Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 2.
authorWan-Teh Chang <wtc@google.com>
Fri, 25 Apr 2014 06:06:01 -0700
changeset 180551 949b53bb379cb3dc62c4858327ec0874fb4867e4
parent 180550 c1689525c1af804c9f23e3d6fc4d1bf8c7fa1138
child 180552 a0fb78183db0df06d7c1354f307ae96506d0c761
push id272
push userpvanderbeken@mozilla.com
push dateMon, 05 May 2014 16:31:18 +0000
bugs993569
milestone31.0a1
Bug 993569 - Update Mozilla 31 to use NSS 3.16.1 Beta 2.
security/nss/TAG-INFO
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/bltest/tests/aes_cbc/ciphertext1
security/nss/cmd/bltest/tests/aes_cbc/ciphertext10
security/nss/cmd/bltest/tests/aes_cbc/ciphertext11
security/nss/cmd/bltest/tests/aes_cbc/ciphertext12
security/nss/cmd/bltest/tests/aes_cbc/ciphertext13
security/nss/cmd/bltest/tests/aes_cbc/ciphertext14
security/nss/cmd/bltest/tests/aes_cbc/ciphertext15
security/nss/cmd/bltest/tests/aes_cbc/ciphertext16
security/nss/cmd/bltest/tests/aes_cbc/ciphertext17
security/nss/cmd/bltest/tests/aes_cbc/ciphertext18
security/nss/cmd/bltest/tests/aes_cbc/ciphertext19
security/nss/cmd/bltest/tests/aes_cbc/ciphertext2
security/nss/cmd/bltest/tests/aes_cbc/ciphertext20
security/nss/cmd/bltest/tests/aes_cbc/ciphertext21
security/nss/cmd/bltest/tests/aes_cbc/ciphertext22
security/nss/cmd/bltest/tests/aes_cbc/ciphertext23
security/nss/cmd/bltest/tests/aes_cbc/ciphertext24
security/nss/cmd/bltest/tests/aes_cbc/ciphertext3
security/nss/cmd/bltest/tests/aes_cbc/ciphertext4
security/nss/cmd/bltest/tests/aes_cbc/ciphertext5
security/nss/cmd/bltest/tests/aes_cbc/ciphertext6
security/nss/cmd/bltest/tests/aes_cbc/ciphertext7
security/nss/cmd/bltest/tests/aes_cbc/ciphertext8
security/nss/cmd/bltest/tests/aes_cbc/ciphertext9
security/nss/cmd/bltest/tests/aes_cbc/iv1
security/nss/cmd/bltest/tests/aes_cbc/iv10
security/nss/cmd/bltest/tests/aes_cbc/iv11
security/nss/cmd/bltest/tests/aes_cbc/iv12
security/nss/cmd/bltest/tests/aes_cbc/iv13
security/nss/cmd/bltest/tests/aes_cbc/iv14
security/nss/cmd/bltest/tests/aes_cbc/iv15
security/nss/cmd/bltest/tests/aes_cbc/iv16
security/nss/cmd/bltest/tests/aes_cbc/iv17
security/nss/cmd/bltest/tests/aes_cbc/iv18
security/nss/cmd/bltest/tests/aes_cbc/iv19
security/nss/cmd/bltest/tests/aes_cbc/iv2
security/nss/cmd/bltest/tests/aes_cbc/iv20
security/nss/cmd/bltest/tests/aes_cbc/iv21
security/nss/cmd/bltest/tests/aes_cbc/iv22
security/nss/cmd/bltest/tests/aes_cbc/iv23
security/nss/cmd/bltest/tests/aes_cbc/iv24
security/nss/cmd/bltest/tests/aes_cbc/iv3
security/nss/cmd/bltest/tests/aes_cbc/iv4
security/nss/cmd/bltest/tests/aes_cbc/iv5
security/nss/cmd/bltest/tests/aes_cbc/iv6
security/nss/cmd/bltest/tests/aes_cbc/iv7
security/nss/cmd/bltest/tests/aes_cbc/iv8
security/nss/cmd/bltest/tests/aes_cbc/iv9
security/nss/cmd/bltest/tests/aes_cbc/key1
security/nss/cmd/bltest/tests/aes_cbc/key10
security/nss/cmd/bltest/tests/aes_cbc/key11
security/nss/cmd/bltest/tests/aes_cbc/key12
security/nss/cmd/bltest/tests/aes_cbc/key13
security/nss/cmd/bltest/tests/aes_cbc/key14
security/nss/cmd/bltest/tests/aes_cbc/key15
security/nss/cmd/bltest/tests/aes_cbc/key16
security/nss/cmd/bltest/tests/aes_cbc/key17
security/nss/cmd/bltest/tests/aes_cbc/key18
security/nss/cmd/bltest/tests/aes_cbc/key19
security/nss/cmd/bltest/tests/aes_cbc/key2
security/nss/cmd/bltest/tests/aes_cbc/key20
security/nss/cmd/bltest/tests/aes_cbc/key21
security/nss/cmd/bltest/tests/aes_cbc/key22
security/nss/cmd/bltest/tests/aes_cbc/key23
security/nss/cmd/bltest/tests/aes_cbc/key24
security/nss/cmd/bltest/tests/aes_cbc/key3
security/nss/cmd/bltest/tests/aes_cbc/key4
security/nss/cmd/bltest/tests/aes_cbc/key5
security/nss/cmd/bltest/tests/aes_cbc/key6
security/nss/cmd/bltest/tests/aes_cbc/key7
security/nss/cmd/bltest/tests/aes_cbc/key8
security/nss/cmd/bltest/tests/aes_cbc/key9
security/nss/cmd/bltest/tests/aes_cbc/mktst.sh
security/nss/cmd/bltest/tests/aes_cbc/numtests
security/nss/cmd/bltest/tests/aes_cbc/plaintext1
security/nss/cmd/bltest/tests/aes_cbc/plaintext10
security/nss/cmd/bltest/tests/aes_cbc/plaintext11
security/nss/cmd/bltest/tests/aes_cbc/plaintext12
security/nss/cmd/bltest/tests/aes_cbc/plaintext13
security/nss/cmd/bltest/tests/aes_cbc/plaintext14
security/nss/cmd/bltest/tests/aes_cbc/plaintext15
security/nss/cmd/bltest/tests/aes_cbc/plaintext16
security/nss/cmd/bltest/tests/aes_cbc/plaintext17
security/nss/cmd/bltest/tests/aes_cbc/plaintext18
security/nss/cmd/bltest/tests/aes_cbc/plaintext19
security/nss/cmd/bltest/tests/aes_cbc/plaintext2
security/nss/cmd/bltest/tests/aes_cbc/plaintext20
security/nss/cmd/bltest/tests/aes_cbc/plaintext21
security/nss/cmd/bltest/tests/aes_cbc/plaintext22
security/nss/cmd/bltest/tests/aes_cbc/plaintext23
security/nss/cmd/bltest/tests/aes_cbc/plaintext24
security/nss/cmd/bltest/tests/aes_cbc/plaintext3
security/nss/cmd/bltest/tests/aes_cbc/plaintext4
security/nss/cmd/bltest/tests/aes_cbc/plaintext5
security/nss/cmd/bltest/tests/aes_cbc/plaintext6
security/nss/cmd/bltest/tests/aes_cbc/plaintext7
security/nss/cmd/bltest/tests/aes_cbc/plaintext8
security/nss/cmd/bltest/tests/aes_cbc/plaintext9
security/nss/cmd/bltest/tests/aes_cbc/test1.txt
security/nss/cmd/bltest/tests/aes_cbc/test10.txt
security/nss/cmd/bltest/tests/aes_cbc/test11.txt
security/nss/cmd/bltest/tests/aes_cbc/test12.txt
security/nss/cmd/bltest/tests/aes_cbc/test13.txt
security/nss/cmd/bltest/tests/aes_cbc/test14.txt
security/nss/cmd/bltest/tests/aes_cbc/test15.txt
security/nss/cmd/bltest/tests/aes_cbc/test16.txt
security/nss/cmd/bltest/tests/aes_cbc/test17.txt
security/nss/cmd/bltest/tests/aes_cbc/test18.txt
security/nss/cmd/bltest/tests/aes_cbc/test19.txt
security/nss/cmd/bltest/tests/aes_cbc/test2.txt
security/nss/cmd/bltest/tests/aes_cbc/test20.txt
security/nss/cmd/bltest/tests/aes_cbc/test21.txt
security/nss/cmd/bltest/tests/aes_cbc/test22.txt
security/nss/cmd/bltest/tests/aes_cbc/test23.txt
security/nss/cmd/bltest/tests/aes_cbc/test24.txt
security/nss/cmd/bltest/tests/aes_cbc/test3.txt
security/nss/cmd/bltest/tests/aes_cbc/test4.txt
security/nss/cmd/bltest/tests/aes_cbc/test5.txt
security/nss/cmd/bltest/tests/aes_cbc/test6.txt
security/nss/cmd/bltest/tests/aes_cbc/test7.txt
security/nss/cmd/bltest/tests/aes_cbc/test8.txt
security/nss/cmd/bltest/tests/aes_cbc/test9.txt
security/nss/cmd/bltest/tests/aes_ecb/ciphertext1
security/nss/cmd/bltest/tests/aes_ecb/ciphertext2
security/nss/cmd/bltest/tests/aes_ecb/ciphertext3
security/nss/cmd/bltest/tests/aes_ecb/ciphertext4
security/nss/cmd/bltest/tests/aes_ecb/ciphertext5
security/nss/cmd/bltest/tests/aes_ecb/ciphertext6
security/nss/cmd/bltest/tests/aes_ecb/key1
security/nss/cmd/bltest/tests/aes_ecb/key2
security/nss/cmd/bltest/tests/aes_ecb/key3
security/nss/cmd/bltest/tests/aes_ecb/key4
security/nss/cmd/bltest/tests/aes_ecb/key5
security/nss/cmd/bltest/tests/aes_ecb/key6
security/nss/cmd/bltest/tests/aes_ecb/mktst.sh
security/nss/cmd/bltest/tests/aes_ecb/plaintext1
security/nss/cmd/bltest/tests/aes_ecb/plaintext2
security/nss/cmd/bltest/tests/aes_ecb/plaintext3
security/nss/cmd/bltest/tests/aes_ecb/plaintext4
security/nss/cmd/bltest/tests/aes_ecb/plaintext5
security/nss/cmd/bltest/tests/aes_ecb/plaintext6
security/nss/cmd/bltest/tests/aes_ecb/test1.txt
security/nss/cmd/bltest/tests/aes_ecb/test2.txt
security/nss/cmd/bltest/tests/aes_ecb/test3.txt
security/nss/cmd/bltest/tests/aes_ecb/test4.txt
security/nss/cmd/bltest/tests/aes_ecb/test5.txt
security/nss/cmd/bltest/tests/aes_ecb/test6.txt
security/nss/cmd/libpkix/pkix/params/test_buildparams.c
security/nss/cmd/libpkix/pkixutil/pkixutil.c
security/nss/cmd/modutil/modutil.c
security/nss/cmd/modutil/modutil.h
security/nss/cmd/modutil/pk11.c
security/nss/coreconf/WIN32.mk
security/nss/coreconf/coreconf.dep
security/nss/lib/cryptohi/cryptohi.h
security/nss/lib/cryptohi/keyhi.h
security/nss/lib/cryptohi/seckey.c
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/ctr.c
security/nss/lib/freebl/ctr.h
security/nss/lib/freebl/ecdecode.c
security/nss/lib/freebl/intel-aes-x64-masm.asm
security/nss/lib/freebl/intel-aes-x86-masm.asm
security/nss/lib/freebl/intel-aes.h
security/nss/lib/freebl/intel-gcm-wrap.c
security/nss/lib/freebl/intel-gcm-x64-masm.asm
security/nss/lib/freebl/intel-gcm-x86-masm.asm
security/nss/lib/freebl/intel-gcm.h
security/nss/lib/freebl/ldvector.c
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/loader.h
security/nss/lib/freebl/manifest.mn
security/nss/lib/freebl/rijndael.c
security/nss/lib/freebl/stubs.c
security/nss/lib/freebl/stubs.h
security/nss/lib/libpkix/pkix/params/pkix_buildparams.c
security/nss/lib/libpkix/pkix/params/pkix_buildparams.h
security/nss/lib/nss/nss.def
security/nss/lib/pk11wrap/pk11akey.c
security/nss/lib/pk11wrap/pk11cxt.c
security/nss/lib/pk11wrap/pk11pub.h
security/nss/lib/pk11wrap/pk11skey.c
security/nss/lib/pk11wrap/pk11slot.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/pk11wrap/secmod.h
security/nss/lib/pk11wrap/secmodi.h
security/nss/lib/pk11wrap/secmodt.h
security/nss/lib/softoken/ecdecode.c
security/nss/lib/softoken/manifest.mn
security/nss/lib/softoken/softoken.h
security/nss/lib/ssl/sslt.h
security/nss/lib/util/secdig.h
security/nss/lib/util/utilmodt.h
security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert
security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert
security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_16_1_BETA1
+NSS_3_16_1_BETA2
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -2933,102 +2933,113 @@ get_params(PLArenaPool *arena, bltestPar
 	break;
     }
 }
 
 SECStatus
 verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode,
 		 PRBool forward, SECStatus sigstatus)
 {
-    int res;
+    PRBool equal;
     char *modestr = mode_strings[mode];
-    res = SECITEM_CompareItem(&result->pBuf, &cmp->buf);
+    equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf);
     if (is_sigCipher(mode)) {
 	if (forward) {
-	    if (res == 0) {
+	    if (equal) {
 		printf("Signature self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Signature self-test for %s failed!\n", modestr);
 	    }
+	    return equal ? SECSuccess : SECFailure;
 	} else {
 	    if (sigstatus == SECSuccess) {
 		printf("Verification self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Verification self-test for %s failed!\n", modestr);
 	    }
+	    return sigstatus;
 	}
-	return sigstatus;
     } else if (is_hashCipher(mode)) {
-	if (res == 0) {
+	if (equal) {
 	    printf("Hash self-test for %s passed.\n", modestr);
 	} else {
 	    printf("Hash self-test for %s failed!\n", modestr);
 	}
     } else {
 	if (forward) {
-	    if (res == 0) {
+	    if (equal) {
 		printf("Encryption self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Encryption self-test for %s failed!\n", modestr);
 	    }
 	} else {
-	    if (res == 0) {
+	    if (equal) {
 		printf("Decryption self-test for %s passed.\n", modestr);
 	    } else {
 		printf("Decryption self-test for %s failed!\n", modestr);
 	    }
 	}
     }
-    return (res != 0);
+    return equal ? SECSuccess : SECFailure;
+}
+
+static SECStatus
+ReadFileToItem(SECItem *dst, const char *filename)
+{
+    PRFileDesc *file;
+    SECStatus rv;
+
+    file = PR_Open(filename, PR_RDONLY, 00660);
+    if (!file) {
+	return SECFailure;
+    }
+    rv = SECU_FileToItem(dst, file);
+    PR_Close(file);
+    return rv;
 }
 
 static SECStatus
 blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
                PRBool encrypt, PRBool decrypt)
 {
     bltestCipherInfo cipherInfo;
     bltestIO pt, ct;
     bltestCipherMode mode;
     bltestParams *params;
     int i, j, nummodes, numtests;
     char *modestr;
     char filename[256];
-    PRFileDesc *file;
     PLArenaPool *arena;
     SECItem item;
-    PRBool finished;
     SECStatus rv = SECSuccess, srv;
 
     PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo));
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     cipherInfo.arena = arena;
 
-    finished = PR_FALSE;
     nummodes = (numModes == 0) ? NUMMODES : numModes;
-    for (i=0; i < nummodes && !finished; i++) {
+    for (i=0; i < nummodes; i++) {
 	if (numModes > 0)
 	    mode = modes[i];
 	else
 	    mode = i;
 	if (mode == bltestINVALID) {
 	    fprintf(stderr, "%s: Skipping invalid mode.\n",progName);
 	    continue;
 	}
 	modestr = mode_strings[mode];
 	cipherInfo.mode = mode;
 	params = &cipherInfo.params;
 	/* get the number of tests in the directory */
 	sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
-	file = PR_Open(filename, PR_RDONLY, 00660);
-	if (!file) {
-	    fprintf(stderr, "%s: File %s does not exist.\n", progName,filename);
-	    return SECFailure;
+	if (ReadFileToItem(&item, filename) != SECSuccess) {
+	    fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename);
+	    rv = SECFailure;
+	    continue;
 	}
-	rv = SECU_FileToItem(&item, file);
-	PR_Close(file);
 	/* loop over the tests in the directory */
 	numtests = 0;
 	for (j=0; j<item.len; j++) {
 	    if (!isdigit(item.data[j])) {
 		break;
 	    }
 	    numtests *= 10;
 	    numtests += (int) (item.data[j] - '0');
@@ -3043,49 +3054,44 @@ blapi_selftest(bltestCipherMode *modes, 
 	            "ciphertext", j);
 	    load_file_data(arena, &ct, filename, bltestBase64Encoded);
 
 	    get_params(arena, params, mode, j);
 	    /* Forward Operation (Encrypt/Sign/Hash)
 	    ** Align the input buffer (plaintext) according to request
 	    ** then perform operation and compare to ciphertext
 	    */
-	    /* XXX for now */
-	    rv = SECSuccess;
 	    if (encrypt) {
 		bltestCopyIO(arena, &cipherInfo.input, &pt);
 		misalignBuffer(arena, &cipherInfo.input, inoff);
 		memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
 		rv |= cipherInit(&cipherInfo, PR_TRUE);
 		misalignBuffer(arena, &cipherInfo.output, outoff);
 		rv |= cipherDoOp(&cipherInfo);
 		rv |= cipherFinish(&cipherInfo);
 		rv |= verify_self_test(&cipherInfo.output, 
-		                       &ct, mode, PR_TRUE, 0);
+		                       &ct, mode, PR_TRUE, SECSuccess);
 		/* If testing hash, only one op to test */
 		if (is_hashCipher(mode))
 		    continue;
-		/*if (rv) return rv;*/
 		if (is_sigCipher(mode)) {
 		    /* Verify operations support detached signature files. For
 		    ** consistency between tests that run Sign/Verify back to
 		    ** back (eg: self-tests) and tests that are only running
 		    ** verify operations, copy the output into the sig buf,
 		    ** and then copy the sig buf back out when verifying. For
 		    ** self-tests, this is unnecessary copying, but for
 		    ** verify-only operations, this ensures that the output
 		    ** buffer is properly configured
 		    */
 		    bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
 		}
 	    }
 	    if (!decrypt)
 		continue;
-	    /* XXX for now */
-	    rv = SECSuccess;
 	    /* Reverse Operation (Decrypt/Verify)
 	    ** Align the input buffer (ciphertext) according to request
 	    ** then perform operation and compare to plaintext
 	    */
 	    if (is_sigCipher(mode)) {
 		bltestCopyIO(arena, &cipherInfo.input, &pt);
 		bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
 	    } else {
@@ -3095,17 +3101,16 @@ blapi_selftest(bltestCipherMode *modes, 
 	    misalignBuffer(arena, &cipherInfo.input, inoff);
 	    rv |= cipherInit(&cipherInfo, PR_FALSE);
 	    misalignBuffer(arena, &cipherInfo.output, outoff);
 	    srv = SECSuccess;
 	    srv |= cipherDoOp(&cipherInfo);
 	    rv |= cipherFinish(&cipherInfo);
 	    rv |= verify_self_test(&cipherInfo.output, 
 	                           &pt, mode, PR_FALSE, srv);
-	    /*if (rv) return rv;*/
 	}
     }
     return rv;
 }
 
 SECStatus
 dump_file(bltestCipherMode mode, char *filename)
 {
@@ -3600,17 +3605,17 @@ int main(int argc, char **argv)
 	    !bltest.commands[cmd_Encrypt].activated)
 	    encrypt = PR_FALSE;
 	if (bltest.commands[cmd_Encrypt].activated &&
 	    !bltest.commands[cmd_Decrypt].activated)
 	    decrypt = PR_FALSE;
 	rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
 	                    encrypt, decrypt);
 	PORT_Free(cipherInfo);
-	return rv;
+	return rv == SECSuccess ? 0 : 1;
     }
 
     /* Do FIPS self-test */
     if (bltest.commands[cmd_FIPS].activated) {
 	CK_RV ckrv = sftk_fipsPowerUpSelfTest();
 	fprintf(stdout, "CK_RV: %ld.\n", ckrv);
         PORT_Free(cipherInfo);
         if (ckrv == CKR_OK)
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1
@@ -0,0 +1,1 @@
+AzZ2PpZtkllaVnzJzlN/Xg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10
@@ -0,0 +1,3 @@
+eykx9YVfcXFF4A8VKp9HlDWbH/yz5V9ZTjMJi1HCOmx0oGwdlP3tf9KuQsfbesrv
+WETLM67dxoUlhe0AIKZpnSy1OAnO/RaRSM5CKSr6sGNEOXgwbFgsGLnODaPQhM5N
+PEgs/Y/PGoUITon7iLQKCE1elyRm0HZmEm+3YfhAePI=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11
@@ -0,0 +1,3 @@
+sJUS8+/57Q2FiQmDpz2tu3w2eNUlgb5kqKj8WG9JDyUhKXpHigWYBA69D1UJ+vsJ
+afnZ5gDq7zOxuT7tmWh7Fn+JpQZarEOc5G87jSLTCGXmTkXvjNMLaYQ1OoRKEcjN
+YNug6IZrPuMNJLP6imQ7MoNT4GAQ+oJzyP1U7woraTDlUgquXNWQL5uGozWSykNl
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12
@@ -0,0 +1,4 @@
+a+ihKABFWjIFOIU+DLoxvS2A6gyFFkpMXCYa5IVBfZPv/i68DQoLUdbqGGM9IQz2
+PAxN28J2B/LoHtkRMZHvhtVvO5m+bEFaQVApn7hGznFgtAtjuvEXnRknWi6DaYN2
+0ouSVIxo4G5tmU4sFQHtKXAU5wLN7+4vZWRHcGAJYU2AHeHKr3P4t/pWzxupS2MZ
+M7vld2JDgIUPEXQ1oDVbKw==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13
@@ -0,0 +1,1 @@
+UdRHefkNQKgASCdsA1y0nKKke8ubnPcnC5FEeTeH1T8=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14
@@ -0,0 +1,2 @@
+1fVYl2C/nHYiKP3iNt4fot0trUSNs/qb4MQZbv1Go1yE3RrHfZ21jJWRjLMXpkMK
+CNL7ao6LDxybcsejRNw0nw==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15
@@ -0,0 +1,2 @@
+dTlZdL0ys2ZWVKbI45a4iuNLEjV1hyp6tofY52tG35EailkM0B0vXDML46Zibp3T
+ql4Q7RTo/4KYEbb+1Q8/UzykOFocvKePXEdE5Q8vg1kWXCSF0TJOdsPq52oMysYp
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16
@@ -0,0 +1,3 @@
+gVjiFCDyW1nWrpQ/ocvyHwLpefQZ2rASanIbfu9Vvumtl/XM/30jkFe7wZqMN4FC
+92cvHV5+F9e+vLAHDoNVys5mYBcaU7YYFq6CSm72nORwtv/TtbtLQ4h02R0nhU07
+byWGDTholY3jMH1isTOb3duKMYwM4PM8F8rw6fYECCA=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17
@@ -0,0 +1,3 @@
+km2ySMwbog8MV2MafIrvCU95GTe5BZSeNGAkDov6b6SDEVobMQtuQ2nK68UmKIg3
+ex3apYAOpJaivf8PmhAx5xKcmiDjViHn8Li6yg2HAw8q58qFk8hZlnegb9SyYAnq
+0I/srCTKqc8srTtHDIInQVp7Hg8uqz+tltcKIJyLsmxidnfiUxuUNcpuPERNGVtf
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18
@@ -0,0 +1,4 @@
+yCzyxHbeqMtqbmB6QNLwORvoLqnshKU3poIPmvuZe3Y5fQBUJPqmp03E6MeqSokA
+aQ+JS20dyoBnU5PSJDrax2LxWTAeNX6YtyR2IxDNWnuv4cKgMNukb9k6n9uJzBMs
+qcF9xyAx7Ggi7lqdmdvKZseEwBsIhcu2LinZeAGSfsQVpdIVFY0yX57miUN60bdo
+StM8DZJzlFGsh/Of+MMbhA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19
@@ -0,0 +1,1 @@
+L6Dfciqf07ZMsY+ys9tV/yJnQidXKJQT+PZXUHQSpkw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2
@@ -0,0 +1,1 @@
+qaFjG/SZaVTrwJOVeyNFiQ==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20
@@ -0,0 +1,2 @@
+BdXHdylCGwi3N+QRGfpEONH1cMx3Kk1sPff/7aA4TvhCiM43/ExMfRElpJmwUTZM
+OJ/WOb3aZH2qO9rasutVlA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21
@@ -0,0 +1,2 @@
+rD1tuv4uD3QGMv2eggv2BEzVsVUcu5zAPAslw5zLfzO4Oqz8pAoyZfK7/4eRU0SK
+ysuI/Ps7t7EP5GOmjAEJ8Cg4Lj5VexrfAu1kira7iV3wIF0m67+ppf2M69jkvuPc
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22
@@ -0,0 +1,3 @@
+kLe5YwojePU/UBq3vv8DkVUAgHG8hDjniZMs/T6xKZGVRl5mM4SUY/20Q3Unji/b
+ExCCHmSSz4D/Fct3JQn7Qm867uJ71JOIgv0q5rW9nZH6SkOxe7Q5675ZwEIxAWOo
+Kl/lOIeW7uNaGBoScfAL4puFLY+nWbrQH/RnjwEFlM0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23
@@ -0,0 +1,3 @@
+AlSyNGO8q+xaOV63TI+w6xN6B7xvXp9h7AsFfeMFcU+PopQiHJGhWcMVk5uB4wDu
+kCGS7F8VJUQo2HcveTJOxDKYyiHACzcCc+5eXtkOQ++h4FpdFxIJ/jT58pI326Km
+cmZQ/TsTIXR9EgiGPGw8az4th5q18leC8Iuo8qu+Y+C+20oifoGvs2u2ZFUINW00
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24
@@ -0,0 +1,4 @@
+/Fhz5Q3o+vTGuEunB7CFTp25qy6ffXB/u6M4xoQ6GPxvrOuvZj0mKW+zKbTSbxhJ
+THngnneWR/m6+odIljDXn0MBYQwjAMGdvzFIt8rIxPSUQQJ1TzMukrb3xedbxhee
+uHegeNRxkAkCF0TBTxP9KlWiucRNGAAGhahFpPYyx8VqdzBu+maiTQXQiNzXwT/i
+T8RHJ1ll255NN/vJMERIzQ==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3
@@ -0,0 +1,1 @@
+J1z8BBPYzLcFE8OFmx0Pcg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4
@@ -0,0 +1,1 @@
+ybgTX/G1rcQT39BTshvZbQ==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5
@@ -0,0 +1,1 @@
+XJ2ETtRvmIUIXl1qT5TH1w==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6
@@ -0,0 +1,1 @@
+qf91vXz2YT03Mcd8O20MBA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7
@@ -0,0 +1,1 @@
+xNxh2XJZZ6MCAQSpc48jhoUnzoOaqxdS/YvblagsTQA=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8
@@ -0,0 +1,2 @@
+Gblgl3LGPzOGCL9utSyhC+ZQl/icHgkFxCQB/Ud5GuLFRAstRzEWyni9n/L7YBXP
+0xZSTq59y5Wuc46+roSkZw==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9
@@ -0,0 +1,2 @@
+O4YRv8SXPFzY6YKwc7MxhM0mEQFZFy5EmI61/1ZhoeFvrWclj8v+5VRpJnoS3DdI
+k7TjUz029WNMMJVYNZbxNaqM0RONyJi8VlHuNakuv4mrautTZmU7xgpw4AdPwR7+
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv10
@@ -0,0 +1,1 @@
+4n\ЮXS,
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv11
@@ -0,0 +1,1 @@
+$_&[v
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv12
@@ -0,0 +1,1 @@
+/H$J
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv13
@@ -0,0 +1,1 @@
+f~My`P[
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv14
@@ -0,0 +1,1 @@
+Y R9<8
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv15
@@ -0,0 +1,1 @@
+6긃lÏc(F
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv16
@@ -0,0 +1,1 @@
+țЗëOHm
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv17
@@ -0,0 +1,1 @@
+(3E
<
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv18
@@ -0,0 +1,1 @@
+$@8,{cU
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv19
@@ -0,0 +1,1 @@
+47EquW
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv20
@@ -0,0 +1,1 @@
++̻lIH*V
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv21
@@ -0,0 +1,2 @@

+SE
;
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv22
@@ -0,0 +1,1 @@
+LYcY`&u>I
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..99b22495ccacd11ae5c41ccdd2a241b9470d3a3b
GIT binary patch
literal 16
Yc$^D7Ci&;XCVQSr)h`UoPMyvL07fVXQ~&?~
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv24
@@ -0,0 +1,1 @@
+ՁӶ꡵?~
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv7
@@ -0,0 +1,1 @@
+X<e/40e
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv8
@@ -0,0 +1,1 @@
+	]`i|J
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/iv9
@@ -0,0 +1,1 @@
+e60ָBz
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key10
@@ -0,0 +1,1 @@
+đ1E)%Ux
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key11
@@ -0,0 +1,1 @@
+}qMnjhjq
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key12
@@ -0,0 +1,1 @@
+,A7Q'0W6xk
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key13
@@ -0,0 +1,1 @@
+곱XsQ.k!
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key14
@@ -0,0 +1,1 @@
+{{Mi~ϖuy|5
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key15
@@ -0,0 +1,1 @@
+uZ	Ӊ<ɸTT
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..71afcb384f652847a5a15141d4bec356a5376dc6
GIT binary patch
literal 24
gc%1vqd43+l?H|n<bJ^!iVkkerZe!TV9lC2P0F>1W1poj5
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key17
@@ -0,0 +1,1 @@
+<g)NfOE(3
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key18
@@ -0,0 +1,1 @@
+*JUWk,jMK^
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key19
@@ -0,0 +1,1 @@
+lkL(eNlC3ۛ_w`gԝ
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key20
@@ -0,0 +1,1 @@
+cqj[Z=Kѯszޞc
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key21
@@ -0,0 +1,2 @@
+s3\i
+YMH҂*
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key22
@@ -0,0 +1,1 @@
+Eg!- 9 eX-"8R&
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key23
@@ -0,0 +1,1 @@
+A-]s+d)WG;ʋp

\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key24
@@ -0,0 +1,1 @@
+HY~c,w#$Z]
;vS+
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
Kc${NkzzzTa7ytnP
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
Kc${NkzzzTa7ytnP
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
Kc${Nkzz+ZbAOHaX
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
Kc${Nkzz+ZbAOHaX
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c1e46cee5edf8442a908610bfa0210df55912925
GIT binary patch
literal 16
Xc${NrxW>HjsK}G-#EH9{xvY2qGus8}
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key8
@@ -0,0 +1,1 @@
+Wn
>+9
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/key9
@@ -0,0 +1,1 @@
+緺O|4F^
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+    file="test$i.txt"
+    grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i
+    grep "IV = "  $file | sed -e 's;IV = ;;' | hex > iv$i
+    grep "PLAINTEXT = "  $file | sed -e 's;PLAINTEXT = ;;' | hex  > plaintext$i
+    grep "CIPHERTEXT = "  $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin
+    btoa < ciphertext$i.bin > ciphertext$i
+    rm ciphertext$i.bin
+done
--- a/security/nss/cmd/bltest/tests/aes_cbc/numtests
+++ b/security/nss/cmd/bltest/tests/aes_cbc/numtests
@@ -1,1 +1,1 @@
-7
+25
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext1
@@ -0,0 +1,1 @@
+D<']s
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext10
@@ -0,0 +1,2 @@
+jx~
Ve3l@QRd.My^{ҧL.TS
+ykǚMvъGflMPfTG6³$k{mE_ٿ켦5ΛE˝
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext11
@@ -0,0 +1,1 @@
++<s
rmiUZ;D_&;цnMmt {̞Gʺ8#QٍnkKԫϞߡϖ; g}wmn~?tHDP6S6\?ۄO)
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext12
@@ -0,0 +1,1 @@
+@0S4فo??jWuESi:aIi֦>ͼL`"W	2mM甎TR#D0~7y-@%_B@Ct8>'s;Uw/`?{,b6+q]?
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext13
@@ -0,0 +1,1 @@
+NLh#!mi9:-Yt@
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext14
@@ -0,0 +1,1 @@
+78wT"/L-+
y[A0#FhŎIyҖyO
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext15
@@ -0,0 +1,1 @@
+/_:X :kd1:4~8W#;wS.Qp<IVC.NBjؽl*Ǚo;`gA=JReJ3M
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext16
@@ -0,0 +1,1 @@
+v(g,$ѝDYm&ǚ/qz2j$2c|s%5eE<"bAؙjpKWԆ#"?)vF _?'7\y'
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext17
@@ -0,0 +1,2 @@
+[1ؾm6JXcJCkUҞArqqm;.PkE 搃J0A%N@}B7y/בMufBu/k=2j饷
+VWFM99 ?~ߎ~d1@p藴k+@EP3w5B
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4858130f6624513fd3967636d0a94fa32080b18c
GIT binary patch
literal 160
zc$@*C0AK&UioXDm6JwZqg3Nc&?2&1EqlJH-PlUaBKx`9@0%?x`GIr2Jks!YGSB-f7
z%D#>V4iRw+KME&Ay;4I?#{d<GOc)-${ZYmQryNq`z~K<QK#bI4vPh^4ii*H%xl*hh
zf3DF)fPWfu8-MG{_k&kr-u{y8&&R2hP8@J7|K_}gb3W4{LNOr-TEH#%mMhD_lW>ym
OzYdV7vJO4i!bGmGT}_$*
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0d6ad5e8c8ce9227c5d865f9611d744f34fa2470
GIT binary patch
literal 32
oc$^D(`R?JGpa#wtr_Y*ZmUhTbEehFaKk@ppG+hBhg`n3A03N;%bN~PV
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext2
@@ -0,0 +1,1 @@
+du"}Nr
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext20
@@ -0,0 +1,1 @@
+7%k1sXIC{4ɿOւ5&zan%JV}֎L8V;c
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext21
@@ -0,0 +1,1 @@
+:ަnBAw^7$^OdH2[`4[xe"n<v-]g'?zo<IpWa?F@Pz߰
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..a36a7f9da083ee25e73838e070e3de67a1b2cd7f
GIT binary patch
literal 128
zc$@)%0Du1_Z`VBITI1@RCEY5NR7pOT*keEDGqquM+~{~*<=eZ2+w#bw?y>1>QHhoX
z<ncSa5xG0|^P4njz7&OvTXGFbQY|+A?Rqktn;wNMl7Pg0xC5LQ#F7<ppnVu*5`!?{
ioG^{vp=nN)$VCA0rXFEIm*{FR?81%qOv^maR5z+EaY7;h
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..5201604a5f4b52d856f9f60dffe7a2dcfb10df1a
GIT binary patch
literal 144
zc$@){0B`>SU<Sme8W;?jDS}O%30se<sBgsjCG4zW*kAVElHaIsCWyc)C@dR_^hB2j
z@-21g8Ib{9vLkfKUym7GTd=R|0|XEFmR=4MIoqXWJ{M1lrJ=K*<E(?6;|HYVOHYp*
y0Au$!>=>-u|1Q7abA#tJRfi+zLGYo2ZLi;*=pqoQB#Xflv%$QJP9-d$8`uK{W<=Ql
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..42c59ead887f692e13b6e5bbfe82c26331c34b2e
GIT binary patch
literal 160
zc$@*C0AK$MW7HGVhDC7a3$|g4_@ud5RfcGcGP|Iq?7=oKt*1)bGQ}#-(W-Prx>kEm
zeX8vD%p9_jg0B`z<s&NqC}?R`HCdPksi*LI9}|9;vEj+uyot7@<gcmQSXJ$+S5Q`{
z^!Owq79=aM!d5X2oidmvtTjDxU!$LZ&cQ_1LPc2l_Y0WGAPH^{EQMWJNQIyVC5R54
O`*T5K&d&EN@G!VcN=~-`
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext3
@@ -0,0 +1,1 @@
+zj)xmu9
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext4
@@ -0,0 +1,1 @@
+-BWdӚ#
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext5
@@ -0,0 +1,2 @@
+G0
+%&T}
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext6
@@ -0,0 +1,1 @@
+$6<f_(%״t
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext7
@@ -0,0 +1,1 @@
+%ǿ& 092y
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext8
@@ -0,0 +1,1 @@
+TT"`7?6$n.yZniAr+ڼ,FW 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext9
@@ -0,0 +1,2 @@
+*,CVtGFT4m&ݼ@yK⩠
+QQ@'5H
CN`Sv7%(sQ:ŴDdg_x
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test1.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 00000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6
+CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test10.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = c491ca31f91708458e29a925ec558d78
+IV = 9ef934946e5cd0ae97bd58532cb49381
+PLAINTEXT = cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d
+CIPHERTEXT = 7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test11.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = f6e87d71b0104d6eb06a68dc6a71f498
+IV = 1c245f26195b76ebebc2edcac412a2f8
+PLAINTEXT = f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729
+CIPHERTEXT = b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test12.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 2c14413751c31e2730570ba3361c786b
+IV = 1dbbeb2f19abb448af849796244a19d7
+PLAINTEXT = 40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f
+CIPHERTEXT = 6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test13.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21
+IV = f3d6667e8d4d791e60f7505ba383eb05
+PLAINTEXT = 9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4
+CIPHERTEXT = 51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test14.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = 067bb17b4df785697eaccf961f98e212cb75e6797ce935cb
+IV = 8b59c9209c529ca8391c9fc0ce033c38
+PLAINTEXT = db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f
+CIPHERTEXT = d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test15.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4
+IV = 36eab883afef936cc38f63284619cd19
+PLAINTEXT = 931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce
+CIPHERTEXT = 75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test16.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = fb09cf9e00dbf883689d079c920077c0073c31890b55bab5
+IV = e3c89bd097c3abddf64f4881db6dbfe2
+PLAINTEXT = c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27
+CIPHERTEXT = 8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test17.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7
+IV = 92a47f2833f1450d1da41717bdc6e83c
+PLAINTEXT = 5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede
+CIPHERTEXT = 926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test18.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee
+IV = 24408038161a2ccae07b029bb66355c1
+PLAINTEXT = be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae
+CIPHERTEXT = c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test19.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae
+IV = fdeaa134c8d7379d457175fd1a57d3fc
+PLAINTEXT = 50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00
+CIPHERTEXT = 2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test2.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 00000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 9798c4640bad75c7c3227db910174e72
+CIPHERTEXT = a9a1631bf4996954ebc093957b234589
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test20.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = 0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5
+IV = c0cd2bebccbb6c49920bd5482ac756e8
+PLAINTEXT = 8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c
+CIPHERTEXT = 05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test21.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = 73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a
+IV = b3cb97a80a539912b8c21f450d3b9395
+PLAINTEXT = 3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10
+CIPHERTEXT = ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test22.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = 458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d
+IV = 4c12effc5963d40459602675153e9649
+PLAINTEXT = 256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa
+CIPHERTEXT = 90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test23.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89
+IV = 51c619fcf0b23f0c7925f400a6cacb6d
+PLAINTEXT = 026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803
+CIPHERTEXT = 0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test24.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b
+IV = d6d581b8cf04ebd3b6eaa1b53f047ee1
+PLAINTEXT = 0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8
+CIPHERTEXT = fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test3.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 1b077a6af4b7f98229de786d7516b639
+CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test4.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1
+CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test5.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 014730f80ac625fe84f026c60bfd547d
+CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test6.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98
+CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test7.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 0700d603a1c514e46b6191ba430a3a0c
+IV = aad1583cd91365e3bb2f0c3430d065bb
+PLAINTEXT = 068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91
+CIPHERTEXT = c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test8.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = b7f3c9576e12dd0db63e8f8fac2b9a39
+IV = c80f095d8bb1a060699f7c19974a1aa0
+PLAINTEXT = 9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e
+CIPHERTEXT = 19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cbc/test9.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = bbe7b7ba07124ff1ae7c3416fe8b465e
+IV = 7f65b5ee3630bed6b84202d97fb97a1e
+PLAINTEXT = 2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187
+CIPHERTEXT = 3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext1
@@ -0,0 +1,1 @@
+AzZ2PpZtkllaVnzJzlN/Xg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext2
@@ -0,0 +1,1 @@
+qaFjG/SZaVTrwJOVeyNFiQ==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext3
@@ -0,0 +1,1 @@
+J1z8BBPYzLcFE8OFmx0Pcg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext4
@@ -0,0 +1,1 @@
+ybgTX/G1rcQT39BTshvZbQ==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext5
@@ -0,0 +1,1 @@
+XJ2ETtRvmIUIXl1qT5TH1w==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext6
@@ -0,0 +1,1 @@
+qf91vXz2YT03Mcd8O20MBA==
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
Kc${NkKm`B*5C8!H
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
Kc${NkzzzTa7ytnP
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
Kc${NkzzzTa7ytnP
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
Kc${Nkzz+ZbAOHaX
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
Kc${Nkzz+ZbAOHaX
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/mktst.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+for i in 1 2 3 4 5 6
+do
+    file="test$i.txt"
+    grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i
+    grep "PLAINTEXT = "  $file | sed -e 's;PLAINTEXT = ;;' | hex  > plaintext$i
+    grep "CIPHERTEXT = "  $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin
+    btoa < ciphertext$i.bin > ciphertext$i
+    rm ciphertext$i.bin
+done
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext1
@@ -0,0 +1,1 @@
+D<']s
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext2
@@ -0,0 +1,1 @@
+du"}Nr
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext3
@@ -0,0 +1,1 @@
+zj)xmu9
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext4
@@ -0,0 +1,1 @@
+-BWdӚ#
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext5
@@ -0,0 +1,2 @@
+G0
+%&T}
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext6
@@ -0,0 +1,1 @@
+$6<f_(%״t
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test1.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 00000000000000000000000000000000
+PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6
+CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test2.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 00000000000000000000000000000000
+PLAINTEXT = 9798c4640bad75c7c3227db910174e72
+CIPHERTEXT = a9a1631bf4996954ebc093957b234589
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test3.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 000000000000000000000000000000000000000000000000
+PLAINTEXT = 1b077a6af4b7f98229de786d7516b639
+CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test4.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 000000000000000000000000000000000000000000000000
+PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1
+CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test5.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+PLAINTEXT = 014730f80ac625fe84f026c60bfd547d
+CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_ecb/test6.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98
+CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04
deleted file mode 100644
--- a/security/nss/cmd/libpkix/pkix/params/test_buildparams.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * test_buildparams.c
- *
- * Test BuildParams Type
- *
- */
-
-#include "testutil.h"
-#include "testutil_nss.h"
-
-static void *plContext = NULL;
-
-static void
-testDestroy(void *goodObject, void *equalObject, void *diffObject)
-{
-        PKIX_TEST_STD_VARS();
-
-        subTest("PKIX_BuildParams_Destroy");
-
-        PKIX_TEST_DECREF_BC(goodObject);
-        PKIX_TEST_DECREF_BC(equalObject);
-        PKIX_TEST_DECREF_BC(diffObject);
-
-cleanup:
-
-        PKIX_TEST_RETURN();
-
-}
-
-static
-void testGetProcParams(
-        PKIX_BuildParams *goodObject,
-        PKIX_BuildParams *equalObject){
-
-        PKIX_ProcessingParams *goodProcParams = NULL;
-        PKIX_ProcessingParams *equalProcParams = NULL;
-
-        PKIX_TEST_STD_VARS();
-        subTest("PKIX_BuildParams_GetProcessingParams");
-
-        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams
-                (goodObject, &goodProcParams, NULL));
-
-        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams
-                (equalObject, &equalProcParams, NULL));
-
-        testEqualsHelper
-                ((PKIX_PL_Object *)goodProcParams,
-                (PKIX_PL_Object *)equalProcParams,
-                PKIX_TRUE,
-                plContext);
-
-cleanup:
-
-        PKIX_TEST_DECREF_AC(goodProcParams);
-        PKIX_TEST_DECREF_AC(equalProcParams);
-
-        PKIX_TEST_RETURN();
-}
-
-static
-void printUsage(char *pName){
-        printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
-}
-
-int test_buildparams(int argc, char *argv[]) {
-
-        PKIX_BuildParams *goodObject = NULL;
-        PKIX_BuildParams *equalObject = NULL;
-        PKIX_BuildParams *diffObject = NULL;
-        PKIX_UInt32 actualMinorVersion;
-        PKIX_UInt32 j = 0;
-
-        char *dataCentralDir = NULL;
-        char *goodInput = "yassir2yassir";
-        char *diffInput = "yassir2bcn";
-
-        char *expectedAscii =
-                "[\n"
-                "\tProcessing Params: \n"
-                "\t********BEGIN PROCESSING PARAMS********\n"
-                "\t\t"
-                "[\n"
-                "\tTrust Anchors: \n"
-                "\t********BEGIN LIST OF TRUST ANCHORS********\n"
-                "\t\t"
-"([\n"
-                "\tTrusted CA Name:         "
-                "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
-                "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
-                "\tInitial Name Constraints:(null)\n"
-                "]\n"
-                ", [\n"
-                "\tTrusted CA Name:         OU=bcn,OU=east,O=sun,C=us\n"
-                "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
-                "\tInitial Name Constraints:(null)\n"
-                "]\n"
-                ")\n"
-                "\t********END LIST OF TRUST ANCHORS********\n"
-                "\tDate:    \t\t(null)\n"
-                "\tTarget Constraints:    (null)\n"
-                "\tInitial Policies:      (null)\n"
-                "\tQualifiers Rejected:   FALSE\n"
-                "\tCert Stores:           (EMPTY)\n"
-                "\tResource Limits:       (null)\n"
-                "\tCRL Checking Enabled:  0\n"
-                "]\n"
-                "\n"
-                "\t********END PROCESSING PARAMS********\n"
-                "]\n";
-
-        PKIX_TEST_STD_VARS();
-
-        startTests("BuildParams");
-
-        PKIX_TEST_EXPECT_NO_ERROR(
-            PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
-        if (argc < 2){
-                printUsage(argv[0]);
-                return (0);
-        }
-
-        dataCentralDir = argv[j+1];
-
-        subTest("PKIX_BuildParams_Create");
-
-        goodObject = createBuildParams
-                (dataCentralDir,
-                goodInput,
-                diffInput,
-                NULL,
-                NULL,
-                PKIX_FALSE,
-                plContext);
-
-        equalObject = createBuildParams
-                (dataCentralDir,
-                goodInput,
-                diffInput,
-                NULL,
-                NULL,
-                PKIX_FALSE,
-                plContext);
-
-        diffObject = createBuildParams
-                (dataCentralDir,
-                diffInput,
-                goodInput,
-                NULL,
-                NULL,
-                PKIX_FALSE,
-                plContext);
-
-        testGetProcParams(goodObject, equalObject);
-
-        PKIX_TEST_EQ_HASH_TOSTR_DUP
-                (goodObject,
-                equalObject,
-                diffObject,
-                expectedAscii,
-                BuildParams,
-                PKIX_FALSE);
-
-        testDestroy(goodObject, equalObject, diffObject);
-
-cleanup:
-
-        PKIX_Shutdown(plContext);
-
-        PKIX_TEST_RETURN();
-
-        endTests("BuildParams");
-
-        return (0);
-}
--- a/security/nss/cmd/libpkix/pkixutil/pkixutil.c
+++ b/security/nss/cmd/libpkix/pkixutil/pkixutil.c
@@ -21,18 +21,16 @@ typedef int (*mainTestFn)(int argc, char
 extern int libpkix_buildthreads(int argc, char *argv[]);
 extern int nss_threads(int argc, char *argv[]);
 extern int test_certselector(int argc, char *argv[]);
 extern int test_comcertselparams(int argc, char *argv[]);
 extern int test_certchainchecker(int argc, char *argv[]);
 extern int test_comcrlselparams(int argc, char *argv[]);
 extern int test_crlselector(int argc, char *argv[]);
 
-/* This test fails to build. Need to fix                */
-/* extern int test_buildparams(int argc, char *argv[]); */
 extern int test_procparams(int argc, char *argv[]);
 extern int test_resourcelimits(int argc, char *argv[]);
 extern int test_trustanchor(int argc, char *argv[]);
 extern int test_valparams(int argc, char *argv[]);
 extern int test_buildresult(int argc, char *argv[]);
 extern int test_policynode(int argc, char *argv[]);
 extern int test_valresult(int argc, char *argv[]);
 extern int test_verifynode(int argc, char *argv[]);
@@ -99,17 +97,16 @@ typedef struct {
 testFunctionRef testFnRefTable[] = {
     {"libpkix_buildthreads",           libpkix_buildthreads},
     {"nss_threads",                    nss_threads},
     {"test_certselector",              test_certselector},
     {"test_comcertselparams",          test_comcertselparams},
     {"test_certchainchecker",          test_certchainchecker},
     {"test_comcrlselparams",           test_comcrlselparams},
     {"test_crlselector",               test_crlselector},
-/*  {"test_buildparams",               test_buildparams}*/
     {"test_procparams",                test_procparams},
     {"test_resourcelimits",            test_resourcelimits},
     {"test_trustanchor",               test_trustanchor},
     {"test_valparams",                 test_valparams},
     {"test_buildresult",               test_buildresult},
     {"test_policynode",                test_policynode},
     {"test_valresult",                 test_valresult},
     {"test_verifynode",                test_verifynode},
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -827,16 +827,21 @@ main(int argc, char *argv[])
 		goto loser;
 	}
 
 	errcode = init_crypto(createdb, readOnly);
 	if( errcode != SUCCESS) {
 		goto loser;
 	}
 
+	errcode = LoadMechanismList();
+	if (errcode != SUCCESS) {
+		goto loser;
+	}
+
 	/* Execute the command */
 	switch(command) {
 	case ADD_COMMAND:
 		errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
 		break;
 	case CHANGEPW_COMMAND:
 		errcode = ChangePW(tokenName, pwFile, newpwFile);
 		break;
--- a/security/nss/cmd/modutil/modutil.h
+++ b/security/nss/cmd/modutil/modutil.h
@@ -15,16 +15,17 @@
 #include <seccomon.h>
 #include <secmod.h>
 #include <secutil.h>
 
 #include <prlock.h>
 
 #include "error.h"
 
+Error LoadMechanismList(void);
 Error FipsMode(char *arg);
 Error ChkFipsMode(char *arg);
 Error AddModule(char *moduleName, char *libFile, char *ciphers,
       char *mechanisms, char* modparms);
 Error DeleteModule(char *moduleName);
 Error ListModule(char *moduleName);
 Error ListModules();
 Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -1,23 +1,19 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-/* To edit this file, set TABSTOPS to 4 spaces. 
- * This is not the normal NSS convention. 
+/* To edit this file, set TABSTOPS to 4 spaces.
+ * This is not the normal NSS convention.
  */
 
 #include "modutil.h"
-/* #include "secmodti.h"  */
 #include "pk11func.h"
 
-static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
-static int pk11_DefaultArraySize = 0;
-
 /*************************************************************************
  *
  * F i p s M o d e
  * If arg=="true", enable FIPS mode on the internal module.  If arg=="false",
  * disable FIPS mode on the internal module.
  */
 Error
 FipsMode(char *arg)
@@ -105,53 +101,88 @@ ChkFipsMode(char *arg)
 }
 
 /************************************************************************
  * Cipher and Mechanism name-bitmask translation tables
  */
 
 typedef struct {
     const char *name;
-    const unsigned long mask;
+    unsigned long mask;
 } MaskString;
 
-static const MaskString mechanismStrings[] = {
-    {"RSA", PUBLIC_MECH_RSA_FLAG},
-    {"DSA", PUBLIC_MECH_DSA_FLAG},
-    {"RC2", PUBLIC_MECH_RC2_FLAG},
-    {"RC4", PUBLIC_MECH_RC4_FLAG},
-    {"RC5", PUBLIC_MECH_RC5_FLAG},
-    {"DES", PUBLIC_MECH_DES_FLAG},
-    {"DH", PUBLIC_MECH_DH_FLAG},
-    {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG},
-    {"SHA1", PUBLIC_MECH_SHA1_FLAG},
-    {"MD5", PUBLIC_MECH_MD5_FLAG},
-    {"MD2", PUBLIC_MECH_MD2_FLAG},
-    {"SSL", PUBLIC_MECH_SSL_FLAG},
-    {"TLS", PUBLIC_MECH_TLS_FLAG},
-    {"AES", PUBLIC_MECH_AES_FLAG},
-    {"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG},
-    {"SHA256", PUBLIC_MECH_SHA256_FLAG},
-    {"SHA512", PUBLIC_MECH_SHA512_FLAG},
-    {"RANDOM", PUBLIC_MECH_RANDOM_FLAG},
-    {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG}
-};
-static const int numMechanismStrings =
-    sizeof(mechanismStrings) / sizeof(mechanismStrings[0]);
 
 static const MaskString cipherStrings[] = {
     {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
 };
 static const int numCipherStrings =
     sizeof(cipherStrings) / sizeof(cipherStrings[0]);
 
-/* Maximum length of a colon-separated list of all the strings in an 
+/* Initialized by LoadMechanismList */
+static MaskString *mechanismStrings =  NULL;
+static int numMechanismStrings = 0;
+const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
+static int pk11_DefaultArraySize = 0;
+
+/* Maximum length of a colon-separated list of all the strings in an
  * array. */
 #define MAX_STRING_LIST_LEN 240    /* or less */
 
+
+Error
+LoadMechanismList(void)
+{
+    int i;
+
+    if (pk11_DefaultArray == NULL) {
+        pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
+        if (pk11_DefaultArray == NULL) {
+            /* should assert. This shouldn't happen */
+            return UNSPECIFIED_ERR;
+        }
+    }
+    if (mechanismStrings != NULL) {
+	return SUCCESS;
+    }
+
+    /* build the mechanismStrings array */
+    mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize);
+    if (mechanismStrings == NULL) {
+	return OUT_OF_MEM_ERR;
+    }
+    numMechanismStrings = pk11_DefaultArraySize;
+    for (i = 0; i < numMechanismStrings; i++) {
+	const char *name = pk11_DefaultArray[i].name;
+	unsigned long flag = pk11_DefaultArray[i].flag;
+	/* map new name to old */
+	switch (flag) {
+	case SECMOD_FORTEZZA_FLAG:
+	    name = "FORTEZZA";
+	    break;
+	case SECMOD_SHA1_FLAG:
+	    name = "SHA1";
+	    break;
+	case SECMOD_CAMELLIA_FLAG:
+	    name = "CAMELLIA";
+	    break;
+	case SECMOD_RANDOM_FLAG:
+	    name = "RANDOM";
+	    break;
+	case SECMOD_FRIENDLY_FLAG:
+	    name = "FRIENDLY";
+	    break;
+	default:
+	    break;
+	}
+	mechanismStrings[i].name = name;
+	mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag);
+    }
+    return SUCCESS;
+}
+
 /************************************************************************
  * 
  * g e t F l a g s F r o m S t r i n g
  *
  * Parses a mechanism list passed on the command line and converts it
  * to an unsigned long bitmask.
  * string is a colon-separated string of constants
  * array is an array of MaskStrings.
@@ -811,24 +842,16 @@ SetDefaultModule(char *moduleName, char 
     SECMODModule *module = NULL;
     PK11SlotInfo *slot;
     int s, i;
     unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
 	numMechanismStrings);
     PRBool found = PR_FALSE;
     Error errcode = UNSPECIFIED_ERR;
 
-    if (pk11_DefaultArray == NULL) {
-	pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
-	if (pk11_DefaultArray == NULL) {
-	    /* should assert. This shouldn't happen */
-	    goto loser;
-	}
-    }
-
     mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);
 
     module = SECMOD_FindModule(moduleName);
     if(!module) {
 	PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
 	errcode = NO_SUCH_MODULE_ERR;
 	goto loser;
     }
@@ -889,25 +912,16 @@ UnsetDefaultModule(char *moduleName, cha
     SECMODModule * module = NULL;
     PK11SlotInfo *slot;
     int s, i;
     unsigned long mechFlags = getFlagsFromString(mechanisms,
 	mechanismStrings, numMechanismStrings);
     PRBool found = PR_FALSE;
     Error rv;
 
-    if (pk11_DefaultArray == NULL) {
-	pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
-	if (pk11_DefaultArray == NULL) {
-	    /* should assert. This shouldn't happen */
-	    rv = UNSPECIFIED_ERR;
-            goto loser;
-	}
-    }
-
     mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);
 
     module = SECMOD_FindModule(moduleName);
     if(!module) {
 	PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
 	rv = NO_SUCH_MODULE_ERR;
         goto loser;
     }
--- a/security/nss/coreconf/WIN32.mk
+++ b/security/nss/coreconf/WIN32.mk
@@ -36,17 +36,21 @@ else
 	# Change the dots to spaces.
 	_CC_VERSION_WORDS := $(subst ., ,$(CC_VERSION))
 	_CC_VMAJOR  := $(word 1,$(_CC_VERSION_WORDS))
 	_CC_VMINOR  := $(word 2,$(_CC_VERSION_WORDS))
 	_CC_RELEASE := $(word 3,$(_CC_VERSION_WORDS))
 	_CC_BUILD   := $(word 4,$(_CC_VERSION_WORDS))
 	_MSC_VER     = $(_CC_VMAJOR)$(_CC_VMINOR)
 	_MSC_VER_6   = 1200
-	_MSC_VER_GE_18 := $(shell expr $(_MSC_VER) \>= 1800)
+	# VC10 (2010) is 16.00.30319.01, VC10SP1 is 16.00.40219.01.
+	_MSC_VER_GE_10SP1 := $(shell expr $(_MSC_VER) \> 1600 \| \
+		$(_MSC_VER) = 1600 \& $(_CC_RELEASE) \>= 40219)
+	# VC12 (2013).
+	_MSC_VER_GE_12 := $(shell expr $(_MSC_VER) \>= 1800)
 	ifeq ($(_CC_VMAJOR),14)
 	    # -DYNAMICBASE is only supported on VC8SP1 or newer,
 	    # so be very specific here!
 	    # VC8 is 14.00.50727.42, VC8SP1 is 14.00.50727.762
 	    ifeq ($(_CC_RELEASE).$(_CC_BUILD),50727.42)
 		USE_DYNAMICBASE =
 	    else
 	    ifeq ($(_CC_RELEASE).$(_CC_BUILD),50727.762)
@@ -168,17 +172,17 @@ endif
 	LDFLAGS    += /FIXED:NO
     endif
 ifneq ($(_MSC_VER),$(_MSC_VER_6))
     # Convert certain deadly warnings to errors (see list at end of file)
     OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 -we4013 \
      -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \
      -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715
 
-    ifeq ($(_MSC_VER_GE_18),1)
+    ifeq ($(_MSC_VER_GE_12),1)
 	OS_CFLAGS += -FS
     endif
 endif # !MSVC6
 endif # NS_USE_GCC
 
 ifdef USE_64
 DEFINES += -DWIN64
 else
@@ -213,20 +217,20 @@ DEFINES += -D_WINDOWS
 
 # override default, which is ASFLAGS = CFLAGS
 ifdef NS_USE_GCC
 	AS	= $(CC)
 	ASFLAGS = $(INCLUDES)
 else
 ifdef USE_64
 	AS	= ml64.exe
-	ASFLAGS = -Cp -Sn -Zi $(INCLUDES)
+	ASFLAGS = -nologo -Cp -Sn -Zi $(INCLUDES)
 else
 	AS	= ml.exe
-	ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES)
+	ASFLAGS = -nologo -Cp -Sn -Zi -coff $(INCLUDES)
 endif
 endif
 
 #
 # override the definitions of RELEASE_TREE found in tree.mk
 #
 ifndef RELEASE_TREE
     ifdef BUILD_SHIP
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/lib/cryptohi/cryptohi.h
+++ b/security/nss/lib/cryptohi/cryptohi.h
@@ -1,10 +1,10 @@
 /*
- * crypto.h - public data structures and prototypes for the crypto library
+ * cryptohi.h - public prototypes for the crypto library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _CRYPTOHI_H_
 #define _CRYPTOHI_H_
 
--- a/security/nss/lib/cryptohi/keyhi.h
+++ b/security/nss/lib/cryptohi/keyhi.h
@@ -85,32 +85,32 @@ SECKEYPrivateKey *SECKEY_CreateDHPrivate
  */
 SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param,
                                            SECKEYPublicKey **pubk, void *cx);
 
 /*
 ** Create a subject-public-key-info based on a public key.
 */
 extern CERTSubjectPublicKeyInfo *
-SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *k);
+SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k);
 
 /*
 ** Convert a base64 ascii encoded DER public key and challenge to spki,
 ** and verify the signature and challenge data are correct
 */
 extern CERTSubjectPublicKeyInfo *
 SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
 								void *cx);
 
 /*
 ** Encode a  CERTSubjectPublicKeyInfo structure. into a
 ** DER encoded subject public key info. 
 */
 SECItem *
-SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk);
+SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk);
 
 /*
 ** Decode a DER encoded subject public key info into a
 ** CERTSubjectPublicKeyInfo structure.
 */
 extern CERTSubjectPublicKeyInfo *
 SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider);
 
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -1208,28 +1208,23 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
     default:
 	break;
     }
 
     PORT_FreeArena (arena, PR_FALSE);
     return NULL;
 }
 
-CERTSubjectPublicKeyInfo *
-SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
+static CERTSubjectPublicKeyInfo *
+seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk)
 {
     CERTSubjectPublicKeyInfo *spki;
     PLArenaPool *arena;
     SECItem params = { siBuffer, NULL, 0 };
 
-    if (!pubk) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
 
     spki = (CERTSubjectPublicKeyInfo *) PORT_ArenaZAlloc(arena, sizeof (*spki));
     if (spki != NULL) {
@@ -1327,26 +1322,46 @@ SECKEY_CreateSubjectPublicKeyInfo(SECKEY
     } else {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
     }
 
     PORT_FreeArena(arena, PR_FALSE);
     return NULL;
 }
 
+CERTSubjectPublicKeyInfo *
+SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *pubk)
+{
+    CERTSubjectPublicKeyInfo *spki;
+    SECKEYPublicKey *tempKey;
+
+    if (!pubk) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    tempKey = SECKEY_CopyPublicKey(pubk);
+    if (!tempKey) {
+        return NULL;
+    }
+    spki = seckey_CreateSubjectPublicKeyInfo_helper(tempKey);
+    SECKEY_DestroyPublicKey(tempKey);
+    return spki;
+}
+
 void
 SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki)
 {
     if (spki && spki->arena) {
 	PORT_FreeArena(spki->arena, PR_FALSE);
     }
 }
 
 SECItem *
-SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
+SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk)
 {
     CERTSubjectPublicKeyInfo *spki=NULL;
     SECItem *spkiDER=NULL;
 
     /* get the subjectpublickeyinfo */
     spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
     if( spki == NULL ) {
 	goto finish;
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -130,31 +130,45 @@ ifdef NS_USE_GCC
 else
 # MSVC
     MPI_SRCS += mpi_x86_asm.c
     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
     DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
     ifdef BUILD_OPT
 	OPTIMIZER += -Ox  # maximum optimization for freebl
     endif
+    # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv
+    # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1.
+    ifeq ($(_MSC_VER_GE_10SP1),1)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+    endif
 endif
 else
     # -DMP_NO_MP_WORD
     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
 ifdef NS_USE_GCC
 # Ideally, we should use amd64 assembly code, but it's not yet mingw-w64
 # compatible.
 else
 # MSVC
     ifdef BUILD_OPT
 	OPTIMIZER += -Ox  # maximum optimization for freebl
     endif
     ASFILES  = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm
     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
     DEFINES += -DNSS_USE_COMBA
+    # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv
+    # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1.
+    ifeq ($(_MSC_VER_GE_10SP1),1)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+    endif
     MPI_SRCS += mpi_amd64.c
 endif
 endif
 endif
 
 ifeq ($(OS_TARGET),IRIX)
 ifeq ($(USE_N32),1)
     ASFILES  = mpi_mips.s
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1,10 +1,10 @@
 /*
- * crypto.h - public data structures and prototypes for the crypto library
+ * blapi.h - public prototypes for the crypto library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _BLAPI_H_
 #define _BLAPI_H_
 
@@ -1571,11 +1571,23 @@ PRBool BLAPI_SHVerifyFile(const char *sh
  **************************************************************************/
 PRBool BLAPI_VerifySelf(const char *name);
 
 /*********************************************************************/
 extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
 
 extern void BL_SetForkState(PRBool forked);
 
+#ifndef NSS_DISABLE_ECC
+/*
+** pepare an ECParam structure from DEREncoded params
+ */
+extern SECStatus EC_FillParams(PLArenaPool *arena,
+                               const SECItem *encodedParams, ECParams *params);
+extern SECStatus EC_DecodeParams(const SECItem *encodedParams,
+                                 ECParams **ecparams);
+extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                               const ECParams *srcParams);
+#endif
+
 SEC_END_PROTOS
 
 #endif /* _BLAPI_H_ */
--- a/security/nss/lib/freebl/ctr.c
+++ b/security/nss/lib/freebl/ctr.c
@@ -7,16 +7,21 @@
 #endif
 #include "prtypes.h"
 #include "blapit.h"
 #include "blapii.h"
 #include "ctr.h"
 #include "pkcs11t.h"
 #include "secerr.h"
 
+#ifdef USE_HW_AES
+#include "intel-aes.h"
+#include "rijndael.h"
+#endif
+
 SECStatus
 CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher,
 		const unsigned char *param, unsigned int blocksize)
 {
     const CK_AES_CTR_PARAMS *ctrParams = (const CK_AES_CTR_PARAMS *)param;
 
     if (ctrParams->ulCounterBits == 0 ||
 	ctrParams->ulCounterBits > blocksize * PR_BITS_PER_BYTE) {
@@ -72,17 +77,17 @@ CTR_DestroyContext(CTRContext *ctr, PRBo
  * counter block are part of the counter, counterBits tells how many bits
  * are part of the counter. The counter block is blocksize long. It's a
  * big endian value.
  *
  * XXX Does not handle counter rollover.
  */
 static void
 ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits,
-		unsigned int blocksize)
+	       unsigned int blocksize)
 {
     unsigned char *counterPtr = counter + blocksize - 1;
     unsigned char mask, count;
 
     PORT_Assert(counterBits <= blocksize*PR_BITS_PER_BYTE);
     while (counterBits >= PR_BITS_PER_BYTE) {
 	if (++(*(counterPtr--))) {
 	    return;
@@ -96,53 +101,53 @@ ctr_GetNextCtr(unsigned char *counter, u
     mask = (1 << counterBits)-1;
     count = ++(*counterPtr) & mask;
     *counterPtr = ((*counterPtr) & ~mask) | count;
     return;
 }
 
 static void
 ctr_xor(unsigned char *target, const unsigned char *x,
-	 const unsigned char *y, unsigned int count)
+	const unsigned char *y, unsigned int count)
 {
     unsigned int i;
     for (i=0; i < count; i++) {
 	*target++ = *x++ ^ *y++;
     }
 }
 
 SECStatus
 CTR_Update(CTRContext *ctr, unsigned char *outbuf,
-		unsigned int *outlen, unsigned int maxout,
-		const unsigned char *inbuf, unsigned int inlen,
-		unsigned int blocksize)
+	   unsigned int *outlen, unsigned int maxout,
+	   const unsigned char *inbuf, unsigned int inlen,
+	   unsigned int blocksize)
 {
     unsigned int tmp;
     SECStatus rv;
 
     if (maxout < inlen) {
 	*outlen = inlen;
 	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
 	return SECFailure;
     }
     *outlen = 0;
     if (ctr->bufPtr != blocksize) {
 	unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen);
-	ctr_xor(outbuf, inbuf, ctr->buffer+ctr->bufPtr, needed);
+	ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
 	ctr->bufPtr += needed;
 	outbuf += needed;
 	inbuf += needed;
 	*outlen += needed;
 	inlen -= needed;
 	if (inlen == 0) {
 	    return SECSuccess;
 	}
 	PORT_Assert(ctr->bufPtr == blocksize);
     }
-	
+
     while (inlen >= blocksize) {
 	rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
 			ctr->counter, blocksize, blocksize);
 	ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
 	if (rv != SECSuccess) {
 	    return SECFailure;
 	}
 	ctr_xor(outbuf, inbuf, ctr->buffer, blocksize);
@@ -160,8 +165,65 @@ CTR_Update(CTRContext *ctr, unsigned cha
     if (rv != SECSuccess) {
 	return SECFailure;
     }
     ctr_xor(outbuf, inbuf, ctr->buffer, inlen);
     ctr->bufPtr = inlen;
     *outlen += inlen;
     return SECSuccess;
 }
+
+#if defined(USE_HW_AES) && defined(_MSC_VER)
+SECStatus
+CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
+		  unsigned int *outlen, unsigned int maxout,
+		  const unsigned char *inbuf, unsigned int inlen,
+		  unsigned int blocksize)
+{
+    unsigned int fullblocks;
+    unsigned int tmp;
+    SECStatus rv;
+
+    if (maxout < inlen) {
+	*outlen = inlen;
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return SECFailure;
+    }
+    *outlen = 0;
+    if (ctr->bufPtr != blocksize) {
+	unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen);
+	ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
+	ctr->bufPtr += needed;
+	outbuf += needed;
+	inbuf += needed;
+	*outlen += needed;
+	inlen -= needed;
+	if (inlen == 0) {
+	    return SECSuccess;
+	}
+	PORT_Assert(ctr->bufPtr == blocksize);
+    }
+
+    intel_aes_ctr_worker(((AESContext*)(ctr->context))->Nr)(
+	ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize);
+    /* XXX intel_aes_ctr_worker should set *outlen. */
+    PORT_Assert(*outlen == 0);
+    fullblocks = (inlen/blocksize)*blocksize;
+    *outlen += fullblocks;
+    outbuf += fullblocks;
+    inbuf += fullblocks;
+    inlen -= fullblocks;
+
+    if (inlen == 0) {
+	return SECSuccess;
+    }
+    rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
+			ctr->counter, blocksize, blocksize);
+    ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
+    if (rv != SECSuccess) {
+	return SECFailure;
+    }
+    ctr_xor(outbuf, inbuf, ctr->buffer, inlen);
+    ctr->bufPtr = inlen;
+    *outlen += inlen;
+    return SECSuccess;
+}
+#endif
--- a/security/nss/lib/freebl/ctr.h
+++ b/security/nss/lib/freebl/ctr.h
@@ -36,9 +36,16 @@ CTRContext * CTR_CreateContext(void *con
 
 void CTR_DestroyContext(CTRContext *ctr, PRBool freeit);
 
 SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf,
 			unsigned int *outlen, unsigned int maxout,
 			const unsigned char *inbuf, unsigned int inlen,
 			unsigned int blocksize);
 
+#ifdef USE_HW_AES
+SECStatus CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
+			unsigned int *outlen, unsigned int maxout,
+			const unsigned char *inbuf, unsigned int inlen,
+			unsigned int blocksize);
 #endif
+
+#endif
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/ecdecode.c
@@ -0,0 +1,610 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSS_DISABLE_ECC
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secerr.h"
+#include "ec.h"
+#include "ecl-curve.h"
+
+#define CHECK_OK(func) if (func == NULL) goto cleanup
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+/*
+ * Initializes a SECItem from a hexadecimal string
+ *
+ * Warning: This function ignores leading 00's, so any leading 00's
+ * in the hexadecimal string must be optional.
+ */
+static SECItem *
+hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
+{
+    int i = 0;
+    int byteval = 0;
+    int tmp = PORT_Strlen(str);
+
+    if ((tmp % 2) != 0) return NULL;
+    
+    /* skip leading 00's unless the hex string is "00" */
+    while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) {
+        str += 2;
+        tmp -= 2;
+    }
+
+    item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2);
+    if (item->data == NULL) return NULL;
+    item->len = tmp/2;
+
+    while (str[i]) {
+        if ((str[i] >= '0') && (str[i] <= '9'))
+	    tmp = str[i] - '0';
+	else if ((str[i] >= 'a') && (str[i] <= 'f'))
+	    tmp = str[i] - 'a' + 10;
+	else if ((str[i] >= 'A') && (str[i] <= 'F'))
+	    tmp = str[i] - 'A' + 10;
+	else
+	    return NULL;
+
+	byteval = byteval * 16 + tmp;
+	if ((i % 2) != 0) {
+	    item->data[i/2] = byteval;
+	    byteval = 0;
+	}
+	i++;
+    }
+
+    return item;
+}
+
+/* Copy all of the fields from srcParams into dstParams
+ */
+SECStatus
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+	      const ECParams *srcParams)
+{
+    SECStatus rv = SECFailure;
+
+    dstParams->arena = arena;
+    dstParams->type = srcParams->type;
+    dstParams->fieldID.size = srcParams->fieldID.size;
+    dstParams->fieldID.type = srcParams->fieldID.type;
+    if (srcParams->fieldID.type == ec_field_GFp) {
+	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
+	    &srcParams->fieldID.u.prime));
+    } else {
+	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
+	    &srcParams->fieldID.u.poly));
+    }
+    dstParams->fieldID.k1 = srcParams->fieldID.k1;
+    dstParams->fieldID.k2 = srcParams->fieldID.k2;
+    dstParams->fieldID.k3 = srcParams->fieldID.k3;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
+	&srcParams->curve.a));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
+	&srcParams->curve.b));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
+	&srcParams->curve.seed));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
+	&srcParams->base));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
+	&srcParams->order));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
+	&srcParams->DEREncoding));
+	dstParams->name = srcParams->name;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
+ 	&srcParams->curveOID));
+    dstParams->cofactor = srcParams->cofactor;
+
+    return SECSuccess;
+
+cleanup:
+    return SECFailure;
+}
+
+static SECStatus
+gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params)
+{
+    SECStatus rv = SECFailure;
+    const ECCurveParams *curveParams;
+    /* 2 ['0'+'4'] + MAX_ECKEY_LEN * 2 [x,y] * 2 [hex string] + 1 ['\0'] */
+    char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
+
+    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup;
+    params->name = name;
+    curveParams = ecCurve_map[params->name];
+    CHECK_OK(curveParams);
+    params->fieldID.size = curveParams->size;
+    params->fieldID.type = field_type;
+    if (field_type == ec_field_GFp) {
+	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime, 
+	    curveParams->irr));
+    } else {
+	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly, 
+	    curveParams->irr));
+    }
+    CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, 
+	curveParams->curvea));
+    CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, 
+	curveParams->curveb));
+    genenc[0] = '0';
+    genenc[1] = '4';
+    genenc[2] = '\0';
+    strcat(genenc, curveParams->genx);
+    strcat(genenc, curveParams->geny);
+    CHECK_OK(hexString2SECItem(params->arena, &params->base, genenc));
+    CHECK_OK(hexString2SECItem(params->arena, &params->order, 
+    	curveParams->order));
+    params->cofactor = curveParams->cofactor;
+
+    rv = SECSuccess;
+
+cleanup:
+    return rv;
+}
+
+SECStatus
+EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
+    ECParams *params)
+{
+    SECStatus rv = SECFailure;
+    SECOidTag tag;
+    SECItem oid = { siBuffer, NULL, 0};
+
+#if EC_DEBUG
+    int i;
+
+    printf("Encoded params in EC_DecodeParams: ");
+    for (i = 0; i < encodedParams->len; i++) {
+	    printf("%02x:", encodedParams->data[i]);
+    }
+    printf("\n");
+#endif
+
+    if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
+	(encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
+	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+	    return SECFailure;
+    };
+
+    oid.len = encodedParams->len - 2;
+    oid.data = encodedParams->data + 2;
+    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
+	((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { 
+	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+	    return SECFailure;
+    }
+
+    params->arena = arena;
+    params->cofactor = 0;
+    params->type = ec_params_named;
+    params->name = ECCurve_noName;
+
+    /* For named curves, fill out curveOID */
+    params->curveOID.len = oid.len;
+    params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len);
+    if (params->curveOID.data == NULL) goto cleanup;
+    memcpy(params->curveOID.data, oid.data, oid.len);
+
+#if EC_DEBUG
+    printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
+#endif
+
+    switch (tag) {
+
+    /* Binary curves */
+
+    case SEC_OID_ANSIX962_EC_C2PNB163V1:
+	/* Populate params for c2pnb163v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB163V2:
+	/* Populate params for c2pnb163v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB163V3:
+	/* Populate params for c2pnb163v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB176V1:
+	/* Populate params for c2pnb176v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB191V1:
+	/* Populate params for c2tnb191v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB191V2:
+	/* Populate params for c2tnb191v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB191V3:
+	/* Populate params for c2tnb191v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB208W1:
+	/* Populate params for c2pnb208w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB239V1:
+	/* Populate params for c2tnb239v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB239V2:
+	/* Populate params for c2tnb239v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB239V3:
+	/* Populate params for c2tnb239v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB272W1:
+	/* Populate params for c2pnb272w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB304W1:
+	/* Populate params for c2pnb304w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB359V1:
+	/* Populate params for c2tnb359v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2PNB368W1:
+	/* Populate params for c2pnb368w1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_C2TNB431R1:
+	/* Populate params for c2tnb431r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m,
+	    params) );
+	break;
+	
+    case SEC_OID_SECG_EC_SECT113R1:
+	/* Populate params for sect113r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT113R2:
+	/* Populate params for sect113r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT131R1:
+	/* Populate params for sect131r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT131R2:
+	/* Populate params for sect131r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT163K1:
+	/* Populate params for sect163k1
+	 * (the NIST K-163 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT163R1:
+	/* Populate params for sect163r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT163R2:
+	/* Populate params for sect163r2
+	 * (the NIST B-163 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT193R1:
+	/* Populate params for sect193r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT193R2:
+	/* Populate params for sect193r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT233K1:
+	/* Populate params for sect233k1
+	 * (the NIST K-233 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT233R1:
+	/* Populate params for sect233r1
+	 * (the NIST B-233 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT239K1:
+	/* Populate params for sect239k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT283K1:
+        /* Populate params for sect283k1
+	 * (the NIST K-283 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT283R1:
+	/* Populate params for sect283r1
+	 * (the NIST B-283 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT409K1:
+	/* Populate params for sect409k1
+	 * (the NIST K-409 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT409R1:
+	/* Populate params for sect409r1
+	 * (the NIST B-409 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT571K1:
+	/* Populate params for sect571k1
+	 * (the NIST K-571 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECT571R1:
+	/* Populate params for sect571r1
+	 * (the NIST B-571 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m,
+	    params) );
+	break;
+
+    /* Prime curves */
+
+    case SEC_OID_ANSIX962_EC_PRIME192V1:
+	/* Populate params for prime192v1 aka secp192r1 
+	 * (the NIST P-192 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME192V2:
+	/* Populate params for prime192v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME192V3:
+	/* Populate params for prime192v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp,
+	    params) );
+	break;
+	
+    case SEC_OID_ANSIX962_EC_PRIME239V1:
+	/* Populate params for prime239v1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME239V2:
+	/* Populate params for prime239v2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME239V3:
+	/* Populate params for prime239v3 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_ANSIX962_EC_PRIME256V1:
+	/* Populate params for prime256v1 aka secp256r1
+	 * (the NIST P-256 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP112R1:
+        /* Populate params for secp112r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP112R2:
+        /* Populate params for secp112r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP128R1:
+        /* Populate params for secp128r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP128R2:
+        /* Populate params for secp128r2 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp,
+	    params) );
+	break;
+	
+    case SEC_OID_SECG_EC_SECP160K1:
+        /* Populate params for secp160k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP160R1:
+        /* Populate params for secp160r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP160R2:
+	/* Populate params for secp160r1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP192K1:
+	/* Populate params for secp192k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP224K1:
+	/* Populate params for secp224k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP224R1:
+	/* Populate params for secp224r1 
+	 * (the NIST P-224 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP256K1:
+	/* Populate params for secp256k1 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP384R1:
+	/* Populate params for secp384r1
+	 * (the NIST P-384 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
+	    params) );
+	break;
+
+    case SEC_OID_SECG_EC_SECP521R1:
+	/* Populate params for secp521r1 
+	 * (the NIST P-521 curve)
+	 */
+	CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
+	    params) );
+	break;
+
+    default:
+	break;
+    };
+
+cleanup:
+    if (!params->cofactor) {
+	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+#if EC_DEBUG
+	printf("Unrecognized curve, returning NULL params\n");
+#endif
+    }
+
+    return rv;
+}
+
+SECStatus
+EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
+{
+    PLArenaPool *arena;
+    ECParams *params;
+    SECStatus rv = SECFailure;
+
+    /* Initialize an arena for the ECParams structure */
+    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
+	return SECFailure;
+
+    params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
+    if (!params) {
+	PORT_FreeArena(arena, PR_TRUE);
+	return SECFailure;
+    }
+
+    /* Copy the encoded params */
+    SECITEM_AllocItem(arena, &(params->DEREncoding),
+	encodedParams->len);
+    memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
+
+    /* Fill out the rest of the ECParams structure based on 
+     * the encoded params 
+     */
+    rv = EC_FillParams(arena, encodedParams, params);
+    if (rv == SECFailure) {
+	PORT_FreeArena(arena, PR_TRUE);	
+	return SECFailure;
+    } else {
+	*ecparams = params;;
+	return SECSuccess;
+    }
+}
+
+#endif /* NSS_DISABLE_ECC */
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/intel-aes-x64-masm.asm
@@ -0,0 +1,971 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.DATA
+ALIGN 16
+Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh
+Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h
+Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh
+Lcon1 dd 1,1,1,1
+Lcon2 dd 1bh,1bh,1bh,1bh
+
+.CODE
+
+ctx     textequ <rcx>
+output  textequ <rdx>
+input   textequ <r8>
+inputLen textequ <r9d>
+
+
+aes_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesenc  xmm0, xmm8
+    aesenc  xmm1, xmm8
+    aesenc  xmm2, xmm8
+    aesenc  xmm3, xmm8
+    aesenc  xmm4, xmm8
+    aesenc  xmm5, xmm8
+    aesenc  xmm6, xmm8
+    aesenc  xmm7, xmm8
+    ENDM
+
+aes_last_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesenclast  xmm0, xmm8
+    aesenclast  xmm1, xmm8
+    aesenclast  xmm2, xmm8
+    aesenclast  xmm3, xmm8
+    aesenclast  xmm4, xmm8
+    aesenclast  xmm5, xmm8
+    aesenclast  xmm6, xmm8
+    aesenclast  xmm7, xmm8
+    ENDM
+
+aes_dec_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesdec  xmm0, xmm8
+    aesdec  xmm1, xmm8
+    aesdec  xmm2, xmm8
+    aesdec  xmm3, xmm8
+    aesdec  xmm4, xmm8
+    aesdec  xmm5, xmm8
+    aesdec  xmm6, xmm8
+    aesdec  xmm7, xmm8
+    ENDM
+
+aes_dec_last_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesdeclast  xmm0, xmm8
+    aesdeclast  xmm1, xmm8
+    aesdeclast  xmm2, xmm8
+    aesdeclast  xmm3, xmm8
+    aesdeclast  xmm4, xmm8
+    aesdeclast  xmm5, xmm8
+    aesdeclast  xmm6, xmm8
+    aesdeclast  xmm7, xmm8
+    ENDM
+
+
+gen_aes_ecb_func MACRO enc, rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   bail
+
+        xor     inputLen, inputLen
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+        movdqu  xmm7, [7*16 + input]
+
+        movdqu  xmm8, [0*16 + ctx]
+        pxor    xmm0, xmm8
+        pxor    xmm1, xmm8
+        pxor    xmm2, xmm8
+        pxor    xmm3, xmm8
+        pxor    xmm4, xmm8
+        pxor    xmm5, xmm8
+        pxor    xmm6, xmm8
+        pxor    xmm7, xmm8
+
+IF enc eq 1
+        rnd textequ <aes_rnd>
+        lastrnd textequ <aes_last_rnd>
+        aesinst textequ <aesenc>
+        aeslastinst textequ <aesenclast>
+ELSE
+        rnd textequ <aes_dec_rnd>
+        lastrnd textequ <aes_dec_last_rnd>
+        aesinst textequ <aesdec>
+        aeslastinst textequ <aesdeclast>
+ENDIF
+
+        i = 1
+        WHILE i LT rnds
+            rnd i
+            i = i+1
+            ENDM
+        lastrnd rnds
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesinst  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aeslastinst xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+ENDM
+
+intel_aes_encrypt_ecb_128 PROC
+gen_aes_ecb_func 1, 10
+intel_aes_encrypt_ecb_128 ENDP
+
+intel_aes_encrypt_ecb_192 PROC
+gen_aes_ecb_func 1, 12
+intel_aes_encrypt_ecb_192 ENDP
+
+intel_aes_encrypt_ecb_256 PROC
+gen_aes_ecb_func 1, 14
+intel_aes_encrypt_ecb_256 ENDP
+
+intel_aes_decrypt_ecb_128 PROC
+gen_aes_ecb_func 0, 10
+intel_aes_decrypt_ecb_128 ENDP
+
+intel_aes_decrypt_ecb_192 PROC
+gen_aes_ecb_func 0, 12
+intel_aes_decrypt_ecb_192 ENDP
+
+intel_aes_decrypt_ecb_256 PROC
+gen_aes_ecb_func 0, 14
+intel_aes_decrypt_ecb_256 ENDP
+
+
+KEY textequ <rcx>
+KS  textequ <rdx>
+ITR textequ <r8>
+
+intel_aes_encrypt_init_128  PROC
+
+    movdqu  xmm1, [KEY]
+    movdqu  [KS], xmm1
+    movdqa  xmm2, xmm1
+
+    lea ITR, Lcon1
+    movdqa  xmm0, [ITR]
+    lea ITR, Lmask
+    movdqa  xmm4, [ITR]
+
+    mov ITR, 8
+
+Lenc_128_ks_loop:
+        lea KS, [16 + KS]
+        dec ITR
+
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm3, xmm1
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pxor    xmm1, xmm2
+        movdqu  [KS], xmm1
+        movdqa  xmm2, xmm1
+
+        jne Lenc_128_ks_loop
+
+    lea ITR, Lcon2
+    movdqa  xmm0, [ITR]
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    pslld   xmm0, 1
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [16 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [32 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    ret
+intel_aes_encrypt_init_128  ENDP
+
+
+intel_aes_decrypt_init_128  PROC
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_128
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [10*16 + KS]
+    movdqu  [10*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 5
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(10-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(10-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [5*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [5*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_128  ENDP
+
+
+intel_aes_encrypt_init_192  PROC
+
+    sub     rsp, 16*2
+    movdqu  [16*0 + rsp], xmm6
+    movdqu  [16*1 + rsp], xmm7
+
+    movdqu  xmm1, [KEY]
+    mov     ITR, [16 + KEY]
+    movd    xmm3, ITR
+
+    movdqu  [KS], xmm1
+    movdqa  xmm5, xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask192
+    movdqu  xmm4, [ITR]
+
+    mov ITR, 4
+
+Lenc_192_ks_loop:
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqa  xmm6, xmm1
+        shufpd  xmm5, xmm1, 00h
+        shufpd  xmm6, xmm3, 01h
+
+        movdqu  [16 + KS], xmm5
+        movdqu  [32 + KS], xmm6
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqu  [48 + KS], xmm1
+        movdqa  xmm5, xmm3
+
+        lea KS, [48 + KS]
+
+        dec ITR
+        jnz Lenc_192_ks_loop
+
+    movdqu  [16 + KS], xmm5
+
+    movdqu  xmm7, [16*1 + rsp]
+    movdqu  xmm6, [16*0 + rsp]
+    add rsp, 16*2
+    ret
+intel_aes_encrypt_init_192  ENDP
+
+intel_aes_decrypt_init_192  PROC
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_192
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [12*16 + KS]
+    movdqu  [12*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 6
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(12-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(12-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [6*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [6*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_192  ENDP
+
+
+intel_aes_encrypt_init_256  PROC
+    sub     rsp, 16*2
+    movdqu  [16*0 + rsp], xmm6
+    movdqu  [16*1 + rsp], xmm7
+
+    movdqu  xmm1, [16*0 + KEY]
+    movdqu  xmm3, [16*1 + KEY]
+
+    movdqu  [16*0 + KS], xmm1
+    movdqu  [16*1 + KS], xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask256
+    movdqu  xmm5, [ITR]
+
+    pxor    xmm6, xmm6
+
+    mov ITR, 6
+
+Lenc_256_ks_loop:
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm5
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm4, xmm1
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pxor    xmm1, xmm2
+        movdqu  [16*2 + KS], xmm1
+
+        pshufd  xmm2, xmm1, 0ffh
+        aesenclast  xmm2, xmm6
+        movdqa  xmm4, xmm3
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pxor    xmm3, xmm2
+        movdqu  [16*3 + KS], xmm3
+
+        lea KS, [32 + KS]
+        dec ITR
+        jnz Lenc_256_ks_loop
+
+    movdqa  xmm2, xmm3
+    pshufb  xmm2, xmm5
+    aesenclast  xmm2, xmm0
+    movdqa  xmm4, xmm1
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pxor    xmm1, xmm2
+    movdqu  [16*2 + KS], xmm1
+
+    movdqu  xmm7, [16*1 + rsp]
+    movdqu  xmm6, [16*0 + rsp]
+    add rsp, 16*2
+    ret
+
+intel_aes_encrypt_init_256  ENDP
+
+
+intel_aes_decrypt_init_256  PROC
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_256
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [14*16 + KS]
+    movdqu  [14*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 7
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(14-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(14-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [7*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [7*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_256  ENDP
+
+
+
+gen_aes_cbc_enc_func MACRO rnds
+
+LOCAL   loop1
+LOCAL   bail
+
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+        movdqu  xmm0, [-32+ctx]
+
+        movdqu  xmm2, [0*16 + ctx]
+        movdqu  xmm3, [1*16 + ctx]
+        movdqu  xmm4, [2*16 + ctx]
+        movdqu  xmm5, [3*16 + ctx]
+        movdqu  xmm6, [4*16 + ctx]
+        movdqu  xmm7, [5*16 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm1, [input]
+        pxor    xmm1, xmm2
+        pxor    xmm0, xmm1
+
+        aesenc  xmm0, xmm3
+        aesenc  xmm0, xmm4
+        aesenc  xmm0, xmm5
+        aesenc  xmm0, xmm6
+        aesenc  xmm0, xmm7
+
+        i = 6
+    WHILE i LT rnds
+            movdqu  xmm8, [i*16 + ctx]
+            aesenc  xmm0, xmm8
+            i = i+1
+        ENDM
+        movdqu  xmm8, [rnds*16 + ctx]
+        aesenclast xmm0, xmm8
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32+ctx], xmm0
+
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+
+ENDM
+
+gen_aes_cbc_dec_func MACRO rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   dec1
+LOCAL   bail
+
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      dec1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+        movdqu  xmm7, [7*16 + input]
+
+        movdqu  xmm8, [0*16 + ctx]
+        pxor    xmm0, xmm8
+        pxor    xmm1, xmm8
+        pxor    xmm2, xmm8
+        pxor    xmm3, xmm8
+        pxor    xmm4, xmm8
+        pxor    xmm5, xmm8
+        pxor    xmm6, xmm8
+        pxor    xmm7, xmm8
+
+        i = 1
+        WHILE i LT rnds
+            aes_dec_rnd i
+            i = i+1
+            ENDM
+        aes_dec_last_rnd rnds
+
+        movdqu  xmm8, [-32 + ctx]
+        pxor    xmm0, xmm8
+        movdqu  xmm8, [0*16 + input]
+        pxor    xmm1, xmm8
+        movdqu  xmm8, [1*16 + input]
+        pxor    xmm2, xmm8
+        movdqu  xmm8, [2*16 + input]
+        pxor    xmm3, xmm8
+        movdqu  xmm8, [3*16 + input]
+        pxor    xmm4, xmm8
+        movdqu  xmm8, [4*16 + input]
+        pxor    xmm5, xmm8
+        movdqu  xmm8, [5*16 + input]
+        pxor    xmm6, xmm8
+        movdqu  xmm8, [6*16 + input]
+        pxor    xmm7, xmm8
+        movdqu  xmm8, [7*16 + input]
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+        movdqu  [-32 + ctx], xmm8
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+dec1:
+
+        movdqu  xmm3, [-32 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqa  xmm4, xmm0
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesdec  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesdeclast xmm0, xmm7
+        pxor    xmm3, xmm0
+
+        movdqu  [output], xmm3
+        movdqa  xmm3, xmm4
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32 + ctx], xmm3
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+ENDM
+
+intel_aes_encrypt_cbc_128 PROC
+gen_aes_cbc_enc_func  10
+intel_aes_encrypt_cbc_128 ENDP
+
+intel_aes_encrypt_cbc_192 PROC
+gen_aes_cbc_enc_func  12
+intel_aes_encrypt_cbc_192 ENDP
+
+intel_aes_encrypt_cbc_256 PROC
+gen_aes_cbc_enc_func  14
+intel_aes_encrypt_cbc_256 ENDP
+
+intel_aes_decrypt_cbc_128 PROC
+gen_aes_cbc_dec_func  10
+intel_aes_decrypt_cbc_128 ENDP
+
+intel_aes_decrypt_cbc_192 PROC
+gen_aes_cbc_dec_func  12
+intel_aes_decrypt_cbc_192 ENDP
+
+intel_aes_decrypt_cbc_256 PROC
+gen_aes_cbc_dec_func  14
+intel_aes_decrypt_cbc_256 ENDP
+
+
+
+ctrCtx textequ <r10>
+CTR textequ <r11d>
+CTRSave textequ <eax>
+
+gen_aes_ctr_func MACRO rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   enc1
+LOCAL   bail
+
+        mov     input,      [rsp + 8*1 + 4*8]
+        mov     inputLen,   [rsp + 8*1 + 5*8]
+
+        mov     ctrCtx, ctx
+        mov     ctx, [8+ctrCtx]
+        lea     ctx, [48+ctx]
+
+        sub     rsp, 3*16
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+
+        push    rbp
+        mov     rbp, rsp
+        sub     rsp, 8*16
+        and     rsp, -16
+
+
+        movdqu  xmm0, [16+ctrCtx]
+        mov     CTRSave, DWORD PTR [ctrCtx + 16 + 3*4]
+        bswap   CTRSave
+        movdqu  xmm1, [ctx + 0*16]
+
+        pxor    xmm0, xmm1
+
+        movdqa  [rsp + 0*16], xmm0
+        movdqa  [rsp + 1*16], xmm0
+        movdqa  [rsp + 2*16], xmm0
+        movdqa  [rsp + 3*16], xmm0
+        movdqa  [rsp + 4*16], xmm0
+        movdqa  [rsp + 5*16], xmm0
+        movdqa  [rsp + 6*16], xmm0
+        movdqa  [rsp + 7*16], xmm0
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 1*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 2*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 3*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 4*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 5*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 6*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 7*16 + 3*4], CTR
+
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + rsp]
+        movdqu  xmm1, [1*16 + rsp]
+        movdqu  xmm2, [2*16 + rsp]
+        movdqu  xmm3, [3*16 + rsp]
+        movdqu  xmm4, [4*16 + rsp]
+        movdqu  xmm5, [5*16 + rsp]
+        movdqu  xmm6, [6*16 + rsp]
+        movdqu  xmm7, [7*16 + rsp]
+
+        i = 1
+        WHILE i LE 8
+            aes_rnd i
+
+            inc     CTRSave
+            mov     CTR, CTRSave
+            bswap   CTR
+            xor     CTR, DWORD PTR [ctx + 3*4]
+            mov     DWORD PTR [rsp + (i-1)*16 + 3*4], CTR
+
+            i = i+1
+        ENDM
+        WHILE i LT rnds
+            aes_rnd i
+            i = i+1
+            ENDM
+        aes_last_rnd rnds
+
+        movdqu  xmm8, [0*16 + input]
+        pxor    xmm0, xmm8
+        movdqu  xmm8, [1*16 + input]
+        pxor    xmm1, xmm8
+        movdqu  xmm8, [2*16 + input]
+        pxor    xmm2, xmm8
+        movdqu  xmm8, [3*16 + input]
+        pxor    xmm3, xmm8
+        movdqu  xmm8, [4*16 + input]
+        pxor    xmm4, xmm8
+        movdqu  xmm8, [5*16 + input]
+        pxor    xmm5, xmm8
+        movdqu  xmm8, [6*16 + input]
+        pxor    xmm6, xmm8
+        movdqu  xmm8, [7*16 + input]
+        pxor    xmm7, xmm8
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [rsp]
+        add     rsp, 16
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  xmm7, [input]
+        pxor    xmm0, xmm7
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+
+        movdqu  xmm0, [rsp]
+        movdqu  xmm1, [ctx + 0*16]
+        pxor    xmm0, xmm1
+        movdqu  [16+ctrCtx], xmm0
+
+
+        xor     rax, rax
+        mov     rsp, rbp
+        pop     rbp
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+
+        ret
+ENDM
+
+
+intel_aes_encrypt_ctr_128 PROC
+gen_aes_ctr_func  10
+intel_aes_encrypt_ctr_128 ENDP
+
+intel_aes_encrypt_ctr_192 PROC
+gen_aes_ctr_func  12
+intel_aes_encrypt_ctr_192 ENDP
+
+intel_aes_encrypt_ctr_256 PROC
+gen_aes_ctr_func  14
+intel_aes_encrypt_ctr_256 ENDP
+
+
+END
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/intel-aes-x86-masm.asm
@@ -0,0 +1,949 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.MODEL FLAT, C
+.XMM
+
+.DATA
+ALIGN 16
+Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh
+Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h
+Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh
+Lcon1 dd 1,1,1,1
+Lcon2 dd 1bh,1bh,1bh,1bh
+
+.CODE
+
+ctx     textequ <ecx>
+output  textequ <edx>
+input   textequ <eax>
+inputLen textequ <edi>
+
+
+aes_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesenc  xmm0, xmm7
+    aesenc  xmm1, xmm7
+    aesenc  xmm2, xmm7
+    aesenc  xmm3, xmm7
+    aesenc  xmm4, xmm7
+    aesenc  xmm5, xmm7
+    aesenc  xmm6, xmm7
+    ENDM
+
+aes_last_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesenclast  xmm0, xmm7
+    aesenclast  xmm1, xmm7
+    aesenclast  xmm2, xmm7
+    aesenclast  xmm3, xmm7
+    aesenclast  xmm4, xmm7
+    aesenclast  xmm5, xmm7
+    aesenclast  xmm6, xmm7
+    ENDM
+
+aes_dec_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesdec  xmm0, xmm7
+    aesdec  xmm1, xmm7
+    aesdec  xmm2, xmm7
+    aesdec  xmm3, xmm7
+    aesdec  xmm4, xmm7
+    aesdec  xmm5, xmm7
+    aesdec  xmm6, xmm7
+    ENDM
+
+aes_dec_last_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesdeclast  xmm0, xmm7
+    aesdeclast  xmm1, xmm7
+    aesdeclast  xmm2, xmm7
+    aesdeclast  xmm3, xmm7
+    aesdeclast  xmm4, xmm7
+    aesdeclast  xmm5, xmm7
+    aesdeclast  xmm6, xmm7
+    ENDM
+
+
+gen_aes_ecb_func MACRO enc, rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+        pxor    xmm1, xmm7
+        pxor    xmm2, xmm7
+        pxor    xmm3, xmm7
+        pxor    xmm4, xmm7
+        pxor    xmm5, xmm7
+        pxor    xmm6, xmm7
+
+IF enc eq 1
+        rnd textequ <aes_rnd>
+        lastrnd textequ <aes_last_rnd>
+        aesinst textequ <aesenc>
+        aeslastinst textequ <aesenclast>
+ELSE
+        rnd textequ <aes_dec_rnd>
+        lastrnd textequ <aes_dec_last_rnd>
+        aesinst textequ <aesdec>
+        aeslastinst textequ <aesdeclast>
+ENDIF
+
+        i = 1
+        WHILE i LT rnds
+            rnd i
+            i = i+1
+            ENDM
+        lastrnd rnds
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesinst  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aeslastinst xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        xor eax, eax
+        pop     inputLen
+        ret
+
+ENDM
+
+ALIGN 16
+intel_aes_encrypt_ecb_128 PROC
+gen_aes_ecb_func 1, 10
+intel_aes_encrypt_ecb_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ecb_192 PROC
+gen_aes_ecb_func 1, 12
+intel_aes_encrypt_ecb_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ecb_256 PROC
+gen_aes_ecb_func 1, 14
+intel_aes_encrypt_ecb_256 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_128 PROC
+gen_aes_ecb_func 0, 10
+intel_aes_decrypt_ecb_128 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_192 PROC
+gen_aes_ecb_func 0, 12
+intel_aes_decrypt_ecb_192 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_256 PROC
+gen_aes_ecb_func 0, 14
+intel_aes_decrypt_ecb_256 ENDP
+
+
+KEY textequ <ecx>
+KS  textequ <edx>
+ITR textequ <eax>
+
+ALIGN 16
+intel_aes_encrypt_init_128  PROC
+
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+
+    movdqu  xmm1, [KEY]
+    movdqu  [KS], xmm1
+    movdqa  xmm2, xmm1
+
+    lea ITR, Lcon1
+    movdqa  xmm0, [ITR]
+    lea ITR, Lmask
+    movdqa  xmm4, [ITR]
+
+    mov ITR, 8
+
+Lenc_128_ks_loop:
+        lea KS, [16 + KS]
+        dec ITR
+
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm3, xmm1
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pxor    xmm1, xmm2
+        movdqu  [KS], xmm1
+        movdqa  xmm2, xmm1
+
+        jne Lenc_128_ks_loop
+
+    lea ITR, Lcon2
+    movdqa  xmm0, [ITR]
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    pslld   xmm0, 1
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [16 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [32 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    ret
+intel_aes_encrypt_init_128  ENDP
+
+
+ALIGN 16
+intel_aes_decrypt_init_128  PROC
+
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_128
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [10*16 + KS]
+    movdqu  [10*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 5
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(10-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(10-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [5*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [5*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_128  ENDP
+
+
+ALIGN 16
+intel_aes_encrypt_init_192  PROC
+
+    mov     KEY, [esp + 1*4 + 0*4]
+    mov     KS,  [esp + 1*4 + 1*4]
+
+    pxor    xmm3, xmm3
+    movdqu  xmm1, [KEY]
+    pinsrd  xmm3, DWORD PTR [16 + KEY], 0
+    pinsrd  xmm3, DWORD PTR [20 + KEY], 1
+
+    movdqu  [KS], xmm1
+    movdqa  xmm5, xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask192
+    movdqu  xmm4, [ITR]
+
+    mov ITR, 4
+
+Lenc_192_ks_loop:
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqa  xmm6, xmm1
+        shufpd  xmm5, xmm1, 00h
+        shufpd  xmm6, xmm3, 01h
+
+        movdqu  [16 + KS], xmm5
+        movdqu  [32 + KS], xmm6
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqu  [48 + KS], xmm1
+        movdqa  xmm5, xmm3
+
+        lea KS, [48 + KS]
+
+        dec ITR
+        jnz Lenc_192_ks_loop
+
+    movdqu  [16 + KS], xmm5
+ret
+intel_aes_encrypt_init_192  ENDP
+
+ALIGN 16
+intel_aes_decrypt_init_192  PROC
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_192
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [12*16 + KS]
+    movdqu  [12*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 6
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(12-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(12-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [6*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [6*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_192  ENDP
+
+ALIGN 16
+intel_aes_encrypt_init_256  PROC
+
+    mov     KEY,    [esp + 1*4 + 0*4]
+    mov     KS,     [esp + 1*4 + 1*4]
+    movdqu  xmm1, [16*0 + KEY]
+    movdqu  xmm3, [16*1 + KEY]
+
+    movdqu  [16*0 + KS], xmm1
+    movdqu  [16*1 + KS], xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask256
+    movdqu  xmm5, [ITR]
+
+    pxor    xmm6, xmm6
+
+    mov ITR, 6
+
+Lenc_256_ks_loop:
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm5
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm4, xmm1
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pxor    xmm1, xmm2
+        movdqu  [16*2 + KS], xmm1
+
+        pshufd  xmm2, xmm1, 0ffh
+        aesenclast  xmm2, xmm6
+        movdqa  xmm4, xmm3
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pxor    xmm3, xmm2
+        movdqu  [16*3 + KS], xmm3
+
+        lea KS, [32 + KS]
+        dec ITR
+        jnz Lenc_256_ks_loop
+
+    movdqa  xmm2, xmm3
+    pshufb  xmm2, xmm5
+    aesenclast  xmm2, xmm0
+    movdqa  xmm4, xmm1
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pxor    xmm1, xmm2
+    movdqu  [16*2 + KS], xmm1
+
+    ret
+intel_aes_encrypt_init_256  ENDP
+
+ALIGN 16
+intel_aes_decrypt_init_256  PROC
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_256
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [14*16 + KS]
+    movdqu  [14*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 7
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(14-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(14-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [7*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [7*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_256  ENDP
+
+
+
+gen_aes_cbc_enc_func MACRO rnds
+
+LOCAL   loop1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+        movdqu  xmm0, [-32+ctx]
+
+        movdqu  xmm2, [0*16 + ctx]
+        movdqu  xmm3, [1*16 + ctx]
+        movdqu  xmm4, [2*16 + ctx]
+        movdqu  xmm5, [3*16 + ctx]
+        movdqu  xmm6, [4*16 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm1, [input]
+        pxor    xmm1, xmm2
+        pxor    xmm0, xmm1
+
+        aesenc  xmm0, xmm3
+        aesenc  xmm0, xmm4
+        aesenc  xmm0, xmm5
+        aesenc  xmm0, xmm6
+
+        i = 5
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32+ctx], xmm0
+
+        xor eax, eax
+        pop inputLen
+        ret
+
+ENDM
+
+gen_aes_cbc_dec_func MACRO rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   dec1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      dec1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+        pxor    xmm1, xmm7
+        pxor    xmm2, xmm7
+        pxor    xmm3, xmm7
+        pxor    xmm4, xmm7
+        pxor    xmm5, xmm7
+        pxor    xmm6, xmm7
+
+        i = 1
+        WHILE i LT rnds
+            aes_dec_rnd i
+            i = i+1
+            ENDM
+        aes_dec_last_rnd rnds
+
+        movdqu  xmm7, [-32 + ctx]
+        pxor    xmm0, xmm7
+        movdqu  xmm7, [0*16 + input]
+        pxor    xmm1, xmm7
+        movdqu  xmm7, [1*16 + input]
+        pxor    xmm2, xmm7
+        movdqu  xmm7, [2*16 + input]
+        pxor    xmm3, xmm7
+        movdqu  xmm7, [3*16 + input]
+        pxor    xmm4, xmm7
+        movdqu  xmm7, [4*16 + input]
+        pxor    xmm5, xmm7
+        movdqu  xmm7, [5*16 + input]
+        pxor    xmm6, xmm7
+        movdqu  xmm7, [6*16 + input]
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [-32 + ctx], xmm7
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+dec1:
+
+        movdqu  xmm3, [-32 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqa  xmm4, xmm0
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesdec  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesdeclast xmm0, xmm7
+        pxor    xmm3, xmm0
+
+        movdqu  [output], xmm3
+        movdqa  xmm3, xmm4
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32 + ctx], xmm3
+        xor eax, eax
+        pop     inputLen
+        ret
+ENDM
+
+ALIGN 16
+intel_aes_encrypt_cbc_128 PROC
+gen_aes_cbc_enc_func  10
+intel_aes_encrypt_cbc_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_cbc_192 PROC
+gen_aes_cbc_enc_func  12
+intel_aes_encrypt_cbc_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_cbc_256 PROC
+gen_aes_cbc_enc_func  14
+intel_aes_encrypt_cbc_256 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_128 PROC
+gen_aes_cbc_dec_func  10
+intel_aes_decrypt_cbc_128 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_192 PROC
+gen_aes_cbc_dec_func  12
+intel_aes_decrypt_cbc_192 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_256 PROC
+gen_aes_cbc_dec_func  14
+intel_aes_decrypt_cbc_256 ENDP
+
+
+
+ctrCtx textequ <esi>
+CTR textequ <ebx>
+
+gen_aes_ctr_func MACRO rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   enc1
+LOCAL   bail
+
+        push    inputLen
+        push    ctrCtx
+        push    CTR
+        push    ebp
+
+        mov     ctrCtx, [esp + 4*5 + 0*4]
+        mov     output, [esp + 4*5 + 1*4]
+        mov     input,  [esp + 4*5 + 4*4]
+        mov     inputLen, [esp + 4*5 + 5*4]
+
+        mov     ctx, [4+ctrCtx]
+        lea     ctx, [44+ctx]
+
+        mov     ebp, esp
+        sub     esp, 7*16
+        and     esp, -16
+
+        movdqu  xmm0, [8+ctrCtx]
+        mov     ctrCtx, [ctrCtx + 8 + 3*4]
+        bswap   ctrCtx
+        movdqu  xmm1, [ctx + 0*16]
+
+        pxor    xmm0, xmm1
+
+        movdqa  [esp + 0*16], xmm0
+        movdqa  [esp + 1*16], xmm0
+        movdqa  [esp + 2*16], xmm0
+        movdqa  [esp + 3*16], xmm0
+        movdqa  [esp + 4*16], xmm0
+        movdqa  [esp + 5*16], xmm0
+        movdqa  [esp + 6*16], xmm0
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 1*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 2*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 3*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 4*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 5*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 6*16 + 3*4], CTR
+
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + esp]
+        movdqu  xmm1, [1*16 + esp]
+        movdqu  xmm2, [2*16 + esp]
+        movdqu  xmm3, [3*16 + esp]
+        movdqu  xmm4, [4*16 + esp]
+        movdqu  xmm5, [5*16 + esp]
+        movdqu  xmm6, [6*16 + esp]
+
+        i = 1
+        WHILE i LE 7
+            aes_rnd i
+
+            inc     ctrCtx
+            mov     CTR, ctrCtx
+            bswap   CTR
+            xor     CTR, [ctx + 3*4]
+            mov     [esp + (i-1)*16 + 3*4], CTR
+
+            i = i+1
+        ENDM
+        WHILE i LT rnds
+            aes_rnd i
+            i = i+1
+            ENDM
+        aes_last_rnd rnds
+
+        movdqu  xmm7, [0*16 + input]
+        pxor    xmm0, xmm7
+        movdqu  xmm7, [1*16 + input]
+        pxor    xmm1, xmm7
+        movdqu  xmm7, [2*16 + input]
+        pxor    xmm2, xmm7
+        movdqu  xmm7, [3*16 + input]
+        pxor    xmm3, xmm7
+        movdqu  xmm7, [4*16 + input]
+        pxor    xmm4, xmm7
+        movdqu  xmm7, [5*16 + input]
+        pxor    xmm5, xmm7
+        movdqu  xmm7, [6*16 + input]
+        pxor    xmm6, xmm7
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [esp]
+        add     esp, 16
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  xmm7, [input]
+        pxor    xmm0, xmm7
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+
+        mov     ctrCtx, [ebp + 4*5 + 0*4]
+        movdqu  xmm0, [esp]
+        movdqu  xmm1, [ctx + 0*16]
+        pxor    xmm0, xmm1
+        movdqu  [8+ctrCtx], xmm0
+
+
+        xor     eax, eax
+        mov     esp, ebp
+        pop     ebp
+        pop     CTR
+        pop     ctrCtx
+        pop     inputLen
+        ret
+ENDM
+
+
+ALIGN 16
+intel_aes_encrypt_ctr_128 PROC
+gen_aes_ctr_func  10
+intel_aes_encrypt_ctr_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ctr_192 PROC
+gen_aes_ctr_func  12
+intel_aes_encrypt_ctr_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ctr_256 PROC
+gen_aes_ctr_func  14
+intel_aes_encrypt_ctr_256 ENDP
+
+
+END
--- a/security/nss/lib/freebl/intel-aes.h
+++ b/security/nss/lib/freebl/intel-aes.h
@@ -28,16 +28,22 @@ SECStatus intel_aes_encrypt_cbc_128(AESC
 				    unsigned int inputLen,
 				    unsigned int blocksize);
 SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
 				    unsigned int maxOutputLen,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_128(CTRContext *cx, unsigned char *output,
+				    unsigned int *outputLen,
+				    unsigned int maxOutputLen,
+				    const unsigned char *input,
+				    unsigned int inputLen,
+				    unsigned int blocksize);
 SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
 				    unsigned int maxOutputLen,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
 SECStatus intel_aes_decrypt_ecb_192(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
@@ -52,16 +58,22 @@ SECStatus intel_aes_encrypt_cbc_192(AESC
 				    unsigned int inputLen,
 				    unsigned int blocksize);
 SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
 				    unsigned int maxOutputLen,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_192(CTRContext *cx, unsigned char *output,
+				    unsigned int *outputLen,
+				    unsigned int maxOutputLen,
+				    const unsigned char *input,
+				    unsigned int inputLen,
+				    unsigned int blocksize);
 SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
 				    unsigned int maxOutputLen,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
 SECStatus intel_aes_decrypt_ecb_256(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
@@ -76,16 +88,22 @@ SECStatus intel_aes_encrypt_cbc_256(AESC
 				    unsigned int inputLen,
 				    unsigned int blocksize);
 SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
 				    unsigned int *outputLen,
 				    unsigned int maxOutputLen,
 				    const unsigned char *input,
 				    unsigned int inputLen,
 				    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output,
+				    unsigned int *outputLen,
+				    unsigned int maxOutputLen,
+				    const unsigned char *input,
+				    unsigned int inputLen,
+				    unsigned int blocksize);
 
 
 #define intel_aes_ecb_worker(encrypt, keysize) \
   ((encrypt)						\
    ? ((keysize) == 16 ? intel_aes_encrypt_ecb_128 :	\
       (keysize) == 24 ? intel_aes_encrypt_ecb_192 :	\
       intel_aes_encrypt_ecb_256)			\
    : ((keysize) == 16 ? intel_aes_decrypt_ecb_128 :	\
@@ -97,16 +115,21 @@ SECStatus intel_aes_decrypt_cbc_256(AESC
   ((encrypt)						\
    ? ((keysize) == 16 ? intel_aes_encrypt_cbc_128 :	\
       (keysize) == 24 ? intel_aes_encrypt_cbc_192 :	\
       intel_aes_encrypt_cbc_256)			\
    : ((keysize) == 16 ? intel_aes_decrypt_cbc_128 :	\
       (keysize) == 24 ? intel_aes_decrypt_cbc_192 :	\
       intel_aes_decrypt_cbc_256))
 
+#define intel_aes_ctr_worker(nr) \
+   ((nr) == 10 ? intel_aes_encrypt_ctr_128 :	\
+    (nr) == 12 ? intel_aes_encrypt_ctr_192 :	\
+    intel_aes_encrypt_ctr_256)
+
 
 #define intel_aes_init(encrypt, keysize) \
   do {					 			\
       if (encrypt) {			 			\
 	  if (keysize == 16)					\
 	      intel_aes_encrypt_init_128(key, cx->expandedKey);	\
 	  else if (keysize == 24)				\
 	      intel_aes_encrypt_init_192(key, cx->expandedKey);	\
--- a/security/nss/lib/freebl/intel-gcm-wrap.c
+++ b/security/nss/lib/freebl/intel-gcm-wrap.c
@@ -1,14 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* Copyright(c) 2013, Intel Corp. */
 
-/* Wrapper funcions for Intel optimized implementation of AES-GCM */
+/* Wrapper functions for Intel optimized implementation of AES-GCM */
 
 #ifdef USE_HW_AES
 
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 
 #include "blapii.h"
@@ -19,144 +19,154 @@
 #include "prtypes.h"
 #include "pkcs11t.h"
 
 #include <limits.h>
 
 #include "intel-gcm.h"
 #include "rijndael.h"
 
-#if defined(__INTEL_COMPILER)
-#include <ia32intrin.h> 
-#elif defined(__GNUC__) || defined(__SUNPRO_C)
 #include <emmintrin.h>
 #include <tmmintrin.h>
-#endif
 
 
 struct intel_AES_GCMContextStr{
     unsigned char Htbl[16*AES_BLOCK_SIZE];
     unsigned char X0[AES_BLOCK_SIZE];
     unsigned char T[AES_BLOCK_SIZE];
     unsigned char CTR[AES_BLOCK_SIZE];
     AESContext *aes_context;
     unsigned long tagBits;
     unsigned long Alen;
     unsigned long Mlen;
 };
 
-intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, 
+intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
                freeblCipherFunc cipher,
-               const unsigned char *params, 
+               const unsigned char *params,
                unsigned int blocksize)
 {
     intel_AES_GCMContext *gcm = NULL;
     AESContext *aes = (AESContext*)context;
     const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */
-    
-    int IV_whole_len = gcmParams->ulIvLen&(~0xf);
-    int IV_remainder_len = gcmParams->ulIvLen&0xf;
-    int AAD_whole_len = gcmParams->ulAADLen&(~0xf);
-    int AAD_remainder_len = gcmParams->ulAADLen&0xf;
-    
+
+    unsigned long IV_whole_len = gcmParams->ulIvLen & (~0xful);
+    unsigned int IV_remainder_len = gcmParams->ulIvLen & 0xful;
+    unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful);
+    unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful;
+
     __m128i BSWAP_MASK = _mm_setr_epi8(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
     __m128i ONE = _mm_set_epi32(0,0,0,1);
     unsigned int j;
     SECStatus rv;
 
     if (blocksize != AES_BLOCK_SIZE) {
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       return NULL;
     }
     gcm = PORT_ZNew(intel_AES_GCMContext);
-    
+
     if (gcm == NULL) {
         return NULL;
     }
+
     /* initialize context fields */
     gcm->aes_context = aes;
     gcm->tagBits = gcmParams->ulTagBits;
     gcm->Alen = 0;
     gcm->Mlen = 0;
+
     /* first prepare H and its derivatives for ghash */
     intel_aes_gcmINIT(gcm->Htbl, (unsigned char*)aes->expandedKey, aes->Nr);
-    /* Initial TAG value is zero*/
+
+    /* Initial TAG value is zero */
     _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
     _mm_storeu_si128((__m128i*)gcm->X0, _mm_setzero_si128());
+
     /* Init the counter */
-    if(gcmParams->ulIvLen == 12) {
-        _mm_storeu_si128((__m128i*)gcm->CTR, _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0], ((unsigned int*)gcmParams->pIv)[1], ((unsigned int*)gcmParams->pIv)[2], 0x01000000));
+    if (gcmParams->ulIvLen == 12) {
+        _mm_storeu_si128((__m128i*)gcm->CTR,
+                         _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0],
+                                        ((unsigned int*)gcmParams->pIv)[1],
+                                        ((unsigned int*)gcmParams->pIv)[2],
+                                        0x01000000));
     } else {
-        /* If IV size is not 96 bits, then the initial counter value is GHASH of the IV */
+        /* If IV size is not 96 bits, then the initial counter value is GHASH
+         * of the IV */
         intel_aes_gcmAAD(gcm->Htbl, gcmParams->pIv, IV_whole_len, gcm->T);
+
         /* Partial block */
-        if(IV_remainder_len) {
+        if (IV_remainder_len) {
             PORT_Memset(buff, 0, AES_BLOCK_SIZE);
             PORT_Memcpy(buff, gcmParams->pIv + IV_whole_len, IV_remainder_len);
             intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
-         }
-         
-         intel_aes_gcmTAG
-         (
+        }
+
+        intel_aes_gcmTAG(
             gcm->Htbl,
             gcm->T,
             gcmParams->ulIvLen,
             0,
             gcm->X0,
-            gcm->CTR
-         );
+            gcm->CTR);
+
         /* TAG should be zero again */
         _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
     }
-    /* Encrypt the initial counter, will be used to encrypt the GHASH value, in the end */
-    rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR, AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+
+    /* Encrypt the initial counter, will be used to encrypt the GHASH value,
+     * in the end */
+    rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR,
+                   AES_BLOCK_SIZE, AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         goto loser;
     }
+
     /* Promote the counter by 1 */
     _mm_storeu_si128((__m128i*)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)gcm->CTR), BSWAP_MASK)), BSWAP_MASK));
 
-/*     Now hash AAD - it would actually make sense to seperate the context creation from the AAD, 
- *     because that would allow to reuse the H, which only changes when the AES key changes, 
- *     and not every package, like the IV and AAD */
+    /* Now hash AAD - it would actually make sense to seperate the context
+     * creation from the AAD, because that would allow to reuse the H, which
+     * only changes when the AES key changes, and not every package, like the
+     * IV and AAD */
     intel_aes_gcmAAD(gcm->Htbl, gcmParams->pAAD, AAD_whole_len, gcm->T);
-    if(AAD_remainder_len) {
+    if (AAD_remainder_len) {
         PORT_Memset(buff, 0, AES_BLOCK_SIZE);
         PORT_Memcpy(buff, gcmParams->pAAD + AAD_whole_len, AAD_remainder_len);
         intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
     }
     gcm->Alen += gcmParams->ulAADLen;
     return gcm;
-    
-    loser:
+
+loser:
     if (gcm) {
         PORT_Free(gcm);
     }
     return NULL;
 }
 
 void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit)
 {
     if (freeit) {
         PORT_Free(gcm);
     }
 }
 
-SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, 
+SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
             unsigned char *outbuf,
-			unsigned int *outlen, unsigned int maxout,
-			const unsigned char *inbuf, unsigned int inlen,
-			unsigned int blocksize)
+            unsigned int *outlen, unsigned int maxout,
+            const unsigned char *inbuf, unsigned int inlen,
+            unsigned int blocksize)
 {
     unsigned int tagBytes;
     unsigned char T[AES_BLOCK_SIZE];
-    int j;
+    unsigned int j;
 
-    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
     if (UINT_MAX - inlen < tagBytes) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
     if (maxout < inlen + tagBytes) {
         *outlen = inlen + tagBytes;
         PORT_SetError(SEC_ERROR_OUTPUT_LEN);
         return SECFailure;
@@ -164,71 +174,78 @@ SECStatus intel_AES_GCM_EncryptUpdate(in
 
     intel_aes_gcmENC(
         inbuf,
         outbuf,
         gcm,
         inlen);
 
     gcm->Mlen += inlen;
-      
+
     intel_aes_gcmTAG(
         gcm->Htbl,
         gcm->T,
         gcm->Mlen,
         gcm->Alen,
         gcm->X0,
         T);
 
     *outlen = inlen + tagBytes;
 
-    for(j=0; j<tagBytes; j++)
-    {
-        outbuf[inlen+j] = T[j];
+    for (j = 0; j < tagBytes; j++) {
+        outbuf[inlen + j] = T[j];
     }
     return SECSuccess;
 }
 
-SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, 
+SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
             unsigned char *outbuf,
-			unsigned int *outlen, unsigned int maxout,
-			const unsigned char *inbuf, unsigned int inlen,
-			unsigned int blocksize)
+            unsigned int *outlen, unsigned int maxout,
+            const unsigned char *inbuf, unsigned int inlen,
+            unsigned int blocksize)
 {
     unsigned int tagBytes;
     unsigned char T[AES_BLOCK_SIZE];
     const unsigned char *intag;
 
-    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
- 
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+
     /* get the authentication block */
     if (inlen < tagBytes) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
 
     inlen -= tagBytes;
     intag = inbuf + inlen;
 
+    if (maxout < inlen) {
+        *outlen = inlen;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
     intel_aes_gcmDEC(
          inbuf,
          outbuf,
          gcm,
          inlen);
 
     gcm->Mlen += inlen;
     intel_aes_gcmTAG(
          gcm->Htbl,
          gcm->T,
          gcm->Mlen,
          gcm->Alen,
          gcm->X0,
          T);
 
     if (NSS_SecureMemcmp(T, intag, tagBytes) != 0) {
+        memset(outbuf, 0, inlen);
+        *outlen = 0;
         /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
         PORT_SetError(SEC_ERROR_BAD_DATA);
         return SECFailure;
     }
     *outlen = inlen;
 
     return SECSuccess;
 }
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/intel-gcm-x64-masm.asm
@@ -0,0 +1,1301 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.DATA
+ALIGN 16
+Lone            dq 1,0
+Ltwo            dq 2,0
+Lbswap_mask     db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+Lshuff_mask     dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh
+Lpoly           dq 01h, 0c200000000000000h
+
+.CODE
+
+
+GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4
+    vpclmulqdq  TMP1, SRC2, SRC1, 0h
+    vpclmulqdq  TMP4, SRC2, SRC1, 011h
+
+    vpshufd     TMP2, SRC2, 78
+    vpshufd     TMP3, SRC1, 78
+    vpxor       TMP2, TMP2, SRC2
+    vpxor       TMP3, TMP3, SRC1
+
+    vpclmulqdq  TMP2, TMP2, TMP3, 0h
+    vpxor       TMP2, TMP2, TMP1
+    vpxor       TMP2, TMP2, TMP4
+
+    vpslldq     TMP3, TMP2, 8
+    vpsrldq     TMP2, TMP2, 8
+
+    vpxor       TMP1, TMP1, TMP3
+    vpxor       TMP4, TMP4, TMP2
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpxor       DST, TMP1, TMP4
+
+    ENDM
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the final GCM tag
+; void intel_aes_gcmTAG(unsigned char Htbl[16*16],
+;                       unsigned char *Tp,
+;                       unsigned int Mlen,
+;                       unsigned int Alen,
+;                       unsigned char *X0,
+;                       unsigned char *TAG);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmTAG PROC
+
+Htbl    textequ <rcx>
+Tp      textequ <rdx>
+Mlen    textequ <r8>
+Alen    textequ <r9>
+X0      textequ <r10>
+TAG     textequ <r11>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    mov     X0, [rsp + 1*8 + 4*8]
+    mov     TAG, [rsp + 1*8 + 5*8]
+
+    vzeroupper
+    vmovdqu T, XMMWORD PTR[Tp]
+    vpxor   TMP0, TMP0, TMP0
+
+    shl     Mlen, 3
+    shl     Alen, 3
+
+    ;vpinsrq    TMP0, TMP0, Mlen, 0
+    ;vpinsrq    TMP0, TMP0, Alen, 1
+    ; workaround the ml64.exe vpinsrq issue
+    vpinsrd TMP0, TMP0, r8d, 0
+    vpinsrd TMP0, TMP0, r9d, 2
+    shr Mlen, 32
+    shr Alen, 32
+    vpinsrd TMP0, TMP0, r8d, 1
+    vpinsrd TMP0, TMP0, r9d, 3
+
+    vpxor   T, T, TMP0
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+
+    vpshufb T, T, [Lbswap_mask]
+    vpxor   T, T, [X0]
+    vmovdqu XMMWORD PTR[TAG], T
+    vzeroupper
+
+    ret
+
+intel_aes_gcmTAG ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the H table
+; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmINIT PROC
+
+Htbl    textequ <rcx>
+KS      textequ <rdx>
+NR      textequ <r8d>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    vzeroupper
+    ; AES-ENC(0)
+    vmovdqu T, XMMWORD PTR[KS]
+    lea KS, [16 + KS]
+    dec NR
+Lenc_loop:
+        vaesenc T, T, [KS]
+        lea KS, [16 + KS]
+        dec NR
+        jnz Lenc_loop
+
+    vaesenclast T, T, [KS]
+    vpshufb T, T, [Lbswap_mask]
+
+    ;Calculate H` = GFMUL(H, 2)
+    vpsrad  xmm3, T, 31
+    vpshufd xmm3, xmm3, 0ffh
+    vpand   xmm5, xmm3, [Lpoly]
+    vpsrld  xmm3, T, 31
+    vpslld  xmm4, T, 1
+    vpslldq xmm3, xmm3, 4
+    vpxor   T, xmm4, xmm3
+    vpxor   T, T, xmm5
+
+    vmovdqu TMP0, T
+    vmovdqu XMMWORD PTR[Htbl + 0*16], T
+
+    vpshufd xmm2, T, 78
+    vpxor   xmm2, xmm2, T
+    vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2
+
+    i = 1
+    WHILE i LT 8
+        GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+        vmovdqu XMMWORD PTR[Htbl + i*16], T
+        vpshufd xmm2, T, 78
+        vpxor   xmm2, xmm2, T
+        vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2
+        i = i+1
+        ENDM
+    vzeroupper
+    ret
+intel_aes_gcmINIT ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Authenticate only
+; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmAAD PROC
+
+Htbl    textequ <rcx>
+inp     textequ <rdx>
+len     textequ <r8>
+Tp      textequ <r9>
+hlp0    textequ <r10>
+
+DATA    textequ <xmm0>
+T       textequ <xmm1>
+TMP0    textequ <xmm2>
+TMP1    textequ <xmm3>
+TMP2    textequ <xmm4>
+TMP3    textequ <xmm5>
+TMP4    textequ <xmm6>
+Xhi     textequ <xmm7>
+
+KARATSUBA_AAD MACRO i
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 0h
+    vpxor       TMP0, TMP0, TMP3
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + i*16], 0h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+    test  len, len
+    jnz   LbeginAAD
+    ret
+
+LbeginAAD:
+    vzeroupper
+
+    sub rsp, 2*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+
+    vpxor   Xhi, Xhi, Xhi
+
+    vmovdqu T, XMMWORD PTR[Tp]
+    ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+    mov hlp0, len
+    and hlp0, 128-1
+    jz  Lmod_loop
+
+    and len, -128
+    sub hlp0, 16
+
+    ; Prefix block
+    vmovdqu DATA, XMMWORD PTR[inp]
+    vpshufb DATA, DATA, [Lbswap_mask]
+    vpxor   DATA, DATA, T
+
+    vpclmulqdq  TMP0, DATA, [Htbl + hlp0], 0h
+    vpclmulqdq  TMP1, DATA, [Htbl + hlp0], 011h
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + hlp0], 0h
+
+    lea     inp, [inp+16]
+    test    hlp0, hlp0
+    jnz     Lpre_loop
+    jmp     Lred1
+
+    ;hash remaining prefix bocks (up to 7 total prefix blocks)
+Lpre_loop:
+
+        sub hlp0, 16
+
+        vmovdqu DATA, XMMWORD PTR[inp]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 0h
+        vpxor       TMP0, TMP0, TMP3
+        vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 011h
+        vpxor       TMP1, TMP1, TMP3
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + hlp0], 0h
+        vpxor       TMP2, TMP2, TMP3
+
+        test    hlp0, hlp0
+        lea     inp, [inp+16]
+        jnz     Lpre_loop
+
+Lred1:
+
+    vpxor       TMP2, TMP2, TMP0
+    vpxor       TMP2, TMP2, TMP1
+    vpsrldq     TMP3, TMP2, 8
+    vpslldq     TMP2, TMP2, 8
+
+    vpxor       Xhi, TMP1, TMP3
+    vpxor       T, TMP0, TMP2
+
+
+Lmod_loop:
+
+        sub len, 16*8
+        jb  Ldone
+        ; Block #0
+        vmovdqu DATA, XMMWORD PTR[inp + 16*7]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP0, DATA, [Htbl + 0*16], 0h
+        vpclmulqdq  TMP1, DATA, [Htbl + 0*16], 011h
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + 0*16], 0h
+
+        ; Block #1
+        vmovdqu DATA, XMMWORD PTR[inp + 16*6]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 1
+
+        ; Block #2
+        vmovdqu DATA, XMMWORD PTR[inp + 16*5]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h         ;reduction stage 1a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 2
+
+        vpxor       T, T, TMP4                          ;reduction stage 1b
+
+        ; Block #3
+        vmovdqu DATA, XMMWORD PTR[inp + 16*4]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 3
+        ; Block #4
+        vmovdqu DATA, XMMWORD PTR[inp + 16*3]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h        ;reduction stage 2a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 4
+
+        vpxor       T, T, TMP4                          ;reduction stage 2b
+        ; Block #5
+        vmovdqu DATA, XMMWORD PTR[inp + 16*2]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 5
+
+        vpxor   T, T, Xhi                               ;reduction finalize
+        ; Block #6
+        vmovdqu DATA, XMMWORD PTR[inp + 16*1]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 6
+        ; Block #7
+        vmovdqu DATA, XMMWORD PTR[inp + 16*0]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        vpxor   DATA, DATA, T
+        KARATSUBA_AAD 7
+        ; Aggregated 8 blocks, now karatsuba fixup
+        vpxor   TMP2, TMP2, TMP0
+        vpxor   TMP2, TMP2, TMP1
+        vpsrldq TMP3, TMP2, 8
+        vpslldq TMP2, TMP2, 8
+
+        vpxor   Xhi, TMP1, TMP3
+        vpxor   T, TMP0, TMP2
+
+        lea inp, [inp + 16*8]
+        jmp Lmod_loop
+
+Ldone:
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpxor       T, T, Xhi
+    vmovdqu     XMMWORD PTR[Tp], T
+    vzeroupper
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    add rsp, 16*2
+
+    ret
+
+intel_aes_gcmAAD ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Encrypt and Authenticate
+; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmENC PROC
+
+PT      textequ <rcx>
+CT      textequ <rdx>
+Htbl    textequ <r8>
+Gctx    textequ <r8>
+len     textequ <r9>
+KS      textequ <r10>
+NR      textequ <eax>
+
+aluCTR  textequ <r11d>
+aluKSl  textequ <r12d>
+aluTMP  textequ <r13d>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+TMP1    textequ <xmm2>
+TMP2    textequ <xmm3>
+TMP3    textequ <xmm4>
+TMP4    textequ <xmm5>
+TMP5    textequ <xmm6>
+CTR0    textequ <xmm7>
+CTR1    textequ <xmm8>
+CTR2    textequ <xmm9>
+CTR3    textequ <xmm10>
+CTR4    textequ <xmm11>
+CTR5    textequ <xmm12>
+CTR6    textequ <xmm13>
+CTR7    textequ <xmm14>
+BSWAPMASK   textequ <xmm15>
+
+ROUND MACRO i
+    vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+    vaesenc CTR0, CTR0, TMP3
+    vaesenc CTR1, CTR1, TMP3
+    vaesenc CTR2, CTR2, TMP3
+    vaesenc CTR3, CTR3, TMP3
+    vaesenc CTR4, CTR4, TMP3
+    vaesenc CTR5, CTR5, TMP3
+    vaesenc CTR6, CTR6, TMP3
+    vaesenc CTR7, CTR7, TMP3
+ENDM
+ROUNDMUL MACRO i
+    vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+
+    vaesenc CTR0, CTR0, TMP3
+    vaesenc CTR1, CTR1, TMP3
+    vaesenc CTR2, CTR2, TMP3
+    vaesenc CTR3, CTR3, TMP3
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+
+    vaesenc CTR4, CTR4, TMP3
+    vaesenc CTR5, CTR5, TMP3
+    vaesenc CTR6, CTR6, TMP3
+    vaesenc CTR7, CTR7, TMP3
+
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+KARATSUBA MACRO i
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+NEXTCTR MACRO i
+    add aluCTR, 1
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [3*4 + 8*16 + i*16 + rsp], aluTMP
+ENDM
+
+
+    test  len, len
+    jnz   LbeginENC
+    ret
+
+LbeginENC:
+
+    vzeroupper
+    push    r11
+    push    r12
+    push    r13
+    push    rbp
+    sub rsp, 10*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+    vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+    vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+    vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+    vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+    vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+    vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+    vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+    vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+
+    mov rbp, rsp
+    sub rsp, 16*16
+    and rsp, -16
+
+    vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+    mov     KS, [16*16 + 3*16 + Gctx]
+    mov     NR, [4 + KS]
+    lea     KS, [48 + KS]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+
+    mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    mov aluKSl, [3*4 + KS]
+    bswap   aluCTR
+    bswap   aluKSl
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[8*16 + 0*16 + rsp], TMP0
+
+    cmp len, 128
+    jb  LEncDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[8*16 + 1*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 2*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 3*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 4*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 5*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 6*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 7*16 + rsp], TMP0
+
+; Encrypt the initial 8 blocks
+    sub len, 128
+    vpaddd  CTR1, CTR0, XMMWORD PTR[Lone]
+    vpaddd  CTR2, CTR0, XMMWORD PTR[Ltwo]
+    vpaddd  CTR3, CTR2, XMMWORD PTR[Lone]
+    vpaddd  CTR4, CTR2, XMMWORD PTR[Ltwo]
+    vpaddd  CTR5, CTR4, XMMWORD PTR[Lone]
+    vpaddd  CTR6, CTR4, XMMWORD PTR[Ltwo]
+    vpaddd  CTR7, CTR6, XMMWORD PTR[Lone]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+    vpshufb CTR1, CTR1, BSWAPMASK
+    vpshufb CTR2, CTR2, BSWAPMASK
+    vpshufb CTR3, CTR3, BSWAPMASK
+    vpshufb CTR4, CTR4, BSWAPMASK
+    vpshufb CTR5, CTR5, BSWAPMASK
+    vpshufb CTR6, CTR6, BSWAPMASK
+    vpshufb CTR7, CTR7, BSWAPMASK
+
+    vmovdqu TMP3, XMMWORD PTR[0*16 + KS]
+    vpxor   CTR0, CTR0, TMP3
+    vpxor   CTR1, CTR1, TMP3
+    vpxor   CTR2, CTR2, TMP3
+    vpxor   CTR3, CTR3, TMP3
+    vpxor   CTR4, CTR4, TMP3
+    vpxor   CTR5, CTR5, TMP3
+    vpxor   CTR6, CTR6, TMP3
+    vpxor   CTR7, CTR7, TMP3
+
+    ROUND   1
+
+    add aluCTR, 8
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [8*16 + 0*16 + 3*4 + rsp], aluTMP
+
+    ROUND   2
+    NEXTCTR 1
+    ROUND   3
+    NEXTCTR 2
+    ROUND   4
+    NEXTCTR 3
+    ROUND   5
+    NEXTCTR 4
+    ROUND   6
+    NEXTCTR 5
+    ROUND   7
+    NEXTCTR 6
+    ROUND   8
+    NEXTCTR 7
+    ROUND   9
+    vmovdqu TMP5, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu TMP5, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+    vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+    vaesenclast CTR0, CTR0, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+    vaesenclast CTR1, CTR1, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+    vaesenclast CTR2, CTR2, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+    vaesenclast CTR3, CTR3, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+    vaesenclast CTR4, CTR4, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+    vaesenclast CTR5, CTR5, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+    vaesenclast CTR6, CTR6, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+    vaesenclast CTR7, CTR7, TMP3
+
+    vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+    vpshufb CTR0, CTR0, BSWAPMASK
+    vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+    vpshufb CTR1, CTR1, BSWAPMASK
+    vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+    vpshufb CTR2, CTR2, BSWAPMASK
+    vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+    vpshufb CTR3, CTR3, BSWAPMASK
+    vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+    vpshufb CTR4, CTR4, BSWAPMASK
+    vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+    vpshufb CTR5, CTR5, BSWAPMASK
+    vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+    vpshufb CTR6, CTR6, BSWAPMASK
+    vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+    vpshufb TMP5, CTR7, BSWAPMASK
+
+    vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+    vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+    vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+    vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+    vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+    vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+    vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+
+    lea CT, [8*16 + CT]
+    lea PT, [8*16 + PT]
+    jmp LEncDataOctets
+
+LEncDataOctets:
+        cmp len, 128
+        jb  LEndEncOctets
+        sub len, 128
+
+        vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + rsp]
+        vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + rsp]
+        vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + rsp]
+        vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + rsp]
+        vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + rsp]
+        vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + rsp]
+        vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + rsp]
+        vmovdqa CTR7, XMMWORD PTR[8*16 + 7*16 + rsp]
+
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+        ROUNDMUL 1
+        NEXTCTR 0
+        vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+        ROUNDMUL 2
+        NEXTCTR 1
+        vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+        ROUNDMUL 3
+        NEXTCTR 2
+        vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+        ROUNDMUL 4
+        NEXTCTR 3
+        vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+        ROUNDMUL 5
+        NEXTCTR 4
+        vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+        ROUNDMUL 6
+        NEXTCTR 5
+        vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+        ROUNDMUL 7
+        NEXTCTR 6
+
+        ROUND 8
+        NEXTCTR 7
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   T, TMP2, TMP3
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        ROUND 9
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+        vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+        vaesenclast CTR0, CTR0, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+        vaesenclast CTR1, CTR1, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+        vaesenclast CTR2, CTR2, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+        vaesenclast CTR3, CTR3, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+        vaesenclast CTR4, CTR4, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+        vaesenclast CTR5, CTR5, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+        vaesenclast CTR6, CTR6, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+        vaesenclast CTR7, CTR7, TMP3
+
+        vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+        vpshufb CTR0, CTR0, BSWAPMASK
+        vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+        vpshufb CTR1, CTR1, BSWAPMASK
+        vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+        vpshufb CTR2, CTR2, BSWAPMASK
+        vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+        vpshufb CTR3, CTR3, BSWAPMASK
+        vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+        vpshufb CTR4, CTR4, BSWAPMASK
+        vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+        vpshufb CTR5, CTR5, BSWAPMASK
+        vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+        vpshufb CTR6, CTR6, BSWAPMASK
+        vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+        vpshufb TMP5, CTR7, BSWAPMASK
+
+        vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+        vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+        vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+        vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+        vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+        vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+        vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+
+        vpxor   T, T, TMP4
+
+        lea CT, [8*16 + CT]
+        lea PT, [8*16 + PT]
+        jmp LEncDataOctets
+
+LEndEncOctets:
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+    KARATSUBA 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+    KARATSUBA 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+    KARATSUBA 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+    KARATSUBA 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+    KARATSUBA 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+    KARATSUBA 6
+    vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+    KARATSUBA 7
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   T, TMP2, TMP3
+
+    vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+    vpalignr    T,T,T,8
+    vpxor       T, T, TMP1
+
+    vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+    vpalignr    T,T,T,8
+    vpxor       T, T, TMP1
+
+    vpxor       T, T, TMP4
+
+    sub aluCTR, 7
+
+LEncDataSingles:
+
+        cmp len, 16
+        jb  LEncDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[PT]
+        vmovdqu XMMWORD PTR[CT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP1, TMP1, BSWAPMASK
+        vpxor   T, T, TMP1
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+        jmp LEncDataSingles
+
+LEncDataTail:
+
+    test    len, len
+    jz  LEncDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; zero a temp location
+    vpxor   TMP2, TMP2, TMP2
+    vmovdqa XMMWORD PTR[rsp], TMP2
+; copy as many bytes as needed
+    xor KS, KS
+
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [PT + KS]
+        mov [rsp + KS], al
+        inc KS
+        jmp @b
+@@:
+    vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+    vmovdqa XMMWORD PTR[rsp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [rsp + KS]
+        mov [CT + KS], al
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[rsp + KS], 0
+        inc KS
+        jmp @b
+@@:
+BAIL:
+    vmovdqa TMP1, XMMWORD PTR[rsp]
+    vpshufb TMP1, TMP1, BSWAPMASK
+    vpxor   T, T, TMP1
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+LEncDataEnd:
+
+    vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov rsp, rbp
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+    vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+    vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+    vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+    vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+    vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+    vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+    vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+
+    add rsp, 10*16
+    pop rbp
+    pop r13
+    pop r12
+    pop r11
+
+    vzeroupper
+
+    ret
+intel_aes_gcmENC ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Decrypt and Authenticate
+; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmDEC PROC
+
+NEXTCTR MACRO i
+    add aluCTR, 1
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [3*4 + i*16 + rsp], aluTMP
+ENDM
+
+PT      textequ <rdx>
+CT      textequ <rcx>
+
+    test  len, len
+    jnz   LbeginDEC
+    ret
+
+LbeginDEC:
+
+    vzeroupper
+    push    r11
+    push    r12
+    push    r13
+    push    rbp
+    sub rsp, 10*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+    vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+    vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+    vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+    vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+    vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+    vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+    vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+    vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+
+    mov rbp, rsp
+    sub rsp, 8*16
+    and rsp, -16
+
+    vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+    mov     KS, [16*16 + 3*16 + Gctx]
+    mov     NR, [4 + KS]
+    lea     KS, [48 + KS]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+
+    mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    mov aluKSl, [3*4 + KS]
+    bswap   aluCTR
+    bswap   aluKSl
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[0*16 + rsp], TMP0
+
+    cmp len, 128
+    jb  LDecDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[1*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[2*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[3*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[4*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[5*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[6*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[7*16 + rsp], TMP0
+
+    NEXTCTR 1
+    NEXTCTR 2
+    NEXTCTR 3
+    NEXTCTR 4
+    NEXTCTR 5
+    NEXTCTR 6
+    NEXTCTR 7
+
+LDecDataOctets:
+        cmp len, 128
+        jb  LEndDecOctets
+        sub len, 128
+
+        vmovdqa CTR0, XMMWORD PTR[0*16 + rsp]
+        vmovdqa CTR1, XMMWORD PTR[1*16 + rsp]
+        vmovdqa CTR2, XMMWORD PTR[2*16 + rsp]
+        vmovdqa CTR3, XMMWORD PTR[3*16 + rsp]
+        vmovdqa CTR4, XMMWORD PTR[4*16 + rsp]
+        vmovdqa CTR5, XMMWORD PTR[5*16 + rsp]
+        vmovdqa CTR6, XMMWORD PTR[6*16 + rsp]
+        vmovdqa CTR7, XMMWORD PTR[7*16 + rsp]
+
+        vmovdqu TMP5, XMMWORD PTR[7*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[6*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 1
+        NEXTCTR 0
+        vmovdqu TMP5, XMMWORD PTR[5*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 2
+        NEXTCTR 1
+        vmovdqu TMP5, XMMWORD PTR[4*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 3
+        NEXTCTR 2
+        vmovdqu TMP5, XMMWORD PTR[3*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 4
+        NEXTCTR 3
+        vmovdqu TMP5, XMMWORD PTR[2*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 5
+        NEXTCTR 4
+        vmovdqu TMP5, XMMWORD PTR[1*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 6
+        NEXTCTR 5
+        vmovdqu TMP5, XMMWORD PTR[0*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        vpxor   TMP5, TMP5, T
+        ROUNDMUL 7
+        NEXTCTR 6
+
+        ROUND 8
+        NEXTCTR 7
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   T, TMP2, TMP3
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        ROUND 9
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+        vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + CT]
+        vaesenclast CTR0, CTR0, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + CT]
+        vaesenclast CTR1, CTR1, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + CT]
+        vaesenclast CTR2, CTR2, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + CT]
+        vaesenclast CTR3, CTR3, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + CT]
+        vaesenclast CTR4, CTR4, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + CT]
+        vaesenclast CTR5, CTR5, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + CT]
+        vaesenclast CTR6, CTR6, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + CT]
+        vaesenclast CTR7, CTR7, TMP3
+
+        vmovdqu XMMWORD PTR[0*16 + PT], CTR0
+        vmovdqu XMMWORD PTR[1*16 + PT], CTR1
+        vmovdqu XMMWORD PTR[2*16 + PT], CTR2
+        vmovdqu XMMWORD PTR[3*16 + PT], CTR3
+        vmovdqu XMMWORD PTR[4*16 + PT], CTR4
+        vmovdqu XMMWORD PTR[5*16 + PT], CTR5
+        vmovdqu XMMWORD PTR[6*16 + PT], CTR6
+        vmovdqu XMMWORD PTR[7*16 + PT], CTR7
+
+        vpxor   T, T, TMP4
+
+        lea CT, [8*16 + CT]
+        lea PT, [8*16 + PT]
+        jmp LDecDataOctets
+
+LEndDecOctets:
+
+    sub aluCTR, 7
+
+LDecDataSingles:
+
+        cmp len, 16
+        jb  LDecDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+
+        vmovdqu TMP2, XMMWORD PTR[CT]
+        vpxor   TMP1, TMP1, TMP2
+        vmovdqu XMMWORD PTR[PT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP2, TMP2, BSWAPMASK
+        vpxor   T, T, TMP2
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+        jmp LDecDataSingles
+
+LDecDataTail:
+
+    test    len, len
+    jz      LDecDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+    inc aluCTR
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; copy as many bytes as needed
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [CT + KS]
+        mov [rsp + KS], al
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[rsp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    vmovdqa TMP2, XMMWORD PTR[rsp]
+    vpshufb TMP2, TMP2, BSWAPMASK
+    vpxor   T, T, TMP2
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, TMP5, TMP2, TMP3, TMP4
+
+
+    vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+    vmovdqa XMMWORD PTR[rsp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [rsp + KS]
+        mov [PT + KS], al
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[rsp + KS], 0
+        inc KS
+        jmp @b
+@@:
+
+LDecDataEnd:
+
+    vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov rsp, rbp
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+    vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+    vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+    vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+    vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+    vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+    vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+    vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+
+    add rsp, 10*16
+    pop rbp
+    pop r13
+    pop r12
+    pop r11
+
+    vzeroupper
+
+    ret
+ret
+intel_aes_gcmDEC ENDP
+
+
+END
new file mode 100644
--- /dev/null
+++ b/security/nss/lib/freebl/intel-gcm-x86-masm.asm
@@ -0,0 +1,1212 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.MODEL FLAT, C
+.XMM
+
+.DATA
+ALIGN 16
+Lone            dq 1,0
+Ltwo            dq 2,0
+Lbswap_mask     db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+Lshuff_mask     dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh
+Lpoly           dq 01h, 0c200000000000000h
+
+.CODE
+
+
+GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4
+    vpclmulqdq  TMP1, SRC2, SRC1, 0h
+    vpclmulqdq  TMP4, SRC2, SRC1, 011h
+
+    vpshufd     TMP2, SRC2, 78
+    vpshufd     TMP3, SRC1, 78
+    vpxor       TMP2, TMP2, SRC2
+    vpxor       TMP3, TMP3, SRC1
+
+    vpclmulqdq  TMP2, TMP2, TMP3, 0h
+    vpxor       TMP2, TMP2, TMP1
+    vpxor       TMP2, TMP2, TMP4
+
+    vpslldq     TMP3, TMP2, 8
+    vpsrldq     TMP2, TMP2, 8
+
+    vpxor       TMP1, TMP1, TMP3
+    vpxor       TMP4, TMP4, TMP2
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpxor       DST, TMP1, TMP4
+
+    ENDM
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the final GCM tag
+; void intel_aes_gcmTAG(unsigned char Htbl[16*16],
+;                       unsigned char *Tp,
+;                       unsigned int Mlen,
+;                       unsigned int Alen,
+;                       unsigned char* X0,
+;                       unsigned char* TAG);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmTAG PROC
+
+Htbl    textequ <eax>
+Tp      textequ <ecx>
+X0      textequ <edx>
+TAG     textequ <ebx>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    push    ebx
+
+    mov     Htbl,   [esp + 2*4 + 0*4]
+    mov     Tp,     [esp + 2*4 + 1*4]
+    mov     X0,     [esp + 2*4 + 4*4]
+    mov     TAG,    [esp + 2*4 + 5*4]
+
+    vzeroupper
+    vmovdqu T, XMMWORD PTR[Tp]
+
+    vpxor   TMP0, TMP0, TMP0
+    vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 2*4], 0
+    vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 3*4], 2
+    vpsllq  TMP0, TMP0, 3
+
+    vpxor   T, T, TMP0
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+
+    vpshufb T, T, [Lbswap_mask]
+    vpxor   T, T, [X0]
+    vmovdqu XMMWORD PTR[TAG], T
+    vzeroupper
+
+    pop ebx
+
+    ret
+
+intel_aes_gcmTAG ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the H table
+; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmINIT PROC
+
+Htbl    textequ <eax>
+KS      textequ <ecx>
+NR      textequ <edx>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    mov     Htbl,   [esp + 4*1 + 0*4]
+    mov     KS,     [esp + 4*1 + 1*4]
+    mov     NR,     [esp + 4*1 + 2*4]
+
+    vzeroupper
+    ; AES-ENC(0)
+    vmovdqu T, XMMWORD PTR[KS]
+    lea KS, [16 + KS]
+    dec NR
+Lenc_loop:
+        vaesenc T, T, [KS]
+        lea KS, [16 + KS]
+        dec NR
+        jnz Lenc_loop
+
+    vaesenclast T, T, [KS]
+    vpshufb T, T, [Lbswap_mask]
+
+    ;Calculate H` = GFMUL(H, 2)
+    vpsrad  xmm3, T, 31
+    vpshufd xmm3, xmm3, 0ffh
+    vpand   xmm5, xmm3, [Lpoly]
+    vpsrld  xmm3, T, 31
+    vpslld  xmm4, T, 1
+    vpslldq xmm3, xmm3, 4
+    vpxor   T, xmm4, xmm3
+    vpxor   T, T, xmm5
+
+    vmovdqu TMP0, T
+    vmovdqu XMMWORD PTR[Htbl + 0*16], T
+
+    vpshufd xmm2, T, 78
+    vpxor   xmm2, xmm2, T
+    vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2
+
+    i = 1
+    WHILE i LT 8
+        GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+        vmovdqu XMMWORD PTR[Htbl + i*16], T
+        vpshufd xmm2, T, 78
+        vpxor   xmm2, xmm2, T
+        vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2
+        i = i+1
+        ENDM
+    vzeroupper
+    ret
+intel_aes_gcmINIT ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Authenticate only
+; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmAAD PROC
+
+Htbl    textequ <eax>
+inp     textequ <ecx>
+len     textequ <edx>
+Tp      textequ <ebx>
+hlp0    textequ <esi>
+
+DATA    textequ <xmm0>
+T       textequ <xmm1>
+TMP0    textequ <xmm2>
+TMP1    textequ <xmm3>
+TMP2    textequ <xmm4>
+TMP3    textequ <xmm5>
+TMP4    textequ <xmm6>
+Xhi     textequ <xmm7>
+
+KARATSUBA_AAD MACRO i
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 0h
+    vpxor       TMP0, TMP0, TMP3
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + i*16], 0h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+    cmp   DWORD PTR[esp + 1*3 + 2*4], 0
+    jnz   LbeginAAD
+    ret
+
+LbeginAAD:
+    push    ebx
+    push    esi
+
+    mov     Htbl,   [esp + 4*3 + 0*4]
+    mov     inp,    [esp + 4*3 + 1*4]
+    mov     len,    [esp + 4*3 + 2*4]
+    mov     Tp,     [esp + 4*3 + 3*4]
+
+    vzeroupper
+
+    vpxor   Xhi, Xhi, Xhi
+
+    vmovdqu T, XMMWORD PTR[Tp]
+    ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+    mov hlp0, len
+    and hlp0, 128-1
+    jz  Lmod_loop
+
+    and len, -128
+    sub hlp0, 16
+
+    ; Prefix block
+    vmovdqu DATA, XMMWORD PTR[inp]
+    vpshufb DATA, DATA, [Lbswap_mask]
+    vpxor   DATA, DATA, T
+
+    vpclmulqdq  TMP0, DATA, XMMWORD PTR[Htbl + hlp0], 0h
+    vpclmulqdq  TMP1, DATA, XMMWORD PTR[Htbl + hlp0], 011h
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h
+
+    lea     inp, [inp+16]
+    test    hlp0, hlp0
+    jnz     Lpre_loop
+    jmp     Lred1
+
+    ;hash remaining prefix bocks (up to 7 total prefix blocks)
+Lpre_loop:
+
+        sub hlp0, 16
+
+        vmovdqu DATA, XMMWORD PTR[inp]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 0h
+        vpxor       TMP0, TMP0, TMP3
+        vpclmulqdq  TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 011h
+        vpxor       TMP1, TMP1, TMP3
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP3, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h
+        vpxor       TMP2, TMP2, TMP3
+
+        test    hlp0, hlp0
+        lea     inp, [inp+16]
+        jnz     Lpre_loop
+
+Lred1:
+
+    vpxor       TMP2, TMP2, TMP0
+    vpxor       TMP2, TMP2, TMP1
+    vpsrldq     TMP3, TMP2, 8
+    vpslldq     TMP2, TMP2, 8
+
+    vpxor       Xhi, TMP1, TMP3
+    vpxor       T, TMP0, TMP2
+
+Lmod_loop:
+
+        sub len, 16*8
+        jb  Ldone
+        ; Block #0
+        vmovdqu DATA, XMMWORD PTR[inp + 16*7]
+        vpshufb DATA, DATA, XMMWORD PTR[Lbswap_mask]
+
+        vpclmulqdq  TMP0, DATA, XMMWORD PTR[Htbl + 0*16], 0h
+        vpclmulqdq  TMP1, DATA, XMMWORD PTR[Htbl + 0*16], 011h
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + 0*16], 0h
+
+        ; Block #1
+        vmovdqu DATA, XMMWORD PTR[inp + 16*6]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 1
+
+        ; Block #2
+        vmovdqu DATA, XMMWORD PTR[inp + 16*5]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h         ;reduction stage 1a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 2
+
+        vpxor       T, T, TMP4                          ;reduction stage 1b
+
+        ; Block #3
+        vmovdqu DATA, XMMWORD PTR[inp + 16*4]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 3
+        ; Block #4
+        vmovdqu DATA, XMMWORD PTR[inp + 16*3]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h        ;reduction stage 2a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 4
+
+        vpxor       T, T, TMP4                          ;reduction stage 2b
+        ; Block #5
+        vmovdqu DATA, XMMWORD PTR[inp + 16*2]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 5
+
+        vpxor   T, T, Xhi                               ;reduction finalize
+        ; Block #6
+        vmovdqu DATA, XMMWORD PTR[inp + 16*1]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 6
+        ; Block #7
+        vmovdqu DATA, XMMWORD PTR[inp + 16*0]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        vpxor   DATA, DATA, T
+        KARATSUBA_AAD 7
+        ; Aggregated 8 blocks, now karatsuba fixup
+        vpxor   TMP2, TMP2, TMP0
+        vpxor   TMP2, TMP2, TMP1
+        vpsrldq TMP3, TMP2, 8
+        vpslldq TMP2, TMP2, 8
+
+        vpxor   Xhi, TMP1, TMP3
+        vpxor   T, TMP0, TMP2
+
+        lea inp, [inp + 16*8]
+        jmp Lmod_loop
+
+Ldone:
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpxor       T, T, Xhi
+    vmovdqu     XMMWORD PTR[Tp], T
+    vzeroupper
+
+    pop esi
+    pop ebx
+    ret
+
+intel_aes_gcmAAD ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Encrypt and Authenticate
+; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmENC PROC
+
+PT      textequ <eax>
+CT      textequ <ecx>
+Htbl    textequ <edx>
+Gctx    textequ <edx>
+len     textequ <DWORD PTR[ebp + 5*4 + 3*4]>
+KS      textequ <esi>
+NR      textequ <DWORD PTR[-40 + KS]>
+
+aluCTR  textequ <ebx>
+aluTMP  textequ <edi>
+
+T       textequ <XMMWORD PTR[16*16 + 1*16 + Gctx]>
+TMP0    textequ <xmm1>
+TMP1    textequ <xmm2>
+TMP2    textequ <xmm3>
+TMP3    textequ <xmm4>
+TMP4    textequ <xmm5>
+TMP5    textequ <xmm6>
+
+CTR0    textequ <xmm0>
+CTR1    textequ <xmm1>
+CTR2    textequ <xmm2>
+CTR3    textequ <xmm3>
+CTR4    textequ <xmm4>
+CTR5    textequ <xmm5>
+CTR6    textequ <xmm6>
+
+ROUND MACRO i
+    vmovdqu xmm7, XMMWORD PTR[i*16 + KS]
+    vaesenc CTR0, CTR0, xmm7
+    vaesenc CTR1, CTR1, xmm7
+    vaesenc CTR2, CTR2, xmm7
+    vaesenc CTR3, CTR3, xmm7
+    vaesenc CTR4, CTR4, xmm7
+    vaesenc CTR5, CTR5, xmm7
+    vaesenc CTR6, CTR6, xmm7
+ENDM
+
+KARATSUBA MACRO i
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+NEXTCTR MACRO i
+    add     aluCTR, 1
+    mov     aluTMP, aluCTR
+    bswap   aluTMP
+    xor     aluTMP, [3*4 + KS]
+    mov     [3*4 + 8*16 + i*16 + esp], aluTMP
+ENDM
+
+    cmp DWORD PTR[1*4 + 3*4 + esp], 0
+    jne LbeginENC
+    ret
+
+LbeginENC:
+
+    vzeroupper
+    push    ebp
+    push    ebx
+    push    esi
+    push    edi
+
+    mov ebp, esp
+    sub esp, 16*16
+    and esp, -16
+
+    mov PT, [ebp + 5*4 + 0*4]
+    mov CT, [ebp + 5*4 + 1*4]
+    mov Gctx, [ebp + 5*4 + 2*4]
+
+    mov     KS, [16*16 + 3*16 + Gctx]
+    lea     KS, [44 + KS]
+
+    mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    bswap   aluCTR
+
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[8*16 + 0*16 + esp], TMP0
+
+    cmp len, 16*7
+    jb  LEncDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[8*16 + 1*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 2*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 3*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 4*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 5*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 6*16 + esp], TMP0
+
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+; Encrypt the initial 7 blocks
+    sub len, 16*7
+    vpaddd  CTR1, CTR0, XMMWORD PTR[Lone]
+    vpaddd  CTR2, CTR0, XMMWORD PTR[Ltwo]
+    vpaddd  CTR3, CTR2, XMMWORD PTR[Lone]
+    vpaddd  CTR4, CTR2, XMMWORD PTR[Ltwo]
+    vpaddd  CTR5, CTR4, XMMWORD PTR[Lone]
+    vpaddd  CTR6, CTR4, XMMWORD PTR[Ltwo]
+
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR6, CTR6, XMMWORD PTR[Lbswap_mask]
+
+    vmovdqu xmm7, XMMWORD PTR[0*16 + KS]
+    vpxor   CTR0, CTR0, xmm7
+    vpxor   CTR1, CTR1, xmm7
+    vpxor   CTR2, CTR2, xmm7
+    vpxor   CTR3, CTR3, xmm7
+    vpxor   CTR4, CTR4, xmm7
+    vpxor   CTR5, CTR5, xmm7
+    vpxor   CTR6, CTR6, xmm7
+
+    ROUND   1
+
+    add aluCTR, 7
+    mov aluTMP, aluCTR
+    bswap   aluTMP
+    xor aluTMP, [KS + 3*4]
+    mov [8*16 + 0*16 + 3*4 + esp], aluTMP
+
+    ROUND   2
+    NEXTCTR 1
+    ROUND   3
+    NEXTCTR 2
+    ROUND   4
+    NEXTCTR 3
+    ROUND   5
+    NEXTCTR 4
+    ROUND   6
+    NEXTCTR 5
+    ROUND   7
+    NEXTCTR 6
+    ROUND   8
+    ROUND   9
+    vmovdqu xmm7, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu xmm7, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast CTR0, CTR0, xmm7
+    vaesenclast CTR1, CTR1, xmm7
+    vaesenclast CTR2, CTR2, xmm7
+    vaesenclast CTR3, CTR3, xmm7
+    vaesenclast CTR4, CTR4, xmm7
+    vaesenclast CTR5, CTR5, xmm7
+    vaesenclast CTR6, CTR6, xmm7
+
+    vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + PT]
+    vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + PT]
+    vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + PT]
+    vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + PT]
+    vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + PT]
+    vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + PT]
+    vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + PT]
+
+    vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+    vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+    vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+    vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+    vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+    vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+    vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+    vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask]
+
+    vmovdqa XMMWORD PTR[1*16 + esp], CTR5
+    vmovdqa XMMWORD PTR[2*16 + esp], CTR4
+    vmovdqa XMMWORD PTR[3*16 + esp], CTR3
+    vmovdqa XMMWORD PTR[4*16 + esp], CTR2
+    vmovdqa XMMWORD PTR[5*16 + esp], CTR1
+    vmovdqa XMMWORD PTR[6*16 + esp], CTR0
+
+    lea CT, [7*16 + CT]
+    lea PT, [7*16 + PT]
+    jmp LEncData7
+
+LEncData7:
+        cmp len, 16*7
+        jb  LEndEnc7
+        sub len, 16*7
+
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[1*16 + esp]
+        KARATSUBA 1
+        vmovdqu TMP5, XMMWORD PTR[2*16 + esp]
+        KARATSUBA 2
+        vmovdqu TMP5, XMMWORD PTR[3*16 + esp]
+        KARATSUBA 3
+        vmovdqu TMP5, XMMWORD PTR[4*16 + esp]
+        KARATSUBA 4
+        vmovdqu TMP5, XMMWORD PTR[5*16 + esp]
+        KARATSUBA 5
+        vmovdqu TMP5, XMMWORD PTR[6*16 + esp]
+        vpxor   TMP5, TMP5, T
+        KARATSUBA 6
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   TMP5, TMP2, TMP3
+
+        vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+        vpalignr    TMP5,TMP5,TMP5,8
+        vpxor       TMP5, TMP5, TMP1
+
+        vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+        vpalignr    TMP5,TMP5,TMP5,8
+        vpxor       TMP5, TMP5, TMP1
+
+        vpxor       TMP5, TMP5, TMP4
+        vmovdqu     T, TMP5
+
+        vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + esp]
+        vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + esp]
+        vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + esp]
+        vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + esp]
+        vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + esp]
+        vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + esp]
+        vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + esp]
+
+        ROUND 1
+        NEXTCTR 0
+        ROUND 2
+        NEXTCTR 1
+        ROUND 3
+        NEXTCTR 2
+        ROUND 4
+        NEXTCTR 3
+        ROUND 5
+        NEXTCTR 4
+        ROUND 6
+        NEXTCTR 5
+        ROUND 7
+        NEXTCTR 6
+
+        ROUND 8
+        ROUND 9
+
+        vmovdqu     xmm7, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     xmm7, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast CTR0, CTR0, xmm7
+        vaesenclast CTR1, CTR1, xmm7
+        vaesenclast CTR2, CTR2, xmm7
+        vaesenclast CTR3, CTR3, xmm7
+        vaesenclast CTR4, CTR4, xmm7
+        vaesenclast CTR5, CTR5, xmm7
+        vaesenclast CTR6, CTR6, xmm7
+
+        vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + PT]
+        vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + PT]
+        vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + PT]
+        vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + PT]
+        vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + PT]
+        vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + PT]
+        vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + PT]
+
+        vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+        vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+        vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+        vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+        vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+        vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+        vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+
+        vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+        vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask]
+
+        vmovdqa XMMWORD PTR[1*16 + esp], CTR5
+        vmovdqa XMMWORD PTR[2*16 + esp], CTR4
+        vmovdqa XMMWORD PTR[3*16 + esp], CTR3
+        vmovdqa XMMWORD PTR[4*16 + esp], CTR2
+        vmovdqa XMMWORD PTR[5*16 + esp], CTR1
+        vmovdqa XMMWORD PTR[6*16 + esp], CTR0
+
+        lea CT, [7*16 + CT]
+        lea PT, [7*16 + PT]
+        jmp LEncData7
+
+LEndEnc7:
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    vmovdqu TMP5, XMMWORD PTR[1*16 + esp]
+    KARATSUBA 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + esp]
+    KARATSUBA 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + esp]
+    KARATSUBA 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + esp]
+    KARATSUBA 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + esp]
+    KARATSUBA 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + esp]
+    vpxor   TMP5, TMP5, T
+    KARATSUBA 6
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   TMP5, TMP2, TMP3
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpxor       TMP5, TMP5, TMP4
+    vmovdqu     T, TMP5
+
+    sub aluCTR, 6
+
+LEncDataSingles:
+
+        cmp len, 16
+        jb  LEncDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[PT]
+        vmovdqu XMMWORD PTR[CT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+        vpxor   TMP1, TMP1, T
+
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+        vmovdqu T, TMP1
+
+        jmp LEncDataSingles
+
+LEncDataTail:
+
+    cmp len, 0
+    je  LEncDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp]
+
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; zero a temp location
+    vpxor   TMP2, TMP2, TMP2
+    vmovdqa XMMWORD PTR[esp], TMP2
+; copy as many bytes as needed
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov di, [PT + KS]
+        mov [esp + KS], di
+        inc KS
+        jmp @b
+@@:
+    vpxor   TMP1, TMP1, XMMWORD PTR[esp]
+    vmovdqa XMMWORD PTR[esp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov di, [esp + KS]
+        mov [CT + KS], di
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[esp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    vmovdqa TMP1, XMMWORD PTR[esp]
+
+    vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP1, TMP1, T
+
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+    vmovdqu T, TMP1
+
+LEncDataEnd:
+    inc     aluCTR
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov esp, ebp
+    pop edi
+    pop esi
+    pop ebx
+    pop ebp
+
+
+    vzeroupper
+
+    ret
+intel_aes_gcmENC ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Decrypt and Authenticate
+; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+
+NEXTCTR MACRO i
+    add     aluCTR, 1
+    mov     aluTMP, aluCTR
+    bswap   aluTMP
+    xor     aluTMP, [3*4 + KS]
+    mov     [3*4 + i*16 + esp], aluTMP
+ENDM
+
+intel_aes_gcmDEC PROC
+
+    cmp DWORD PTR[1*4 + 3*4 + esp], 0
+    jne LbeginDEC
+    ret
+
+LbeginDEC:
+
+    vzeroupper
+    push    ebp
+    push    ebx
+    push    esi
+    push    edi
+
+    mov ebp, esp
+    sub esp, 8*16
+    and esp, -16
+
+    mov CT, [ebp + 5*4 + 0*4]
+    mov PT, [ebp + 5*4 + 1*4]
+    mov Gctx, [ebp + 5*4 + 2*4]
+
+    mov     KS, [16*16 + 3*16 + Gctx]
+    lea     KS, [44 + KS]
+
+    mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    bswap   aluCTR
+
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[0*16 + esp], TMP0
+
+    cmp len, 16*7
+    jb  LDecDataSingles
+    vmovdqu XMMWORD PTR[1*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[2*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[3*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[4*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[5*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[6*16 + esp], TMP0
+    dec aluCTR
+
+LDecData7:
+    cmp len, 16*7
+    jb  LDecData7End
+    sub len, 16*7
+
+    vmovdqu TMP5, XMMWORD PTR[0*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP5, TMP5, T
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[6*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[6*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    NEXTCTR 0
+    vmovdqu TMP5, XMMWORD PTR[1*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 5
+    NEXTCTR 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 4
+    NEXTCTR 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 3
+    NEXTCTR 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 2
+    NEXTCTR 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 1
+    NEXTCTR 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 0
+    NEXTCTR 6
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   TMP5, TMP2, TMP3
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpxor       TMP5, TMP5, TMP4
+    vmovdqu     T, TMP5
+
+    vmovdqa CTR0, XMMWORD PTR[0*16 + esp]
+    vmovdqa CTR1, XMMWORD PTR[1*16 + esp]
+    vmovdqa CTR2, XMMWORD PTR[2*16 + esp]
+    vmovdqa CTR3, XMMWORD PTR[3*16 + esp]
+    vmovdqa CTR4, XMMWORD PTR[4*16 + esp]
+    vmovdqa CTR5, XMMWORD PTR[5*16 + esp]
+    vmovdqa CTR6, XMMWORD PTR[6*16 + esp]
+
+    ROUND   1
+    ROUND   2
+    ROUND   3
+    ROUND   4
+    ROUND   5
+    ROUND   6
+    ROUND   7
+    ROUND   8
+    ROUND   9
+    vmovdqu xmm7, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu xmm7, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast CTR0, CTR0, xmm7
+    vaesenclast CTR1, CTR1, xmm7
+    vaesenclast CTR2, CTR2, xmm7
+    vaesenclast CTR3, CTR3, xmm7
+    vaesenclast CTR4, CTR4, xmm7
+    vaesenclast CTR5, CTR5, xmm7
+    vaesenclast CTR6, CTR6, xmm7
+
+    vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + CT]
+    vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + CT]
+    vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + CT]
+    vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + CT]
+    vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + CT]
+    vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + CT]
+    vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + CT]
+
+    vmovdqu XMMWORD PTR[0*16 + PT], CTR0
+    vmovdqu XMMWORD PTR[1*16 + PT], CTR1
+    vmovdqu XMMWORD PTR[2*16 + PT], CTR2
+    vmovdqu XMMWORD PTR[3*16 + PT], CTR3
+    vmovdqu XMMWORD PTR[4*16 + PT], CTR4
+    vmovdqu XMMWORD PTR[5*16 + PT], CTR5
+    vmovdqu XMMWORD PTR[6*16 + PT], CTR6
+
+    lea CT, [7*16 + CT]
+    lea PT, [7*16 + PT]
+    jmp LDecData7
+
+LDecData7End:
+
+    NEXTCTR 0
+
+LDecDataSingles:
+
+        cmp len, 16
+        jb  LDecDataTail
+        sub len, 16
+
+        vmovdqu TMP1, XMMWORD PTR[CT]
+        vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+        vpxor   TMP1, TMP1, T
+
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+        vmovdqu T, TMP1
+
+        vmovdqa TMP1, XMMWORD PTR[0*16 + esp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[CT]
+        vmovdqu XMMWORD PTR[PT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+        jmp LDecDataSingles
+
+LDecDataTail:
+
+    cmp len, 0
+    je  LDecDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[0*16 + esp]
+    inc aluCTR
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast xmm7, TMP1, TMP2
+
+; copy as many bytes as needed
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov di, [CT + KS]
+        mov [esp + KS], di
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[esp + KS], 0
+        inc KS
+        jmp @b
+@@:
+
+    vmovdqa TMP1, XMMWORD PTR[esp]
+    vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP1, TMP1, T
+
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+    vmovdqu T, TMP1
+
+
+    vpxor   xmm7, xmm7, XMMWORD PTR[esp]
+    vmovdqa XMMWORD PTR[esp], xmm7
+    xor     KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov di, [esp + KS]
+        mov [PT + KS], di
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[PT + KS], 0
+        inc KS
+        jmp @b
+@@:
+
+LDecDataEnd:
+
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov esp, ebp
+    pop edi
+    pop esi
+    pop ebx
+    pop ebp
+
+    vzeroupper
+
+    ret
+intel_aes_gcmDEC ENDP
+
+
+END
--- a/security/nss/lib/freebl/intel-gcm.h
+++ b/security/nss/lib/freebl/intel-gcm.h
@@ -26,17 +26,17 @@
 
 typedef struct intel_AES_GCMContextStr intel_AES_GCMContext;
 
 intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher,
 			const unsigned char *params, unsigned int blocksize);
 
 void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit);
 
-SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext  *gcm, unsigned char *outbuf,
+SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
 			unsigned int *outlen, unsigned int maxout,
 			const unsigned char *inbuf, unsigned int inlen,
 			unsigned int blocksize);
 
 SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
 			unsigned int *outlen, unsigned int maxout,
 			const unsigned char *inbuf, unsigned int inlen,
 			unsigned int blocksize);
--- a/security/nss/lib/freebl/ldvector.c
+++ b/security/nss/lib/freebl/ldvector.c
@@ -275,29 +275,35 @@ static const struct FREEBLVectorStr vect
     RSA_EncryptOAEP,
     RSA_DecryptOAEP,
     RSA_EncryptBlock,
     RSA_DecryptBlock,
     RSA_SignPSS,
     RSA_CheckSignPSS,
     RSA_Sign,
     RSA_CheckSign,
-    RSA_CheckSignRecover
+    RSA_CheckSignRecover,
 
     /* End of Version 3.016 */
+
+    EC_FillParams,
+    EC_DecodeParams,
+    EC_CopyParams
+
+    /* End of Version 3.017 */
 };
 
-const FREEBLVector * 
+const FREEBLVector *
 FREEBL_GetVector(void)
 {
     extern const char __nss_freebl_rcsid[];
     extern const char __nss_freebl_sccsid[];
 
     /* force a reference that won't get optimized away */
     volatile char c;
 
-    c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; 
+    c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0];
 #ifdef FREEBL_NO_DEPEND
     FREEBL_InitStubs();
 #endif
     return &vector;
 }
 
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -2088,8 +2088,34 @@ SECStatus RSA_CheckSignRecover(RSAPublic
                                unsigned int maxOutputLen,
                                const unsigned char *sig,
                                unsigned int sigLen) {
   if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
       return SECFailure;
   return (vector->p_RSA_CheckSignRecover)(key, output, outputLen, maxOutputLen,
                                           sig, sigLen);
 }
+
+SECStatus EC_FillParams(PLArenaPool *arena,
+                        const SECItem *encodedParams,
+                        ECParams *params)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_FillParams)(arena, encodedParams, params);
+}
+
+SECStatus EC_DecodeParams(const SECItem *encodedParams,
+                          ECParams **ecparams)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_DecodeParams)(encodedParams, ecparams);
+}
+
+SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                        const ECParams *srcParams)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_CopyParams)(arena, dstParams,  srcParams);
+}
+
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -5,17 +5,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _LOADER_H_
 #define _LOADER_H_ 1
 
 #include "blapi.h"
 
-#define FREEBL_VERSION 0x0310
+#define FREEBL_VERSION 0x0311
 
 struct FREEBLVectorStr {
 
   unsigned short length;  /* of this struct in bytes */
   unsigned short version; /* of this struct. */
 
   RSAPrivateKey * (* p_RSA_NewKey)(int         keySizeInBits,
 				 SECItem *   publicExponent);
@@ -693,16 +693,25 @@ struct FREEBLVectorStr {
                                       unsigned char *output,
                                       unsigned int *outputLen,
                                       unsigned int maxOutputLen,
                                       const unsigned char *sig,
                                       unsigned int sigLen);
 
   /* Version 3.016 came to here */
 
+ SECStatus (* p_EC_FillParams)(PLArenaPool *arena,
+                               const SECItem *encodedParams, ECParams *params);
+ SECStatus (* p_EC_DecodeParams)(const SECItem *encodedParams,
+                               ECParams **ecparams);
+ SECStatus (* p_EC_CopyParams)(PLArenaPool *arena, ECParams *dstParams,
+                               const ECParams *srcParams);
+
+  /* Version 3.017 came to here */
+
   /* Add new function pointers at the end of this struct and bump
    * FREEBL_VERSION at the beginning of this file. */
  };
 
 typedef struct FREEBLVectorStr FREEBLVector;
 
 SEC_BEGIN_PROTOS
 
--- a/security/nss/lib/freebl/manifest.mn
+++ b/security/nss/lib/freebl/manifest.mn
@@ -105,16 +105,17 @@ CSRCS = \
 	ctr.c \
 	gcm.c \
 	hmacct.c \
 	rijndael.c \
 	aeskeywrap.c \
 	camellia.c \
 	dh.c \
 	ec.c \
+	ecdecode.c \
 	pqg.c \
 	dsa.c \
 	rsa.c \
 	rsapkcs.c \
 	shvfy.c \
 	tlsprfalg.c \
 	seed.c \
 	jpake.c \
--- a/security/nss/lib/freebl/rijndael.c
+++ b/security/nss/lib/freebl/rijndael.c
@@ -831,17 +831,16 @@ static SECStatus
 rijndael_encryptECB(AESContext *cx, unsigned char *output,
                     unsigned int *outputLen, unsigned int maxOutputLen,
                     const unsigned char *input, unsigned int inputLen, 
                     unsigned int blocksize)
 {
     SECStatus rv;
     AESBlockFunc *encryptor;
 
-
     encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) 
 				  ? &rijndael_encryptBlock128 
 				  : &rijndael_encryptBlock;
     while (inputLen > 0) {
         rv = (*encryptor)(cx, output, input);
 	if (rv != SECSuccess)
 	    return rv;
 	output += blocksize;
@@ -1067,27 +1066,31 @@ aes_InitContext(AESContext *cx, const un
     if (mode == NSS_AES_CBC) {
 	memcpy(cx->iv, iv, blocksize);
 #ifdef USE_HW_AES
 	if (use_hw_aes) {
 	    cx->worker = (freeblCipherFunc)
 				intel_aes_cbc_worker(encrypt, keysize);
 	} else
 #endif
+	{
 	    cx->worker = (freeblCipherFunc) (encrypt
 			  ? &rijndael_encryptCBC : &rijndael_decryptCBC);
+	}
     } else {
 #ifdef  USE_HW_AES
 	if (use_hw_aes) {
 	    cx->worker = (freeblCipherFunc) 
 				intel_aes_ecb_worker(encrypt, keysize);
 	} else
 #endif
+	{
 	    cx->worker = (freeblCipherFunc) (encrypt
 			  ? &rijndael_encryptECB : &rijndael_decryptECB);
+	}
     }
     PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
     if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	goto cleanup;
     }
 #ifdef USE_HW_AES
     if (use_hw_aes) {
@@ -1175,17 +1178,24 @@ AES_InitContext(AESContext *cx, const un
 	cx->worker = (freeblCipherFunc)
 			(encrypt ? GCM_EncryptUpdate : GCM_DecryptUpdate);
 	cx->destroy = (freeblDestroyFunc) GCM_DestroyContext;
 	cx->isBlock = PR_FALSE;
 	}
 	break;
     case NSS_AES_CTR:
 	cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize);
-	cx->worker = (freeblCipherFunc) CTR_Update ;
+#if defined(USE_HW_AES) && defined(_MSC_VER)
+	if (use_hw_aes) {
+	    cx->worker = (freeblCipherFunc) CTR_Update_HW_AES;
+	} else
+#endif
+	{
+	    cx->worker = (freeblCipherFunc) CTR_Update;
+	}
 	cx->destroy = (freeblDestroyFunc) CTR_DestroyContext;
 	cx->isBlock = PR_FALSE;
 	break;
     default:
 	/* everything has already been set up by aes_InitContext, just
 	 * return */
 	return SECSuccess;
     }
--- a/security/nss/lib/freebl/stubs.c
+++ b/security/nss/lib/freebl/stubs.c
@@ -100,16 +100,17 @@
 #define STUB_SAFE_CALL4(fn,a1,a2,a3,a4) \
     if (fn) { return fn(a1,a2,a3,a4); }
 #define STUB_SAFE_CALL6(fn,a1,a2,a3,a4,a5,a6) \
     if (fn) { return fn(a1,a2,a3,a4,a5,a6); }
 #endif
 
 
 STUB_DECLARE(void *,PORT_Alloc_Util,(size_t len));
+STUB_DECLARE(void *,PORT_ArenaAlloc_Util,(PLArenaPool *arena, size_t size));
 STUB_DECLARE(void *,PORT_ArenaZAlloc_Util,(PLArenaPool *arena, size_t size));
 STUB_DECLARE(void ,PORT_Free_Util,(void *ptr));
 STUB_DECLARE(void ,PORT_FreeArena_Util,(PLArenaPool *arena, PRBool zero));
 STUB_DECLARE(int,PORT_GetError_Util,(void));
 STUB_DECLARE(PLArenaPool *,PORT_NewArena_Util,(unsigned long chunksize));
 STUB_DECLARE(void,PORT_SetError_Util,(int value));
 STUB_DECLARE(void *,PORT_ZAlloc_Util,(size_t len));
 STUB_DECLARE(void,PORT_ZFree_Util,(void *ptr, size_t len));
@@ -136,22 +137,23 @@ STUB_DECLARE(PROffset32,PR_Seek,(PRFileD
 STUB_DECLARE(PRStatus,PR_Sleep,(PRIntervalTime ticks));
 STUB_DECLARE(PRStatus,PR_Unlock,(PRLock *lock));
 STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar,
 			PRIntervalTime timeout));
 
 
 STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena,
 			SECItem *item,unsigned int len));
-STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a, 
+STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a,
 			const SECItem *b));
 STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PLArenaPool *arena,
 			SECItem *to,const SECItem *from));
 STUB_DECLARE(void,SECITEM_FreeItem_Util,(SECItem *zap, PRBool freeit));
 STUB_DECLARE(void,SECITEM_ZfreeItem_Util,(SECItem *zap, PRBool freeit));
+STUB_DECLARE(SECOidTag,SECOID_FindOIDTag_Util,(const SECItem *oid));
 STUB_DECLARE(int, NSS_SecureMemcmp,(const void *a, const void *b, size_t n));
 
 
 #define PORT_ZNew_stub(type) (type*)PORT_ZAlloc_stub(sizeof(type))
 #define PORT_New_stub(type) (type*)PORT_Alloc_stub(sizeof(type))
 #define PORT_ZNewArray_stub(type, num)       \
                 (type*) PORT_ZAlloc_stub (sizeof(type)*(num))
 
@@ -207,24 +209,33 @@ PR_Free_stub(void *ptr)
     return free(ptr);
 }
 
 /*
  * arenas
  *
  */
 extern PLArenaPool *
-PORT_NewArena_stub(unsigned long chunksize) 
+PORT_NewArena_stub(unsigned long chunksize)
 {
     STUB_SAFE_CALL1(PORT_NewArena_Util, chunksize);
     abort();
     return NULL;
 }
 
 extern void *
+PORT_ArenaAlloc_stub(PLArenaPool *arena, size_t size)
+{
+
+    STUB_SAFE_CALL2(PORT_ArenaZAlloc_Util, arena, size);
+    abort();
+    return NULL;
+}
+
+extern void *
 PORT_ArenaZAlloc_stub(PLArenaPool *arena, size_t size)
 {
 
     STUB_SAFE_CALL2(PORT_ArenaZAlloc_Util, arena, size);
     abort();
     return NULL;
 }
 
@@ -495,24 +506,32 @@ SECITEM_AllocItem_stub(PLArenaPool *aren
 extern SECComparison
 SECITEM_CompareItem_stub(const SECItem *a, const SECItem *b) 
 {
     STUB_SAFE_CALL2(SECITEM_CompareItem_Util, a, b);
     abort();
     return SECEqual;
 }
 
-extern SECStatus 
+extern SECStatus
 SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from)
 {
     STUB_SAFE_CALL3(SECITEM_CopyItem_Util, arena, to, from);
     abort();
     return SECFailure;
 }
 
+extern SECOidTag
+SECOID_FindOIDTag_stub(const SECItem *oid)
+{
+    STUB_SAFE_CALL1(SECOID_FindOIDTag_Util, oid);
+    abort();
+    return SEC_OID_UNKNOWN;
+}
+
 extern void
 SECITEM_ZfreeItem_stub(SECItem *zap, PRBool freeit)
 {
     STUB_SAFE_CALL2(SECITEM_ZfreeItem_Util, zap, freeit);
     abort();
 }
 
 extern int
@@ -555,25 +574,27 @@ freebl_InitNSPR(void *lib)
 static SECStatus
 freebl_InitNSSUtil(void *lib)
 {
     STUB_FETCH_FUNCTION(PORT_Alloc_Util);
     STUB_FETCH_FUNCTION(PORT_Free_Util);
     STUB_FETCH_FUNCTION(PORT_ZAlloc_Util);
     STUB_FETCH_FUNCTION(PORT_ZFree_Util);
     STUB_FETCH_FUNCTION(PORT_NewArena_Util);
+    STUB_FETCH_FUNCTION(PORT_ArenaAlloc_Util);
     STUB_FETCH_FUNCTION(PORT_ArenaZAlloc_Util);
     STUB_FETCH_FUNCTION(PORT_FreeArena_Util);
     STUB_FETCH_FUNCTION(PORT_GetError_Util);
     STUB_FETCH_FUNCTION(PORT_SetError_Util);
     STUB_FETCH_FUNCTION(SECITEM_FreeItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_AllocItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_CompareItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_CopyItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util);
+    STUB_FETCH_FUNCTION(SECOID_FindOIDTag_Util);
     STUB_FETCH_FUNCTION(NSS_SecureMemcmp);
     return SECSuccess;
 }
 
 /*
  * fetch the library if it's loaded. For NSS it should already be loaded
  */
 #define freebl_getLibrary(libName)  \
--- a/security/nss/lib/freebl/stubs.h
+++ b/security/nss/lib/freebl/stubs.h
@@ -9,37 +9,39 @@
  */
 
 #ifndef _STUBS_H
 #define _STUBS_H_ 1
 
 #ifdef _LIBUTIL_H_
 /* must be included before util */
 /*#error stubs.h included too late */
-#define MP_DIGITES(x) "stubs included too late" 
+#define MP_DIGITES(x) "stubs included too late"
 #endif
 
 /* hide libutil rename */
 #define _LIBUTIL_H_ 1
 
 #define PORT_Alloc PORT_Alloc_stub
+#define PORT_ArenaAlloc  PORT_ArenaAlloc_stub
 #define PORT_ArenaZAlloc  PORT_ArenaZAlloc_stub
 #define PORT_Free PORT_Free_stub
 #define PORT_FreeArena  PORT_FreeArena_stub
 #define PORT_GetError  PORT_GetError_stub
 #define PORT_NewArena  PORT_NewArena_stub
 #define PORT_SetError  PORT_SetError_stub
 #define PORT_ZAlloc PORT_ZAlloc_stub
 #define PORT_ZFree  PORT_ZFree_stub
 
 #define SECITEM_AllocItem  SECITEM_AllocItem_stub
 #define SECITEM_CompareItem  SECITEM_CompareItem_stub
 #define SECITEM_CopyItem  SECITEM_CopyItem_stub
 #define SECITEM_FreeItem  SECITEM_FreeItem_stub
 #define SECITEM_ZfreeItem  SECITEM_ZfreeItem_stub
+#define SECOID_FindOIDTag  SECOID_FindOIDTag_stub
 #define NSS_SecureMemcmp NSS_SecureMemcmp_stub
 
 #define PR_Assert  PR_Assert_stub
 #define PR_CallOnce  PR_CallOnce_stub
 #define PR_Close  PR_Close_stub
 #define PR_DestroyCondVar PR_DestroyCondVar_stub
 #define PR_DestroyLock  PR_DestroyLock_stub
 #define PR_Free  PR_Free_stub
deleted file mode 100755
--- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * pkix_buildparams.c
- *
- * Build Params Object Functions
- *
- */
-
-#include "pkix_buildparams.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_BuildParams_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Destroy(
-        PKIX_PL_Object *object,
-        void *plContext)
-{
-        PKIX_BuildParams *params = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Destroy");
-        PKIX_NULLCHECK_ONE(object);
-
-        /* Check that this object is a build params object */
-        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
-                    "Object is not a build params object");
-
-        params = (PKIX_BuildParams *)object;
-
-        PKIX_DECREF(params->procParams);
-
-cleanup:
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Equals(
-        PKIX_PL_Object *first,
-        PKIX_PL_Object *second,
-        PKIX_Boolean *pResult,
-        void *plContext)
-{
-        PKIX_UInt32 secondType;
-        PKIX_Boolean cmpResult;
-        PKIX_BuildParams *firstBuildParams = NULL;
-        PKIX_BuildParams *secondBuildParams = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Equals");
-        PKIX_NULLCHECK_THREE(first, second, pResult);
-
-        PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDPARAMS_TYPE, plContext),
-                    "First Argument is not a BuildParams object");
-
-        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
-                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
-        *pResult = PKIX_FALSE;
-
-        if (secondType != PKIX_BUILDPARAMS_TYPE) goto cleanup;
-
-        firstBuildParams = (PKIX_BuildParams *)first;
-        secondBuildParams = (PKIX_BuildParams *)second;
-
-        PKIX_CHECK(PKIX_PL_Object_Equals
-                    ((PKIX_PL_Object *)firstBuildParams->procParams,
-                    (PKIX_PL_Object *)secondBuildParams->procParams,
-                    &cmpResult,
-                    plContext),
-                    PKIX_OBJECTEQUALSFAILED);
-
-        if (!cmpResult) goto cleanup;
-
-        *pResult = cmpResult;
-
-cleanup:
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Hashcode(
-        PKIX_PL_Object *object,
-        PKIX_UInt32 *pHashcode,
-        void *plContext)
-{
-        PKIX_BuildParams *buildParams = NULL;
-        PKIX_UInt32 hash = 0;
-        PKIX_UInt32 procParamsHash = 0;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Hashcode");
-        PKIX_NULLCHECK_TWO(object, pHashcode);
-
-        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
-                    "Object is not a processingParams object");
-
-        buildParams = (PKIX_BuildParams*)object;
-
-        PKIX_CHECK(PKIX_PL_Object_Hashcode
-                    ((PKIX_PL_Object *)buildParams->procParams,
-                    &procParamsHash,
-                    plContext),
-                    PKIX_OBJECTHASHCODEFAILED);
-
-        hash = 31 * procParamsHash;
-
-        *pHashcode = hash;
-
-cleanup:
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_ToString(
-        PKIX_PL_Object *object,
-        PKIX_PL_String **pString,
-        void *plContext)
-{
-        PKIX_BuildParams *buildParams = NULL;
-        char *asciiFormat = NULL;
-        PKIX_PL_String *formatString = NULL;
-        PKIX_PL_String *buildParamsString = NULL;
-
-        PKIX_PL_String *procParamsString = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_ToString");
-        PKIX_NULLCHECK_TWO(object, pString);
-
-        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
-                    PKIX_OBJECTNOTBUILDPARAMS);
-
-        asciiFormat =
-                "[\n"
-                "\tProcessing Params: \n"
-                "\t********BEGIN PROCESSING PARAMS********\n"
-                "\t\t%s\n"
-                "\t********END PROCESSING PARAMS********\n"
-                "]\n";
-
-        PKIX_CHECK(PKIX_PL_String_Create
-                    (PKIX_ESCASCII,
-                    asciiFormat,
-                    0,
-                    &formatString,
-                    plContext),
-                    PKIX_STRINGCREATEFAILED);
-
-        buildParams = (PKIX_BuildParams*)object;
-
-        PKIX_CHECK(PKIX_PL_Object_ToString
-                    ((PKIX_PL_Object*)buildParams->procParams,
-                    &procParamsString,
-                    plContext),
-                    PKIX_OBJECTTOSTRINGFAILED);
-
-        PKIX_CHECK(PKIX_PL_Sprintf
-                    (&buildParamsString,
-                    plContext,
-                    formatString,
-                    procParamsString),
-                    PKIX_SPRINTFFAILED);
-
-        *pString = buildParamsString;
-
-cleanup:
-
-        PKIX_DECREF(formatString);
-        PKIX_DECREF(procParamsString);
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_RegisterSelf
- * DESCRIPTION:
- *  Registers PKIX_BUILDPARAMS_TYPE and its related functions with
- *  systemClasses[]
- * THREAD SAFETY:
- *  Not Thread Safe - for performance and complexity reasons
- *
- *  Since this function is only called by PKIX_PL_Initialize, which should
- *  only be called once, it is acceptable that this function is not
- *  thread-safe.
- */
-PKIX_Error *
-pkix_BuildParams_RegisterSelf(void *plContext)
-{
-
-        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
-        pkix_ClassTable_Entry entry;
-
-        PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_RegisterSelf");
-
-        entry.description = "BuildParams";
-        entry.objCounter = 0;
-        entry.typeObjectSize = sizeof(PKIX_BuildParams);
-        entry.destructor = pkix_BuildParams_Destroy;
-        entry.equalsFunction = pkix_BuildParams_Equals;
-        entry.hashcodeFunction = pkix_BuildParams_Hashcode;
-        entry.toStringFunction = pkix_BuildParams_ToString;
-        entry.comparator = NULL;
-        entry.duplicateFunction = NULL;
-
-        systemClasses[PKIX_BUILDPARAMS_TYPE] = entry;
-
-        PKIX_RETURN(BUILDPARAMS);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_BuildParams_Create (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_BuildParams_Create(
-        PKIX_ProcessingParams *procParams,
-        PKIX_BuildParams **pParams,
-        void *plContext)
-{
-        PKIX_BuildParams *params = NULL;
-
-        PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_Create");
-        PKIX_NULLCHECK_TWO(procParams, pParams);
-
-        PKIX_CHECK(PKIX_PL_Object_Alloc
-                    (PKIX_BUILDPARAMS_TYPE,
-                    sizeof (PKIX_BuildParams),
-                    (PKIX_PL_Object **)&params,
-                    plContext),
-                    PKIX_COULDNOTCREATEBUILDPARAMSOBJECT);
-
-        /* initialize fields */
-        PKIX_INCREF(procParams);
-        params->procParams = procParams;
-
-        *pParams = params;
-        params = NULL;
-
-cleanup:
-
-        PKIX_DECREF(params);
-
-        PKIX_RETURN(BUILDPARAMS);
-
-}
-
-/*
- * FUNCTION: PKIX_BuildParams_GetProcessingParams
- *      (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_BuildParams_GetProcessingParams(
-        PKIX_BuildParams *buildParams,
-        PKIX_ProcessingParams **pProcParams,
-        void *plContext)
-{
-        PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_GetProcessingParams");
-        PKIX_NULLCHECK_TWO(buildParams, pProcParams);
-
-        PKIX_INCREF(buildParams->procParams);
-
-        *pProcParams = buildParams->procParams;
-
-cleanup:
-        PKIX_RETURN(BUILDPARAMS);
-}
deleted file mode 100755
--- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * pkix_buildparams.h
- *
- * BuildParams Object Type Definition
- *
- */
-
-#ifndef _PKIX_BUILDPARAMS_H
-#define _PKIX_BUILDPARAMS_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_BuildParamsStruct {
-        PKIX_ProcessingParams *procParams;      /* Never NULL */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_BuildParams_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_BUILDPARAMS_H */
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -1044,11 +1044,12 @@ CERT_GetSubjectNameDigest;
 CERT_GetSubjectPublicKeyDigest;
 ;+    local:
 ;+       *;
 ;+};
 ;+NSS_3.16.1 { 	# NSS 3.16.1 release
 ;+    global:
 PK11_ExportDERPrivateKeyInfo;
 PK11_ExportPrivKeyInfo;
+SECMOD_InternaltoPubMechFlags;
 ;+    local:
 ;+       *;
 ;+};
--- a/security/nss/lib/pk11wrap/pk11akey.c
+++ b/security/nss/lib/pk11wrap/pk11akey.c
@@ -1893,17 +1893,17 @@ PK11_ExportEncryptedPrivateKeyInfo(
 	epki = PK11_ExportEncryptedPrivKeyInfo(slot, algTag, pwitem, pk, 
 	                                       iteration, wincx);
 	SECKEY_DestroyPrivateKey(pk);
     }
     return epki;
 }
 
 SECItem*
-PK11_DEREncodePublicKey(SECKEYPublicKey *pubk)
+PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk)
 {
     return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk);
 }
 
 char *
 PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey)
 {
     return PK11_GetObjectNickname(privKey->pkcs11Slot,privKey->pkcs11ID);
--- a/security/nss/lib/pk11wrap/pk11cxt.c
+++ b/security/nss/lib/pk11wrap/pk11cxt.c
@@ -749,16 +749,19 @@ PK11_CipherOp(PK11Context *context, unsi
  * execute a digest/signature operation
  */
 SECStatus
 PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen) 
 {
     CK_RV crv = CKR_OK;
     SECStatus rv = SECSuccess;
 
+    if (inLen == 0) {
+        return SECSuccess;
+    }
     if (!in) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     /* if we ran out of session, we need to restore our previously stored
      * state.
      */
--- a/security/nss/lib/pk11wrap/pk11pub.h
+++ b/security/nss/lib/pk11wrap/pk11pub.h
@@ -583,17 +583,17 @@ SECKEYPrivateKey *PK11_UnwrapPrivKey(PK1
 		void *wincx);
 SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
 			   SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
 			   SECItem *param, SECItem *wrappedKey, void *wincx);
 /*
  * The caller of PK11_DEREncodePublicKey should free the returned SECItem with
  * a SECITEM_FreeItem(..., PR_TRUE) call.
  */
-SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk);
+SECItem* PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk);
 PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey,
 	CK_MECHANISM_TYPE mech);
 SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot,
 						 char *nickname, void *wincx);
 SECKEYPublicKeyList* PK11_ListPublicKeysInSlot(PK11SlotInfo *slot,
 							char *nickname);
 SECKEYPQGParams *PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey);
 /* deprecated */
@@ -768,17 +768,17 @@ PK11_GetPBEIV(SECAlgorithmID *algid, SEC
  */
 CK_MECHANISM_TYPE
 PK11_GetPBECryptoMechanism(SECAlgorithmID *algid, 
 			   SECItem **param, SECItem *pwd);
 
 /**********************************************************************
  * Functions to manage secmod flags
  **********************************************************************/
-PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
+const PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
 SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
 				   const PK11DefaultArrayEntry *entry,
 				   PRBool add);
 
 /**********************************************************************
  * Functions to look at PKCS #11 dependent data
  **********************************************************************/
 PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot, 
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -2224,17 +2224,19 @@ PK11_PubDeriveWithKDF(SECKEYPrivateKey *
     case fortezzaKey:
     case dhKey:
 	return PK11_PubDerive(privKey, pubKey, isSender, randomA, randomB,
 		derive, target, operation, keySize, wincx);
     case ecKey:
 	return pk11_PubDeriveECKeyWithKDF( privKey, pubKey, isSender, 
 		randomA, randomB, derive, target, operation, keySize, 
 		kdf, sharedData, wincx);
-    default: break;
+    default:
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        break;
     }
 
     return NULL;
 }
 
 /*
  * this little function uses the Decrypt function to unwrap a key, just in
  * case we are having problem with unwrap. NOTE: The key size may
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -24,19 +24,20 @@
  * local static and global data
  *************************************************************/
 
 /*
  * This array helps parsing between names, mechanisms, and flags.
  * to make the config files understand more entries, add them
  * to this table.
  */
-PK11DefaultArrayEntry PK11_DefaultArray[] = {
+const PK11DefaultArrayEntry PK11_DefaultArray[] = {
 	{ "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
 	{ "DSA", SECMOD_DSA_FLAG, CKM_DSA },
+	{ "ECC", SECMOD_ECC_FLAG, CKM_ECDSA },
 	{ "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },
 	{ "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },
 	{ "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
 	{ "DES", SECMOD_DES_FLAG, CKM_DES_CBC },
 	{ "AES", SECMOD_AES_FLAG, CKM_AES_CBC },
 	{ "Camellia", SECMOD_CAMELLIA_FLAG, CKM_CAMELLIA_CBC },
 	{ "SEED", SECMOD_SEED_FLAG, CKM_SEED_CBC },
 	{ "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC },
@@ -51,17 +52,17 @@ PK11DefaultArrayEntry PK11_DefaultArray[
 	{ "TLS", SECMOD_TLS_FLAG, CKM_TLS_MASTER_KEY_DERIVE },
 	{ "SKIPJACK", SECMOD_FORTEZZA_FLAG, CKM_SKIPJACK_CBC64 },
 	{ "Publicly-readable certs", SECMOD_FRIENDLY_FLAG, CKM_INVALID_MECHANISM },
 	{ "Random Num Generator", SECMOD_RANDOM_FLAG, CKM_FAKE_RANDOM },
 };
 const int num_pk11_default_mechanisms = 
                 sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]);
 
-PK11DefaultArrayEntry *
+const PK11DefaultArrayEntry *
 PK11_GetDefaultArray(int *size)
 {
     if (size) {
 	*size = num_pk11_default_mechanisms;
     }
     return PK11_DefaultArray;
 }
 
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -22,18 +22,18 @@ static  SECMODModuleList *modulesDB = NU
 static  SECMODModuleList *modulesUnload = NULL;
 static  SECMODModule *internalModule = NULL;
 static  SECMODModule *defaultDBModule = NULL;
 static  SECMODModule *pendingModule = NULL;
 static SECMODListLock *moduleLock = NULL;
 
 int secmod_PrivateModuleCount = 0;
 
-extern PK11DefaultArrayEntry PK11_DefaultArray[];
-extern int num_pk11_default_mechanisms;
+extern const PK11DefaultArrayEntry PK11_DefaultArray[];
+extern const int num_pk11_default_mechanisms;
 
 
 void
 SECMOD_Init() 
 {
     /* don't initialize twice */
     if (moduleLock) return;
 
--- a/security/nss/lib/pk11wrap/secmod.h
+++ b/security/nss/lib/pk11wrap/secmod.h
@@ -23,16 +23,17 @@
 #define PUBLIC_MECH_MD2_FLAG         0x00000400ul
 #define PUBLIC_MECH_SSL_FLAG         0x00000800ul
 #define PUBLIC_MECH_TLS_FLAG         0x00001000ul
 #define PUBLIC_MECH_AES_FLAG         0x00002000ul
 #define PUBLIC_MECH_SHA256_FLAG      0x00004000ul
 #define PUBLIC_MECH_SHA512_FLAG      0x00008000ul
 #define PUBLIC_MECH_CAMELLIA_FLAG    0x00010000ul
 #define PUBLIC_MECH_SEED_FLAG        0x00020000ul
+#define PUBLIC_MECH_ECC_FLAG         0x00040000ul
 
 #define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
 #define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul
 #define PUBLIC_OWN_PW_DEFAULTS       0X20000000ul
 #define PUBLIC_DISABLE_FLAG          0x40000000ul
 
 /* warning: reserved means reserved */
 #define PUBLIC_MECH_RESERVED_FLAGS   0x87FF0000ul
@@ -133,16 +134,17 @@ PRBool SECMOD_IsModulePresent( unsigned 
 
 /* accessors */
 PRBool SECMOD_GetSkipFirstFlag(SECMODModule *mod);
 PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod);
 
 /* Functions used to convert between internal & public representation
  * of Mechanism Flags and Cipher Enable Flags */
 extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags);
+extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
 extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags);
 
 PRBool SECMOD_HasRemovableSlots(SECMODModule *mod);
 PK11SlotInfo *SECMOD_WaitForAnyTokenEvent(SECMODModule *mod, 
 				unsigned long flags, PRIntervalTime latency);
 /*
  * Warning: the SECMOD_CancelWait function is highly destructive, potentially 
  * finalizing  the module 'mod' (causing inprogress operations to fail, 
--- a/security/nss/lib/pk11wrap/secmodi.h
+++ b/security/nss/lib/pk11wrap/secmodi.h
@@ -45,17 +45,16 @@ extern SECMODModule *SECMOD_FindModuleBy
 extern SECMODModule *secmod_FindModuleByFuncPtr(void *funcPtr);
 
 /* database/memory management */
 extern SECMODModuleList *SECMOD_NewModuleListElement(void);
 extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *);
 extern void SECMOD_DestroyModuleList(SECMODModuleList *);
 extern SECStatus SECMOD_AddModule(SECMODModule *newModule);
 
-extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
 extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags);
 
 /* Library functions */
 SECStatus secmod_LoadPKCS11Module(SECMODModule *, SECMODModule **oldModule);
 SECStatus SECMOD_UnloadModule(SECMODModule *);
 void SECMOD_SetInternalModule(SECMODModule *);
 PRBool secmod_IsInternalKeySlot(SECMODModule *);
 void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val);
--- a/security/nss/lib/pk11wrap/secmodt.h
+++ b/security/nss/lib/pk11wrap/secmodt.h
@@ -122,22 +122,22 @@ typedef enum {
                                   */
      PK11CertListCA = 3,         /* get all instances of CA certs */
      PK11CertListCAUnique = 4,   /* get one instance of CA certs */
      PK11CertListUserUnique = 5, /* get one instance of user certs */
      PK11CertListAll = 6         /* get all instances of all certs */
 } PK11CertListType;
 
 /*
- * Entry into the Array which lists all the legal bits for the default flags
- * in the slot, their definition, and the PKCS #11 mechanism the represent
- * Always Statically allocated. 
+ * Entry into the array which lists all the legal bits for the default flags
+ * in the slot, their definition, and the PKCS #11 mechanism they represent.
+ * Always statically allocated. 
  */
 struct PK11DefaultArrayEntryStr {
-    char *name;
+    const char *name;