-}
-#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
-#endif
-
 /* If no way to get the processor cache line size has been defined, assume
  * it's 32 bytes (most common value, does not significantly impact performance)
  */
 #ifndef MPI_GET_PROCESSOR_LINE_SIZE_DEFINED
 unsigned long
 s_mpi_getProcessorLineSize()
 {
     return 32;
 }
 #endif
-
-#ifdef TEST_IT
-#include <stdio.h>
-
-main()
-{
-    printf("line size = %d\n", s_mpi_getProcessorLineSize());
-}
-#endif
--- a/security/nss/lib/freebl/mpi/mpmontg.c
+++ b/security/nss/lib/freebl/mpi/mpmontg.c
@@ -200,17 +200,21 @@ mp_exptmod_f(const mp_int *montBase,
     mp_set(&accum1, 1);
     MP_CHECKOK(s_mp_to_mont(&accum1, mmm, &accum1));
     MP_CHECKOK(s_mp_pad(&accum1, nLen));
 
     oddPowSize = 2 * nLen + 1;
     dTmpSize = 2 * oddPowSize;
     dSize = sizeof(double) * (nLen * 4 + 1 +
                               ((odd_ints + 1) * oddPowSize) + dTmpSize);
-    dBuf = (double *)malloc(dSize);
+    dBuf = malloc(dSize);
+    if (!dBuf) {
+        res = MP_MEM;
+        goto CLEANUP;
+    }
     dm1 = dBuf;           /* array of d32 */
     dn = dBuf + nLen;     /* array of d32 */
     dSqr = dn + nLen;     /* array of d32 */
     d16Tmp = dSqr + nLen; /* array of d16 */
     dTmp = d16Tmp + oddPowSize;
 
     for (i = 0; i < odd_ints; ++i) {
         oddPowers[i] = dTmp;
deleted file mode 100755
--- a/security/nss/lib/freebl/mpi/multest
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/sh
-#
-# multest
-#
-# Run multiply and square timing tests, to compute a chart for the
-# current processor and compiler combination.
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-ECHO=/bin/echo
-MAKE=gmake
-
-$ECHO "\n** Running multiply and square timing tests\n"
-
-$ECHO "Bringing 'mulsqr' up to date ... "
-if $MAKE mulsqr ; then
-    :
-else
-    $ECHO "\nMake failed to build mulsqr.\n"
-    exit 1
-fi
-
-if [ ! -x ./mulsqr ] ; then
-    $ECHO "\nCannot find 'mulsqr' program, testing cannot continue.\n"
-    exit 1
-fi
-
-sizes='64 128 192 256 320 384 448 512 640 768 896 1024 1536 2048'
-ntests=500000
-
-$ECHO "Running timing tests, please wait ... "
-
-trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP
-
-touch tt$$.tmp
-$ECHO $ntests tests >> tt$$.tmp
-for size in $sizes ; do
-    $ECHO "$size bits ... \c"
-    set -A res `./mulsqr $ntests $size|head -3|tr -d '%'|awk '{print $2}'`
-    $ECHO $size"\t"${res[0]}"\t"${res[1]}"\t"${res[2]} >> tt$$.tmp
-    $ECHO "(done)"
-done
-mv tt$$.tmp mulsqr-results.txt
-rm -f tt$$.tmp
-
-$ECHO "\n** Running Karatsuba-Ofman multiplication tests\n"
-
-$ECHO "Brining 'karatsuba' up to date ... "
-if $MAKE karatsuba ; then
-    :
-else
-    $ECHO "\nMake failed to build karatsuba.\n"
-    exit 1
-fi
-
-if [ ! -x ./karatsuba ] ; then
-    $ECHO "\nCannot find 'karatsuba' program, testing cannot continue.\n"
-    exit 1
-fi
-
-ntests=100000
-
-trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP
-
-touch tt$$.tmp
-for size in $sizes ; do
-    $ECHO "$size bits ... "
-    ./karatsuba $ntests $size >> tt$$.tmp
-    tail -2 tt$$.tmp
-done
-mv tt$$.tmp karatsuba-results.txt
-rm -f tt$$.tmp
-
-exit 0
deleted file mode 100755
--- a/security/nss/lib/freebl/mpi/stats
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/bin/perl
-
-#
-# Treat each line as a sequence of comma and/or space delimited
-# floating point numbers, and compute basic statistics on them.
-# These are written to standard output
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-$min = 1.7976931348623157E+308;
-$max = 2.2250738585072014E-308;
-$sum = $num = 0;
-
-while(<>) {
-    chomp;
-
-    @nums = split(/[\s,]+/, $_);
-    next if($#nums < 0);
-
-    $num += scalar @nums;
-    foreach (@nums) {
-	$min = $_ if($_ < $min);
-	$max = $_ if($_ > $max);
-	$sum += $_;
-    }
-}
-
-if($num) {
-    $avg = $sum / $num;
-} else {
-    $min = $max = 0;
-}
-
-printf "%d\tmin=%.2f, avg=%.2f, max=%.2f, sum=%.2f\n",
-    $num, $min, $avg, $max, $sum;
-
-# end
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/target.mk
+++ /dev/null
@@ -1,233 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-##
-## Define CFLAGS to contain any local options your compiler
-## setup requires.
-##
-## Conditional compilation options are no longer here; see
-## the file 'mpi-config.h' instead.
-##
-MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC
-CFLAGS= -O $(MPICMN)
-#CFLAGS=-ansi -fullwarn -woff 1521 -O3 $(MPICMN)
-#CFLAGS=-ansi -pedantic -Wall -O3 $(MPICMN)
-#CFLAGS=-ansi -pedantic -Wall -g -O2 -DMP_DEBUG=1 $(MPICMN)
-
-ifeq ($(TARGET),mipsIRIX)
-#IRIX
-#MPICMN += -DMP_MONT_USE_MP_MUL 
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-MPICMN += -DMP_USE_UINT_DIGIT
-#MPICMN += -DMP_NO_MP_WORD
-AS_OBJS = mpi_mips.o
-#ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 -exceptions
-ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 
-#CFLAGS=-ansi -n32 -O3 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
-CFLAGS=-ansi -n32 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
-#CFLAGS=-ansi -n32 -g -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
-#CFLAGS=-ansi -64 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE -DMP_NO_MP_WORD \
- $(MPICMN)
-endif
-
-ifeq ($(TARGET),alphaOSF1)
-#Alpha/OSF1
-MPICMN += -DMP_ASSEMBLY_MULTIPLY
-AS_OBJS+= mpvalpha.o
-#CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT $(MPICMN)
-CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT \
- -DMP_NO_MP_WORD $(MPICMN)
-endif
-
-ifeq ($(TARGET),v9SOLARIS)
-#Solaris 64
-SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xchip=ultra -xarch=v9a -KPIC -mt
-#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v9a -KPIC -mt
-SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v9a -KPIC -mt 
-AS_OBJS += montmulfv9.o 
-AS_OBJS += mpi_sparc.o mpv_sparcv9.o
-MPICMN += -DMP_USE_UINT_DIGIT 
-#MPICMN += -DMP_NO_MP_WORD 
-MPICMN += -DMP_ASSEMBLY_MULTIPLY 
-MPICMN += -DMP_USING_MONT_MULF
-CFLAGS= -O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
- -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN)
-#CFLAGS= -g -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
- -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN)
-endif
-
-ifeq ($(TARGET),v8plusSOLARIS)
-#Solaris 32
-SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8plusa -KPIC -mt
-SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt 
-AS_OBJS += montmulfv8.o 
-AS_OBJS += mpi_sparc.o mpv_sparcv8.o
-#AS_OBJS = montmulf.o
-MPICMN += -DMP_ASSEMBLY_MULTIPLY 
-MPICMN += -DMP_USING_MONT_MULF 
-MPICMN += -DMP_USE_UINT_DIGIT
-MPICMN += -DMP_NO_MP_WORD
-CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
- -DSOLARIS2_6 -xarch=v8plus -DXP_UNIX $(MPICMN)
-endif
-
-ifeq ($(TARGET),v8SOLARIS)
-#Solaris 32
-#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8 -KPIC -mt
-#SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt 
-#AS_OBJS = montmulfv8.o mpi_sparc.o mpv_sparcv8.o
-#AS_OBJS = montmulf.o
-#MPICMN += -DMP_USING_MONT_MULF
-#MPICMN += -DMP_ASSEMBLY_MULTIPLY 
-MPICMN += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT
-MPICMN += -DMP_NO_MP_WORD
-CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
- -DSOLARIS2_6 -xarch=v8 -DXP_UNIX $(MPICMN)
-endif
-
-ifeq ($(TARGET),ia64HPUX)
-#HPUX 32 on ia64  -- 64 bit digits SCREAM.
-# This one is for DD32 which is the 32-bit ABI with 64-bit registers.
-CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
-#CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
-#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
-endif
-
-ifeq ($(TARGET),ia64HPUX64)
-#HPUX 32 on ia64
-# This one is for DD64 which is the 64-bit ABI 
-CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
-#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
-endif
-
-ifeq ($(TARGET),PA2.0WHPUX)
-#HPUX64 (HP PA 2.0 Wide) using MAXPY and 64-bit digits
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-AS_OBJS = mpi_hp.o hpma512.o hppa20.o 
-CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +O3 +DChpux -DHPUX11  -DXP_UNIX \
- $(MPICMN)
-#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
- $(MPICMN)
-AS = $(CC) $(CFLAGS) -c
-endif
-
-ifeq ($(TARGET),PA2.0NHPUX)
-#HPUX32 (HP PA 2.0 Narrow) hybrid model, using 32-bit digits
-# This one is for DA2.0 (N) which is the 32-bit ABI with 64-bit registers.
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-AS_OBJS = mpi_hp.o hpma512.o hppa20.o 
-CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
- -Wl,+k $(MPICMN)
-#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
- -Wl,+k $(MPICMN)
-AS = $(CC) $(CFLAGS) -c
-endif
-
-ifeq ($(TARGET),PA1.1HPUX)
-#HPUX32 (HP PA 1.1) Pure 32 bit
-MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
-#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY
-CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
- -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN)
-##CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
-# -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN)
-endif
-
-ifeq ($(TARGET),32AIX)
-#
-CC = xlC_r
-MPICMN += -DMP_USE_UINT_DIGIT
-MPICMN += -DMP_NO_DIV_WORD
-#MPICMN += -DMP_NO_MUL_WORD
-MPICMN += -DMP_NO_ADD_WORD
-MPICMN += -DMP_NO_SUB_WORD
-#MPICMN += -DMP_NO_MP_WORD
-#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY
-CFLAGS = -O -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG  $(MPICMN)
-#CFLAGS = -g -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG  $(MPICMN)
-#CFLAGS += -pg
-endif
-
-ifeq ($(TARGET),64AIX)
-#
-CC = xlC_r
-MPICMN += -DMP_USE_UINT_DIGIT
-CFLAGS = -O -O2 -DAIX -DSYSV -qarch=com -DAIX_64BIT -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG $(MPICMN)
-OBJECT_MODE=64
-export OBJECT_MODE
-endif
-
-ifeq ($(TARGET),x86LINUX)
-#Linux
-AS_OBJS = mpi_x86.o
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
-MPICMN += -DMP_MONT_USE_MP_MUL -DMP_IS_LITTLE_ENDIAN
-CFLAGS= -O2 -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
- -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
- -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN)
-#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
- -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
- -DXP_UNIX -DDEBUG -UNDEBUG -D_REENTRANT $(MPICMN)
-#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
- -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
- -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN)
-endif
-
-ifeq ($(TARGET),armLINUX)
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-MPICMN += -DMP_USE_UINT_DIGIT 
-AS_OBJS += mpi_arm.o
-endif
-
-ifeq ($(TARGET),AMD64SOLARIS)
-ASFLAGS += -xarch=generic64
-AS_OBJS = mpi_amd64.o mpi_amd64_sun.o
-MP_CONFIG = -DMP_ASSEMBLY_MULTIPLY -DMPI_AMD64
-MP_CONFIG += -DMP_IS_LITTLE_ENDIAN
-CFLAGS = -xarch=generic64 -xO4 -I. -DMP_API_COMPATIBLE -DMP_IOFUNC $(MP_CONFIG)
-MPICMN += $(MP_CONFIG)
-
-mpi_amd64_asm.o: mpi_amd64_sun.s
-	$(AS) -xarch=generic64 -P -D_ASM mpi_amd64_sun.s
-endif
-
-ifeq ($(TARGET),WIN32)
-ifeq ($(CPU_ARCH),x86_64)
-AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm
-CFLAGS  = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
-CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC
-CFLAGS += $(MPICMN)
-
-$(AS_OBJS): %.obj : %.asm
-	ml64 -Cp -Sn -Zi -coff -nologo -c $<
-
-$(LIBOBJS): %.obj : %.c 
-	cl $(CFLAGS) -Fo$@ -c $<
-else
-AS_OBJS = mpi_x86.obj
-MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
-MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE 
-MPICMN += -DMP_MONT_USE_MP_MUL 
-MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
-CFLAGS  = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
-CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC
-CFLAGS += $(MPICMN)
-
-$(AS_OBJS): %.obj : %.asm
-	ml -Cp -Sn -Zi -coff -nologo -c $<
-
-$(LIBOBJS): %.obj : %.c 
-	cl $(CFLAGS) -Fo$@ -c $<
-
-endif
-endif
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/test-arrays.txt
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# Test suite table for MPI library
-#
-# Format of entries:
-# suite-name:function-name:description
-#
-# suite-name	The name used to identify this test in mpi-test
-# function-name	The function called to perform this test in mpi-test.c
-# description   A brief description of what the suite tests
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-list:test_list:print out a list of the available test suites
-copy:test_copy:test assignment of mp-int structures
-exchange:test_exch:test exchange of mp-int structures
-zero:test_zero:test zeroing of an mp-int
-set:test_set:test setting an mp-int to a small constant
-absolute-value:test_abs:test the absolute value function
-negate:test_neg:test the arithmetic negation function
-add-digit:test_add_d:test digit addition
-add:test_add:test full addition
-subtract-digit:test_sub_d:test digit subtraction
-subtract:test_sub:test full subtraction
-multiply-digit:test_mul_d:test digit multiplication
-multiply:test_mul:test full multiplication
-square:test_sqr:test full squaring function
-divide-digit:test_div_d:test digit division
-divide-2:test_div_2:test division by two
-divide-2d:test_div_2d:test division & remainder by 2^d
-divide:test_div:test full division
-expt-digit:test_expt_d:test digit exponentiation
-expt:test_expt:test full exponentiation
-expt-2:test_2expt:test power-of-two exponentiation
-modulo-digit:test_mod_d:test digit modular reduction
-modulo:test_mod:test full modular reduction
-mod-add:test_addmod:test modular addition
-mod-subtract:test_submod:test modular subtraction
-mod-multiply:test_mulmod:test modular multiplication
-mod-square:test_sqrmod:test modular squaring function
-mod-expt:test_exptmod:test full modular exponentiation
-mod-expt-digit:test_exptmod_d:test digit modular exponentiation
-mod-inverse:test_invmod:test modular inverse function
-compare-digit:test_cmp_d:test digit comparison function
-compare-zero:test_cmp_z:test zero comparison function
-compare:test_cmp:test general signed comparison
-compare-magnitude:test_cmp_mag:test general magnitude comparison
-parity:test_parity:test parity comparison functions
-gcd:test_gcd:test greatest common divisor functions
-lcm:test_lcm:test least common multiple function
-conversion:test_convert:test general radix conversion facilities
-binary:test_raw:test raw output format
-pprime:test_pprime:test probabilistic primality tester
-fermat:test_fermat:test Fermat pseudoprimality tester
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/LICENSE
+++ /dev/null
@@ -1,6 +0,0 @@
-Within this directory, each of the file listed below is licensed under 
-the terms given in the file LICENSE-MPL, also in this directory.
-
-pi1k.txt
-pi2k.txt
-pi5k.txt
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL
+++ /dev/null
@@ -1,3 +0,0 @@
-This Source Code Form is subject to the terms of the Mozilla Public
-License, v. 2.0. If a copy of the MPL was not distributed with this
-file, You can obtain one at http://mozilla.org/MPL/2.0/.
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-1.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test 1: Simple input test (drives single-digit multiply and add,
- *         as well as I/O routines)
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#ifdef MAC_CW_SIOUX
-#include <console.h>
-#endif
-
-#include "mpi.h"
-
-int
-main(int argc, char *argv[])
-{
-    int ix;
-    mp_int mp;
-
-#ifdef MAC_CW_SIOUX
-    argc = ccommand(&argv);
-#endif
-
-    mp_init(&mp);
-
-    for (ix = 1; ix < argc; ix++) {
-        mp_read_radix(&mp, argv[ix], 10);
-        mp_print(&mp, stdout);
-        fputc('\n', stdout);
-    }
-
-    mp_clear(&mp);
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-2.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test 2: Basic addition and subtraction test
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include "mpi.h"
-
-int
-main(int argc, char *argv[])
-{
-    mp_int a, b, c;
-
-    if (argc < 3) {
-        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
-        return 1;
-    }
-
-    printf("Test 2: Basic addition and subtraction\n\n");
-
-    mp_init(&a);
-    mp_init(&b);
-
-    mp_read_radix(&a, argv[1], 10);
-    mp_read_radix(&b, argv[2], 10);
-    printf("a = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-
-    mp_init(&c);
-    printf("c = a + b\n");
-
-    mp_add(&a, &b, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("c = a - b\n");
-
-    mp_sub(&a, &b, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mp_clear(&c);
-    mp_clear(&b);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-3.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test 3: Multiplication, division, and exponentiation test
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include <time.h>
-
-#include "mpi.h"
-
-#define EXPT 0 /* define nonzero to get exponentiate test */
-
-int
-main(int argc, char *argv[])
-{
-    int ix;
-    mp_int a, b, c, d;
-    mp_digit r;
-    mp_err res;
-
-    if (argc < 3) {
-        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
-        return 1;
-    }
-
-    printf("Test 3: Multiplication and division\n\n");
-    srand(time(NULL));
-
-    mp_init(&a);
-    mp_init(&b);
-
-    mp_read_variable_radix(&a, argv[1], 10);
-    mp_read_variable_radix(&b, argv[2], 10);
-    printf("a = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-
-    mp_init(&c);
-    printf("\nc = a * b\n");
-
-    mp_mul(&a, &b, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("\nc = b * 32523\n");
-
-    mp_mul_d(&b, 32523, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mp_init(&d);
-    printf("\nc = a / b, d = a mod b\n");
-
-    mp_div(&a, &b, &c, &d);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    printf("d = ");
-    mp_print(&d, stdout);
-    fputc('\n', stdout);
-
-    ix = rand() % 256;
-    printf("\nc = a / %d, r = a mod %d\n", ix, ix);
-    mp_div_d(&a, (mp_digit)ix, &c, &r);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    printf("r = %04X\n", r);
-
-#if EXPT
-    printf("\nc = a ** b\n");
-    mp_expt(&a, &b, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-#endif
-
-    ix = rand() % 256;
-    printf("\nc = 2^%d\n", ix);
-    mp_2expt(&c, ix);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mp_clear(&d);
-    mp_clear(&c);
-    mp_clear(&b);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-3a.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test 3a: Multiplication vs. squaring timing test
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include <time.h>
-
-#include "mpi.h"
-#include "mpprime.h"
-
-int
-main(int argc, char *argv[])
-{
-    int ix, num, prec = 8;
-    double d1, d2;
-    clock_t start, finish;
-    time_t seed;
-    mp_int a, c, d;
-
-    seed = time(NULL);
-
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
-        return 1;
-    }
-
-    if ((num = atoi(argv[1])) < 0)
-        num = -num;
-
-    if (!num) {
-        fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
-        return 1;
-    }
-
-    if (argc > 2) {
-        if ((prec = atoi(argv[2])) <= 0)
-            prec = 8;
-        else
-            prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
-    }
-
-    printf("Test 3a: Multiplication vs squaring timing test\n"
-           "Precision:  %d digits (%u bits)\n"
-           "# of tests: %d\n\n",
-           prec, prec * DIGIT_BIT, num);
-
-    mp_init_size(&a, prec);
-
-    mp_init(&c);
-    mp_init(&d);
-
-    printf("Verifying accuracy ... \n");
-    srand((unsigned int)seed);
-    for (ix = 0; ix < num; ix++) {
-        mpp_random_size(&a, prec);
-        mp_mul(&a, &a, &c);
-        mp_sqr(&a, &d);
-
-        if (mp_cmp(&c, &d) != 0) {
-            printf("Error!  Results not accurate:\n");
-            printf("a = ");
-            mp_print(&a, stdout);
-            fputc('\n', stdout);
-            printf("c = ");
-            mp_print(&c, stdout);
-            fputc('\n', stdout);
-            printf("d = ");
-            mp_print(&d, stdout);
-            fputc('\n', stdout);
-            mp_sub(&c, &d, &d);
-            printf("dif ");
-            mp_print(&d, stdout);
-            fputc('\n', stdout);
-            mp_clear(&c);
-            mp_clear(&d);
-            mp_clear(&a);
-            return 1;
-        }
-    }
-    printf("Accuracy is confirmed for the %d test samples\n", num);
-    mp_clear(&d);
-
-    printf("Testing squaring ... \n");
-    srand((unsigned int)seed);
-    start = clock();
-    for (ix = 0; ix < num; ix++) {
-        mpp_random_size(&a, prec);
-        mp_sqr(&a, &c);
-    }
-    finish = clock();
-
-    d2 = (double)(finish - start) / CLOCKS_PER_SEC;
-
-    printf("Testing multiplication ... \n");
-    srand((unsigned int)seed);
-    start = clock();
-    for (ix = 0; ix < num; ix++) {
-        mpp_random(&a);
-        mp_mul(&a, &a, &c);
-    }
-    finish = clock();
-
-    d1 = (double)(finish - start) / CLOCKS_PER_SEC;
-
-    printf("Multiplication time: %.3f sec (%.3f each)\n", d1, d1 / num);
-    printf("Squaring time:       %.3f sec (%.3f each)\n", d2, d2 / num);
-    printf("Improvement:         %.2f%%\n", (1.0 - (d2 / d1)) * 100.0);
-
-    mp_clear(&c);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-4.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test 4: Modular arithmetic tests
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include "mpi.h"
-
-int
-main(int argc, char *argv[])
-{
-    int ix;
-    mp_int a, b, c, m;
-    mp_digit r;
-
-    if (argc < 4) {
-        fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
-        return 1;
-    }
-
-    printf("Test 4: Modular arithmetic\n\n");
-
-    mp_init(&a);
-    mp_init(&b);
-    mp_init(&m);
-
-    mp_read_radix(&a, argv[1], 10);
-    mp_read_radix(&b, argv[2], 10);
-    mp_read_radix(&m, argv[3], 10);
-    printf("a = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-    printf("m = ");
-    mp_print(&m, stdout);
-    fputc('\n', stdout);
-
-    mp_init(&c);
-    printf("\nc = a (mod m)\n");
-
-    mp_mod(&a, &m, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("\nc = b (mod m)\n");
-
-    mp_mod(&b, &m, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("\nc = b (mod 1853)\n");
-
-    mp_mod_d(&b, 1853, &r);
-    printf("c = %04X\n", r);
-
-    printf("\nc = (a + b) mod m\n");
-
-    mp_addmod(&a, &b, &m, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("\nc = (a - b) mod m\n");
-
-    mp_submod(&a, &b, &m, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("\nc = (a * b) mod m\n");
-
-    mp_mulmod(&a, &b, &m, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("\nc = (a ** b) mod m\n");
-
-    mp_exptmod(&a, &b, &m, &c);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    printf("\nIn-place modular squaring test:\n");
-    for (ix = 0; ix < 5; ix++) {
-        printf("a = (a * a) mod m   a = ");
-        mp_sqrmod(&a, &m, &a);
-        mp_print(&a, stdout);
-        fputc('\n', stdout);
-    }
-
-    mp_clear(&c);
-    mp_clear(&m);
-    mp_clear(&b);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-4a.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- *  mptest4a - modular exponentiation speed test
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <time.h>
-
-#include <sys/time.h>
-
-#include "mpi.h"
-#include "mpprime.h"
-
-typedef struct {
-    unsigned int sec;
-    unsigned int usec;
-} instant_t;
-
-instant_t
-now(void)
-{
-    struct timeval clk;
-    instant_t res;
-
-    res.sec = res.usec = 0;
-
-    if (gettimeofday(&clk, NULL) != 0)
-        return res;
-
-    res.sec = clk.tv_sec;
-    res.usec = clk.tv_usec;
-
-    return res;
-}
-
-extern mp_err s_mp_pad();
-
-int
-main(int argc, char *argv[])
-{
-    int ix, num, prec = 8;
-    unsigned int d;
-    instant_t start, finish;
-    time_t seed;
-    mp_int a, m, c;
-
-    seed = time(NULL);
-
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
-        return 1;
-    }
-
-    if ((num = atoi(argv[1])) < 0)
-        num = -num;
-
-    if (!num) {
-        fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
-        return 1;
-    }
-
-    if (argc > 2) {
-        if ((prec = atoi(argv[2])) <= 0)
-            prec = 8;
-    }
-
-    printf("Test 3a: Modular exponentiation timing test\n"
-           "Precision:  %d digits (%d bits)\n"
-           "# of tests: %d\n\n",
-           prec, prec * DIGIT_BIT, num);
-
-    mp_init_size(&a, prec);
-    mp_init_size(&m, prec);
-    mp_init_size(&c, prec);
-    s_mp_pad(&a, prec);
-    s_mp_pad(&m, prec);
-    s_mp_pad(&c, prec);
-
-    printf("Testing modular exponentiation ... \n");
-    srand((unsigned int)seed);
-
-    start = now();
-    for (ix = 0; ix < num; ix++) {
-        mpp_random(&a);
-        mpp_random(&c);
-        mpp_random(&m);
-        mp_exptmod(&a, &c, &m, &c);
-    }
-    finish = now();
-
-    d = (finish.sec - start.sec) * 1000000;
-    d -= start.usec;
-    d += finish.usec;
-
-    printf("Total time elapsed:        %u usec\n", d);
-    printf("Time per exponentiation:   %u usec (%.3f sec)\n",
-           (d / num), (double)(d / num) / 1000000);
-
-    mp_clear(&c);
-    mp_clear(&a);
-    mp_clear(&m);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-4b.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * mptest-4b.c
- *
- * Test speed of a large modular exponentiation of a primitive element
- * modulo a prime.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <time.h>
-
-#include <sys/time.h>
-
-#include "mpi.h"
-#include "mpprime.h"
-
-char *g_prime =
-    "34BD53C07350E817CCD49721020F1754527959C421C1533244769D4CF060A8B1C3DA"
-    "25094BE723FB1E2369B55FEEBBE0FAC16425161BF82684062B5EC5D7D47D1B23C117"
-    "0FA19745E44A55E148314E582EB813AC9EE5126295E2E380CACC2F6D206B293E5ED9"
-    "23B54EE961A8C69CD625CE4EC38B70C649D7F014432AEF3A1C93";
-char *g_gen = "5";
-
-typedef struct {
-    unsigned int sec;
-    unsigned int usec;
-} instant_t;
-
-instant_t
-now(void)
-{
-    struct timeval clk;
-    instant_t res;
-
-    res.sec = res.usec = 0;
-
-    if (gettimeofday(&clk, NULL) != 0)
-        return res;
-
-    res.sec = clk.tv_sec;
-    res.usec = clk.tv_usec;
-
-    return res;
-}
-
-extern mp_err s_mp_pad();
-
-int
-main(int argc, char *argv[])
-{
-    instant_t start, finish;
-    mp_int prime, gen, expt, res;
-    unsigned int ix, diff;
-    int num;
-
-    srand(time(NULL));
-
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
-        return 1;
-    }
-
-    if ((num = atoi(argv[1])) < 0)
-        num = -num;
-
-    if (num == 0)
-        ++num;
-
-    mp_init(&prime);
-    mp_init(&gen);
-    mp_init(&res);
-    mp_read_radix(&prime, g_prime, 16);
-    mp_read_radix(&gen, g_gen, 16);
-
-    mp_init_size(&expt, USED(&prime) - 1);
-    s_mp_pad(&expt, USED(&prime) - 1);
-
-    printf("Testing %d modular exponentations ... \n", num);
-
-    start = now();
-    for (ix = 0; ix < num; ix++) {
-        mpp_random(&expt);
-        mp_exptmod(&gen, &expt, &prime, &res);
-    }
-    finish = now();
-
-    diff = (finish.sec - start.sec) * 1000000;
-    diff += finish.usec;
-    diff -= start.usec;
-
-    printf("%d operations took %u usec (%.3f sec)\n",
-           num, diff, (double)diff / 1000000.0);
-    printf("That is %.3f sec per operation.\n",
-           ((double)diff / 1000000.0) / num);
-
-    mp_clear(&expt);
-    mp_clear(&res);
-    mp_clear(&gen);
-    mp_clear(&prime);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-5.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test 5: Other number theoretic functions
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include "mpi.h"
-
-int
-main(int argc, char *argv[])
-{
-    mp_int a, b, c, x, y;
-
-    if (argc < 3) {
-        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
-        return 1;
-    }
-
-    printf("Test 5: Number theoretic functions\n\n");
-
-    mp_init(&a);
-    mp_init(&b);
-
-    mp_read_radix(&a, argv[1], 10);
-    mp_read_radix(&b, argv[2], 10);
-
-    printf("a = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-
-    mp_init(&c);
-    printf("\nc = (a, b)\n");
-
-    mp_gcd(&a, &b, &c);
-    printf("Euclid: c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    /*
-      mp_bgcd(&a, &b, &c);
-      printf("Binary: c = "); mp_print(&c, stdout); fputc('\n', stdout);
-    */
-    mp_init(&x);
-    mp_init(&y);
-    printf("\nc = (a, b) = ax + by\n");
-
-    mp_xgcd(&a, &b, &c, &x, &y);
-    printf("c = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    printf("x = ");
-    mp_print(&x, stdout);
-    fputc('\n', stdout);
-    printf("y = ");
-    mp_print(&y, stdout);
-    fputc('\n', stdout);
-
-    printf("\nc = a^-1 (mod b)\n");
-    if (mp_invmod(&a, &b, &c) == MP_UNDEF) {
-        printf("a has no inverse mod b\n");
-    } else {
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-    }
-
-    mp_clear(&y);
-    mp_clear(&x);
-    mp_clear(&c);
-    mp_clear(&b);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-5a.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test 5a: Greatest common divisor speed test, binary vs. Euclid
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-#include <time.h>
-
-#include <sys/time.h>
-
-#include "mpi.h"
-#include "mpprime.h"
-
-typedef struct {
-    unsigned int sec;
-    unsigned int usec;
-} instant_t;
-
-instant_t
-now(void)
-{
-    struct timeval clk;
-    instant_t res;
-
-    res.sec = res.usec = 0;
-
-    if (gettimeofday(&clk, NULL) != 0)
-        return res;
-
-    res.sec = clk.tv_sec;
-    res.usec = clk.tv_usec;
-
-    return res;
-}
-
-#define PRECISION 16
-
-int
-main(int argc, char *argv[])
-{
-    int ix, num, prec = PRECISION;
-    mp_int a, b, c, d;
-    instant_t start, finish;
-    time_t seed;
-    unsigned int d1, d2;
-
-    seed = time(NULL);
-
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
-        return 1;
-    }
-
-    if ((num = atoi(argv[1])) < 0)
-        num = -num;
-
-    printf("Test 5a: Euclid vs. Binary, a GCD speed test\n\n"
-           "Number of tests: %d\n"
-           "Precision:       %d digits\n\n",
-           num, prec);
-
-    mp_init_size(&a, prec);
-    mp_init_size(&b, prec);
-    mp_init(&c);
-    mp_init(&d);
-
-    printf("Verifying accuracy ... \n");
-    srand((unsigned int)seed);
-    for (ix = 0; ix < num; ix++) {
-        mpp_random_size(&a, prec);
-        mpp_random_size(&b, prec);
-
-        mp_gcd(&a, &b, &c);
-        mp_bgcd(&a, &b, &d);
-
-        if (mp_cmp(&c, &d) != 0) {
-            printf("Error!  Results not accurate:\n");
-            printf("a = ");
-            mp_print(&a, stdout);
-            fputc('\n', stdout);
-            printf("b = ");
-            mp_print(&b, stdout);
-            fputc('\n', stdout);
-            printf("c = ");
-            mp_print(&c, stdout);
-            fputc('\n', stdout);
-            printf("d = ");
-            mp_print(&d, stdout);
-            fputc('\n', stdout);
-
-            mp_clear(&a);
-            mp_clear(&b);
-            mp_clear(&c);
-            mp_clear(&d);
-            return 1;
-        }
-    }
-    mp_clear(&d);
-    printf("Accuracy confirmed for the %d test samples\n", num);
-
-    printf("Testing Euclid ... \n");
-    srand((unsigned int)seed);
-    start = now();
-    for (ix = 0; ix < num; ix++) {
-        mpp_random_size(&a, prec);
-        mpp_random_size(&b, prec);
-        mp_gcd(&a, &b, &c);
-    }
-    finish = now();
-
-    d1 = (finish.sec - start.sec) * 1000000;
-    d1 -= start.usec;
-    d1 += finish.usec;
-
-    printf("Testing binary ... \n");
-    srand((unsigned int)seed);
-    start = now();
-    for (ix = 0; ix < num; ix++) {
-        mpp_random_size(&a, prec);
-        mpp_random_size(&b, prec);
-        mp_bgcd(&a, &b, &c);
-    }
-    finish = now();
-
-    d2 = (finish.sec - start.sec) * 1000000;
-    d2 -= start.usec;
-    d2 += finish.usec;
-
-    printf("Euclidean algorithm time: %u usec\n", d1);
-    printf("Binary algorithm time:    %u usec\n", d2);
-    printf("Improvement:              %.2f%%\n",
-           (1.0 - ((double)d2 / (double)d1)) * 100.0);
-
-    mp_clear(&c);
-    mp_clear(&b);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-6.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- *  Simple test driver for MPI library
- *
- *  Test 6: Output functions
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include "mpi.h"
-
-void
-print_buf(FILE *ofp, char *buf, int len)
-{
-    int ix, brk = 0;
-
-    for (ix = 0; ix < len; ix++) {
-        fprintf(ofp, "%02X ", buf[ix]);
-
-        brk = (brk + 1) & 0xF;
-        if (!brk)
-            fputc('\n', ofp);
-    }
-
-    if (brk)
-        fputc('\n', ofp);
-}
-
-int
-main(int argc, char *argv[])
-{
-    int ix, size;
-    mp_int a;
-    char *buf;
-
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s <a>\n", argv[0]);
-        return 1;
-    }
-
-    printf("Test 6: Output functions\n\n");
-
-    mp_init(&a);
-
-    mp_read_radix(&a, argv[1], 10);
-
-    printf("\nConverting to a string:\n");
-
-    printf("Rx Size Representation\n");
-    for (ix = 2; ix <= MAX_RADIX; ix++) {
-        size = mp_radix_size(&a, ix);
-
-        buf = calloc(size, sizeof(char));
-        mp_toradix(&a, buf, ix);
-        printf("%2d: %3d: %s\n", ix, size, buf);
-        free(buf);
-    }
-
-    printf("\nRaw output:\n");
-    size = mp_raw_size(&a);
-    buf = calloc(size, sizeof(char));
-
-    printf("Size:  %d bytes\n", size);
-
-    mp_toraw(&a, buf);
-    print_buf(stdout, buf, size);
-    free(buf);
-
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-7.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- *  Simple test driver for MPI library
- *
- *  Test 7: Random and divisibility tests
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-#include <time.h>
-
-#define MP_IOFUNC 1
-#include "mpi.h"
-
-#include "mpprime.h"
-
-int
-main(int argc, char *argv[])
-{
-    mp_digit num;
-    mp_int a, b;
-
-    srand(time(NULL));
-
-    if (argc < 3) {
-        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
-        return 1;
-    }
-
-    printf("Test 7: Random & divisibility tests\n\n");
-
-    mp_init(&a);
-    mp_init(&b);
-
-    mp_read_radix(&a, argv[1], 10);
-    mp_read_radix(&b, argv[2], 10);
-
-    printf("a = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-
-    if (mpp_divis(&a, &b) == MP_YES)
-        printf("a is divisible by b\n");
-    else
-        printf("a is not divisible by b\n");
-
-    if (mpp_divis(&b, &a) == MP_YES)
-        printf("b is divisible by a\n");
-    else
-        printf("b is not divisible by a\n");
-
-    printf("\nb = mpp_random()\n");
-    mpp_random(&b);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-    mpp_random(&b);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-    mpp_random(&b);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-
-    printf("\nTesting a for divisibility by first 170 primes\n");
-    num = 170;
-    if (mpp_divis_primes(&a, &num) == MP_YES)
-        printf("It is divisible by at least one of them\n");
-    else
-        printf("It is not divisible by any of them\n");
-
-    mp_clear(&b);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-8.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- *  Simple test driver for MPI library
- *
- *  Test 8: Probabilistic primality tester
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-#include <time.h>
-
-#define MP_IOFUNC 1
-#include "mpi.h"
-
-#include "mpprime.h"
-
-int
-main(int argc, char *argv[])
-{
-    int ix;
-    mp_digit num;
-    mp_int a;
-
-    srand(time(NULL));
-
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s <a>\n", argv[0]);
-        return 1;
-    }
-
-    printf("Test 8: Probabilistic primality testing\n\n");
-
-    mp_init(&a);
-
-    mp_read_radix(&a, argv[1], 10);
-
-    printf("a = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-
-    printf("\nChecking for divisibility by small primes ... \n");
-    num = 170;
-    if (mpp_divis_primes(&a, &num) == MP_YES) {
-        printf("it is not prime\n");
-        goto CLEANUP;
-    }
-    printf("Passed that test (not divisible by any small primes).\n");
-
-    for (ix = 0; ix < 10; ix++) {
-        printf("\nPerforming Rabin-Miller test, iteration %d\n", ix + 1);
-
-        if (mpp_pprime(&a, 5) == MP_NO) {
-            printf("it is not prime\n");
-            goto CLEANUP;
-        }
-    }
-    printf("All tests passed; a is probably prime\n");
-
-CLEANUP:
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-9.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- *    mptest-9.c
- *
- *   Test logical functions
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-#include <time.h>
-
-#include "mpi.h"
-#include "mplogic.h"
-
-int
-main(int argc, char *argv[])
-{
-    mp_int a, b, c;
-    int pco;
-    mp_err res;
-
-    printf("Test 9: Logical functions\n\n");
-
-    if (argc < 3) {
-        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
-        return 1;
-    }
-
-    mp_init(&a);
-    mp_init(&b);
-    mp_init(&c);
-    mp_read_radix(&a, argv[1], 16);
-    mp_read_radix(&b, argv[2], 16);
-
-    printf("a       = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-    printf("b       = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-
-    mpl_not(&a, &c);
-    printf("~a      = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mpl_and(&a, &b, &c);
-    printf("a & b   = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mpl_or(&a, &b, &c);
-    printf("a | b   = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mpl_xor(&a, &b, &c);
-    printf("a ^ b   = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mpl_rsh(&a, &c, 1);
-    printf("a >>  1 = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    mpl_rsh(&a, &c, 5);
-    printf("a >>  5 = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    mpl_rsh(&a, &c, 16);
-    printf("a >> 16 = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mpl_lsh(&a, &c, 1);
-    printf("a <<  1 = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    mpl_lsh(&a, &c, 5);
-    printf("a <<  5 = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-    mpl_lsh(&a, &c, 16);
-    printf("a << 16 = ");
-    mp_print(&c, stdout);
-    fputc('\n', stdout);
-
-    mpl_num_set(&a, &pco);
-    printf("population(a) = %d\n", pco);
-    mpl_num_set(&b, &pco);
-    printf("population(b) = %d\n", pco);
-
-    res = mpl_parity(&a);
-    if (res == MP_EVEN)
-        printf("a has even parity\n");
-    else
-        printf("a has odd parity\n");
-
-    mp_clear(&c);
-    mp_clear(&b);
-    mp_clear(&a);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/mptest-b.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Simple test driver for MPI library
- *
- * Test GF2m: Binary Polynomial Arithmetic
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include "mp_gf2m.h"
-
-int
-main(int argc, char *argv[])
-{
-    int ix;
-    mp_int pp, a, b, x, y, order;
-    mp_int c, d, e;
-    mp_digit r;
-    mp_err res;
-    unsigned int p[] = { 163, 7, 6, 3, 0 };
-    unsigned int ptemp[10];
-
-    printf("Test b: Binary Polynomial Arithmetic\n\n");
-
-    mp_init(&pp);
-    mp_init(&a);
-    mp_init(&b);
-    mp_init(&x);
-    mp_init(&y);
-    mp_init(&order);
-
-    mp_read_radix(&pp, "0800000000000000000000000000000000000000C9", 16);
-    mp_read_radix(&a, "1", 16);
-    mp_read_radix(&b, "020A601907B8C953CA1481EB10512F78744A3205FD", 16);
-    mp_read_radix(&x, "03F0EBA16286A2D57EA0991168D4994637E8343E36", 16);
-    mp_read_radix(&y, "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 16);
-    mp_read_radix(&order, "040000000000000000000292FE77E70C12A4234C33", 16);
-    printf("pp = ");
-    mp_print(&pp, stdout);
-    fputc('\n', stdout);
-    printf("a = ");
-    mp_print(&a, stdout);
-    fputc('\n', stdout);
-    printf("b = ");
-    mp_print(&b, stdout);
-    fputc('\n', stdout);
-    printf("x = ");
-    mp_print(&x, stdout);
-    fputc('\n', stdout);
-    printf("y = ");
-    mp_print(&y, stdout);
-    fputc('\n', stdout);
-    printf("order = ");
-    mp_print(&order, stdout);
-    fputc('\n', stdout);
-
-    mp_init(&c);
-    mp_init(&d);
-    mp_init(&e);
-
-    /* Test polynomial conversion */
-    ix = mp_bpoly2arr(&pp, ptemp, 10);
-    if (
-        (ix != 5) ||
-        (ptemp[0] != p[0]) ||
-        (ptemp[1] != p[1]) ||
-        (ptemp[2] != p[2]) ||
-        (ptemp[3] != p[3]) ||
-        (ptemp[4] != p[4])) {
-        printf("Polynomial to array conversion not correct\n");
-        return -1;
-    }
-
-    printf("Polynomial conversion test #1 successful.\n");
-    MP_CHECKOK(mp_barr2poly(p, &c));
-    if (mp_cmp(&pp, &c) != 0) {
-        printf("Array to polynomial conversion not correct\n");
-        return -1;
-    }
-    printf("Polynomial conversion test #2 successful.\n");
-
-    /* Test addition */
-    MP_CHECKOK(mp_badd(&a, &a, &c));
-    if (mp_cmp_z(&c) != 0) {
-        printf("a+a should equal zero\n");
-        return -1;
-    }
-    printf("Addition test #1 successful.\n");
-    MP_CHECKOK(mp_badd(&a, &b, &c));
-    MP_CHECKOK(mp_badd(&b, &c, &c));
-    if (mp_cmp(&c, &a) != 0) {
-        printf("c = (a + b) + b should equal a\n");
-        printf("a = ");
-        mp_print(&a, stdout);
-        fputc('\n', stdout);
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Addition test #2 successful.\n");
-
-    /* Test multiplication */
-    mp_set(&c, 2);
-    MP_CHECKOK(mp_bmul(&b, &c, &c));
-    MP_CHECKOK(mp_badd(&b, &c, &c));
-    mp_set(&d, 3);
-    MP_CHECKOK(mp_bmul(&b, &d, &d));
-    if (mp_cmp(&c, &d) != 0) {
-        printf("c = (2 * b) + b should equal c = 3 * b\n");
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        printf("d = ");
-        mp_print(&d, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Multiplication test #1 successful.\n");
-
-    /* Test modular reduction */
-    MP_CHECKOK(mp_bmod(&b, p, &c));
-    if (mp_cmp(&b, &c) != 0) {
-        printf("c = b mod p should equal b\n");
-        printf("b = ");
-        mp_print(&b, stdout);
-        fputc('\n', stdout);
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Modular reduction test #1 successful.\n");
-    MP_CHECKOK(mp_badd(&b, &pp, &c));
-    MP_CHECKOK(mp_bmod(&c, p, &c));
-    if (mp_cmp(&b, &c) != 0) {
-        printf("c = (b + p) mod p should equal b\n");
-        printf("b = ");
-        mp_print(&b, stdout);
-        fputc('\n', stdout);
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Modular reduction test #2 successful.\n");
-    MP_CHECKOK(mp_bmul(&b, &pp, &c));
-    MP_CHECKOK(mp_bmod(&c, p, &c));
-    if (mp_cmp_z(&c) != 0) {
-        printf("c = (b * p) mod p should equal 0\n");
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Modular reduction test #3 successful.\n");
-
-    /* Test modular multiplication */
-    MP_CHECKOK(mp_bmulmod(&b, &pp, p, &c));
-    if (mp_cmp_z(&c) != 0) {
-        printf("c = (b * p) mod p should equal 0\n");
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Modular multiplication test #1 successful.\n");
-    mp_set(&c, 1);
-    MP_CHECKOK(mp_badd(&pp, &c, &c));
-    MP_CHECKOK(mp_bmulmod(&b, &c, p, &c));
-    if (mp_cmp(&b, &c) != 0) {
-        printf("c = (b * (p + 1)) mod p should equal b\n");
-        printf("b = ");
-        mp_print(&b, stdout);
-        fputc('\n', stdout);
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Modular multiplication test #2 successful.\n");
-
-    /* Test modular squaring */
-    MP_CHECKOK(mp_copy(&b, &c));
-    MP_CHECKOK(mp_bmulmod(&b, &c, p, &c));
-    MP_CHECKOK(mp_bsqrmod(&b, p, &d));
-    if (mp_cmp(&c, &d) != 0) {
-        printf("c = (b * b) mod p should equal d = b^2 mod p\n");
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        printf("d = ");
-        mp_print(&d, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Modular squaring test #1 successful.\n");
-
-    /* Test modular division */
-    MP_CHECKOK(mp_bdivmod(&b, &x, &pp, p, &c));
-    MP_CHECKOK(mp_bmulmod(&c, &x, p, &c));
-    if (mp_cmp(&b, &c) != 0) {
-        printf("c = (b / x) * x mod p should equal b\n");
-        printf("b = ");
-        mp_print(&b, stdout);
-        fputc('\n', stdout);
-        printf("c = ");
-        mp_print(&c, stdout);
-        fputc('\n', stdout);
-        return -1;
-    }
-    printf("Modular division test #1 successful.\n");
-
-CLEANUP:
-
-    mp_clear(&order);
-    mp_clear(&y);
-    mp_clear(&x);
-    mp_clear(&b);
-    mp_clear(&a);
-    mp_clear(&pp);
-
-    return 0;
-}
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/pi1k.txt
+++ /dev/null
@@ -1,1 +0,0 @@
-31415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983729780499510597317328160963185950244594553469083026425223082533446850352619311881710100031378387528865875332083814206171776691473035982534904287554687311595628638823537875937519577818577805321712268066130019278766111959092164201989
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/pi2k.txt
+++ /dev/null
@@ -1,1 +0,0 @@
-314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759010
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/tests/pi5k.txt
+++ /dev/null
@@ -1,1 +0,0 @@
-314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759009946576407895126946839835259570982582262052248940772671947826848260147699090264013639443745530506820349625245174939965143142980919065925093722169646151570985838741059788595977297549893016175392846813826868386894277415599185592524595395943104997252468084598727364469584865383673622262609912460805124388439045124413654976278079771569143599770012961608944169486855584840635342207222582848864815845602850601684273945226746767889525213852254995466672782398645659611635488623057745649803559363456817432411251507606947945109659609402522887971089314566913686722874894056010150330861792868092087476091782493858900971490967598526136554978189312978482168299894872265880485756401427047755513237964145152374623436454285844479526586782105114135473573952311342716610213596953623144295248493718711014576540359027993440374200731057853906219838744780847848968332144571386875194350643021845319104848100537061468067491927819119793995206141966342875444064374512371819217999839101591956181467514269123974894090718649423196156794520809514655022523160388193014209376213785595663893778708303906979207734672218256259966150142150306803844773454920260541466592520149744285073251866600213243408819071048633173464965145390579626856100550810665879699816357473638405257145910289706414011097120628043903975951567715770042033786993600723055876317635942187312514712053292819182618612586732157919841484882916447060957527069572209175671167229109816909152801735067127485832228718352093539657251210835791513698820914442100675103346711031412671113699086585163983150197016515116851714376576183515565088490998985998238734552833163550764791853589322618548963213293308985706420467525907091548141654985946163718027098199430992448895757128289059232332609729971208443357326548938239119325974636673058360414281388303203824903758985243744170291327656180937734440307074692112019130203303801976211011004492932151608424448596376698389522868478312355265821314495768572624334418930396864262434107732269780280731891544110104468232527162010526522721116603966655730925471105578537634668206531098965269186205647693125705863566201855810072936065987648611791045334885034611365768675324944166803962657978771855608455296541266540853061434443185867697514566140680070023787765913440171274947042056223053899456131407112700040785473326993908145466464588079727082668306343285878569830523580893306575740679545716377525420211495576158140025012622859413021647155097925923099079654737612551765675135751782966645477917450112996148903046399471329621073404375189573596145890193897131117904297828564750320319869151402870808599048010941214722131794764777262241425485454033215718530614228813758504306332175182979866223717215916077166925474873898665494945011465406284336639379003976926567214638530673609657120918076383271664162748888007869256029022847210403172118608204190004229661711963779213375751149595015660496318629472654736425230817703675159067350235072835405670403867435136222247715891504953098444893330963408780769325993978054193414473774418426312986080998886874132604721
deleted file mode 100755
--- a/security/nss/lib/freebl/mpi/timetest
+++ /dev/null
@@ -1,99 +0,0 @@
-#!/bin/sh
-
-# Simple timing test for the MPI library.  Basically, we use prime
-# generation as a timing test, since it exercises most of the pathways
-# of the library fairly heavily.  The 'primegen' tool outputs a line
-# summarizing timing results.  We gather these and process them for
-# statistical information, which is collected into a file.
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# Avoid using built-in shell echoes
-ECHO=/bin/echo
-MAKE=gmake
-PERL=perl
-
-# Use a fixed seed so timings will be more consistent
-# This one is the 11th-18th decimal digits of 'e'
-#export SEED=45904523
-SEED=45904523; export SEED
-
-#------------------------------------------------------------------------
-
-$ECHO "\n** Running timing tests for MPI library\n"
-
-$ECHO "Bringing 'metime' up to date ... "
-if $MAKE metime ; then
-    :
-else 
-    $ECHO "\nMake failed to build metime.\n"
-    exit 1
-fi
-
-if [ ! -x ./metime ] ; then 
-    $ECHO "\nCannot find 'metime' program, testing cannot continue.\n"
-    exit 1
-fi
-
-#------------------------------------------------------------------------
-
-$ECHO "Bringing 'primegen' up to date ... "
-if $MAKE primegen ; then
-    :
-else
-    $ECHO "\nMake failed to build primegen.\n"
-    exit 1
-fi
-
-if [ ! -x ./primegen ] ; then
-    $ECHO "\nCannot find 'primegen' program, testing cannot continue.\n"
-    exit 1
-fi
-
-#------------------------------------------------------------------------
-
-rm -f timing-results.txt
-touch timing-results.txt
-
-sizes="256 512 1024 2048"
-ntests=10
-
-trap 'echo "oop!";rm -f tt*.tmp timing-results.txt;exit 0' INT HUP
-
-$ECHO "\n-- Modular exponentiation\n"
-$ECHO "Modular exponentiation:" >> timing-results.txt
-
-$ECHO "Running $ntests modular exponentiations per test:"
-for size in $sizes ; do
-    $ECHO "- Gathering statistics for $size bits ... "
-    secs=`./metime $ntests $size | tail -1 | awk '{print $2}'`
-    $ECHO "$size: " $secs " seconds per op" >> timing-results.txt
-    tail -1 timing-results.txt
-done
-
-$ECHO "<done>";
-
-sizes="256 512 1024"
-ntests=1
-
-$ECHO "\n-- Prime generation\n"
-$ECHO "Prime generation:" >> timing-results.txt
-
-$ECHO "Generating $ntests prime values per test:"
-for size in $sizes ; do
-    $ECHO "- Gathering statistics for $size bits ... "
-    ./primegen $size $ntests | grep ticks | awk '{print $7}' | tr -d '(' > tt$$.tmp
-    $ECHO "$size:" >> timing-results.txt
-    $PERL stats tt$$.tmp >> timing-results.txt
-    tail -1 timing-results.txt
-    rm -f tt$$.tmp
-done
-
-$ECHO "<done>"
-
-trap 'rm -f tt*.tmp timing-results.txt' INT HUP
-
-exit 0
-
deleted file mode 100755
--- a/security/nss/lib/freebl/mpi/types.pl
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/usr/bin/perl
-
-#
-# types.pl - find recommended type definitions for digits and words
-#
-# This script scans the Makefile for the C compiler and compilation
-# flags currently in use, and using this combination, attempts to
-# compile a simple test program that outputs the sizes of the various
-# unsigned integer types, in bytes.  Armed with these, it finds all
-# the "viable" type combinations for mp_digit and mp_word, where
-# viability is defined by the requirement that mp_word be at least two
-# times the precision of mp_digit.
-#
-# Of these, the one with the largest digit size is chosen, and
-# appropriate typedef statements are written to standard output.
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-@_=split(/\//,$0);chomp($prog=pop(@_));
-
-# The array of integer types to be considered...
-@TYPES = ( 
-	   "unsigned char", 
-	   "unsigned short", 
-	   "unsigned int", 
-	   "unsigned long"
-);
-
-# Macro names for the maximum unsigned value of each type
-%TMAX = ( 
-	  "unsigned char"   => "UCHAR_MAX",
-	  "unsigned short"  => "USHRT_MAX",
-	  "unsigned int"    => "UINT_MAX",
-	  "unsigned long"   => "ULONG_MAX"
-);
-
-# Read the Makefile to find out which C compiler to use
-open(MFP, "<Makefile") or die "$prog: Makefile: $!\n";
-while(<MFP>) {
-    chomp;
-    if(/^CC=(.*)$/) {
-	$cc = $1;
-	last if $cflags;
-    } elsif(/^CFLAGS=(.*)$/) {
-	$cflags = $1;
-	last if $cc;
-    }
-}
-close(MFP);
-
-# If we couldn't find that, use 'cc' by default
-$cc = "cc" unless $cc;
-
-printf STDERR "Using '%s' as the C compiler.\n", $cc;
-
-print STDERR "Determining type sizes ... \n";
-open(OFP, ">tc$$.c") or die "$prog: tc$$.c: $!\n";
-print OFP "#include <stdio.h>\n\nint main(void)\n{\n";
-foreach $type (@TYPES) {
-    printf OFP "\tprintf(\"%%d\\n\", (int)sizeof(%s));\n", $type;
-}
-print OFP "\n\treturn 0;\n}\n";
-close(OFP);
-
-system("$cc $cflags -o tc$$ tc$$.c");
-
-die "$prog: unable to build test program\n" unless(-x "tc$$");
-
-open(IFP, "./tc$$|") or die "$prog: can't execute test program\n";
-$ix = 0;
-while(<IFP>) {
-    chomp;
-    $size{$TYPES[$ix++]} = $_;
-}
-close(IFP);
-
-unlink("tc$$");
-unlink("tc$$.c");
-
-print STDERR "Selecting viable combinations ... \n";
-while(($type, $size) = each(%size)) {
-    push(@ts, [ $size, $type ]);
-}
-
-# Sort them ascending by size 
-@ts = sort { $a->[0] <=> $b->[0] } @ts;
-
-# Try all possible combinations, finding pairs in which the word size
-# is twice the digit size.  The number of possible pairs is too small
-# to bother doing this more efficiently than by brute force
-for($ix = 0; $ix <= $#ts; $ix++) {
-    $w = $ts[$ix];
-
-    for($jx = 0; $jx <= $#ts; $jx++) {
-	$d = $ts[$jx];
-
-	if($w->[0] == 2 * $d->[0]) {
-	    push(@valid, [ $d, $w ]);
-	}
-    }
-}
-
-# Sort descending by digit size
-@valid = sort { $b->[0]->[0] <=> $a->[0]->[0] } @valid;
-
-# Select the maximum as the recommended combination
-$rec = shift(@valid);
-
-printf("typedef %-18s mp_sign;\n", "char");
-printf("typedef %-18s mp_digit;  /* %d byte type */\n", 
-       $rec->[0]->[1], $rec->[0]->[0]);
-printf("typedef %-18s mp_word;   /* %d byte type */\n", 
-       $rec->[1]->[1], $rec->[1]->[0]);
-printf("typedef %-18s mp_size;\n", "unsigned int");
-printf("typedef %-18s mp_err;\n\n", "int");
-
-printf("#define %-18s (CHAR_BIT*sizeof(mp_digit))\n", "DIGIT_BIT");
-printf("#define %-18s %s\n", "DIGIT_MAX", $TMAX{$rec->[0]->[1]});
-printf("#define %-18s (CHAR_BIT*sizeof(mp_word))\n", "MP_WORD_BIT");
-printf("#define %-18s %s\n\n", "MP_WORD_MAX", $TMAX{$rec->[1]->[1]});
-printf("#define %-18s (DIGIT_MAX+1)\n\n", "RADIX");
-
-printf("#define %-18s \"%%0%dX\"\n", "DIGIT_FMT", (2 * $rec->[0]->[0]));
-
-exit 0;
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/utils/LICENSE
+++ /dev/null
@@ -1,4 +0,0 @@
-Within this directory, each of the file listed below is licensed under 
-the terms given in the file LICENSE-MPL, also in this directory.
-
-PRIMES
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL
+++ /dev/null
@@ -1,3 +0,0 @@
-This Source Code Form is subject to the terms of the Mozilla Public
-License, v. 2.0. If a copy of the MPL was not distributed with this
-file, You can obtain one at http://mozilla.org/MPL/2.0/.
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/utils/PRIMES
+++ /dev/null
@@ -1,41 +0,0 @@
-Probable primes (sorted by number of significant bits)
-
- 128: 81386202757205669562183851789305348631
-
- 128: 180241813863264101444573802809858694397
-
- 128: 245274683055224433281596312431122059021
-
- 128: 187522309397665259809392608791686659539
-
- 256: 83252422946206411852330647237287722547866360773229941071371588246436\
-      513990159
-
- 256: 79132571131322331023736933767063051273085304521895229780914612117520\
-      058517909
-
- 256: 72081815425552909748220041100909735706208853818662000557743644603407\
-      965465527
-
- 256: 87504602391905701494845474079163412737334477797316409702279059573654\
-      274811271
-
- 512: 12233064210800062190450937494718705259777386009095453001870729392786\
-      63450255179083524798507997690270500580265258111668148238355016411719\
-      9168737693316468563
-
- 512: 12003639081420725322369909586347545220275253633035565716386136197501\
-      88208318984400479275215620499883521216480724155582768193682335576385\
-      2069481074929084063
-
-1024: 16467877625718912296741904171202513097057724053648819680815842057593\
-      20371835940722471475475803725455063836431454757000451907612224427007\
-      63984592414360595161051906727075047683803534852982766542661204179549\
-      77327573530800542562611753617736693359790119074768292178493884576587\
-      0230450429880021317876149636714743053
-
-1024: 16602953991090311275234291158294516471009930684624948451178742895360\
-      86073703307475884280944414508444679430090561246728195735962931545473\
-      40743240318558456247740186704660778277799687988031119436541068736925\
-      20563780233711166724859277827382391527748470939542560819625727876091\
-      5372193745283891895989104479029844957
deleted file mode 100644
--- a/security/nss/lib/freebl/mpi/utils/README
+++ /dev/null
@@ -1,206 +0,0 @@
-This Source Code Form is subject to the terms of the Mozilla Public
-License, v. 2.0. If a copy of the MPL was not distributed with this
-file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-Additional MPI utilities
-------------------------
-
-The files 'mpprime.h' and 'mpprime.c' define some useful extensions to
-the MPI library for dealing with prime numbers (in particular, testing
-for divisbility, and the Rabin-Miller probabilistic primality test).
-
-The files 'mplogic.h' and 'mplogic.c' define extensions to the MPI
-library for doing bitwise logical operations and shifting.
-
-This document assumes you have read the help file for the MPI library
-and understand its conventions.
-
-Divisibility (mpprime.h)
-------------
-
-To test a number for divisibility by another number:
-
-mpp_divis(a, b)		- test if b|a
-mpp_divis_d(a, d)	- test if d|a
-
-Each of these functions returns MP_YES if its initial argument is
-divisible by its second, or MP_NO if it is not.  Other errors may be